From c947751a5f51191d0229e7e2e5e421eb30221dc9 Mon Sep 17 00:00:00 2001
From: Dave Rodgman <dave.rodgman@arm.com>
Date: Wed, 10 Aug 2022 11:26:24 +0100
Subject: [PATCH] Fix ECDSA signature verification edge-case

For R and S equal to 1, ensure the public key is checked
for validity.

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
---
 library/ecp.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/library/ecp.c b/library/ecp.c
index 009be61fc5..74c02323f3 100644
--- a/library/ecp.c
+++ b/library/ecp.c
@@ -2666,14 +2666,17 @@ static int mbedtls_ecp_mul_shortcuts( mbedtls_ecp_group *grp,
 
     if( mbedtls_mpi_cmp_int( m, 0 ) == 0 )
     {
+        MBEDTLS_MPI_CHK( mbedtls_ecp_check_pubkey( grp, P ) );
         MBEDTLS_MPI_CHK( mbedtls_ecp_set_zero( R ) );
     }
     else if( mbedtls_mpi_cmp_int( m, 1 ) == 0 )
     {
+        MBEDTLS_MPI_CHK( mbedtls_ecp_check_pubkey( grp, P ) );
         MBEDTLS_MPI_CHK( mbedtls_ecp_copy( R, P ) );
     }
     else if( mbedtls_mpi_cmp_int( m, -1 ) == 0 )
     {
+        MBEDTLS_MPI_CHK( mbedtls_ecp_check_pubkey( grp, P ) );
         MBEDTLS_MPI_CHK( mbedtls_ecp_copy( R, P ) );
         MPI_ECP_NEG( &R->Y );
     }