wolfSSL: Fix crypto_dh_init() and dh5_init()

priv_sz and pub_sz needs to be initialized to the buffer size before the
wc_DhGenerateKeyPair() call. The previous version happened to work in
some cases where a separate handled prime length was used, but not for
the generic case.

Signed-off-by: Jouni Malinen <j@w1.fi>

diff --git a/src/crypto/crypto_wolfssl.c b/src/crypto/crypto_wolfssl.c
index 22e8c044c8de538dfacdebfa916e64e4f7e12b18..dba4dee8296237cf347ec182248812bc536e2eed 100644 (file)
--- a/src/crypto/crypto_wolfssl.c
+++ b/src/crypto/crypto_wolfssl.c
@@ -682,6 +682,7 @@ void * dh5_init(struct wpabuf **priv, struct wpabuf **publ)
            != 0)
                goto done;
 
+       priv_sz = pub_sz = RFC3526_LEN;
        if (wc_DhGenerateKeyPair(dh, &rng, wpabuf_mhead(privkey), &priv_sz,
                                 wpabuf_mhead(pubkey), &pub_sz) != 0)
                goto done;
@@ -815,6 +816,7 @@ int crypto_dh_init(u8 generator, const u8 *prime, size_t prime_len, u8 *privkey,
        if (wc_DhSetKey(dh, prime, prime_len, &generator, 1) != 0)
                goto done;
 
+       priv_sz = pub_sz = prime_len;
        if (wc_DhGenerateKeyPair(dh, &rng, privkey, &priv_sz, pubkey, &pub_sz)
            != 0)
                goto done;