ecc: Improve gcry_mpi_ec_curve_point

* mpi/ec.c (_gcry_mpi_ec_curve_point): Check range of coordinates. * tests/t-mpi-point.c (point_on_curve): New. -- Due to the conversion to affine coordinates we didn't detected points with values >= P. The solution here might not be the best according to the NIST standard (it is done there at an earlier opportunity) but it reliably detects points we do not expect to receive. The new test vectors have been compared against gnutls/nettle. Reported-by: Stephan Müller Signed-off-by: Werner Koch <wk@gnupg.org>
author: Werner Koch <wk@gnupg.org> 2018-06-05 14:33:01 +0200
committer: Werner Koch <wk@gnupg.org> 2018-06-06 18:59:21 +0200
commit: 7b6c2afd699e889f5f054cc3d202a61bd0ee1dcf (patch)
tree: bb5f150fe11d50a24c4aa951352189af7ae575d9 /mpi
parent: 6606ae44e0de1069b29dd4215ee9748280940e1b (diff)
download: libgcrypt-7b6c2afd699e889f5f054cc3d202a61bd0ee1dcf.tar.gz
1 files changed, 9 insertions, 0 deletions
diff --git a/mpi/ec.c b/mpi/ec.c
index 2c396a74..97afbfed 100644
--- a/mpi/ec.c
+++ b/mpi/ec.c
@@ -1731,6 +1731,15 @@ _gcry_mpi_ec_curve_point (gcry_mpi_point_t point, mpi_ec_t ctx)
   y = mpi_new (0);
   w = mpi_new (0);
 
+  /* Check that the point is in range.  This needs to be done here and
+   * not after conversion to affine coordinates.  */
+  if (mpi_cmpabs (point->x, ctx->p) >= 0)
+    goto leave;
+  if (mpi_cmpabs (point->y, ctx->p) >= 0)
+    goto leave;
+  if (mpi_cmpabs (point->z, ctx->p) >= 0)
+    goto leave;
+
   switch (ctx->model)
     {
     case MPI_EC_WEIERSTRASS:
author	Werner Koch <wk@gnupg.org>	2018-06-05 14:33:01 +0200
committer	Werner Koch <wk@gnupg.org>	2018-06-06 18:59:21 +0200
commit	7b6c2afd699e889f5f054cc3d202a61bd0ee1dcf (patch)
tree	bb5f150fe11d50a24c4aa951352189af7ae575d9 /mpi
parent	6606ae44e0de1069b29dd4215ee9748280940e1b (diff)
download	libgcrypt-7b6c2afd699e889f5f054cc3d202a61bd0ee1dcf.tar.gz