[openssl-dev] [openssl.org #4241] OpenSSL accepting curve coordinates outside mod p
Hanno Boeck via RT
rt at openssl.org
Fri Jan 15 15:32:14 UTC 2016
I wanted to report a behavior of the OpenSSL API that I find at least
highly unusual and unexpected and I suggest to change.
It's regarding these functions to set curve coordinates:
EC_POINT_set_affine_coordinates_GFp
EC_POINT_set_compressed_coordinates_GFp
It is possible to pass them a parameter for the coordinates that is
larger than the curves p parameter. It will automatically reduce them
modulo p. (See code example attached.)
One may argue whether that's a wanted behavior by defining that
coordinates > p are considered valid. However that might have
unintended consequences, for example (I haven't tested this) it is
probably possible to send values larger than p in a TLS ECDHE key
exchange as the ephemeral key. This could be used as a fingerprinting
mechanism (other crypto libs I've tested reject such coordinates).
I find it unlikely that any code relies on this behavior and I suggest
changing it so that curve parameters outside the modulus p of the given
curve are rejected with an error.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: point-coordinate-outside-of-p.c
Type: text/x-c++src
Size: 682 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20160115/ca314adb/attachment.c>
-------------- next part --------------
_______________________________________________
openssl-bugs-mod mailing list
openssl-bugs-mod at openssl.org
https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod
More information about the openssl-dev
mailing list