mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2026-07-05 09:20:55 +02:00
linuxkm/lkcapi_ecdsa_glue.c: in km_ecdsa_verify(), add checks on hash_len following pattern of #10131, before calling wc_ecc_verify_hash(), for defense-in-depth.
This commit is contained in:
@@ -401,7 +401,9 @@ static int km_ecdsa_verify(struct akcipher_request *req)
|
||||
sig_len = req->src_len;
|
||||
hash_len = req->dst_len;
|
||||
|
||||
if (hash_len <= 0) {
|
||||
if ((hash_len > WC_MAX_DIGEST_SIZE) ||
|
||||
(hash_len < WC_MIN_DIGEST_SIZE))
|
||||
{
|
||||
err = -EINVAL;
|
||||
goto ecdsa_verify_end;
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user