jeltz/hostap
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

EAP-pwd: Move bnctx into per-protocol instance structure

Browse source 
This avoids double frees of bnctx and related crashes.
This commit is contained in:
Jouni Malinen 2010-09-14 22:04:09 -10:00
parent df684d82ff
commit d52be1db76
2 changed files with 54 additions and 42 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

49
src/eap_peer/eap_pwd.c
View file

@ -41,9 +41,9 @@ struct eap_pwd_data {
u8 msk[EAP_MSK_LEN]; u8 msk[EAP_MSK_LEN];
u8 emsk[EAP_EMSK_LEN]; u8 emsk[EAP_EMSK_LEN];
};
static BN_CTX *bnctx; BN_CTX *bnctx;
};
#ifndef CONFIG_NO_STDOUT_DEBUG #ifndef CONFIG_NO_STDOUT_DEBUG
@ -93,18 +93,20 @@ static void * eap_pwd_init(struct eap_sm *sm)
return NULL; return NULL;
} }
if ((bnctx = BN_CTX_new()) == NULL) {
wpa_printf(MSG_INFO, "EAP-PWD: bn context allocation fail");
return NULL;
}
if ((data = os_zalloc(sizeof(*data))) == NULL) { if ((data = os_zalloc(sizeof(*data))) == NULL) {
wpa_printf(MSG_INFO, "EAP-PWD: memory allocation data fail"); wpa_printf(MSG_INFO, "EAP-PWD: memory allocation data fail");
return NULL; return NULL;
} }
if ((data->bnctx = BN_CTX_new()) == NULL) {
wpa_printf(MSG_INFO, "EAP-PWD: bn context allocation fail");
os_free(data);
return NULL;
}
if ((data->id_peer = os_malloc(identity_len)) == NULL) { if ((data->id_peer = os_malloc(identity_len)) == NULL) {
wpa_printf(MSG_INFO, "EAP-PWD: memory allocation id fail"); wpa_printf(MSG_INFO, "EAP-PWD: memory allocation id fail");
BN_CTX_free(data->bnctx);
os_free(data); os_free(data);
return NULL; return NULL;
} }
@ -114,6 +116,7 @@ static void * eap_pwd_init(struct eap_sm *sm)
if ((data->password = os_malloc(password_len)) == NULL) { if ((data->password = os_malloc(password_len)) == NULL) {
wpa_printf(MSG_INFO, "EAP-PWD: memory allocation psk fail"); wpa_printf(MSG_INFO, "EAP-PWD: memory allocation psk fail");
BN_CTX_free(data->bnctx);
os_free(data->id_peer); os_free(data->id_peer);
os_free(data); os_free(data);
return NULL; return NULL;
@ -135,7 +138,7 @@ static void eap_pwd_deinit(struct eap_sm *sm, void *priv)
BN_free(data->server_scalar); BN_free(data->server_scalar);
BN_free(data->my_scalar); BN_free(data->my_scalar);
BN_free(data->k); BN_free(data->k);
BN_CTX_free(bnctx); BN_CTX_free(data->bnctx);
EC_POINT_free(data->my_element); EC_POINT_free(data->my_element);
EC_POINT_free(data->server_element); EC_POINT_free(data->server_element);
os_free(data->id_peer); os_free(data->id_peer);
@ -274,17 +277,19 @@ eap_pwd_perform_commit_exchange(struct eap_sm *sm, struct eap_pwd_data *data,
BN_rand_range(data->private_value, data->grp->order); BN_rand_range(data->private_value, data->grp->order);
BN_rand_range(mask, data->grp->order); BN_rand_range(mask, data->grp->order);
BN_add(data->my_scalar, data->private_value, mask); BN_add(data->my_scalar, data->private_value, mask);
BN_mod(data->my_scalar, data->my_scalar, data->grp->order, bnctx); BN_mod(data->my_scalar, data->my_scalar, data->grp->order,
data->bnctx);
if (!EC_POINT_mul(data->grp->group, data->my_element, NULL, if (!EC_POINT_mul(data->grp->group, data->my_element, NULL,
data->grp->pwe, mask, bnctx)) { data->grp->pwe, mask, data->bnctx)) {
wpa_printf(MSG_INFO, "EAP-PWD (peer): element allocation " wpa_printf(MSG_INFO, "EAP-PWD (peer): element allocation "
"fail"); "fail");
eap_pwd_state(data, FAILURE); eap_pwd_state(data, FAILURE);
goto fin; goto fin;
} }
if (!EC_POINT_invert(data->grp->group, data->my_element, bnctx)) { if (!EC_POINT_invert(data->grp->group, data->my_element, data->bnctx))
{
wpa_printf(MSG_INFO, "EAP-PWD (peer): element inversion fail"); wpa_printf(MSG_INFO, "EAP-PWD (peer): element inversion fail");
goto fin; goto fin;
} }
@ -317,7 +322,7 @@ eap_pwd_perform_commit_exchange(struct eap_sm *sm, struct eap_pwd_data *data,
BN_bin2bn(ptr, BN_num_bytes(data->grp->order), data->server_scalar); BN_bin2bn(ptr, BN_num_bytes(data->grp->order), data->server_scalar);
if (!EC_POINT_set_affine_coordinates_GFp(data->grp->group, if (!EC_POINT_set_affine_coordinates_GFp(data->grp->group,
data->server_element, x, y, data->server_element, x, y,
bnctx)) { data->bnctx)) {
wpa_printf(MSG_INFO, "EAP-PWD (peer): setting peer element " wpa_printf(MSG_INFO, "EAP-PWD (peer): setting peer element "
"fail"); "fail");
goto fin; goto fin;
@ -340,11 +345,11 @@ eap_pwd_perform_commit_exchange(struct eap_sm *sm, struct eap_pwd_data *data,
/* compute the shared key, k */ /* compute the shared key, k */
if ((!EC_POINT_mul(data->grp->group, K, NULL, data->grp->pwe, if ((!EC_POINT_mul(data->grp->group, K, NULL, data->grp->pwe,
data->server_scalar, bnctx)) || data->server_scalar, data->bnctx)) ||
(!EC_POINT_add(data->grp->group, K, K, data->server_element, (!EC_POINT_add(data->grp->group, K, K, data->server_element,
bnctx)) || data->bnctx)) ||
(!EC_POINT_mul(data->grp->group, K, NULL, K, data->private_value, (!EC_POINT_mul(data->grp->group, K, NULL, K, data->private_value,
bnctx))) { data->bnctx))) {
wpa_printf(MSG_INFO, "EAP-PWD (peer): computing shared key " wpa_printf(MSG_INFO, "EAP-PWD (peer): computing shared key "
"fail"); "fail");
goto fin; goto fin;
@ -373,7 +378,7 @@ eap_pwd_perform_commit_exchange(struct eap_sm *sm, struct eap_pwd_data *data,
} }
if (!EC_POINT_get_affine_coordinates_GFp(data->grp->group, K, data->k, if (!EC_POINT_get_affine_coordinates_GFp(data->grp->group, K, data->k,
NULL, bnctx)) { NULL, data->bnctx)) {
wpa_printf(MSG_INFO, "EAP-PWD (peer): unable to extract " wpa_printf(MSG_INFO, "EAP-PWD (peer): unable to extract "
"shared secret from point"); "shared secret from point");
goto fin; goto fin;
@ -382,7 +387,7 @@ eap_pwd_perform_commit_exchange(struct eap_sm *sm, struct eap_pwd_data *data,
/* now do the response */ /* now do the response */
if (!EC_POINT_get_affine_coordinates_GFp(data->grp->group, if (!EC_POINT_get_affine_coordinates_GFp(data->grp->group,
data->my_element, x, y, data->my_element, x, y,
bnctx)) { data->bnctx)) {
wpa_printf(MSG_INFO, "EAP-PWD (peer): point assignment fail"); wpa_printf(MSG_INFO, "EAP-PWD (peer): point assignment fail");
goto fin; goto fin;
} }
@ -489,7 +494,7 @@ eap_pwd_perform_confirm_exchange(struct eap_sm *sm, struct eap_pwd_data *data,
/* server element: x, y */ /* server element: x, y */
if (!EC_POINT_get_affine_coordinates_GFp(data->grp->group, if (!EC_POINT_get_affine_coordinates_GFp(data->grp->group,
data->server_element, x, y, data->server_element, x, y,
bnctx)) { data->bnctx)) {
wpa_printf(MSG_INFO, "EAP-PWD (server): confirm point " wpa_printf(MSG_INFO, "EAP-PWD (server): confirm point "
"assignment fail"); "assignment fail");
goto fin; goto fin;
@ -509,7 +514,7 @@ eap_pwd_perform_confirm_exchange(struct eap_sm *sm, struct eap_pwd_data *data,
/* my element: x, y */ /* my element: x, y */
if (!EC_POINT_get_affine_coordinates_GFp(data->grp->group, if (!EC_POINT_get_affine_coordinates_GFp(data->grp->group,
data->my_element, x, y, data->my_element, x, y,
bnctx)) { data->bnctx)) {
wpa_printf(MSG_INFO, "EAP-PWD (server): confirm point " wpa_printf(MSG_INFO, "EAP-PWD (server): confirm point "
"assignment fail"); "assignment fail");
goto fin; goto fin;
@ -556,7 +561,7 @@ eap_pwd_perform_confirm_exchange(struct eap_sm *sm, struct eap_pwd_data *data,
/* my element */ /* my element */
if (!EC_POINT_get_affine_coordinates_GFp(data->grp->group, if (!EC_POINT_get_affine_coordinates_GFp(data->grp->group,
data->my_element, x, y, data->my_element, x, y,
bnctx)) { data->bnctx)) {
wpa_printf(MSG_INFO, "EAP-PWD (peer): confirm point " wpa_printf(MSG_INFO, "EAP-PWD (peer): confirm point "
"assignment fail"); "assignment fail");
goto fin; goto fin;
@ -576,7 +581,7 @@ eap_pwd_perform_confirm_exchange(struct eap_sm *sm, struct eap_pwd_data *data,
/* server element: x, y */ /* server element: x, y */
if (!EC_POINT_get_affine_coordinates_GFp(data->grp->group, if (!EC_POINT_get_affine_coordinates_GFp(data->grp->group,
data->server_element, x, y, data->server_element, x, y,
bnctx)) { data->bnctx)) {
wpa_printf(MSG_INFO, "EAP-PWD (peer): confirm point " wpa_printf(MSG_INFO, "EAP-PWD (peer): confirm point "
"assignment fail"); "assignment fail");
goto fin; goto fin;
@ -608,7 +613,7 @@ eap_pwd_perform_confirm_exchange(struct eap_sm *sm, struct eap_pwd_data *data,
wpabuf_put_u8(resp, EAP_PWD_OPCODE_CONFIRM_EXCH); wpabuf_put_u8(resp, EAP_PWD_OPCODE_CONFIRM_EXCH);
wpabuf_put_data(resp, conf, SHA256_DIGEST_LENGTH); wpabuf_put_data(resp, conf, SHA256_DIGEST_LENGTH);
if (compute_keys(data->grp, bnctx, data->k, data->server_element, if (compute_keys(data->grp, data->bnctx, data->k, data->server_element,
data->my_element, data->server_scalar, data->my_element, data->server_scalar,
data->my_scalar, &cs, data->msk, data->emsk) < 0) { data->my_scalar, &cs, data->msk, data->emsk) < 0) {
wpa_printf(MSG_INFO, "EAP-PWD (peer): unable to compute MSK | " wpa_printf(MSG_INFO, "EAP-PWD (peer): unable to compute MSK | "

47
src/eap_server/eap_server_pwd.c
View file

@ -42,9 +42,9 @@ struct eap_pwd_data {
u8 msk[EAP_MSK_LEN]; u8 msk[EAP_MSK_LEN];
u8 emsk[EAP_EMSK_LEN]; u8 emsk[EAP_EMSK_LEN];
};
static BN_CTX *bnctx; BN_CTX *bnctx;
};
static const char * eap_pwd_state_txt(int state) static const char * eap_pwd_state_txt(int state)
@ -96,20 +96,25 @@ static void * eap_pwd_init(struct eap_sm *sm)
data->id_server = (u8 *) os_strdup("server"); data->id_server = (u8 *) os_strdup("server");
if (data->id_server) if (data->id_server)
data->id_server_len = os_strlen((char *)data->id_server); data->id_server_len = os_strlen((char *) data->id_server);
data->password = os_malloc(sm->user->password_len); data->password = os_malloc(sm->user->password_len);
if (data->password == NULL) { if (data->password == NULL) {
wpa_printf(MSG_INFO, "EAP-PWD: Mmemory allocation password " wpa_printf(MSG_INFO, "EAP-PWD: Mmemory allocation password "
"fail"); "fail");
os_free(data->id_server);
os_free(data);
return NULL; return NULL;
} }
data->password_len = sm->user->password_len; data->password_len = sm->user->password_len;
os_memcpy(data->password, sm->user->password, data->password_len); os_memcpy(data->password, sm->user->password, data->password_len);
bnctx = BN_CTX_new(); data->bnctx = BN_CTX_new();
if (bnctx == NULL) { if (data->bnctx == NULL) {
wpa_printf(MSG_INFO, "EAP-PWD: bn context allocation fail"); wpa_printf(MSG_INFO, "EAP-PWD: bn context allocation fail");
os_free(data->password);
os_free(data->id_server);
os_free(data);
return NULL; return NULL;
} }
@ -125,7 +130,7 @@ static void eap_pwd_reset(struct eap_sm *sm, void *priv)
BN_free(data->peer_scalar); BN_free(data->peer_scalar);
BN_free(data->my_scalar); BN_free(data->my_scalar);
BN_free(data->k); BN_free(data->k);
BN_CTX_free(bnctx); BN_CTX_free(data->bnctx);
EC_POINT_free(data->my_element); EC_POINT_free(data->my_element);
EC_POINT_free(data->peer_element); EC_POINT_free(data->peer_element);
os_free(data->id_peer); os_free(data->id_peer);
@ -186,17 +191,19 @@ eap_pwd_build_commit_req(struct eap_sm *sm, struct eap_pwd_data *data, u8 id)
BN_rand_range(data->private_value, data->grp->order); BN_rand_range(data->private_value, data->grp->order);
BN_rand_range(mask, data->grp->order); BN_rand_range(mask, data->grp->order);
BN_add(data->my_scalar, data->private_value, mask); BN_add(data->my_scalar, data->private_value, mask);
BN_mod(data->my_scalar, data->my_scalar, data->grp->order, bnctx); BN_mod(data->my_scalar, data->my_scalar, data->grp->order,
data->bnctx);
if (!EC_POINT_mul(data->grp->group, data->my_element, NULL, if (!EC_POINT_mul(data->grp->group, data->my_element, NULL,
data->grp->pwe, mask, bnctx)) { data->grp->pwe, mask, data->bnctx)) {
wpa_printf(MSG_INFO, "EAP-PWD (server): element allocation " wpa_printf(MSG_INFO, "EAP-PWD (server): element allocation "
"fail"); "fail");
eap_pwd_state(data, FAILURE); eap_pwd_state(data, FAILURE);
goto fin; goto fin;
} }
if (!EC_POINT_invert(data->grp->group, data->my_element, bnctx)) { if (!EC_POINT_invert(data->grp->group, data->my_element, data->bnctx))
{
wpa_printf(MSG_INFO, "EAP-PWD (server): element inversion " wpa_printf(MSG_INFO, "EAP-PWD (server): element inversion "
"fail"); "fail");
goto fin; goto fin;
@ -211,7 +218,7 @@ eap_pwd_build_commit_req(struct eap_sm *sm, struct eap_pwd_data *data, u8 id)
} }
if (!EC_POINT_get_affine_coordinates_GFp(data->grp->group, if (!EC_POINT_get_affine_coordinates_GFp(data->grp->group,
data->my_element, x, y, data->my_element, x, y,
bnctx)) { data->bnctx)) {
wpa_printf(MSG_INFO, "EAP-PWD (server): point assignment " wpa_printf(MSG_INFO, "EAP-PWD (server): point assignment "
"fail"); "fail");
goto fin; goto fin;
@ -302,7 +309,7 @@ eap_pwd_build_confirm_req(struct eap_sm *sm, struct eap_pwd_data *data, u8 id)
/* server element: x, y */ /* server element: x, y */
if (!EC_POINT_get_affine_coordinates_GFp(data->grp->group, if (!EC_POINT_get_affine_coordinates_GFp(data->grp->group,
data->my_element, x, y, data->my_element, x, y,
bnctx)) { data->bnctx)) {
wpa_printf(MSG_INFO, "EAP-PWD (server): confirm point " wpa_printf(MSG_INFO, "EAP-PWD (server): confirm point "
"assignment fail"); "assignment fail");
goto fin; goto fin;
@ -323,7 +330,7 @@ eap_pwd_build_confirm_req(struct eap_sm *sm, struct eap_pwd_data *data, u8 id)
/* peer element: x, y */ /* peer element: x, y */
if (!EC_POINT_get_affine_coordinates_GFp(data->grp->group, if (!EC_POINT_get_affine_coordinates_GFp(data->grp->group,
data->peer_element, x, y, data->peer_element, x, y,
bnctx)) { data->bnctx)) {
wpa_printf(MSG_INFO, "EAP-PWD (server): confirm point " wpa_printf(MSG_INFO, "EAP-PWD (server): confirm point "
"assignment fail"); "assignment fail");
goto fin; goto fin;
@ -520,7 +527,7 @@ eap_pwd_process_commit_resp(struct eap_sm *sm, struct eap_pwd_data *data,
BN_bin2bn(ptr, BN_num_bytes(data->grp->order), data->peer_scalar); BN_bin2bn(ptr, BN_num_bytes(data->grp->order), data->peer_scalar);
if (!EC_POINT_set_affine_coordinates_GFp(data->grp->group, if (!EC_POINT_set_affine_coordinates_GFp(data->grp->group,
data->peer_element, x, y, data->peer_element, x, y,
bnctx)) { data->bnctx)) {
wpa_printf(MSG_INFO, "EAP-PWD (server): setting peer element " wpa_printf(MSG_INFO, "EAP-PWD (server): setting peer element "
"fail"); "fail");
goto fin; goto fin;
@ -543,11 +550,11 @@ eap_pwd_process_commit_resp(struct eap_sm *sm, struct eap_pwd_data *data,
/* compute the shared key, k */ /* compute the shared key, k */
if ((!EC_POINT_mul(data->grp->group, K, NULL, data->grp->pwe, if ((!EC_POINT_mul(data->grp->group, K, NULL, data->grp->pwe,
data->peer_scalar, bnctx)) || data->peer_scalar, data->bnctx)) ||
(!EC_POINT_add(data->grp->group, K, K, data->peer_element, (!EC_POINT_add(data->grp->group, K, K, data->peer_element,
bnctx)) || data->bnctx)) ||
(!EC_POINT_mul(data->grp->group, K, NULL, K, data->private_value, (!EC_POINT_mul(data->grp->group, K, NULL, K, data->private_value,
bnctx))) { data->bnctx))) {
wpa_printf(MSG_INFO, "EAP-PWD (server): computing shared key " wpa_printf(MSG_INFO, "EAP-PWD (server): computing shared key "
"fail"); "fail");
goto fin; goto fin;
@ -575,7 +582,7 @@ eap_pwd_process_commit_resp(struct eap_sm *sm, struct eap_pwd_data *data,
goto fin; goto fin;
} }
if (!EC_POINT_get_affine_coordinates_GFp(data->grp->group, K, data->k, if (!EC_POINT_get_affine_coordinates_GFp(data->grp->group, K, data->k,
NULL, bnctx)) { NULL, data->bnctx)) {
wpa_printf(MSG_INFO, "EAP-PWD (server): unable to extract " wpa_printf(MSG_INFO, "EAP-PWD (server): unable to extract "
"shared secret from secret point"); "shared secret from secret point");
goto fin; goto fin;
@ -634,7 +641,7 @@ eap_pwd_process_confirm_resp(struct eap_sm *sm, struct eap_pwd_data *data,
/* peer element: x, y */ /* peer element: x, y */
if (!EC_POINT_get_affine_coordinates_GFp(data->grp->group, if (!EC_POINT_get_affine_coordinates_GFp(data->grp->group,
data->peer_element, x, y, data->peer_element, x, y,
bnctx)) { data->bnctx)) {
wpa_printf(MSG_INFO, "EAP-PWD (server): confirm point " wpa_printf(MSG_INFO, "EAP-PWD (server): confirm point "
"assignment fail"); "assignment fail");
goto fin; goto fin;
@ -654,7 +661,7 @@ eap_pwd_process_confirm_resp(struct eap_sm *sm, struct eap_pwd_data *data,
/* server element: x, y */ /* server element: x, y */
if (!EC_POINT_get_affine_coordinates_GFp(data->grp->group, if (!EC_POINT_get_affine_coordinates_GFp(data->grp->group,
data->my_element, x, y, data->my_element, x, y,
bnctx)) { data->bnctx)) {
wpa_printf(MSG_INFO, "EAP-PWD (server): confirm point " wpa_printf(MSG_INFO, "EAP-PWD (server): confirm point "
"assignment fail"); "assignment fail");
goto fin; goto fin;
@ -687,7 +694,7 @@ eap_pwd_process_confirm_resp(struct eap_sm *sm, struct eap_pwd_data *data,
} }
wpa_printf(MSG_DEBUG, "EAP-pwd (server): confirm verified"); wpa_printf(MSG_DEBUG, "EAP-pwd (server): confirm verified");
if (compute_keys(data->grp, bnctx, data->k, data->my_element, if (compute_keys(data->grp, data->bnctx, data->k, data->my_element,
data->peer_element, data->my_scalar, data->peer_element, data->my_scalar,
data->peer_scalar, &cs, data->msk, data->emsk) < 0) data->peer_scalar, &cs, data->msk, data->emsk) < 0)
eap_pwd_state(data, FAILURE); eap_pwd_state(data, FAILURE);