RT 4242: reject invalid EC point coordinates
authorEmilia Kasper <emilia@openssl.org>
Fri, 3 Jun 2016 12:42:04 +0000 (14:42 +0200)
committerEmilia Kasper <emilia@openssl.org>
Thu, 9 Jun 2016 21:58:20 +0000 (23:58 +0200)
commit1e2012b7ff4a5f12273446b281775faa5c8a1858
tree0eef527bc87b307739f309ae8dadc0b40b393552
parent6670d55a847f8f2415842bc085150e838d4aac5d
RT 4242: reject invalid EC point coordinates

We already test in EC_POINT_oct2point that points are on the curve. To
be on the safe side, move this check to
EC_POINT_set_affine_coordinates_* so as to also check point coordinates
received through some other method.

We do not check projective coordinates, though, as
- it's unlikely that applications would be receiving this primarily
  internal representation from untrusted sources, and
- it's possible that the projective setters are used in a setting where
  performance matters.

Reviewed-by: Rich Salz <rsalz@openssl.org>
crypto/ec/ec2_oct.c
crypto/ec/ec_lib.c
crypto/ec/ecp_oct.c
test/ectest.c