31 lines
1.1 KiB
Diff
31 lines
1.1 KiB
Diff
|
diff -Nur orig-wpa_supplicant-2.6/src/eap_peer/eap_pwd.c wpa_supplicant-2.6/src/eap_peer/eap_pwd.c
|
||
|
|
--- orig-wpa_supplicant-2.6/src/eap_peer/eap_pwd.c 2020-02-03 19:32:18.847432926 +0800
|
||
|
|
+++ wpa_supplicant-2.6/src/eap_peer/eap_pwd.c 2020-02-03 19:33:32.688400551 +0800
|
||
|
|
@@ -451,6 +451,26 @@
|
||
|
|
goto fin;
|
||
|
|
}
|
||
|
|
|
||
|
|
+ /* verify received scalar */
|
||
|
|
+ if (crypto_bignum_is_zero(data->server_scalar) ||
|
||
|
|
+ crypto_bignum_is_one(data->server_scalar) ||
|
||
|
|
+ crypto_bignum_cmp(data->server_scalar,
|
||
|
|
+ crypto_ec_get_order(data->grp->group)) >= 0) {
|
||
|
|
+ wpa_printf(MSG_INFO,
|
||
|
|
+ "EAP-PWD (peer): received scalar is invalid");
|
||
|
|
+ goto fin;
|
||
|
|
+ }
|
||
|
|
+
|
||
|
|
+ /* verify received element */
|
||
|
|
+ if (!crypto_ec_point_is_on_curve(data->grp->group,
|
||
|
|
+ data->server_element) ||
|
||
|
|
+ crypto_ec_point_is_at_infinity(data->grp->group,
|
||
|
|
+ data->server_element)) {
|
||
|
|
+ wpa_printf(MSG_INFO,
|
||
|
|
+ "EAP-PWD (peer): received element is invalid");
|
||
|
|
+ goto fin;
|
||
|
|
+ }
|
||
|
|
+
|
||
|
|
/* compute the shared key, k */
|
||
|
|
if ((!EC_POINT_mul(data->grp->group, K, NULL, data->grp->pwe,
|
||
|
|
data->server_scalar, data->bnctx)) ||
|