diff options
| author | Hauke Mehrtens <hauke@hauke-m.de> | 2019-09-08 23:53:18 +0200 |
|---|---|---|
| committer | Hauke Mehrtens <hauke@hauke-m.de> | 2019-09-21 21:16:07 +0200 |
| commit | e289a4133cdd424876aae8a8a9947bee6d1b5230 (patch) | |
| tree | 68ea2af26049d7d491108ac5a08b6906f686ec15 /package/network/services/hostapd/patches/066-0006-dragonfly-Disable-use-of-groups-using-Brainpool-curv.patch | |
| parent | a63edb469128aeee7d5fbc93709a25716e982e28 (diff) | |
| download | upstream-e289a4133cdd424876aae8a8a9947bee6d1b5230.tar.gz upstream-e289a4133cdd424876aae8a8a9947bee6d1b5230.tar.bz2 upstream-e289a4133cdd424876aae8a8a9947bee6d1b5230.zip | |
hostapd: SAE/EAP-pwd side-channel attack update
Fixes this security problem:
* SAE/EAP-pwd side-channel attack update
https://w1.fi/security/2019-6/sae-eap-pwd-side-channel-attack-update.txt
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 7bed9bf10fc8d05df34c7efc66e8b4ade37a1a0c)
Diffstat (limited to 'package/network/services/hostapd/patches/066-0006-dragonfly-Disable-use-of-groups-using-Brainpool-curv.patch')
| -rw-r--r-- | package/network/services/hostapd/patches/066-0006-dragonfly-Disable-use-of-groups-using-Brainpool-curv.patch | 44 |
1 files changed, 44 insertions, 0 deletions
diff --git a/package/network/services/hostapd/patches/066-0006-dragonfly-Disable-use-of-groups-using-Brainpool-curv.patch b/package/network/services/hostapd/patches/066-0006-dragonfly-Disable-use-of-groups-using-Brainpool-curv.patch new file mode 100644 index 0000000000..28555bb715 --- /dev/null +++ b/package/network/services/hostapd/patches/066-0006-dragonfly-Disable-use-of-groups-using-Brainpool-curv.patch @@ -0,0 +1,44 @@ +From 558518ed63202e5358116ab7e0afd5e85490f2ef Mon Sep 17 00:00:00 2001 +From: Jouni Malinen <j@w1.fi> +Date: Sat, 27 Jul 2019 23:19:17 +0300 +Subject: [PATCH 6/6] dragonfly: Disable use of groups using Brainpool curves + +Disable groups that use Brainpool curves for now since they leak more +timing information due to the prime not being close to a power of two. +This removes use of groups 28, 29, and 30 from SAE and EAP-pwd. + +Signed-off-by: Jouni Malinen <j@w1.fi> +(cherry picked from commit 876c5eaa6dae1a87a17603fc489a44c29eedc2e3) +--- + src/common/sae.c | 6 ++++-- + src/eap_common/eap_pwd_common.c | 3 +-- + 2 files changed, 5 insertions(+), 4 deletions(-) + +--- a/src/common/sae.c ++++ b/src/common/sae.c +@@ -28,9 +28,11 @@ static int sae_suitable_group(int group) + * purposes: FFC groups whose prime is >= 3072 bits and ECC groups + * defined over a prime field whose prime is >= 256 bits. Furthermore, + * ECC groups defined over a characteristic 2 finite field and ECC +- * groups with a co-factor greater than 1 are not suitable. */ ++ * groups with a co-factor greater than 1 are not suitable. Disable ++ * groups that use Brainpool curves as well for now since they leak more ++ * timing information due to the prime not being close to a power of ++ * two. */ + return group == 19 || group == 20 || group == 21 || +- group == 28 || group == 29 || group == 30 || + group == 15 || group == 16 || group == 17 || group == 18; + #endif /* CONFIG_TESTING_OPTIONS */ + } +--- a/src/eap_common/eap_pwd_common.c ++++ b/src/eap_common/eap_pwd_common.c +@@ -89,8 +89,7 @@ static int eap_pwd_suitable_group(u16 nu + { + /* Do not allow ECC groups with prime under 256 bits based on guidance + * for the similar design in SAE. */ +- return num == 19 || num == 20 || num == 21 || +- num == 28 || num == 29 || num == 30; ++ return num == 19 || num == 20 || num == 21; + } + + |