From 0cb445a4725a69a245a60569dd67e6d960d808ed Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Mon, 12 Apr 2010 12:25:21 +0300 Subject: [PATCH] Fix internal DH implementation not to pad shared key The returned buffer length was hardcoded to be the prime length which resulted in shorter results being padded in the end. However, the results from DH code are supposed to be unpadded (and when used with WPS, the padding is done in WPS code and it is added to the beginning of the buffer). This fixes WPS key derivation errors in about 1/256 of runs ("WPS: Incorrect Authenticator") when using the internal crypto code. --- src/crypto/dh_groups.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/crypto/dh_groups.c b/src/crypto/dh_groups.c index 5f6008a6e..7bd2fb7b4 100644 --- a/src/crypto/dh_groups.c +++ b/src/crypto/dh_groups.c @@ -619,11 +619,12 @@ struct wpabuf * dh_derive_shared(const struct wpabuf *peer_public, if (crypto_mod_exp(wpabuf_head(peer_public), wpabuf_len(peer_public), wpabuf_head(own_private), wpabuf_len(own_private), dh->prime, dh->prime_len, - wpabuf_put(shared, shared_len), &shared_len) < 0) { + wpabuf_mhead(shared), &shared_len) < 0) { wpabuf_free(shared); wpa_printf(MSG_INFO, "DH: crypto_mod_exp failed"); return NULL; } + wpabuf_put(shared, shared_len); wpa_hexdump_buf_key(MSG_DEBUG, "DH: shared key", shared); return shared;