EC key pair import: check the buffer size

When importing a private elliptic curve key, require the input to have exactly the right size. RFC 5915 requires the right size (you aren't allow to omit leading zeros). A different buffer size likely means that something is wrong, e.g. a mismatch between the declared key type and the actual data.
2019-05-13 14:21:57 +02:00 · 2019-05-13 14:21:57 +02:00 · c9d910bed6
commit c9d910bed6
parent 6c9514427b
2 changed files with 7 additions and 0 deletions
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@ -621,6 +621,9 @@ static psa_status_t psa_import_ec_private_key( psa_ecc_curve_t curve,
    mbedtls_ecp_keypair *ecp = NULL;
    mbedtls_ecp_group_id grp_id = mbedtls_ecc_group_of_psa( curve );

+    if( PSA_BITS_TO_BYTES( PSA_ECC_CURVE_BITS( curve ) ) != data_length )
+        return( PSA_ERROR_INVALID_ARGUMENT );
+
    *p_ecp = NULL;
    ecp = mbedtls_calloc( 1, sizeof( mbedtls_ecp_keypair ) );
    if( ecp == NULL )