[openssl/openssl] be13a0: FIPS: Change EC_GROUP_check() so that it fails for...
0 views
Skip to first unread message
Shane
Mar 2, 2026, 2:38:37 PM (14 hours ago) Mar 2
to openssl...@openssl.org
Branch: refs/heads/openssl-3.4
Home: https://github.com/openssl/openssl
Commit: be13a000d0db8590f8700877a3d97ec4f96e604b
https://github.com/openssl/openssl/commit/be13a000d0db8590f8700877a3d97ec4f96e604b
Author: slontis <shane....@oracle.com>
Date: 2026-03-02 (Mon, 02 Mar 2026)
Changed paths:
M crypto/ec/ec_check.c
Log Message:
-----------
FIPS: Change EC_GROUP_check() so that it fails for explicit curves.
Reported by Luigino Camastra (Aisle Research).
Explicit curves returned a NID of NID_undef (which has a value of 0)
which resulted in the check >= 0 passing.
Changing the result to > addresses the issue.
Note that this is a NON issue in master since explicit curves are
now disabled by default. Note also that for any EC operation that
tries to use a loaded EC key, checks that the curve and security
strength are valid.
Reviewed-by: Tim Hudson <t...@openssl.org>
Reviewed-by: Paul Dale <paul...@oracle.com>
Reviewed-by: Tomas Mraz <to...@openssl.org>
MergeDate: Mon Mar 2 19:37:04 2026
(Merged from https://github.com/openssl/openssl/pull/30138)
(cherry picked from commit 5e632723296e65689146280e4e2a90a42c513305)
To unsubscribe from these emails, change your notification settings at https://github.com/openssl/openssl/settings/notifications
Home: https://github.com/openssl/openssl
Commit: be13a000d0db8590f8700877a3d97ec4f96e604b
https://github.com/openssl/openssl/commit/be13a000d0db8590f8700877a3d97ec4f96e604b
Author: slontis <shane....@oracle.com>
Date: 2026-03-02 (Mon, 02 Mar 2026)
Changed paths:
M crypto/ec/ec_check.c
Log Message:
-----------
FIPS: Change EC_GROUP_check() so that it fails for explicit curves.
Reported by Luigino Camastra (Aisle Research).
Explicit curves returned a NID of NID_undef (which has a value of 0)
which resulted in the check >= 0 passing.
Changing the result to > addresses the issue.
Note that this is a NON issue in master since explicit curves are
now disabled by default. Note also that for any EC operation that
tries to use a loaded EC key, checks that the curve and security
strength are valid.
Reviewed-by: Tim Hudson <t...@openssl.org>
Reviewed-by: Paul Dale <paul...@oracle.com>
Reviewed-by: Tomas Mraz <to...@openssl.org>
MergeDate: Mon Mar 2 19:37:04 2026
(Merged from https://github.com/openssl/openssl/pull/30138)
(cherry picked from commit 5e632723296e65689146280e4e2a90a42c513305)
To unsubscribe from these emails, change your notification settings at https://github.com/openssl/openssl/settings/notifications
Reply all
Reply to author
Forward
0 new messages