diff options
Diffstat (limited to 'package/network/services/hostapd/patches/066-0000-SAE-Reject-unsuitable-groups-based-on-REVmd-changes.patch')
| -rw-r--r-- | package/network/services/hostapd/patches/066-0000-SAE-Reject-unsuitable-groups-based-on-REVmd-changes.patch | 54 |
1 files changed, 0 insertions, 54 deletions
diff --git a/package/network/services/hostapd/patches/066-0000-SAE-Reject-unsuitable-groups-based-on-REVmd-changes.patch b/package/network/services/hostapd/patches/066-0000-SAE-Reject-unsuitable-groups-based-on-REVmd-changes.patch deleted file mode 100644 index e1e743f52d..0000000000 --- a/package/network/services/hostapd/patches/066-0000-SAE-Reject-unsuitable-groups-based-on-REVmd-changes.patch +++ /dev/null @@ -1,54 +0,0 @@ -From db54db11aec763b6fc74715c36e0f9de0d65e206 Mon Sep 17 00:00:00 2001 -From: Jouni Malinen <jouni@codeaurora.org> -Date: Mon, 8 Apr 2019 18:01:07 +0300 -Subject: SAE: Reject unsuitable groups based on REVmd changes - -The rules defining which DH groups are suitable for SAE use were -accepted into IEEE 802.11 REVmd based on this document: -https://mentor.ieee.org/802.11/dcn/19/11-19-0387-02-000m-addressing-some-sae-comments.docx - -Enforce those rules in production builds of wpa_supplicant and hostapd. -CONFIG_TESTING_OPTIONS=y builds can still be used to select any o the -implemented groups to maintain testing coverage. - -Signed-off-by: Jouni Malinen <jouni@codeaurora.org> ---- - src/common/sae.c | 23 +++++++++++++++++++++++ - 1 file changed, 23 insertions(+) - ---- a/src/common/sae.c -+++ b/src/common/sae.c -@@ -18,10 +18,33 @@ - #include "sae.h" - - -+static int sae_suitable_group(int group) -+{ -+#ifdef CONFIG_TESTING_OPTIONS -+ /* Allow all groups for testing purposes in non-production builds. */ -+ return 1; -+#else /* CONFIG_TESTING_OPTIONS */ -+ /* Enforce REVmd rules on which SAE groups are suitable for production -+ * purposes: FFC groups whose prime is >= 3072 bits and ECC groups -+ * defined over a prime field whose prime is >= 256 bits. Furthermore, -+ * ECC groups defined over a characteristic 2 finite field and ECC -+ * groups with a co-factor greater than 1 are not suitable. */ -+ return group == 19 || group == 20 || group == 21 || -+ group == 28 || group == 29 || group == 30 || -+ group == 15 || group == 16 || group == 17 || group == 18; -+#endif /* CONFIG_TESTING_OPTIONS */ -+} -+ -+ - int sae_set_group(struct sae_data *sae, int group) - { - struct sae_temporary_data *tmp; - -+ if (!sae_suitable_group(group)) { -+ wpa_printf(MSG_DEBUG, "SAE: Reject unsuitable group %d", group); -+ return -1; -+ } -+ - sae_clear_data(sae); - tmp = sae->tmp = os_zalloc(sizeof(*tmp)); - if (tmp == NULL) |