From ba70ad49446e3e814cb3dc0413b3956ade0e3265 Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Wed, 15 Feb 2023 18:23:53 +0000
Subject: [PATCH] Add safety for keys larger than we currently support.

Prevent buffer overflow with keys whos grp.nbits is greater than
PSA_VENDOR_ECC_MAX_CURVE_BITS.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 library/psa_crypto.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 39da74b489..36d48ad8f2 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -3577,6 +3577,11 @@ psa_status_t mbedtls_psa_sign_hash_start(
     required_hash_length = (hash_length < operation->coordinate_bytes ?
                             hash_length : operation->coordinate_bytes);
 
+    if (required_hash_length > sizeof(operation->hash)) {
+        /* Shouldn't happen, but better safe than sorry. */
+        return PSA_ERROR_CORRUPTION_DETECTED;
+    }
+
     memcpy(operation->hash, hash, required_hash_length);
     operation->hash_length = required_hash_length;
 
@@ -3812,6 +3817,11 @@ psa_status_t mbedtls_psa_verify_hash_start(
     required_hash_length = (hash_length < coordinate_bytes ? hash_length :
                             coordinate_bytes);
 
+    if (required_hash_length > sizeof(operation->hash)) {
+        /* Shouldn't happen, but better safe than sorry. */
+        return PSA_ERROR_CORRUPTION_DETECTED;
+    }
+
     memcpy(operation->hash, hash, required_hash_length);
     operation->hash_length = required_hash_length;