Elliptic curve arithmetic only makes sense between points that belong to

Elliptic curve arithmetic only makes sense between points that belong to
the same curve. Some Wycheproof tests violate this assumption, making
ECDH_compute_key() compute and return garbage. Check that pub_key lies
on the curve of the private key so that the calculations make sense.
Most paths that get here have this checked (in particular those from
OpenSSH and libssl), but one might get here after using d2i_* or manual
computation.

discussed with & ok jsing;
"good catch!" markus