Merge pull request #7041 from gilles-peskine-arm/pk_ext-pss_options-public
Make the fields of mbedtls_pk_rsassa_pss_options public
This commit is contained in:
commit
928593f732
2 changed files with 22 additions and 2 deletions
4
ChangeLog.d/pk_ext-pss_options-public.txt
Normal file
4
ChangeLog.d/pk_ext-pss_options-public.txt
Normal file
|
@ -0,0 +1,4 @@
|
||||||
|
Bugfix
|
||||||
|
* Make the fields of mbedtls_pk_rsassa_pss_options public. This makes it
|
||||||
|
possible to verify RSA PSS signatures with the pk module, which was
|
||||||
|
inadvertently broken since Mbed TLS 3.0.
|
|
@ -98,8 +98,24 @@ typedef enum {
|
||||||
* See \c mbedtls_rsa_rsassa_pss_verify_ext()
|
* See \c mbedtls_rsa_rsassa_pss_verify_ext()
|
||||||
*/
|
*/
|
||||||
typedef struct mbedtls_pk_rsassa_pss_options {
|
typedef struct mbedtls_pk_rsassa_pss_options {
|
||||||
mbedtls_md_type_t MBEDTLS_PRIVATE(mgf1_hash_id);
|
/** The digest to use for MGF1 in PSS.
|
||||||
int MBEDTLS_PRIVATE(expected_salt_len);
|
*
|
||||||
|
* \note When #MBEDTLS_USE_PSA_CRYPTO is enabled and #MBEDTLS_RSA_C is
|
||||||
|
* disabled, this must be equal to the \c md_alg argument passed
|
||||||
|
* to mbedtls_pk_verify_ext(). In a future version of the library,
|
||||||
|
* this constraint may apply whenever #MBEDTLS_USE_PSA_CRYPTO is
|
||||||
|
* enabled regardless of the status of #MBEDTLS_RSA_C.
|
||||||
|
*/
|
||||||
|
mbedtls_md_type_t mgf1_hash_id;
|
||||||
|
|
||||||
|
/** The expected length of the salt, in bytes. This may be
|
||||||
|
* #MBEDTLS_RSA_SALT_LEN_ANY to accept any salt length.
|
||||||
|
*
|
||||||
|
* \note When #MBEDTLS_USE_PSA_CRYPTO is enabled, only
|
||||||
|
* #MBEDTLS_RSA_SALT_LEN_ANY is valid. Any other value may be
|
||||||
|
* ignored (allowing any salt length).
|
||||||
|
*/
|
||||||
|
int expected_salt_len;
|
||||||
|
|
||||||
} mbedtls_pk_rsassa_pss_options;
|
} mbedtls_pk_rsassa_pss_options;
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue