boringssl/crypto/fipsmodule
David Benjamin cb16f17b36 Check EC_POINT/EC_GROUP compatibility more accurately.
Currently we only check that the underlying EC_METHODs match, which
avoids the points being in different forms, but not that the points are
on the same curves. (We fixed the APIs early on so off-curve EC_POINTs
cannot be created.)

In particular, this comes up with folks implementating Java's crypto
APIs with ECDH_compute_key. These APIs are both unfortunate and should
not be mimicked, as they allow folks to mismatch the groups on the two
multiple EC_POINTs. Instead, ECDH APIs should take the public value as a
byte string.

Thanks also to Java's poor crypto APIs, we must support custom curves,
which makes this particularly gnarly. This CL makes EC_GROUP_cmp work
with custom curves and adds an additional subtle requirement to
EC_GROUP_set_generator.

Annoyingly, this change is additionally subtle because we now have a
reference cycle to hack around.

Change-Id: I2efbc4bd5cb65fee5f66527bd6ccad6b9d5120b9
Reviewed-on: https://boringssl-review.googlesource.com/22245
Reviewed-by: Adam Langley <agl@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-10-28 08:02:50 +00:00
..
aes Run the comment converter on libcrypto. 2017-08-18 21:49:04 +00:00
bn Generate bn_div and bn_mod_exp corpus from bn_tests.txt. 2017-10-27 18:57:48 +00:00
cipher Switch OPENSSL_VERSION_NUMBER to 1.1.0. 2017-09-29 04:51:27 +00:00
des Explicit fallthrough on switch 2017-09-20 19:58:25 +00:00
digest Switch OPENSSL_VERSION_NUMBER to 1.1.0. 2017-09-29 04:51:27 +00:00
ec Check EC_POINT/EC_GROUP compatibility more accurately. 2017-10-28 08:02:50 +00:00
ecdsa Run the comment converter on libcrypto. 2017-08-18 21:49:04 +00:00
hmac Switch OPENSSL_VERSION_NUMBER to 1.1.0. 2017-09-29 04:51:27 +00:00
md4 Run the comment converter on libcrypto. 2017-08-18 21:49:04 +00:00
md5 Run the comment converter on libcrypto. 2017-08-18 21:49:04 +00:00
modes Run the comment converter on libcrypto. 2017-08-18 21:49:04 +00:00
policydocs Update FIPS documentation with pointer to the cert and security policy. 2017-07-20 03:32:08 +00:00
rand Remove CTR_DRBG_STATE alignment marker. 2017-09-18 19:17:52 +00:00
rsa Switch OPENSSL_VERSION_NUMBER to 1.1.0. 2017-09-29 04:51:27 +00:00
sha Hide CPU capability symbols in C. 2017-10-23 18:36:49 +00:00
bcm.c Run the comment converter on libcrypto. 2017-08-18 21:49:04 +00:00
CMakeLists.txt Convert example_mul to GTest. 2017-07-10 19:28:29 +00:00
delocate.h Run the comment converter on libcrypto. 2017-08-18 21:49:04 +00:00
FIPS.md Update FIPS documentation with pointer to the cert and security policy. 2017-07-20 03:32:08 +00:00
intcheck1.png First part of the FIPS module. 2017-04-07 00:05:34 +00:00
intcheck2.png Inject FIPS hash without running module. 2017-04-12 23:09:38 +00:00
intcheck3.png First part of the FIPS module. 2017-04-07 00:05:34 +00:00
is_fips.c Run the comment converter on libcrypto. 2017-08-18 21:49:04 +00:00