Adam Langley 38feb990a1 Require that EC points are on the curve. ... This removes a sharp corner in the API where |ECDH_compute_key| assumed that callers were either using ephemeral keys, or else had already checked that the public key was on the curve. A public key that's not on the curve can be in a small subgroup and thus the result can leak information about the private key. This change causes |EC_POINT_set_affine_coordinates_GFp| to require that points are on the curve. |EC_POINT_oct2point| already does this. Change-Id: I77d10ce117b6efd87ebb4a631be3a9630f5e6636 Reviewed-on: https://boringssl-review.googlesource.com/5861 Reviewed-by: Adam Langley <agl@google.com>		2015-11-06 19:35:42 +00:00
..
asm	Add Intel's P-256	2015-11-03 22:08:47 +00:00
CMakeLists.txt	Add Intel's P-256	2015-11-03 22:08:47 +00:00
ec_asn1.c	Fix all sign/unsigned warnings with Clang and GCC.	2015-10-27 22:48:00 +00:00
ec_key.c	Remove the func parameter to OPENSSL_PUT_ERROR.	2015-07-16 02:02:37 +00:00
ec_montgomery.c	Avoid hard-coded linkage of WNAF-based multiplication.	2015-10-27 16:38:25 +00:00
ec_test.cc	Require that EC points are on the curve.	2015-11-06 19:35:42 +00:00
ec.c	Require that EC points are on the curve.	2015-11-06 19:35:42 +00:00
example_mul.c	Add a CRYPTO_library_init and static-initializer-less build option.	2014-09-12 00:10:53 +00:00
internal.h	Add Intel's P-256	2015-11-03 22:08:47 +00:00
oct.c	Simplify |EC_METHOD| by removing invariant methods.	2015-10-27 15:55:47 +00:00
p224-64.c	Add OPENSSL_SMALL.	2015-10-27 16:40:20 +00:00
p256-64.c	Avoid hard-coded linkage of WNAF-based multiplication.	2015-10-27 16:38:25 +00:00
p256-x86_64-table.h	Add Intel's P-256	2015-11-03 22:08:47 +00:00
p256-x86_64.c	Fix several MSVC warnings.	2015-11-03 14:31:33 -08:00
simple.c	Change the type of |EC_GROUP_get_degree| and friends to |unsigned|.	2015-10-27 16:48:04 +00:00
util-64.c	Add 64-bit, P-256 implementation.	2015-04-16 13:53:05 -07:00
wnaf.c	Avoid hard-coded linkage of WNAF-based multiplication.	2015-10-27 16:38:25 +00:00