diff --git a/hostapd/Makefile b/hostapd/Makefile index f87e38a98..ab637c159 100644 --- a/hostapd/Makefile +++ b/hostapd/Makefile @@ -308,6 +308,7 @@ CFLAGS += -DEAP_SERVER_IKEV2 OBJS += ../src/eap_server/eap_ikev2.o ../src/eap_server/ikev2.o OBJS += ../src/eap_common/eap_ikev2_common.o ../src/eap_common/ikev2_common.o NEED_DH_GROUPS=y +NEED_DH_GROUPS_ALL=y endif ifdef CONFIG_EAP_TNC @@ -517,6 +518,9 @@ endif ifdef NEED_DH_GROUPS OBJS += ../src/crypto/dh_groups.o +ifdef NEED_DH_GROUPS_ALL +CFLAGS += -DALL_DH_GROUPS +endif endif ifdef NEED_T_PRF diff --git a/src/crypto/dh_groups.c b/src/crypto/dh_groups.c index e3516324e..5f6008a6e 100644 --- a/src/crypto/dh_groups.c +++ b/src/crypto/dh_groups.c @@ -19,6 +19,8 @@ #include "dh_groups.h" +#ifdef ALL_DH_GROUPS + /* RFC 4306, B.1. Group 1 - 768 Bit MODP * Generator: 2 * Prime: 2^768 - 2 ^704 - 1 + 2^64 * { [2^638 pi] + 149686 } @@ -63,6 +65,8 @@ static const u8 dh_group2_prime[128] = { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF }; +#endif /* ALL_DH_GROUPS */ + /* RFC 3526, 2. Group 5 - 1536 Bit MODP * Generator: 2 * Prime: 2^1536 - 2^1472 - 1 + 2^64 * { [2^1406 pi] + 741804 } @@ -95,6 +99,8 @@ static const u8 dh_group5_prime[192] = { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF }; +#ifdef ALL_DH_GROUPS + /* RFC 3526, 3. Group 14 - 2048 Bit MODP * Generator: 2 * Prime: 2^2048 - 2^1984 - 1 + 2^64 * { [2^1918 pi] + 124476 } @@ -503,6 +509,8 @@ static const u8 dh_group18_prime[1024] = { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF }; +#endif /* ALL_DH_GROUPS */ + #define DH_GROUP(id) \ { id, dh_group ## id ## _generator, sizeof(dh_group ## id ## _generator), \ @@ -510,14 +518,16 @@ dh_group ## id ## _prime, sizeof(dh_group ## id ## _prime) } static struct dh_group dh_groups[] = { + DH_GROUP(5), +#ifdef ALL_DH_GROUPS DH_GROUP(1), DH_GROUP(2), - DH_GROUP(5), DH_GROUP(14), DH_GROUP(15), DH_GROUP(16), DH_GROUP(17), DH_GROUP(18) +#endif /* ALL_DH_GROUPS */ }; #define NUM_DH_GROUPS (sizeof(dh_groups) / sizeof(dh_groups[0])) diff --git a/wpa_supplicant/Makefile b/wpa_supplicant/Makefile index c01c71afa..128a9d295 100644 --- a/wpa_supplicant/Makefile +++ b/wpa_supplicant/Makefile @@ -469,6 +469,7 @@ OBJS_h += ../src/eap_server/ikev2.o endif CONFIG_IEEE8021X_EAPOL=y NEED_DH_GROUPS=y +NEED_DH_GROUPS_ALL=y endif ifdef CONFIG_EAP_VENDOR_TEST @@ -998,6 +999,9 @@ endif ifdef NEED_DH_GROUPS OBJS += ../src/crypto/dh_groups.o +ifdef NEED_DH_GROUPS_ALL +CFLAGS += -DALL_DH_GROUPS +endif endif ifdef NEED_T_PRF