SOFT: Check the EC Key on C_CreateObject and C_DeriveKey

When constructing an OpenSSL EC public or private key from PKCS#11 attributes or ECDH public data, check that the key is valid, i.e. that the point is on the curve. This prevents one from creating an EC key object via C_CreateObject with invalid key data. It also prevents C_DeriveKey to derive a secret using ECDH with an EC public key (public data) that uses a different curve or is invalid by other means. Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
opencryptoki · May 11, 2021 · 4e3b43c · 4e3b43c
1 parent 7b7d83c
commit 4e3b43c
Showing 1 changed file with 12 additions and 0 deletions.
diff --git a/usr/lib/soft_stdll/soft_specific.c b/usr/lib/soft_stdll/soft_specific.c
@@ -4365,6 +4365,12 @@ static CK_RV fill_ec_key_from_pubkey(EC_KEY *ec_key, const CK_BYTE *data,
         goto out;
     }
 
+    if (!EC_KEY_check_key(ec_key)) {
+        TRACE_ERROR("EC_KEY_check_key failed\n");
+        rc = CKR_PUBLIC_KEY_INVALID;
+        goto out;
+    }
+
 out:
     if (allocated && ecpoint != NULL)
         free(ecpoint);
@@ -4404,6 +4410,12 @@ static CK_RV fill_ec_key_from_privkey(EC_KEY *ec_key, const CK_BYTE *data,
         goto out;
     }
 
+    if (!EC_KEY_check_key(ec_key)) {
+        TRACE_ERROR("EC_KEY_check_key failed\n");
+        rc = CKR_FUNCTION_FAILED;
+        goto out;
+    }
+
 out:
     if (point != NULL)
         EC_POINT_free(point);