From ea9ff2dcaf6e1d225bcd11c0ed092652707f5f64 Mon Sep 17 00:00:00 2001
From: James Prestwood <prestwoj@gmail.com>
Date: Wed, 28 May 2025 12:27:59 -0700
Subject: [PATCH] sae: prevent groups 21, 25, and 26 from being used

These groups are not working reliably and until that is fixed they
should be disabled.
---
 src/sae.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/src/sae.c b/src/sae.c
index 87e64041..9ffdf648 100644
--- a/src/sae.c
+++ b/src/sae.c
@@ -169,6 +169,14 @@ static int sae_choose_next_group(struct sae_sm *sm)
 				!sm->handshake->ecc_sae_pts[sm->group_retry])
 			continue;
 
+		/*
+		 * TODO: Groups for P192, P224 and P521 are currently
+		 * non-functional with SAE. Until this is fixed we need to
+		 * avoid these groups from being used.
+		 */
+		if (group == 21 || group == 25 || group == 26)
+			continue;
+
 		break;
 	}