Fix missing check in mbedtls_ecp_read_key

In ecp_new.c mbedtls_ecp_read_key did only check Weierstrass keys. The behaviour in ecp.c was correct. This bug has no immediate security impact. (The code with the missing check wasn't released and we are checking keys at later point.) After this change ecp.c and ecp_new.c will have a single remaining difference and unifying them will be more straightforward. Signed-off-by: Janos Follath <janos.follath@arm.com>
2025-02-28 09:39:53 +00:00 · 2023-07-31 12:31:11 +01:00 · 2023-07-31 12:31:11 +01:00 · b388ed737d
commit b388ed737d
parent c25567af23
1 changed files with 2 additions and 4 deletions
--- a/library/ecp_new.c
+++ b/library/ecp_new.c
@ -3280,16 +3280,14 @@ int mbedtls_ecp_read_key(mbedtls_ecp_group_id grp_id, mbedtls_ecp_keypair *key,
                );
        }
    }
-
 #endif
 #if defined(MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED)
    if (mbedtls_ecp_get_type(&key->grp) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS) {
        MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&key->d, buf, buflen));
-
-        MBEDTLS_MPI_CHK(mbedtls_ecp_check_privkey(&key->grp, &key->d));
    }
-
 #endif
+    MBEDTLS_MPI_CHK(mbedtls_ecp_check_privkey(&key->grp, &key->d));
+
 cleanup:

    if (ret != 0) {