domenico/openwrt_NSS_ACW
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

hostapd: wolfssl: add RNG to EC key

Browse Source 
Since upstream commit 6467de5a8840 ("Randomize z ordinates in
scalar mult when timing resistant") WolfSSL requires a RNG for
the EC key when built hardened which is the default.

Set the RNG for the EC key to fix connections for OWE clients.

Signed-off-by: David Bauer <mail@david-bauer.net>
This commit is contained in:
David Bauer
2021-05-06 01:53:49 +02:00
parent ef9b103107
commit ddcb970274
2 changed files with 49 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
package/network/services/hostapd/Makefile
View File

@@ -7,7 +7,7 @@
include $(TOPDIR)/rules.mk include $(TOPDIR)/rules.mk
PKG_NAME:=hostapd PKG_NAME:=hostapd
PKG_RELEASE:=32 PKG_RELEASE:=33
PKG_SOURCE_URL:=http://w1.fi/hostap.git PKG_SOURCE_URL:=http://w1.fi/hostap.git
PKG_SOURCE_PROTO:=git PKG_SOURCE_PROTO:=git

48
package/network/services/hostapd/patches/0001-wolfssl-init-RNG-with-ECC-key.patch Normal file
View File

@@ -0,0 +1,48 @@
From 21ce83b4ae2b9563175fdb4fc4312096cc399cf8 Mon Sep 17 00:00:00 2001
From: David Bauer <mail@david-bauer.net>
Date: Wed, 5 May 2021 00:44:34 +0200
Subject: [PATCH] wolfssl: add RNG to EC key
Since upstream commit 6467de5a8840 ("Randomize z ordinates in
scalar mult when timing resistant") WolfSSL requires a RNG for
the EC key when built hardened which is the default.
Set the RNG for the EC key to fix connections for OWE clients.
Signed-off-by: David Bauer <mail@david-bauer.net>
---
src/crypto/crypto_wolfssl.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/src/crypto/crypto_wolfssl.c b/src/crypto/crypto_wolfssl.c
index 2e4bf8962..ed2528159 100644
--- a/src/crypto/crypto_wolfssl.c
+++ b/src/crypto/crypto_wolfssl.c
@@ -1303,6 +1303,7 @@ int ecc_projective_add_point(ecc_point *P, ecc_point *Q, ecc_point *R,
struct crypto_ec {
ecc_key key;
+ WC_RNG rng;
mp_int a;
mp_int prime;
mp_int order;
@@ -1357,6 +1358,8 @@ struct crypto_ec * crypto_ec_init(int group)
return NULL;
if (wc_ecc_init(&e->key) != 0 ||
+ wc_InitRng(&e->rng) != 0 ||
+ wc_ecc_set_rng(&e->key, &e->rng) != 0 ||
wc_ecc_set_curve(&e->key, 0, curve_id) != 0 ||
mp_init(&e->a) != MP_OKAY ||
mp_init(&e->prime) != MP_OKAY ||
@@ -1388,6 +1391,7 @@ void crypto_ec_deinit(struct crypto_ec* e)
mp_clear(&e->order);
mp_clear(&e->prime);
mp_clear(&e->a);
+ wc_FreeRng(&e->rng);
wc_ecc_free(&e->key);
os_free(e);
}
--
2.31.1