hostapd: backport wolfssl bignum fixes

crypto_bignum_rand() use needless time-consuming filtering
which resulted in SAE no longer connecting within time limits.
Import fixes from hostap upstream to fix that.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 631c437a91)
This commit is contained in:
Daniel Golle 2020-05-16 23:23:41 +02:00
parent ab7e9754df
commit d8d1956a80
4 changed files with 107 additions and 1 deletions

View File

@ -7,7 +7,7 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=hostapd
PKG_RELEASE:=3
PKG_RELEASE:=4
PKG_SOURCE_URL:=http://w1.fi/hostap.git
PKG_SOURCE_PROTO:=git

View File

@ -0,0 +1,31 @@
From 6a28c4dbc102de3fed9db44637f47a10e7adfb78 Mon Sep 17 00:00:00 2001
From: Jouni Malinen <j@w1.fi>
Date: Sat, 16 May 2020 21:01:51 +0300
Subject: [PATCH 1/3] wolfssl: Fix compiler warnings on size_t printf format
use
Signed-off-by: Jouni Malinen <j@w1.fi>
---
src/crypto/tls_wolfssl.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/src/crypto/tls_wolfssl.c
+++ b/src/crypto/tls_wolfssl.c
@@ -1741,7 +1741,7 @@ struct wpabuf * tls_connection_encrypt(v
if (!conn)
return NULL;
- wpa_printf(MSG_DEBUG, "SSL: encrypt: %ld bytes", wpabuf_len(in_data));
+ wpa_printf(MSG_DEBUG, "SSL: encrypt: %zu bytes", wpabuf_len(in_data));
wolfssl_reset_out_data(&conn->output);
@@ -1792,7 +1792,7 @@ struct wpabuf * tls_connection_decrypt(v
}
wpabuf_put(buf, res);
- wpa_printf(MSG_DEBUG, "SSL: decrypt: %ld bytes", wpabuf_len(buf));
+ wpa_printf(MSG_DEBUG, "SSL: decrypt: %zu bytes", wpabuf_len(buf));
return buf;
}

View File

@ -0,0 +1,49 @@
From eb595b3e3ab531645a5bde71cf6385335b7a4b95 Mon Sep 17 00:00:00 2001
From: Jouni Malinen <j@w1.fi>
Date: Sat, 16 May 2020 21:02:17 +0300
Subject: [PATCH 2/3] wolfssl: Fix crypto_bignum_rand() implementation
The previous implementation used mp_rand_prime() to generate a random
value in range 0..m. That is insanely slow way of generating a random
value since mp_rand_prime() is for generating a random _prime_ which is
not what is needed here. Replace that implementation with generationg of
a random value in the requested range without doing any kind of prime
number checks or loops to reject values that are not primes.
This speeds up SAE and EAP-pwd routines by couple of orders of
magnitude..
Signed-off-by: Jouni Malinen <j@w1.fi>
---
src/crypto/crypto_wolfssl.c | 12 +++++++-----
1 file changed, 7 insertions(+), 5 deletions(-)
--- a/src/crypto/crypto_wolfssl.c
+++ b/src/crypto/crypto_wolfssl.c
@@ -1084,19 +1084,21 @@ int crypto_bignum_rand(struct crypto_big
{
int ret = 0;
WC_RNG rng;
+ size_t len;
+ u8 *buf;
if (TEST_FAIL())
return -1;
if (wc_InitRng(&rng) != 0)
return -1;
- if (mp_rand_prime((mp_int *) r,
- (mp_count_bits((mp_int *) m) + 7) / 8 * 2,
- &rng, NULL) != 0)
- ret = -1;
- if (ret == 0 &&
+ len = (mp_count_bits((mp_int *) m) + 7) / 8;
+ buf = os_malloc(len);
+ if (!buf || wc_RNG_GenerateBlock(&rng, buf, len) != 0 ||
+ mp_read_unsigned_bin((mp_int *) r, buf, len) != MP_OKAY ||
mp_mod((mp_int *) r, (mp_int *) m, (mp_int *) r) != 0)
ret = -1;
wc_FreeRng(&rng);
+ bin_clear_free(buf, len);
return ret;
}

View File

@ -0,0 +1,26 @@
From 79488da576aeeb9400e1742fab7f463eed0fa7a1 Mon Sep 17 00:00:00 2001
From: Jouni Malinen <j@w1.fi>
Date: Sat, 16 May 2020 21:07:45 +0300
Subject: [PATCH 3/3] wolfssl: Do not hardcode include directory in
wpa_supplicant build
This is not really appropriate for any kind of cross compilations and is
not really needed in general since system specific values can be set in
.config.
Signed-off-by: Jouni Malinen <j@w1.fi>
---
wpa_supplicant/Makefile | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/wpa_supplicant/Makefile
+++ b/wpa_supplicant/Makefile
@@ -1086,7 +1086,7 @@ endif
ifeq ($(CONFIG_TLS), wolfssl)
ifdef TLS_FUNCS
-CFLAGS += -DWOLFSSL_DER_LOAD -I/usr/local/include/wolfssl
+CFLAGS += -DWOLFSSL_DER_LOAD
OBJS += ../src/crypto/tls_wolfssl.o
endif
OBJS += ../src/crypto/crypto_wolfssl.o