This affects users of the PK API as well as users of the low-level API in the RSA module. Users of the PSA API or of the ECDSA module are unaffected.
All the functions in the RSA module that accept a hashlen
parameter used to ignore it unless the md_alg
parameter was MBEDTLS_MD_NONE
, indicating raw data was signed. The hashlen
parameter is now always the size that is read from the hash
input buffer. This length must be equal to the output size of the hash algorithm used when signing a hash. (The requirements when signing raw data are unchanged.) This affects the following functions:
mbedtls_rsa_pkcs1_sign
, mbedtls_rsa_pkcs1_verify
mbedtls_rsa_rsassa_pkcs1_v15_sign
, mbedtls_rsa_rsassa_pkcs1_v15_verify
mbedtls_rsa_rsassa_pss_sign
, mbedtls_rsa_rsassa_pss_verify
mbedtls_rsa_rsassa_pss_sign_ext
, mbedtls_rsa_rsassa_pss_verify_ext
The signature functions in the PK module no longer accept 0 as the hash_len
parameter. The hash_len
parameter is now always the size that is read from the hash
input buffer. This affects the following functions:
mbedtls_pk_sign
, mbedtls_pk_verify
mbedtls_pk_sign_restartable
, mbedtls_pk_verify_restartable
mbedtls_pk_verify_ext
The migration path is to pass the correct value to those functions.