crypto: Check if crypto_bignum_to_bin() is successful

Return value of crypto_bignum_to_bin() wasn't always checked, resulting
in potential access to uninitialized values. Fix it, as some analyzers
complain about it.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Signed-off-by: Micha Hashkes <micha.hashkes@intel.com>
This commit is contained in:
Micha Hashkes 2022-12-05 15:31:17 +02:00 committed by Jouni Malinen
parent 2749a2c6bf
commit a7f6b85180
5 changed files with 81 additions and 24 deletions

View file

@ -1606,7 +1606,9 @@ static int sae_derive_keys(struct sae_data *sae, const u8 *k)
* (commit-scalar + peer-commit-scalar) mod r part as a bit string by * (commit-scalar + peer-commit-scalar) mod r part as a bit string by
* zero padding it from left to the length of the order (in full * zero padding it from left to the length of the order (in full
* octets). */ * octets). */
crypto_bignum_to_bin(tmp, val, sizeof(val), sae->tmp->order_len); if (crypto_bignum_to_bin(tmp, val, sizeof(val),
sae->tmp->order_len) < 0)
goto fail;
wpa_hexdump(MSG_DEBUG, "SAE: PMKID", val, SAE_PMKID_LEN); wpa_hexdump(MSG_DEBUG, "SAE: PMKID", val, SAE_PMKID_LEN);
#ifdef CONFIG_SAE_PK #ifdef CONFIG_SAE_PK

View file

@ -2449,13 +2449,15 @@ int crypto_ec_point_to_bin(struct crypto_ec *e,
EC_POINT_get_affine_coordinates(e->group, (EC_POINT *) point, EC_POINT_get_affine_coordinates(e->group, (EC_POINT *) point,
x_bn, y_bn, e->bnctx)) { x_bn, y_bn, e->bnctx)) {
if (x) { if (x) {
crypto_bignum_to_bin((struct crypto_bignum *) x_bn, ret = crypto_bignum_to_bin(
x, len, len); (struct crypto_bignum *) x_bn, x, len, len);
} }
if (y) { if (ret >= 0 && y) {
crypto_bignum_to_bin((struct crypto_bignum *) y_bn, ret = crypto_bignum_to_bin(
y, len, len); (struct crypto_bignum *) y_bn, y, len, len);
} }
if (ret > 0)
ret = 0; ret = 0;
} }

View file

@ -356,9 +356,19 @@ int compute_keys(EAP_PWD_group *grp, const struct crypto_bignum *k,
return -1; return -1;
} }
eap_pwd_h_update(hash, (const u8 *) ciphersuite, sizeof(u32)); eap_pwd_h_update(hash, (const u8 *) ciphersuite, sizeof(u32));
crypto_bignum_to_bin(peer_scalar, cruft, order_len, order_len); if (crypto_bignum_to_bin(peer_scalar, cruft, order_len,
order_len) < 0) {
os_free(cruft);
return -1;
}
eap_pwd_h_update(hash, cruft, order_len); eap_pwd_h_update(hash, cruft, order_len);
crypto_bignum_to_bin(server_scalar, cruft, order_len, order_len); if (crypto_bignum_to_bin(server_scalar, cruft, order_len,
order_len) < 0) {
os_free(cruft);
return -1;
}
eap_pwd_h_update(hash, cruft, order_len); eap_pwd_h_update(hash, cruft, order_len);
eap_pwd_h_final(hash, &session_id[1]); eap_pwd_h_final(hash, &session_id[1]);
@ -368,7 +378,12 @@ int compute_keys(EAP_PWD_group *grp, const struct crypto_bignum *k,
os_free(cruft); os_free(cruft);
return -1; return -1;
} }
crypto_bignum_to_bin(k, cruft, prime_len, prime_len);
if (crypto_bignum_to_bin(k, cruft, prime_len, prime_len) < 0) {
os_free(cruft);
return -1;
}
eap_pwd_h_update(hash, cruft, prime_len); eap_pwd_h_update(hash, cruft, prime_len);
os_free(cruft); os_free(cruft);
eap_pwd_h_update(hash, confirm_peer, SHA256_MAC_LEN); eap_pwd_h_update(hash, confirm_peer, SHA256_MAC_LEN);

View file

@ -666,7 +666,10 @@ eap_pwd_perform_commit_exchange(struct eap_sm *sm, struct eap_pwd_data *data,
* sufficiently smaller than the prime or order might need pre-pending * sufficiently smaller than the prime or order might need pre-pending
* with zeros. * with zeros.
*/ */
crypto_bignum_to_bin(data->my_scalar, scalar, order_len, order_len); if (crypto_bignum_to_bin(data->my_scalar, scalar, order_len,
order_len) < 0)
goto fin;
if (crypto_ec_point_to_bin(data->grp->group, data->my_element, element, if (crypto_ec_point_to_bin(data->grp->group, data->my_element, element,
element + prime_len) != 0) { element + prime_len) != 0) {
wpa_printf(MSG_INFO, "EAP-PWD (peer): point assignment fail"); wpa_printf(MSG_INFO, "EAP-PWD (peer): point assignment fail");
@ -742,7 +745,9 @@ eap_pwd_perform_confirm_exchange(struct eap_sm *sm, struct eap_pwd_data *data,
* zero the memory each time because this is mod prime math and some * zero the memory each time because this is mod prime math and some
* value may start with a few zeros and the previous one did not. * value may start with a few zeros and the previous one did not.
*/ */
crypto_bignum_to_bin(data->k, cruft, prime_len, prime_len); if (crypto_bignum_to_bin(data->k, cruft, prime_len, prime_len) < 0)
goto fin;
eap_pwd_h_update(hash, cruft, prime_len); eap_pwd_h_update(hash, cruft, prime_len);
/* server element: x, y */ /* server element: x, y */
@ -755,7 +760,10 @@ eap_pwd_perform_confirm_exchange(struct eap_sm *sm, struct eap_pwd_data *data,
eap_pwd_h_update(hash, cruft, prime_len * 2); eap_pwd_h_update(hash, cruft, prime_len * 2);
/* server scalar */ /* server scalar */
crypto_bignum_to_bin(data->server_scalar, cruft, order_len, order_len); if (crypto_bignum_to_bin(data->server_scalar, cruft, order_len,
order_len) < 0)
goto fin;
eap_pwd_h_update(hash, cruft, order_len); eap_pwd_h_update(hash, cruft, order_len);
/* my element: x, y */ /* my element: x, y */
@ -768,7 +776,10 @@ eap_pwd_perform_confirm_exchange(struct eap_sm *sm, struct eap_pwd_data *data,
eap_pwd_h_update(hash, cruft, prime_len * 2); eap_pwd_h_update(hash, cruft, prime_len * 2);
/* my scalar */ /* my scalar */
crypto_bignum_to_bin(data->my_scalar, cruft, order_len, order_len); if (crypto_bignum_to_bin(data->my_scalar, cruft, order_len,
order_len) < 0)
goto fin;
eap_pwd_h_update(hash, cruft, order_len); eap_pwd_h_update(hash, cruft, order_len);
/* the ciphersuite */ /* the ciphersuite */
@ -796,7 +807,9 @@ eap_pwd_perform_confirm_exchange(struct eap_sm *sm, struct eap_pwd_data *data,
goto fin; goto fin;
/* k */ /* k */
crypto_bignum_to_bin(data->k, cruft, prime_len, prime_len); if (crypto_bignum_to_bin(data->k, cruft, prime_len, prime_len) < 0)
goto fin;
eap_pwd_h_update(hash, cruft, prime_len); eap_pwd_h_update(hash, cruft, prime_len);
/* my element */ /* my element */
@ -809,7 +822,10 @@ eap_pwd_perform_confirm_exchange(struct eap_sm *sm, struct eap_pwd_data *data,
eap_pwd_h_update(hash, cruft, prime_len * 2); eap_pwd_h_update(hash, cruft, prime_len * 2);
/* my scalar */ /* my scalar */
crypto_bignum_to_bin(data->my_scalar, cruft, order_len, order_len); if (crypto_bignum_to_bin(data->my_scalar, cruft, order_len,
order_len) < 0)
goto fin;
eap_pwd_h_update(hash, cruft, order_len); eap_pwd_h_update(hash, cruft, order_len);
/* server element: x, y */ /* server element: x, y */
@ -822,7 +838,10 @@ eap_pwd_perform_confirm_exchange(struct eap_sm *sm, struct eap_pwd_data *data,
eap_pwd_h_update(hash, cruft, prime_len * 2); eap_pwd_h_update(hash, cruft, prime_len * 2);
/* server scalar */ /* server scalar */
crypto_bignum_to_bin(data->server_scalar, cruft, order_len, order_len); if (crypto_bignum_to_bin(data->server_scalar, cruft, order_len,
order_len) < 0)
goto fin;
eap_pwd_h_update(hash, cruft, order_len); eap_pwd_h_update(hash, cruft, order_len);
/* the ciphersuite */ /* the ciphersuite */

View file

@ -293,7 +293,10 @@ static void eap_pwd_build_commit_req(struct eap_sm *sm,
/* We send the element as (x,y) followed by the scalar */ /* We send the element as (x,y) followed by the scalar */
element = wpabuf_put(data->outbuf, 2 * prime_len); element = wpabuf_put(data->outbuf, 2 * prime_len);
scalar = wpabuf_put(data->outbuf, order_len); scalar = wpabuf_put(data->outbuf, order_len);
crypto_bignum_to_bin(data->my_scalar, scalar, order_len, order_len); if (crypto_bignum_to_bin(data->my_scalar, scalar, order_len,
order_len) < 0)
goto fin;
if (crypto_ec_point_to_bin(data->grp->group, data->my_element, element, if (crypto_ec_point_to_bin(data->grp->group, data->my_element, element,
element + prime_len) < 0) { element + prime_len) < 0) {
wpa_printf(MSG_INFO, "EAP-PWD (server): point assignment " wpa_printf(MSG_INFO, "EAP-PWD (server): point assignment "
@ -349,7 +352,9 @@ static void eap_pwd_build_confirm_req(struct eap_sm *sm,
* *
* First is k * First is k
*/ */
crypto_bignum_to_bin(data->k, cruft, prime_len, prime_len); if (crypto_bignum_to_bin(data->k, cruft, prime_len, prime_len) < 0)
goto fin;
eap_pwd_h_update(hash, cruft, prime_len); eap_pwd_h_update(hash, cruft, prime_len);
/* server element: x, y */ /* server element: x, y */
@ -362,7 +367,10 @@ static void eap_pwd_build_confirm_req(struct eap_sm *sm,
eap_pwd_h_update(hash, cruft, prime_len * 2); eap_pwd_h_update(hash, cruft, prime_len * 2);
/* server scalar */ /* server scalar */
crypto_bignum_to_bin(data->my_scalar, cruft, order_len, order_len); if (crypto_bignum_to_bin(data->my_scalar, cruft, order_len,
order_len) < 0)
goto fin;
eap_pwd_h_update(hash, cruft, order_len); eap_pwd_h_update(hash, cruft, order_len);
/* peer element: x, y */ /* peer element: x, y */
@ -375,7 +383,10 @@ static void eap_pwd_build_confirm_req(struct eap_sm *sm,
eap_pwd_h_update(hash, cruft, prime_len * 2); eap_pwd_h_update(hash, cruft, prime_len * 2);
/* peer scalar */ /* peer scalar */
crypto_bignum_to_bin(data->peer_scalar, cruft, order_len, order_len); if (crypto_bignum_to_bin(data->peer_scalar, cruft, order_len,
order_len) < 0)
goto fin;
eap_pwd_h_update(hash, cruft, order_len); eap_pwd_h_update(hash, cruft, order_len);
/* ciphersuite */ /* ciphersuite */
@ -785,7 +796,9 @@ eap_pwd_process_confirm_resp(struct eap_sm *sm, struct eap_pwd_data *data,
goto fin; goto fin;
/* k */ /* k */
crypto_bignum_to_bin(data->k, cruft, prime_len, prime_len); if (crypto_bignum_to_bin(data->k, cruft, prime_len, prime_len) < 0)
goto fin;
eap_pwd_h_update(hash, cruft, prime_len); eap_pwd_h_update(hash, cruft, prime_len);
/* peer element: x, y */ /* peer element: x, y */
@ -798,7 +811,10 @@ eap_pwd_process_confirm_resp(struct eap_sm *sm, struct eap_pwd_data *data,
eap_pwd_h_update(hash, cruft, prime_len * 2); eap_pwd_h_update(hash, cruft, prime_len * 2);
/* peer scalar */ /* peer scalar */
crypto_bignum_to_bin(data->peer_scalar, cruft, order_len, order_len); if (crypto_bignum_to_bin(data->peer_scalar, cruft, order_len,
order_len) < 0)
goto fin;
eap_pwd_h_update(hash, cruft, order_len); eap_pwd_h_update(hash, cruft, order_len);
/* server element: x, y */ /* server element: x, y */
@ -811,7 +827,10 @@ eap_pwd_process_confirm_resp(struct eap_sm *sm, struct eap_pwd_data *data,
eap_pwd_h_update(hash, cruft, prime_len * 2); eap_pwd_h_update(hash, cruft, prime_len * 2);
/* server scalar */ /* server scalar */
crypto_bignum_to_bin(data->my_scalar, cruft, order_len, order_len); if (crypto_bignum_to_bin(data->my_scalar, cruft, order_len,
order_len) < 0)
goto fin;
eap_pwd_h_update(hash, cruft, order_len); eap_pwd_h_update(hash, cruft, order_len);
/* ciphersuite */ /* ciphersuite */