Fix problem related to SM build

anhu · anhu · commit b5bdcfc57043 · 2026-03-26T16:13:23.000-04:00
diff --git a/tests/api.c b/tests/api.c
@@ -34449,9 +34449,10 @@ static int test_zd21418_ecc_invalid_curve_point(void)
 
     ExpectIntEQ(wc_ecc_init(&peerKey), 0);
 
-    /* Import of invalid point must be rejected */
-    ExpectIntNE(wc_ecc_import_x963_ex(badPt, sizeof(badPt), &peerKey,
-        ECC_SECP256R1), 0);
+    /* Import of invalid point as untrusted (TLS peer) must be rejected.
+     * Uses _ex2 with untrusted=1 to match the TLS key exchange path. */
+    ExpectIntNE(wc_ecc_import_x963_ex2(badPt, sizeof(badPt), &peerKey,
+        ECC_SECP256R1, 1), 0);
 
     wc_ecc_free(&peerKey);
 #endif
diff --git a/wolfcrypt/src/ecc.c b/wolfcrypt/src/ecc.c
@@ -11005,8 +11005,8 @@ int wc_ecc_import_x963_ex2(const byte* in, word32 inLen, ecc_key* key,
     if (err == MP_OKAY)
         err = wc_ecc_check_key(key);
 #else
-    /* Always validate ECC imports to prevent invalid curve attacks */
-    if (err == MP_OKAY)
+    /* Validate untrusted ECC imports to prevent invalid curve attacks */
+    if ((err == MP_OKAY) && untrusted)
         err = wc_ecc_check_key(key);
 #endif
 #if (!defined(WOLFSSL_VALIDATE_ECC_IMPORT) || \
