t_cose: Updating Patch 0007

gaborgvarga · adeaarm · commit 168080d3e51c · 2025-08-04T13:23:38.000Z
The issue addressed by this patch has been fixed in the upstream
repository. The associated pull request has been reviewed,
approved, and merged. This update replaces the previous patch file with
the latest version, ensuring that the TF-M patch remains fully in sync
with the upstream t_cose repository.

Signed-off-by: G. Varga, Gabor &lt;Gabor.G.Varga@arm.com&gt;
Change-Id: I9cbfbae69a142ed23e2a2d44070b1cfa02b5d5dd
diff --git a/lib/ext/t_cose/0007-Refining-signature-buffer-size.patch b/lib/ext/t_cose/0007-Refining-signature-buffer-size.patch
@@ -1,6 +1,6 @@
-From efc0be2279a82664ed2d87ad51573e39222b8c1c Mon Sep 17 00:00:00 2001
+From 12c9638cef18730910ab8afc0cf8dc999ba6c7d9 Mon Sep 17 00:00:00 2001
 From: "G. Varga, Gabor" <Gabor.G.Varga@arm.com>
-Date: Wed, 9 Jul 2025 14:21:03 +0200
+Date: Tue, 29 Jul 2025 14:17:06 +0200
 Subject: [PATCH] Refining signature buffer size
 
 When using t_cose with the PSA Crypto adaptor layer,
@@ -13,29 +13,29 @@ inside the PSA Crypto service and can exceed internal limits like
 CRYPTO_IOVEC_BUFFER_SIZE.
 
 This patch addresses the issue by computing the expected signature size
-using t_cose_crypto_sig_size() and passing the smaller of the two sizes
-to psa_sign_hash(). If the signature size query fails, the original
-buffer size is used as a fallback to maintain compatibility.
+using t_cose_crypto_sig_size() and validating it against the actual size
+of the provided buffer. If the expected size exceeds the available
+buffer length, the function returns T_COSE_ERR_SIG_BUFFER_SIZE,
+preventing a potentially unsafe call into psa_sign_hash().
 
 Signed-off-by: G. Varga, Gabor <Gabor.G.Varga@arm.com>
-Change-Id: I97ab1633b6acf6de25bdbf4cf76c3666568c53c1
+Change-Id: If70d36e930decb05a2bd45c2b31edf74a5cbea9f
 ---
- crypto_adapters/t_cose_psa_crypto.c | 13 ++++++++++++-
- 1 file changed, 12 insertions(+), 1 deletion(-)
+ crypto_adapters/t_cose_psa_crypto.c | 12 +++++++++++-
+ 1 file changed, 11 insertions(+), 1 deletion(-)
 
 diff --git a/crypto_adapters/t_cose_psa_crypto.c b/crypto_adapters/t_cose_psa_crypto.c
-index 2095002..018c52b 100644
+index 2095002..0d32cba 100644
 --- a/crypto_adapters/t_cose_psa_crypto.c
 +++ b/crypto_adapters/t_cose_psa_crypto.c
-@@ -239,6 +239,17 @@ t_cose_crypto_sign(int32_t                cose_algorithm_id,
+@@ -239,6 +239,16 @@ t_cose_crypto_sign(int32_t                cose_algorithm_id,
  
      signing_key_psa = (psa_key_handle_t)signing_key.key.handle;
  
 +    /* Determine signature size and validate against buffer size */
 +    return_value = t_cose_crypto_sig_size(cose_algorithm_id, signing_key, &signature_len);
 +    if (return_value != T_COSE_SUCCESS) {
-+        /* Fallback: use entire buffer */
-+        signature_len = signature_buffer.len;
++        goto Done;
 +    } else if (signature_len > signature_buffer.len) {
 +        /* Determined size too large for provided buffer */
 +        return_value = T_COSE_ERR_SIG_BUFFER_SIZE;
@@ -45,7 +45,7 @@ index 2095002..018c52b 100644
      /* It is assumed that this call is checking the signature_buffer
       * length and won't write off the end of it.
       */
-@@ -248,7 +259,7 @@ t_cose_crypto_sign(int32_t                cose_algorithm_id,
+@@ -248,7 +258,7 @@ t_cose_crypto_sign(int32_t                cose_algorithm_id,
                                 hash_to_sign.ptr,
                                 hash_to_sign.len,
                                 signature_buffer.ptr, /* Sig buf */
