cb16f17b36
Currently we only check that the underlying EC_METHODs match, which avoids the points being in different forms, but not that the points are on the same curves. (We fixed the APIs early on so off-curve EC_POINTs cannot be created.) In particular, this comes up with folks implementating Java's crypto APIs with ECDH_compute_key. These APIs are both unfortunate and should not be mimicked, as they allow folks to mismatch the groups on the two multiple EC_POINTs. Instead, ECDH APIs should take the public value as a byte string. Thanks also to Java's poor crypto APIs, we must support custom curves, which makes this particularly gnarly. This CL makes EC_GROUP_cmp work with custom curves and adds an additional subtle requirement to EC_GROUP_set_generator. Annoyingly, this change is additionally subtle because we now have a reference cycle to hack around. Change-Id: I2efbc4bd5cb65fee5f66527bd6ccad6b9d5120b9 Reviewed-on: https://boringssl-review.googlesource.com/22245 Reviewed-by: Adam Langley <agl@google.com> Commit-Queue: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org> |
||
---|---|---|
.. | ||
aes | ||
bn | ||
cipher | ||
des | ||
digest | ||
ec | ||
ecdsa | ||
hmac | ||
md4 | ||
md5 | ||
modes | ||
policydocs | ||
rand | ||
rsa | ||
sha | ||
bcm.c | ||
CMakeLists.txt | ||
delocate.h | ||
FIPS.md | ||
intcheck1.png | ||
intcheck2.png | ||
intcheck3.png | ||
is_fips.c |