From eb5e0ae4c3f97925ba9787fa1b6a30b7b68b5056 Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Wed, 28 Oct 2015 23:18:43 -0400 Subject: Error cleanly if the public and private keys to an ECDH key exchange are on different curves --- src/cryptography/hazmat/backends/openssl/ec.py | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'src') diff --git a/src/cryptography/hazmat/backends/openssl/ec.py b/src/cryptography/hazmat/backends/openssl/ec.py index cfd559ae..16df37af 100644 --- a/src/cryptography/hazmat/backends/openssl/ec.py +++ b/src/cryptography/hazmat/backends/openssl/ec.py @@ -182,6 +182,11 @@ class _EllipticCurvePrivateKey(object): _Reasons.UNSUPPORTED_EXCHANGE_ALGORITHM ) + if type(peer_public_key.curve) is not type(self.curve): + raise ValueError( + "peer_public_key and self are not on the same curve" + ) + group = self._backend._lib.EC_KEY_get0_group(self._ec_key) z_len = (self._backend._lib.EC_GROUP_get_degree(group) + 7) // 8 self._backend.openssl_assert(z_len > 0) -- cgit v1.2.3 From e24534590de84ce9e4ae21f73eefec94396f0da4 Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Thu, 29 Oct 2015 01:00:37 -0400 Subject: please flake8 --- src/cryptography/hazmat/backends/openssl/ec.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src') diff --git a/src/cryptography/hazmat/backends/openssl/ec.py b/src/cryptography/hazmat/backends/openssl/ec.py index 16df37af..aa4a7a35 100644 --- a/src/cryptography/hazmat/backends/openssl/ec.py +++ b/src/cryptography/hazmat/backends/openssl/ec.py @@ -182,7 +182,7 @@ class _EllipticCurvePrivateKey(object): _Reasons.UNSUPPORTED_EXCHANGE_ALGORITHM ) - if type(peer_public_key.curve) is not type(self.curve): + if peer_public_key.curve.name != self.curve.name: raise ValueError( "peer_public_key and self are not on the same curve" ) -- cgit v1.2.3