openssl: Verify that a peer's ECDH public value is a point on the elliptic curve
authorTobias Brunner <tobias@strongswan.org>
Tue, 19 Nov 2013 14:00:28 +0000 (15:00 +0100)
committerTobias Brunner <tobias@strongswan.org>
Tue, 19 Nov 2013 14:00:28 +0000 (15:00 +0100)
This check is mandated by RFC 6989.  Since we don't reuse DH secrets,
it is mostly a sanity check.

src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c

index c43fe45..835ed58 100644 (file)
@@ -102,6 +102,11 @@ static bool chunk2ecp(const EC_GROUP *group, chunk_t chunk, EC_POINT *point)
                goto error;
        }
 
+       if (!EC_POINT_is_on_curve(group, point, ctx))
+       {
+               goto error;
+       }
+
        ret = TRUE;
 error:
        BN_CTX_end(ctx);