diff options
Diffstat (limited to 'package/network/services/hostapd/patches/066-0003-OpenSSL-Use-BN_bn2binpad-or-BN_bn2bin_padded-if-avai.patch')
-rw-r--r-- | package/network/services/hostapd/patches/066-0003-OpenSSL-Use-BN_bn2binpad-or-BN_bn2bin_padded-if-avai.patch | 61 |
1 files changed, 0 insertions, 61 deletions
diff --git a/package/network/services/hostapd/patches/066-0003-OpenSSL-Use-BN_bn2binpad-or-BN_bn2bin_padded-if-avai.patch b/package/network/services/hostapd/patches/066-0003-OpenSSL-Use-BN_bn2binpad-or-BN_bn2bin_padded-if-avai.patch deleted file mode 100644 index edf462754b..0000000000 --- a/package/network/services/hostapd/patches/066-0003-OpenSSL-Use-BN_bn2binpad-or-BN_bn2bin_padded-if-avai.patch +++ /dev/null @@ -1,61 +0,0 @@ -From ee34d8cfbd0fbf7ba7429531d4bee1c43b074d8b Mon Sep 17 00:00:00 2001 -From: Jouni Malinen <jouni@codeaurora.org> -Date: Thu, 25 Apr 2019 19:23:05 +0300 -Subject: [PATCH 3/6] OpenSSL: Use BN_bn2binpad() or BN_bn2bin_padded() if - available - -This converts crypto_bignum_to_bin() to use the OpenSSL/BoringSSL -functions BN_bn2binpad()/BN_bn2bin_padded(), when available, to avoid -differences in runtime and memory access patterns depending on the -leading bytes of the BIGNUM value. - -OpenSSL 1.0.2 and LibreSSL do not include such functions, so those cases -are still using the previous implementation where the BN_num_bytes() -call may result in different memory access pattern. - -Signed-off-by: Jouni Malinen <jouni@codeaurora.org> -(cherry picked from commit 1e237903f5b5d3117342daf006c5878cdb45e3d3) ---- - src/crypto/crypto_openssl.c | 16 ++++++++++++++++ - 1 file changed, 16 insertions(+) - ---- a/src/crypto/crypto_openssl.c -+++ b/src/crypto/crypto_openssl.c -@@ -1295,7 +1295,13 @@ void crypto_bignum_deinit(struct crypto_ - int crypto_bignum_to_bin(const struct crypto_bignum *a, - u8 *buf, size_t buflen, size_t padlen) - { -+#ifdef OPENSSL_IS_BORINGSSL -+#else /* OPENSSL_IS_BORINGSSL */ -+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) -+#else - int num_bytes, offset; -+#endif -+#endif /* OPENSSL_IS_BORINGSSL */ - - if (TEST_FAIL()) - return -1; -@@ -1303,6 +1309,14 @@ int crypto_bignum_to_bin(const struct cr - if (padlen > buflen) - return -1; - -+#ifdef OPENSSL_IS_BORINGSSL -+ if (BN_bn2bin_padded(buf, padlen, (const BIGNUM *) a) == 0) -+ return -1; -+ return padlen; -+#else /* OPENSSL_IS_BORINGSSL */ -+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) -+ return BN_bn2binpad((const BIGNUM *) a, buf, padlen); -+#else - num_bytes = BN_num_bytes((const BIGNUM *) a); - if ((size_t) num_bytes > buflen) - return -1; -@@ -1315,6 +1329,8 @@ int crypto_bignum_to_bin(const struct cr - BN_bn2bin((const BIGNUM *) a, buf + offset); - - return num_bytes + offset; -+#endif -+#endif /* OPENSSL_IS_BORINGSSL */ - } - - |