]> git.ipfire.org Git - thirdparty/hostap.git/commit
projects / thirdparty / hostap.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 8ad8585) | patch
EAP-pwd: Check element x,y coordinates explicitly
authorJouni Malinen <jouni@codeaurora.org>
Thu, 4 Apr 2019 23:12:50 +0000 (02:12 +0300)
committerJouni Malinen <j@w1.fi>
Tue, 9 Apr 2019 14:11:15 +0000 (17:11 +0300)
commit16d4f1069118aa19bfce013493e1ac5783f92f1d
tree9a502d5fa2868e6d59c4c6c556c1825d505ad087tree
parent8ad8585f91823ddcc3728155e288e0f9f872e31acommit | diff
EAP-pwd: Check element x,y coordinates explicitly

This adds an explicit check for 0 < x,y < prime based on RFC 5931,
2.8.5.2.2 requirement. The earlier checks might have covered this
implicitly, but it is safer to avoid any dependency on implicit checks
and specific crypto library behavior. (CVE-2019-9498 and CVE-2019-9499)

Furthermore, this moves the EAP-pwd element and scalar parsing and
validation steps into shared helper functions so that there is no need
to maintain two separate copies of this common functionality between the
server and peer implementations.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
src/eap_common/eap_pwd_common.c diff | blob | blame | history
src/eap_common/eap_pwd_common.h diff | blob | blame | history
src/eap_peer/eap_pwd.c diff | blob | blame | history
src/eap_server/eap_server_pwd.c diff | blob | blame | history
Unnamed repository; edit this file 'description' to name the repository.