Merge pull request wolfSSL#9558 from kareem-wolfssl/zd20944_2

SparkiDev · web-flow · commit da06e1aeead1 · 2025-12-22T19:38:42.000+10:00
Move Curve25519 public key check to make_pub/make_pub_blind to cover the case where they are called directly by an application.
diff --git a/wolfcrypt/src/curve25519.c b/wolfcrypt/src/curve25519.c
@@ -202,6 +202,15 @@ int wc_curve25519_make_pub(int public_size, byte* pub, int private_size,
 #endif /* !WOLFSSL_CURVE25519_BLINDING */
 #endif /* FREESCALE_LTC_ECC */
 
+/* If WOLFSSL_CURVE25519_BLINDING is defined, this check is run in
+ * wc_curve25519_make_pub_blind since it could be called directly. */
+#if !defined(WOLFSSL_CURVE25519_BLINDING) || defined(FREESCALE_LTC_ECC)
+    if (ret == 0) {
+        ret = wc_curve25519_check_public(pub, (word32)public_size,
+                                    EC25519_LITTLE_ENDIAN);
+    }
+#endif
+
     return ret;
 }
 
@@ -297,6 +306,11 @@ int wc_curve25519_make_pub_blind(int public_size, byte* pub, int private_size,
     ret = curve25519_smul_blind(pub, priv, (byte*)kCurve25519BasePoint, rng);
 #endif
 
+    if (ret == 0) {
+        ret = wc_curve25519_check_public(pub, (word32)public_size,
+                                    EC25519_LITTLE_ENDIAN);
+    }
+
     return ret;
 }
 #endif
@@ -463,11 +477,6 @@ int wc_curve25519_make_key(WC_RNG* rng, int keysize, curve25519_key* key)
         ret = wc_curve25519_make_pub((int)sizeof(key->p.point), key->p.point,
                                      (int)sizeof(key->k), key->k);
 #endif
-        if (ret == 0) {
-            ret = wc_curve25519_check_public(key->p.point,
-                                       (word32)sizeof(key->p.point),
-                                      EC25519_LITTLE_ENDIAN);
-        }
         key->pubSet = (ret == 0);
     }
 #endif
