Removes f_rng parameter from mbedtls_rsa_pkcs1_verify
Commit removes f_rng parameter from
mbedtls_rsa_pkcs1_verify as a prerequisite
to removing the mode parameter. f_rng no
longer has relevance in this function if
mode is removed.
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h
index 103d691..f4e7d96 100644
--- a/include/mbedtls/rsa.h
+++ b/include/mbedtls/rsa.h
@@ -989,9 +989,6 @@
* return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED.
*
* \param ctx The initialized RSA public key context to use.
- * \param f_rng The RNG function to use. If \p mode is #MBEDTLS_RSA_PRIVATE,
- * this is used for blinding and should be provided; see
- * mbedtls_rsa_private() for more. Otherwise, it is ignored.
* \param p_rng The RNG context to be passed to \p f_rng. This may be
* \c NULL if \p f_rng is \c NULL or doesn't need a context.
* \param mode The mode of operation. This must be either
@@ -1013,7 +1010,6 @@
* \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
*/
int mbedtls_rsa_pkcs1_verify( mbedtls_rsa_context *ctx,
- int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng,
int mode,
mbedtls_md_type_t md_alg,
diff --git a/library/pk_wrap.c b/library/pk_wrap.c
index 9f4c187..fbcfdb1 100644
--- a/library/pk_wrap.c
+++ b/library/pk_wrap.c
@@ -90,7 +90,7 @@
if( sig_len < rsa_len )
return( MBEDTLS_ERR_RSA_VERIFY_FAILED );
- if( ( ret = mbedtls_rsa_pkcs1_verify( rsa, NULL, NULL,
+ if( ( ret = mbedtls_rsa_pkcs1_verify( rsa, NULL,
MBEDTLS_RSA_PUBLIC, md_alg,
(unsigned int) hash_len, hash, sig ) ) != 0 )
return( ret );
diff --git a/library/psa_crypto_rsa.c b/library/psa_crypto_rsa.c
index 4f41596..1ab57c6 100644
--- a/library/psa_crypto_rsa.c
+++ b/library/psa_crypto_rsa.c
@@ -490,7 +490,6 @@
mbedtls_rsa_set_padding( rsa, MBEDTLS_RSA_PKCS_V15,
MBEDTLS_MD_NONE );
ret = mbedtls_rsa_pkcs1_verify( rsa,
- mbedtls_psa_get_random,
MBEDTLS_PSA_RANDOM_STATE,
MBEDTLS_RSA_PUBLIC,
md_alg,
diff --git a/library/rsa.c b/library/rsa.c
index b241b8f..7545a79 100644
--- a/library/rsa.c
+++ b/library/rsa.c
@@ -2414,7 +2414,6 @@
* Do an RSA operation and check the message digest
*/
int mbedtls_rsa_pkcs1_verify( mbedtls_rsa_context *ctx,
- int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng,
int mode,
mbedtls_md_type_t md_alg,
@@ -2434,13 +2433,13 @@
{
#if defined(MBEDTLS_PKCS1_V15)
case MBEDTLS_RSA_PKCS_V15:
- return mbedtls_rsa_rsassa_pkcs1_v15_verify( ctx, f_rng, p_rng, mode, md_alg,
+ return mbedtls_rsa_rsassa_pkcs1_v15_verify( ctx, NULL, p_rng, mode, md_alg,
hashlen, hash, sig );
#endif
#if defined(MBEDTLS_PKCS1_V21)
case MBEDTLS_RSA_PKCS_V21:
- return mbedtls_rsa_rsassa_pss_verify( ctx, f_rng, p_rng, mode, md_alg,
+ return mbedtls_rsa_rsassa_pss_verify( ctx, NULL, p_rng, mode, md_alg,
hashlen, hash, sig );
#endif
@@ -2707,7 +2706,7 @@
if( verbose != 0 )
mbedtls_printf( "passed\n PKCS#1 sig. verify: " );
- if( mbedtls_rsa_pkcs1_verify( &rsa, NULL, NULL,
+ if( mbedtls_rsa_pkcs1_verify( &rsa, NULL,
MBEDTLS_RSA_PUBLIC, MBEDTLS_MD_SHA1, 0,
sha1sum, rsa_ciphertext ) != 0 )
{
diff --git a/programs/pkey/dh_client.c b/programs/pkey/dh_client.c
index d6e4990..eb21566 100644
--- a/programs/pkey/dh_client.c
+++ b/programs/pkey/dh_client.c
@@ -220,7 +220,7 @@
goto exit;
}
- if( ( ret = mbedtls_rsa_pkcs1_verify( &rsa, NULL, NULL, MBEDTLS_RSA_PUBLIC,
+ if( ( ret = mbedtls_rsa_pkcs1_verify( &rsa, NULL, MBEDTLS_RSA_PUBLIC,
MBEDTLS_MD_SHA256, 0, hash, p ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_rsa_pkcs1_verify returned %d\n\n", ret );
diff --git a/programs/pkey/rsa_verify.c b/programs/pkey/rsa_verify.c
index fbc0779..60e1377 100644
--- a/programs/pkey/rsa_verify.c
+++ b/programs/pkey/rsa_verify.c
@@ -140,7 +140,7 @@
goto exit;
}
- if( ( ret = mbedtls_rsa_pkcs1_verify( &rsa, NULL, NULL, MBEDTLS_RSA_PUBLIC,
+ if( ( ret = mbedtls_rsa_pkcs1_verify( &rsa, NULL, MBEDTLS_RSA_PUBLIC,
MBEDTLS_MD_SHA256, 20, hash, buf ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_rsa_pkcs1_verify returned -0x%0x\n\n", (unsigned int) -ret );
diff --git a/tests/suites/test_suite_pkcs1_v15.function b/tests/suites/test_suite_pkcs1_v15.function
index 0c2547d..8360428 100644
--- a/tests/suites/test_suite_pkcs1_v15.function
+++ b/tests/suites/test_suite_pkcs1_v15.function
@@ -334,7 +334,7 @@
if( mbedtls_md_info_from_type( digest ) != NULL )
TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str->x, message_str->len, hash_result ) == 0 );
- TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, NULL, NULL, MBEDTLS_RSA_PUBLIC, digest, 0, hash_result, result_str->x ) == result );
+ TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, NULL, MBEDTLS_RSA_PUBLIC, digest, 0, hash_result, result_str->x ) == result );
exit:
mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E );
diff --git a/tests/suites/test_suite_pkcs1_v21.function b/tests/suites/test_suite_pkcs1_v21.function
index e64f222..f291a5f 100644
--- a/tests/suites/test_suite_pkcs1_v21.function
+++ b/tests/suites/test_suite_pkcs1_v21.function
@@ -199,7 +199,7 @@
if( mbedtls_md_info_from_type( digest ) != NULL )
TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str->x, message_str->len, hash_result ) == 0 );
- TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, NULL, NULL, MBEDTLS_RSA_PUBLIC, digest, 0, hash_result, result_str->x ) == result );
+ TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, NULL, MBEDTLS_RSA_PUBLIC, digest, 0, hash_result, result_str->x ) == result );
exit:
mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E );
@@ -244,7 +244,7 @@
hash_len = message_str->len;
}
- TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, NULL, NULL, MBEDTLS_RSA_PUBLIC,
+ TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, NULL, MBEDTLS_RSA_PUBLIC,
msg_digest_id, hash_len, hash_result,
result_str->x ) == result_simple );
diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function
index 96a8cbf..873ce8a 100644
--- a/tests/suites/test_suite_rsa.function
+++ b/tests/suites/test_suite_rsa.function
@@ -280,22 +280,22 @@
buf ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_pkcs1_verify( NULL, NULL, NULL,
+ mbedtls_rsa_pkcs1_verify( NULL, NULL,
MBEDTLS_RSA_PUBLIC,
0, sizeof( buf ), buf,
buf ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_pkcs1_verify( &ctx, NULL, NULL,
+ mbedtls_rsa_pkcs1_verify( &ctx, NULL,
MBEDTLS_RSA_PUBLIC,
0, sizeof( buf ), NULL,
buf ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_pkcs1_verify( &ctx, NULL, NULL,
+ mbedtls_rsa_pkcs1_verify( &ctx, NULL,
MBEDTLS_RSA_PUBLIC,
0, sizeof( buf ), buf,
NULL ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_pkcs1_verify( &ctx, NULL, NULL,
+ mbedtls_rsa_pkcs1_verify( &ctx, NULL,
MBEDTLS_RSA_PUBLIC,
MBEDTLS_MD_SHA1, 0, NULL,
buf ) );
@@ -485,7 +485,7 @@
if( mbedtls_md_info_from_type( digest ) != NULL )
TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str->x, message_str->len, hash_result ) == 0 );
- TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, NULL, NULL, MBEDTLS_RSA_PUBLIC, digest, 0, hash_result, result_str->x ) == result );
+ TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, NULL, MBEDTLS_RSA_PUBLIC, digest, 0, hash_result, result_str->x ) == result );
exit:
mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E );
@@ -564,7 +564,7 @@
TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 );
- TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, NULL, NULL, MBEDTLS_RSA_PUBLIC, MBEDTLS_MD_NONE, hash_result->len, hash_result->x, result_str->x ) == correct );
+ TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, NULL, MBEDTLS_RSA_PUBLIC, MBEDTLS_MD_NONE, hash_result->len, hash_result->x, result_str->x ) == correct );
exit:
mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E );