ExternalVendorCode/openwrt
1
0
Fork 0
mirror of https://github.com/openwrt/openwrt.git synced 2025-01-02 03:56:49 +00:00
Code Issues Actions 6 Packages Projects Releases Wiki Activity
8af79550e6
openwrt/package/network/services/hostapd/patches/066-0005-EAP-pwd-Run-through-prf-result-processing-even-if-it.patch
Hauke Mehrtens 8af79550e6 hostapd: Update to version 2.8 (2019-04-21) 
This also syncs the configuration files with the default configuration
files, but no extra options are activated or deactivated.

The mesh patches were partially merged into hostapd 2.8, the remaining
patches were extracted from patchwork and are now applied by OpenWrt.
The patches still have open questions which are not fixed by the author.
They were taken from this page:
https://patchwork.ozlabs.org/project/hostap/list/?series=62725&state=*

The changes in 007-mesh-apply-channel-attributes-before-running-Mesh.patch
where first applied to hostapd, but later reverted in hostapd commit
3e949655ccc5 because they caused memory leaks.

The size of the ipkgs increase a bit (between 1.3% and 2.3%):

old 2018-12-02 (2.7):
283337 wpad-basic_2018-12-02-c2c6c01b-11_mipsel_24kc.ipk
252857 wpad-mini_2018-12-02-c2c6c01b-11_mipsel_24kc.ipk
417473 wpad-openssl_2018-12-02-c2c6c01b-11_mipsel_24kc.ipk
415105 wpad-wolfssl_2018-12-02-c2c6c01b-11_mipsel_24kc.ipk

new 2019-04-21 (2.8):
288264 wpad-basic_2019-04-21-63962824-1_mipsel_24kc.ipk
256188 wpad-mini_2019-04-21-63962824-1_mipsel_24kc.ipk
427475 wpad-openssl_2019-04-21-63962824-1_mipsel_24kc.ipk
423071 wpad-wolfssl_2019-04-21-63962824-1_mipsel_24kc.ipk

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Tested-by: Stefan Lippers-Hollmann <s.l-h@gmx.de>
2019-09-22 17:39:26 +02:00

53 lines
1.9 KiB
Diff
Raw Blame History

From 00a6cc73da61b03c146b6c341d0d1e572bcef432 Mon Sep 17 00:00:00 2001
From: Jouni Malinen <j@w1.fi>
Date: Mon, 24 Jun 2019 23:02:51 +0300
Subject: [PATCH 5/6] EAP-pwd: Run through prf result processing even if it >=
prime
This reduces differences in timing and memory access within the
hunting-and-pecking loop for ECC groups that have a prime that is not
close to a power of two (e.g., Brainpool curves).
Signed-off-by: Jouni Malinen <j@w1.fi>
(cherry picked from commit cd803299ca485eb857e37c88f973fccfbb8600e5)
---
src/eap_common/eap_pwd_common.c | 13 ++++++++++---
1 file changed, 10 insertions(+), 3 deletions(-)
--- a/src/eap_common/eap_pwd_common.c
+++ b/src/eap_common/eap_pwd_common.c
@@ -155,6 +155,8 @@ int compute_password_element(EAP_PWD_gro
struct crypto_bignum *x_candidate = NULL;
const struct crypto_bignum *prime;
u8 mask, found_ctr = 0, is_odd = 0;
+ int cmp_prime;
+ unsigned int in_range;
if (grp->pwe)
return -1;
@@ -241,8 +243,13 @@ int compute_password_element(EAP_PWD_gro
if (primebitlen % 8)
buf_shift_right(prfbuf, primebytelen,
8 - primebitlen % 8);
- if (const_time_memcmp(prfbuf, prime_bin, primebytelen) >= 0)
- continue;
+ cmp_prime = const_time_memcmp(prfbuf, prime_bin, primebytelen);
+ /* Create a const_time mask for selection based on prf result
+ * being smaller than prime. */
+ in_range = const_time_fill_msb((unsigned int) cmp_prime);
+ /* The algorithm description would skip the next steps if
+ * cmp_prime >= 0, but go through them regardless to minimize
+ * externally observable differences in behavior. */
crypto_bignum_deinit(x_candidate, 1);
x_candidate = crypto_bignum_init_set(prfbuf, primebytelen);
@@ -306,7 +313,7 @@ int compute_password_element(EAP_PWD_gro
goto fail;
mask = const_time_eq(res, check);
found_ctr = const_time_select_u8(found, found_ctr, ctr);
- found |= mask;
+ found |= mask & in_range;
}
if (found == 0) {
wpa_printf(MSG_INFO,
Reference in New Issue View Git Blame Copy Permalink