Skip to content
Commit 1e2012b7 authored by Emilia Kasper's avatar Emilia Kasper
Browse files

RT 4242: reject invalid EC point coordinates



We already test in EC_POINT_oct2point that points are on the curve. To
be on the safe side, move this check to
EC_POINT_set_affine_coordinates_* so as to also check point coordinates
received through some other method.

We do not check projective coordinates, though, as
- it's unlikely that applications would be receiving this primarily
  internal representation from untrusted sources, and
- it's possible that the projective setters are used in a setting where
  performance matters.

Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
parent 6670d55a
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment