boringssl/crypto/fipsmodule/ec
David Benjamin cb16f17b36 Check EC_POINT/EC_GROUP compatibility more accurately.
Currently we only check that the underlying EC_METHODs match, which
avoids the points being in different forms, but not that the points are
on the same curves. (We fixed the APIs early on so off-curve EC_POINTs
cannot be created.)

In particular, this comes up with folks implementating Java's crypto
APIs with ECDH_compute_key. These APIs are both unfortunate and should
not be mimicked, as they allow folks to mismatch the groups on the two
multiple EC_POINTs. Instead, ECDH APIs should take the public value as a
byte string.

Thanks also to Java's poor crypto APIs, we must support custom curves,
which makes this particularly gnarly. This CL makes EC_GROUP_cmp work
with custom curves and adds an additional subtle requirement to
EC_GROUP_set_generator.

Annoyingly, this change is additionally subtle because we now have a
reference cycle to hack around.

Change-Id: I2efbc4bd5cb65fee5f66527bd6ccad6b9d5120b9
Reviewed-on: https://boringssl-review.googlesource.com/22245
Reviewed-by: Adam Langley <agl@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-10-28 08:02:50 +00:00
..
asm
ec_key.c Remove redundant calls to |OPENSSL_cleanse| and |OPENSSL_realloc_clean|. 2017-09-18 19:16:51 +00:00
ec_montgomery.c Refcount EC_GROUP. 2017-10-27 17:48:27 +00:00
ec_test.cc Check EC_POINT/EC_GROUP compatibility more accurately. 2017-10-28 08:02:50 +00:00
ec.c Check EC_POINT/EC_GROUP compatibility more accurately. 2017-10-28 08:02:50 +00:00
internal.h Check EC_POINT/EC_GROUP compatibility more accurately. 2017-10-28 08:02:50 +00:00
oct.c Check EC_POINT/EC_GROUP compatibility more accurately. 2017-10-28 08:02:50 +00:00
p224-64.c Refcount EC_GROUP. 2017-10-27 17:48:27 +00:00
p256-64.c Refcount EC_GROUP. 2017-10-27 17:48:27 +00:00
p256-x86_64_test.cc
p256-x86_64_tests.txt
p256-x86_64-table.h
p256-x86_64.c Refcount EC_GROUP. 2017-10-27 17:48:27 +00:00
p256-x86_64.h
simple.c Check EC_POINT/EC_GROUP compatibility more accurately. 2017-10-28 08:02:50 +00:00
util-64.c
wnaf.c Fold EC_POINT_clear_free into EC_POINT_free. 2017-10-27 17:41:19 +00:00