From e700d8086e9ee8a7f3bd5dcf1fb4e9dd386672b3 Mon Sep 17 00:00:00 2001
From: Valerio Setti <valerio.setti@nordicsemi.no>
Date: Mon, 26 Feb 2024 13:52:34 +0100
Subject: [PATCH] rsa: rsa_rsassa_pss_sign() to check MD alg both in parameters
 and RSA context

This helps fixing a disparity between the legacy and the USE_PSA
case for rsa_sign_wrap() in pk_wrap.c.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
---
 library/rsa.c                       |  2 +-
 tests/suites/test_suite_pk.function | 23 +++--------------------
 2 files changed, 4 insertions(+), 21 deletions(-)

diff --git a/library/rsa.c b/library/rsa.c
index 5debc69b3..7eb4a259e 100644
--- a/library/rsa.c
+++ b/library/rsa.c
@@ -2231,7 +2231,7 @@ static int rsa_rsassa_pss_sign(mbedtls_rsa_context *ctx,
     if (ctx->padding != MBEDTLS_RSA_PKCS_V21) {
         return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
     }
-    if (ctx->hash_id == MBEDTLS_MD_NONE) {
+    if ((ctx->hash_id == MBEDTLS_MD_NONE) && (md_alg == MBEDTLS_MD_NONE)) {
         return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
     }
     return rsa_rsassa_pss_sign_no_mode_check(ctx, f_rng, p_rng, md_alg, hashlen, hash, saltlen,
diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function
index ad26caaea..9112397d3 100644
--- a/tests/suites/test_suite_pk.function
+++ b/tests/suites/test_suite_pk.function
@@ -2413,27 +2413,10 @@ void pk_copy_from_psa_success(data_t *priv_key_data, int key_type_arg,
      * - Verify from the same PK context used for signature.
      * - Verify with the PK context generated using public key.
      * - Verify using the public PSA key directly.
-     *
-     * Note: PSS requires the hash to be specified on sign operation (i.e. not
-     *       null or any), so in case PSA_ALG_ANY_HASH is provided as input, we
-     *       use mbedtls_pk_sign_ext() instead of mbedtls_pk_sign().
      */
-    if ((PSA_ALG_IS_RSA_OAEP(key_alg) || PSA_ALG_IS_RSA_PSS(key_alg)) &&
-        (!is_psa_hash_alg_specified)) {
-        /* Ensure pk_sign() fails without crashing. */
-        TEST_EQUAL(mbedtls_pk_sign(&pk_priv, md_for_test, in_buf, in_buf_len,
-                                   out_buf, sizeof(out_buf), &out_buf_len,
-                                   mbedtls_test_rnd_std_rand, NULL),
-                   MBEDTLS_ERR_RSA_BAD_INPUT_DATA);
-        TEST_EQUAL(mbedtls_pk_sign_ext(MBEDTLS_PK_RSASSA_PSS, &pk_priv, md_for_test,
-                                       in_buf, in_buf_len,
-                                       out_buf, sizeof(out_buf), &out_buf_len,
-                                       mbedtls_test_rnd_std_rand, NULL), 0);
-    } else {
-        TEST_EQUAL(mbedtls_pk_sign(&pk_priv, md_for_test, in_buf, in_buf_len,
-                                   out_buf, sizeof(out_buf), &out_buf_len,
-                                   mbedtls_test_rnd_std_rand, NULL), 0);
-    }
+    TEST_EQUAL(mbedtls_pk_sign(&pk_priv, md_for_test, in_buf, in_buf_len,
+                               out_buf, sizeof(out_buf), &out_buf_len,
+                               mbedtls_test_rnd_std_rand, NULL), 0);
 
     TEST_EQUAL(mbedtls_pk_verify(&pk_priv, md_for_test, in_buf, in_buf_len,
                                  out_buf, out_buf_len), 0);