diff options
author | Hauke Mehrtens <hauke@hauke-m.de> | 2019-05-04 01:52:25 +0200 |
---|---|---|
committer | Hauke Mehrtens <hauke@hauke-m.de> | 2019-09-22 17:39:26 +0200 |
commit | 8af79550e6c280717660f66032d89d21007b15d2 (patch) | |
tree | f504628ab40056a8eed34f9b423c8be8fb0e38ed /package/network/services/hostapd/patches/066-0000-SAE-Reject-unsuitable-groups-based-on-REVmd-changes.patch | |
parent | a03219ba09a55ad49926e5c2d60ddff095fe5096 (diff) | |
download | upstream-8af79550e6c280717660f66032d89d21007b15d2.tar.gz upstream-8af79550e6c280717660f66032d89d21007b15d2.tar.bz2 upstream-8af79550e6c280717660f66032d89d21007b15d2.zip |
hostapd: Update to version 2.8 (2019-04-21)
This also syncs the configuration files with the default configuration
files, but no extra options are activated or deactivated.
The mesh patches were partially merged into hostapd 2.8, the remaining
patches were extracted from patchwork and are now applied by OpenWrt.
The patches still have open questions which are not fixed by the author.
They were taken from this page:
https://patchwork.ozlabs.org/project/hostap/list/?series=62725&state=*
The changes in 007-mesh-apply-channel-attributes-before-running-Mesh.patch
where first applied to hostapd, but later reverted in hostapd commit
3e949655ccc5 because they caused memory leaks.
The size of the ipkgs increase a bit (between 1.3% and 2.3%):
old 2018-12-02 (2.7):
283337 wpad-basic_2018-12-02-c2c6c01b-11_mipsel_24kc.ipk
252857 wpad-mini_2018-12-02-c2c6c01b-11_mipsel_24kc.ipk
417473 wpad-openssl_2018-12-02-c2c6c01b-11_mipsel_24kc.ipk
415105 wpad-wolfssl_2018-12-02-c2c6c01b-11_mipsel_24kc.ipk
new 2019-04-21 (2.8):
288264 wpad-basic_2019-04-21-63962824-1_mipsel_24kc.ipk
256188 wpad-mini_2019-04-21-63962824-1_mipsel_24kc.ipk
427475 wpad-openssl_2019-04-21-63962824-1_mipsel_24kc.ipk
423071 wpad-wolfssl_2019-04-21-63962824-1_mipsel_24kc.ipk
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Tested-by: Stefan Lippers-Hollmann <s.l-h@gmx.de>
Diffstat (limited to 'package/network/services/hostapd/patches/066-0000-SAE-Reject-unsuitable-groups-based-on-REVmd-changes.patch')
-rw-r--r-- | package/network/services/hostapd/patches/066-0000-SAE-Reject-unsuitable-groups-based-on-REVmd-changes.patch | 54 |
1 files changed, 0 insertions, 54 deletions
diff --git a/package/network/services/hostapd/patches/066-0000-SAE-Reject-unsuitable-groups-based-on-REVmd-changes.patch b/package/network/services/hostapd/patches/066-0000-SAE-Reject-unsuitable-groups-based-on-REVmd-changes.patch deleted file mode 100644 index e1e743f52d..0000000000 --- a/package/network/services/hostapd/patches/066-0000-SAE-Reject-unsuitable-groups-based-on-REVmd-changes.patch +++ /dev/null @@ -1,54 +0,0 @@ -From db54db11aec763b6fc74715c36e0f9de0d65e206 Mon Sep 17 00:00:00 2001 -From: Jouni Malinen <jouni@codeaurora.org> -Date: Mon, 8 Apr 2019 18:01:07 +0300 -Subject: SAE: Reject unsuitable groups based on REVmd changes - -The rules defining which DH groups are suitable for SAE use were -accepted into IEEE 802.11 REVmd based on this document: -https://mentor.ieee.org/802.11/dcn/19/11-19-0387-02-000m-addressing-some-sae-comments.docx - -Enforce those rules in production builds of wpa_supplicant and hostapd. -CONFIG_TESTING_OPTIONS=y builds can still be used to select any o the -implemented groups to maintain testing coverage. - -Signed-off-by: Jouni Malinen <jouni@codeaurora.org> ---- - src/common/sae.c | 23 +++++++++++++++++++++++ - 1 file changed, 23 insertions(+) - ---- a/src/common/sae.c -+++ b/src/common/sae.c -@@ -18,10 +18,33 @@ - #include "sae.h" - - -+static int sae_suitable_group(int group) -+{ -+#ifdef CONFIG_TESTING_OPTIONS -+ /* Allow all groups for testing purposes in non-production builds. */ -+ return 1; -+#else /* CONFIG_TESTING_OPTIONS */ -+ /* Enforce REVmd rules on which SAE groups are suitable for production -+ * purposes: FFC groups whose prime is >= 3072 bits and ECC groups -+ * defined over a prime field whose prime is >= 256 bits. Furthermore, -+ * ECC groups defined over a characteristic 2 finite field and ECC -+ * groups with a co-factor greater than 1 are not suitable. */ -+ return group == 19 || group == 20 || group == 21 || -+ group == 28 || group == 29 || group == 30 || -+ group == 15 || group == 16 || group == 17 || group == 18; -+#endif /* CONFIG_TESTING_OPTIONS */ -+} -+ -+ - int sae_set_group(struct sae_data *sae, int group) - { - struct sae_temporary_data *tmp; - -+ if (!sae_suitable_group(group)) { -+ wpa_printf(MSG_DEBUG, "SAE: Reject unsuitable group %d", group); -+ return -1; -+ } -+ - sae_clear_data(sae); - tmp = sae->tmp = os_zalloc(sizeof(*tmp)); - if (tmp == NULL) |