diff --git a/library/psa_crypto_rsa.c b/library/psa_crypto_rsa.c index f2e9a1c05..4363e913d 100644 --- a/library/psa_crypto_rsa.c +++ b/library/psa_crypto_rsa.c @@ -360,27 +360,19 @@ static psa_status_t psa_rsa_decode_md_type( psa_algorithm_t alg, return( PSA_ERROR_INVALID_ARGUMENT ); #endif -#if defined(BUILTIN_ALG_RSA_PKCS1V15_SIGN) - /* For PKCS#1 v1.5 signature, if using a hash, the hash length - * must be correct. */ - if( PSA_ALG_IS_RSA_PKCS1V15_SIGN( alg ) && - alg != PSA_ALG_RSA_PKCS1V15_SIGN_RAW ) + /* For signatures using a hash, the hash length must be correct. */ + if( alg != PSA_ALG_RSA_PKCS1V15_SIGN_RAW ) { if( md_info == NULL ) return( PSA_ERROR_NOT_SUPPORTED ); if( mbedtls_md_get_size( md_info ) != hash_length ) return( PSA_ERROR_INVALID_ARGUMENT ); } -#endif /* BUILTIN_ALG_RSA_PKCS1V15_SIGN */ - -#if defined(BUILTIN_ALG_RSA_PSS) - /* PSS requires a hash internally. */ - if( PSA_ALG_IS_RSA_PSS( alg ) ) + else { - if( md_info == NULL ) - return( PSA_ERROR_NOT_SUPPORTED ); + if( hash_alg != 0 ) + return( PSA_ERROR_INVALID_ARGUMENT ); } -#endif /* BUILTIN_ALG_RSA_PSS */ return( PSA_SUCCESS ); } @@ -516,7 +508,7 @@ static psa_status_t rsa_verify_hash( if( ret == 0 ) { ret = mbedtls_rsa_rsassa_pss_verify( rsa, - MBEDTLS_MD_NONE, + md_alg, (unsigned int) hash_length, hash, signature );