fix(mbedtls/port): Check signature hash length before using ECDSA hardware

This commit is contained in:
harshal.patil 2024-09-05 12:17:17 +05:30
parent a693c960d6
commit f648fca1b9
No known key found for this signature in database
GPG Key ID: 5B5EC97C35B9A2E5

View File

@ -438,7 +438,7 @@ int __wrap_mbedtls_ecdsa_verify(mbedtls_ecp_group *grp,
const mbedtls_mpi *r, const mbedtls_mpi *r,
const mbedtls_mpi *s) const mbedtls_mpi *s)
{ {
if (grp->id == MBEDTLS_ECP_DP_SECP192R1 || grp->id == MBEDTLS_ECP_DP_SECP256R1) { if ((grp->id == MBEDTLS_ECP_DP_SECP192R1 || grp->id == MBEDTLS_ECP_DP_SECP256R1) && blen == ECDSA_SHA_LEN) {
return esp_ecdsa_verify(grp, buf, blen, Q, r, s); return esp_ecdsa_verify(grp, buf, blen, Q, r, s);
} else { } else {
return __real_mbedtls_ecdsa_verify(grp, buf, blen, Q, r, s); return __real_mbedtls_ecdsa_verify(grp, buf, blen, Q, r, s);