diff options
Diffstat (limited to 'freebsd/contrib/wpa/src/crypto/crypto_openssl.c')
-rw-r--r-- | freebsd/contrib/wpa/src/crypto/crypto_openssl.c | 37 |
1 files changed, 24 insertions, 13 deletions
diff --git a/freebsd/contrib/wpa/src/crypto/crypto_openssl.c b/freebsd/contrib/wpa/src/crypto/crypto_openssl.c index 5b4c41a9..d8014022 100644 --- a/freebsd/contrib/wpa/src/crypto/crypto_openssl.c +++ b/freebsd/contrib/wpa/src/crypto/crypto_openssl.c @@ -572,8 +572,8 @@ int crypto_dh_derive_secret(u8 generator, const u8 *prime, size_t prime_len, failed = !q || !ctx || !tmp || !BN_mod_exp(tmp, pub, q, p, ctx) || !BN_is_one(tmp); - BN_clear(q); - BN_clear(tmp); + BN_clear_free(q); + BN_clear_free(tmp); BN_CTX_free(ctx); if (failed) goto fail; @@ -582,8 +582,8 @@ int crypto_dh_derive_secret(u8 generator, const u8 *prime, size_t prime_len, res = crypto_mod_exp(pubkey, pubkey_len, privkey, privkey_len, prime, prime_len, secret, len); fail: - BN_clear(pub); - BN_clear(p); + BN_clear_free(pub); + BN_clear_free(p); return res; } @@ -1305,6 +1305,18 @@ int crypto_bignum_to_bin(const struct crypto_bignum *a, if (padlen > buflen) return -1; + if (padlen) { +#ifdef OPENSSL_IS_BORINGSSL + if (BN_bn2bin_padded(buf, padlen, (const BIGNUM *) a) == 0) + return -1; + return padlen; +#else /* OPENSSL_IS_BORINGSSL */ +#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) + return BN_bn2binpad((const BIGNUM *) a, buf, padlen); +#endif +#endif + } + num_bytes = BN_num_bytes((const BIGNUM *) a); if ((size_t) num_bytes > buflen) return -1; @@ -1478,12 +1490,6 @@ int crypto_bignum_cmp(const struct crypto_bignum *a, } -int crypto_bignum_bits(const struct crypto_bignum *a) -{ - return BN_num_bits((const BIGNUM *) a); -} - - int crypto_bignum_is_zero(const struct crypto_bignum *a) { return BN_is_zero((const BIGNUM *) a); @@ -1872,7 +1878,7 @@ struct crypto_ecdh * crypto_ecdh_init(int group) { struct crypto_ecdh *ecdh; EVP_PKEY *params = NULL; - EC_KEY *ec_params; + EC_KEY *ec_params = NULL; EVP_PKEY_CTX *kctx = NULL; ecdh = os_zalloc(sizeof(*ecdh)); @@ -1915,6 +1921,7 @@ struct crypto_ecdh * crypto_ecdh_init(int group) } done: + EC_KEY_free(ec_params); EVP_PKEY_free(params); EVP_PKEY_CTX_free(kctx); @@ -2054,13 +2061,17 @@ struct wpabuf * crypto_ecdh_set_peerkey(struct crypto_ecdh *ecdh, int inc_y, secret = wpabuf_alloc(secret_len); if (!secret) goto fail; - if (EVP_PKEY_derive(ctx, wpabuf_put(secret, secret_len), - &secret_len) != 1) { + if (EVP_PKEY_derive(ctx, wpabuf_put(secret, 0), &secret_len) != 1) { wpa_printf(MSG_ERROR, "OpenSSL: EVP_PKEY_derive(2) failed: %s", ERR_error_string(ERR_get_error(), NULL)); goto fail; } + if (secret->size != secret_len) + wpa_printf(MSG_DEBUG, + "OpenSSL: EVP_PKEY_derive(2) changed secret_len %d -> %d", + (int) secret->size, (int) secret_len); + wpabuf_put(secret, secret_len); done: BN_free(x); |