linuxkm/lkcapi_ecdsa_glue.c: in km_ecdsa_verify(), add checks on hash_len following pattern of #10131, before calling wc_ecc_verify_hash(), for defense-in-depth.

This commit is contained in:
Daniel Pouzzner
2026-04-24 11:54:36 -05:00
parent 426dc7bb76
commit 6c9e0ea5a7
+3 -1
View File
@@ -401,7 +401,9 @@ static int km_ecdsa_verify(struct akcipher_request *req)
sig_len = req->src_len;
hash_len = req->dst_len;
if (hash_len <= 0) {
if ((hash_len > WC_MAX_DIGEST_SIZE) ||
(hash_len < WC_MIN_DIGEST_SIZE))
{
err = -EINVAL;
goto ecdsa_verify_end;
}