Issue
From 56Arev3 the owner needs to gain assurance of the public key validity as mentioned in :
5.6.2.1 Assurances Required by the Key Pair Owner
Prior to the use of a static or ephemeral key pair in a key-establishment transaction, the keypair owner shall confirm the validity of the key pair by obtaining the following assurances:
...
Assurance of public-key validity – assurance that the public key has the correct
representation for a non-identity element of the correct cryptographic subgroup, as uniquely determined by the domain parameters (see Section 5.6.2.1.3 for the methods for obtaining this assurance).
This was further refined in a recent RFG by the CMVP stating that the ECDH key generation service shall include a call to the public key validation.
This is compliant for DH but not for ECDH where ec_generate_key() does not call ossl_ec_key_public_check().
A possible solution would be to add something like this similar to what was already done for DH in crypto/dh/dh_key.c:
#ifdef FIPS_MODULE
if (DH_check_pub_key(dh, pub_key, &validate) <= 0) {
ERR_raise(ERR_LIB_DH, DH_R_CHECK_PUBKEY_INVALID);
goto err;
}
#endif
Something like this in ec_generate_key() :
#ifdef FIPS_MODULE
if (ossl_ec_key_public_check(eckey, ctx) <= 0) {
ERR_raise(ERR_LIB_EC, EC_R_INVALID_KEY);
goto err;
}
#endif
