diff options
| author | danh-arm <dan.handley@arm.com> | 2017-06-05 14:45:10 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2017-06-05 14:45:10 +0100 |
| commit | 47fd7cb0ac6ece95f2107d6949c8f53fd46e79f0 (patch) | |
| tree | 3667f11a0d0c0b79bc242f42245da05c5e301891 /drivers | |
| parent | b32e6b2b35cef4caa7625db6789ecf2d10a5ec8f (diff) | |
| parent | 1f33ad4e9f86f2d72eb9640a834708e1a13496db (diff) | |
Merge pull request #964 from soby-mathew/sm/rsapss_sup
Add support for RSASSAPSS algorithm
Diffstat (limited to 'drivers')
| -rw-r--r-- | drivers/auth/mbedtls/mbedtls_common.c | 2 | ||||
| -rw-r--r-- | drivers/auth/mbedtls/mbedtls_crypto.c | 19 |
2 files changed, 12 insertions, 9 deletions
diff --git a/drivers/auth/mbedtls/mbedtls_common.c b/drivers/auth/mbedtls/mbedtls_common.c index 336e44be..3799d418 100644 --- a/drivers/auth/mbedtls/mbedtls_common.c +++ b/drivers/auth/mbedtls/mbedtls_common.c @@ -16,7 +16,7 @@ #if (TF_MBEDTLS_KEY_ALG_ID == TF_MBEDTLS_ECDSA) #define MBEDTLS_HEAP_SIZE (14*1024) #elif (TF_MBEDTLS_KEY_ALG_ID == TF_MBEDTLS_RSA) -#define MBEDTLS_HEAP_SIZE (6*1024) +#define MBEDTLS_HEAP_SIZE (7*1024) #endif static unsigned char heap[MBEDTLS_HEAP_SIZE]; diff --git a/drivers/auth/mbedtls/mbedtls_crypto.c b/drivers/auth/mbedtls/mbedtls_crypto.c index 2c151487..b157a32e 100644 --- a/drivers/auth/mbedtls/mbedtls_crypto.c +++ b/drivers/auth/mbedtls/mbedtls_crypto.c @@ -60,7 +60,7 @@ static int verify_signature(void *data_ptr, unsigned int data_len, mbedtls_asn1_buf signature; mbedtls_md_type_t md_alg; mbedtls_pk_type_t pk_alg; - mbedtls_pk_context pk; + mbedtls_pk_context pk = {0}; int rc; void *sig_opts = NULL; const mbedtls_md_info_t *md_info; @@ -76,7 +76,7 @@ static int verify_signature(void *data_ptr, unsigned int data_len, } /* Get the actual signature algorithm (MD + PK) */ - rc = mbedtls_oid_get_sig_alg(&sig_oid, &md_alg, &pk_alg); + rc = mbedtls_x509_get_sig_alg(&sig_oid, &sig_params, &md_alg, &pk_alg, &sig_opts); if (rc != 0) { return CRYPTO_ERR_SIGNATURE; } @@ -87,7 +87,8 @@ static int verify_signature(void *data_ptr, unsigned int data_len, end = (unsigned char *)(p + pk_len); rc = mbedtls_pk_parse_subpubkey(&p, end, &pk); if (rc != 0) { - return CRYPTO_ERR_SIGNATURE; + rc = CRYPTO_ERR_SIGNATURE; + goto end2; } /* Get the signature (bitstring) */ @@ -97,7 +98,7 @@ static int verify_signature(void *data_ptr, unsigned int data_len, rc = mbedtls_asn1_get_bitstring_null(&p, end, &signature.len); if (rc != 0) { rc = CRYPTO_ERR_SIGNATURE; - goto end; + goto end1; } signature.p = p; @@ -105,13 +106,13 @@ static int verify_signature(void *data_ptr, unsigned int data_len, md_info = mbedtls_md_info_from_type(md_alg); if (md_info == NULL) { rc = CRYPTO_ERR_SIGNATURE; - goto end; + goto end1; } p = (unsigned char *)data_ptr; rc = mbedtls_md(md_info, p, data_len, hash); if (rc != 0) { rc = CRYPTO_ERR_SIGNATURE; - goto end; + goto end1; } /* Verify the signature */ @@ -120,14 +121,16 @@ static int verify_signature(void *data_ptr, unsigned int data_len, signature.p, signature.len); if (rc != 0) { rc = CRYPTO_ERR_SIGNATURE; - goto end; + goto end1; } /* Signature verification success */ rc = CRYPTO_SUCCESS; -end: +end1: mbedtls_pk_free(&pk); +end2: + mbedtls_free(sig_opts); return rc; } |