diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 26057644c..57551427b 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -2886,9 +2886,6 @@ static psa_status_t psa_sign_internal( mbedtls_svc_key_id_t key, return( PSA_ERROR_INVALID_ARGUMENT ); } } - /* Curently only hash-then-sign algorithms are supported. */ - else - return( PSA_ERROR_INVALID_ARGUMENT ); } /* Immediately reject a zero-length signature buffer. This guarantees @@ -2979,9 +2976,6 @@ static psa_status_t psa_verify_internal( mbedtls_svc_key_id_t key, return( PSA_ERROR_INVALID_ARGUMENT ); } } - /* Curently only hash-then-sign algorithms are supported. */ - else - return( PSA_ERROR_INVALID_ARGUMENT ); } status = psa_get_and_lock_key_slot_with_policy( @@ -3033,13 +3027,16 @@ psa_status_t psa_sign_message_internal( size_t hash_length; uint8_t hash[PSA_HASH_MAX_SIZE]; - status = psa_driver_wrapper_hash_compute( PSA_ALG_SIGN_GET_HASH( alg ), - input, input_length, - hash, sizeof( hash ), - &hash_length ); + if ( PSA_ALG_IS_HASH_AND_SIGN( alg ) ) + { + status = psa_driver_wrapper_hash_compute( + PSA_ALG_SIGN_GET_HASH( alg ), + input, input_length, + hash, sizeof( hash ), &hash_length ); - if( status != PSA_SUCCESS ) - return status; + if( status != PSA_SUCCESS ) + return status; + } return psa_sign_hash_internal( attributes, key_buffer, key_buffer_size, @@ -3074,13 +3071,16 @@ psa_status_t psa_verify_message_internal( size_t hash_length; uint8_t hash[PSA_HASH_MAX_SIZE]; - status = psa_driver_wrapper_hash_compute( PSA_ALG_SIGN_GET_HASH( alg ), - input, input_length, - hash, sizeof( hash ), - &hash_length ); + if ( PSA_ALG_IS_HASH_AND_SIGN( alg ) ) + { + status = psa_driver_wrapper_hash_compute( + PSA_ALG_SIGN_GET_HASH( alg ), + input, input_length, + hash, sizeof( hash ), &hash_length ); - if( status != PSA_SUCCESS ) - return status; + if( status != PSA_SUCCESS ) + return status; + } return psa_verify_hash_internal( attributes, key_buffer, key_buffer_size,