openwrt/package/network/services/hostapd/patches/001-wolfssl-init-RNG-with-ECC-key.patch

From 21ce83b4ae2b9563175fdb4fc4312096cc399cf8 Mon Sep 17 00:00:00 2001
From: David Bauer <[email protected]>
Date: Wed, 5 May 2021 00:44:34 +0200
Subject: [PATCH] wolfssl: add RNG to EC key

Since upstream commit 6467de5a8840 ("Randomize z ordinates in
scalar mult when timing resistant") WolfSSL requires a RNG for
the EC key when built hardened which is the default.

Set the RNG for the EC key to fix connections for OWE clients.

Signed-off-by: David Bauer <[email protected]>
---
 src/crypto/crypto_wolfssl.c | 4 ++++
 1 file changed, 4 insertions(+)

--- a/src/crypto/crypto_wolfssl.c
+++ b/src/crypto/crypto_wolfssl.c
@@ -1340,6 +1340,7 @@ int ecc_projective_add_point(ecc_point *
 
 struct crypto_ec {
 	ecc_key key;
+	WC_RNG rng;
 	mp_int a;
 	mp_int prime;
 	mp_int order;
@@ -1394,6 +1395,8 @@ struct crypto_ec * crypto_ec_init(int gr
 		return NULL;
 
 	if (wc_ecc_init(&e->key) != 0 ||
+	    wc_InitRng(&e->rng) != 0 ||
+	    wc_ecc_set_rng(&e->key, &e->rng) != 0 ||
 	    wc_ecc_set_curve(&e->key, 0, curve_id) != 0 ||
 	    mp_init(&e->a) != MP_OKAY ||
 	    mp_init(&e->prime) != MP_OKAY ||
@@ -1425,6 +1428,7 @@ void crypto_ec_deinit(struct crypto_ec*
 	mp_clear(&e->order);
 	mp_clear(&e->prime);
 	mp_clear(&e->a);
+	wc_FreeRng(&e->rng);
 	wc_ecc_free(&e->key);
 	os_free(e);
 }