feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

OpenSSL EC API: fix setting private key

Browse Source 
wolfSSL_EC_KEY_set_private_key() should fail on obvious bad private key
values.
This commit is contained in:
Sean Parkinson
2023-04-24 17:59:32 +10:00
parent 865581704e
commit 673d72a2dc
2 changed files with 10 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
src/pk.c
View File

@ -12753,7 +12753,7 @@ WOLFSSL_BIGNUM *wolfSSL_EC_KEY_get0_private_key(const WOLFSSL_EC_KEY *key)
* @return 0 on failure. * @return 0 on failure.
*/ */
int wolfSSL_EC_KEY_set_private_key(WOLFSSL_EC_KEY *key, int wolfSSL_EC_KEY_set_private_key(WOLFSSL_EC_KEY *key,
const WOLFSSL_BIGNUM *priv_key) const WOLFSSL_BIGNUM *priv_key)
{ {
int ret = 1; int ret = 1;
@ -12765,6 +12765,13 @@ int wolfSSL_EC_KEY_set_private_key(WOLFSSL_EC_KEY *key,
ret = 0; ret = 0;
} }
/* Check for obvious invalid values. */
if (wolfSSL_BN_is_negative(priv_key) || wolfSSL_BN_is_zero(priv_key) ||
wolfSSL_BN_is_one(priv_key)) {
WOLFSSL_MSG("Invalid private key value");
ret = 0;
}
if (ret == 1) { if (ret == 1) {
/* Free key if previously set. */ /* Free key if previously set. */
if (key->priv_key != NULL) { if (key->priv_key != NULL) {

4
tests/api.c
View File

@ -59980,8 +59980,8 @@ static int test_wolfSSL_EC_KEY_private_key(void)
AssertNotNull(key = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1)); AssertNotNull(key = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1));
AssertNotNull(priv = wolfSSL_BN_new()); AssertNotNull(priv = wolfSSL_BN_new());
AssertNotNull(priv2 = wolfSSL_BN_new()); AssertNotNull(priv2 = wolfSSL_BN_new());
AssertIntNE(BN_set_word(priv, 1), 0); AssertIntNE(BN_set_word(priv, 2), 0);
AssertIntNE(BN_set_word(priv2, 1), 0); AssertIntNE(BN_set_word(priv2, 2), 0);
AssertNull(wolfSSL_EC_KEY_get0_private_key(NULL)); AssertNull(wolfSSL_EC_KEY_get0_private_key(NULL));
/* No private key set. */ /* No private key set. */