wpa_supplicant/CVE-2019-13377-3.patch

From ee34d8cfbd0fbf7ba7429531d4bee1c43b074d8b Mon Sep 17 00:00:00 2001
From: Jouni Malinen <jouni@codeaurora.org>
Date: Thu, 25 Apr 2019 19:23:05 +0300
Subject: [PATCH 3/6] OpenSSL: Use BN_bn2binpad() or BN_bn2bin_padded() if
 available

This converts crypto_bignum_to_bin() to use the OpenSSL/BoringSSL
functions BN_bn2binpad()/BN_bn2bin_padded(), when available, to avoid
differences in runtime and memory access patterns depending on the
leading bytes of the BIGNUM value.

OpenSSL 1.0.2 and LibreSSL do not include such functions, so those cases
are still using the previous implementation where the BN_num_bytes()
call may result in different memory access pattern.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
(cherry picked from commit 1e237903f5b5d3117342daf006c5878cdb45e3d3)
---
 src/crypto/crypto_openssl.c | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/src/crypto/crypto_openssl.c b/src/crypto/crypto_openssl.c
index 748a7ad..00b61b9 100644
--- a/src/crypto/crypto_openssl.c
+++ b/src/crypto/crypto_openssl.c
@@ -1129,14 +1129,27 @@ void crypto_bignum_deinit(struct crypto_bignum *n, int clear)
 int crypto_bignum_to_bin(const struct crypto_bignum *a,
 			 u8 *buf, size_t buflen, size_t padlen)
 {
+#ifdef OPENSSL_IS_BORINGSSL
+#else /* OPENSSL_IS_BORINGSSL */
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+#else
 	int num_bytes, offset;
+#endif
+#endif /* OPENSSL_IS_BORINGSSL */
 
 	if (TEST_FAIL())
 		return -1;
 
 	if (padlen > buflen)
 		return -1;
-
+#ifdef OPENSSL_IS_BORINGSSL
+       if (BN_bn2bin_padded(buf, padlen, (const BIGNUM *) a) == 0)
+               return -1;
+       return padlen;
+#else /* OPENSSL_IS_BORINGSSL */
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+       return BN_bn2binpad((const BIGNUM *) a, buf, padlen);
+#else
 	num_bytes = BN_num_bytes((const BIGNUM *) a);
 	if ((size_t) num_bytes > buflen)
 		return -1;
@@ -1149,6 +1162,8 @@ int crypto_bignum_to_bin(const struct crypto_bignum *a,
 	BN_bn2bin((const BIGNUM *) a, buf + offset);
 
 	return num_bytes + offset;
+#endif
+#endif /* OPENSSL_IS_BORINGSSL */
 }
 
 
-- 
2.23.0
fix CVE-2019-13377 2020-12-24 19:56:42 +08:00			`From ee34d8cfbd0fbf7ba7429531d4bee1c43b074d8b Mon Sep 17 00:00:00 2001`
			`From: Jouni Malinen <jouni@codeaurora.org>`
			`Date: Thu, 25 Apr 2019 19:23:05 +0300`
			`Subject: [PATCH 3/6] OpenSSL: Use BN_bn2binpad() or BN_bn2bin_padded() if`
			`available`

			`This converts crypto_bignum_to_bin() to use the OpenSSL/BoringSSL`
			`functions BN_bn2binpad()/BN_bn2bin_padded(), when available, to avoid`
			`differences in runtime and memory access patterns depending on the`
			`leading bytes of the BIGNUM value.`

			`OpenSSL 1.0.2 and LibreSSL do not include such functions, so those cases`
			`are still using the previous implementation where the BN_num_bytes()`
			`call may result in different memory access pattern.`

			`Signed-off-by: Jouni Malinen <jouni@codeaurora.org>`
			`(cherry picked from commit 1e237903f5b5d3117342daf006c5878cdb45e3d3)`
			`---`
			`src/crypto/crypto_openssl.c \| 16 ++++++++++++++++`
			`1 file changed, 16 insertions(+)`

			`diff --git a/src/crypto/crypto_openssl.c b/src/crypto/crypto_openssl.c`
			`index 748a7ad..00b61b9 100644`
			`--- a/src/crypto/crypto_openssl.c`
			`+++ b/src/crypto/crypto_openssl.c`
			`@@ -1129,14 +1129,27 @@ void crypto_bignum_deinit(struct crypto_bignum *n, int clear)`
			`int crypto_bignum_to_bin(const struct crypto_bignum *a,`
			`u8 *buf, size_t buflen, size_t padlen)`
			`{`
			`+#ifdef OPENSSL_IS_BORINGSSL`
			`+#else /* OPENSSL_IS_BORINGSSL */`
			`+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)`
			`+#else`
			`int num_bytes, offset;`
			`+#endif`
			`+#endif /* OPENSSL_IS_BORINGSSL */`

			`if (TEST_FAIL())`
			`return -1;`

			`if (padlen > buflen)`
			`return -1;`
			`-`
			`+#ifdef OPENSSL_IS_BORINGSSL`
			`+ if (BN_bn2bin_padded(buf, padlen, (const BIGNUM *) a) == 0)`
			`+ return -1;`
			`+ return padlen;`
			`+#else /* OPENSSL_IS_BORINGSSL */`
			`+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)`
			`+ return BN_bn2binpad((const BIGNUM *) a, buf, padlen);`
			`+#else`
			`num_bytes = BN_num_bytes((const BIGNUM *) a);`
			`if ((size_t) num_bytes > buflen)`
			`return -1;`
			`@@ -1149,6 +1162,8 @@ int crypto_bignum_to_bin(const struct crypto_bignum *a,`
			`BN_bn2bin((const BIGNUM *) a, buf + offset);`

			`return num_bytes + offset;`
			`+#endif`
			`+#endif /* OPENSSL_IS_BORINGSSL */`
			`}`


			`--`
			`2.23.0`