80b58a9db6
This also syncs the configuration files with the default configuration
files, but no extra options are activated or deactivated.
The mesh patches were partially merged into hostapd 2.8, the remaining
patches were extracted from patchwork and are now applied by OpenWrt.
The patches still have open questions which are not fixed by the author.
They were taken from this page:
https://patchwork.ozlabs.org/project/hostap/list/?series=62725&state=*
The changes in 007-mesh-apply-channel-attributes-before-running-Mesh.patch
where first applied to hostapd, but later reverted in hostapd commit
3e949655ccc5 because they caused memory leaks.
The size of the ipkgs increase a bit (between 1.3% and 2.3%):
old 2018-12-02 (2.7):
283337 wpad-basic_2018-12-02-c2c6c01b-11_mipsel_24kc.ipk
252857 wpad-mini_2018-12-02-c2c6c01b-11_mipsel_24kc.ipk
417473 wpad-openssl_2018-12-02-c2c6c01b-11_mipsel_24kc.ipk
415105 wpad-wolfssl_2018-12-02-c2c6c01b-11_mipsel_24kc.ipk
new 2019-04-21 (2.8):
288264 wpad-basic_2019-04-21-63962824-1_mipsel_24kc.ipk
256188 wpad-mini_2019-04-21-63962824-1_mipsel_24kc.ipk
427475 wpad-openssl_2019-04-21-63962824-1_mipsel_24kc.ipk
423071 wpad-wolfssl_2019-04-21-63962824-1_mipsel_24kc.ipk
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Tested-by: Stefan Lippers-Hollmann <s.l-h@gmx.de>
(cherry picked from commit 8af79550e6)
53 lines
1.9 KiB
Diff
53 lines
1.9 KiB
Diff
From 00a6cc73da61b03c146b6c341d0d1e572bcef432 Mon Sep 17 00:00:00 2001
|
|
From: Jouni Malinen <j@w1.fi>
|
|
Date: Mon, 24 Jun 2019 23:02:51 +0300
|
|
Subject: [PATCH 5/6] EAP-pwd: Run through prf result processing even if it >=
|
|
prime
|
|
|
|
This reduces differences in timing and memory access within the
|
|
hunting-and-pecking loop for ECC groups that have a prime that is not
|
|
close to a power of two (e.g., Brainpool curves).
|
|
|
|
Signed-off-by: Jouni Malinen <j@w1.fi>
|
|
(cherry picked from commit cd803299ca485eb857e37c88f973fccfbb8600e5)
|
|
---
|
|
src/eap_common/eap_pwd_common.c | 13 ++++++++++---
|
|
1 file changed, 10 insertions(+), 3 deletions(-)
|
|
|
|
--- a/src/eap_common/eap_pwd_common.c
|
|
+++ b/src/eap_common/eap_pwd_common.c
|
|
@@ -155,6 +155,8 @@ int compute_password_element(EAP_PWD_gro
|
|
struct crypto_bignum *x_candidate = NULL;
|
|
const struct crypto_bignum *prime;
|
|
u8 mask, found_ctr = 0, is_odd = 0;
|
|
+ int cmp_prime;
|
|
+ unsigned int in_range;
|
|
|
|
if (grp->pwe)
|
|
return -1;
|
|
@@ -241,8 +243,13 @@ int compute_password_element(EAP_PWD_gro
|
|
if (primebitlen % 8)
|
|
buf_shift_right(prfbuf, primebytelen,
|
|
8 - primebitlen % 8);
|
|
- if (const_time_memcmp(prfbuf, prime_bin, primebytelen) >= 0)
|
|
- continue;
|
|
+ cmp_prime = const_time_memcmp(prfbuf, prime_bin, primebytelen);
|
|
+ /* Create a const_time mask for selection based on prf result
|
|
+ * being smaller than prime. */
|
|
+ in_range = const_time_fill_msb((unsigned int) cmp_prime);
|
|
+ /* The algorithm description would skip the next steps if
|
|
+ * cmp_prime >= 0, but go through them regardless to minimize
|
|
+ * externally observable differences in behavior. */
|
|
|
|
crypto_bignum_deinit(x_candidate, 1);
|
|
x_candidate = crypto_bignum_init_set(prfbuf, primebytelen);
|
|
@@ -306,7 +313,7 @@ int compute_password_element(EAP_PWD_gro
|
|
goto fail;
|
|
mask = const_time_eq(res, check);
|
|
found_ctr = const_time_select_u8(found, found_ctr, ctr);
|
|
- found |= mask;
|
|
+ found |= mask & in_range;
|
|
}
|
|
if (found == 0) {
|
|
wpa_printf(MSG_INFO,
|