diff options
| author | Jouni Malinen <jouni.malinen@atheros.com> | 2010-04-12 12:25:21 +0300 |
|---|---|---|
| committer | Jouni Malinen <j@w1.fi> | 2010-04-12 12:25:21 +0300 |
| commit | 0cb445a4725a69a245a60569dd67e6d960d808ed (patch) | |
| tree | bd2263309e05c4fc8d55172185c602475dfe3d60 /src/crypto | |
| parent | 20e26395c81c24a622481467f28e39b137dcd798 (diff) | |
| download | external_wpa_supplicant_8_ti-0cb445a4725a69a245a60569dd67e6d960d808ed.zip external_wpa_supplicant_8_ti-0cb445a4725a69a245a60569dd67e6d960d808ed.tar.gz external_wpa_supplicant_8_ti-0cb445a4725a69a245a60569dd67e6d960d808ed.tar.bz2 | |
Fix internal DH implementation not to pad shared key
The returned buffer length was hardcoded to be the prime length
which resulted in shorter results being padded in the end. However,
the results from DH code are supposed to be unpadded (and when used
with WPS, the padding is done in WPS code and it is added to the
beginning of the buffer). This fixes WPS key derivation errors
in about 1/256 of runs ("WPS: Incorrect Authenticator") when using
the internal crypto code.
Diffstat (limited to 'src/crypto')
| -rw-r--r-- | src/crypto/dh_groups.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/src/crypto/dh_groups.c b/src/crypto/dh_groups.c index 5f6008a..7bd2fb7 100644 --- a/src/crypto/dh_groups.c +++ b/src/crypto/dh_groups.c @@ -619,11 +619,12 @@ struct wpabuf * dh_derive_shared(const struct wpabuf *peer_public, if (crypto_mod_exp(wpabuf_head(peer_public), wpabuf_len(peer_public), wpabuf_head(own_private), wpabuf_len(own_private), dh->prime, dh->prime_len, - wpabuf_put(shared, shared_len), &shared_len) < 0) { + wpabuf_mhead(shared), &shared_len) < 0) { wpabuf_free(shared); wpa_printf(MSG_INFO, "DH: crypto_mod_exp failed"); return NULL; } + wpabuf_put(shared, shared_len); wpa_hexdump_buf_key(MSG_DEBUG, "DH: shared key", shared); return shared; |