yuzu-emu/mbedtls
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

tls13: Do not impose minimum hash size for RSA PSS signatures

Browse source 
When providing proof of possession of
an RSA private key, allow the usage for RSA
PSS signatures of a hash with a security
level lower that the security level of the
RSA private key.

We did not allow this in the first place to
align with the ECDSA case. But as it is not
mandated by the TLS 1.3 specification (in
contrary to ECDSA), let's allow it.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
This commit is contained in:
Ronald Cron 2022-09-16 11:19:27 +02:00
parent 67ea2543ed
commit 38391bf9b6
1 changed files with 2 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
library/ssl_tls13_generic.c
View file

@ -906,12 +906,8 @@ int mbedtls_ssl_tls13_check_sig_alg_cert_key_match( uint16_t sig_alg,
case MBEDTLS_SSL_SIG_RSA:
switch( sig_alg )
{
case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256:
return( key_size <= 3072 );
case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA384:
return( key_size <= 7680 );
case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256: /* Intentional fallthrough */
case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA384: /* Intentional fallthrough */
case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA512:
return( 1 );