RT 4242: reject invalid EC point coordinates #8750
Closed
Commits on Apr 15, 2019
-
RT 4242: reject invalid EC point coordinates
This is a backport of commit 1e2012b to 1.0.2. This hardening change was made to 1.1.0 but was not backported to 1.0.2. Recent CVEs in user applications have shown this additional hardening in 1.0.2 would be beneficial. E.g. see the patch for CVE-2019-9498 https://w1.fi/security/2019-4/0011-EAP-pwd-server-Verify-received-scalar-and-element.patch and CVE-2019-9499 https://w1.fi/security/2019-4/0013-EAP-pwd-client-Verify-received-scalar-and-element.patch The original commit had this description: We already test in EC_POINT_oct2point that points are on the curve. To be on the safe side, move this check to EC_POINT_set_affine_coordinates_* so as to also check point coordinates received through some other method. We do not check projective coordinates, though, as - it's unlikely that applications would be receiving this primarily internal representation from untrusted sources, and - it's possible that the projective setters are used in a setting where performance matters.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.