From 01bcc1f75457b7089a796f222abc28c62c3f2ef8 Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Thu, 26 Feb 2026 14:47:04 +0000 Subject: [PATCH] Add missing FFDH public key buffer length check When exporting an FFDH public key we were not properly checking the length of the output buffer and would write the full length of the key in all cases. Fix this by checking the size of the output buffer before we write to it. Signed-off-by: David Horstmann --- library/psa_crypto_ffdh.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/library/psa_crypto_ffdh.c b/library/psa_crypto_ffdh.c index ae38f6d7c6..ec169b8a98 100644 --- a/library/psa_crypto_ffdh.c +++ b/library/psa_crypto_ffdh.c @@ -168,6 +168,10 @@ psa_status_t mbedtls_psa_ffdh_export_public_key( mbedtls_mpi_init(&X); mbedtls_mpi_init(&P); size_t key_len = PSA_BITS_TO_BYTES(attributes->bits); + if (key_len > data_size) { + status = PSA_ERROR_BUFFER_TOO_SMALL; + goto cleanup; + } status = mbedtls_psa_ffdh_set_prime_generator(key_len, &P, &G);