nrf_security: drivers: cc3xx: remove hash alg/len validation

tomi-font · tomi-font · commit 5bc8fb471da4 · 2026-05-21T14:41:34.000+03:00
From the verify_hash() function.
Otherwise TLS tests would fail because of this.

This relates to sdk-mbedtls commit
5ca712905aac158b310144d9e09fdfb66bd4a4a5 which has now been discarded.

Signed-off-by: Tomi Fontanilles &lt;tomi.fontanilles@nordicsemi.no&gt;
diff --git a/subsys/nrf_security/src/drivers/nrf_cc3xx/public_cc3xx_psa_asymmetric_signature.c b/subsys/nrf_security/src/drivers/nrf_cc3xx/public_cc3xx_psa_asymmetric_signature.c
@@ -61,11 +61,6 @@ psa_status_t cc3xx_verify_hash(const psa_key_attributes_t *attributes, const uin
 			       size_t hash_length, const uint8_t *signature,
 			       size_t signature_length)
 {
-	if (alg != PSA_ALG_RSA_PKCS1V15_SIGN_RAW &&
-	    hash_length != PSA_HASH_LENGTH(PSA_ALG_SIGN_GET_HASH(alg))) {
-		return PSA_ERROR_INVALID_ARGUMENT;
-	}
-
 	if (!PSA_KEY_TYPE_IS_ASYMMETRIC(psa_get_key_type(attributes))) {
 		return PSA_ERROR_NOT_SUPPORTED;
 	}

Original file line number	Diff line number	Diff line change
`@@ -61,11 +61,6 @@ psa_status_t cc3xx_verify_hash(const psa_key_attributes_t *attributes, const uin`
`61`	`61`	`size_t hash_length, const uint8_t *signature,`
`62`	`62`	`size_t signature_length)`
`63`	`63`	`{`
`64`		`- if (alg != PSA_ALG_RSA_PKCS1V15_SIGN_RAW &&`
`65`		`- hash_length != PSA_HASH_LENGTH(PSA_ALG_SIGN_GET_HASH(alg))) {`
`66`		`- return PSA_ERROR_INVALID_ARGUMENT;`
`67`		`- }`
`68`		`-`
`69`	`64`	`if (!PSA_KEY_TYPE_IS_ASYMMETRIC(psa_get_key_type(attributes))) {`
`70`	`65`	`return PSA_ERROR_NOT_SUPPORTED;`
`71`	`66`	`}`