From f8ab8fc91b37a9c52cff3934c6711f5df01bf32c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Henrik=20Grubbstr=C3=B6m=20=28Grubba=29?=
 <grubba@grubba.org>
Date: Sat, 15 Nov 2014 11:50:42 +0100
Subject: [PATCH] SSL.Cipher [ecdh]: Added note about point validation.

There are attacks against ECDH/ECDHE that are based on providing
points that aren't on the negotiated curve, so add an explicit
note that the received points are validated in point_mul().
---
 lib/modules/SSL.pmod/Cipher.pmod | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/lib/modules/SSL.pmod/Cipher.pmod b/lib/modules/SSL.pmod/Cipher.pmod
index a47e0b1016..04768a1518 100644
--- a/lib/modules/SSL.pmod/Cipher.pmod
+++ b/lib/modules/SSL.pmod/Cipher.pmod
@@ -897,6 +897,8 @@ class KeyExchangeECDH
 	connection->ke = UNDEFINED;
 	error("Invalid size in point format.\n");
       }
+      // NB: No need to validate that the point is valid for the curve here.
+      //     The check will be done when the point is used in point_mul().
       [x, y] = map(rest/(sizeof(rest)/2), Gmp.mpz, 256);
       break;
     default:
-- 
GitLab