diff options
Diffstat (limited to 'package/network/services/hostapd/patches/066-0000-EAP-pwd-Disallow-ECC-groups-with-a-prime-under-256-b.patch')
| -rw-r--r-- | package/network/services/hostapd/patches/066-0000-EAP-pwd-Disallow-ECC-groups-with-a-prime-under-256-b.patch | 40 |
1 files changed, 40 insertions, 0 deletions
diff --git a/package/network/services/hostapd/patches/066-0000-EAP-pwd-Disallow-ECC-groups-with-a-prime-under-256-b.patch b/package/network/services/hostapd/patches/066-0000-EAP-pwd-Disallow-ECC-groups-with-a-prime-under-256-b.patch new file mode 100644 index 0000000000..2d40516c7c --- /dev/null +++ b/package/network/services/hostapd/patches/066-0000-EAP-pwd-Disallow-ECC-groups-with-a-prime-under-256-b.patch @@ -0,0 +1,40 @@ +From 92e1b96c26a84e503847bdd22ebadf697c4031ad Mon Sep 17 00:00:00 2001 +From: Jouni Malinen <j@w1.fi> +Date: Sat, 13 Apr 2019 17:20:57 +0300 +Subject: EAP-pwd: Disallow ECC groups with a prime under 256 bits + +Based on the SAE implementation guidance update to not allow ECC groups +with a prime that is under 256 bits, reject groups 25, 26, and 27 in +EAP-pwd. + +Signed-off-by: Jouni Malinen <j@w1.fi> +--- + src/eap_common/eap_pwd_common.c | 13 +++++++++++++ + 1 file changed, 13 insertions(+) + +--- a/src/eap_common/eap_pwd_common.c ++++ b/src/eap_common/eap_pwd_common.c +@@ -85,10 +85,23 @@ static int eap_pwd_kdf(const u8 *key, si + } + + ++static int eap_pwd_suitable_group(u16 num) ++{ ++ /* Do not allow ECC groups with prime under 256 bits based on guidance ++ * for the similar design in SAE. */ ++ return num == 19 || num == 20 || num == 21 || ++ num == 28 || num == 29 || num == 30; ++} ++ ++ + EAP_PWD_group * get_eap_pwd_group(u16 num) + { + EAP_PWD_group *grp; + ++ if (!eap_pwd_suitable_group(num)) { ++ wpa_printf(MSG_INFO, "EAP-pwd: unsuitable group %u", num); ++ return NULL; ++ } + grp = os_zalloc(sizeof(EAP_PWD_group)); + if (!grp) + return NULL; |