summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/ec/ecp_oct.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Prepare to provide EC_POINT_set_compressed_coordinatestb2021-04-201-3/+3
| | | | ok jsing
* Prepare to provide EC_POINT_{g,s}et_affine_coordinatestb2021-04-201-5/+5
| | | | | | Similar to part of OpenSSL commit 8e3cced75fb5fee5da59ebef9605d403a999391b ok jsing
* Move point-on-curve check to set_affine_coordinatestb2020-12-041-6/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bad API design makes it possible to set an EC_KEY public key to a point not on the curve. As a consequence, it was possible to have bogus ECDSA signatures validated. In practice, all software uses either EC_POINT_oct2point*() to unmarshal public keys or issues a call to EC_KEY_check_key() after setting it. This way, a point on curve check is performed and the problem is mitigated. In OpenSSL commit 1e2012b7ff4a5f12273446b281775faa5c8a1858, Emilia Kasper moved the point-on-curve check from EC_POINT_oct2point to EC_POINT_set_affine_coordinates_*, which results in more checking. In addition to this commit, we also check in the currently unused codepath of a user set callback for setting compressed coordinates, just in case this will be used at some point in the future. The documentation of EC_KEY_check_key() is very vague on what it checks and when checks are needed. It could certainly be improved a lot. It's also strange that EC_KEY_set_key() performs no checks, while EC_KEY_set_public_key_affine_coordinates() implicitly calls EC_KEY_check_key(). It's a mess. Issue found and reported by Guido Vranken who also tested an earlier version of this fix. ok jsing
* recommit label indentation part of the backout; clearly unrelated to thetb2018-07-151-4/+4
| | | | breakage.
* back out ecc constant time changesjsg2018-07-151-4/+4
| | | | | | | | after the constant time commits various regress tests started failing on sparc64 ssh t9, libcrypto ec ecdh ecdsa and trying to ssh out resulted in 'invalid elliptic curve value' ok tb@
* Indent labels by a space so they don't obliterate function names in diffs.tb2018-07-101-4/+4
|
* Send the function codes from the error functions to the bit bucket,beck2017-01-291-22/+22
| | | | | | as was done earlier in libssl. Thanks inoguchi@ for noticing libssl had more reacharounds into this. ok jsing@ inoguchi@
* BN_CTX_get() can fail - consistently check its return value.jsing2015-02-091-14/+16
| | | | | | | | | | | | | | | There are currently cases where the return from each call is checked, the return from only the last call is checked and cases where it is not checked at all (including code in bn, ec and engine). Checking the last return value is valid as once the function fails it will continue to return NULL. However, in order to be consistent check each call with the same idiom. This makes it easy to verify. Note there are still a handful of cases that do not follow the idiom - these will be handled separately. ok beck@ doug@
* Use `> 0' instead of `!= 0' as a successful condition formiod2015-02-081-4/+4
| | | | | | EC_POINT_is_at_infinity() and EC_POINT_is_on_curve(), for they may return -1 should an error arise. ok doug@ jsing@
* if (x) FOO_free(x) -> FOO_free(x).miod2014-07-121-9/+5
| | | | | | | Improves readability, keeps the code smaller so that it is warmer in your cache. review & ok deraadt@
* tags as requested by miod and teduderaadt2014-06-121-1/+1
|
* knf approximationtedu2014-05-061-204/+169
|
* Cope with the removal of openssl/symhacks.hderaadt2014-04-131-1/+0
|
* import OpenSSL-1.0.1cdjm2012-10-131-0/+433
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-29 19:45:42 +0000