boringssl

History

Adam Langley 38feb990a1 Require that EC points are on the curve. This removes a sharp corner in the API where \|ECDH_compute_key\| assumed that callers were either using ephemeral keys, or else had already checked that the public key was on the curve. A public key that's not on the curve can be in a small subgroup and thus the result can leak information about the private key. This change causes \|EC_POINT_set_affine_coordinates_GFp\| to require that points are on the curve. \|EC_POINT_oct2point\| already does this. Change-Id: I77d10ce117b6efd87ebb4a631be3a9630f5e6636 Reviewed-on: https://boringssl-review.googlesource.com/5861 Reviewed-by: Adam Langley <agl@google.com>	2015-11-06 19:35:42 +00:00
..
openssl	Require that EC points are on the curve.	2015-11-06 19:35:42 +00:00

Adam Langley 38feb990a1 Require that EC points are on the curve.

This removes a sharp corner in the API where |ECDH_compute_key| assumed
that callers were either using ephemeral keys, or else had already
checked that the public key was on the curve.

A public key that's not on the curve can be in a small subgroup and thus
the result can leak information about the private key.

This change causes |EC_POINT_set_affine_coordinates_GFp| to require that
points are on the curve. |EC_POINT_oct2point| already does this.

Change-Id: I77d10ce117b6efd87ebb4a631be3a9630f5e6636
Reviewed-on: https://boringssl-review.googlesource.com/5861
Reviewed-by: Adam Langley <agl@google.com>

2015-11-06 19:35:42 +00:00

openssl

Require that EC points are on the curve.

2015-11-06 19:35:42 +00:00