Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
SOFT: Check the EC Key on C_CreateObject and C_DeriveKey
When constructing an OpenSSL EC public or private key from PKCS#11 attributes or ECDH public data, check that the key is valid, i.e. that the point is on the curve. This prevents one from creating an EC key object via C_CreateObject with invalid key data. It also prevents C_DeriveKey to derive a secret using ECDH with an EC public key (public data) that uses a different curve or is invalid by other means. Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
- Loading branch information