Add checks for private parameter in mbedtls_ecdsa_sign()

commit: c64a48bec792634ee299f50f059f6d42d435e9d1 [log] [tgz]
author: Darryl Green <darryl.green@arm.com> Fri Nov 17 17:09:17 2017 +0000
committer: Darryl Green <darryl.green@arm.com> Fri Nov 17 17:09:17 2017 +0000
tree: 72d7b0969db645c18f134e81a0f14f69d5d1079d
parent: 888fedea06bfa267b81237ab4d2f336621b536da [diff]
diff --git a/library/ecdsa.c b/library/ecdsa.c
index 4156f3c..8892317 100644
--- a/library/ecdsa.c
+++ b/library/ecdsa.c

@@ -81,6 +81,10 @@
     if( grp->N.p == NULL )
         return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
 
+    /* Make sure d is in range 1..n-1 */
+    if( mbedtls_mpi_cmp_int( d, 1 ) < 0 || mbedtls_mpi_cmp_mpi( d, &grp->N ) >= 0 )
+        return( MBEDTLS_ERR_ECP_INVALID_KEY );
+
     mbedtls_ecp_point_init( &R );
     mbedtls_mpi_init( &k ); mbedtls_mpi_init( &e ); mbedtls_mpi_init( &t );
commit	c64a48bec792634ee299f50f059f6d42d435e9d1	[log] [tgz]
author	Darryl Green <darryl.green@arm.com>	Fri Nov 17 17:09:17 2017 +0000
committer	Darryl Green <darryl.green@arm.com>	Fri Nov 17 17:09:17 2017 +0000
tree	72d7b0969db645c18f134e81a0f14f69d5d1079d
parent	888fedea06bfa267b81237ab4d2f336621b536da [diff]