From 0fbfbb8089ed6f662c21f3fd38f6a32e09348c27 Mon Sep 17 00:00:00 2001 From: Marco Oliverio Date: Tue, 14 Apr 2026 16:34:21 +0200 Subject: [PATCH] se050: refuse invalid digest sz in ECDSA --- wolfcrypt/src/port/nxp/se050_port.c | 14 ++++---------- 1 file changed, 4 insertions(+), 10 deletions(-) diff --git a/wolfcrypt/src/port/nxp/se050_port.c b/wolfcrypt/src/port/nxp/se050_port.c index 9ec92f53df..4439ee4825 100644 --- a/wolfcrypt/src/port/nxp/se050_port.c +++ b/wolfcrypt/src/port/nxp/se050_port.c @@ -2146,11 +2146,8 @@ int se050_ecc_sign_hash_ex(const byte* in, word32 inLen, MATH_INT_T* r, MATH_INT algorithm = se050_map_hash_alg(inLen); if (algorithm == kAlgorithm_None) { - inLen = keySize; /* try key size */ - algorithm = se050_map_hash_alg(inLen); - } - if (algorithm == kAlgorithm_None) { - return ECC_CURVE_OID_E; + WOLFSSL_MSG("SE050 ECDSA sign only supports SHA-1/224/256/384/512 digest sizes"); + return BAD_LENGTH_E; } if (wolfSSL_CryptHwMutexLock() != 0) { @@ -2317,11 +2314,8 @@ int se050_ecc_verify_hash_ex(const byte* hash, word32 hashLen, MATH_INT_T* r, algorithm = se050_map_hash_alg(hashLen); if (algorithm == kAlgorithm_None) { - hashLen = keySize; /* try key size */ - algorithm = se050_map_hash_alg(hashLen); - } - if (algorithm == kAlgorithm_None) { - return ECC_CURVE_OID_E; + WOLFSSL_MSG("SE050 ECDSA verify only supports SHA-1/224/256/384/512 digest sizes"); + return BAD_LENGTH_E; } if (wolfSSL_CryptHwMutexLock() != 0) {