saymrwulf/cryptography
1
0
Fork 0
mirror of https://github.com/saymrwulf/cryptography.git synced 2026-05-14 20:37:55 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

fixes #11878 -- check for keys too large when deriving an EC key from a private value (#11879)

Browse source
This commit is contained in:
Alex Gaynor 2024-11-03 09:33:28 -05:00 committed by GitHub
parent 39738d7741
commit 62f1155062
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 13 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
src/rust/src/backend/ec.rs
View file

@ -186,7 +186,9 @@ fn derive_private_key(
point.mul_generator(&curve, &private_value, &bn_ctx)?;
let ec = openssl::ec::EcKey::from_private_components(&curve, &private_value, &point)
.map_err(|_| pyo3::exceptions::PyValueError::new_err("Invalid EC key"))?;
check_key_infinity(&ec)?;
ec.check_key().map_err(|_| {
pyo3::exceptions::PyValueError::new_err("Invalid EC key (key out of range, infinity, etc.)")
})?;
let pkey = openssl::pkey::PKey::from_ec_key(ec)?;
Ok(ECPrivateKey {

10
tests/hazmat/primitives/test_ec.py
View file

@ -144,6 +144,16 @@ def test_derive_point_at_infinity(backend):
ec.derive_private_key(q, ec.SECP256R1())
def test_derive_point_invalid_key(backend):
curve = ec.SECP256R1()
_skip_curve_unsupported(backend, curve)
with pytest.raises(ValueError):
ec.derive_private_key(
0xE2563328DFABF68188606B91324281C1D58A4456431B09D510B35FECC9F307CA1822846FA2671371A9A81BAC0E35749D,
curve,
)
def test_ec_numbers():
numbers = ec.EllipticCurvePrivateNumbers(
1, ec.EllipticCurvePublicNumbers(2, 3, DummyCurve())