From d001fe31ab0a3e7619484c4a6a3aa5a85cd81816 Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Sun, 4 Aug 2019 15:03:08 +0300 Subject: [PATCH] OpenSSL: Handle EVP_PKEY_derive() secret_len changes for ECDH It looks like EVP_PKEY_derive() may change the returned length of the buffer from the initial length determination (NULL buffer) to the fetching of the value. Handle this by updating the secret length based on the second call instead of the first one. This fixes some cases where ECDH result has been used with extra data (zeros in the end) with OWE or FILS PFS. Signed-off-by: Jouni Malinen --- src/crypto/crypto_openssl.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/src/crypto/crypto_openssl.c b/src/crypto/crypto_openssl.c index aa5b9b4c7..bab33a537 100644 --- a/src/crypto/crypto_openssl.c +++ b/src/crypto/crypto_openssl.c @@ -2059,13 +2059,17 @@ struct wpabuf * crypto_ecdh_set_peerkey(struct crypto_ecdh *ecdh, int inc_y, secret = wpabuf_alloc(secret_len); if (!secret) goto fail; - if (EVP_PKEY_derive(ctx, wpabuf_put(secret, secret_len), - &secret_len) != 1) { + if (EVP_PKEY_derive(ctx, wpabuf_put(secret, 0), &secret_len) != 1) { wpa_printf(MSG_ERROR, "OpenSSL: EVP_PKEY_derive(2) failed: %s", ERR_error_string(ERR_get_error(), NULL)); goto fail; } + if (secret->size != secret_len) + wpa_printf(MSG_DEBUG, + "OpenSSL: EVP_PKEY_derive(2) changed secret_len %d -> %d", + (int) secret->size, (int) secret_len); + wpabuf_put(secret, secret_len); done: BN_free(x);