]> git.ipfire.org Git - thirdparty/hostap.git/commit
projects / thirdparty / hostap.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 4a9531a) | patch
Add explicit checks for peer's DH public key
authorJouni Malinen <jouni@codeaurora.org>
Tue, 5 Mar 2019 15:05:03 +0000 (17:05 +0200)
committerJouni Malinen <j@w1.fi>
Tue, 5 Mar 2019 15:05:03 +0000 (17:05 +0200)
commitb11fa98bcb8ae5ab6b9d3ea40015b35817ec31c0
treed6353c700ce569db0a9bd886c2a39fce827f530ctree | snapshot
parent4a9531a7559a8f6f5492aed040fcee34e8ec7eb1commit | diff
Add explicit checks for peer's DH public key

Pass the group order (if known/specified) to crypto_dh_derive_secret()
(and also to OpenSSL DH_generate_key() in case of Group 5) and verify
that the public key received from the peer meets 1 < pubkey < p and
pubkey^q == 1 mod p conditions.

While all these use cases were using only ephemeral DH keys, it is
better to use more explicit checks while deriving the shared secret to
avoid unexpected behavior.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
src/crypto/crypto.h diff | blob | blame | history
src/crypto/crypto_gnutls.c diff | blob | blame | history
src/crypto/crypto_internal-modexp.c diff | blob | blame | history
src/crypto/crypto_libtomcrypt.c diff | blob | blame | history
src/crypto/crypto_nettle.c diff | blob | blame | history
src/crypto/crypto_openssl.c diff | blob | blame | history
src/crypto/crypto_wolfssl.c diff | blob | blame | history
src/crypto/dh_groups.c diff | blob | blame | history
src/eap_common/eap_eke_common.c diff | blob | blame | history
Unnamed repository; edit this file 'description' to name the repository.