Merge pull request #3051 from embhorn/zd10451

Sanity check wc_ecc_import_raw x, y, and key
2020-06-24 08:52:10 +10:00 · 2020-06-24 08:52:10 +10:00 · 582240a84d
commit 582240a84d
parent 5b07905818 7cc64377d0
2 changed files with 25 additions and 1 deletions
--- a/tests/api.c
+++ b/tests/api.c
@ -16998,9 +16998,19 @@ static int test_wc_ecc_import_raw(void)
    #ifdef WOLFSSL_VALIDATE_ECC_IMPORT
        if (ret == BAD_FUNC_ARG) {
            ret = wc_ecc_import_raw(&key, kNullStr, kNullStr, kNullStr, curveName);
+            if (ret == ECC_INF_E)
+                ret = BAD_FUNC_ARG; /* This is expected by other tests */
        }
    #endif
-        if (ret == BAD_FUNC_ARG || ret == ECC_INF_E) {
+    #if !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
+        if (ret == BAD_FUNC_ARG) {
+            ret = wc_ecc_import_raw(&key, "0", qy, d, curveName);
+        }
+        if (ret == BAD_FUNC_ARG) {
+            ret = wc_ecc_import_raw(&key, qx, "0", d, curveName);
+        }
+    #endif
+        if (ret == BAD_FUNC_ARG) {
            ret = 0;
        }
    }
--- a/wolfcrypt/src/ecc.c
+++ b/wolfcrypt/src/ecc.c
@ -7802,6 +7802,7 @@ static int wc_ecc_import_raw_private(ecc_key* key, const char* qx,
    byte key_raw[ECC_MAX_CRYPTO_HW_SIZE*2 + 1];
    word32 keySz = 0;
 #endif
+
    /* if d is NULL, only import as public key using Qx,Qy */
    if (key == NULL || qx == NULL || qy == NULL) {
        return BAD_FUNC_ARG;
@ -7839,6 +7840,11 @@ static int wc_ecc_import_raw_private(ecc_key* key, const char* qx,
        else
            err = mp_read_unsigned_bin(key->pubkey.x, (const byte*)qx,
                key->dp->size);
+
+        if (mp_iszero(key->pubkey.x)) {
+            WOLFSSL_MSG("Invalid Qx");
+            err = BAD_FUNC_ARG;
+        }
    }

    /* read Qy */
@ -7849,6 +7855,10 @@ static int wc_ecc_import_raw_private(ecc_key* key, const char* qx,
            err = mp_read_unsigned_bin(key->pubkey.y, (const byte*)qy,
                key->dp->size);

+        if (mp_iszero(key->pubkey.y)) {
+            WOLFSSL_MSG("Invalid Qy");
+            err = BAD_FUNC_ARG;
+        }
    }

    if (err == MP_OKAY)
@ -7937,6 +7947,10 @@ static int wc_ecc_import_raw_private(ecc_key* key, const char* qx,
                err = mp_read_unsigned_bin(&key->k, (const byte*)d,
                    key->dp->size);
        #endif /* WOLFSSL_ATECC508A */
+            if (mp_iszero(&key->k)) {
+                WOLFSSL_MSG("Invalid private key");
+                return BAD_FUNC_ARG;
+            }
        } else {
            key->type = ECC_PUBLICKEY;
        }