diff options
author | djm@openbsd.org <djm@openbsd.org> | 2016-10-04 21:34:40 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2016-10-06 06:00:43 +1100 |
commit | a571dbcc7b7b25371174569b13df5159bc4c6c7a (patch) | |
tree | dbf224dbb641b4295c44708466c30ac9b83bc3f8 /sshkey.c | |
parent | 2f78a2a698f4222f8e05cad57ac6e0c3d1faff00 (diff) |
upstream commit
add a comment about implicitly-expected checks to
sshkey_ec_validate_public()
Upstream-ID: 74a7f71c28f7c13a50f89fc78e7863b9cd61713f
Diffstat (limited to 'sshkey.c')
-rw-r--r-- | sshkey.c | 10 |
1 files changed, 9 insertions, 1 deletions
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: sshkey.c,v 1.39 2016/09/26 21:16:11 djm Exp $ */ | 1 | /* $OpenBSD: sshkey.c,v 1.40 2016/10/04 21:34:40 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. |
4 | * Copyright (c) 2008 Alexander von Gernler. All rights reserved. | 4 | * Copyright (c) 2008 Alexander von Gernler. All rights reserved. |
@@ -2864,6 +2864,14 @@ sshkey_ec_validate_public(const EC_GROUP *group, const EC_POINT *public) | |||
2864 | BIGNUM *order, *x, *y, *tmp; | 2864 | BIGNUM *order, *x, *y, *tmp; |
2865 | int ret = SSH_ERR_KEY_INVALID_EC_VALUE; | 2865 | int ret = SSH_ERR_KEY_INVALID_EC_VALUE; |
2866 | 2866 | ||
2867 | /* | ||
2868 | * NB. This assumes OpenSSL has already verified that the public | ||
2869 | * point lies on the curve. This is done by EC_POINT_oct2point() | ||
2870 | * implicitly calling EC_POINT_is_on_curve(). If this code is ever | ||
2871 | * reachable with public points not unmarshalled using | ||
2872 | * EC_POINT_oct2point then the caller will need to explicitly check. | ||
2873 | */ | ||
2874 | |||
2867 | if ((bnctx = BN_CTX_new()) == NULL) | 2875 | if ((bnctx = BN_CTX_new()) == NULL) |
2868 | return SSH_ERR_ALLOC_FAIL; | 2876 | return SSH_ERR_ALLOC_FAIL; |
2869 | BN_CTX_start(bnctx); | 2877 | BN_CTX_start(bnctx); |