[openssl-dev] [openssl.org #4393] [PATCH] Call EC_GROUP_order_bits in priv2opt.
Merge RT4241 here as these are best handled together. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4393 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] [openssl.org #4393] [PATCH] Call EC_GROUP_order_bits in priv2opt.
On Tue, Mar 29, 2016 at 12:17 PM Emilia Käsper wrote: > While we're at this, shouldn't we then also check the length in oct2priv? > (And > either reject or reduce mod n.) Afaics it accepts arbitrary BNs currently, > which means some keys can be parsed but cannot be re-encoded? > Probably. BoringSSL rejects keys that are too large. One compatibility note though: although RFC 5915 and SEC 1 (not sure about X9.62) requires that the private key in an ECPrivateKey structure be exactly the byte length of the order, OpenSSL prior to 30cd4ff294252c4b6a4b69cbef6a5b4117705d22 removed leading zeros, so ECPrivateKey parsers need to allow for short inputs. David -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4393 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] [openssl.org #4393] [PATCH] Call EC_GROUP_order_bits in priv2opt.
Merged. (Please reopen if you think we should also follow up in the other direction.) -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4393 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] [openssl.org #4393] [PATCH] Call EC_GROUP_order_bits in priv2opt.
While we're at this, shouldn't we then also check the length in oct2priv? (And either reject or reduce mod n.) Afaics it accepts arbitrary BNs currently, which means some keys can be parsed but cannot be re-encoded? -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4393 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] [openssl.org #4393] [PATCH] Call EC_GROUP_order_bits in priv2opt.
The private key is a scalar and should be sized by the order, not the degree. (Unlike my other recent emails, this has nothing to do with BoringSSL tests. :-) ) David -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4393 Please log in as guest with password guest if prompted 0007-Call-EC_GROUP_order_bits-in-priv2opt.patch Description: Binary data -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev