Hi Andrew,

On 01/01/2019 01:49 PM, Andrew Zaborowski wrote:
> Add a function to validate local private value payloads against a
> the group's prime before creating kernel keys out of them, and to

Do we have the same issue in iwd EAP-WSC?

> validate public values received from the peer.

Note that the kernel already performs almost the same check in 
dh_is_pubkey_valid

Might make more sense to create an API to generate a valid private key 
with the needed constraints.  E.g. by twiddling the MSBs to 0 until the 
private key is less than the prime.

> ---
>   ell/ell.sym |  1 +
>   ell/key.c   | 48 ++++++++++++++++++++++++++++++++++++++++++++++++
>   ell/key.h   |  3 +++
>   3 files changed, 52 insertions(+)
> 

Regards,
-Denis