diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 39da74b489..36d48ad8f2 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -3577,6 +3577,11 @@ psa_status_t mbedtls_psa_sign_hash_start(
     required_hash_length = (hash_length < operation->coordinate_bytes ?
                             hash_length : operation->coordinate_bytes);
 
+    if (required_hash_length > sizeof(operation->hash)) {
+        /* Shouldn't happen, but better safe than sorry. */
+        return PSA_ERROR_CORRUPTION_DETECTED;
+    }
+
     memcpy(operation->hash, hash, required_hash_length);
     operation->hash_length = required_hash_length;
 
@@ -3812,6 +3817,11 @@ psa_status_t mbedtls_psa_verify_hash_start(
     required_hash_length = (hash_length < coordinate_bytes ? hash_length :
                             coordinate_bytes);
 
+    if (required_hash_length > sizeof(operation->hash)) {
+        /* Shouldn't happen, but better safe than sorry. */
+        return PSA_ERROR_CORRUPTION_DETECTED;
+    }
+
     memcpy(operation->hash, hash, required_hash_length);
     operation->hash_length = required_hash_length;