From 210c61336182ce3e48ca0050123fd7611e353039 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 11 Feb 2026 13:00:06 +0100 Subject: [PATCH] PK: fix stack buffer size for ECC keys MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This fixes 2 out of the 3 tests cases that were failing in test_suite_pk. The last failure will be adressed in the next commit. Signed-off-by: Manuel Pégourié-Gonnard --- library/pk.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/library/pk.c b/library/pk.c index f4d1123657..e33a497b17 100644 --- a/library/pk.c +++ b/library/pk.c @@ -43,6 +43,12 @@ #include "mbedtls/platform.h" // for calloc/free #endif +/* We know for ECC, pubkey are longer than privkeys, but double check */ +#define PK_MAX_EC_KEYPAIR_OR_PUBKEY_LENGTH MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH +#if MBEDTLS_PSA_MAX_EC_KEY_PAIR_LENGTH > PK_MAX_EC_KEYPAIR_OR_PUBKEY_LENGTH +#undef PK_MAX_EC_KEYPAIR_OR_PUBKEY_LENGTH +#define PK_MAX_EC_KEYPAIR_OR_PUBKEY_LENGTH MBEDTLS_PSA_MAX_EC_KEY_PAIR_LENGTH +#endif /* * Initialise a mbedtls_pk_context @@ -633,7 +639,7 @@ static psa_status_t export_import_into_psa(mbedtls_svc_key_id_t old_key_id, unsigned char *key_buffer = NULL; size_t key_buffer_size = 0; #else - unsigned char key_buffer[MBEDTLS_PSA_MAX_EC_KEY_PAIR_LENGTH]; + unsigned char key_buffer[PK_MAX_EC_KEYPAIR_OR_PUBKEY_LENGTH]; const size_t key_buffer_size = sizeof(key_buffer); #endif size_t key_length = 0; @@ -934,7 +940,7 @@ static int copy_from_psa(mbedtls_svc_key_id_t key_id, unsigned char *exp_key = NULL; size_t exp_key_size = 0; #else - unsigned char exp_key[MBEDTLS_PSA_MAX_EC_KEY_PAIR_LENGTH]; + unsigned char exp_key[PK_MAX_EC_KEYPAIR_OR_PUBKEY_LENGTH]; const size_t exp_key_size = sizeof(exp_key); #endif size_t exp_key_len;