In EC_KEY_set_public_key_affine_coordinates include explicit check to see passed...

author Dr. Stephen Henson <steve@openssl.org>

Wed, 16 Nov 2011 13:28:35 +0000 (13:28 +0000)

committer Dr. Stephen Henson <steve@openssl.org>

Wed, 16 Nov 2011 13:28:35 +0000 (13:28 +0000)
author Dr. Stephen Henson <steve@openssl.org>
Wed, 16 Nov 2011 13:28:35 +0000 (13:28 +0000)
committer Dr. Stephen Henson <steve@openssl.org>
Wed, 16 Nov 2011 13:28:35 +0000 (13:28 +0000)
diff --git a/crypto/ec/ec_key.c b/crypto/ec/ec_key.c

index f3331e1ce5e34c63c4078d7e3e18d336ff78a6c2..24ae707560107ef063ea2e5746a3733cd2d893f8 100644 (file)
--- a/crypto/ec/ec_key.c
+++ b/crypto/ec/ec_key.c
@@ -511,10 +511,12 @@ int EC_KEY_set_public_key_affine_coordinates(EC_KEY *key, BIGNUM *x, BIGNUM *y)
                                                                 tx, ty, ctx))
                         goto err;
                 }
                                                                 tx, ty, ctx))
                         goto err;
                 }
-       /* Check if retrieved coordinates match originals: if not values
-        * are out of range.
+       /* Check if retrieved coordinates match originals and are less than
+        * field order: if not values are out of range.
          */
          */
-       if (BN_cmp(x, tx) || BN_cmp(y, ty))
+       if (BN_cmp(x, tx) || BN_cmp(y, ty)
+               || (BN_cmp(x, &key->group->field) >= 0)
+               || (BN_cmp(y, &key->group->field) >= 0))
                 {
                 ECerr(EC_F_EC_KEY_SET_PUBLIC_KEY_AFFINE_COORDINATES,
                         EC_R_COORDINATES_OUT_OF_RANGE);
                 {
                 ECerr(EC_F_EC_KEY_SET_PUBLIC_KEY_AFFINE_COORDINATES,
                         EC_R_COORDINATES_OUT_OF_RANGE);
author	Dr. Stephen Henson <steve@openssl.org>
	Wed, 16 Nov 2011 13:28:35 +0000 (13:28 +0000)
committer	Dr. Stephen Henson <steve@openssl.org>
	Wed, 16 Nov 2011 13:28:35 +0000 (13:28 +0000)