projects
/
BearSSL
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Harmonized behaviour when point length is invalid.
[BearSSL]
/
src
/
ec
/
ec_prime_i15.c
diff --git
a/src/ec/ec_prime_i15.c
b/src/ec/ec_prime_i15.c
index
85affe5
..
f86dbe6
100644
(file)
--- a/
src/ec/ec_prime_i15.c
+++ b/
src/ec/ec_prime_i15.c
@@
-733,11
+733,12
@@
api_mul(unsigned char *G, size_t Glen,
jacobian P;
cc = id_to_curve(curve);
jacobian P;
cc = id_to_curve(curve);
+ if (Glen != cc->point_len) {
+ return 0;
+ }
r = point_decode(&P, G, Glen, cc);
point_mul(&P, x, xlen, cc);
r = point_decode(&P, G, Glen, cc);
point_mul(&P, x, xlen, cc);
- if (Glen == cc->point_len) {
- point_encode(G, &P, cc);
- }
+ point_encode(G, &P, cc);
return r;
}
return r;
}
@@
-765,11
+766,14
@@
api_muladd(unsigned char *A, const unsigned char *B, size_t len,
/*
* TODO: see about merging the two ladders. Right now, we do
/*
* TODO: see about merging the two ladders. Right now, we do
- * two independ
a
nt point multiplications, which is a bit
+ * two independ
e
nt point multiplications, which is a bit
* wasteful of CPU resources (but yields short code).
*/
cc = id_to_curve(curve);
* wasteful of CPU resources (but yields short code).
*/
cc = id_to_curve(curve);
+ if (len != cc->point_len) {
+ return 0;
+ }
r = point_decode(&P, A, len, cc);
if (B == NULL) {
size_t Glen;
r = point_decode(&P, A, len, cc);
if (B == NULL) {
size_t Glen;