From edad8d1da84d824d8a5c276e8b68f060414adf16 Mon Sep 17 00:00:00 2001
From: JacobBarthelmeh <jacob@wolfssl.com>
Date: Tue, 11 Apr 2023 09:06:39 -0700
Subject: [PATCH] avoid callback buffer overwrite with sha512_224 and remove
 min from wolfcaam_cmac

---
 wolfcrypt/src/port/caam/wolfcaam_cmac.c | 3 ++-
 wolfcrypt/src/sha512.c                  | 7 +++++--
 2 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/wolfcrypt/src/port/caam/wolfcaam_cmac.c b/wolfcrypt/src/port/caam/wolfcaam_cmac.c
index 4ce439941..737f19da0 100644
--- a/wolfcrypt/src/port/caam/wolfcaam_cmac.c
+++ b/wolfcrypt/src/port/caam/wolfcaam_cmac.c
@@ -99,7 +99,8 @@ int wc_CAAM_Cmac(Cmac* cmac, const byte* key, word32 keySz, const byte* in,
                 WOLFSSL_MSG("Error with CMAC buffer size");
                 return -1;
             }
-            add = min(sz, (int)(AES_BLOCK_SIZE - cmac->bufferSz));
+            add = (sz < ((int)(AES_BLOCK_SIZE - cmac->bufferSz))) ? sz :
+                   (int)(AES_BLOCK_SIZE - cmac->bufferSz);
             XMEMCPY(&cmac->buffer[cmac->bufferSz], pt, add);
 
             cmac->bufferSz += add;
diff --git a/wolfcrypt/src/sha512.c b/wolfcrypt/src/sha512.c
index bffa98501..3d0d3cc7f 100644
--- a/wolfcrypt/src/sha512.c
+++ b/wolfcrypt/src/sha512.c
@@ -1110,9 +1110,12 @@ static int Sha512_Family_Final(wc_Sha512* sha512, byte* hash, int digestSz,
 
 #ifdef WOLF_CRYPTO_CB
     if (sha512->devId != INVALID_DEVID) {
-        ret = wc_CryptoCb_Sha512Hash(sha512, NULL, 0, hash);
-        if (ret != CRYPTOCB_UNAVAILABLE)
+        byte localHash[WC_SHA512_DIGEST_SIZE];
+        ret = wc_CryptoCb_Sha512Hash(sha512, NULL, 0, localHash);
+        if (ret != CRYPTOCB_UNAVAILABLE) {
+            XMEMCPY(hash, localHash, digestSz);
             return ret;
+        }
         /* fall-through when unavailable */
     }
 #endif