Skip to content
Open
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 6 additions & 0 deletions src/internal.c
Original file line number Diff line number Diff line change
Expand Up @@ -12522,6 +12522,9 @@ static int KeyAgreeEcdh_server(WOLFSSH* ssh, byte hashId, byte* f, word32* fSz)
ssh->handshake->eSz,
pubKey, primeId);

if (ret == 0)

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🟡 [Medium] Pure ECDH server validation lacks direct handshake coverage
💡 SUGGEST test

The PR adds wc_ecc_check_key(pubKey) to the pure ECDH server path after importing the client public value. The existing tests/kex.c end-to-end KEX coverage exercises DH and the hybrid ML-KEM variants, including the ECC ML-KEM branch touched by this PR, but it does not run a full ecdh-sha2-nistp* handshake through KeyAgreeEcdh_server. That leaves the newly added validation call in the pure ECDH server path without direct success-path coverage in the KEX test, so backend/config-specific behavior changes in wc_ecc_check_key would be easier to miss.

Recommendation: Consider adding an end-to-end pure ECDH KEX success test (e.g. wolfSSH_KexTest_Connect("ecdh-sha2-nistp256") guarded by WOLFSSH_NO_ECDH_SHA2_NISTP256, similar to the existing ML-KEM KEX cases) so both PR-modified server paths are exercised by the test suite.

ret = wc_ecc_check_key(pubKey);

if (ret == 0)
ret = wc_ecc_make_key_ex(ssh->rng,
wc_ecc_get_curve_size_from_id(primeId),
Expand Down Expand Up @@ -12845,6 +12848,9 @@ static int KeyAgreeEcdhMlKem_server(WOLFSSH* ssh, byte hashId,
ssh->handshake->eSz - length_publickey,
pubKey, primeId);
}
if (ret == 0) {
ret = wc_ecc_check_key(pubKey);
}
if (ret == 0) {
ret = wc_ecc_make_key_ex(ssh->rng,
wc_ecc_get_curve_size_from_id(primeId),
Expand Down
Loading