aboutsummaryrefslogtreecommitdiffstats
path: root/package/network/services/hostapd/patches/802-wolfssl-init-RNG-with-ECC-key.patch
blob: 89d111e9917e12e83cf439c4783112362f229104 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
From 21ce83b4ae2b9563175fdb4fc4312096cc399cf8 Mon Sep 17 00:00:00 2001
From: David Bauer <mail@david-bauer.net>
Date: Wed, 5 May 2021 00:44:34 +0200
Subject: [PATCH] wolfssl: add RNG to EC key

Since upstream commit 6467de5a8840 ("Randomize z ordinates in
scalar mult when timing resistant") WolfSSL requires a RNG for
the EC key when built hardened which is the default.

Set the RNG for the EC key to fix connections for OWE clients.

Signed-off-by: David Bauer <mail@david-bauer.net>
---
 src/crypto/crypto_wolfssl.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/crypto/crypto_wolfssl.c b/src/crypto/crypto_wolfssl.c
index 2e4bf8962..ed2528159 100644
--- a/src/crypto/crypto_wolfssl.c
+++ b/src/crypto/crypto_wolfssl.c
@@ -1303,6 +1303,7 @@ int ecc_projective_add_point(ecc_point *P, ecc_point *Q, ecc_point *R,
 
 struct crypto_ec {
 	ecc_key key;
+	WC_RNG rng;
 	mp_int a;
 	mp_int prime;
 	mp_int order;
@@ -1357,6 +1358,8 @@ struct crypto_ec * crypto_ec_init(int group)
 		return NULL;
 
 	if (wc_ecc_init(&e->key) != 0 ||
+	    wc_InitRng(&e->rng) != 0 ||
+	    wc_ecc_set_rng(&e->key, &e->rng) != 0 ||
 	    wc_ecc_set_curve(&e->key, 0, curve_id) != 0 ||
 	    mp_init(&e->a) != MP_OKAY ||
 	    mp_init(&e->prime) != MP_OKAY ||
@@ -1388,6 +1391,7 @@ void crypto_ec_deinit(struct crypto_ec* e)
 	mp_clear(&e->order);
 	mp_clear(&e->prime);
 	mp_clear(&e->a);
+	wc_FreeRng(&e->rng);
 	wc_ecc_free(&e->key);
 	os_free(e);
 }
-- 
2.31.1