aboutsummaryrefslogtreecommitdiffstats
path: root/package/network/services/hostapd/patches/091-0002-wolfssl-Fix-crypto_bignum_rand-implementation.patch
diff options
context:
space:
mode:
Diffstat (limited to 'package/network/services/hostapd/patches/091-0002-wolfssl-Fix-crypto_bignum_rand-implementation.patch')
-rw-r--r--package/network/services/hostapd/patches/091-0002-wolfssl-Fix-crypto_bignum_rand-implementation.patch49
1 files changed, 49 insertions, 0 deletions
diff --git a/package/network/services/hostapd/patches/091-0002-wolfssl-Fix-crypto_bignum_rand-implementation.patch b/package/network/services/hostapd/patches/091-0002-wolfssl-Fix-crypto_bignum_rand-implementation.patch
new file mode 100644
index 0000000000..2464b63489
--- /dev/null
+++ b/package/network/services/hostapd/patches/091-0002-wolfssl-Fix-crypto_bignum_rand-implementation.patch
@@ -0,0 +1,49 @@
+From eb595b3e3ab531645a5bde71cf6385335b7a4b95 Mon Sep 17 00:00:00 2001
+From: Jouni Malinen <j@w1.fi>
+Date: Sat, 16 May 2020 21:02:17 +0300
+Subject: [PATCH 2/3] wolfssl: Fix crypto_bignum_rand() implementation
+
+The previous implementation used mp_rand_prime() to generate a random
+value in range 0..m. That is insanely slow way of generating a random
+value since mp_rand_prime() is for generating a random _prime_ which is
+not what is needed here. Replace that implementation with generationg of
+a random value in the requested range without doing any kind of prime
+number checks or loops to reject values that are not primes.
+
+This speeds up SAE and EAP-pwd routines by couple of orders of
+magnitude..
+
+Signed-off-by: Jouni Malinen <j@w1.fi>
+---
+ src/crypto/crypto_wolfssl.c | 12 +++++++-----
+ 1 file changed, 7 insertions(+), 5 deletions(-)
+
+--- a/src/crypto/crypto_wolfssl.c
++++ b/src/crypto/crypto_wolfssl.c
+@@ -1084,19 +1084,21 @@ int crypto_bignum_rand(struct crypto_big
+ {
+ int ret = 0;
+ WC_RNG rng;
++ size_t len;
++ u8 *buf;
+
+ if (TEST_FAIL())
+ return -1;
+ if (wc_InitRng(&rng) != 0)
+ return -1;
+- if (mp_rand_prime((mp_int *) r,
+- (mp_count_bits((mp_int *) m) + 7) / 8 * 2,
+- &rng, NULL) != 0)
+- ret = -1;
+- if (ret == 0 &&
++ len = (mp_count_bits((mp_int *) m) + 7) / 8;
++ buf = os_malloc(len);
++ if (!buf || wc_RNG_GenerateBlock(&rng, buf, len) != 0 ||
++ mp_read_unsigned_bin((mp_int *) r, buf, len) != MP_OKAY ||
+ mp_mod((mp_int *) r, (mp_int *) m, (mp_int *) r) != 0)
+ ret = -1;
+ wc_FreeRng(&rng);
++ bin_clear_free(buf, len);
+ return ret;
+ }
+
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-28 07:08:45 +0000