Merge pull request #5867 from anhu/dont_make_broken_key

For compatibility `EC_KEY_new_by_curve_name` check that we found curve
2022-12-08 11:09:56 -08:00 · 2022-12-08 11:09:56 -08:00 · 9cb19e36fe
parent eb69ccb22c 937d247c7d
commit 9cb19e36fe
2 changed files with 9 additions and 2 deletions
--- a/src/pk.c
+++ b/src/pk.c
@ -9168,12 +9168,19 @@ WOLFSSL_EC_KEY *wolfSSL_EC_KEY_new_by_curve_name(int nid)

    if (eccEnum != -1) {
        /* search and set the corresponding internal curve idx */
-        for (x = 0; ecc_sets[x].size != 0; x++)
+        for (x = 0; ecc_sets[x].size != 0; x++) {
            if (ecc_sets[x].id == eccEnum) {
                key->group->curve_idx = x;
                key->group->curve_oid = ecc_sets[x].oidSum;
                break;
            }
+        }
+
+        /* if not found, we don't support this curve. */
+        if (ecc_sets[x].size == 0) {
+            wolfSSL_EC_KEY_free(key);
+            key = NULL;
+        }
    }

    return key;
--- a/tests/api.c
+++ b/tests/api.c
@ -46165,7 +46165,7 @@ static int test_wolfSSL_EC_KEY_print_fp(void)
 {
    int res = TEST_SKIPPED;
 #if defined(HAVE_ECC) && ((defined(HAVE_ECC224) && defined(HAVE_ECC256)) || \
-    defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 256 && \
+    defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 224 && \
    defined(OPENSSL_EXTRA) && defined(XFPRINTF) && !defined(NO_FILESYSTEM) && \
    !defined(NO_STDIO_FILESYSTEM)
    EC_KEY* key = NULL;