[Buildroot] [git commit branch/2022.11.x] package/wpa_supplicant: fix builds with missing sha384 hash functions

[Peter Korsgaard]

commit: https://git.buildroot.net/buildroot/commit/?id=1894957267d1cba00c94521548ec2d2b36bcc560
branch: https://git.buildroot.net/buildroot/commit/?id=refs/heads/2022.11.x

SAE, unlike OWE or DPP, does not explicitly enable support for sha384
hash functions. Possible WPA3 build issue is masked, since all three
SAE/OWE/DPP are included. However, there exist other configurations
that enable only SAE. For instance, one such build configuration is
wpa_supplicant AP mode with mesh support.

This change adds upstream patch that includes sha384 and sha256 hash
functions to builds with SAE support.

Fixes: http://autobuild.buildroot.net/results/f349130985870f4a781cca56c3f551108f81aa3e/

Signed-off-by: Sergey Matyukevich <geomatsi at gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni at bootlin.com>
(cherry picked from commit 93b461bb5e34ec25c9aac3024b41d132736c5dd7)
Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
---
 ...C-SHA384-512-KDF-for-SAE-if-SHA384-512-is.patch | 64 ++++++++++++++++++++++
 1 file changed, 64 insertions(+)

diff --git a/package/wpa_supplicant/0003-Include-HMAC-SHA384-512-KDF-for-SAE-if-SHA384-512-is.patch b/package/wpa_supplicant/0003-Include-HMAC-SHA384-512-KDF-for-SAE-if-SHA384-512-is.patch
new file mode 100644
index 0000000000..98df56e540
--- /dev/null
+++ b/package/wpa_supplicant/0003-Include-HMAC-SHA384-512-KDF-for-SAE-if-SHA384-512-is.patch
@@ -0,0 +1,64 @@
+From c7f71fb8679c4cdd2607dbaac467a1d5efe9f0f9 Mon Sep 17 00:00:00 2001
+From: Jouni Malinen <j at w1.fi>
+Date: Sun, 17 Apr 2022 12:28:41 +0300
+Subject: [PATCH] Include HMAC-SHA384/512 KDF for SAE if SHA384/512 is included
+
+It was possible to miss the HMAC functions if some other build
+configuration parameters ended up setting NEED_SHA384/512=y.
+
+Upstream: https://w1.fi/cgit/hostap/commit/?id=c7f71fb8679c4cdd2607dbaac467a1d5efe9f0f9
+
+Signed-off-by: Jouni Malinen <j at w1.fi>
+Signed-off-by: Sergey Matyukevich <geomatsi at gmail.com>
+---
+ wpa_supplicant/Android.mk | 11 +++++++++++
+ wpa_supplicant/Makefile   | 11 +++++++++++
+ 2 files changed, 22 insertions(+)
+
+diff --git a/wpa_supplicant/Android.mk b/wpa_supplicant/Android.mk
+index 0e0ce467c..bcdbd6c90 100644
+--- a/wpa_supplicant/Android.mk
++++ b/wpa_supplicant/Android.mk
+@@ -1361,6 +1361,17 @@ endif
+ endif
+ endif
+ 
++ifdef CONFIG_SAE
++ifdef NEED_SHA384
++# Need to add HMAC-SHA384 KDF as well, if SHA384 was enabled.
++NEED_HMAC_SHA384_KDF=y
++endif
++ifdef NEED_SHA512
++# Need to add HMAC-SHA512 KDF as well, if SHA512 was enabled.
++NEED_HMAC_SHA512_KDF=y
++endif
++endif
++
+ SHA256OBJS = # none by default
+ L_CFLAGS += -DCONFIG_SHA256
+ ifneq ($(CONFIG_TLS), openssl)
+diff --git a/wpa_supplicant/Makefile b/wpa_supplicant/Makefile
+index ed49aa972..69c80121c 100644
+--- a/wpa_supplicant/Makefile
++++ b/wpa_supplicant/Makefile
+@@ -1475,6 +1475,17 @@ endif
+ endif
+ endif
+ 
++ifdef CONFIG_SAE
++ifdef NEED_SHA384
++# Need to add HMAC-SHA384 KDF as well, if SHA384 was enabled.
++NEED_HMAC_SHA384_KDF=y
++endif
++ifdef NEED_SHA512
++# Need to add HMAC-SHA512 KDF as well, if SHA512 was enabled.
++NEED_HMAC_SHA512_KDF=y
++endif
++endif
++
+ SHA256OBJS = # none by default
+ CFLAGS += -DCONFIG_SHA256
+ ifneq ($(CONFIG_TLS), openssl)
+-- 
+2.39.2
+