diff options
| author | David Benjamin <davidben@davidben.net> | 2018-05-14 22:49:24 -0400 |
|---|---|---|
| committer | Paul Kehrer <paul.l.kehrer@gmail.com> | 2018-05-14 22:49:24 -0400 |
| commit | 763990efa6c158d8a4dec8d71693665d026588a2 (patch) | |
| tree | 403920e5daa441ca7e089ab26f54109447a4608d /src/_cffi_src | |
| parent | 10cabad73b4e0cc15463e43f9a94855c4db7f032 (diff) | |
| download | cryptography-763990efa6c158d8a4dec8d71693665d026588a2.tar.gz cryptography-763990efa6c158d8a4dec8d71693665d026588a2.tar.bz2 cryptography-763990efa6c158d8a4dec8d71693665d026588a2.zip | |
Validate the public/private halves of EC keys on import. (#4241)
* Validate the public/private halves of EC keys on import.
OpenSSL's API is a little finicky. If one sets the public key before the
private key, it does not validate that they match. If set in the other
order, it does validate this.
In particular, KASValidityTest_ECCStaticUnified_NOKC_ZZOnly_init.fax
describes error code 7 as:
Result = F (7 - IUT's Static private key d changed-prikey validity)
Reordering the two operations makes those tests to fail on key import,
which is what CAVP appears to have intended.
* Wrap to 79 rather than 80 columns
Diffstat (limited to 'src/_cffi_src')
0 files changed, 0 insertions, 0 deletions