From: Jouni Malinen <jouni@qca.qualcomm.com>
Date: Mon, 9 Oct 2017 21:42:34 +0000 (+0300)
Subject: DPP: Verify that PKEX Qi is not the point-at-infinity
X-Git-Tag: hostap_2_7~1059
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=657317179201c674afd12fc4533276c0830ea8e7;p=thirdparty%2Fhostap.git

DPP: Verify that PKEX Qi is not the point-at-infinity

This was added as an explicit requirement in DPP tech spec v0.2.3.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
---

diff --git a/src/common/dpp.c b/src/common/dpp.c
index 33db67658..633c0b7fb 100644
--- a/src/common/dpp.c
+++ b/src/common/dpp.c
@@ -4851,6 +4851,10 @@ static EC_POINT * dpp_pkex_derive_Qi(const struct dpp_curve_params *curve,
 	if (!hash_bn ||
 	    EC_POINT_mul(group2, Qi, NULL, Pi_point, hash_bn, bnctx) != 1)
 		goto fail;
+	if (EC_POINT_is_at_infinity(group, Qi)) {
+		wpa_printf(MSG_INFO, "PDP: Qi is the point-at-infinity");
+		goto fail;
+	}
 out:
 	EC_KEY_free(Pi_ec);
 	EVP_PKEY_free(Pi);