kris/boringssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
14ebb4ff27
boringssl/crypto/ec
History
David Benjamin 14ebb4ff27 Don't compute the Kronecker symbol in ec_GFp_simple_set_compressed_coordinates. 
If y is zero, there is no point with odd y, so the odd bit may not be
set, hence EC_R_INVALID_COMPRESSION_BIT. This code instead computed the
Kronecker symbol of x and changed the error code to
EC_R_INVALID_COMPRESSED_POINT if not a square.

As the comment says, this was (intended to be) unreachable. But it
seems x was a typo for tmp1. It dates to before upstream's
6fb60a84dd1ec81953917e0444dab50186617432, when BN_mod_sqrt gave
garbage if its input was not square. Now it emits BN_R_NOT_A_SQUARE.
Upstream's 48fe4d6233ac2d60745742a27f820dd88bc6689d then mapped
BN_R_NOT_A_SQUARE to EC_R_INVALID_COMPRESSED_POINT.

Change-Id: Id9e02fa1c154b61cc0c3a768c9cfe6bd9674c378
Reviewed-on: https://boringssl-review.googlesource.com/12463
Reviewed-by: Adam Langley <agl@google.com>
2016-11-29 00:36:04 +00:00
..
asm ec/ecp_nistz256: harmonize is_infinity with ec_GFp_simple_is_at_infinity. 2016-11-16 18:16:54 +00:00
CMakeLists.txt Depend all_tests on p256-x86_64_test. 2016-11-17 02:56:51 +00:00
ec_asn1.c Decouple crypto/ec from the OID table. 2016-03-31 22:12:09 +00:00
ec_key.c Add BN_rand_range_ex and use internally. 2016-07-29 16:09:26 +00:00
ec_montgomery.c Be -Wnewline-eof clean. 2016-08-29 19:15:19 +00:00
ec_test.cc ec/ecp_nistz256: harmonize is_infinity with ec_GFp_simple_is_at_infinity. 2016-11-16 18:16:54 +00:00
ec.c Use C99 for size_t loops. 2016-09-12 19:44:24 +00:00
example_mul.c Remove some easy obj.h dependencies. 2016-03-31 20:50:33 +00:00
internal.h Don't use function wrappers for EC_METHOD. 2016-08-16 19:27:52 +00:00
oct.c Don't compute the Kronecker symbol in ec_GFp_simple_set_compressed_coordinates. 2016-11-29 00:36:04 +00:00
p224-64.c Use C99 for size_t loops. 2016-09-12 19:44:24 +00:00
p256-64.c Fix up macros. 2016-10-18 18:28:23 +00:00
p256-x86_64_test.cc Remove unnecessary BN_is_negative check in p256-x86_64_test. 2016-11-16 19:19:38 +00:00
p256-x86_64_tests.txt ec/ecp_nistz256: harmonize is_infinity with ec_GFp_simple_is_at_infinity. 2016-11-16 18:16:54 +00:00
p256-x86_64-table.h Use |alignas| for alignment. 2016-01-25 23:05:04 +00:00
p256-x86_64.c ec/ecp_nistz256: harmonize is_infinity with ec_GFp_simple_is_at_infinity. 2016-11-16 18:16:54 +00:00
p256-x86_64.h Add low-level p256-x86_64 tests. 2016-11-15 17:05:01 +00:00
simple.c Use C99 for size_t loops. 2016-09-12 19:44:24 +00:00
util-64.c Remove unused code for multiple-point ECC multiplication. 2016-03-09 19:47:19 +00:00
wnaf.c Remove |EC_POINTs_mul| & simplify p256-x86_64. 2015-11-19 01:08:46 +00:00