OpenSSL: Handle EVP_PKEY_derive() secret_len changes for ECDH
It looks like EVP_PKEY_derive() may change the returned length of the buffer from the initial length determination (NULL buffer) to the fetching of the value. Handle this by updating the secret length based on the second call instead of the first one. This fixes some cases where ECDH result has been used with extra data (zeros in the end) with OWE or FILS PFS. Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen
parent
29ef1c5ee4
commit
d001fe31ab
1 changed files with 6 additions and 2 deletions
|
|
@ -2059,13 +2059,17 @@ struct wpabuf * crypto_ecdh_set_peerkey(struct crypto_ecdh *ecdh, int inc_y,
|
||||||
secret = wpabuf_alloc(secret_len);
|
secret = wpabuf_alloc(secret_len);
|
||||||
if (!secret)
|
if (!secret)
|
||||||
goto fail;
|
goto fail;
|
||||||
if (EVP_PKEY_derive(ctx, wpabuf_put(secret, secret_len),
|
if (EVP_PKEY_derive(ctx, wpabuf_put(secret, 0), &secret_len) != 1) {
|
||||||
&secret_len) != 1) {
|
|
||||||
wpa_printf(MSG_ERROR,
|
wpa_printf(MSG_ERROR,
|
||||||
"OpenSSL: EVP_PKEY_derive(2) failed: %s",
|
"OpenSSL: EVP_PKEY_derive(2) failed: %s",
|
||||||
ERR_error_string(ERR_get_error(), NULL));
|
ERR_error_string(ERR_get_error(), NULL));
|
||||||
goto fail;
|
goto fail;
|
||||||
}
|
}
|
||||||
|
if (secret->size != secret_len)
|
||||||
|
wpa_printf(MSG_DEBUG,
|
||||||
|
"OpenSSL: EVP_PKEY_derive(2) changed secret_len %d -> %d",
|
||||||
|
(int) secret->size, (int) secret_len);
|
||||||
|
wpabuf_put(secret, secret_len);
|
||||||
|
|
||||||
done:
|
done:
|
||||||
BN_free(x);
|
BN_free(x);
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue