lkundrak / rpms / hostapd

Forked from rpms/hostapd 4 years ago
Clone
John W. Linville aeb7fa6
From 16d4f1069118aa19bfce013493e1ac5783f92f1d Mon Sep 17 00:00:00 2001
John W. Linville aeb7fa6
From: Jouni Malinen <jouni@codeaurora.org>
John W. Linville aeb7fa6
Date: Fri, 5 Apr 2019 02:12:50 +0300
John W. Linville aeb7fa6
Subject: [PATCH 14/14] EAP-pwd: Check element x,y coordinates explicitly
John W. Linville aeb7fa6
John W. Linville aeb7fa6
This adds an explicit check for 0 < x,y < prime based on RFC 5931,
John W. Linville aeb7fa6
2.8.5.2.2 requirement. The earlier checks might have covered this
John W. Linville aeb7fa6
implicitly, but it is safer to avoid any dependency on implicit checks
John W. Linville aeb7fa6
and specific crypto library behavior. (CVE-2019-9498 and CVE-2019-9499)
John W. Linville aeb7fa6
John W. Linville aeb7fa6
Furthermore, this moves the EAP-pwd element and scalar parsing and
John W. Linville aeb7fa6
validation steps into shared helper functions so that there is no need
John W. Linville aeb7fa6
to maintain two separate copies of this common functionality between the
John W. Linville aeb7fa6
server and peer implementations.
John W. Linville aeb7fa6
John W. Linville aeb7fa6
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
John W. Linville aeb7fa6
---
John W. Linville aeb7fa6
 src/eap_common/eap_pwd_common.c | 106 ++++++++++++++++++++++++++++++++++++++++
John W. Linville aeb7fa6
 src/eap_common/eap_pwd_common.h |   3 ++
John W. Linville aeb7fa6
 src/eap_peer/eap_pwd.c          |  45 ++---------------
John W. Linville aeb7fa6
 src/eap_server/eap_server_pwd.c |  45 ++---------------
John W. Linville aeb7fa6
 4 files changed, 117 insertions(+), 82 deletions(-)
John W. Linville aeb7fa6
John W. Linville aeb7fa6
diff --git a/src/eap_common/eap_pwd_common.c b/src/eap_common/eap_pwd_common.c
John W. Linville aeb7fa6
index e49aaf8..c28b56d 100644
John W. Linville aeb7fa6
--- a/src/eap_common/eap_pwd_common.c
John W. Linville aeb7fa6
+++ b/src/eap_common/eap_pwd_common.c
John W. Linville aeb7fa6
@@ -428,3 +428,109 @@ int compute_keys(EAP_PWD_group *grp, const struct crypto_bignum *k,
John W. Linville aeb7fa6
 
John W. Linville aeb7fa6
 	return 1;
John W. Linville aeb7fa6
 }
John W. Linville aeb7fa6
+
John W. Linville aeb7fa6
+
John W. Linville aeb7fa6
+static int eap_pwd_element_coord_ok(const struct crypto_bignum *prime,
John W. Linville aeb7fa6
+				    const u8 *buf, size_t len)
John W. Linville aeb7fa6
+{
John W. Linville aeb7fa6
+	struct crypto_bignum *val;
John W. Linville aeb7fa6
+	int ok = 1;
John W. Linville aeb7fa6
+
John W. Linville aeb7fa6
+	val = crypto_bignum_init_set(buf, len);
John W. Linville aeb7fa6
+	if (!val || crypto_bignum_is_zero(val) ||
John W. Linville aeb7fa6
+	    crypto_bignum_cmp(val, prime) >= 0)
John W. Linville aeb7fa6
+		ok = 0;
John W. Linville aeb7fa6
+	crypto_bignum_deinit(val, 0);
John W. Linville aeb7fa6
+	return ok;
John W. Linville aeb7fa6
+}
John W. Linville aeb7fa6
+
John W. Linville aeb7fa6
+
John W. Linville aeb7fa6
+struct crypto_ec_point * eap_pwd_get_element(EAP_PWD_group *group,
John W. Linville aeb7fa6
+					     const u8 *buf)
John W. Linville aeb7fa6
+{
John W. Linville aeb7fa6
+	struct crypto_ec_point *element;
John W. Linville aeb7fa6
+	const struct crypto_bignum *prime;
John W. Linville aeb7fa6
+	size_t prime_len;
John W. Linville aeb7fa6
+	struct crypto_bignum *cofactor = NULL;
John W. Linville aeb7fa6
+
John W. Linville aeb7fa6
+	prime = crypto_ec_get_prime(group->group);
John W. Linville aeb7fa6
+	prime_len = crypto_ec_prime_len(group->group);
John W. Linville aeb7fa6
+
John W. Linville aeb7fa6
+	/* RFC 5931, 2.8.5.2.2: 0 < x,y < p */
John W. Linville aeb7fa6
+	if (!eap_pwd_element_coord_ok(prime, buf, prime_len) ||
John W. Linville aeb7fa6
+	    !eap_pwd_element_coord_ok(prime, buf + prime_len, prime_len)) {
John W. Linville aeb7fa6
+		wpa_printf(MSG_INFO, "EAP-pwd: Invalid coordinate in element");
John W. Linville aeb7fa6
+		return NULL;
John W. Linville aeb7fa6
+	}
John W. Linville aeb7fa6
+
John W. Linville aeb7fa6
+	element = crypto_ec_point_from_bin(group->group, buf);
John W. Linville aeb7fa6
+	if (!element) {
John W. Linville aeb7fa6
+		wpa_printf(MSG_INFO, "EAP-pwd: EC point from element failed");
John W. Linville aeb7fa6
+		return NULL;
John W. Linville aeb7fa6
+	}
John W. Linville aeb7fa6
+
John W. Linville aeb7fa6
+	/* RFC 5931, 2.8.5.2.2: on curve and not the point at infinity */
John W. Linville aeb7fa6
+	if (!crypto_ec_point_is_on_curve(group->group, element) ||
John W. Linville aeb7fa6
+	    crypto_ec_point_is_at_infinity(group->group, element)) {
John W. Linville aeb7fa6
+		wpa_printf(MSG_INFO, "EAP-pwd: Invalid element");
John W. Linville aeb7fa6
+		goto fail;
John W. Linville aeb7fa6
+	}
John W. Linville aeb7fa6
+
John W. Linville aeb7fa6
+	cofactor = crypto_bignum_init();
John W. Linville aeb7fa6
+	if (!cofactor || crypto_ec_cofactor(group->group, cofactor) < 0) {
John W. Linville aeb7fa6
+		wpa_printf(MSG_INFO,
John W. Linville aeb7fa6
+			   "EAP-pwd: Unable to get cofactor for curve");
John W. Linville aeb7fa6
+		goto fail;
John W. Linville aeb7fa6
+	}
John W. Linville aeb7fa6
+
John W. Linville aeb7fa6
+	if (!crypto_bignum_is_one(cofactor)) {
John W. Linville aeb7fa6
+		struct crypto_ec_point *point;
John W. Linville aeb7fa6
+		int ok = 1;
John W. Linville aeb7fa6
+
John W. Linville aeb7fa6
+		/* check to ensure peer's element is not in a small sub-group */
John W. Linville aeb7fa6
+		point = crypto_ec_point_init(group->group);
John W. Linville aeb7fa6
+		if (!point ||
John W. Linville aeb7fa6
+		    crypto_ec_point_mul(group->group, element,
John W. Linville aeb7fa6
+					cofactor, point) != 0 ||
John W. Linville aeb7fa6
+		    crypto_ec_point_is_at_infinity(group->group, point))
John W. Linville aeb7fa6
+			ok = 0;
John W. Linville aeb7fa6
+		crypto_ec_point_deinit(point, 0);
John W. Linville aeb7fa6
+
John W. Linville aeb7fa6
+		if (!ok) {
John W. Linville aeb7fa6
+			wpa_printf(MSG_INFO,
John W. Linville aeb7fa6
+				   "EAP-pwd: Small sub-group check on peer element failed");
John W. Linville aeb7fa6
+			goto fail;
John W. Linville aeb7fa6
+		}
John W. Linville aeb7fa6
+	}
John W. Linville aeb7fa6
+
John W. Linville aeb7fa6
+out:
John W. Linville aeb7fa6
+	crypto_bignum_deinit(cofactor, 0);
John W. Linville aeb7fa6
+	return element;
John W. Linville aeb7fa6
+fail:
John W. Linville aeb7fa6
+	crypto_ec_point_deinit(element, 0);
John W. Linville aeb7fa6
+	element = NULL;
John W. Linville aeb7fa6
+	goto out;
John W. Linville aeb7fa6
+}
John W. Linville aeb7fa6
+
John W. Linville aeb7fa6
+
John W. Linville aeb7fa6
+struct crypto_bignum * eap_pwd_get_scalar(EAP_PWD_group *group, const u8 *buf)
John W. Linville aeb7fa6
+{
John W. Linville aeb7fa6
+	struct crypto_bignum *scalar;
John W. Linville aeb7fa6
+	const struct crypto_bignum *order;
John W. Linville aeb7fa6
+	size_t order_len;
John W. Linville aeb7fa6
+
John W. Linville aeb7fa6
+	order = crypto_ec_get_order(group->group);
John W. Linville aeb7fa6
+	order_len = crypto_ec_order_len(group->group);
John W. Linville aeb7fa6
+
John W. Linville aeb7fa6
+	/* RFC 5931, 2.8.5.2: 1 < scalar < r */
John W. Linville aeb7fa6
+	scalar = crypto_bignum_init_set(buf, order_len);
John W. Linville aeb7fa6
+	if (!scalar || crypto_bignum_is_zero(scalar) ||
John W. Linville aeb7fa6
+	    crypto_bignum_is_one(scalar) ||
John W. Linville aeb7fa6
+	    crypto_bignum_cmp(scalar, order) >= 0) {
John W. Linville aeb7fa6
+		wpa_printf(MSG_INFO, "EAP-pwd: received scalar is invalid");
John W. Linville aeb7fa6
+		crypto_bignum_deinit(scalar, 0);
John W. Linville aeb7fa6
+		scalar = NULL;
John W. Linville aeb7fa6
+	}
John W. Linville aeb7fa6
+
John W. Linville aeb7fa6
+	return scalar;
John W. Linville aeb7fa6
+}
John W. Linville aeb7fa6
diff --git a/src/eap_common/eap_pwd_common.h b/src/eap_common/eap_pwd_common.h
John W. Linville aeb7fa6
index 6b07cf8..2387e59 100644
John W. Linville aeb7fa6
--- a/src/eap_common/eap_pwd_common.h
John W. Linville aeb7fa6
+++ b/src/eap_common/eap_pwd_common.h
John W. Linville aeb7fa6
@@ -67,5 +67,8 @@ int compute_keys(EAP_PWD_group *grp, const struct crypto_bignum *k,
John W. Linville aeb7fa6
 struct crypto_hash * eap_pwd_h_init(void);
John W. Linville aeb7fa6
 void eap_pwd_h_update(struct crypto_hash *hash, const u8 *data, size_t len);
John W. Linville aeb7fa6
 void eap_pwd_h_final(struct crypto_hash *hash, u8 *digest);
John W. Linville aeb7fa6
+struct crypto_ec_point * eap_pwd_get_element(EAP_PWD_group *group,
John W. Linville aeb7fa6
+					     const u8 *buf);
John W. Linville aeb7fa6
+struct crypto_bignum * eap_pwd_get_scalar(EAP_PWD_group *group, const u8 *buf);
John W. Linville aeb7fa6
 
John W. Linville aeb7fa6
 #endif  /* EAP_PWD_COMMON_H */
John W. Linville aeb7fa6
diff --git a/src/eap_peer/eap_pwd.c b/src/eap_peer/eap_pwd.c
John W. Linville aeb7fa6
index 5a05e54..f37b974 100644
John W. Linville aeb7fa6
--- a/src/eap_peer/eap_pwd.c
John W. Linville aeb7fa6
+++ b/src/eap_peer/eap_pwd.c
John W. Linville aeb7fa6
@@ -308,7 +308,7 @@ eap_pwd_perform_commit_exchange(struct eap_sm *sm, struct eap_pwd_data *data,
John W. Linville aeb7fa6
 				const struct wpabuf *reqData,
John W. Linville aeb7fa6
 				const u8 *payload, size_t payload_len)
John W. Linville aeb7fa6
 {
John W. Linville aeb7fa6
-	struct crypto_ec_point *K = NULL, *point = NULL;
John W. Linville aeb7fa6
+	struct crypto_ec_point *K = NULL;
John W. Linville aeb7fa6
 	struct crypto_bignum *mask = NULL, *cofactor = NULL;
John W. Linville aeb7fa6
 	const u8 *ptr = payload;
John W. Linville aeb7fa6
 	u8 *scalar = NULL, *element = NULL;
John W. Linville aeb7fa6
@@ -572,63 +572,27 @@ eap_pwd_perform_commit_exchange(struct eap_sm *sm, struct eap_pwd_data *data,
John W. Linville aeb7fa6
 	/* process the request */
John W. Linville aeb7fa6
 	data->k = crypto_bignum_init();
John W. Linville aeb7fa6
 	K = crypto_ec_point_init(data->grp->group);
John W. Linville aeb7fa6
-	point = crypto_ec_point_init(data->grp->group);
John W. Linville aeb7fa6
-	if (!data->k || !K || !point) {
John W. Linville aeb7fa6
+	if (!data->k || !K) {
John W. Linville aeb7fa6
 		wpa_printf(MSG_INFO, "EAP-PWD (peer): peer data allocation "
John W. Linville aeb7fa6
 			   "fail");
John W. Linville aeb7fa6
 		goto fin;
John W. Linville aeb7fa6
 	}
John W. Linville aeb7fa6
 
John W. Linville aeb7fa6
 	/* element, x then y, followed by scalar */
John W. Linville aeb7fa6
-	data->server_element = crypto_ec_point_from_bin(data->grp->group, ptr);
John W. Linville aeb7fa6
+	data->server_element = eap_pwd_get_element(data->grp, ptr);
John W. Linville aeb7fa6
 	if (!data->server_element) {
John W. Linville aeb7fa6
 		wpa_printf(MSG_INFO, "EAP-PWD (peer): setting peer element "
John W. Linville aeb7fa6
 			   "fail");
John W. Linville aeb7fa6
 		goto fin;
John W. Linville aeb7fa6
 	}
John W. Linville aeb7fa6
 	ptr += prime_len * 2;
John W. Linville aeb7fa6
-	data->server_scalar = crypto_bignum_init_set(ptr, order_len);
John W. Linville aeb7fa6
+	data->server_scalar = eap_pwd_get_scalar(data->grp, ptr);
John W. Linville aeb7fa6
 	if (!data->server_scalar) {
John W. Linville aeb7fa6
 		wpa_printf(MSG_INFO,
John W. Linville aeb7fa6
 			   "EAP-PWD (peer): setting peer scalar fail");
John W. Linville aeb7fa6
 		goto fin;
John W. Linville aeb7fa6
 	}
John W. Linville aeb7fa6
 
John W. Linville aeb7fa6
-	/* verify received scalar */
John W. Linville aeb7fa6
-	if (crypto_bignum_is_zero(data->server_scalar) ||
John W. Linville aeb7fa6
-	    crypto_bignum_is_one(data->server_scalar) ||
John W. Linville aeb7fa6
-	    crypto_bignum_cmp(data->server_scalar,
John W. Linville aeb7fa6
-			      crypto_ec_get_order(data->grp->group)) >= 0) {
John W. Linville aeb7fa6
-		wpa_printf(MSG_INFO,
John W. Linville aeb7fa6
-			   "EAP-PWD (peer): received scalar is invalid");
John W. Linville aeb7fa6
-		goto fin;
John W. Linville aeb7fa6
-	}
John W. Linville aeb7fa6
-
John W. Linville aeb7fa6
-	/* verify received element */
John W. Linville aeb7fa6
-	if (!crypto_ec_point_is_on_curve(data->grp->group,
John W. Linville aeb7fa6
-					 data->server_element) ||
John W. Linville aeb7fa6
-	    crypto_ec_point_is_at_infinity(data->grp->group,
John W. Linville aeb7fa6
-					   data->server_element)) {
John W. Linville aeb7fa6
-		wpa_printf(MSG_INFO,
John W. Linville aeb7fa6
-			   "EAP-PWD (peer): received element is invalid");
John W. Linville aeb7fa6
-		goto fin;
John W. Linville aeb7fa6
-	}
John W. Linville aeb7fa6
-
John W. Linville aeb7fa6
-	/* check to ensure server's element is not in a small sub-group */
John W. Linville aeb7fa6
-	if (!crypto_bignum_is_one(cofactor)) {
John W. Linville aeb7fa6
-		if (crypto_ec_point_mul(data->grp->group, data->server_element,
John W. Linville aeb7fa6
-					cofactor, point) < 0) {
John W. Linville aeb7fa6
-			wpa_printf(MSG_INFO, "EAP-PWD (peer): cannot multiply "
John W. Linville aeb7fa6
-				   "server element by order!\n");
John W. Linville aeb7fa6
-			goto fin;
John W. Linville aeb7fa6
-		}
John W. Linville aeb7fa6
-		if (crypto_ec_point_is_at_infinity(data->grp->group, point)) {
John W. Linville aeb7fa6
-			wpa_printf(MSG_INFO, "EAP-PWD (peer): server element "
John W. Linville aeb7fa6
-				   "is at infinity!\n");
John W. Linville aeb7fa6
-			goto fin;
John W. Linville aeb7fa6
-		}
John W. Linville aeb7fa6
-	}
John W. Linville aeb7fa6
-
John W. Linville aeb7fa6
 	/* compute the shared key, k */
John W. Linville aeb7fa6
 	if (crypto_ec_point_mul(data->grp->group, data->grp->pwe,
John W. Linville aeb7fa6
 				data->server_scalar, K) < 0 ||
John W. Linville aeb7fa6
@@ -702,7 +666,6 @@ fin:
John W. Linville aeb7fa6
 	crypto_bignum_deinit(mask, 1);
John W. Linville aeb7fa6
 	crypto_bignum_deinit(cofactor, 1);
John W. Linville aeb7fa6
 	crypto_ec_point_deinit(K, 1);
John W. Linville aeb7fa6
-	crypto_ec_point_deinit(point, 1);
John W. Linville aeb7fa6
 	if (data->outbuf == NULL)
John W. Linville aeb7fa6
 		eap_pwd_state(data, FAILURE);
John W. Linville aeb7fa6
 	else
John W. Linville aeb7fa6
diff --git a/src/eap_server/eap_server_pwd.c b/src/eap_server/eap_server_pwd.c
John W. Linville aeb7fa6
index 16057e9..f6c75cf 100644
John W. Linville aeb7fa6
--- a/src/eap_server/eap_server_pwd.c
John W. Linville aeb7fa6
+++ b/src/eap_server/eap_server_pwd.c
John W. Linville aeb7fa6
@@ -669,7 +669,7 @@ eap_pwd_process_commit_resp(struct eap_sm *sm, struct eap_pwd_data *data,
John W. Linville aeb7fa6
 {
John W. Linville aeb7fa6
 	const u8 *ptr;
John W. Linville aeb7fa6
 	struct crypto_bignum *cofactor = NULL;
John W. Linville aeb7fa6
-	struct crypto_ec_point *K = NULL, *point = NULL;
John W. Linville aeb7fa6
+	struct crypto_ec_point *K = NULL;
John W. Linville aeb7fa6
 	int res = 0;
John W. Linville aeb7fa6
 	size_t prime_len, order_len;
John W. Linville aeb7fa6
 
John W. Linville aeb7fa6
@@ -688,9 +688,8 @@ eap_pwd_process_commit_resp(struct eap_sm *sm, struct eap_pwd_data *data,
John W. Linville aeb7fa6
 
John W. Linville aeb7fa6
 	data->k = crypto_bignum_init();
John W. Linville aeb7fa6
 	cofactor = crypto_bignum_init();
John W. Linville aeb7fa6
-	point = crypto_ec_point_init(data->grp->group);
John W. Linville aeb7fa6
 	K = crypto_ec_point_init(data->grp->group);
John W. Linville aeb7fa6
-	if (!data->k || !cofactor || !point || !K) {
John W. Linville aeb7fa6
+	if (!data->k || !cofactor || !K) {
John W. Linville aeb7fa6
 		wpa_printf(MSG_INFO, "EAP-PWD (server): peer data allocation "
John W. Linville aeb7fa6
 			   "fail");
John W. Linville aeb7fa6
 		goto fin;
John W. Linville aeb7fa6
@@ -704,55 +703,20 @@ eap_pwd_process_commit_resp(struct eap_sm *sm, struct eap_pwd_data *data,
John W. Linville aeb7fa6
 
John W. Linville aeb7fa6
 	/* element, x then y, followed by scalar */
John W. Linville aeb7fa6
 	ptr = payload;
John W. Linville aeb7fa6
-	data->peer_element = crypto_ec_point_from_bin(data->grp->group, ptr);
John W. Linville aeb7fa6
+	data->peer_element = eap_pwd_get_element(data->grp, ptr);
John W. Linville aeb7fa6
 	if (!data->peer_element) {
John W. Linville aeb7fa6
 		wpa_printf(MSG_INFO, "EAP-PWD (server): setting peer element "
John W. Linville aeb7fa6
 			   "fail");
John W. Linville aeb7fa6
 		goto fin;
John W. Linville aeb7fa6
 	}
John W. Linville aeb7fa6
 	ptr += prime_len * 2;
John W. Linville aeb7fa6
-	data->peer_scalar = crypto_bignum_init_set(ptr, order_len);
John W. Linville aeb7fa6
+	data->peer_scalar = eap_pwd_get_scalar(data->grp, ptr);
John W. Linville aeb7fa6
 	if (!data->peer_scalar) {
John W. Linville aeb7fa6
 		wpa_printf(MSG_INFO, "EAP-PWD (server): peer data allocation "
John W. Linville aeb7fa6
 			   "fail");
John W. Linville aeb7fa6
 		goto fin;
John W. Linville aeb7fa6
 	}
John W. Linville aeb7fa6
 
John W. Linville aeb7fa6
-	/* verify received scalar */
John W. Linville aeb7fa6
-	if (crypto_bignum_is_zero(data->peer_scalar) ||
John W. Linville aeb7fa6
-	    crypto_bignum_is_one(data->peer_scalar) ||
John W. Linville aeb7fa6
-	    crypto_bignum_cmp(data->peer_scalar,
John W. Linville aeb7fa6
-			      crypto_ec_get_order(data->grp->group)) >= 0) {
John W. Linville aeb7fa6
-		wpa_printf(MSG_INFO,
John W. Linville aeb7fa6
-			   "EAP-PWD (server): received scalar is invalid");
John W. Linville aeb7fa6
-		goto fin;
John W. Linville aeb7fa6
-	}
John W. Linville aeb7fa6
-
John W. Linville aeb7fa6
-	/* verify received element */
John W. Linville aeb7fa6
-	if (!crypto_ec_point_is_on_curve(data->grp->group,
John W. Linville aeb7fa6
-					 data->peer_element) ||
John W. Linville aeb7fa6
-	    crypto_ec_point_is_at_infinity(data->grp->group,
John W. Linville aeb7fa6
-					   data->peer_element)) {
John W. Linville aeb7fa6
-		wpa_printf(MSG_INFO,
John W. Linville aeb7fa6
-			   "EAP-PWD (server): received element is invalid");
John W. Linville aeb7fa6
-		goto fin;
John W. Linville aeb7fa6
-	}
John W. Linville aeb7fa6
-
John W. Linville aeb7fa6
-	/* check to ensure peer's element is not in a small sub-group */
John W. Linville aeb7fa6
-	if (!crypto_bignum_is_one(cofactor)) {
John W. Linville aeb7fa6
-		if (crypto_ec_point_mul(data->grp->group, data->peer_element,
John W. Linville aeb7fa6
-					cofactor, point) != 0) {
John W. Linville aeb7fa6
-			wpa_printf(MSG_INFO, "EAP-PWD (server): cannot "
John W. Linville aeb7fa6
-				   "multiply peer element by order");
John W. Linville aeb7fa6
-			goto fin;
John W. Linville aeb7fa6
-		}
John W. Linville aeb7fa6
-		if (crypto_ec_point_is_at_infinity(data->grp->group, point)) {
John W. Linville aeb7fa6
-			wpa_printf(MSG_INFO, "EAP-PWD (server): peer element "
John W. Linville aeb7fa6
-				   "is at infinity!\n");
John W. Linville aeb7fa6
-			goto fin;
John W. Linville aeb7fa6
-		}
John W. Linville aeb7fa6
-	}
John W. Linville aeb7fa6
-
John W. Linville aeb7fa6
 	/* detect reflection attacks */
John W. Linville aeb7fa6
 	if (crypto_bignum_cmp(data->my_scalar, data->peer_scalar) == 0 ||
John W. Linville aeb7fa6
 	    crypto_ec_point_cmp(data->grp->group, data->my_element,
John W. Linville aeb7fa6
@@ -804,7 +768,6 @@ eap_pwd_process_commit_resp(struct eap_sm *sm, struct eap_pwd_data *data,
John W. Linville aeb7fa6
 
John W. Linville aeb7fa6
 fin:
John W. Linville aeb7fa6
 	crypto_ec_point_deinit(K, 1);
John W. Linville aeb7fa6
-	crypto_ec_point_deinit(point, 1);
John W. Linville aeb7fa6
 	crypto_bignum_deinit(cofactor, 1);
John W. Linville aeb7fa6
 
John W. Linville aeb7fa6
 	if (res)
John W. Linville aeb7fa6
-- 
John W. Linville aeb7fa6
2.7.4
John W. Linville aeb7fa6