ECC: import point, always do some checks when untrusted

Always check for infinity and, when B param available, whether the point
is on the curve when point is untrusted.
Change TLS code to treat points from peer as untrusted on import.
This commit is contained in:
Sean Parkinson
2026-01-20 10:26:29 +10:00
parent b56eeb91aa
commit 565ac4c101
4 changed files with 57 additions and 7 deletions
+18 -3
View File
@@ -32375,8 +32375,15 @@ static int GetEcDiffieHellmanKea(WOLFSSL *ssl,
}
curveId = wc_ecc_get_oid((word32) curveOid, NULL, NULL);
#if !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
if (wc_ecc_import_x963_ex2(input + args->idx, length,
ssl->peerEccKey, curveId, 1) != 0)
#else
/* FIPS has validation define on. */
if (wc_ecc_import_x963_ex(input + args->idx, length,
ssl->peerEccKey, curveId) != 0) {
ssl->peerEccKey, curveId) != 0)
#endif
{
#ifdef WOLFSSL_EXTRA_ALERTS
SendAlert(ssl, alert_fatal, illegal_parameter);
#endif
@@ -40659,9 +40666,17 @@ static int DefTicketEncCb(WOLFSSL* ssl, byte key_name[WOLFSSL_TICKET_NAME_SZ],
if (ret != 0)
return ret;
}
#if !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
if (wc_ecc_import_x963_ex2(input + args->idx, args->length,
ssl->peerEccKey, kea == ecdhe_psk_kea ? ssl->eccTempKey->dp->id
: private_key->dp->id, 1))
#else
/* FIPS has validation define on. */
if (wc_ecc_import_x963_ex(input + args->idx, args->length,
ssl->peerEccKey, kea == ecdhe_psk_kea ? ssl->eccTempKey->dp->id
: private_key->dp->id)) {
ssl->peerEccKey, kea == ecdhe_psk_kea ? ssl->eccTempKey->dp->id
: private_key->dp->id))
#endif
{
#ifdef WOLFSSL_EXTRA_ALERTS
SendAlert(ssl, alert_fatal, illegal_parameter);
#endif
+8 -2
View File
@@ -9399,8 +9399,14 @@ static int TLSX_KeyShare_ProcessEcc_ex(WOLFSSL* ssl,
/* Point is validated by import function. */
if (ret == 0) {
ret = wc_ecc_import_x963_ex(keyShareEntry->ke, keyShareEntry->keLen,
ssl->peerEccKey, curveId);
#if !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
ret = wc_ecc_import_x963_ex2(keyShareEntry->ke,
keyShareEntry->keLen, ssl->peerEccKey, curveId, 1);
#else
/* FIPS has validation define on. */
ret = wc_ecc_import_x963_ex(keyShareEntry->ke,
keyShareEntry->keLen, ssl->peerEccKey, curveId);
#endif
if (ret != 0) {
ret = ECC_PEERKEY_ERROR;
WOLFSSL_ERROR_VERBOSE(ret);
+28 -2
View File
@@ -10636,8 +10636,8 @@ int wc_ecc_check_key(ecc_key* key)
#ifdef HAVE_ECC_KEY_IMPORT
/* import public ECC key in ANSI X9.63 format */
int wc_ecc_import_x963_ex(const byte* in, word32 inLen, ecc_key* key,
int curve_id)
int wc_ecc_import_x963_ex2(const byte* in, word32 inLen, ecc_key* key,
int curve_id, int untrusted)
{
int err = MP_OKAY;
#ifdef HAVE_COMP_KEY
@@ -10922,6 +10922,25 @@ int wc_ecc_import_x963_ex(const byte* in, word32 inLen, ecc_key* key,
if (err == MP_OKAY)
err = wc_ecc_check_key(key);
#endif
#if (!defined(WOLFSSL_VALIDATE_ECC_IMPORT) || \
!defined(HAVE_ECC_CHECK_PUBKEY_ORDER)) && \
!defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \
!defined(WOLFSSL_CRYPTOCELL) && \
(!defined(WOLF_CRYPTO_CB_ONLY_ECC) || defined(WOLFSSL_QNX_CAAM) || \
defined(WOLFSSL_IMXRT1170_CAAM))
if (untrusted) {
/* Only do quick checks. */
if ((err == MP_OKAY) && wc_ecc_point_is_at_infinity(&key->pubkey)) {
err = ECC_INF_E;
}
#ifdef USE_ECC_B_PARAM
if ((err == MP_OKAY) && (key->idx != ECC_CUSTOM_IDX)) {
err = wc_ecc_point_is_on_curve(&key->pubkey, key->idx);
}
#endif /* USE_ECC_B_PARAM */
}
#endif
(void)untrusted;
#ifdef WOLFSSL_MAXQ10XX_CRYPTO
if (err == MP_OKAY) {
@@ -10941,6 +10960,13 @@ int wc_ecc_import_x963_ex(const byte* in, word32 inLen, ecc_key* key,
return err;
}
/* import public ECC key in ANSI X9.63 format */
int wc_ecc_import_x963_ex(const byte* in, word32 inLen, ecc_key* key,
int curve_id)
{
return wc_ecc_import_x963_ex2(in, inLen, key, curve_id, 0);
}
WOLFSSL_ABI
int wc_ecc_import_x963(const byte* in, word32 inLen, ecc_key* key)
{
+3
View File
@@ -866,6 +866,9 @@ int wc_ecc_import_x963(const byte* in, word32 inLen, ecc_key* key);
WOLFSSL_API
int wc_ecc_import_x963_ex(const byte* in, word32 inLen, ecc_key* key,
int curve_id);
WOLFSSL_API
int wc_ecc_import_x963_ex2(const byte* in, word32 inLen, ecc_key* key,
int curve_id, int untrusted);
WOLFSSL_ABI WOLFSSL_API
int wc_ecc_import_private_key(const byte* priv, word32 privSz, const byte* pub,
word32 pubSz, ecc_key* key);