summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorFelix Fietkau <nbd@openwrt.org>2013-11-18 13:54:26 +0000
committerFelix Fietkau <nbd@openwrt.org>2013-11-18 13:54:26 +0000
commitcd1c8d463fff62f0798e514959d104be9320c87f (patch)
treee2364416bf56871cbb97e236ce1f0b891ac10bd5
parentedc8ac624641c23c0c081c33dac6ed068c39ca72 (diff)
downloadmtk-20170518-cd1c8d463fff62f0798e514959d104be9320c87f.zip
mtk-20170518-cd1c8d463fff62f0798e514959d104be9320c87f.tar.gz
mtk-20170518-cd1c8d463fff62f0798e514959d104be9320c87f.tar.bz2
hostapd: remove random pool support - the entropy it gathers is questionable and we have better entropy sources on common platforms now
Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 38852
-rw-r--r--package/network/services/hostapd/files/hostapd-full.config1
-rw-r--r--package/network/services/hostapd/files/hostapd-mini.config1
-rw-r--r--package/network/services/hostapd/files/wpa_supplicant-full.config1
-rw-r--r--package/network/services/hostapd/files/wpa_supplicant-mini.config1
-rw-r--r--package/network/services/hostapd/files/wpa_supplicant-p2p.config1
-rw-r--r--package/network/services/hostapd/patches/500-random_pool_add_kernel.patch177
6 files changed, 5 insertions, 177 deletions
diff --git a/package/network/services/hostapd/files/hostapd-full.config b/package/network/services/hostapd/files/hostapd-full.config
index ae0c7cc..2b71781 100644
--- a/package/network/services/hostapd/files/hostapd-full.config
+++ b/package/network/services/hostapd/files/hostapd-full.config
@@ -158,6 +158,7 @@ CONFIG_INTERNAL_LIBTOMMATH=y
CONFIG_INTERNAL_AES=y
NEED_AES_DEC=y
+CONFIG_NO_RANDOM_POOL=y
CONFIG_NO_DUMP_STATE=y
CONFIG_WPS=y
diff --git a/package/network/services/hostapd/files/hostapd-mini.config b/package/network/services/hostapd/files/hostapd-mini.config
index eada893..0f0284b 100644
--- a/package/network/services/hostapd/files/hostapd-mini.config
+++ b/package/network/services/hostapd/files/hostapd-mini.config
@@ -154,6 +154,7 @@ CONFIG_NO_RADIUS=y
CONFIG_TLS=internal
+CONFIG_NO_RANDOM_POOL=y
CONFIG_NO_DUMP_STATE=y
CONFIG_UBUS=y
diff --git a/package/network/services/hostapd/files/wpa_supplicant-full.config b/package/network/services/hostapd/files/wpa_supplicant-full.config
index f5abbad..bbfaa73 100644
--- a/package/network/services/hostapd/files/wpa_supplicant-full.config
+++ b/package/network/services/hostapd/files/wpa_supplicant-full.config
@@ -403,6 +403,7 @@ CONFIG_INTERNAL_LIBTOMMATH_FAST=y
#LIBS_p += -lbfd -liberty -lz
#LIBS_c += -lbfd -liberty -lz
+CONFIG_NO_RANDOM_POOL=y
NEED_80211_COMMON=y
CONFIG_IBSS_RSN=y
diff --git a/package/network/services/hostapd/files/wpa_supplicant-mini.config b/package/network/services/hostapd/files/wpa_supplicant-mini.config
index 772e1d9..a33e6f0 100644
--- a/package/network/services/hostapd/files/wpa_supplicant-mini.config
+++ b/package/network/services/hostapd/files/wpa_supplicant-mini.config
@@ -403,4 +403,5 @@ CONFIG_TLS=internal
#LIBS_p += -lbfd -liberty -lz
#LIBS_c += -lbfd -liberty -lz
+CONFIG_NO_RANDOM_POOL=y
NEED_80211_COMMON=y
diff --git a/package/network/services/hostapd/files/wpa_supplicant-p2p.config b/package/network/services/hostapd/files/wpa_supplicant-p2p.config
index 2ec32ab..82e0bf0 100644
--- a/package/network/services/hostapd/files/wpa_supplicant-p2p.config
+++ b/package/network/services/hostapd/files/wpa_supplicant-p2p.config
@@ -403,6 +403,7 @@ CONFIG_INTERNAL_LIBTOMMATH_FAST=y
#LIBS_p += -lbfd -liberty -lz
#LIBS_c += -lbfd -liberty -lz
+CONFIG_NO_RANDOM_POOL=y
NEED_80211_COMMON=y
CONFIG_IBSS_RSN=y
diff --git a/package/network/services/hostapd/patches/500-random_pool_add_kernel.patch b/package/network/services/hostapd/patches/500-random_pool_add_kernel.patch
deleted file mode 100644
index b47143d..0000000
--- a/package/network/services/hostapd/patches/500-random_pool_add_kernel.patch
+++ /dev/null
@@ -1,177 +0,0 @@
---- a/src/crypto/random.c
-+++ b/src/crypto/random.c
-@@ -25,6 +25,7 @@
- #include "utils/includes.h"
- #ifdef __linux__
- #include <fcntl.h>
-+#include <sys/stat.h>
- #endif /* __linux__ */
-
- #include "utils/common.h"
-@@ -33,6 +34,8 @@
- #include "sha1.h"
- #include "random.h"
-
-+#define RANDOM_STAMPFILE "/var/run/.random_available"
-+
- #define POOL_WORDS 32
- #define POOL_WORDS_MASK (POOL_WORDS - 1)
- #define POOL_TAP1 26
-@@ -43,6 +46,8 @@
- #define EXTRACT_LEN 16
- #define MIN_READY_MARK 2
-
-+#ifndef CONFIG_NO_RANDOM_POOL
-+
- static u32 pool[POOL_WORDS];
- static unsigned int input_rotate = 0;
- static unsigned int pool_pos = 0;
-@@ -123,7 +128,7 @@ static void random_extract(u8 *out)
- }
-
-
--void random_add_randomness(const void *buf, size_t len)
-+static void random_pool_add_randomness(const void *buf, size_t len)
- {
- struct os_time t;
- static unsigned int count = 0;
-@@ -213,16 +218,22 @@ int random_get_bytes(void *buf, size_t l
- int random_pool_ready(void)
- {
- #ifdef __linux__
-+ struct stat st;
- int fd;
- ssize_t res;
-
-+ if (stat(RANDOM_STAMPFILE, &st) == 0)
-+ return 1;
-+
- /*
- * Make sure that there is reasonable entropy available before allowing
- * some key derivation operations to proceed.
- */
-
-- if (dummy_key_avail == sizeof(dummy_key))
-+ if (dummy_key_avail == sizeof(dummy_key)) {
-+ random_mark_pool_ready();
- return 1; /* Already initialized - good to continue */
-+ }
-
- /*
- * Try to fetch some more data from the kernel high quality
-@@ -257,6 +268,7 @@ int random_pool_ready(void)
- if (dummy_key_avail == sizeof(dummy_key)) {
- if (own_pool_ready < MIN_READY_MARK)
- own_pool_ready = MIN_READY_MARK;
-+ random_mark_pool_ready();
- random_write_entropy();
- return 1;
- }
-@@ -269,6 +281,7 @@ int random_pool_ready(void)
- total_collected + 10 * own_pool_ready > MIN_COLLECT_ENTROPY) {
- wpa_printf(MSG_INFO, "random: Allow operation to proceed "
- "based on internal entropy");
-+ random_mark_pool_ready();
- return 1;
- }
-
-@@ -284,10 +297,16 @@ int random_pool_ready(void)
-
- void random_mark_pool_ready(void)
- {
-+ int fd;
-+
- own_pool_ready++;
- wpa_printf(MSG_DEBUG, "random: Mark internal entropy pool to be "
- "ready (count=%u/%u)", own_pool_ready, MIN_READY_MARK);
- random_write_entropy();
-+
-+ fd = open(RANDOM_STAMPFILE, O_CREAT | O_WRONLY | O_EXCL | O_NOFOLLOW, 0600);
-+ if (fd >= 0)
-+ close(fd);
- }
-
-
-@@ -444,3 +463,22 @@ void random_deinit(void)
- os_free(random_entropy_file);
- random_entropy_file = NULL;
- }
-+
-+#endif /* CONFIG_NO_RANDOM_POOL */
-+
-+
-+void random_add_randomness(const void *buf, size_t len)
-+{
-+#ifdef __linux__
-+ int fd;
-+
-+ fd = open("/dev/random", O_RDWR);
-+ if (fd >= 0) {
-+ write(fd, buf, len);
-+ close(fd);
-+ }
-+#endif
-+#ifndef CONFIG_NO_RANDOM_POOL
-+ random_pool_add_randomness(buf, len);
-+#endif
-+}
---- a/wpa_supplicant/Makefile
-+++ b/wpa_supplicant/Makefile
-@@ -1236,9 +1236,8 @@ endif
-
- ifdef CONFIG_NO_RANDOM_POOL
- CFLAGS += -DCONFIG_NO_RANDOM_POOL
--else
--OBJS += ../src/crypto/random.o
- endif
-+OBJS += ../src/crypto/random.o
-
- ifdef CONFIG_CTRL_IFACE
- ifeq ($(CONFIG_CTRL_IFACE), y)
---- a/wpa_supplicant/Android.mk
-+++ b/wpa_supplicant/Android.mk
-@@ -1208,9 +1208,8 @@ endif
-
- ifdef CONFIG_NO_RANDOM_POOL
- L_CFLAGS += -DCONFIG_NO_RANDOM_POOL
--else
--OBJS += src/crypto/random.c
- endif
-+OBJS += src/crypto/random.c
-
- ifdef CONFIG_CTRL_IFACE
- ifeq ($(CONFIG_CTRL_IFACE), y)
---- a/hostapd/Android.mk
-+++ b/hostapd/Android.mk
-@@ -785,12 +785,12 @@ endif
- ifdef CONFIG_NO_RANDOM_POOL
- L_CFLAGS += -DCONFIG_NO_RANDOM_POOL
- else
--OBJS += src/crypto/random.c
--HOBJS += src/crypto/random.c
- HOBJS += src/utils/eloop.c
- HOBJS += $(SHA1OBJS)
- HOBJS += src/crypto/md5.c
- endif
-+OBJS += src/crypto/random.c
-+HOBJS += src/crypto/random.c
-
- ifdef CONFIG_RADIUS_SERVER
- L_CFLAGS += -DRADIUS_SERVER
---- a/hostapd/Makefile
-+++ b/hostapd/Makefile
-@@ -755,12 +755,12 @@ endif
- ifdef CONFIG_NO_RANDOM_POOL
- CFLAGS += -DCONFIG_NO_RANDOM_POOL
- else
--OBJS += ../src/crypto/random.o
--HOBJS += ../src/crypto/random.o
- HOBJS += ../src/utils/eloop.o
- HOBJS += $(SHA1OBJS)
- HOBJS += ../src/crypto/md5.o
- endif
-+OBJS += ../src/crypto/random.o
-+HOBJS += ../src/crypto/random.o
-
- ifdef CONFIG_RADIUS_SERVER
- CFLAGS += -DRADIUS_SERVER