hostapd: Update to version 2.8 (2019-04-21)

This also syncs the configuration files with the default configuration
files, but no extra options are activated or deactivated.

The mesh patches were partially merged into hostapd 2.8, the remaining
patches were extracted from patchwork and are now applied by OpenWrt.
The patches still have open questions which are not fixed by the author.
They were taken from this page:
https://patchwork.ozlabs.org/project/hostap/list/?series=62725&state=*

The changes in 007-mesh-apply-channel-attributes-before-running-Mesh.patch
where first applied to hostapd, but later reverted in hostapd commit
3e949655ccc5 because they caused memory leaks.

The size of the ipkgs increase a bit (between 1.3% and 2.3%):

old 2018-12-02 (2.7):
283337 wpad-basic_2018-12-02-c2c6c01b-11_mipsel_24kc.ipk
252857 wpad-mini_2018-12-02-c2c6c01b-11_mipsel_24kc.ipk
417473 wpad-openssl_2018-12-02-c2c6c01b-11_mipsel_24kc.ipk
415105 wpad-wolfssl_2018-12-02-c2c6c01b-11_mipsel_24kc.ipk

new 2019-04-21 (2.8):
288264 wpad-basic_2019-04-21-63962824-1_mipsel_24kc.ipk
256188 wpad-mini_2019-04-21-63962824-1_mipsel_24kc.ipk
427475 wpad-openssl_2019-04-21-63962824-1_mipsel_24kc.ipk
423071 wpad-wolfssl_2019-04-21-63962824-1_mipsel_24kc.ipk

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Tested-by: Stefan Lippers-Hollmann <s.l-h@gmx.de>
(cherry picked from commit 8af79550e6c280717660f66032d89d21007b15d2)

1 files changed, 0 insertions, 55 deletions

diff --git a/package/network/services/hostapd/patches/061-0003-OpenSSL-Use-constant-time-selection-for-crypto_bignu.patch b/package/network/services/hostapd/patches/061-0003-OpenSSL-Use-constant-time-selection-for-crypto_bignu.patch
deleted file mode 100644
index 0d89b46cb3..0000000000
--- a/package/network/services/hostapd/patches/061-0003-OpenSSL-Use-constant-time-selection-for-crypto_bignu.patch
+++ /dev/null
@@ -1,55 +0,0 @@
-From c93461c1d98f52681717a088776ab32fd97872b0 Mon Sep 17 00:00:00 2001
-From: Jouni Malinen <jouni@codeaurora.org>
-Date: Fri, 8 Mar 2019 00:24:12 +0200
-Subject: [PATCH 03/14] OpenSSL: Use constant time selection for
- crypto_bignum_legendre()
-
-Get rid of the branches that depend on the result of the Legendre
-operation. This is needed to avoid leaking information about different
-temporary results in blinding mechanisms.
-
-This is related to CVE-2019-9494 and CVE-2019-9495.
-
-Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
----
- src/crypto/crypto_openssl.c | 15 +++++++++------
- 1 file changed, 9 insertions(+), 6 deletions(-)
-
---- a/src/crypto/crypto_openssl.c
-+++ b/src/crypto/crypto_openssl.c
-@@ -24,6 +24,7 @@
- #endif /* CONFIG_ECC */
- 
- #include "common.h"
-+#include "utils/const_time.h"
- #include "wpabuf.h"
- #include "dh_group5.h"
- #include "sha1.h"
-@@ -1435,6 +1436,7 @@ int crypto_bignum_legendre(const struct
- 	BN_CTX *bnctx;
- 	BIGNUM *exp = NULL, *tmp = NULL;
- 	int res = -2;
-+	unsigned int mask;
- 
- 	if (TEST_FAIL())
- 		return -2;
-@@ -1453,12 +1455,13 @@ int crypto_bignum_legendre(const struct
- 				       (const BIGNUM *) p, bnctx, NULL))
- 		goto fail;
- 
--	if (BN_is_word(tmp, 1))
--		res = 1;
--	else if (BN_is_zero(tmp))
--		res = 0;
--	else
--		res = -1;
-+	/* Return 1 if tmp == 1, 0 if tmp == 0, or -1 otherwise. Need to use
-+	 * constant time selection to avoid branches here. */
-+	res = -1;
-+	mask = const_time_eq(BN_is_word(tmp, 1), 1);
-+	res = const_time_select_int(mask, 1, res);
-+	mask = const_time_eq(BN_is_zero(tmp), 1);
-+	res = const_time_select_int(mask, 0, res);
- 
- fail:
- 	BN_clear_free(tmp);