Promise mbedtls_ecp_read_key doesn't overwrite the public key
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
diff --git a/include/mbedtls/ecp.h b/include/mbedtls/ecp.h
index 9effb72..f169008 100644
--- a/include/mbedtls/ecp.h
+++ b/include/mbedtls/ecp.h
@@ -1262,6 +1262,16 @@
/**
* \brief This function reads an elliptic curve private key.
*
+ * \note This function does not set the public key in the
+ * key pair object. Without a public key, the key pair object
+ * cannot be used with operations that require the public key.
+ *
+ * \note If a public key has already been set in the key pair
+ * object, this function does not check that it is consistent
+ * with the private key. Call mbedtls_ecp_check_pub_priv()
+ * after setting both the public key and the private key
+ * to make that check.
+ *
* \param grp_id The ECP group identifier.
* \param key The destination key.
* \param buf The buffer containing the binary representation of the
diff --git a/tests/suites/test_suite_ecp.function b/tests/suites/test_suite_ecp.function
index a4c86e2..aefb57a 100644
--- a/tests/suites/test_suite_ecp.function
+++ b/tests/suites/test_suite_ecp.function
@@ -1044,11 +1044,16 @@
{
int ret = 0;
mbedtls_ecp_keypair key;
- mbedtls_ecp_keypair key2;
-
mbedtls_ecp_keypair_init(&key);
+ mbedtls_ecp_keypair key2;
mbedtls_ecp_keypair_init(&key2);
+#if defined(MBEDTLS_BIGNUM_C)
+ TEST_EQUAL(mbedtls_mpi_lset(&key.Q.X, 1), 0);
+ TEST_EQUAL(mbedtls_mpi_lset(&key.Q.Y, 2), 0);
+ TEST_EQUAL(mbedtls_mpi_lset(&key.Q.Z, 3), 0);
+#endif
+
ret = mbedtls_ecp_read_key(grp_id, &key, in_key->x, in_key->len);
TEST_ASSERT(ret == expected);
@@ -1057,6 +1062,12 @@
ret = mbedtls_ecp_check_privkey(&key.grp, &key.d);
TEST_ASSERT(ret == 0);
+#if defined(MBEDTLS_BIGNUM_C)
+ TEST_EQUAL(mbedtls_mpi_cmp_int(&key.Q.X, 1), 0);
+ TEST_EQUAL(mbedtls_mpi_cmp_int(&key.Q.Y, 2), 0);
+ TEST_EQUAL(mbedtls_mpi_cmp_int(&key.Q.Z, 3), 0);
+#endif
+
if (canonical) {
unsigned char buf[MBEDTLS_ECP_MAX_BYTES];