Avoid division by zero in hybrid point encoding - openbsd - A mirror of https://github.com/libressl/openbsd.git

diff options

author	tb <>	2021-04-19 17:06:37 +0000
committer	tb <>	2021-04-19 17:06:37 +0000
commit	02d64d407c51a05352b1f31b88285a7590584788 (patch)
tree	75e41b2251a7f10efde5d1af2dcd2d788aa654fa /src/lib/libssl/ssl_locl.h
parent	d3ea176e147145d3bbf57b91913d656b07ae80ef (diff)
download	openbsd-02d64d407c51a05352b1f31b88285a7590584788.tar.gz openbsd-02d64d407c51a05352b1f31b88285a7590584788.tar.bz2 openbsd-02d64d407c51a05352b1f31b88285a7590584788.zip

Avoid division by zero in hybrid point encoding

In hybrid and compressed point encodings, the form octet contains a bit of information allowing to calculate y from x. For a point on a binary curve, this bit is zero if x is zero, otherwise it must match the rightmost bit of of the field element y / x. The existing code only considers the second possibility. It could thus fail with a division by zero error as found by Guido Vranken's cryptofuzz. This commit adds a few explanatory comments to oct2point and fixes some KNF issues. The only actual code change is in the last hunk which adds a BN_is_zero(x) check to avoid the division by zero. ok jsing

Diffstat (limited to 'src/lib/libssl/ssl_locl.h')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: