fix(mbedtls/port): Check signature hash length before using ECDSA hardware

2024-09-05 12:17:17 +05:30
parent 59e1838270
commit 331fd7f79f
1 changed files with 1 additions and 1 deletions
--- a/components/mbedtls/port/ecdsa/ecdsa_alt.c
+++ b/components/mbedtls/port/ecdsa/ecdsa_alt.c
@ -674,7 +674,7 @@ int __wrap_mbedtls_ecdsa_verify(mbedtls_ecp_group *grp,
                         const mbedtls_mpi *r,
                         const mbedtls_mpi *s)
 {
-    if (grp->id == MBEDTLS_ECP_DP_SECP192R1 || grp->id == MBEDTLS_ECP_DP_SECP256R1) {
+    if ((grp->id == MBEDTLS_ECP_DP_SECP192R1 || grp->id == MBEDTLS_ECP_DP_SECP256R1) && blen == ECDSA_SHA_LEN) {
        return esp_ecdsa_verify(grp, buf, blen, Q, r, s);
    } else {
        return __real_mbedtls_ecdsa_verify(grp, buf, blen, Q, r, s);