projects / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 6670d55) | patch
RT 4242: reject invalid EC point coordinates
authorEmilia Kasper <emilia@openssl.org>
Fri, 3 Jun 2016 12:42:04 +0000 (14:42 +0200)
committerEmilia Kasper <emilia@openssl.org>
Thu, 9 Jun 2016 21:58:20 +0000 (23:58 +0200)
commit1e2012b7ff4a5f12273446b281775faa5c8a1858
tree0eef527bc87b307739f309ae8dadc0b40b393552tree | snapshot
parent6670d55a847f8f2415842bc085150e838d4aac5dcommit | diff
RT 4242: reject invalid EC point coordinates

We already test in EC_POINT_oct2point that points are on the curve. To
be on the safe side, move this check to
EC_POINT_set_affine_coordinates_* so as to also check point coordinates
received through some other method.

We do not check projective coordinates, though, as
- it's unlikely that applications would be receiving this primarily
  internal representation from untrusted sources, and
- it's possible that the projective setters are used in a setting where
  performance matters.

Reviewed-by: Rich Salz <rsalz@openssl.org>
crypto/ec/ec2_oct.c diff | blob | history
crypto/ec/ec_lib.c diff | blob | history
crypto/ec/ecp_oct.c diff | blob | history
test/ectest.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.