diff options
| author | Hauke Mehrtens <hauke@hauke-m.de> | 2019-08-10 16:49:34 +0200 |
|---|---|---|
| committer | Hauke Mehrtens <hauke@hauke-m.de> | 2019-09-22 17:39:38 +0200 |
| commit | 167028b750028ae3dac24f5ff96bbb1ba04e8bd7 (patch) | |
| tree | 9789d4f7c8c893ff925a1ec45d48603e004ef08a /package/network/services/hostapd/patches/066-0005-EAP-pwd-Run-through-prf-result-processing-even-if-it.patch | |
| parent | 8af79550e6c280717660f66032d89d21007b15d2 (diff) | |
| download | upstream-167028b750028ae3dac24f5ff96bbb1ba04e8bd7.tar.gz upstream-167028b750028ae3dac24f5ff96bbb1ba04e8bd7.tar.bz2 upstream-167028b750028ae3dac24f5ff96bbb1ba04e8bd7.zip | |
hostapd: Update to version 2.9 (2019-08-08)
The size of the ipkgs increase a bit (between 0.7% and 1.1%):
old 2019-04-21 (2.8):
288264 wpad-basic_2019-04-21-63962824-1_mipsel_24kc.ipk
256188 wpad-mini_2019-04-21-63962824-1_mipsel_24kc.ipk
427475 wpad-openssl_2019-04-21-63962824-1_mipsel_24kc.ipk
423071 wpad-wolfssl_2019-04-21-63962824-1_mipsel_24kc.ipk
new 2019-08-08 (2.9):
290217 wpad-basic_2019-08-08-ca8c2bd2-1_mipsel_24kc.ipk
258745 wpad-mini_2019-08-08-ca8c2bd2-1_mipsel_24kc.ipk
431732 wpad-openssl_2019-08-08-ca8c2bd2-1_mipsel_24kc.ipk
427641 wpad-wolfssl_2019-08-08-ca8c2bd2-1_mipsel_24kc.ipk
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Diffstat (limited to 'package/network/services/hostapd/patches/066-0005-EAP-pwd-Run-through-prf-result-processing-even-if-it.patch')
| -rw-r--r-- | package/network/services/hostapd/patches/066-0005-EAP-pwd-Run-through-prf-result-processing-even-if-it.patch | 52 |
1 files changed, 0 insertions, 52 deletions
diff --git a/package/network/services/hostapd/patches/066-0005-EAP-pwd-Run-through-prf-result-processing-even-if-it.patch b/package/network/services/hostapd/patches/066-0005-EAP-pwd-Run-through-prf-result-processing-even-if-it.patch deleted file mode 100644 index 1eb47c5314..0000000000 --- a/package/network/services/hostapd/patches/066-0005-EAP-pwd-Run-through-prf-result-processing-even-if-it.patch +++ /dev/null @@ -1,52 +0,0 @@ -From 00a6cc73da61b03c146b6c341d0d1e572bcef432 Mon Sep 17 00:00:00 2001 -From: Jouni Malinen <j@w1.fi> -Date: Mon, 24 Jun 2019 23:02:51 +0300 -Subject: [PATCH 5/6] EAP-pwd: Run through prf result processing even if it >= - prime - -This reduces differences in timing and memory access within the -hunting-and-pecking loop for ECC groups that have a prime that is not -close to a power of two (e.g., Brainpool curves). - -Signed-off-by: Jouni Malinen <j@w1.fi> -(cherry picked from commit cd803299ca485eb857e37c88f973fccfbb8600e5) ---- - src/eap_common/eap_pwd_common.c | 13 ++++++++++--- - 1 file changed, 10 insertions(+), 3 deletions(-) - ---- a/src/eap_common/eap_pwd_common.c -+++ b/src/eap_common/eap_pwd_common.c -@@ -155,6 +155,8 @@ int compute_password_element(EAP_PWD_gro - struct crypto_bignum *x_candidate = NULL; - const struct crypto_bignum *prime; - u8 mask, found_ctr = 0, is_odd = 0; -+ int cmp_prime; -+ unsigned int in_range; - - if (grp->pwe) - return -1; -@@ -241,8 +243,13 @@ int compute_password_element(EAP_PWD_gro - if (primebitlen % 8) - buf_shift_right(prfbuf, primebytelen, - 8 - primebitlen % 8); -- if (const_time_memcmp(prfbuf, prime_bin, primebytelen) >= 0) -- continue; -+ cmp_prime = const_time_memcmp(prfbuf, prime_bin, primebytelen); -+ /* Create a const_time mask for selection based on prf result -+ * being smaller than prime. */ -+ in_range = const_time_fill_msb((unsigned int) cmp_prime); -+ /* The algorithm description would skip the next steps if -+ * cmp_prime >= 0, but go through them regardless to minimize -+ * externally observable differences in behavior. */ - - crypto_bignum_deinit(x_candidate, 1); - x_candidate = crypto_bignum_init_set(prfbuf, primebytelen); -@@ -306,7 +313,7 @@ int compute_password_element(EAP_PWD_gro - goto fail; - mask = const_time_eq(res, check); - found_ctr = const_time_select_u8(found, found_ctr, ctr); -- found |= mask; -+ found |= mask & in_range; - } - if (found == 0) { - wpa_printf(MSG_INFO, |