Skip to content

evp: fix EVP_PKEY_cmp for EC keys after DER deserialization #9987

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
MarkAtwood wants to merge 5 commits into
base: master
Choose a base branch
from
+64 −14
Open

evp: fix EVP_PKEY_cmp for EC keys after DER deserialization #9987

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
cea9fd7
ecc: reject compressed points with incorrect length
MarkAtwood Mar 16, 2026
cedc3c8
ecc: fix double-free in wc_ecc_import_point_der_ex on invalid format …
MarkAtwood Mar 16, 2026
dc9c45e
ecc: reject compressed EC points with incorrect length
MarkAtwood Mar 16, 2026
d605283
Merge fix/ecc-import-point-double-free (resolved conflict, kept Fix A…
MarkAtwood Mar 16, 2026
5bb8c48
evp: fix EVP_PKEY_cmp for EC keys after DER deserialization
MarkAtwood Mar 16, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
25 changes: 17 additions & 8 deletions wolfcrypt/src/ecc.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9439,6 +9439,14 @@ int wc_ecc_import_point_der_ex(const byte* in, word32 inLen,
return ECC_BAD_ARG_E;
}

/* validate point format byte before any memory operations */
pointType = in[0];
if (pointType != ECC_POINT_UNCOMP &&
pointType != ECC_POINT_COMP_EVEN &&
pointType != ECC_POINT_COMP_ODD) {
return ASN_PARSE_E;
}
Comment on lines +9442 to +9448

/* clear if previously allocated */
mp_clear(point->x);
mp_clear(point->y);
Comment on lines +9442 to 9452
Expand All @@ -9460,16 +9468,17 @@ int wc_ecc_import_point_der_ex(const byte* in, word32 inLen,

SAVE_VECTOR_REGISTERS(return _svr_ret;);

/* check for point type (4, 2, or 3) */
pointType = in[0];
if (pointType != ECC_POINT_UNCOMP && pointType != ECC_POINT_COMP_EVEN &&
pointType != ECC_POINT_COMP_ODD) {
err = ASN_PARSE_E;
}

/* pointType already validated above; check for compressed format */
if (pointType == ECC_POINT_COMP_EVEN || pointType == ECC_POINT_COMP_ODD) {
#ifdef HAVE_COMP_KEY
compressed = 1;
/* Compressed point must be exactly 1 + field_element_size bytes.
* Reject truncated inputs (e.g. a bare 0x02/0x03 byte). */
if (inLen == (word32)ecc_sets[curve_idx].size + 1) {
compressed = 1;
}
else {
err = ECC_BAD_ARG_E;
}
#else
err = NOT_COMPILED_IN;
#endif
Expand Down
53 changes: 47 additions & 6 deletions wolfcrypt/src/evp.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4010,24 +4010,65 @@ int wolfSSL_EVP_PKEY_cmp(const WOLFSSL_EVP_PKEY *a, const WOLFSSL_EVP_PKEY *b)
#endif /* !NO_RSA */
#ifdef HAVE_ECC
case WC_EVP_PKEY_EC:
if (a->ecc == NULL || a->ecc->internal == NULL ||
b->ecc == NULL || b->ecc->internal == NULL ||
wc_ecc_size((ecc_key*)a->ecc->internal) <= 0 ||
wc_ecc_size((ecc_key*)b->ecc->internal) <= 0 ||
{
ecc_key* ecc_key_a;
ecc_key* ecc_key_b;

if (a->ecc == NULL || b->ecc == NULL ||
a->ecc->group == NULL || b->ecc->group == NULL) {
return ret;
}

/* Ensure internal ecc_key is synced from external representation.
* After d2i_PrivateKey, the external BIGNUMs may be set but the
* internal ecc_key.pubkey may not be populated. */
if (a->ecc->inSet == 0) {
if (SetECKeyInternal((WOLFSSL_EC_KEY*)a->ecc) != 1) {
return ret;
}
}
if (b->ecc->inSet == 0) {
if (SetECKeyInternal((WOLFSSL_EC_KEY*)b->ecc) != 1) {
return ret;
}
}
Comment on lines +4025 to +4034

if (a->ecc->internal == NULL || b->ecc->internal == NULL ||
wc_ecc_size((ecc_key*)a->ecc->internal) <= 0 ||
wc_ecc_size((ecc_key*)b->ecc->internal) <= 0) {
return ret;
}

ecc_key_a = (ecc_key*)a->ecc->internal;
ecc_key_b = (ecc_key*)b->ecc->internal;

/* If a key was imported as private-only (e.g. RFC 5915 without the
* optional public key), the pubkey point will not be populated.
* Derive it from the private key so the comparison can succeed. */
if (ecc_key_a->type == ECC_PRIVATEKEY_ONLY) {
if (wc_ecc_make_pub(ecc_key_a, NULL) != MP_OKAY) {
return ret;
}
ecc_key_a->type = ECC_PRIVATEKEY;
}
if (ecc_key_b->type == ECC_PRIVATEKEY_ONLY) {
if (wc_ecc_make_pub(ecc_key_b, NULL) != MP_OKAY) {
return ret;
}
ecc_key_b->type = ECC_PRIVATEKEY;
Comment on lines +4046 to +4058
}

/* check curve */
if (a->ecc->group->curve_idx != b->ecc->group->curve_idx) {
return WS_RETURN_CODE(ret, WOLFSSL_FAILURE);
}

if (wc_ecc_cmp_point(&((ecc_key*)a->ecc->internal)->pubkey,
&((ecc_key*)b->ecc->internal)->pubkey) != 0) {
if (wc_ecc_cmp_point(&ecc_key_a->pubkey,
&ecc_key_b->pubkey) != 0) {
return WS_RETURN_CODE(ret, WOLFSSL_FAILURE);
}
break;
}
#endif /* HAVE_ECC */
default:
return WS_RETURN_CODE(ret, -2);
Expand Down
Loading