From f017b749ea9f1586d2308504553d40bf4cc5439d Mon Sep 17 00:00:00 2001
From: wolfbeast <mcwerewolf@gmail.com>
Date: Tue, 6 Feb 2018 11:46:26 +0100
Subject: Update NSS to 3.32.1-RTM

---
 security/nss/lib/freebl/ec.c | 20 +++++++++++++++-----
 1 file changed, 15 insertions(+), 5 deletions(-)

(limited to 'security/nss/lib/freebl/ec.c')

diff --git a/security/nss/lib/freebl/ec.c b/security/nss/lib/freebl/ec.c
index 12bfeed41..669c9b147 100644
--- a/security/nss/lib/freebl/ec.c
+++ b/security/nss/lib/freebl/ec.c
@@ -565,6 +565,15 @@ ECDH_Derive(SECItem *publicValue,
         return SECFailure;
     }
 
+    /*
+     * Make sure the point is on the requested curve to avoid
+     * certain small subgroup attacks.
+     */
+    if (EC_ValidatePublicKey(ecParams, publicValue) != SECSuccess) {
+        PORT_SetError(SEC_ERROR_BAD_KEY);
+        return SECFailure;
+    }
+
     /* Perform curve specific multiplication using ECMethod */
     if (ecParams->fieldID.type == ec_field_plain) {
         const ECMethod *method;
@@ -580,10 +589,6 @@ ECDH_Derive(SECItem *publicValue,
             PORT_SetError(SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE);
             return SECFailure;
         }
-        if (method->validate(publicValue) != SECSuccess) {
-            PORT_SetError(SEC_ERROR_BAD_KEY);
-            return SECFailure;
-        }
         return method->mul(derivedSecret, privateValue, publicValue);
     }
 
@@ -1001,9 +1006,14 @@ ECDSA_VerifyDigest(ECPublicKey *key, const SECItem *signature,
     }
     slen = signature->len / 2;
 
+    /*
+     * The incoming point has been verified in sftk_handlePublicKeyObject.
+     */
+
     SECITEM_AllocItem(NULL, &pointC, EC_GetPointSize(ecParams));
-    if (pointC.data == NULL)
+    if (pointC.data == NULL) {
         goto cleanup;
+    }
 
     CHECK_MPI_OK(mp_init(&r_));
     CHECK_MPI_OK(mp_init(&s_));
-- 
cgit v1.2.3