aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDavid Bauer <mail@david-bauer.net>2021-05-06 01:53:49 +0200
committerDavid Bauer <mail@david-bauer.net>2021-05-21 15:44:05 +0200
commitddcb970274c011d3db611ec39350ee4704ff0e02 (patch)
tree1dd9ea3bab2d983d63b157cd28d503377c1a6887
parentef9b103107aebd1a54f4360af3d9cf28d0544f13 (diff)
downloadupstream-ddcb970274c011d3db611ec39350ee4704ff0e02.tar.gz
upstream-ddcb970274c011d3db611ec39350ee4704ff0e02.tar.bz2
upstream-ddcb970274c011d3db611ec39350ee4704ff0e02.zip
hostapd: wolfssl: add RNG to EC key
Since upstream commit 6467de5a8840 ("Randomize z ordinates in scalar mult when timing resistant") WolfSSL requires a RNG for the EC key when built hardened which is the default. Set the RNG for the EC key to fix connections for OWE clients. Signed-off-by: David Bauer <mail@david-bauer.net>
-rw-r--r--package/network/services/hostapd/Makefile2
-rw-r--r--package/network/services/hostapd/patches/0001-wolfssl-init-RNG-with-ECC-key.patch48
2 files changed, 49 insertions, 1 deletions
diff --git a/package/network/services/hostapd/Makefile b/package/network/services/hostapd/Makefile
index bd2a7c96ad..0779421b8d 100644
--- a/package/network/services/hostapd/Makefile
+++ b/package/network/services/hostapd/Makefile
@@ -7,7 +7,7 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=hostapd
-PKG_RELEASE:=32
+PKG_RELEASE:=33
PKG_SOURCE_URL:=http://w1.fi/hostap.git
PKG_SOURCE_PROTO:=git
diff --git a/package/network/services/hostapd/patches/0001-wolfssl-init-RNG-with-ECC-key.patch b/package/network/services/hostapd/patches/0001-wolfssl-init-RNG-with-ECC-key.patch
new file mode 100644
index 0000000000..89d111e991
--- /dev/null
+++ b/package/network/services/hostapd/patches/0001-wolfssl-init-RNG-with-ECC-key.patch
@@ -0,0 +1,48 @@
+From 21ce83b4ae2b9563175fdb4fc4312096cc399cf8 Mon Sep 17 00:00:00 2001
+From: David Bauer <mail@david-bauer.net>
+Date: Wed, 5 May 2021 00:44:34 +0200
+Subject: [PATCH] wolfssl: add RNG to EC key
+
+Since upstream commit 6467de5a8840 ("Randomize z ordinates in
+scalar mult when timing resistant") WolfSSL requires a RNG for
+the EC key when built hardened which is the default.
+
+Set the RNG for the EC key to fix connections for OWE clients.
+
+Signed-off-by: David Bauer <mail@david-bauer.net>
+---
+ src/crypto/crypto_wolfssl.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/src/crypto/crypto_wolfssl.c b/src/crypto/crypto_wolfssl.c
+index 2e4bf8962..ed2528159 100644
+--- a/src/crypto/crypto_wolfssl.c
++++ b/src/crypto/crypto_wolfssl.c
+@@ -1303,6 +1303,7 @@ int ecc_projective_add_point(ecc_point *P, ecc_point *Q, ecc_point *R,
+
+ struct crypto_ec {
+ ecc_key key;
++ WC_RNG rng;
+ mp_int a;
+ mp_int prime;
+ mp_int order;
+@@ -1357,6 +1358,8 @@ struct crypto_ec * crypto_ec_init(int group)
+ return NULL;
+
+ if (wc_ecc_init(&e->key) != 0 ||
++ wc_InitRng(&e->rng) != 0 ||
++ wc_ecc_set_rng(&e->key, &e->rng) != 0 ||
+ wc_ecc_set_curve(&e->key, 0, curve_id) != 0 ||
+ mp_init(&e->a) != MP_OKAY ||
+ mp_init(&e->prime) != MP_OKAY ||
+@@ -1388,6 +1391,7 @@ void crypto_ec_deinit(struct crypto_ec* e)
+ mp_clear(&e->order);
+ mp_clear(&e->prime);
+ mp_clear(&e->a);
++ wc_FreeRng(&e->rng);
+ wc_ecc_free(&e->key);
+ os_free(e);
+ }
+--
+2.31.1
+