From 70b9833e98893481f2a96bc24a958c5d06a0bb78 Mon Sep 17 00:00:00 2001
From: Sean Parkinson <sean@wolfssl.com>
Date: Fri, 8 Jul 2022 08:54:53 +1000
Subject: [PATCH] ECC import and export fixes

On raw import, don't import ordinates that are larger than the curve
size.
On export of compressed point, don't export ordinate if it is larger
than the curve size.
---
 wolfcrypt/src/ecc.c | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/wolfcrypt/src/ecc.c b/wolfcrypt/src/ecc.c
index 7cc00d9f9..eadec7cc8 100644
--- a/wolfcrypt/src/ecc.c
+++ b/wolfcrypt/src/ecc.c
@@ -10125,6 +10125,9 @@ static int wc_ecc_import_raw_private(ecc_key* key, const char* qx,
             WOLFSSL_MSG("Invalid Qx");
             err = BAD_FUNC_ARG;
         }
+        if (mp_unsigned_bin_size(key->pubkey.y) > key->dp->size) {
+            err = BAD_FUNC_ARG;
+        }
     }
 
     /* read Qy */
@@ -10139,6 +10142,9 @@ static int wc_ecc_import_raw_private(ecc_key* key, const char* qx,
             WOLFSSL_MSG("Invalid Qy");
             err = BAD_FUNC_ARG;
         }
+        if (mp_unsigned_bin_size(key->pubkey.y) > key->dp->size) {
+            err = BAD_FUNC_ARG;
+        }
     }
 
     if (err == MP_OKAY) {
@@ -13735,6 +13741,9 @@ static int wc_ecc_export_x963_compressed(ecc_key* key, byte* out, word32* outLen
    if (out == NULL)
        return BAD_FUNC_ARG;
 
+   if (mp_unsigned_bin_size(key->pubkey.x) > (int)numlen)
+       return ECC_BAD_ARG_E;
+
    /* store first byte */
    out[0] = mp_isodd(key->pubkey.y) == MP_YES ? ECC_POINT_COMP_ODD : ECC_POINT_COMP_EVEN;