forked from espressif/esp-idf
fix for OWE memory leak
This commit is contained in:
Shyamal Khachane
@@ -1047,12 +1047,14 @@ struct crypto_ecdh * crypto_ecdh_init(int group)
|
|||||||
mbedtls_ecdh_context *ctx;
|
mbedtls_ecdh_context *ctx;
|
||||||
|
|
||||||
ctx = os_zalloc(sizeof(*ctx));
|
ctx = os_zalloc(sizeof(*ctx));
|
||||||
|
|
||||||
if (!ctx) {
|
if (!ctx) {
|
||||||
wpa_printf(MSG_ERROR, "Memory allocation failed for ecdh context");
|
wpa_printf(MSG_ERROR, "Memory allocation failed for ecdh context");
|
||||||
goto fail;
|
goto fail;
|
||||||
}
|
}
|
||||||
mbedtls_ecdh_init(ctx);
|
mbedtls_ecdh_init(ctx);
|
||||||
|
#ifndef CONFIG_MBEDTLS_ECDH_LEGACY_CONTEXT
|
||||||
|
ctx->var = MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0;
|
||||||
|
#endif
|
||||||
|
|
||||||
if ((mbedtls_ecp_group_load(ACCESS_ECDH(&ctx, grp), crypto_mbedtls_get_grp_id(group))) != 0) {
|
if ((mbedtls_ecp_group_load(ACCESS_ECDH(&ctx, grp), crypto_mbedtls_get_grp_id(group))) != 0) {
|
||||||
wpa_printf(MSG_ERROR, "Failed to set up ECDH context with group info");
|
wpa_printf(MSG_ERROR, "Failed to set up ECDH context with group info");
|
||||||
@@ -1074,8 +1076,18 @@ struct crypto_ecdh * crypto_ecdh_init(int group)
|
|||||||
wpa_printf(MSG_ERROR, "ECDH keypair on curve failed");
|
wpa_printf(MSG_ERROR, "ECDH keypair on curve failed");
|
||||||
goto fail;
|
goto fail;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
mbedtls_ctr_drbg_free(&ctr_drbg);
|
||||||
|
mbedtls_entropy_free(&entropy);
|
||||||
return (struct crypto_ecdh *)ctx;
|
return (struct crypto_ecdh *)ctx;
|
||||||
fail:
|
fail:
|
||||||
|
if (ctx) {
|
||||||
|
mbedtls_ecdh_free(ctx);
|
||||||
|
os_free(ctx);
|
||||||
|
ctx = NULL;
|
||||||
|
}
|
||||||
|
mbedtls_ctr_drbg_free(&ctr_drbg);
|
||||||
|
mbedtls_entropy_free(&entropy);
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -1199,6 +1211,8 @@ cleanup:
|
|||||||
crypto_ec_free_key(pkey);
|
crypto_ec_free_key(pkey);
|
||||||
crypto_bignum_deinit(bn_x, 1);
|
crypto_bignum_deinit(bn_x, 1);
|
||||||
crypto_ec_point_deinit(ec_pt, 1);
|
crypto_ec_point_deinit(ec_pt, 1);
|
||||||
|
mbedtls_ctr_drbg_free(&ctr_drbg);
|
||||||
|
mbedtls_entropy_free(&entropy);
|
||||||
return sh_secret;
|
return sh_secret;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -21,6 +21,10 @@ void owe_deinit(void)
|
|||||||
struct wpa_sm *sm;
|
struct wpa_sm *sm;
|
||||||
sm = get_wpa_sm();
|
sm = get_wpa_sm();
|
||||||
if (sm->key_mgmt == WPA_KEY_MGMT_OWE) {
|
if (sm->key_mgmt == WPA_KEY_MGMT_OWE) {
|
||||||
|
if (sm->owe_ie) {
|
||||||
|
wpabuf_free(sm->owe_ie);
|
||||||
|
sm->owe_ie = NULL;
|
||||||
|
}
|
||||||
crypto_ecdh_deinit(sm->owe_ecdh);
|
crypto_ecdh_deinit(sm->owe_ecdh);
|
||||||
sm->owe_ecdh = NULL;
|
sm->owe_ecdh = NULL;
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -2703,7 +2703,7 @@ int wpa_sm_set_assoc_rsnxe(struct wpa_sm *sm, const u8 *ie, size_t len)
|
|||||||
#ifdef CONFIG_OWE_STA
|
#ifdef CONFIG_OWE_STA
|
||||||
struct wpabuf *owe_build_assoc_req(struct wpa_sm *sm, u16 group)
|
struct wpabuf *owe_build_assoc_req(struct wpa_sm *sm, u16 group)
|
||||||
{
|
{
|
||||||
struct wpabuf *owe_ie = NULL, *pub = NULL;
|
struct wpabuf *pub = NULL;
|
||||||
size_t prime_len;
|
size_t prime_len;
|
||||||
|
|
||||||
if (group == OWE_DH_GRP19) {
|
if (group == OWE_DH_GRP19) {
|
||||||
@@ -2731,24 +2731,28 @@ struct wpabuf *owe_build_assoc_req(struct wpa_sm *sm, u16 group)
|
|||||||
}
|
}
|
||||||
|
|
||||||
wpa_hexdump_buf(MSG_DEBUG, "Own public key", pub);
|
wpa_hexdump_buf(MSG_DEBUG, "Own public key", pub);
|
||||||
owe_ie = wpabuf_alloc(5 + wpabuf_len(pub));
|
|
||||||
|
|
||||||
if (!owe_ie) {
|
if (sm->owe_ie) {
|
||||||
|
wpabuf_free(sm->owe_ie);
|
||||||
|
}
|
||||||
|
sm->owe_ie = wpabuf_alloc(5 + wpabuf_len(pub));
|
||||||
|
|
||||||
|
if (!sm->owe_ie) {
|
||||||
wpa_printf(MSG_ERROR, "OWE IE allocation failed");
|
wpa_printf(MSG_ERROR, "OWE IE allocation failed");
|
||||||
goto fail;
|
goto fail;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Constructing the DH IE */
|
/* Constructing the DH IE */
|
||||||
wpabuf_put_u8(owe_ie, WLAN_EID_EXTENSION);
|
wpabuf_put_u8(sm->owe_ie, WLAN_EID_EXTENSION);
|
||||||
wpabuf_put_u8(owe_ie, 1 + 2 + wpabuf_len(pub));
|
wpabuf_put_u8(sm->owe_ie, 1 + 2 + wpabuf_len(pub));
|
||||||
wpabuf_put_u8(owe_ie, WLAN_EID_EXT_OWE_DH_PARAM);
|
wpabuf_put_u8(sm->owe_ie, WLAN_EID_EXT_OWE_DH_PARAM);
|
||||||
wpabuf_put_le16(owe_ie, group);
|
wpabuf_put_le16(sm->owe_ie, group);
|
||||||
wpabuf_put_buf(owe_ie, pub);
|
wpabuf_put_buf(sm->owe_ie, pub);
|
||||||
wpabuf_free(pub);
|
wpabuf_free(pub);
|
||||||
|
|
||||||
wpa_hexdump_buf(MSG_DEBUG, "OWE: Diffie-Hellman Parameter element", owe_ie);
|
wpa_hexdump_buf(MSG_DEBUG, "OWE: Diffie-Hellman Parameter element", sm->owe_ie);
|
||||||
|
|
||||||
return (struct wpabuf *)wpabuf_head(owe_ie);
|
return (struct wpabuf *)wpabuf_head(sm->owe_ie);
|
||||||
|
|
||||||
fail:
|
fail:
|
||||||
wpabuf_free(pub);
|
wpabuf_free(pub);
|
||||||
@@ -2771,6 +2775,10 @@ int owe_process_assoc_resp(const u8 *rsn_ie, size_t rsn_len, const uint8_t *dh_i
|
|||||||
sm = get_wpa_sm();
|
sm = get_wpa_sm();
|
||||||
|
|
||||||
(void)res;
|
(void)res;
|
||||||
|
|
||||||
|
wpabuf_free(sm->owe_ie); //free the dh ie constructed in owe_build_assoc_req
|
||||||
|
sm->owe_ie = NULL;
|
||||||
|
|
||||||
struct wpa_ie_data *parsed_rsn_data;
|
struct wpa_ie_data *parsed_rsn_data;
|
||||||
parsed_rsn_data = os_zalloc(sizeof(struct wpa_ie_data));
|
parsed_rsn_data = os_zalloc(sizeof(struct wpa_ie_data));
|
||||||
if (!parsed_rsn_data) {
|
if (!parsed_rsn_data) {
|
||||||
|
|||||||
@@ -115,6 +115,7 @@ struct wpa_sm {
|
|||||||
#ifdef CONFIG_OWE_STA
|
#ifdef CONFIG_OWE_STA
|
||||||
struct crypto_ecdh *owe_ecdh;
|
struct crypto_ecdh *owe_ecdh;
|
||||||
u16 owe_group;
|
u16 owe_group;
|
||||||
|
struct wpabuf *owe_ie;
|
||||||
#endif /* CONFIG_OWE_STA */
|
#endif /* CONFIG_OWE_STA */
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user