From 673d72a2dc74260a73ceb47ea4a6fd79e26e7b74 Mon Sep 17 00:00:00 2001 From: Sean Parkinson Date: Mon, 24 Apr 2023 17:59:32 +1000 Subject: [PATCH] OpenSSL EC API: fix setting private key wolfSSL_EC_KEY_set_private_key() should fail on obvious bad private key values. --- src/pk.c | 9 ++++++++- tests/api.c | 4 ++-- 2 files changed, 10 insertions(+), 3 deletions(-) diff --git a/src/pk.c b/src/pk.c index d5e647e9c..8ac6a8271 100644 --- a/src/pk.c +++ b/src/pk.c @@ -12753,7 +12753,7 @@ WOLFSSL_BIGNUM *wolfSSL_EC_KEY_get0_private_key(const WOLFSSL_EC_KEY *key) * @return 0 on failure. */ int wolfSSL_EC_KEY_set_private_key(WOLFSSL_EC_KEY *key, - const WOLFSSL_BIGNUM *priv_key) + const WOLFSSL_BIGNUM *priv_key) { int ret = 1; @@ -12765,6 +12765,13 @@ int wolfSSL_EC_KEY_set_private_key(WOLFSSL_EC_KEY *key, ret = 0; } + /* Check for obvious invalid values. */ + if (wolfSSL_BN_is_negative(priv_key) || wolfSSL_BN_is_zero(priv_key) || + wolfSSL_BN_is_one(priv_key)) { + WOLFSSL_MSG("Invalid private key value"); + ret = 0; + } + if (ret == 1) { /* Free key if previously set. */ if (key->priv_key != NULL) { diff --git a/tests/api.c b/tests/api.c index e66dbc551..c905ad080 100644 --- a/tests/api.c +++ b/tests/api.c @@ -59980,8 +59980,8 @@ static int test_wolfSSL_EC_KEY_private_key(void) AssertNotNull(key = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1)); AssertNotNull(priv = wolfSSL_BN_new()); AssertNotNull(priv2 = wolfSSL_BN_new()); - AssertIntNE(BN_set_word(priv, 1), 0); - AssertIntNE(BN_set_word(priv2, 1), 0); + AssertIntNE(BN_set_word(priv, 2), 0); + AssertIntNE(BN_set_word(priv2, 2), 0); AssertNull(wolfSSL_EC_KEY_get0_private_key(NULL)); /* No private key set. */