Add signature length mismatch handling when using PSA in pk_verify_ext Introduce a regression test for that too. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>

commit: 8666df6f189c6f46bd17e17d8648aaacc3380d16 [log] [tgz]
author: Andrzej Kurek <andrzej.kurek@arm.com> Tue Feb 15 08:23:02 2022 -0500
committer: Andrzej Kurek <andrzej.kurek@arm.com> Tue Feb 15 08:23:02 2022 -0500
tree: 0983f47f93ef1359a33f2830d74649d01938eacb
parent: 90ba2cbd0aa3fcff2c95861a5d697747f23df7b5 [diff] [blame]
diff --git a/library/pk.c b/library/pk.c
index de0f7af..855b6e1 100644
--- a/library/pk.c
+++ b/library/pk.c

@@ -410,6 +410,9 @@
                                   hash_len, sig, sig_len );
         psa_destroy_key( key_id );
 
+        if( status == PSA_SUCCESS && sig_len > mbedtls_pk_get_len( ctx ) )
+            return( MBEDTLS_ERR_PK_SIG_LEN_MISMATCH );
+
         return( status == PSA_ERROR_INVALID_SIGNATURE?
                               MBEDTLS_ERR_RSA_VERIFY_FAILED :
                               mbedtls_psa_err_translate_pk( status ) );
commit	8666df6f189c6f46bd17e17d8648aaacc3380d16	[log] [tgz]
author	Andrzej Kurek <andrzej.kurek@arm.com>	Tue Feb 15 08:23:02 2022 -0500
committer	Andrzej Kurek <andrzej.kurek@arm.com>	Tue Feb 15 08:23:02 2022 -0500
tree	0983f47f93ef1359a33f2830d74649d01938eacb
parent	90ba2cbd0aa3fcff2c95861a5d697747f23df7b5 [diff] [blame]