crypto: Check if crypto_bignum_to_bin() is successful

Return value of crypto_bignum_to_bin() wasn't always checked, resulting in potential access to uninitialized values. Fix it, as some analyzers complain about it. Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com> Signed-off-by: Micha Hashkes <micha.hashkes@intel.com>
2022-12-05 15:31:17 +02:00 · 2022-12-05 15:31:17 +02:00 · a7f6b85180
commit a7f6b85180
parent 2749a2c6bf
5 changed files with 81 additions and 24 deletions
--- a/src/eap_common/eap_pwd_common.c
+++ b/src/eap_common/eap_pwd_common.c
@ -356,9 +356,19 @@ int compute_keys(EAP_PWD_group *grp, const struct crypto_bignum *k,
 		return -1;
 	}
 	eap_pwd_h_update(hash, (const u8 *) ciphersuite, sizeof(u32));
-	crypto_bignum_to_bin(peer_scalar, cruft, order_len, order_len);
+	if (crypto_bignum_to_bin(peer_scalar, cruft, order_len,
+				 order_len) < 0) {
+		os_free(cruft);
+		return -1;
+	}
+
 	eap_pwd_h_update(hash, cruft, order_len);
-	crypto_bignum_to_bin(server_scalar, cruft, order_len, order_len);
+	if (crypto_bignum_to_bin(server_scalar, cruft, order_len,
+				 order_len) < 0) {
+		os_free(cruft);
+		return -1;
+	}
+
 	eap_pwd_h_update(hash, cruft, order_len);
 	eap_pwd_h_final(hash, &session_id[1]);

@ -368,7 +378,12 @@ int compute_keys(EAP_PWD_group *grp, const struct crypto_bignum *k,
 		os_free(cruft);
 		return -1;
 	}
-	crypto_bignum_to_bin(k, cruft, prime_len, prime_len);
+
+	if (crypto_bignum_to_bin(k, cruft, prime_len, prime_len) < 0) {
+		os_free(cruft);
+		return -1;
+	}
+
 	eap_pwd_h_update(hash, cruft, prime_len);
 	os_free(cruft);
 	eap_pwd_h_update(hash, confirm_peer, SHA256_MAC_LEN);