aboutsummaryrefslogtreecommitdiffstats
path: root/main/wpa_supplicant/0020-OpenSSL-Use-BN_bn2binpad-or-BN_bn2bin_padded-if-avai.patch
diff options
context:
space:
mode:
Diffstat (limited to 'main/wpa_supplicant/0020-OpenSSL-Use-BN_bn2binpad-or-BN_bn2bin_padded-if-avai.patch')
-rw-r--r--main/wpa_supplicant/0020-OpenSSL-Use-BN_bn2binpad-or-BN_bn2bin_padded-if-avai.patch66
1 files changed, 66 insertions, 0 deletions
diff --git a/main/wpa_supplicant/0020-OpenSSL-Use-BN_bn2binpad-or-BN_bn2bin_padded-if-avai.patch b/main/wpa_supplicant/0020-OpenSSL-Use-BN_bn2binpad-or-BN_bn2bin_padded-if-avai.patch
new file mode 100644
index 0000000000..16feeaabb4
--- /dev/null
+++ b/main/wpa_supplicant/0020-OpenSSL-Use-BN_bn2binpad-or-BN_bn2bin_padded-if-avai.patch
@@ -0,0 +1,66 @@
+From ee34d8cfbd0fbf7ba7429531d4bee1c43b074d8b Mon Sep 17 00:00:00 2001
+From: Jouni Malinen <jouni@codeaurora.org>
+Date: Thu, 25 Apr 2019 19:23:05 +0300
+Subject: [PATCH 3/6] OpenSSL: Use BN_bn2binpad() or BN_bn2bin_padded() if
+ available
+
+This converts crypto_bignum_to_bin() to use the OpenSSL/BoringSSL
+functions BN_bn2binpad()/BN_bn2bin_padded(), when available, to avoid
+differences in runtime and memory access patterns depending on the
+leading bytes of the BIGNUM value.
+
+OpenSSL 1.0.2 and LibreSSL do not include such functions, so those cases
+are still using the previous implementation where the BN_num_bytes()
+call may result in different memory access pattern.
+
+Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
+(cherry picked from commit 1e237903f5b5d3117342daf006c5878cdb45e3d3)
+---
+ src/crypto/crypto_openssl.c | 16 ++++++++++++++++
+ 1 file changed, 16 insertions(+)
+
+diff --git a/src/crypto/crypto_openssl.c b/src/crypto/crypto_openssl.c
+index 1b0c1ec96..23ae5462d 100644
+--- a/src/crypto/crypto_openssl.c
++++ b/src/crypto/crypto_openssl.c
+@@ -1295,7 +1295,13 @@ void crypto_bignum_deinit(struct crypto_bignum *n, int clear)
+ int crypto_bignum_to_bin(const struct crypto_bignum *a,
+ u8 *buf, size_t buflen, size_t padlen)
+ {
++#ifdef OPENSSL_IS_BORINGSSL
++#else /* OPENSSL_IS_BORINGSSL */
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
++#else
+ int num_bytes, offset;
++#endif
++#endif /* OPENSSL_IS_BORINGSSL */
+
+ if (TEST_FAIL())
+ return -1;
+@@ -1303,6 +1309,14 @@ int crypto_bignum_to_bin(const struct crypto_bignum *a,
+ if (padlen > buflen)
+ return -1;
+
++#ifdef OPENSSL_IS_BORINGSSL
++ if (BN_bn2bin_padded(buf, padlen, (const BIGNUM *) a) == 0)
++ return -1;
++ return padlen;
++#else /* OPENSSL_IS_BORINGSSL */
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
++ return BN_bn2binpad((const BIGNUM *) a, buf, padlen);
++#else
+ num_bytes = BN_num_bytes((const BIGNUM *) a);
+ if ((size_t) num_bytes > buflen)
+ return -1;
+@@ -1315,6 +1329,8 @@ int crypto_bignum_to_bin(const struct crypto_bignum *a,
+ BN_bn2bin((const BIGNUM *) a, buf + offset);
+
+ return num_bytes + offset;
++#endif
++#endif /* OPENSSL_IS_BORINGSSL */
+ }
+
+
+--
+2.20.1
+