hostapd: Update to version 2.9 (2019-08-08)

[openwrt/staging/chunkeey.git] / package / network / services / hostapd / patches / 066-0002-EAP-pwd-Use-const_time_memcmp-for-pwd_value-prime-co.patch
diff --git a/package/network/services/hostapd/patches/066-0002-EAP-pwd-Use-const_time_memcmp-for-pwd_value-prime-co.patch b/package/network/services/hostapd/patches/066-0002-EAP-pwd-Use-const_time_memcmp-for-pwd_value-prime-co.patch

deleted file mode 100644 (file)

index 41b6774..0000000
--- a/package/network/services/hostapd/patches/066-0002-EAP-pwd-Use-const_time_memcmp-for-pwd_value-prime-co.patch
+++ /dev/null
@@ -1,65 +0,0 @@
-From 20d7bd83c43fb24c4cf84d3045254d3ee1957166 Mon Sep 17 00:00:00 2001
-From: Jouni Malinen <jouni@codeaurora.org>
-Date: Thu, 25 Apr 2019 19:07:05 +0300
-Subject: [PATCH 2/6] EAP-pwd: Use const_time_memcmp() for pwd_value >= prime
- comparison
-
-This reduces timing and memory access pattern differences for an
-operation that could depend on the used password.
-
-Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
-(cherry picked from commit 7958223fdcfe82479e6ed71019a84f6d4cbf799c)
----
- src/eap_common/eap_pwd_common.c | 13 ++++++++-----
- 1 file changed, 8 insertions(+), 5 deletions(-)
-
---- a/src/eap_common/eap_pwd_common.c
-+++ b/src/eap_common/eap_pwd_common.c
-@@ -144,6 +144,7 @@ int compute_password_element(EAP_PWD_gro
-       u8 qnr_bin[MAX_ECC_PRIME_LEN];
-       u8 qr_or_qnr_bin[MAX_ECC_PRIME_LEN];
-       u8 x_bin[MAX_ECC_PRIME_LEN];
-+      u8 prime_bin[MAX_ECC_PRIME_LEN];
-       struct crypto_bignum *tmp1 = NULL, *tmp2 = NULL, *pm1 = NULL;
-       struct crypto_hash *hash;
-       unsigned char pwe_digest[SHA256_MAC_LEN], *prfbuf = NULL, ctr;
-@@ -161,6 +162,11 @@ int compute_password_element(EAP_PWD_gro
-       os_memset(x_bin, 0, sizeof(x_bin));
- 
-       prime = crypto_ec_get_prime(grp->group);
-+      primebitlen = crypto_ec_prime_len_bits(grp->group);
-+      primebytelen = crypto_ec_prime_len(grp->group);
-+      if (crypto_bignum_to_bin(prime, prime_bin, sizeof(prime_bin),
-+                               primebytelen) < 0)
-+              return -1;
-       grp->pwe = crypto_ec_point_init(grp->group);
-       tmp1 = crypto_bignum_init();
-       pm1 = crypto_bignum_init();
-@@ -170,8 +176,6 @@ int compute_password_element(EAP_PWD_gro
-               goto fail;
-       }
- 
--      primebitlen = crypto_ec_prime_len_bits(grp->group);
--      primebytelen = crypto_ec_prime_len(grp->group);
-       if ((prfbuf = os_malloc(primebytelen)) == NULL) {
-               wpa_printf(MSG_INFO, "EAP-pwd: unable to malloc space for prf "
-                          "buffer");
-@@ -237,6 +241,8 @@ int compute_password_element(EAP_PWD_gro
-               if (primebitlen % 8)
-                       buf_shift_right(prfbuf, primebytelen,
-                                       8 - primebitlen % 8);
-+              if (const_time_memcmp(prfbuf, prime_bin, primebytelen) >= 0)
-+                      continue;
- 
-               crypto_bignum_deinit(x_candidate, 1);
-               x_candidate = crypto_bignum_init_set(prfbuf, primebytelen);
-@@ -246,9 +252,6 @@ int compute_password_element(EAP_PWD_gro
-                       goto fail;
-               }
- 
--              if (crypto_bignum_cmp(x_candidate, prime) >= 0)
--                      continue;
--
-               wpa_hexdump_key(MSG_DEBUG, "EAP-pwd: x_candidate",
-                               prfbuf, primebytelen);
-               const_time_select_bin(found, x_bin, prfbuf, primebytelen,