packages/wpa_supplicant
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
wpa_supplicant/CVE-2019-13377-2-pre1.patch
19909236985 355b8d91b2 fix CVE-2019-13377
2020-12-28 10:18:02 +08:00

44 lines
1.3 KiB
Diff
Raw Blame History

From 92e1b96c26a84e503847bdd22ebadf697c4031ad Mon Sep 17 00:00:00 2001
From: Jouni Malinen <j@w1.fi>
Date: Sat, 13 Apr 2019 17:20:57 +0300
Subject: EAP-pwd: Disallow ECC groups with a prime under 256 bits
Based on the SAE implementation guidance update to not allow ECC groups
with a prime that is under 256 bits, reject groups 25, 26, and 27 in
EAP-pwd.
Signed-off-by: Jouni Malinen <j@w1.fi>
---
diff --git a/src/eap_common/eap_pwd_common.c b/src/eap_common/eap_pwd_common.c
index a2dd386..ccd3627 100644
--- a/src/eap_common/eap_pwd_common.c
+++ b/src/eap_common/eap_pwd_common.c
@@ -84,11 +84,23 @@ static int eap_pwd_kdf(const u8 *key, size_t keylen, const u8 *label,
return 0;
}
+static int eap_pwd_suitable_group(u16 num)
+{
+ /* Do not allow ECC groups with prime under 256 bits based on guidance
+ * for the similar design in SAE. */
+ return num == 19 || num == 20 || num == 21 ||
+ num == 28 || num == 29 || num == 30;
+}
EAP_PWD_group * get_eap_pwd_group(u16 num)
{
EAP_PWD_group *grp;
grp = os_zalloc(sizeof(EAP_PWD_group));
+ if (!eap_pwd_suitable_group(num)) {
+ wpa_printf(MSG_INFO, "EAP-pwd: unsuitable group %u", num);
+ return NULL;
+ }
+
if (!grp)
return NULL;
grp->group = crypto_ec_init(num);
--
2.23.0
Reference in New Issue View Git Blame Copy Permalink