wpa_supplicant/wpa_supplicant-getrandom.patch

Index: wpa_supplicant-2.9/src/utils/os_unix.c
===================================================================
--- wpa_supplicant-2.9.orig/src/utils/os_unix.c
+++ wpa_supplicant-2.9/src/utils/os_unix.c
@@ -6,11 +6,15 @@
  * See README for more details.
  */
 
+#ifndef _GNU_SOURCE
+#define _GNU_SOURCE
+#endif
 #include "includes.h"
 
 #include <time.h>
 #include <sys/wait.h>
-
+#include <sys/syscall.h>
+#include <unistd.h>
 #ifdef ANDROID
 #include <sys/capability.h>
 #include <sys/prctl.h>
@@ -257,6 +261,10 @@ int os_get_random(unsigned char *buf, si
 		buf[i] = i & 0xff;
 	return 0;
 #else /* TEST_FUZZ */
+#ifdef SYS_getrandom
+    int gr = TEMP_FAILURE_RETRY(syscall(SYS_getrandom, buf, len, 0));
+    return (gr != -1 && gr == len) ? 0 : -1;
+#else /* SYS_getrandom */
 	FILE *f;
 	size_t rc;
 
@@ -269,10 +277,13 @@ int os_get_random(unsigned char *buf, si
 		return -1;
 	}
 
+	setbuf(f, NULL);
+
 	rc = fread(buf, 1, len, f);
 	fclose(f);
 
 	return rc != len ? -1 : 0;
+#endif /* SYS_getrandom */
 #endif /* TEST_FUZZ */
 }
Accepting request 745147 from home:scarabeus_iv:branches:hardware - Update to 2.9 release: * SAE changes - disable use of groups using Brainpool curves - improved protection against side channel attacks [https://w1.fi/security/2019-6/] * EAP-pwd changes - disable use of groups using Brainpool curves - allow the set of groups to be configured (eap_pwd_groups) - improved protection against side channel attacks [https://w1.fi/security/2019-6/] * fixed FT-EAP initial mobility domain association using PMKSA caching (disabled by default for backwards compatibility; can be enabled with ft_eap_pmksa_caching=1) * fixed a regression in OpenSSL 1.1+ engine loading * added validation of RSNE in (Re)Association Response frames * fixed DPP bootstrapping URI parser of channel list * extended EAP-SIM/AKA fast re-authentication to allow use with FILS * extended ca_cert_blob to support PEM format * improved robustness of P2P Action frame scheduling * added support for EAP-SIM/AKA using anonymous@realm identity * fixed Hotspot 2.0 credential selection based on roaming consortium to ignore credentials without a specific EAP method * added experimental support for EAP-TEAP peer (RFC 7170) * added experimental support for EAP-TLS peer with TLS v1.3 * fixed a regression in WMM parameter configuration for a TDLS peer * fixed a regression in operation with drivers that offload 802.1X 4-way handshake * fixed an ECDH operation corner case with OpenSSL * SAE changes - added support for SAE Password Identifier OBS-URL: https://build.opensuse.org/request/show/745147 OBS-URL: https://build.opensuse.org/package/show/hardware/wpa_supplicant?expand=0&rev=97 2019-11-06 11:42:31 +00:00			`Index: wpa_supplicant-2.9/src/utils/os_unix.c`
			`===================================================================`
			`--- wpa_supplicant-2.9.orig/src/utils/os_unix.c`
			`+++ wpa_supplicant-2.9/src/utils/os_unix.c`
Accepting request 360174 from home:elvigia:branches:hardware - Previous update did not include version 2.5 tarball or changed the version number in spec, only the changelog and removed patches. - config: set CONFIG_NO_RANDOM_POOL=y, we have a reliable· random number generator by using /dev/urandom, no need to keep an internal random number pool which draws entropy from /dev/random. - config: prefer using epoll(7) instead of select(2) by setting CONFIG_ELOOP_EPOLL=y - wpa_supplicant-getrandom.patch: Prefer to use the getrandom(2) system call to collect entropy. if it is not present disable buffering when reading /dev/urandom, otherwise each os_get_random() call will request BUFSIZ of entropy instead of the few needed bytes. OBS-URL: https://build.opensuse.org/request/show/360174 OBS-URL: https://build.opensuse.org/package/show/hardware/wpa_supplicant?expand=0&rev=60 2016-02-18 15:55:55 +00:00			`@@ -6,11 +6,15 @@`
			`* See README for more details.`
			`*/`

			`+#ifndef _GNU_SOURCE`
			`+#define _GNU_SOURCE`
			`+#endif`
			`#include "includes.h"`

			`#include <time.h>`
			`#include <sys/wait.h>`
			`-`
			`+#include <sys/syscall.h>`
			`+#include <unistd.h>`
			`#ifdef ANDROID`
			`#include <sys/capability.h>`
			`#include <sys/prctl.h>`
Accepting request 745147 from home:scarabeus_iv:branches:hardware - Update to 2.9 release: * SAE changes - disable use of groups using Brainpool curves - improved protection against side channel attacks [https://w1.fi/security/2019-6/] * EAP-pwd changes - disable use of groups using Brainpool curves - allow the set of groups to be configured (eap_pwd_groups) - improved protection against side channel attacks [https://w1.fi/security/2019-6/] * fixed FT-EAP initial mobility domain association using PMKSA caching (disabled by default for backwards compatibility; can be enabled with ft_eap_pmksa_caching=1) * fixed a regression in OpenSSL 1.1+ engine loading * added validation of RSNE in (Re)Association Response frames * fixed DPP bootstrapping URI parser of channel list * extended EAP-SIM/AKA fast re-authentication to allow use with FILS * extended ca_cert_blob to support PEM format * improved robustness of P2P Action frame scheduling * added support for EAP-SIM/AKA using anonymous@realm identity * fixed Hotspot 2.0 credential selection based on roaming consortium to ignore credentials without a specific EAP method * added experimental support for EAP-TEAP peer (RFC 7170) * added experimental support for EAP-TLS peer with TLS v1.3 * fixed a regression in WMM parameter configuration for a TDLS peer * fixed a regression in operation with drivers that offload 802.1X 4-way handshake * fixed an ECDH operation corner case with OpenSSL * SAE changes - added support for SAE Password Identifier OBS-URL: https://build.opensuse.org/request/show/745147 OBS-URL: https://build.opensuse.org/package/show/hardware/wpa_supplicant?expand=0&rev=97 2019-11-06 11:42:31 +00:00			`@@ -257,6 +261,10 @@ int os_get_random(unsigned char *buf, si`
			`buf[i] = i & 0xff;`
			`return 0;`
			`#else /* TEST_FUZZ */`
Accepting request 360174 from home:elvigia:branches:hardware - Previous update did not include version 2.5 tarball or changed the version number in spec, only the changelog and removed patches. - config: set CONFIG_NO_RANDOM_POOL=y, we have a reliable· random number generator by using /dev/urandom, no need to keep an internal random number pool which draws entropy from /dev/random. - config: prefer using epoll(7) instead of select(2) by setting CONFIG_ELOOP_EPOLL=y - wpa_supplicant-getrandom.patch: Prefer to use the getrandom(2) system call to collect entropy. if it is not present disable buffering when reading /dev/urandom, otherwise each os_get_random() call will request BUFSIZ of entropy instead of the few needed bytes. OBS-URL: https://build.opensuse.org/request/show/360174 OBS-URL: https://build.opensuse.org/package/show/hardware/wpa_supplicant?expand=0&rev=60 2016-02-18 15:55:55 +00:00			`+#ifdef SYS_getrandom`
			`+ int gr = TEMP_FAILURE_RETRY(syscall(SYS_getrandom, buf, len, 0));`
			`+ return (gr != -1 && gr == len) ? 0 : -1;`
Accepting request 745147 from home:scarabeus_iv:branches:hardware - Update to 2.9 release: * SAE changes - disable use of groups using Brainpool curves - improved protection against side channel attacks [https://w1.fi/security/2019-6/] * EAP-pwd changes - disable use of groups using Brainpool curves - allow the set of groups to be configured (eap_pwd_groups) - improved protection against side channel attacks [https://w1.fi/security/2019-6/] * fixed FT-EAP initial mobility domain association using PMKSA caching (disabled by default for backwards compatibility; can be enabled with ft_eap_pmksa_caching=1) * fixed a regression in OpenSSL 1.1+ engine loading * added validation of RSNE in (Re)Association Response frames * fixed DPP bootstrapping URI parser of channel list * extended EAP-SIM/AKA fast re-authentication to allow use with FILS * extended ca_cert_blob to support PEM format * improved robustness of P2P Action frame scheduling * added support for EAP-SIM/AKA using anonymous@realm identity * fixed Hotspot 2.0 credential selection based on roaming consortium to ignore credentials without a specific EAP method * added experimental support for EAP-TEAP peer (RFC 7170) * added experimental support for EAP-TLS peer with TLS v1.3 * fixed a regression in WMM parameter configuration for a TDLS peer * fixed a regression in operation with drivers that offload 802.1X 4-way handshake * fixed an ECDH operation corner case with OpenSSL * SAE changes - added support for SAE Password Identifier OBS-URL: https://build.opensuse.org/request/show/745147 OBS-URL: https://build.opensuse.org/package/show/hardware/wpa_supplicant?expand=0&rev=97 2019-11-06 11:42:31 +00:00			`+#else /* SYS_getrandom */`
Accepting request 360174 from home:elvigia:branches:hardware - Previous update did not include version 2.5 tarball or changed the version number in spec, only the changelog and removed patches. - config: set CONFIG_NO_RANDOM_POOL=y, we have a reliable· random number generator by using /dev/urandom, no need to keep an internal random number pool which draws entropy from /dev/random. - config: prefer using epoll(7) instead of select(2) by setting CONFIG_ELOOP_EPOLL=y - wpa_supplicant-getrandom.patch: Prefer to use the getrandom(2) system call to collect entropy. if it is not present disable buffering when reading /dev/urandom, otherwise each os_get_random() call will request BUFSIZ of entropy instead of the few needed bytes. OBS-URL: https://build.opensuse.org/request/show/360174 OBS-URL: https://build.opensuse.org/package/show/hardware/wpa_supplicant?expand=0&rev=60 2016-02-18 15:55:55 +00:00			`FILE *f;`
			`size_t rc;`

Accepting request 745147 from home:scarabeus_iv:branches:hardware - Update to 2.9 release: * SAE changes - disable use of groups using Brainpool curves - improved protection against side channel attacks [https://w1.fi/security/2019-6/] * EAP-pwd changes - disable use of groups using Brainpool curves - allow the set of groups to be configured (eap_pwd_groups) - improved protection against side channel attacks [https://w1.fi/security/2019-6/] * fixed FT-EAP initial mobility domain association using PMKSA caching (disabled by default for backwards compatibility; can be enabled with ft_eap_pmksa_caching=1) * fixed a regression in OpenSSL 1.1+ engine loading * added validation of RSNE in (Re)Association Response frames * fixed DPP bootstrapping URI parser of channel list * extended EAP-SIM/AKA fast re-authentication to allow use with FILS * extended ca_cert_blob to support PEM format * improved robustness of P2P Action frame scheduling * added support for EAP-SIM/AKA using anonymous@realm identity * fixed Hotspot 2.0 credential selection based on roaming consortium to ignore credentials without a specific EAP method * added experimental support for EAP-TEAP peer (RFC 7170) * added experimental support for EAP-TLS peer with TLS v1.3 * fixed a regression in WMM parameter configuration for a TDLS peer * fixed a regression in operation with drivers that offload 802.1X 4-way handshake * fixed an ECDH operation corner case with OpenSSL * SAE changes - added support for SAE Password Identifier OBS-URL: https://build.opensuse.org/request/show/745147 OBS-URL: https://build.opensuse.org/package/show/hardware/wpa_supplicant?expand=0&rev=97 2019-11-06 11:42:31 +00:00			`@@ -269,10 +277,13 @@ int os_get_random(unsigned char *buf, si`
Accepting request 360174 from home:elvigia:branches:hardware - Previous update did not include version 2.5 tarball or changed the version number in spec, only the changelog and removed patches. - config: set CONFIG_NO_RANDOM_POOL=y, we have a reliable· random number generator by using /dev/urandom, no need to keep an internal random number pool which draws entropy from /dev/random. - config: prefer using epoll(7) instead of select(2) by setting CONFIG_ELOOP_EPOLL=y - wpa_supplicant-getrandom.patch: Prefer to use the getrandom(2) system call to collect entropy. if it is not present disable buffering when reading /dev/urandom, otherwise each os_get_random() call will request BUFSIZ of entropy instead of the few needed bytes. OBS-URL: https://build.opensuse.org/request/show/360174 OBS-URL: https://build.opensuse.org/package/show/hardware/wpa_supplicant?expand=0&rev=60 2016-02-18 15:55:55 +00:00			`return -1;`
			`}`

Accepting request 745147 from home:scarabeus_iv:branches:hardware - Update to 2.9 release: * SAE changes - disable use of groups using Brainpool curves - improved protection against side channel attacks [https://w1.fi/security/2019-6/] * EAP-pwd changes - disable use of groups using Brainpool curves - allow the set of groups to be configured (eap_pwd_groups) - improved protection against side channel attacks [https://w1.fi/security/2019-6/] * fixed FT-EAP initial mobility domain association using PMKSA caching (disabled by default for backwards compatibility; can be enabled with ft_eap_pmksa_caching=1) * fixed a regression in OpenSSL 1.1+ engine loading * added validation of RSNE in (Re)Association Response frames * fixed DPP bootstrapping URI parser of channel list * extended EAP-SIM/AKA fast re-authentication to allow use with FILS * extended ca_cert_blob to support PEM format * improved robustness of P2P Action frame scheduling * added support for EAP-SIM/AKA using anonymous@realm identity * fixed Hotspot 2.0 credential selection based on roaming consortium to ignore credentials without a specific EAP method * added experimental support for EAP-TEAP peer (RFC 7170) * added experimental support for EAP-TLS peer with TLS v1.3 * fixed a regression in WMM parameter configuration for a TDLS peer * fixed a regression in operation with drivers that offload 802.1X 4-way handshake * fixed an ECDH operation corner case with OpenSSL * SAE changes - added support for SAE Password Identifier OBS-URL: https://build.opensuse.org/request/show/745147 OBS-URL: https://build.opensuse.org/package/show/hardware/wpa_supplicant?expand=0&rev=97 2019-11-06 11:42:31 +00:00			`+ setbuf(f, NULL);`
Accepting request 360174 from home:elvigia:branches:hardware - Previous update did not include version 2.5 tarball or changed the version number in spec, only the changelog and removed patches. - config: set CONFIG_NO_RANDOM_POOL=y, we have a reliable· random number generator by using /dev/urandom, no need to keep an internal random number pool which draws entropy from /dev/random. - config: prefer using epoll(7) instead of select(2) by setting CONFIG_ELOOP_EPOLL=y - wpa_supplicant-getrandom.patch: Prefer to use the getrandom(2) system call to collect entropy. if it is not present disable buffering when reading /dev/urandom, otherwise each os_get_random() call will request BUFSIZ of entropy instead of the few needed bytes. OBS-URL: https://build.opensuse.org/request/show/360174 OBS-URL: https://build.opensuse.org/package/show/hardware/wpa_supplicant?expand=0&rev=60 2016-02-18 15:55:55 +00:00			`+`
			`rc = fread(buf, 1, len, f);`
			`fclose(f);`

			`return rc != len ? -1 : 0;`
Accepting request 745147 from home:scarabeus_iv:branches:hardware - Update to 2.9 release: * SAE changes - disable use of groups using Brainpool curves - improved protection against side channel attacks [https://w1.fi/security/2019-6/] * EAP-pwd changes - disable use of groups using Brainpool curves - allow the set of groups to be configured (eap_pwd_groups) - improved protection against side channel attacks [https://w1.fi/security/2019-6/] * fixed FT-EAP initial mobility domain association using PMKSA caching (disabled by default for backwards compatibility; can be enabled with ft_eap_pmksa_caching=1) * fixed a regression in OpenSSL 1.1+ engine loading * added validation of RSNE in (Re)Association Response frames * fixed DPP bootstrapping URI parser of channel list * extended EAP-SIM/AKA fast re-authentication to allow use with FILS * extended ca_cert_blob to support PEM format * improved robustness of P2P Action frame scheduling * added support for EAP-SIM/AKA using anonymous@realm identity * fixed Hotspot 2.0 credential selection based on roaming consortium to ignore credentials without a specific EAP method * added experimental support for EAP-TEAP peer (RFC 7170) * added experimental support for EAP-TLS peer with TLS v1.3 * fixed a regression in WMM parameter configuration for a TDLS peer * fixed a regression in operation with drivers that offload 802.1X 4-way handshake * fixed an ECDH operation corner case with OpenSSL * SAE changes - added support for SAE Password Identifier OBS-URL: https://build.opensuse.org/request/show/745147 OBS-URL: https://build.opensuse.org/package/show/hardware/wpa_supplicant?expand=0&rev=97 2019-11-06 11:42:31 +00:00			`+#endif /* SYS_getrandom */`
			`#endif /* TEST_FUZZ */`
Accepting request 360174 from home:elvigia:branches:hardware - Previous update did not include version 2.5 tarball or changed the version number in spec, only the changelog and removed patches. - config: set CONFIG_NO_RANDOM_POOL=y, we have a reliable· random number generator by using /dev/urandom, no need to keep an internal random number pool which draws entropy from /dev/random. - config: prefer using epoll(7) instead of select(2) by setting CONFIG_ELOOP_EPOLL=y - wpa_supplicant-getrandom.patch: Prefer to use the getrandom(2) system call to collect entropy. if it is not present disable buffering when reading /dev/urandom, otherwise each os_get_random() call will request BUFSIZ of entropy instead of the few needed bytes. OBS-URL: https://build.opensuse.org/request/show/360174 OBS-URL: https://build.opensuse.org/package/show/hardware/wpa_supplicant?expand=0&rev=60 2016-02-18 15:55:55 +00:00			`}`