pkparse: always check all private keys on import

This allows to remove explicit calls to mbedtls_ecp_check_privkey() in pkparse.c. Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-06-30 17:37:23 +02:00 · 2023-06-30 17:37:23 +02:00 · 21d42417f9
commit 21d42417f9
parent 6b062eeed0
2 changed files with 1 additions and 14 deletions
--- a/library/ecp.c
+++ b/library/ecp.c
@ -3277,6 +3277,7 @@ int mbedtls_ecp_read_key(mbedtls_ecp_group_id grp_id, mbedtls_ecp_keypair *key,
                                    ECP_CURVE448_KEY_SIZE * 8 - 1, 1)
                );
        }
+        MBEDTLS_MPI_CHK(mbedtls_ecp_check_privkey(&key->grp, &key->d));
    }

 #endif
--- a/library/pkparse.c
+++ b/library/pkparse.c
@ -666,14 +666,6 @@ static int pk_parse_key_rfc8410_der(mbedtls_pk_context *pk,
        return ret;
    }

-    /* When MBEDTLS_PK_USE_PSA_EC_DATA the key is checked while importing it
-     * into PSA. */
-#if !defined(MBEDTLS_PK_USE_PSA_EC_DATA)
-    if ((ret = mbedtls_ecp_check_privkey(&eck->grp, &eck->d)) != 0) {
-        return ret;
-    }
-#endif /* !MBEDTLS_PK_USE_PSA_EC_DATA */
-
    return 0;
 }
 #endif /* MBEDTLS_PK_HAVE_RFC8410_CURVES */
@ -1310,12 +1302,6 @@ static int pk_parse_key_sec1_der(mbedtls_pk_context *pk,
        }
    }

-#if !defined(MBEDTLS_PK_USE_PSA_EC_DATA)
-    if ((ret = mbedtls_ecp_check_privkey(&eck->grp, &eck->d)) != 0) {
-        return ret;
-    }
-#endif /* !MBEDTLS_PK_USE_PSA_EC_DATA */
-
    return 0;
 }
 #endif /* MBEDTLS_PK_HAVE_ECC_KEYS */