From b388ed737de3f10dfc4c0f7b478eb8eaf260ffaf Mon Sep 17 00:00:00 2001
From: Janos Follath <janos.follath@arm.com>
Date: Mon, 31 Jul 2023 12:31:11 +0100
Subject: [PATCH] Fix missing check in mbedtls_ecp_read_key

In ecp_new.c mbedtls_ecp_read_key did only check Weierstrass keys. The
behaviour in ecp.c was correct.

This bug has no immediate security impact. (The code with the missing
check wasn't released and we are checking keys at later point.)

After this change ecp.c and ecp_new.c will have a single remaining
difference and unifying them will be more straightforward.

Signed-off-by: Janos Follath <janos.follath@arm.com>
---
 library/ecp_new.c | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/library/ecp_new.c b/library/ecp_new.c
index 16c4fc0944..f86f0e9e2a 100644
--- a/library/ecp_new.c
+++ b/library/ecp_new.c
@@ -3280,16 +3280,14 @@ int mbedtls_ecp_read_key(mbedtls_ecp_group_id grp_id, mbedtls_ecp_keypair *key,
                 );
         }
     }
-
 #endif
 #if defined(MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED)
     if (mbedtls_ecp_get_type(&key->grp) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS) {
         MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&key->d, buf, buflen));
-
-        MBEDTLS_MPI_CHK(mbedtls_ecp_check_privkey(&key->grp, &key->d));
     }
-
 #endif
+    MBEDTLS_MPI_CHK(mbedtls_ecp_check_privkey(&key->grp, &key->d));
+
 cleanup:
 
     if (ret != 0) {