wpa_supplicant: Update security patches from upstream

1. Adding security patch for SAE side channel attacks 2. Adding confirm message validation in error cases 3. Adding y coordinate for PWE in SAE
espressif · Oct 11, 2022 · 84252e4 · 84252e4
1 parent c286b01
commit 84252e4
Show file tree

Hide file tree

Showing 3 changed files with 232 additions and 241 deletions.
diff --git a/components/wpa_supplicant/esp_supplicant/src/crypto/crypto_mbedtls-bignum.c b/components/wpa_supplicant/esp_supplicant/src/crypto/crypto_mbedtls-bignum.c
@@ -16,6 +16,11 @@
 #include "sha256.h"
 #include "mbedtls/pk.h"
 
+static int crypto_rng_wrapper(void *ctx, unsigned char *buf, size_t len)
+{
+    return random_get_bytes(buf, len);
+}
+
 struct crypto_bignum *crypto_bignum_init(void)
 {
     mbedtls_mpi *bn = os_zalloc(sizeof(mbedtls_mpi));
@@ -235,6 +240,16 @@ int crypto_bignum_is_one(const struct crypto_bignum *a)
     return (mbedtls_mpi_cmp_int((const mbedtls_mpi *) a, 1) == 0);
 }
 
+int crypto_bignum_is_odd(const struct crypto_bignum *a)
+{
+    return (mbedtls_mpi_get_bit((const mbedtls_mpi *) a, 0) == 1);
+}
+
+int crypto_bignum_rand(struct crypto_bignum *r, const struct crypto_bignum *m)
+{
+    return ((mbedtls_mpi_random((mbedtls_mpi *) r, 0, (const mbedtls_mpi *) m,
+								crypto_rng_wrapper, NULL) != 0) ? -1 : 0);
+}
 
 int crypto_bignum_legendre(const struct crypto_bignum *a,
                            const struct crypto_bignum *p)