Done in 1e2012b7ff4a5f12273446b281775faa5c8a1858, thanks for the nudge.
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4242
Please log in as guest with password guest if prompted
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
The EC_POINT_* API functions accept invalid curve points and don't do
point verification.
Invalid curve points are one of the major implementation pitfalls in
ECC and can lead to attacks [1]. OpenSSL properly validates points in
the _oct2point functions, but I still find this risky. This looks
