mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-04-24 06:02:44 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Update PSA specific comment in pk_rsa_verify_ext_test_vec()

Browse Source 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
This commit is contained in:
Neil Armstrong 2022-04-25 14:38:18 +02:00
parent 882e02ea7a
commit 1c9eb722fd
1 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
tests/suites/test_suite_pk.function
View File

@ -534,14 +534,14 @@ void pk_rsa_verify_ext_test_vec( data_t * message_str, int digest,
#if defined(MBEDTLS_USE_PSA_CRYPTO) #if defined(MBEDTLS_USE_PSA_CRYPTO)
if( result == MBEDTLS_ERR_RSA_INVALID_PADDING ) if( result == MBEDTLS_ERR_RSA_INVALID_PADDING )
{ {
/* mbedtls_pk_verify_ext() may return MBEDTLS_ERR_RSA_INVALID_PADDING /* Mbed TLS distinguishes "invalid padding" from "valid padding but
* error depending on which path was taken.
* If the PSA path is used, it won't because Mbed TLS
* distinguishes "invalid padding" from "valid padding but
* the rest of the signature is invalid". This has little use in * the rest of the signature is invalid". This has little use in
* practice and PSA doesn't report this distinction. * practice and PSA doesn't report this distinction.
* In this case, PSA returns PSA_ERROR_INVALID_SIGNATURE translated * In this case, PSA returns PSA_ERROR_INVALID_SIGNATURE translated
* to MBEDTLS_ERR_RSA_VERIFY_FAILED * to MBEDTLS_ERR_RSA_VERIFY_FAILED.
* However, currently `mbedtls_pk_verify_ext()` may use either the
* PSA or the Mbed TLS API, depending on the PSS options used.
* So, it may return either INVALID_PADDING or INVALID_SIGNATURE.
*/ */
TEST_ASSERT( ret == result || ret == MBEDTLS_ERR_RSA_VERIFY_FAILED ); TEST_ASSERT( ret == result || ret == MBEDTLS_ERR_RSA_VERIFY_FAILED );
} }