summaryrefslogtreecommitdiff
path: root/src (unfollow)
Commit message (Collapse)AuthorFilesLines
2020-12-04Move point-on-curve check to set_affine_coordinatestb4-18/+50
Bad API design makes it possible to set an EC_KEY public key to a point not on the curve. As a consequence, it was possible to have bogus ECDSA signatures validated. In practice, all software uses either EC_POINT_oct2point*() to unmarshal public keys or issues a call to EC_KEY_check_key() after setting it. This way, a point on curve check is performed and the problem is mitigated. In OpenSSL commit 1e2012b7ff4a5f12273446b281775faa5c8a1858, Emilia Kasper moved the point-on-curve check from EC_POINT_oct2point to EC_POINT_set_affine_coordinates_*, which results in more checking. In addition to this commit, we also check in the currently unused codepath of a user set callback for setting compressed coordinates, just in case this will be used at some point in the future. The documentation of EC_KEY_check_key() is very vague on what it checks and when checks are needed. It could certainly be improved a lot. It's also strange that EC_KEY_set_key() performs no checks, while EC_KEY_set_public_key_affine_coordinates() implicitly calls EC_KEY_check_key(). It's a mess. Issue found and reported by Guido Vranken who also tested an earlier version of this fix. ok jsing
2020-12-03grammar fixes from Varik "The Genuine Article!!!" Valefor;jmc3-9/+9
2020-12-01Extend the methods test to cover dtls methods as welltb1-1/+57
2020-12-01Enable ssl_methods unit test.tb1-1/+2