SAE: Fix error path handling for SSWU

crypto_bignum_init_set() might fail in case of memory allocation
failures. These two cases within sswu() did not handle that properly,
i.e., a memory allocation failure could have resulted in dereferencing a
NULL pointer. Check the return value before proceeding to fix this.

Fixes: aeb022f8e51e ("SAE: Implement hash-to-element PT/PWE crypto routines")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>

diff --git a/src/common/sae.c b/src/common/sae.c
index 72b5f3fabc1956a3ead6a5346efc7aa87662cb6e..057e1ce3b19d8dd20ff6b2aa6e990791fbb789e6 100644 (file)
--- a/src/common/sae.c
+++ b/src/common/sae.c
@@ -713,6 +713,8 @@ static struct crypto_ec_point * sswu(struct crypto_ec *ec, int group,
                goto fail;
        const_time_select_bin(m_is_zero, bin1, bin2, prime_len, bin);
        x1 = crypto_bignum_init_set(bin, prime_len);
+       if (!x1)
+               goto fail;
        debug_print_bignum("SSWU: x1 = CSEL(l, x1a, x1b)", x1, prime_len);
 
        /* gx1 = x1^3 + a * x1 + b */
@@ -753,6 +755,8 @@ static struct crypto_ec_point * sswu(struct crypto_ec *ec, int group,
                goto fail;
        const_time_select_bin(is_qr, bin1, bin2, prime_len, bin);
        v = crypto_bignum_init_set(bin, prime_len);
+       if (!v)
+               goto fail;
        debug_print_bignum("SSWU: v = CSEL(l, gx1, gx2)", v, prime_len);
 
        /* x = CSEL(l, x1, x2) */