diff options
author | Adam Langley <agl@chromium.org> | 2018-03-05 10:15:53 -0800 |
---|---|---|
committer | Adam Vartanian <flooey@google.com> | 2018-03-07 09:28:18 +0000 |
commit | 3ef76b39e2b1b3ce091b518cb4f4b9f7a9d3abeb (patch) | |
tree | 8537e9a3df821cc8aa2d0c56e6f928fa32f1ac62 | |
parent | e1e1218461d49b23d46af0d552edc5b80c8b2b4d (diff) | |
download | boringssl-3ef76b39e2b1b3ce091b518cb4f4b9f7a9d3abeb.tar.gz |
external/boringssl: cherry-pick crash fix
This change cherry-picks the following change from upstream:
commit 61dedd681501616de5928fe5c0eac6640d4de0c1
Author: Adam Langley <alangley@gmail.com>
Date: Wed Feb 7 14:59:44 2018 -0800
Don't crash when failing to set affine coordinates when the generator is missing.
If a caller is in the process on constructing an arbitrary |EC_GROUP|,
and they try to create an |EC_POINT| to set as the generator which is
invalid, we would previously crash.
Test: cts -m CtsLibcoreTestCases -t com.android.org.conscrypt
Change-Id: I6183e5d103636c01ca1cb3659d9e62c4dd63458b
Merged-In: Id05fd03176db2282aecdf58311d6224ff5f8d89d
-rw-r--r-- | src/crypto/fipsmodule/ec/ec.c | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/src/crypto/fipsmodule/ec/ec.c b/src/crypto/fipsmodule/ec/ec.c index 616df162..e45a7e34 100644 --- a/src/crypto/fipsmodule/ec/ec.c +++ b/src/crypto/fipsmodule/ec/ec.c @@ -768,7 +768,13 @@ int EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *group, EC_POINT *point, if (!EC_POINT_is_on_curve(group, point, ctx)) { // In the event of an error, defend against the caller not checking the // return value by setting a known safe value: the base point. - EC_POINT_copy(point, EC_GROUP_get0_generator(group)); + const EC_POINT *generator = EC_GROUP_get0_generator(group); + // The generator can be missing if the caller is in the process of + // constructing an arbitrary group. In this, we give up and hope they're + // checking the return value. + if (generator) { + EC_POINT_copy(point, generator); + } OPENSSL_PUT_ERROR(EC, EC_R_POINT_IS_NOT_ON_CURVE); return 0; } |