From 13e76be02bf41869165b550e20d9d590e13c2323 Mon Sep 17 00:00:00 2001
From: Neil Armstrong <narmstrong@baylibre.com>
Date: Thu, 21 Apr 2022 12:08:52 +0200
Subject: [PATCH] Reorganize & simplify mbedtls_pk_sign_ext() handling of
 wrapped RSA-PSS

Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
---
 library/pk.c | 40 +++++++++++++---------------------------
 1 file changed, 13 insertions(+), 27 deletions(-)

diff --git a/library/pk.c b/library/pk.c
index 5f8cbc2a4f..bba2ef7c53 100644
--- a/library/pk.c
+++ b/library/pk.c
@@ -545,42 +545,28 @@ int mbedtls_pk_sign_ext( mbedtls_pk_type_t pk_type,
     if( ! mbedtls_pk_can_do( ctx, pk_type ) )
         return( MBEDTLS_ERR_PK_TYPE_MISMATCH );
 
-    if( pk_type == MBEDTLS_PK_RSASSA_PSS &&
-        mbedtls_pk_get_type( ctx ) == MBEDTLS_PK_OPAQUE )
-    {
-#if defined(MBEDTLS_RSA_C)
-        const mbedtls_svc_key_id_t *key = (const mbedtls_svc_key_id_t *) ctx->pk_ctx;
-        psa_status_t status;
-
-        /* PSA has its own RNG */
-        (void) f_rng;
-        (void) p_rng;
-
-        psa_md_alg = mbedtls_psa_translate_md( md_alg );
-        if( psa_md_alg == 0 )
-            return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
-
-        status = psa_sign_hash( *key, PSA_ALG_RSA_PSS( psa_md_alg ),
-                                hash, hash_len,
-                                sig, sig_size, sig_len );
-        if( status != PSA_SUCCESS )
-            return( mbedtls_pk_error_from_psa_rsa( status ) );
-
-        return 0;
-#else
-        return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );
-#endif /* MBEDTLS_RSA_C */
-    }
-
     if( pk_type != MBEDTLS_PK_RSASSA_PSS )
     {
         return( mbedtls_pk_sign( ctx, md_alg, hash, hash_len,
                                  sig, sig_size, sig_len, f_rng, p_rng ) );
     }
+
 #if defined(MBEDTLS_RSA_C)
     psa_md_alg = mbedtls_psa_translate_md( md_alg );
     if( psa_md_alg == 0 )
         return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
+
+    if( mbedtls_pk_get_type( ctx ) == MBEDTLS_PK_OPAQUE )
+    {
+        const mbedtls_svc_key_id_t *key = (const mbedtls_svc_key_id_t *) ctx->pk_ctx;
+        psa_status_t status;
+
+        status = psa_sign_hash( *key, PSA_ALG_RSA_PSS( psa_md_alg ),
+                                hash, hash_len,
+                                sig, sig_size, sig_len );
+        return( mbedtls_pk_error_from_psa_rsa( status ) );
+    }
+
     return( mbedtls_pk_psa_rsa_sign_ext( PSA_ALG_RSA_PSS( psa_md_alg ),
                                          ctx->pk_ctx, hash, hash_len,
                                          sig, sig_size, sig_len ) );