When constructing an OpenSSL EC public or private key from PKCS#11 attributes or ECDH public data, check that the key is valid, i.e. that the point is on the curve. This prevents one from creating an EC key object via C_CreateObject with invalid key data. It also prevents C_DeriveKey to derive a secret using ECDH with an EC public key (public data) that uses a different curve or is invalid by other means.
The problem is fixed in opencryptoki-3.16.0-2
sudo dnf upgrade --advisory=FEDORA-2021-33f8ebd09c
Please login to add feedback.