From 0f11369680acae277bce5c9fed4d5bfe18a58c96 Mon Sep 17 00:00:00 2001
From: David Garske <david@wolfssl.com>
Date: Fri, 24 Apr 2020 09:01:51 -0700
Subject: [PATCH] PIC32MZ Fix for `WOLFSSL_PIC32MZ_LARGE_HASH`: Only submit to
 hardware if update data provided matches expected. ZD 10211.

---
 wolfcrypt/src/port/pic32/pic32mz-crypt.c | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/wolfcrypt/src/port/pic32/pic32mz-crypt.c b/wolfcrypt/src/port/pic32/pic32mz-crypt.c
index 1e618c194..4b6825d11 100644
--- a/wolfcrypt/src/port/pic32/pic32mz-crypt.c
+++ b/wolfcrypt/src/port/pic32/pic32mz-crypt.c
@@ -560,9 +560,16 @@ static int wc_Pic32HashFinal(hashUpdCache* cache, byte* stdBuf,
 
 #ifdef WOLFSSL_PIC32MZ_LARGE_HASH
     if (cache->finalLen) {
-        start_engine(&gLHDesc);
-        wait_engine(&gLHDesc, (char*)digest, digestSz);
-        XMEMCPY(hash, digest, digestSz);
+        /* Only submit to hardware if update data provided matches expected */
+        if (cache->bufLen == cache->finalLen) {
+            start_engine();
+            wait_engine((char*)digest, digestSz);
+            XMEMCPY(hash, digest, digestSz);
+        }
+        else {
+            wolfSSL_CryptHwMutexUnLock();
+            ret = BUFFER_E;
+        }
         cache->finalLen = 0;
     }
     else