diff --git a/wolfcrypt/src/dh.c b/wolfcrypt/src/dh.c index d5187c924..02a2de7cc 100644 --- a/wolfcrypt/src/dh.c +++ b/wolfcrypt/src/dh.c @@ -1347,10 +1347,6 @@ static int wc_DhGenerateKeyPair_Sync(DhKey* key, WC_RNG* rng, ret = GeneratePublicDh(key, priv, *privSz, pub, pubSz); if (ret == 0) ret = _ffc_validate_public_key(key, pub, *pubSz, NULL, 0, 0); - if (ret == 0) { - ret = _ffc_pairwise_consistency_test(key, pub, *pubSz, priv, *privSz); - if (ret != 0) ret = DHE_PCT_E; - } return ret; } @@ -1747,6 +1743,8 @@ int wc_DhCheckPrivKey(DhKey* key, const byte* priv, word32 privSz) /* Performs a Pairwise Consistency Test on an FFC key pair. */ +/* Check DH Keys for pair-wise consistency per process in + * SP 800-56Ar3, section 5.6.2.1.4, method (b) for FFC. */ static int _ffc_pairwise_consistency_test(DhKey* key, const byte* pub, word32 pubSz, const byte* priv, word32 privSz) { diff --git a/wolfcrypt/src/ecc.c b/wolfcrypt/src/ecc.c index 7c08a27c3..933f92c8f 100644 --- a/wolfcrypt/src/ecc.c +++ b/wolfcrypt/src/ecc.c @@ -4545,13 +4545,6 @@ static int ecc_make_pub_ex(ecc_key* key, ecc_curve_spec* curveIn, } #endif -#ifdef WOLFSSL_VALIDATE_ECC_KEYGEN - /* validate the public key, order * pubkey = point at infinity */ - if (err == MP_OKAY) - err = ecc_check_pubkey_order(key, pub, curve->Af, curve->prime, - curve->order); -#endif /* WOLFSSL_VALIDATE_KEYGEN */ - if (err != MP_OKAY) { /* clean up if failed */ #ifndef ALT_ECC_SIZE @@ -4837,12 +4830,6 @@ int wc_ecc_make_key_ex2(WC_RNG* rng, int keysize, ecc_key* key, int curve_id, err = _ecc_validate_public_key(key, 0, 0); } -#ifdef WOLFSSL_VALIDATE_ECC_KEYGEN - if (err == MP_OKAY) { - err = _ecc_pairwise_consistency_test(key); - } -#endif - return err; } @@ -9057,7 +9044,7 @@ int wc_ecc_import_private_key_ex(const byte* priv, word32 privSz, #ifdef WOLFSSL_VALIDATE_ECC_IMPORT if ((pub != NULL) && (ret == MP_OKAY)) /* public key needed to perform key validation */ - ret = ecc_check_privkey_gen_helper(key); + ret = _ecc_pairwise_consistency_test(key); #endif return ret;