1.4 KiB
Signature functions now require the hash length to match the expected value
This affects users of the PK API as well as users of the low-level API in the RSA module. Users of the PSA API or of the ECDSA module are unaffected.
All the functions in the RSA module that accept a hashlen parameter used to
ignore it unless the md_alg parameter was MBEDTLS_MD_NONE, indicating raw
data was signed. The hashlen parameter is now always the size that is read
from the hash input buffer. This length must be equal to the output size of
the hash algorithm used when signing a hash. (The requirements when signing
raw data are unchanged.) This affects the following functions:
mbedtls_rsa_pkcs1_sign,mbedtls_rsa_pkcs1_verifymbedtls_rsa_rsassa_pkcs1_v15_sign,mbedtls_rsa_rsassa_pkcs1_v15_verifymbedtls_rsa_rsassa_pss_sign,mbedtls_rsa_rsassa_pss_verifymbedtls_rsa_rsassa_pss_sign_ext,mbedtls_rsa_rsassa_pss_verify_ext
The signature functions in the PK module no longer accept 0 as the hash_len parameter. The hash_len parameter is now always the size that is read from the hash input buffer. This affects the following functions:
mbedtls_pk_sign,mbedtls_pk_verifymbedtls_pk_sign_restartable,mbedtls_pk_verify_restartablembedtls_pk_verify_ext
The migration path is to pass the correct value to those functions.