fix(mbedtls/port): Check signature hash length before using ECDSA hardware

This commit is contained in:
harshal.patil 2024-09-05 12:17:17 +05:30
parent 95e16f6a72
commit a14ed03c11
No known key found for this signature in database
GPG Key ID: 5B5EC97C35B9A2E5

View File

@ -548,7 +548,7 @@ int __wrap_mbedtls_ecdsa_verify(mbedtls_ecp_group *grp,
const mbedtls_mpi *r, const mbedtls_mpi *r,
const mbedtls_mpi *s) const mbedtls_mpi *s)
{ {
if (grp->id == MBEDTLS_ECP_DP_SECP192R1 || grp->id == MBEDTLS_ECP_DP_SECP256R1) { if ((grp->id == MBEDTLS_ECP_DP_SECP192R1 || grp->id == MBEDTLS_ECP_DP_SECP256R1) && blen == ECDSA_SHA_LEN) {
return esp_ecdsa_verify(grp, buf, blen, Q, r, s); return esp_ecdsa_verify(grp, buf, blen, Q, r, s);
} else { } else {
return __real_mbedtls_ecdsa_verify(grp, buf, blen, Q, r, s); return __real_mbedtls_ecdsa_verify(grp, buf, blen, Q, r, s);