Skip to content

Enable actual ecc key pair validation by default. #9241

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
anhu wants to merge 1 commit into from
Closed

Enable actual ecc key pair validation by default. #9241

anhu wants to merge 1 commit into from

Conversation

@anhu
Copy link
Member

@anhu anhu commented Sep 24, 2025

No description provided.

@anhu anhu requested a review from wolfSSL-Bot September 24, 2025 15:30
@anhu anhu self-assigned this Sep 24, 2025
@anhu
Copy link
Member Author

anhu commented Sep 24, 2025

This would have prevented ZD20564

douzzer
douzzer requested changes Sep 24, 2025
View reviewed changes
wolfssl/wolfcrypt/settings.h Outdated
#undef HAVE_ECC_KEY_EXPORT
#define HAVE_ECC_KEY_EXPORT
#endif
#ifndef WOLFSSL_NO_VALIDATE_ECC_IMPORT
Copy link
Contributor

@douzzer douzzer Sep 24, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

needs to be

    #if !defined(WOLFSSL_NO_VALIDATE_ECC_IMPORT) && \
        !defined(WOLFSSL_VALIDATE_ECC_IMPORT)

to avoid error: ... redefined.

You may also want to add

#elif defined(WOLFSSL_NO_VALIDATE_ECC_IMPORT) && \
      defined(WOLFSSL_VALIDATE_ECC_IMPORT)
    #error Conflicting settings for WOLFSSL_VALIDATE_ECC_IMPORT.

@anhu anhu force-pushed the ecc_validate_by_default branch from 7b8667c to 360f24d Compare September 24, 2025 19:06
@anhu anhu force-pushed the ecc_validate_by_default branch from 360f24d to 9030c6c Compare September 24, 2025 19:12
@anhu
Copy link
Member Author

anhu commented Sep 24, 2025

Doing this check at TLS connection time is not a practical thing to do. Expensive. Lets not do this by default.

@anhu anhu closed this Sep 24, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@douzzer douzzer douzzer requested changes

@wolfSSL-Bot wolfSSL-Bot Awaiting requested review from wolfSSL-Bot

Assignees

@anhu anhu

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@anhu @douzzer