wpa_supplicant/CVE-2019-9494-5.patch

--- wpa_supplicant-2.6-bak2/src/common/sae.c	2019-07-01 05:05:26.086000000 -0400
+++ wpa_supplicant-2.6/src/common/sae.c	2019-07-01 05:22:08.799000000 -0400
@@ -561,21 +561,26 @@ fail:
 }
 
 
+static int sae_modp_group_require_masking(int group)
+{
+       /* Groups for which pwd-value is likely to be >= p frequently */
+       return group == 22 || group == 23 || group == 24;
+}
+
+
 static int sae_derive_pwe_ffc(struct sae_data *sae, const u8 *addr1,
 			      const u8 *addr2, const u8 *password,
 			      size_t password_len)
 {
-	u8 counter;
+       u8 counter, k;
 	u8 addrs[2 * ETH_ALEN];
 	const u8 *addr[2];
 	size_t len[2];
 	int found = 0;
+       struct crypto_bignum *pwe = NULL;
 
-	if (sae->tmp->pwe_ffc == NULL) {
-		sae->tmp->pwe_ffc = crypto_bignum_init();
-		if (sae->tmp->pwe_ffc == NULL)
-			return -1;
-	}
+       crypto_bignum_deinit(sae->tmp->pwe_ffc, 1);
+       sae->tmp->pwe_ffc = NULL;
 
 	wpa_hexdump_ascii_key(MSG_DEBUG, "SAE: password",
 			      password, password_len);
@@ -592,7 +597,9 @@ static int sae_derive_pwe_ffc(struct sae
 	addr[1] = &counter;
 	len[1] = sizeof(counter);
 
-	for (counter = 1; !found; counter++) {
+       k = sae_modp_group_require_masking(sae->group) ? 40 : 1;
+
+       for (counter = 1; counter <= k || !found; counter++) {
 		u8 pwd_seed[SHA256_MAC_LEN];
 		int res;
 
@@ -602,19 +609,30 @@ static int sae_derive_pwe_ffc(struct sae
 			break;
 		}
 
-		wpa_printf(MSG_DEBUG, "SAE: counter = %u", counter);
+               wpa_printf(MSG_DEBUG, "SAE: counter = %02u", counter);
 		if (hmac_sha256_vector(addrs, sizeof(addrs), 2, addr, len,
 				       pwd_seed) < 0)
 			break;
-		res = sae_test_pwd_seed_ffc(sae, pwd_seed, sae->tmp->pwe_ffc);
+               if (!pwe) {
+                       pwe = crypto_bignum_init();
+                       if (!pwe)
+                               break;
+               }
+               res = sae_test_pwd_seed_ffc(sae, pwd_seed, pwe);
 		if (res < 0)
 			break;
 		if (res > 0) {
-			wpa_printf(MSG_DEBUG, "SAE: Use this PWE");
 			found = 1;
+                       if (!sae->tmp->pwe_ffc) {
+                               wpa_printf(MSG_DEBUG, "SAE: Use this PWE");
+                               sae->tmp->pwe_ffc = pwe;
+                               pwe = NULL;
+                       }
 		}
 	}
 
+       crypto_bignum_deinit(pwe, 1);
+
 	return found ? 0 : -1;
 }