Merge pull request #9558 from kareem-wolfssl/zd20944_2

Move Curve25519 public key check to make_pub/make_pub_blind to cover the case where they are called directly by an application.
2026-01-27 03:02:19 +01:00 · 2025-12-22 19:38:42 +10:00
parent 7a326ef43f c238defe23
commit da06e1aeea
1 changed files with 14 additions and 5 deletions
--- a/wolfcrypt/src/curve25519.c
+++ b/wolfcrypt/src/curve25519.c
@@ -202,6 +202,15 @@ int wc_curve25519_make_pub(int public_size, byte* pub, int private_size,
 #endif /* !WOLFSSL_CURVE25519_BLINDING */
 #endif /* FREESCALE_LTC_ECC */

+/* If WOLFSSL_CURVE25519_BLINDING is defined, this check is run in
+ * wc_curve25519_make_pub_blind since it could be called directly. */
+#if !defined(WOLFSSL_CURVE25519_BLINDING) || defined(FREESCALE_LTC_ECC)
+    if (ret == 0) {
+        ret = wc_curve25519_check_public(pub, (word32)public_size,
+                                    EC25519_LITTLE_ENDIAN);
+    }
+#endif
+
    return ret;
 }

@@ -297,6 +306,11 @@ int wc_curve25519_make_pub_blind(int public_size, byte* pub, int private_size,
    ret = curve25519_smul_blind(pub, priv, (byte*)kCurve25519BasePoint, rng);
 #endif

+    if (ret == 0) {
+        ret = wc_curve25519_check_public(pub, (word32)public_size,
+                                    EC25519_LITTLE_ENDIAN);
+    }
+
    return ret;
 }
 #endif
@@ -463,11 +477,6 @@ int wc_curve25519_make_key(WC_RNG* rng, int keysize, curve25519_key* key)
        ret = wc_curve25519_make_pub((int)sizeof(key->p.point), key->p.point,
                                     (int)sizeof(key->k), key->k);
 #endif
-        if (ret == 0) {
-            ret = wc_curve25519_check_public(key->p.point,
-                                       (word32)sizeof(key->p.point),
-                                      EC25519_LITTLE_ENDIAN);
-        }
        key->pubSet = (ret == 0);
    }
 #endif