summaryrefslogtreecommitdiffstats
path: root/security/nss/lib/freebl/ec.c
diff options
context:
space:
mode:
Diffstat (limited to 'security/nss/lib/freebl/ec.c')
-rw-r--r--security/nss/lib/freebl/ec.c20
1 files changed, 15 insertions, 5 deletions
diff --git a/security/nss/lib/freebl/ec.c b/security/nss/lib/freebl/ec.c
index 12bfeed41..669c9b147 100644
--- a/security/nss/lib/freebl/ec.c
+++ b/security/nss/lib/freebl/ec.c
@@ -565,6 +565,15 @@ ECDH_Derive(SECItem *publicValue,
return SECFailure;
}
+ /*
+ * Make sure the point is on the requested curve to avoid
+ * certain small subgroup attacks.
+ */
+ if (EC_ValidatePublicKey(ecParams, publicValue) != SECSuccess) {
+ PORT_SetError(SEC_ERROR_BAD_KEY);
+ return SECFailure;
+ }
+
/* Perform curve specific multiplication using ECMethod */
if (ecParams->fieldID.type == ec_field_plain) {
const ECMethod *method;
@@ -580,10 +589,6 @@ ECDH_Derive(SECItem *publicValue,
PORT_SetError(SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE);
return SECFailure;
}
- if (method->validate(publicValue) != SECSuccess) {
- PORT_SetError(SEC_ERROR_BAD_KEY);
- return SECFailure;
- }
return method->mul(derivedSecret, privateValue, publicValue);
}
@@ -1001,9 +1006,14 @@ ECDSA_VerifyDigest(ECPublicKey *key, const SECItem *signature,
}
slen = signature->len / 2;
+ /*
+ * The incoming point has been verified in sftk_handlePublicKeyObject.
+ */
+
SECITEM_AllocItem(NULL, &pointC, EC_GetPointSize(ecParams));
- if (pointC.data == NULL)
+ if (pointC.data == NULL) {
goto cleanup;
+ }
CHECK_MPI_OK(mp_init(&r_));
CHECK_MPI_OK(mp_init(&s_));