登录 注册
开源 企业版 高校版 私有云 模力方舟 Gitee AI
扫描微信二维码支付
取消
支付完成
Watch
不关注 关注所有动态 仅关注版本发行动态 关注但不提醒动态
1 Star 0 Fork 25

jinjin/wpa_supplicant

forked from src-openEuler/wpa_supplicant 
代码 Issues 0 Pull Requests 0 Wiki 统计 流水线
服务
加入 Gitee
与超过 1200万 开发者一起发现、参与优秀开源项目,私有仓库也完全免费 :)
免费加入
文件
该仓库未声明开源许可证文件(LICENSE),使用请关注具体项目描述及其代码上游依赖。
项目仓库所选许可证以仓库主分支所使用许可证为准
克隆/下载
CVE-2019-9494-4.patch 4.27 KB
一键复制 编辑 原始数据 按行查看 历史
hexiaowen 提交于 2019-09-30 23:19 +08:00 . Package init
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125
--- wpa_supplicant-2.6-bak2/src/common/sae.c	2019-07-01 04:54:10.185000000 -0400

+++ wpa_supplicant-2.6/src/common/sae.c	2019-07-01 04:58:09.913000000 -0400

@@ -202,12 +202,14 @@ get_rand_1_to_p_1(const u8 *prime, size_

 

 static int is_quadratic_residue_blind(struct sae_data *sae,

 				      const u8 *prime, size_t bits,

-				      const struct crypto_bignum *qr,

-				      const struct crypto_bignum *qnr,

+				      const u8 *qr, const u8 *qnr,

 				      const struct crypto_bignum *y_sqr)

 {

-	struct crypto_bignum *r, *num;

+	struct crypto_bignum *r, *num, *qr_or_qnr = NULL;

 	int r_odd, check, res = -1;

+	u8 qr_or_qnr_bin[SAE_MAX_ECC_PRIME_LEN];

+	size_t prime_len = sae->tmp->prime_len;

+	unsigned int mask;

 

 	/*

 	 * Use the blinding technique to mask y_sqr while determining

@@ -218,7 +220,7 @@ static int is_quadratic_residue_blind(st

 	 * r = a random number between 1 and p-1, inclusive

 	 * num = (v * r * r) modulo p

 	 */

-	r = get_rand_1_to_p_1(prime, sae->tmp->prime_len, bits, &r_odd);

+	r = get_rand_1_to_p_1(prime, prime_len, bits, &r_odd);

 	if (!r)

 		return -1;

 

@@ -228,41 +230,45 @@ static int is_quadratic_residue_blind(st

 	    crypto_bignum_mulmod(num, r, sae->tmp->prime, num) < 0)

 		goto fail;

 

-	if (r_odd) {

-		/*

-		 * num = (num * qr) module p

-		 * LGR(num, p) = 1 ==> quadratic residue

-		 */

-		if (crypto_bignum_mulmod(num, qr, sae->tmp->prime, num) < 0)

-			goto fail;

-		check = 1;

-	} else {

-		/*

-		 * num = (num * qnr) module p

-		 * LGR(num, p) = -1 ==> quadratic residue

-		 */

-		if (crypto_bignum_mulmod(num, qnr, sae->tmp->prime, num) < 0)

-			goto fail;

-		check = -1;

-	}

+	/*

+	 * Need to minimize differences in handling different cases, so try to

+	 * avoid branches and timing differences.

+	 *

+	 * If r_odd:

+	 * num = (num * qr) module p

+	 * LGR(num, p) = 1 ==> quadratic residue

+	 * else:

+	 * num = (num * qnr) module p

+	 * LGR(num, p) = -1 ==> quadratic residue

+	 */

+	mask = const_time_is_zero(r_odd);

+	const_time_select_bin(mask, qnr, qr, prime_len, qr_or_qnr_bin);

+	qr_or_qnr = crypto_bignum_init_set(qr_or_qnr_bin, prime_len);

+	if (!qr_or_qnr ||

+	    crypto_bignum_mulmod(num, qr_or_qnr, sae->tmp->prime, num) < 0)

+		goto fail;

+	/* r_odd is 0 or 1; branchless version of check = r_odd ? 1 : -1, */

+	check = const_time_select_int(mask, -1, 1);

 

 	res = crypto_bignum_legendre(num, sae->tmp->prime);

 	if (res == -2) {

 		res = -1;

 		goto fail;

 	}

-	res = res == check;

+	/* branchless version of res = res == check

+	 * (res is -1, 0, or 1; check is -1 or 1) */

+	mask = const_time_eq(res, check);

+	res = const_time_select_int(mask, 1, 0);

 fail:

 	crypto_bignum_deinit(num, 1);

 	crypto_bignum_deinit(r, 1);

+	crypto_bignum_deinit(qr_or_qnr, 1);

 	return res;

 }

 

 

 static int sae_test_pwd_seed_ecc(struct sae_data *sae, const u8 *pwd_seed,

-				 const u8 *prime,

-				 const struct crypto_bignum *qr,

-				 const struct crypto_bignum *qnr,

+				 const u8 *prime, const u8 *qr, const u8 *qnr,

 				 u8 *pwd_value)

 {

 	struct crypto_bignum *y_sqr, *x_cand;

@@ -421,6 +427,8 @@ static int sae_derive_pwe_ecc(struct sae

        struct crypto_bignum *x = NULL, *qr = NULL, *qnr = NULL;

        u8 x_bin[SAE_MAX_ECC_PRIME_LEN];

        u8 x_cand_bin[SAE_MAX_ECC_PRIME_LEN];

+       u8 qr_bin[SAE_MAX_ECC_PRIME_LEN];

+       u8 qnr_bin[SAE_MAX_ECC_PRIME_LEN];

 	size_t bits;

        int res = -1;

        u8 found = 0; /* 0 (false) or 0xff (true) to be used as const_time_*

@@ -445,7 +453,9 @@ static int sae_derive_pwe_ecc(struct sae

 	 * (qnr) modulo p for blinding purposes during the loop.

 	 */

 	if (get_random_qr_qnr(prime, prime_len, sae->tmp->prime, bits,

-			      &qr, &qnr) < 0)

+			      &qr, &qnr) < 0 ||

+	    crypto_bignum_to_bin(qr, qr_bin, sizeof(qr_bin), prime_len) < 0 ||

+	    crypto_bignum_to_bin(qnr, qnr_bin, sizeof(qnr_bin), prime_len) < 0)

 		goto fail;

 

 	wpa_hexdump_ascii_key(MSG_DEBUG, "SAE: password",

@@ -487,7 +497,7 @@ static int sae_derive_pwe_ecc(struct sae

 			break;

 

 		res = sae_test_pwd_seed_ecc(sae, pwd_seed,

-                                           prime, qr, qnr, x_cand_bin);

+                                           prime, qr_bin, qnr_bin, x_cand_bin);

                const_time_select_bin(found, x_bin, x_cand_bin, prime_len,

                                      x_bin);

                pwd_seed_odd = const_time_select_u8(
Loading...
马建仓 AI 助手
尝试更多
代码解读
代码找茬
代码优化
1
https://gitee.com/yanglijin/wpa_supplicant.git
[email protected]:yanglijin/wpa_supplicant.git
yanglijin
wpa_supplicant
wpa_supplicant
master
点此查找更多帮助

搜索帮助

Git 命令在线学习 如何在 Gitee 导入 GitHub 仓库
Git 仓库基础操作
企业版和社区版功能对比
SSH 公钥设置
如何处理代码冲突
仓库体积过大,如何减小?
如何找回被删除的仓库数据
Gitee 产品配额说明
GitHub仓库快速导入Gitee及同步更新
什么是 Release(发行版)
将 PHP 项目自动发布到 packagist.org
评论
仓库举报
回到顶部