From: Jouni Malinen <jouni@codeaurora.org>
Date: Thu, 1 Oct 2020 06:35:58 +0000 (+0300)
Subject: SAE: Fix error path handling for SSWU
X-Git-Tag: hostap_2_10~948
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ac882374a595ba31a04f374f227755c938a7b4c2;p=thirdparty%2Fhostap.git

SAE: Fix error path handling for SSWU

crypto_bignum_init_set() might fail in case of memory allocation
failures. These two cases within sswu() did not handle that properly,
i.e., a memory allocation failure could have resulted in dereferencing a
NULL pointer. Check the return value before proceeding to fix this.

Fixes: aeb022f8e51e ("SAE: Implement hash-to-element PT/PWE crypto routines")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
---

diff --git a/src/common/sae.c b/src/common/sae.c
index 72b5f3fab..057e1ce3b 100644
--- a/src/common/sae.c
+++ b/src/common/sae.c
@@ -713,6 +713,8 @@ static struct crypto_ec_point * sswu(struct crypto_ec *ec, int group,
 		goto fail;
 	const_time_select_bin(m_is_zero, bin1, bin2, prime_len, bin);
 	x1 = crypto_bignum_init_set(bin, prime_len);
+	if (!x1)
+		goto fail;
 	debug_print_bignum("SSWU: x1 = CSEL(l, x1a, x1b)", x1, prime_len);
 
 	/* gx1 = x1^3 + a * x1 + b */
@@ -753,6 +755,8 @@ static struct crypto_ec_point * sswu(struct crypto_ec *ec, int group,
 		goto fail;
 	const_time_select_bin(is_qr, bin1, bin2, prime_len, bin);
 	v = crypto_bignum_init_set(bin, prime_len);
+	if (!v)
+		goto fail;
 	debug_print_bignum("SSWU: v = CSEL(l, gx1, gx2)", v, prime_len);
 
 	/* x = CSEL(l, x1, x2) */