diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 39da74b489..36d48ad8f2 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -3577,6 +3577,11 @@ psa_status_t mbedtls_psa_sign_hash_start( required_hash_length = (hash_length < operation->coordinate_bytes ? hash_length : operation->coordinate_bytes); + if (required_hash_length > sizeof(operation->hash)) { + /* Shouldn't happen, but better safe than sorry. */ + return PSA_ERROR_CORRUPTION_DETECTED; + } + memcpy(operation->hash, hash, required_hash_length); operation->hash_length = required_hash_length; @@ -3812,6 +3817,11 @@ psa_status_t mbedtls_psa_verify_hash_start( required_hash_length = (hash_length < coordinate_bytes ? hash_length : coordinate_bytes); + if (required_hash_length > sizeof(operation->hash)) { + /* Shouldn't happen, but better safe than sorry. */ + return PSA_ERROR_CORRUPTION_DETECTED; + } + memcpy(operation->hash, hash, required_hash_length); operation->hash_length = required_hash_length;