From fdac76f330b7328f7d4ace55a0d265ed6416dc4e Mon Sep 17 00:00:00 2001
From: Darryl Green <darryl.green@arm.com>
Date: Mon, 20 Nov 2017 15:53:43 +0000
Subject: [PATCH] Add checks for private parameter in ecdsa_sign()

---
 ChangeLog       | 2 ++
 library/ecdsa.c | 4 ++++
 2 files changed, 6 insertions(+)

diff --git a/ChangeLog b/ChangeLog
index 6a1be9892..a90ee112d 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -14,6 +14,8 @@ Bugfix
    * Fix leap year calculation in x509_date_is_valid() to ensure that invalid
      dates on leap years with 100 and 400 intervals are handled correctly. Found
      by Nicholas Wilson. #694
+   * Add a check for invalid private parameters in ecdsa_sign.
+     Reported by Yolan Romailler.
 
 = mbed TLS 1.3.21 branch released 2017-08-10
 
diff --git a/library/ecdsa.c b/library/ecdsa.c
index 3f72d857c..e95b80245 100644
--- a/library/ecdsa.c
+++ b/library/ecdsa.c
@@ -110,6 +110,10 @@ int ecdsa_sign( ecp_group *grp, mpi *r, mpi *s,
     if( grp->N.p == NULL )
         return( POLARSSL_ERR_ECP_BAD_INPUT_DATA );
 
+    /* Make sure d is in range 1..n-1 */
+    if( mpi_cmp_int( d, 1 ) < 0 || mpi_cmp_mpi( d, &grp->N ) >= 0 )
+        return( POLARSSL_ERR_ECP_INVALID_KEY );
+
     ecp_point_init( &R );
     mpi_init( &k ); mpi_init( &e ); mpi_init( &t );