openssl: Verify that a peer's ECDH public value is a point on the elliptic curve
[strongswan.git] / src / libstrongswan / plugins / openssl / openssl_ec_diffie_hellman.c
index c43fe45..835ed58 100644 (file)
@@ -102,6 +102,11 @@ static bool chunk2ecp(const EC_GROUP *group, chunk_t chunk, EC_POINT *point)
                goto error;
        }
 
                goto error;
        }
 
+       if (!EC_POINT_is_on_curve(group, point, ctx))
+       {
+               goto error;
+       }
+
        ret = TRUE;
 error:
        BN_CTX_end(ctx);
        ret = TRUE;
 error:
        BN_CTX_end(ctx);