~mdw
/
catacomb
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
symm/t/chacha: Missing test from RFC8439.
[catacomb]
/
math
/
ec-raw.c
diff --git
a/math/ec-raw.c
b/math/ec-raw.c
index
acee1b6
..
497e191
100644
(file)
--- a/
math/ec-raw.c
+++ b/
math/ec-raw.c
@@
-54,6
+54,9
@@
* @EC_EXPLY@ is set, then an explicit %$y$%-coordinate is
* output in full. Otherwise the %$y$%-coordinate is
* suppressed.
* @EC_EXPLY@ is set, then an explicit %$y$%-coordinate is
* output in full. Otherwise the %$y$%-coordinate is
* suppressed.
+ *
+ * Returns failure (@-1@) if the flags are invalid, or if there
+ * isn't enough space in the output buffer.
*/
int ec_ec2osp(ec_curve *c, unsigned f, buf *b, const ec *p)
*/
int ec_ec2osp(ec_curve *c, unsigned f, buf *b, const ec *p)
@@
-62,15
+65,22
@@
int ec_ec2osp(ec_curve *c, unsigned f, buf *b, const ec *p)
size_t n;
ec t = EC_INIT;
size_t n;
ec t = EC_INIT;
+ /* --- Check the requested flags for sanity --- */
+
+ if (!f) f = EC_XONLY;
+ if (f & ~((f & EC_XONLY) ? EC_XONLY :
+ (f & EC_CMPR) ? (EC_CMPR | EC_EXPLY | EC_SORT) :
+ (f & EC_EXPLY) ? EC_EXPLY :
+ 0u))
+ return (-1);
+
/* --- Point at infinity --- */
if (EC_ATINF(p)) return (buf_putbyte(b, 0));
/* --- Fix up the format byte, compressing the %$y$%-coordinate --- */
/* --- Point at infinity --- */
if (EC_ATINF(p)) return (buf_putbyte(b, 0));
/* --- Fix up the format byte, compressing the %$y$%-coordinate --- */
- if (!f)
- f = EC_XONLY;
- else if (f & EC_CMPR) {
+ if (f & EC_CMPR) {
if (!(f & EC_SORT))
f |= EC_COMPR(c, p) ? EC_YBIT : 0;
else {
if (!(f & EC_SORT))
f |= EC_COMPR(c, p) ? EC_YBIT : 0;
else {