package/network/services/hostapd/patches/802-wolfssl-init-RNG-with-ECC-key.patch

   1 From 21ce83b4ae2b9563175fdb4fc4312096cc399cf8 Mon Sep 17 00:00:00 2001
   2 From: David Bauer <mail@david-bauer.net>
   3 Date: Wed, 5 May 2021 00:44:34 +0200
   4 Subject: [PATCH] wolfssl: add RNG to EC key
   5
   6 Since upstream commit 6467de5a8840 ("Randomize z ordinates in
   7 scalar mult when timing resistant") WolfSSL requires a RNG for
   8 the EC key when built hardened which is the default.
   9
  10 Set the RNG for the EC key to fix connections for OWE clients.
  11
  12 Signed-off-by: David Bauer <mail@david-bauer.net>
  13 ---
  14  src/crypto/crypto_wolfssl.c | 4 ++++
  15  1 file changed, 4 insertions(+)
  16
  17 diff --git a/src/crypto/crypto_wolfssl.c b/src/crypto/crypto_wolfssl.c
  18 index 2e4bf8962..ed2528159 100644
  19 --- a/src/crypto/crypto_wolfssl.c
  20 +++ b/src/crypto/crypto_wolfssl.c
  21 @@ -1303,6 +1303,7 @@ int ecc_projective_add_point(ecc_point *P, ecc_point *Q, ecc_point *R,
  22
  23  struct crypto_ec {
  24         ecc_key key;
  25 +       WC_RNG rng;
  26         mp_int a;
  27         mp_int prime;
  28         mp_int order;
  29 @@ -1357,6 +1358,8 @@ struct crypto_ec * crypto_ec_init(int group)
  30                 return NULL;
  31
  32         if (wc_ecc_init(&e->key) != 0 ||
  33 +           wc_InitRng(&e->rng) != 0 ||
  34 +           wc_ecc_set_rng(&e->key, &e->rng) != 0 ||
  35             wc_ecc_set_curve(&e->key, 0, curve_id) != 0 ||
  36             mp_init(&e->a) != MP_OKAY ||
  37             mp_init(&e->prime) != MP_OKAY ||
  38 @@ -1388,6 +1391,7 @@ void crypto_ec_deinit(struct crypto_ec* e)
  39         mp_clear(&e->order);
  40         mp_clear(&e->prime);
  41         mp_clear(&e->a);
  42 +       wc_FreeRng(&e->rng);
  43         wc_ecc_free(&e->key);
  44         os_free(e);
  45  }
  46 --
  47 2.31.1
  48