[OpenWrt-Devel] [PATCH] wpad-wolfssl: fix crypto_bignum_sub()

Daniel Golle daniel at makrotopia.org
Sun May 10 06:53:42 EDT 2020


Hi Antonio,

I've been trying to get this running two days now, with OpenWrt 19.07
as well as OpenWrt master snapshot on two ath79 devices.
unencrypted mesh always works.
wpad-mesh-openssl works with SAE.
wpad-mesh-wolfssl doesn't work:
wpa_supplicant[1407]: wlan1-mesh: MESH-SAE-AUTH-FAILURE addr=04:18:d6:xx:xx:xx

Which hardware have you tried this with? (as you said it worked fine for
you) Any other patches or tricks?


Cheers


Daniel


On Tue, Apr 28, 2020 at 12:06:58PM +0200, Antonio Quartulli wrote:
> Backport patch from hostapd.git master that fixes copy/paste error in
> crypto_bignum_sub() in crypto_wolfssl.c.
> 
> This missing fix was discovered while testing SAE over a mesh interface.
> 
> With this fix applied and wolfssl >3.14.4 mesh+SAE works fine with
> wpad-mesh-wolfssl.
> 
> Cc: Sean Parkinson <sean at wolfssl.com>
> Signed-off-by: Antonio Quartulli <a at unstable.cc>
> ---
> 
> This patch is based on master, but should also be applied to
> openwrt-19.07 and openwrt-18.06
> 
> 
>  .../900-wolfssl-fix-crypto_bignum_sum.patch   | 31 +++++++++++++++++++
>  1 file changed, 31 insertions(+)
>  create mode 100644 package/network/services/hostapd/patches/900-wolfssl-fix-crypto_bignum_sum.patch
> 
> diff --git a/package/network/services/hostapd/patches/900-wolfssl-fix-crypto_bignum_sum.patch b/package/network/services/hostapd/patches/900-wolfssl-fix-crypto_bignum_sum.patch
> new file mode 100644
> index 0000000000..d88baa109a
> --- /dev/null
> +++ b/package/network/services/hostapd/patches/900-wolfssl-fix-crypto_bignum_sum.patch
> @@ -0,0 +1,31 @@
> +From 1766e608ba1114220f3b3598e77aa53b50c38a6e Mon Sep 17 00:00:00 2001
> +From: Jouni Malinen <jouni at codeaurora.org>
> +Date: Mon, 14 Oct 2019 19:27:47 +0300
> +Subject: [PATCH] wolfSSL: Fix crypto_bignum_sub()
> +
> +The initial crypto wrapper implementation for wolfSSL seems to have
> +included a copy-paste error in crypto_bignum_sub() implementation that
> +was identical to crypto_bignum_add() while mp_sub() should have been
> +used instead of mp_add().
> +
> +Signed-off-by: Jouni Malinen <jouni at codeaurora.org>
> +---
> + src/crypto/crypto_wolfssl.c | 2 +-
> + 1 file changed, 1 insertion(+), 1 deletion(-)
> +
> +diff --git a/src/crypto/crypto_wolfssl.c b/src/crypto/crypto_wolfssl.c
> +index e9894b335..3069b4a7a 100644
> +--- a/src/crypto/crypto_wolfssl.c
> ++++ b/src/crypto/crypto_wolfssl.c
> +@@ -1171,7 +1171,7 @@ int crypto_bignum_sub(const struct crypto_bignum *a,
> + 	if (TEST_FAIL())
> + 		return -1;
> + 
> +-	return mp_add((mp_int *) a, (mp_int *) b,
> ++	return mp_sub((mp_int *) a, (mp_int *) b,
> + 		      (mp_int *) r) == MP_OKAY ? 0 : -1;
> + }
> + 
> +-- 
> +2.26.2
> +
> -- 
> 2.26.2
> 
> 
> _______________________________________________
> openwrt-devel mailing list
> openwrt-devel at lists.openwrt.org
> https://lists.openwrt.org/mailman/listinfo/openwrt-devel

_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel



More information about the openwrt-devel mailing list