From: Tobias Brunner <tobias@strongswan.org>
Date: Tue, 19 Nov 2013 14:00:28 +0000 (+0100)
Subject: openssl: Verify that a peer's ECDH public value is a point on the elliptic curve
X-Git-Tag: 5.1.2dr1~27
X-Git-Url: http://git.ipfire.org/gitweb/gitweb.cgi?a=commitdiff_plain;h=3bff80aee3d7d9198a889ab0f7b7caf15791ca21;p=thirdparty%2Fstrongswan.git

openssl: Verify that a peer's ECDH public value is a point on the elliptic curve

This check is mandated by RFC 6989.  Since we don't reuse DH secrets,
it is mostly a sanity check.
---

diff --git a/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c b/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c
index c43fe455a8..835ed586e7 100644
--- a/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c
+++ b/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c
@@ -102,6 +102,11 @@ static bool chunk2ecp(const EC_GROUP *group, chunk_t chunk, EC_POINT *point)
 		goto error;
 	}
 
+	if (!EC_POINT_is_on_curve(group, point, ctx))
+	{
+		goto error;
+	}
+
 	ret = TRUE;
 error:
 	BN_CTX_end(ctx);