From f648fca1b95d9bf43ca5ec84a6f1b2701dff73f2 Mon Sep 17 00:00:00 2001
From: "harshal.patil" <harshal.patil@espressif.com>
Date: Thu, 5 Sep 2024 12:17:17 +0530
Subject: [PATCH] fix(mbedtls/port): Check signature hash length before using
 ECDSA hardware

---
 components/mbedtls/port/ecdsa/ecdsa_alt.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/components/mbedtls/port/ecdsa/ecdsa_alt.c b/components/mbedtls/port/ecdsa/ecdsa_alt.c
index 2683ae5b75..bf48f0cd82 100644
--- a/components/mbedtls/port/ecdsa/ecdsa_alt.c
+++ b/components/mbedtls/port/ecdsa/ecdsa_alt.c
@@ -438,7 +438,7 @@ int __wrap_mbedtls_ecdsa_verify(mbedtls_ecp_group *grp,
                          const mbedtls_mpi *r,
                          const mbedtls_mpi *s)
 {
-    if (grp->id == MBEDTLS_ECP_DP_SECP192R1 || grp->id == MBEDTLS_ECP_DP_SECP256R1) {
+    if ((grp->id == MBEDTLS_ECP_DP_SECP192R1 || grp->id == MBEDTLS_ECP_DP_SECP256R1) && blen == ECDSA_SHA_LEN) {
         return esp_ecdsa_verify(grp, buf, blen, Q, r, s);
     } else {
         return __real_mbedtls_ecdsa_verify(grp, buf, blen, Q, r, s);