diff options
author | Hauke Mehrtens <hauke@hauke-m.de> | 2019-08-10 16:49:34 +0200 |
---|---|---|
committer | Petr Štetiar <ynezz@true.cz> | 2019-11-14 20:59:58 +0100 |
commit | 5e8d1b52dafb04428898fe3ba9c2920a0fb6f653 (patch) | |
tree | fc9ae49a15287e2e7b22ace3886f1ef461edd1f0 /package/network/services/hostapd/patches/066-0004-SAE-Run-through-prf-result-processing-even-if-it-pri.patch | |
parent | 80b58a9db6a514138e979ccf06d0fe4dc52f0907 (diff) | |
download | upstream-5e8d1b52dafb04428898fe3ba9c2920a0fb6f653.tar.gz upstream-5e8d1b52dafb04428898fe3ba9c2920a0fb6f653.tar.bz2 upstream-5e8d1b52dafb04428898fe3ba9c2920a0fb6f653.zip |
hostapd: Update to version 2.9 (2019-08-08)
The size of the ipkgs increase a bit (between 0.7% and 1.1%):
old 2019-04-21 (2.8):
288264 wpad-basic_2019-04-21-63962824-1_mipsel_24kc.ipk
256188 wpad-mini_2019-04-21-63962824-1_mipsel_24kc.ipk
427475 wpad-openssl_2019-04-21-63962824-1_mipsel_24kc.ipk
423071 wpad-wolfssl_2019-04-21-63962824-1_mipsel_24kc.ipk
new 2019-08-08 (2.9):
290217 wpad-basic_2019-08-08-ca8c2bd2-1_mipsel_24kc.ipk
258745 wpad-mini_2019-08-08-ca8c2bd2-1_mipsel_24kc.ipk
431732 wpad-openssl_2019-08-08-ca8c2bd2-1_mipsel_24kc.ipk
427641 wpad-wolfssl_2019-08-08-ca8c2bd2-1_mipsel_24kc.ipk
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 167028b750028ae3dac24f5ff96bbb1ba04e8bd7)
Diffstat (limited to 'package/network/services/hostapd/patches/066-0004-SAE-Run-through-prf-result-processing-even-if-it-pri.patch')
-rw-r--r-- | package/network/services/hostapd/patches/066-0004-SAE-Run-through-prf-result-processing-even-if-it-pri.patch | 54 |
1 files changed, 0 insertions, 54 deletions
diff --git a/package/network/services/hostapd/patches/066-0004-SAE-Run-through-prf-result-processing-even-if-it-pri.patch b/package/network/services/hostapd/patches/066-0004-SAE-Run-through-prf-result-processing-even-if-it-pri.patch deleted file mode 100644 index 7337cb35bd..0000000000 --- a/package/network/services/hostapd/patches/066-0004-SAE-Run-through-prf-result-processing-even-if-it-pri.patch +++ /dev/null @@ -1,54 +0,0 @@ -From a25b48118d75f3c2d7cb1b2c3b4cffb13091a34c Mon Sep 17 00:00:00 2001 -From: Jouni Malinen <j@w1.fi> -Date: Mon, 24 Jun 2019 23:01:06 +0300 -Subject: [PATCH 4/6] SAE: Run through prf result processing even if it >= - prime - -This reduces differences in timing and memory access within the -hunting-and-pecking loop for ECC groups that have a prime that is not -close to a power of two (e.g., Brainpool curves). - -Signed-off-by: Jouni Malinen <j@w1.fi> -(cherry picked from commit 147bf7b88a9c231322b5b574263071ca6dbb0503) ---- - src/common/sae.c | 15 ++++++++++++--- - 1 file changed, 12 insertions(+), 3 deletions(-) - ---- a/src/common/sae.c -+++ b/src/common/sae.c -@@ -304,6 +304,8 @@ static int sae_test_pwd_seed_ecc(struct - struct crypto_bignum *y_sqr, *x_cand; - int res; - size_t bits; -+ int cmp_prime; -+ unsigned int in_range; - - wpa_hexdump_key(MSG_DEBUG, "SAE: pwd-seed", pwd_seed, SHA256_MAC_LEN); - -@@ -317,8 +319,13 @@ static int sae_test_pwd_seed_ecc(struct - wpa_hexdump_key(MSG_DEBUG, "SAE: pwd-value", - pwd_value, sae->tmp->prime_len); - -- if (const_time_memcmp(pwd_value, prime, sae->tmp->prime_len) >= 0) -- return 0; -+ cmp_prime = const_time_memcmp(pwd_value, prime, sae->tmp->prime_len); -+ /* Create a const_time mask for selection based on prf result -+ * being smaller than prime. */ -+ in_range = const_time_fill_msb((unsigned int) cmp_prime); -+ /* The algorithm description would skip the next steps if -+ * cmp_prime >= 0 (reutnr 0 here), but go through them regardless to -+ * minimize externally observable differences in behavior. */ - - x_cand = crypto_bignum_init_set(pwd_value, sae->tmp->prime_len); - if (!x_cand) -@@ -330,7 +337,9 @@ static int sae_test_pwd_seed_ecc(struct - - res = is_quadratic_residue_blind(sae, prime, bits, qr, qnr, y_sqr); - crypto_bignum_deinit(y_sqr, 1); -- return res; -+ if (res < 0) -+ return res; -+ return const_time_select_int(in_range, res, 0); - } - - |