feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Clang static analysis found a potential issue when checking an ECC key

Browse Source 
when the curve cache is enabled. There was a chance it could dereference
NULL. Added some error checks to fix it.
This commit is contained in:
John Safranek
2019-03-29 13:35:27 -07:00
parent b1c791dbd9
commit 6d1a11eefb
1 changed files with 10 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
wolfcrypt/src/ecc.c
View File

@ -6278,17 +6278,22 @@ int wc_ecc_check_key(ecc_key* key)
if (err == MP_OKAY)
err = mp_read_radix(b, key->dp->Bf, MP_RADIX_HEX);
#else
b = curve->Bf;
if (err == MP_OKAY)
b = curve->Bf;
#endif
/* SP 800-56Ar3, section 5.6.2.3.3, process step 2 */
/* Qx must be in the range [0, p-1] */
if (mp_cmp(key->pubkey.x, curve->prime) != MP_LT)
err = ECC_OUT_OF_RANGE_E;
if (err == MP_OKAY) {
if (mp_cmp(key->pubkey.x, curve->prime) != MP_LT)
err = ECC_OUT_OF_RANGE_E;
}
/* Qy must be in the range [0, p-1] */
if (mp_cmp(key->pubkey.y, curve->prime) != MP_LT)
err = ECC_OUT_OF_RANGE_E;
if (err == MP_OKAY) {
if (mp_cmp(key->pubkey.y, curve->prime) != MP_LT)
err = ECC_OUT_OF_RANGE_E;
}
/* SP 800-56Ar3, section 5.6.2.3.3, process steps 3 */
/* make sure point is actually on curve */