[OpenWrt-Devel] [PATCH] wpad-wolfssl: fix crypto_bignum_sub()

Antonio Quartulli a at unstable.cc
Mon May 11 19:06:38 EDT 2020 

Hi Daniel,

On 10/05/2020 12:53, Daniel Golle wrote:
> Hi Antonio,
> 
> I've been trying to get this running two days now, with OpenWrt 19.07
> as well as OpenWrt master snapshot on two ath79 devices.
> unencrypted mesh always works.
> wpad-mesh-openssl works with SAE.
> wpad-mesh-wolfssl doesn't work:
> wpa_supplicant[1407]: wlan1-mesh: MESH-SAE-AUTH-FAILURE addr=04:18:d6:xx:xx:xx
> 
> Which hardware have you tried this with? (as you said it worked fine for
> you) Any other patches or tricks?

I have been using wpad-mesh-wolfssl successfully on ath9k (QCA9531) and
ath10k (IPQ4019).

My openwrt is a bit stuck in the past: I am using
8baadecb1647a125f5d8f9eaf521c1468543133a with:
* wolfssl bumped to 3.14.4.
* hostapd Makefile patched to use wolfssl

My hostapd is on fa617ee6a0b2d39e6372c93ef9437caa3bd9065a plus the
following:
* the patch I sent
* two or three more patches that are already merged in the hostapd
revision you are using in openwrt master.


I haven't tried to get this going on openwrt master though.



Cheers,


> 
> 
> Cheers
> 
> 
> Daniel
> 
> 
> On Tue, Apr 28, 2020 at 12:06:58PM +0200, Antonio Quartulli wrote:
>> Backport patch from hostapd.git master that fixes copy/paste error in
>> crypto_bignum_sub() in crypto_wolfssl.c.
>>
>> This missing fix was discovered while testing SAE over a mesh interface.
>>
>> With this fix applied and wolfssl >3.14.4 mesh+SAE works fine with
>> wpad-mesh-wolfssl.
>>
>> Cc: Sean Parkinson <sean at wolfssl.com>
>> Signed-off-by: Antonio Quartulli <a at unstable.cc>
>> ---
>>
>> This patch is based on master, but should also be applied to
>> openwrt-19.07 and openwrt-18.06
>>
>>
>>  .../900-wolfssl-fix-crypto_bignum_sum.patch   | 31 +++++++++++++++++++
>>  1 file changed, 31 insertions(+)
>>  create mode 100644 package/network/services/hostapd/patches/900-wolfssl-fix-crypto_bignum_sum.patch
>>
>> diff --git a/package/network/services/hostapd/patches/900-wolfssl-fix-crypto_bignum_sum.patch b/package/network/services/hostapd/patches/900-wolfssl-fix-crypto_bignum_sum.patch
>> new file mode 100644
>> index 0000000000..d88baa109a
>> --- /dev/null
>> +++ b/package/network/services/hostapd/patches/900-wolfssl-fix-crypto_bignum_sum.patch
>> @@ -0,0 +1,31 @@
>> +From 1766e608ba1114220f3b3598e77aa53b50c38a6e Mon Sep 17 00:00:00 2001
>> +From: Jouni Malinen <jouni at codeaurora.org>
>> +Date: Mon, 14 Oct 2019 19:27:47 +0300
>> +Subject: [PATCH] wolfSSL: Fix crypto_bignum_sub()
>> +
>> +The initial crypto wrapper implementation for wolfSSL seems to have
>> +included a copy-paste error in crypto_bignum_sub() implementation that
>> +was identical to crypto_bignum_add() while mp_sub() should have been
>> +used instead of mp_add().
>> +
>> +Signed-off-by: Jouni Malinen <jouni at codeaurora.org>
>> +---
>> + src/crypto/crypto_wolfssl.c | 2 +-
>> + 1 file changed, 1 insertion(+), 1 deletion(-)
>> +
>> +diff --git a/src/crypto/crypto_wolfssl.c b/src/crypto/crypto_wolfssl.c
>> +index e9894b335..3069b4a7a 100644
>> +--- a/src/crypto/crypto_wolfssl.c
>> ++++ b/src/crypto/crypto_wolfssl.c
>> +@@ -1171,7 +1171,7 @@ int crypto_bignum_sub(const struct crypto_bignum *a,
>> + 	if (TEST_FAIL())
>> + 		return -1;
>> + 
>> +-	return mp_add((mp_int *) a, (mp_int *) b,
>> ++	return mp_sub((mp_int *) a, (mp_int *) b,
>> + 		      (mp_int *) r) == MP_OKAY ? 0 : -1;
>> + }
>> + 
>> +-- 
>> +2.26.2
>> +
>> -- 
>> 2.26.2
>>
>>
>> _______________________________________________
>> openwrt-devel mailing list
>> openwrt-devel at lists.openwrt.org
>> https://lists.openwrt.org/mailman/listinfo/openwrt-devel
> 

-- 
Antonio Quartulli

_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

More information about the openwrt-devel mailing list