File tree 1 file changed +9
-1
lines changed
1 file changed +9
-1
lines changed Original file line number Diff line number Diff line change 1- /* $OpenBSD: sshkey.c,v 1.39 2016/09/26 21:16:11 djm Exp $ */
1+ /* $OpenBSD: sshkey.c,v 1.40 2016/10/04 21:34:40 djm Exp $ */
22/*
33 * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
44 * Copyright (c) 2008 Alexander von Gernler. All rights reserved.
@@ -2864,6 +2864,14 @@ sshkey_ec_validate_public(const EC_GROUP *group, const EC_POINT *public)
28642864 BIGNUM * order , * x , * y , * tmp ;
28652865 int ret = SSH_ERR_KEY_INVALID_EC_VALUE ;
28662866
2867+ /*
2868+ * NB. This assumes OpenSSL has already verified that the public
2869+ * point lies on the curve. This is done by EC_POINT_oct2point()
2870+ * implicitly calling EC_POINT_is_on_curve(). If this code is ever
2871+ * reachable with public points not unmarshalled using
2872+ * EC_POINT_oct2point then the caller will need to explicitly check.
2873+ */
2874+
28672875 if ((bnctx = BN_CTX_new ()) == NULL )
28682876 return SSH_ERR_ALLOC_FAIL ;
28692877 BN_CTX_start (bnctx );
You can’t perform that action at this time.
0 commit comments