| Manuel Pégourié-Gonnard | e7885e5 | 2021-06-22 12:29:27 +0200 | [diff] [blame^] | 1 | RSA signature functions now require `hashlen` to match the expected value |
| 2 | ------------------------------------------------------------------------- |
| 3 | |
| 4 | This only affects users of the low-level RSA API; users of the high-level PK |
| 5 | API or of the PSA Crypto API are not affected. |
| 6 | |
| 7 | All the functions in the RSA module that accept a `hashlen` parameter used to |
| 8 | ignore it unless the `md_alg` parameter was `MBEDTLS_MD_NONE`, indicating raw |
| 9 | data was signed. They now require this parameter's value to be equal to the |
| 10 | output size of the hash algorithm used when signing a hash. (The requirements |
| 11 | when signing raw data are unchanged.) |
| 12 | |
| 13 | The migration path is to pass the correct value to those functions. |