psa_util: improve check of raw_len in mbedtls_ecdsa_raw_to_der()

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2026-01-06 11:41:12 +03:00 · 2024-02-05 15:35:26 +01:00
parent 2bd0ecdf45
commit 8334d00772
3 changed files with 11 additions and 2 deletions
--- a/library/psa_util.c
+++ b/library/psa_util.c
@@ -413,7 +413,7 @@ int mbedtls_ecdsa_raw_to_der(size_t bits, const unsigned char *raw, size_t raw_l
    unsigned char *p = der + der_size;
    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;

-    if (raw_len < 2 * coordinate_len) {
+    if ((raw_len < 2 * coordinate_len) || (raw_len > 2 * coordinate_len)) {
        return MBEDTLS_ERR_ASN1_INVALID_DATA;
    }