This affects users of the PK API as well as users of the low-level API in the RSA module. Users of the PSA API or of the ECDSA module are unaffected.
All the functions in the RSA module that accept a hashlen parameter used to ignore it unless the md_alg parameter was MBEDTLS_MD_NONE, indicating raw data was signed. The hashlen parameter is now always the size that is read from the hash input buffer. This length must be equal to the output size of the hash algorithm used when signing a hash. (The requirements when signing raw data are unchanged.) This affects the following functions:
mbedtls_rsa_pkcs1_sign, mbedtls_rsa_pkcs1_verifymbedtls_rsa_rsassa_pkcs1_v15_sign, mbedtls_rsa_rsassa_pkcs1_v15_verifymbedtls_rsa_rsassa_pss_sign, mbedtls_rsa_rsassa_pss_verifymbedtls_rsa_rsassa_pss_sign_ext, mbedtls_rsa_rsassa_pss_verify_extThe signature functions in the PK module no longer accept 0 as the hash_len parameter. The hash_len parameter is now always the size that is read from the hash input buffer. This affects the following functions:
mbedtls_pk_sign, mbedtls_pk_verifymbedtls_pk_sign_restartable, mbedtls_pk_verify_restartablembedtls_pk_verify_extThe migration path is to pass the correct value to those functions.