add sanity check on keysize found with ECC point import

This commit is contained in:
JacobBarthelmeh
2026-03-16 16:18:24 -06:00
parent 96661a5dab
commit 44de734fa3
2 changed files with 33 additions and 0 deletions
+7
View File
@@ -9487,6 +9487,13 @@ int wc_ecc_import_point_der_ex(const byte* in, word32 inLen,
keysize = (int)(inLen>>1);
#endif
/* sanity check that x coordinate is expected size */
if (err == MP_OKAY) {
if (keysize != ecc_sets[curve_idx].size) {
err = ECC_BAD_ARG_E;
}
}
/* read data */
if (err == MP_OKAY)
err = mp_read_unsigned_bin(point->x, in, (word32)keysize);
+26
View File
@@ -35072,6 +35072,32 @@ static wc_test_ret_t ecc_point_test(void)
#if defined(HAVE_COMP_KEY) && (!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) || \
(defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2)))
/* Test compressed point with missing x coordinate bytes */
ret = wc_ecc_import_point_der(derComp0, 1, curve_idx, point3);
if (ret != WC_NO_ERR_TRACE(ECC_BAD_ARG_E)) {
ret = WC_TEST_RET_ENC_EC(ret);
goto done;
}
ret = wc_ecc_import_point_der(derComp1, 1, curve_idx, point3);
if (ret != WC_NO_ERR_TRACE(ECC_BAD_ARG_E)) {
ret = WC_TEST_RET_ENC_EC(ret);
goto done;
}
/* Full uncompressed P-256 length (65 bytes) but invalid prefix byte */
{
byte invalidType[65];
XMEMSET(invalidType, 0x42, sizeof(invalidType));
invalidType[0] = 0x01;
ret = wc_ecc_import_point_der_ex(invalidType, sizeof(invalidType),
curve_idx, point3, 0);
if (ret != WC_NO_ERR_TRACE(ASN_PARSE_E)) {
ret = WC_TEST_RET_ENC_EC(ret);
goto done;
}
}
ret = wc_ecc_import_point_der(derComp0, sizeof(derComp0)*2-1, curve_idx, point3);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);