Fix from review

embhorn · embhorn · commit 6515271f8529 · 2026-04-07T15:47:37.000-05:00
diff --git a/src/sign-verify/clu_sign.c b/src/sign-verify/clu_sign.c
@@ -396,7 +396,8 @@ int wolfCLU_sign_data_ecc(byte* data, char* out, word32 fSz, char* privKey,
         XMEMSET(outBuf, 0, outBufSz);
 
         /* hash the input data before signing -- ECDSA signs a digest, not raw
-         * data.  Select a hash whose digest size matches the curve. */
+         * data.  Select a curve-appropriate hash paired with the curve
+         * strength; ECDSA will truncate the digest as needed. */
         keySz = wc_ecc_size(&key);
         if (keySz <= 32) {
             hashType = WC_HASH_TYPE_SHA256;
@@ -408,7 +409,13 @@ int wolfCLU_sign_data_ecc(byte* data, char* out, word32 fSz, char* privKey,
             hashType = WC_HASH_TYPE_SHA512;
         }
         digestSz = wc_HashGetDigestSize(hashType);
-        ret = wc_Hash(hashType, data, fSz, hashBuf, digestSz);
+        if (digestSz <= 0 || digestSz > WC_MAX_DIGEST_SIZE) {
+            wolfCLU_LogError("Invalid hash digest size: %d", digestSz);
+            ret = BAD_FUNC_ARG;
+        }
+        else {
+            ret = wc_Hash(hashType, data, fSz, hashBuf, digestSz);
+        }
 
         /* signing the hash with ecc priv key to produce signature */
         if (ret == 0) {
diff --git a/src/sign-verify/clu_verify.c b/src/sign-verify/clu_verify.c
@@ -574,7 +574,8 @@ int wolfCLU_verify_signature_ecc(byte* sig, int sigSz, byte* hash, int hashSz,
         XMEMSET(outBuf, 0, outBufSz);
 
         /* hash the input data before verifying -- ECDSA operates on a digest,
-         * not raw data.  Select a hash whose digest size matches the curve. */
+         * not raw data.  Select a curve-appropriate hash paired with the curve
+         * strength; ECDSA will truncate the digest as needed. */
         keySz = wc_ecc_size(&key);
         if (keySz <= 32) {
             hashType = WC_HASH_TYPE_SHA256;
@@ -586,7 +587,12 @@ int wolfCLU_verify_signature_ecc(byte* sig, int sigSz, byte* hash, int hashSz,
             hashType = WC_HASH_TYPE_SHA512;
         }
         digestSz = wc_HashGetDigestSize(hashType);
-        ret = wc_Hash(hashType, hash, hashSz, hashBuf, digestSz);
+        if (digestSz > 0 && digestSz <= WC_MAX_DIGEST_SIZE) {
+            ret = wc_Hash(hashType, hash, hashSz, hashBuf, digestSz);
+        }
+        else {
+            ret = BAD_FUNC_ARG;
+        }
 
         /* verify the hash with Ecc public key */
         if (ret == 0) {
