From: Adrian Bunk <bunk@stusta.de>
To: akuster808 <akuster808@gmail.com>
Cc: openembedded-core@lists.openembedded.org
Subject: Re: [warrior][PATCH] wpa-supplicant: Fix CVE-2019-9494 CVE-2019-9495 CVE-2019-9496 CVE-2019-9497 CVE-2019-9498 CVE-2019-9499 CVE-2019-11555
Date: Wed, 19 Jun 2019 21:56:46 +0300 [thread overview]
Message-ID: <20190619185646.GB4497@localhost> (raw)
In-Reply-To: <728b6a5f-cc41-3127-4f22-c9bd241208e0@gmail.com>
On Wed, Jun 19, 2019 at 11:30:59AM -0700, akuster808 wrote:
>
>
> On 6/19/19 11:04 AM, Adrian Bunk wrote:
> > Signed-off-by: Adrian Bunk <bunk@stusta.de>
> > ---
> > ...erver-Fix-reassembly-buffer-handling.patch | 48 +++
> > ...tant-time-operations-for-private-big.patch | 97 +++++
> > ...nctions-for-constant-time-operations.patch | 222 ++++++++++++
> > ...-peer-Fix-reassembly-buffer-handling.patch | 48 +++
> > ...tant-time-selection-for-crypto_bignu.patch | 64 ++++
> > ...tant-time-and-memory-access-for-find.patch | 327 +++++++++++++++++
> > ...timing-differences-in-PWE-derivation.patch | 244 +++++++++++++
> > ...anches-in-is_quadratic_residue_blind.patch | 147 ++++++++
> > ...-Mask-timing-of-MODP-groups-22-23-24.patch | 121 +++++++
> > ...-const_time-selection-for-PWE-in-FFC.patch | 108 ++++++
> > ...-time-operations-in-sae_test_pwd_see.patch | 139 ++++++++
> > ...rm-message-validation-in-error-cases.patch | 60 ++++
> > ...r-Verify-received-scalar-and-element.patch | 61 ++++
> > ...pwd-server-Detect-reflection-attacks.patch | 48 +++
> > ...t-Verify-received-scalar-and-element.patch | 61 ++++
> > ...k-element-x-y-coordinates-explicitly.patch | 335 ++++++++++++++++++
> > .../wpa-supplicant/wpa-supplicant_2.7.bb | 16 +
> > 17 files changed, 2146 insertions(+)
> > create mode 100644 meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-EAP-pwd-server-Fix-reassembly-buffer-handling.patch
> > create mode 100644 meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-OpenSSL-Use-constant-time-operations-for-private-big.patch
> > create mode 100644 meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0002-Add-helper-functions-for-constant-time-operations.patch
> > create mode 100644 meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0003-EAP-pwd-peer-Fix-reassembly-buffer-handling.patch
> > create mode 100644 meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0003-OpenSSL-Use-constant-time-selection-for-crypto_bignu.patch
> > create mode 100644 meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0004-EAP-pwd-Use-constant-time-and-memory-access-for-find.patch
> > create mode 100644 meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0005-SAE-Minimize-timing-differences-in-PWE-derivation.patch
> > create mode 100644 meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0006-SAE-Avoid-branches-in-is_quadratic_residue_blind.patch
> > create mode 100644 meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0007-SAE-Mask-timing-of-MODP-groups-22-23-24.patch
> > create mode 100644 meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0008-SAE-Use-const_time-selection-for-PWE-in-FFC.patch
> > create mode 100644 meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0009-SAE-Use-constant-time-operations-in-sae_test_pwd_see.patch
> > create mode 100644 meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0010-SAE-Fix-confirm-message-validation-in-error-cases.patch
> > create mode 100644 meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0011-EAP-pwd-server-Verify-received-scalar-and-element.patch
> > create mode 100644 meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0012-EAP-pwd-server-Detect-reflection-attacks.patch
> > create mode 100644 meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0013-EAP-pwd-client-Verify-received-scalar-and-element.patch
> > create mode 100644 meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0014-EAP-pwd-Check-element-x-y-coordinates-explicitly.patch
>
> A simple "affects: < {version}" help RP and myself from asking if master
> is affected.
>
> So is this fixed in master?
Sorry for that, yes they are already fixed in master.
> - armin
cu
Adrian
--
"Is there not promise of rain?" Ling Tan asked suddenly out
of the darkness. There had been need of rain for many days.
"Only a promise," Lao Er said.
Pearl S. Buck - Dragon Seed
prev parent reply other threads:[~2019-06-19 18:56 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-06-19 18:04 [warrior][PATCH] wpa-supplicant: Fix CVE-2019-9494 CVE-2019-9495 CVE-2019-9496 CVE-2019-9497 CVE-2019-9498 CVE-2019-9499 CVE-2019-11555 Adrian Bunk
2019-06-19 18:30 ` ✗ patchtest: failure for " Patchwork
2019-06-19 18:30 ` [warrior][PATCH] " akuster808
2019-06-19 18:56 ` Adrian Bunk [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190619185646.GB4497@localhost \
--to=bunk@stusta.de \
--cc=akuster808@gmail.com \
--cc=openembedded-core@lists.openembedded.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox