The dh_p_len, dh_g_len, and dh_ys_len parameters were validated against
the received message structure, but that did not seem to be done in a
way that some static analyzers would understand this (CID 72699).
Signed-off-by: Jouni Malinen <j@w1.fi>
This makes the implementation less likely to provide useful timing
information to potential attackers from comparisons of information
received from a remote device and private material known only by the
authorized devices.
Signed-off-by: Jouni Malinen <j@w1.fi>
Previously, this was silently dropped which left the connection waiting
for timeout. decrypt_error alert can be used here to avoid that.
Signed-off-by: Jouni Malinen <j@w1.fi>
This same design is used in both the server and the client roles in the
internal TLS implementation. Instead of duplicated implementation, use a
helper function.
Signed-off-by: Jouni Malinen <j@w1.fi>
Instead of separate server and client side implementations, use a common
set of helper functions for calculating the ServerParams hash for
ServerKeyExchange.
Signed-off-by: Jouni Malinen <j@w1.fi>
This phase1 parameter for TLS-based EAP methods was already supported
with GnuTLS and this commit extends that support for OpenSSL and the
internal TLS implementation.
In addition, start ordering header file includes to be in more
consistent order: system header files, src/utils, src/*, same
directory as the *.c file.