path: root/src/eap_common
diff options
authorJouni Malinen <jouni@codeaurora.org>2019-03-05 15:05:03 (GMT)
committerJouni Malinen <j@w1.fi>2019-03-05 15:05:03 (GMT)
commitb11fa98bcb8ae5ab6b9d3ea40015b35817ec31c0 (patch)
treed6353c700ce569db0a9bd886c2a39fce827f530c /src/eap_common
parent4a9531a7559a8f6f5492aed040fcee34e8ec7eb1 (diff)
Add explicit checks for peer's DH public key
Pass the group order (if known/specified) to crypto_dh_derive_secret() (and also to OpenSSL DH_generate_key() in case of Group 5) and verify that the public key received from the peer meets 1 < pubkey < p and pubkey^q == 1 mod p conditions. While all these use cases were using only ephemeral DH keys, it is better to use more explicit checks while deriving the shared secret to avoid unexpected behavior. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Diffstat (limited to 'src/eap_common')
1 files changed, 1 insertions, 1 deletions
diff --git a/src/eap_common/eap_eke_common.c b/src/eap_common/eap_eke_common.c
index bfe8811..438baf1 100644
--- a/src/eap_common/eap_eke_common.c
+++ b/src/eap_common/eap_eke_common.c
@@ -399,7 +399,7 @@ int eap_eke_shared_secret(struct eap_eke_session *sess, const u8 *key,
/* SharedSecret = prf(0+, g ^ (x_s * x_p) (mod p)) */
len = dh->prime_len;
if (crypto_dh_derive_secret(*dh->generator, dh->prime, dh->prime_len,
- dhpriv, dh->prime_len, peer_pub,
+ NULL, 0, dhpriv, dh->prime_len, peer_pub,
dh->prime_len, modexp, &len) < 0)
return -1;
if (len < dh->prime_len) {