From f8ab8fc91b37a9c52cff3934c6711f5df01bf32c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Henrik=20Grubbstr=C3=B6m=20=28Grubba=29?= <grubba@grubba.org> Date: Sat, 15 Nov 2014 11:50:42 +0100 Subject: [PATCH] SSL.Cipher [ecdh]: Added note about point validation. There are attacks against ECDH/ECDHE that are based on providing points that aren't on the negotiated curve, so add an explicit note that the received points are validated in point_mul(). --- lib/modules/SSL.pmod/Cipher.pmod | 2 ++ 1 file changed, 2 insertions(+) diff --git a/lib/modules/SSL.pmod/Cipher.pmod b/lib/modules/SSL.pmod/Cipher.pmod index a47e0b1016..04768a1518 100644 --- a/lib/modules/SSL.pmod/Cipher.pmod +++ b/lib/modules/SSL.pmod/Cipher.pmod @@ -897,6 +897,8 @@ class KeyExchangeECDH connection->ke = UNDEFINED; error("Invalid size in point format.\n"); } + // NB: No need to validate that the point is valid for the curve here. + // The check will be done when the point is used in point_mul(). [x, y] = map(rest/(sizeof(rest)/2), Gmp.mpz, 256); break; default: -- GitLab