diff options
Diffstat (limited to 'package/network/services/hostapd/patches/066-0002-EAP-pwd-Use-const_time_memcmp-for-pwd_value-prime-co.patch')
-rw-r--r-- | package/network/services/hostapd/patches/066-0002-EAP-pwd-Use-const_time_memcmp-for-pwd_value-prime-co.patch | 65 |
1 files changed, 0 insertions, 65 deletions
diff --git a/package/network/services/hostapd/patches/066-0002-EAP-pwd-Use-const_time_memcmp-for-pwd_value-prime-co.patch b/package/network/services/hostapd/patches/066-0002-EAP-pwd-Use-const_time_memcmp-for-pwd_value-prime-co.patch deleted file mode 100644 index 41b6774173..0000000000 --- a/package/network/services/hostapd/patches/066-0002-EAP-pwd-Use-const_time_memcmp-for-pwd_value-prime-co.patch +++ /dev/null @@ -1,65 +0,0 @@ -From 20d7bd83c43fb24c4cf84d3045254d3ee1957166 Mon Sep 17 00:00:00 2001 -From: Jouni Malinen <jouni@codeaurora.org> -Date: Thu, 25 Apr 2019 19:07:05 +0300 -Subject: [PATCH 2/6] EAP-pwd: Use const_time_memcmp() for pwd_value >= prime - comparison - -This reduces timing and memory access pattern differences for an -operation that could depend on the used password. - -Signed-off-by: Jouni Malinen <jouni@codeaurora.org> -(cherry picked from commit 7958223fdcfe82479e6ed71019a84f6d4cbf799c) ---- - src/eap_common/eap_pwd_common.c | 13 ++++++++----- - 1 file changed, 8 insertions(+), 5 deletions(-) - ---- a/src/eap_common/eap_pwd_common.c -+++ b/src/eap_common/eap_pwd_common.c -@@ -144,6 +144,7 @@ int compute_password_element(EAP_PWD_gro - u8 qnr_bin[MAX_ECC_PRIME_LEN]; - u8 qr_or_qnr_bin[MAX_ECC_PRIME_LEN]; - u8 x_bin[MAX_ECC_PRIME_LEN]; -+ u8 prime_bin[MAX_ECC_PRIME_LEN]; - struct crypto_bignum *tmp1 = NULL, *tmp2 = NULL, *pm1 = NULL; - struct crypto_hash *hash; - unsigned char pwe_digest[SHA256_MAC_LEN], *prfbuf = NULL, ctr; -@@ -161,6 +162,11 @@ int compute_password_element(EAP_PWD_gro - os_memset(x_bin, 0, sizeof(x_bin)); - - prime = crypto_ec_get_prime(grp->group); -+ primebitlen = crypto_ec_prime_len_bits(grp->group); -+ primebytelen = crypto_ec_prime_len(grp->group); -+ if (crypto_bignum_to_bin(prime, prime_bin, sizeof(prime_bin), -+ primebytelen) < 0) -+ return -1; - grp->pwe = crypto_ec_point_init(grp->group); - tmp1 = crypto_bignum_init(); - pm1 = crypto_bignum_init(); -@@ -170,8 +176,6 @@ int compute_password_element(EAP_PWD_gro - goto fail; - } - -- primebitlen = crypto_ec_prime_len_bits(grp->group); -- primebytelen = crypto_ec_prime_len(grp->group); - if ((prfbuf = os_malloc(primebytelen)) == NULL) { - wpa_printf(MSG_INFO, "EAP-pwd: unable to malloc space for prf " - "buffer"); -@@ -237,6 +241,8 @@ int compute_password_element(EAP_PWD_gro - if (primebitlen % 8) - buf_shift_right(prfbuf, primebytelen, - 8 - primebitlen % 8); -+ if (const_time_memcmp(prfbuf, prime_bin, primebytelen) >= 0) -+ continue; - - crypto_bignum_deinit(x_candidate, 1); - x_candidate = crypto_bignum_init_set(prfbuf, primebytelen); -@@ -246,9 +252,6 @@ int compute_password_element(EAP_PWD_gro - goto fail; - } - -- if (crypto_bignum_cmp(x_candidate, prime) >= 0) -- continue; -- - wpa_hexdump_key(MSG_DEBUG, "EAP-pwd: x_candidate", - prfbuf, primebytelen); - const_time_select_bin(found, x_bin, prfbuf, primebytelen, |