commit 81f62d8b157eaf8f9ea3fd74d571b30e4aadd954
author Hai Shalom <haishalom@google.com> Mon Jul 22 12:10:00 2019 -0700
committer Hai Shalom <haishalom@google.com> Tue Jul 23 08:38:09 2019 -0700
tree 64478039a5e0a026cbaa22eddd8324063c5a1376
parent f1c9764c0e022457636216594483865aea6a1286

[wpa_supplicant] Cumulative patch from b8491ae5a

Also revert local solution for encrypted IMSI and use the upstream version.

Bug: 134177972
Test: Device boots up and connects to WPA3/OWE wifi networks, run traffic.
Test: Able to turn on/off softap, associate wifi STA, run traffic.
Test: Regression test passed (Bug: 137653009)
Change-Id: Ie34a0138a3a2039b03101c788b43acbb33f8332a

src/crypto/crypto_openssl.c

diff --git a/src/crypto/crypto_openssl.c b/src/crypto/crypto_openssl.c
index 1b0c1ec..fb278c2 100644
--- a/src/crypto/crypto_openssl.c
+++ b/src/crypto/crypto_openssl.c
@@ -570,8 +570,8 @@
 		failed = !q || !ctx || !tmp ||
 			!BN_mod_exp(tmp, pub, q, p, ctx) ||
 			!BN_is_one(tmp);
-		BN_clear(q);
-		BN_clear(tmp);
+		BN_clear_free(q);
+		BN_clear_free(tmp);
 		BN_CTX_free(ctx);
 		if (failed)
 			goto fail;
@@ -580,8 +580,8 @@
 	res = crypto_mod_exp(pubkey, pubkey_len, privkey, privkey_len,
 			     prime, prime_len, secret, len);
 fail:
-	BN_clear(pub);
-	BN_clear(p);
+	BN_clear_free(pub);
+	BN_clear_free(p);
 	return res;
 }
 
@@ -1295,7 +1295,13 @@
 int crypto_bignum_to_bin(const struct crypto_bignum *a,
 			 u8 *buf, size_t buflen, size_t padlen)
 {
+#ifdef OPENSSL_IS_BORINGSSL
+#else /* OPENSSL_IS_BORINGSSL */
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+#else
 	int num_bytes, offset;
+#endif
+#endif /* OPENSSL_IS_BORINGSSL */
 
 	if (TEST_FAIL())
 		return -1;
@@ -1303,6 +1309,14 @@
 	if (padlen > buflen)
 		return -1;
 
+#ifdef OPENSSL_IS_BORINGSSL
+	if (BN_bn2bin_padded(buf, padlen, (const BIGNUM *) a) == 0)
+		return -1;
+	return padlen;
+#else /* OPENSSL_IS_BORINGSSL */
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+	return BN_bn2binpad((const BIGNUM *) a, buf, padlen);
+#else
 	num_bytes = BN_num_bytes((const BIGNUM *) a);
 	if ((size_t) num_bytes > buflen)
 		return -1;
@@ -1315,6 +1329,8 @@
 	BN_bn2bin((const BIGNUM *) a, buf + offset);
 
 	return num_bytes + offset;
+#endif
+#endif /* OPENSSL_IS_BORINGSSL */
 }
 
 
@@ -1476,12 +1492,6 @@
 }
 
 
-int crypto_bignum_bits(const struct crypto_bignum *a)
-{
-	return BN_num_bits((const BIGNUM *) a);
-}
-
-
 int crypto_bignum_is_zero(const struct crypto_bignum *a)
 {
 	return BN_is_zero((const BIGNUM *) a);
@@ -1870,7 +1880,7 @@
 {
 	struct crypto_ecdh *ecdh;
 	EVP_PKEY *params = NULL;
-	EC_KEY *ec_params;
+	EC_KEY *ec_params = NULL;
 	EVP_PKEY_CTX *kctx = NULL;
 
 	ecdh = os_zalloc(sizeof(*ecdh));
@@ -1913,6 +1923,7 @@
 	}
 
 done:
+	EC_KEY_free(ec_params);
 	EVP_PKEY_free(params);
 	EVP_PKEY_CTX_free(kctx);