From 167028b750028ae3dac24f5ff96bbb1ba04e8bd7 Mon Sep 17 00:00:00 2001 From: Hauke Mehrtens Date: Sat, 10 Aug 2019 16:49:34 +0200 Subject: hostapd: Update to version 2.9 (2019-08-08) The size of the ipkgs increase a bit (between 0.7% and 1.1%): old 2019-04-21 (2.8): 288264 wpad-basic_2019-04-21-63962824-1_mipsel_24kc.ipk 256188 wpad-mini_2019-04-21-63962824-1_mipsel_24kc.ipk 427475 wpad-openssl_2019-04-21-63962824-1_mipsel_24kc.ipk 423071 wpad-wolfssl_2019-04-21-63962824-1_mipsel_24kc.ipk new 2019-08-08 (2.9): 290217 wpad-basic_2019-08-08-ca8c2bd2-1_mipsel_24kc.ipk 258745 wpad-mini_2019-08-08-ca8c2bd2-1_mipsel_24kc.ipk 431732 wpad-openssl_2019-08-08-ca8c2bd2-1_mipsel_24kc.ipk 427641 wpad-wolfssl_2019-08-08-ca8c2bd2-1_mipsel_24kc.ipk Signed-off-by: Hauke Mehrtens --- ...-through-prf-result-processing-even-if-it.patch | 52 ---------------------- 1 file changed, 52 deletions(-) delete mode 100644 package/network/services/hostapd/patches/066-0005-EAP-pwd-Run-through-prf-result-processing-even-if-it.patch (limited to 'package/network/services/hostapd/patches/066-0005-EAP-pwd-Run-through-prf-result-processing-even-if-it.patch') diff --git a/package/network/services/hostapd/patches/066-0005-EAP-pwd-Run-through-prf-result-processing-even-if-it.patch b/package/network/services/hostapd/patches/066-0005-EAP-pwd-Run-through-prf-result-processing-even-if-it.patch deleted file mode 100644 index 1eb47c5314..0000000000 --- a/package/network/services/hostapd/patches/066-0005-EAP-pwd-Run-through-prf-result-processing-even-if-it.patch +++ /dev/null @@ -1,52 +0,0 @@ -From 00a6cc73da61b03c146b6c341d0d1e572bcef432 Mon Sep 17 00:00:00 2001 -From: Jouni Malinen -Date: Mon, 24 Jun 2019 23:02:51 +0300 -Subject: [PATCH 5/6] EAP-pwd: Run through prf result processing even if it >= - prime - -This reduces differences in timing and memory access within the -hunting-and-pecking loop for ECC groups that have a prime that is not -close to a power of two (e.g., Brainpool curves). - -Signed-off-by: Jouni Malinen -(cherry picked from commit cd803299ca485eb857e37c88f973fccfbb8600e5) ---- - src/eap_common/eap_pwd_common.c | 13 ++++++++++--- - 1 file changed, 10 insertions(+), 3 deletions(-) - ---- a/src/eap_common/eap_pwd_common.c -+++ b/src/eap_common/eap_pwd_common.c -@@ -155,6 +155,8 @@ int compute_password_element(EAP_PWD_gro - struct crypto_bignum *x_candidate = NULL; - const struct crypto_bignum *prime; - u8 mask, found_ctr = 0, is_odd = 0; -+ int cmp_prime; -+ unsigned int in_range; - - if (grp->pwe) - return -1; -@@ -241,8 +243,13 @@ int compute_password_element(EAP_PWD_gro - if (primebitlen % 8) - buf_shift_right(prfbuf, primebytelen, - 8 - primebitlen % 8); -- if (const_time_memcmp(prfbuf, prime_bin, primebytelen) >= 0) -- continue; -+ cmp_prime = const_time_memcmp(prfbuf, prime_bin, primebytelen); -+ /* Create a const_time mask for selection based on prf result -+ * being smaller than prime. */ -+ in_range = const_time_fill_msb((unsigned int) cmp_prime); -+ /* The algorithm description would skip the next steps if -+ * cmp_prime >= 0, but go through them regardless to minimize -+ * externally observable differences in behavior. */ - - crypto_bignum_deinit(x_candidate, 1); - x_candidate = crypto_bignum_init_set(prfbuf, primebytelen); -@@ -306,7 +313,7 @@ int compute_password_element(EAP_PWD_gro - goto fail; - mask = const_time_eq(res, check); - found_ctr = const_time_select_u8(found, found_ctr, ctr); -- found |= mask; -+ found |= mask & in_range; - } - if (found == 0) { - wpa_printf(MSG_INFO, -- cgit v1.2.3