crypto/tls: don't check whether an ec point is on a curve twice
The processClientKeyExchange and processServerKeyExchange functions unmarshal an encoded EC point and explicitly check whether the point is on the curve. The explicit check can be omitted because elliptic.Unmarshal fails if the point is not on the curve and the returned error would always be the same. Fixes #20496 Change-Id: I5231a655eace79acee2737dd036a0c255ed42dbb Reviewed-on: https://go-review.googlesource.com/44311 Reviewed-by: Adam Langley <agl@golang.org> Reviewed-by: Avelino <t@avelino.xxx> Run-TryBot: Adam Langley <agl@golang.org>
This commit is contained in:
parent
95bebf2e8e
commit
257ad9c7d6
@ -319,13 +319,10 @@ func (ka *ecdheKeyAgreement) processClientKeyExchange(config *Config, cert *Cert
|
|||||||
if !ok {
|
if !ok {
|
||||||
panic("internal error")
|
panic("internal error")
|
||||||
}
|
}
|
||||||
x, y := elliptic.Unmarshal(curve, ckx.ciphertext[1:])
|
x, y := elliptic.Unmarshal(curve, ckx.ciphertext[1:]) // Unmarshal also checks whether the given point is on the curve
|
||||||
if x == nil {
|
if x == nil {
|
||||||
return nil, errClientKeyExchange
|
return nil, errClientKeyExchange
|
||||||
}
|
}
|
||||||
if !curve.IsOnCurve(x, y) {
|
|
||||||
return nil, errClientKeyExchange
|
|
||||||
}
|
|
||||||
x, _ = curve.ScalarMult(x, y, ka.privateKey)
|
x, _ = curve.ScalarMult(x, y, ka.privateKey)
|
||||||
preMasterSecret := make([]byte, (curve.Params().BitSize+7)>>3)
|
preMasterSecret := make([]byte, (curve.Params().BitSize+7)>>3)
|
||||||
xBytes := x.Bytes()
|
xBytes := x.Bytes()
|
||||||
@ -365,14 +362,10 @@ func (ka *ecdheKeyAgreement) processServerKeyExchange(config *Config, clientHell
|
|||||||
if !ok {
|
if !ok {
|
||||||
return errors.New("tls: server selected unsupported curve")
|
return errors.New("tls: server selected unsupported curve")
|
||||||
}
|
}
|
||||||
|
ka.x, ka.y = elliptic.Unmarshal(curve, publicKey) // Unmarshal also checks whether the given point is on the curve
|
||||||
ka.x, ka.y = elliptic.Unmarshal(curve, publicKey)
|
|
||||||
if ka.x == nil {
|
if ka.x == nil {
|
||||||
return errServerKeyExchange
|
return errServerKeyExchange
|
||||||
}
|
}
|
||||||
if !curve.IsOnCurve(ka.x, ka.y) {
|
|
||||||
return errServerKeyExchange
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
sigAndHash := signatureAndHash{signature: ka.sigType}
|
sigAndHash := signatureAndHash{signature: ka.sigType}
|
||||||
|
Loading…
Reference in New Issue
Block a user