diff options
| author | David Bauer <mail@david-bauer.net> | 2021-05-06 01:53:49 +0200 |
|---|---|---|
| committer | David Bauer <mail@david-bauer.net> | 2021-05-21 15:44:05 +0200 |
| commit | ddcb970274c011d3db611ec39350ee4704ff0e02 (patch) | |
| tree | 1dd9ea3bab2d983d63b157cd28d503377c1a6887 | |
| parent | ef9b103107aebd1a54f4360af3d9cf28d0544f13 (diff) | |
| download | upstream-ddcb970274c011d3db611ec39350ee4704ff0e02.tar.gz upstream-ddcb970274c011d3db611ec39350ee4704ff0e02.tar.bz2 upstream-ddcb970274c011d3db611ec39350ee4704ff0e02.zip | |
hostapd: wolfssl: add RNG to EC key
Since upstream commit 6467de5a8840 ("Randomize z ordinates in
scalar mult when timing resistant") WolfSSL requires a RNG for
the EC key when built hardened which is the default.
Set the RNG for the EC key to fix connections for OWE clients.
Signed-off-by: David Bauer <mail@david-bauer.net>
| -rw-r--r-- | package/network/services/hostapd/Makefile | 2 | ||||
| -rw-r--r-- | package/network/services/hostapd/patches/0001-wolfssl-init-RNG-with-ECC-key.patch | 48 |
2 files changed, 49 insertions, 1 deletions
diff --git a/package/network/services/hostapd/Makefile b/package/network/services/hostapd/Makefile index bd2a7c96ad..0779421b8d 100644 --- a/package/network/services/hostapd/Makefile +++ b/package/network/services/hostapd/Makefile @@ -7,7 +7,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=hostapd -PKG_RELEASE:=32 +PKG_RELEASE:=33 PKG_SOURCE_URL:=http://w1.fi/hostap.git PKG_SOURCE_PROTO:=git diff --git a/package/network/services/hostapd/patches/0001-wolfssl-init-RNG-with-ECC-key.patch b/package/network/services/hostapd/patches/0001-wolfssl-init-RNG-with-ECC-key.patch new file mode 100644 index 0000000000..89d111e991 --- /dev/null +++ b/package/network/services/hostapd/patches/0001-wolfssl-init-RNG-with-ECC-key.patch @@ -0,0 +1,48 @@ +From 21ce83b4ae2b9563175fdb4fc4312096cc399cf8 Mon Sep 17 00:00:00 2001 +From: David Bauer <mail@david-bauer.net> +Date: Wed, 5 May 2021 00:44:34 +0200 +Subject: [PATCH] wolfssl: add RNG to EC key + +Since upstream commit 6467de5a8840 ("Randomize z ordinates in +scalar mult when timing resistant") WolfSSL requires a RNG for +the EC key when built hardened which is the default. + +Set the RNG for the EC key to fix connections for OWE clients. + +Signed-off-by: David Bauer <mail@david-bauer.net> +--- + src/crypto/crypto_wolfssl.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/src/crypto/crypto_wolfssl.c b/src/crypto/crypto_wolfssl.c +index 2e4bf8962..ed2528159 100644 +--- a/src/crypto/crypto_wolfssl.c ++++ b/src/crypto/crypto_wolfssl.c +@@ -1303,6 +1303,7 @@ int ecc_projective_add_point(ecc_point *P, ecc_point *Q, ecc_point *R, + + struct crypto_ec { + ecc_key key; ++ WC_RNG rng; + mp_int a; + mp_int prime; + mp_int order; +@@ -1357,6 +1358,8 @@ struct crypto_ec * crypto_ec_init(int group) + return NULL; + + if (wc_ecc_init(&e->key) != 0 || ++ wc_InitRng(&e->rng) != 0 || ++ wc_ecc_set_rng(&e->key, &e->rng) != 0 || + wc_ecc_set_curve(&e->key, 0, curve_id) != 0 || + mp_init(&e->a) != MP_OKAY || + mp_init(&e->prime) != MP_OKAY || +@@ -1388,6 +1391,7 @@ void crypto_ec_deinit(struct crypto_ec* e) + mp_clear(&e->order); + mp_clear(&e->prime); + mp_clear(&e->a); ++ wc_FreeRng(&e->rng); + wc_ecc_free(&e->key); + os_free(e); + } +-- +2.31.1 + |