fix(mbedtls): sign verification issue with invalid Key/Signature

When the verify_signature function is called with the RSASSA_PSS
signature algorithm and a somewhat well-formed public key, invalid
signatures can be incorrectly verified due to this change [1].
This is primarily because of the introduction of the following code,
where a return check is missing before the goto:

  if (pk_alg == MBEDTLS_PK_RSASSA_PSS) {
     rc = pk_bytes_from_subpubkey((unsigned char **) &pk_ptr, &pk_len);
     goto end2;
  }

This code executes before the call to psa_verify_message. The
unconditional goto end2; branch leads to the immediate return of rc.
If the call to pk_bytes_from_subpubkey succeeds (i.e., the key is
formatted correctly), the signature is verified regardless of its
actual content.

This change [1] was included in the v2.11 release. Therefore, anyone
using this release with the PSA Crypto implementation must apply
this patch to ensure proper signature verification.

[1]: https://review.trustedfirmware.org/plugins/gitiles/TF-A/
trusted-firmware-a/+/55aed7d798f3d48d6aa08d58eb46c4cda318bcfb/drivers/
auth/mbedtls/mbedtls_psa_crypto.c#447

Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Reported-by: Ryan Everett <ryan.everett@arm.com>
Change-Id: Ib484d97a04b7a82dd72592c8b5b153d577d01fc9

drivers/auth/mbedtls/mbedtls_psa_crypto.c

@@ -446,7 +446,9 @@ TF_MBEDTLS_KEY_ALG_ID == TF_MBEDTLS_RSA_AND_ECDSA
 	 */
 	if (pk_alg == MBEDTLS_PK_RSASSA_PSS) {
 		rc = pk_bytes_from_subpubkey((unsigned char **) &pk_ptr, &pk_len);
-		goto end2;
+		if (rc != 0) {
+			goto end2;
+		}
 	}
 
 	/* Get the key_id using import API */