Fix ECDSA signature verification edge-case

For R and S equal to 1, ensure the public key is checked for validity. Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2025-07-28 00:21:48 +03:00 · 2022-08-10 11:26:24 +01:00
parent 1fdb8e8c17
commit c947751a5f
1 changed files with 3 additions and 0 deletions
--- a/library/ecp.c
+++ b/library/ecp.c
@ -2666,14 +2666,17 @@ static int mbedtls_ecp_mul_shortcuts( mbedtls_ecp_group *grp,

    if( mbedtls_mpi_cmp_int( m, 0 ) == 0 )
    {
+        MBEDTLS_MPI_CHK( mbedtls_ecp_check_pubkey( grp, P ) );
        MBEDTLS_MPI_CHK( mbedtls_ecp_set_zero( R ) );
    }
    else if( mbedtls_mpi_cmp_int( m, 1 ) == 0 )
    {
+        MBEDTLS_MPI_CHK( mbedtls_ecp_check_pubkey( grp, P ) );
        MBEDTLS_MPI_CHK( mbedtls_ecp_copy( R, P ) );
    }
    else if( mbedtls_mpi_cmp_int( m, -1 ) == 0 )
    {
+        MBEDTLS_MPI_CHK( mbedtls_ecp_check_pubkey( grp, P ) );
        MBEDTLS_MPI_CHK( mbedtls_ecp_copy( R, P ) );
        MPI_ECP_NEG( &R->Y );
    }