EAP-pwd: Verify BN_rand_range return code

This makes the EAP-pwd server and peer implementations more robust
should OpenSSL fail to derive random number for some reason. While this
is unlikely to happen in practice, the implementation better be prepared
for this should something unexpected ever happen. See
http://jbp.io/2014/01/16/openssl-rand-api/#review-of-randbytes-callers
for more details.

Signed-off-by: Florent Daigniere <nextgens@freenetproject.org>

diff --git a/src/eap_peer/eap_pwd.c b/src/eap_peer/eap_pwd.c
index ef80dba35264e1e357ed7fc09042de5e618cc3b1..fd5c2f0f509270c996fece7f329f40894c4a0496 100644 (file)
--- a/src/eap_peer/eap_pwd.c
+++ b/src/eap_peer/eap_pwd.c
@@ -317,11 +317,15 @@ eap_pwd_perform_commit_exchange(struct eap_sm *sm, struct eap_pwd_data *data,
                goto fin;
        }
 
-       BN_rand_range(data->private_value, data->grp->order);
-       BN_rand_range(mask, data->grp->order);
-       BN_add(data->my_scalar, data->private_value, mask);
-       BN_mod(data->my_scalar, data->my_scalar, data->grp->order,
-              data->bnctx);
+       if (BN_rand_range(data->private_value, data->grp->order) != 1 ||
+           BN_rand_range(mask, data->grp->order) != 1 ||
+           BN_add(data->my_scalar, data->private_value, mask) != 1 ||
+           BN_mod(data->my_scalar, data->my_scalar, data->grp->order,
+                  data->bnctx) != 1) {
+               wpa_printf(MSG_INFO,
+                          "EAP-pwd (peer): unable to get randomness");
+               goto fin;
+       }
 
        if (!EC_POINT_mul(data->grp->group, data->my_element, NULL,
                          data->grp->pwe, mask, data->bnctx)) {

diff --git a/src/eap_server/eap_server_pwd.c b/src/eap_server/eap_server_pwd.c
index fc2ae263e3b30107855958764042886463055693..ed7dda109589bff512d020993b29166d3ebe30c4 100644 (file)
--- a/src/eap_server/eap_server_pwd.c
+++ b/src/eap_server/eap_server_pwd.c
@@ -210,11 +210,15 @@ static void eap_pwd_build_commit_req(struct eap_sm *sm,
                goto fin;
        }
 
-       BN_rand_range(data->private_value, data->grp->order);
-       BN_rand_range(mask, data->grp->order);
-       BN_add(data->my_scalar, data->private_value, mask);
-       BN_mod(data->my_scalar, data->my_scalar, data->grp->order,
-              data->bnctx);
+       if (BN_rand_range(data->private_value, data->grp->order) != 1 ||
+           BN_rand_range(mask, data->grp->order) != 1 ||
+           BN_add(data->my_scalar, data->private_value, mask) != 1 ||
+           BN_mod(data->my_scalar, data->my_scalar, data->grp->order,
+                  data->bnctx) != 1) {
+               wpa_printf(MSG_INFO,
+                          "EAP-pwd (server): unable to get randomness");
+               goto fin;
+       }
 
        if (!EC_POINT_mul(data->grp->group, data->my_element, NULL,
                          data->grp->pwe, mask, data->bnctx)) {