diff --git a/wolfcrypt/src/port/st/stm32.c b/wolfcrypt/src/port/st/stm32.c
index 3b8c01411..34e732ae3 100644
--- a/wolfcrypt/src/port/st/stm32.c
+++ b/wolfcrypt/src/port/st/stm32.c
@@ -992,7 +992,7 @@ int stm32_ecc_verify_hash_ex(mp_int *r, mp_int *s, const byte* hash,
     else if (hashlen > size) {
         /* in the case that hashlen is larger than key size place hash at
          * beginning of buffer */
-        XMEMCPY(Hashbin, hash, hashlen);
+        XMEMCPY(Hashbin, hash, size);
     }
     else {
         /* in all other cases where hashlen is equal to or less than the key
@@ -1072,7 +1072,19 @@ int stm32_ecc_sign_hash_ex(const byte* hash, word32 hashlen, WC_RNG* rng,
     pka_ecc.primeOrder =      order;
 
     XMEMSET(Hashbin, 0, STM32_MAX_ECC_SIZE);
-    XMEMCPY(Hashbin + (size - hashlen), hash, hashlen);
+    if (hashlen > STM32_MAX_ECC_SIZE) {
+        return ECC_BAD_ARG_E;
+    }
+    else if (hashlen > size) {
+        /* in the case that hashlen is larger than key size place hash at
+         * beginning of buffer */
+        XMEMCPY(Hashbin, hash, size);
+    }
+    else {
+        /* in all other cases where hashlen is equal to or less than the key
+         * size pad the Hashbin buffer with leading zero's */
+        XMEMCPY(Hashbin + (size - hashlen), hash, hashlen);
+    }
     pka_ecc.hash =            Hashbin;
     pka_ecc.integer =         Intbin;
     pka_ecc.privateKey =      Keybin;