projects / BearSSL / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (from parent 1: acc70b1)
Harmonized behaviour when point length is invalid.
authorThomas Pornin <pornin@bolet.org>
Fri, 24 Apr 2020 13:18:58 +0000 (15:18 +0200)
committerThomas Pornin <pornin@bolet.org>
Fri, 24 Apr 2020 13:18:58 +0000 (15:18 +0200)
src/ec/ec_p256_m15.c patch | blob | history
src/ec/ec_p256_m31.c patch | blob | history
src/ec/ec_prime_i15.c patch | blob | history
src/ec/ec_prime_i31.c patch | blob | history

diff --git a/src/ec/ec_p256_m15.c b/src/ec/ec_p256_m15.c
index 8d68d1d..05800d8 100644 (file)
--- a/src/ec/ec_p256_m15.c
+++ b/src/ec/ec_p256_m15.c
@@ -2039,12 +2039,13 @@ api_mul(unsigned char *G, size_t Glen,
        p256_jacobian P;
 
        (void)curve;
+       if (Glen != 65) {
+               return 0;
+       }
        r = p256_decode(&P, G, Glen);
        p256_mul(&P, x, xlen);
-       if (Glen >= 65) {
-               p256_to_affine(&P);
-               p256_encode(G, &P);
-       }
+       p256_to_affine(&P);
+       p256_encode(G, &P);
        return r;
 }
 
@@ -2059,16 +2060,6 @@ api_mulgen(unsigned char *R,
        p256_to_affine(&P);
        p256_encode(R, &P);
        return 65;
-
-       /*
-       const unsigned char *G;
-       size_t Glen;
-
-       G = api_generator(curve, &Glen);
-       memcpy(R, G, Glen);
-       api_mul(R, Glen, x, xlen, curve);
-       return Glen;
-       */
 }
 
 static uint32_t
@@ -2081,6 +2072,9 @@ api_muladd(unsigned char *A, const unsigned char *B, size_t len,
        int i;
 
        (void)curve;
+       if (len != 65) {
+               return 0;
+       }
        r = p256_decode(&P, A, len);
        p256_mul(&P, x, xlen);
        if (B == NULL) {
diff --git a/src/ec/ec_p256_m31.c b/src/ec/ec_p256_m31.c
index d57ef7b..b185937 100644 (file)
--- a/src/ec/ec_p256_m31.c
+++ b/src/ec/ec_p256_m31.c
@@ -1384,12 +1384,13 @@ api_mul(unsigned char *G, size_t Glen,
        p256_jacobian P;
 
        (void)curve;
+       if (Glen != 65) {
+               return 0;
+       }
        r = p256_decode(&P, G, Glen);
        p256_mul(&P, x, xlen);
-       if (Glen >= 65) {
-               p256_to_affine(&P);
-               p256_encode(G, &P);
-       }
+       p256_to_affine(&P);
+       p256_encode(G, &P);
        return r;
 }
 
@@ -1404,16 +1405,6 @@ api_mulgen(unsigned char *R,
        p256_to_affine(&P);
        p256_encode(R, &P);
        return 65;
-
-       /*
-       const unsigned char *G;
-       size_t Glen;
-
-       G = api_generator(curve, &Glen);
-       memcpy(R, G, Glen);
-       api_mul(R, Glen, x, xlen, curve);
-       return Glen;
-       */
 }
 
 static uint32_t
@@ -1426,6 +1417,9 @@ api_muladd(unsigned char *A, const unsigned char *B, size_t len,
        int i;
 
        (void)curve;
+       if (len != 65) {
+               return 0;
+       }
        r = p256_decode(&P, A, len);
        p256_mul(&P, x, xlen);
        if (B == NULL) {
diff --git a/src/ec/ec_prime_i15.c b/src/ec/ec_prime_i15.c
index 0f210f2..f86dbe6 100644 (file)
--- a/src/ec/ec_prime_i15.c
+++ b/src/ec/ec_prime_i15.c
@@ -733,11 +733,12 @@ api_mul(unsigned char *G, size_t Glen,
        jacobian P;
 
        cc = id_to_curve(curve);
+       if (Glen != cc->point_len) {
+               return 0;
+       }
        r = point_decode(&P, G, Glen, cc);
        point_mul(&P, x, xlen, cc);
-       if (Glen == cc->point_len) {
-               point_encode(G, &P, cc);
-       }
+       point_encode(G, &P, cc);
        return r;
 }
 
@@ -770,6 +771,9 @@ api_muladd(unsigned char *A, const unsigned char *B, size_t len,
         */
 
        cc = id_to_curve(curve);
+       if (len != cc->point_len) {
+               return 0;
+       }
        r = point_decode(&P, A, len, cc);
        if (B == NULL) {
                size_t Glen;
diff --git a/src/ec/ec_prime_i31.c b/src/ec/ec_prime_i31.c
index 0586a3b..b205f36 100644 (file)
--- a/src/ec/ec_prime_i31.c
+++ b/src/ec/ec_prime_i31.c
@@ -107,15 +107,16 @@ typedef struct {
        const uint32_t *b;
        const uint32_t *R2;
        uint32_t p0i;
+       size_t point_len;
 } curve_params;
 
 static inline const curve_params *
 id_to_curve(int curve)
 {
        static const curve_params pp[] = {
-               { P256_P, P256_B, P256_R2, 0x00000001 },
-               { P384_P, P384_B, P384_R2, 0x00000001 },
-               { P521_P, P521_B, P521_R2, 0x00000001 }
+               { P256_P, P256_B, P256_R2, 0x00000001,  65 },
+               { P384_P, P384_B, P384_R2, 0x00000001,  97 },
+               { P521_P, P521_B, P521_R2, 0x00000001, 133 }
        };
 
        return &pp[curve - BR_EC_secp256r1];
@@ -734,6 +735,9 @@ api_mul(unsigned char *G, size_t Glen,
        jacobian P;
 
        cc = id_to_curve(curve);
+       if (Glen != cc->point_len) {
+               return 0;
+       }
        r = point_decode(&P, G, Glen, cc);
        point_mul(&P, x, xlen, cc);
        point_encode(G, &P, cc);
@@ -769,6 +773,9 @@ api_muladd(unsigned char *A, const unsigned char *B, size_t len,
         */
 
        cc = id_to_curve(curve);
+       if (len != cc->point_len) {
+               return 0;
+       }
        r = point_decode(&P, A, len, cc);
        if (B == NULL) {
                size_t Glen;
The BearSSL library and tools.