Avoid division by zero in hybrid point encoding - openbsd - A mirror of https://github.com/libressl/openbsd.git

diff options

author	tb <>	2021-04-19 17:06:37 +0000
committer	tb <>	2021-04-19 17:06:37 +0000
commit	09d5d7044b93b2ed06d049c8ee912bc45dfa1207 (patch)
tree	75e41b2251a7f10efde5d1af2dcd2d788aa654fa /src/lib/libssl/tls12_record_layer.c
parent	9224df62e4b0dd5251c753a7931def2f1756be8b (diff)
download	openbsd-09d5d7044b93b2ed06d049c8ee912bc45dfa1207.tar.gz openbsd-09d5d7044b93b2ed06d049c8ee912bc45dfa1207.tar.bz2 openbsd-09d5d7044b93b2ed06d049c8ee912bc45dfa1207.zip

Avoid division by zero in hybrid point encoding

In hybrid and compressed point encodings, the form octet contains a bit of information allowing to calculate y from x. For a point on a binary curve, this bit is zero if x is zero, otherwise it must match the rightmost bit of of the field element y / x. The existing code only considers the second possibility. It could thus fail with a division by zero error as found by Guido Vranken's cryptofuzz. This commit adds a few explanatory comments to oct2point and fixes some KNF issues. The only actual code change is in the last hunk which adds a BN_is_zero(x) check to avoid the division by zero. ok jsing

Diffstat (limited to 'src/lib/libssl/tls12_record_layer.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: