From a1b842b1c6a2aad2b17a772cc8dbf5b0b4098ae6 Mon Sep 17 00:00:00 2001 From: Kapil Gupta Date: Mon, 14 Mar 2022 18:26:35 +0530 Subject: [PATCH] wpa_supplicant: Add changes to fix broken dpp crypto --- .../src/crypto/crypto_mbedtls-ec.c | 25 ++++++++++++++----- 1 file changed, 19 insertions(+), 6 deletions(-) diff --git a/components/wpa_supplicant/src/crypto/crypto_mbedtls-ec.c b/components/wpa_supplicant/src/crypto/crypto_mbedtls-ec.c index 14c537dfc9..93a68f139b 100644 --- a/components/wpa_supplicant/src/crypto/crypto_mbedtls-ec.c +++ b/components/wpa_supplicant/src/crypto/crypto_mbedtls-ec.c @@ -689,18 +689,26 @@ int crypto_ec_get_curve_id(const struct crypto_ec_group *group) int crypto_ecdh(struct crypto_key *key_own, struct crypto_key *key_peer, u8 *secret, size_t *secret_len) { - mbedtls_ecdh_context *ctx; + mbedtls_ecdh_context *ctx = NULL; mbedtls_pk_context *own = (mbedtls_pk_context *)key_own; mbedtls_pk_context *peer = (mbedtls_pk_context *)key_peer; - + mbedtls_entropy_context entropy; + mbedtls_ctr_drbg_context ctr_drbg; int ret = -1; + mbedtls_entropy_init(&entropy); + mbedtls_ctr_drbg_init(&ctr_drbg); + + if (mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy, NULL, 0) < 0) { + goto fail; + } + *secret_len = 0; ctx = os_malloc(sizeof(*ctx)); if (!ctx) { wpa_printf(MSG_ERROR, "DPP: EVP_PKEY_CTX_new failed: %s", __func__); - return -1; + goto fail; } mbedtls_ecdh_init(ctx); @@ -721,7 +729,8 @@ int crypto_ecdh(struct crypto_key *key_own, struct crypto_key *key_peer, goto fail; } - if (mbedtls_ecdh_calc_secret(ctx, secret_len, secret, DPP_MAX_SHARED_SECRET_LEN, NULL, NULL) < 0) { + if (mbedtls_ecdh_calc_secret(ctx, secret_len, secret, DPP_MAX_SHARED_SECRET_LEN, + mbedtls_ctr_drbg_random, &ctr_drbg) < 0) { wpa_printf(MSG_ERROR, "failed to calculate secret\n"); goto fail; } @@ -734,8 +743,12 @@ int crypto_ecdh(struct crypto_key *key_own, struct crypto_key *key_peer, ret = 0; fail: - mbedtls_ecdh_free(ctx); - os_free(ctx); + mbedtls_ctr_drbg_free(&ctr_drbg); + mbedtls_entropy_free(&entropy); + if (ctx) { + mbedtls_ecdh_free(ctx); + os_free(ctx); + } return ret; }