Commit - rpms/wpa_supplicant - f3c614c6afec20e566656c5b7ec9b5f6fe4872b5

    fix SAE and EAP_PWD vulnerabilities
    
    CVE-2019-9494 (cache attack against SAE)
    CVE-2019-9495 (cache attack against EAP-pwd)
    CVE-2019-9496 (SAE confirm missing state validation in hostapd/AP)
    CVE-2019-9497 (EAP-pwd server not checking for reflection attack)
    CVE-2019-9498 (EAP-pwd server missing commit validation for scalar/element)
    CVE-2019-9499 (EAP-pwd peer missing commit validation for scalar/element)
    
    Signed-off-by: Davide Caratti <dcaratti@redhat.com>

0001-OpenSSL-Use-constant-time-operations-for-private-big.patch

file added

+93

0001-add-sanity-tests-for-standalone-wpa_supplicant.patch

file added

+343

0002-Add-helper-functions-for-constant-time-operations.patch

file added

+218

0003-OpenSSL-Use-constant-time-selection-for-crypto_bignu.patch

file added

+60

0004-EAP-pwd-Use-constant-time-and-memory-access-for-find.patch

file added

+324

0005-SAE-Minimize-timing-differences-in-PWE-derivation.patch

file added

+241

0006-SAE-Avoid-branches-in-is_quadratic_residue_blind.patch

file added

+144

0007-SAE-Mask-timing-of-MODP-groups-22-23-24.patch

file added

+118

0008-SAE-Use-const_time-selection-for-PWE-in-FFC.patch

file added

+105

0009-SAE-Use-constant-time-operations-in-sae_test_pwd_see.patch

file added

+136

0010-SAE-Fix-confirm-message-validation-in-error-cases.patch

file added

+57

0011-EAP-pwd-server-Verify-received-scalar-and-element.patch

file added

+58

0012-EAP-pwd-server-Detect-reflection-attacks.patch

file added

+45

0013-EAP-pwd-client-Verify-received-scalar-and-element.patch

file added

+58

0014-EAP-pwd-Check-element-x-y-coordinates-explicitly.patch

file added

+331

wpa_supplicant.spec

file modified

+31 -1

dcaratti / rpms / wpa_supplicant

Source Code

f3c614c fix SAE and EAP_PWD vulnerabilities

Authored and Committed by dcaratti 5 years ago

`f3c614c` fix SAE and EAP_PWD vulnerabilities