rsa: rsa_rsassa_pss_sign() to check MD alg both in parameters and RSA context

This helps fixing a disparity between the legacy and the USE_PSA case for rsa_sign_wrap() in pk_wrap.c. Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2025-03-09 19:14:02 +00:00 · 2024-02-26 13:52:34 +01:00 · 2024-02-26 13:52:34 +01:00 · e700d8086e
commit e700d8086e
parent f22eff99a6
2 changed files with 4 additions and 21 deletions
--- a/library/rsa.c
+++ b/library/rsa.c
@ -2231,7 +2231,7 @@ static int rsa_rsassa_pss_sign(mbedtls_rsa_context *ctx,
    if (ctx->padding != MBEDTLS_RSA_PKCS_V21) {
        return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
    }
-    if (ctx->hash_id == MBEDTLS_MD_NONE) {
+    if ((ctx->hash_id == MBEDTLS_MD_NONE) && (md_alg == MBEDTLS_MD_NONE)) {
        return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
    }
    return rsa_rsassa_pss_sign_no_mode_check(ctx, f_rng, p_rng, md_alg, hashlen, hash, saltlen,
--- a/tests/suites/test_suite_pk.function
+++ b/tests/suites/test_suite_pk.function
@ -2413,27 +2413,10 @@ void pk_copy_from_psa_success(data_t *priv_key_data, int key_type_arg,
     * - Verify from the same PK context used for signature.
     * - Verify with the PK context generated using public key.
     * - Verify using the public PSA key directly.
-     *
-     * Note: PSS requires the hash to be specified on sign operation (i.e. not
-     *       null or any), so in case PSA_ALG_ANY_HASH is provided as input, we
-     *       use mbedtls_pk_sign_ext() instead of mbedtls_pk_sign().
     */
-    if ((PSA_ALG_IS_RSA_OAEP(key_alg) || PSA_ALG_IS_RSA_PSS(key_alg)) &&
-        (!is_psa_hash_alg_specified)) {
-        /* Ensure pk_sign() fails without crashing. */
-        TEST_EQUAL(mbedtls_pk_sign(&pk_priv, md_for_test, in_buf, in_buf_len,
-                                   out_buf, sizeof(out_buf), &out_buf_len,
-                                   mbedtls_test_rnd_std_rand, NULL),
-                   MBEDTLS_ERR_RSA_BAD_INPUT_DATA);
-        TEST_EQUAL(mbedtls_pk_sign_ext(MBEDTLS_PK_RSASSA_PSS, &pk_priv, md_for_test,
-                                       in_buf, in_buf_len,
-                                       out_buf, sizeof(out_buf), &out_buf_len,
-                                       mbedtls_test_rnd_std_rand, NULL), 0);
-    } else {
-        TEST_EQUAL(mbedtls_pk_sign(&pk_priv, md_for_test, in_buf, in_buf_len,
-                                   out_buf, sizeof(out_buf), &out_buf_len,
-                                   mbedtls_test_rnd_std_rand, NULL), 0);
-    }
+    TEST_EQUAL(mbedtls_pk_sign(&pk_priv, md_for_test, in_buf, in_buf_len,
+                               out_buf, sizeof(out_buf), &out_buf_len,
+                               mbedtls_test_rnd_std_rand, NULL), 0);

    TEST_EQUAL(mbedtls_pk_verify(&pk_priv, md_for_test, in_buf, in_buf_len,
                                 out_buf, out_buf_len), 0);