diff options
Diffstat (limited to 'package/network/services/hostapd/patches/060-0001-EAP-pwd-Move-EC-group-initialization-to-earlier-step.patch')
-rw-r--r-- | package/network/services/hostapd/patches/060-0001-EAP-pwd-Move-EC-group-initialization-to-earlier-step.patch | 104 |
1 files changed, 104 insertions, 0 deletions
diff --git a/package/network/services/hostapd/patches/060-0001-EAP-pwd-Move-EC-group-initialization-to-earlier-step.patch b/package/network/services/hostapd/patches/060-0001-EAP-pwd-Move-EC-group-initialization-to-earlier-step.patch new file mode 100644 index 0000000000..6d35769e30 --- /dev/null +++ b/package/network/services/hostapd/patches/060-0001-EAP-pwd-Move-EC-group-initialization-to-earlier-step.patch @@ -0,0 +1,104 @@ +From 2a5c291881fa819325d0287d0763776edfcb1943 Mon Sep 17 00:00:00 2001 +From: Dan Harkins <dharkins@lounge.org> +Date: Fri, 25 May 2018 21:40:04 +0300 +Subject: [PATCH] EAP-pwd: Move EC group initialization to earlier step + +This is needed for adding support for salted passwords. + +Signed-off-by: Dan Harkins <dharkins@lounge.org> +--- + src/eap_common/eap_pwd_common.c | 32 +++++++++++++++++++++++--------- + src/eap_common/eap_pwd_common.h | 1 + + src/eap_peer/eap_pwd.c | 2 +- + src/eap_server/eap_server_pwd.c | 2 +- + 4 files changed, 26 insertions(+), 11 deletions(-) + +--- a/src/eap_common/eap_pwd_common.c ++++ b/src/eap_common/eap_pwd_common.c +@@ -81,6 +81,27 @@ static int eap_pwd_kdf(const u8 *key, si + } + + ++EAP_PWD_group * get_eap_pwd_group(u16 num) ++{ ++ EAP_PWD_group *grp; ++ ++ grp = os_zalloc(sizeof(EAP_PWD_group)); ++ if (!grp) ++ return NULL; ++ grp->group = crypto_ec_init(num); ++ if (!grp->group) { ++ wpa_printf(MSG_INFO, "EAP-pwd: unable to create EC group"); ++ os_free(grp); ++ return NULL; ++ } ++ ++ grp->group_num = num; ++ wpa_printf(MSG_INFO, "EAP-pwd: provisioned group %d", num); ++ ++ return grp; ++} ++ ++ + /* + * compute a "random" secret point on an elliptic curve based + * on the password and identities. +@@ -97,12 +118,8 @@ int compute_password_element(EAP_PWD_gro + size_t primebytelen, primebitlen; + struct crypto_bignum *x_candidate = NULL, *rnd = NULL, *cofactor = NULL; + +- grp->pwe = NULL; +- grp->group = crypto_ec_init(num); +- if (!grp->group) { +- wpa_printf(MSG_INFO, "EAP-pwd: unable to create EC group"); +- goto fail; +- } ++ if (grp->pwe) ++ return -1; + + cofactor = crypto_bignum_init(); + grp->pwe = crypto_ec_point_init(grp->group); +@@ -234,11 +251,8 @@ int compute_password_element(EAP_PWD_gro + break; + } + wpa_printf(MSG_DEBUG, "EAP-pwd: found a PWE in %d tries", ctr); +- grp->group_num = num; + if (0) { + fail: +- crypto_ec_deinit(grp->group); +- grp->group = NULL; + crypto_ec_point_deinit(grp->pwe, 1); + grp->pwe = NULL; + ret = 1; +--- a/src/eap_common/eap_pwd_common.h ++++ b/src/eap_common/eap_pwd_common.h +@@ -50,6 +50,7 @@ struct eap_pwd_id { + } STRUCT_PACKED; + + /* common routines */ ++EAP_PWD_group * get_eap_pwd_group(u16 num); + int compute_password_element(EAP_PWD_group *grp, u16 num, + const u8 *password, size_t password_len, + const u8 *id_server, size_t id_server_len, +--- a/src/eap_peer/eap_pwd.c ++++ b/src/eap_peer/eap_pwd.c +@@ -265,7 +265,7 @@ eap_pwd_perform_id_exchange(struct eap_s + wpa_hexdump_ascii(MSG_INFO, "EAP-PWD (peer): server sent id of", + data->id_server, data->id_server_len); + +- data->grp = os_zalloc(sizeof(EAP_PWD_group)); ++ data->grp = get_eap_pwd_group(data->group_num); + if (data->grp == NULL) { + wpa_printf(MSG_INFO, "EAP-PWD: failed to allocate memory for " + "group"); +--- a/src/eap_server/eap_server_pwd.c ++++ b/src/eap_server/eap_server_pwd.c +@@ -562,7 +562,7 @@ static void eap_pwd_process_id_resp(stru + wpa_hexdump_ascii(MSG_DEBUG, "EAP-PWD (server): peer sent id of", + data->id_peer, data->id_peer_len); + +- data->grp = os_zalloc(sizeof(EAP_PWD_group)); ++ data->grp = get_eap_pwd_group(data->group_num); + if (data->grp == NULL) { + wpa_printf(MSG_INFO, "EAP-PWD: failed to allocate memory for " + "group"); |