Hello community, here is the log from the commit of package wpa_supplicant.12256 for openSUSE:Leap:15.1:Update checked in at 2020-04-08 18:17:46 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Leap:15.1:Update/wpa_supplicant.12256 (Old) and /work/SRC/openSUSE:Leap:15.1:Update/.wpa_supplicant.12256.new.3248 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "wpa_supplicant.12256" Wed Apr 8 18:17:46 2020 rev:1 rq:791212 version:2.6 Changes: -------- New Changes file: --- /dev/null 2020-04-01 01:12:57.297512941 +0200 +++ /work/SRC/openSUSE:Leap:15.1:Update/.wpa_supplicant.12256.new.3248/wpa_supplicant.changes 2020-04-08 18:17:48.361414179 +0200 @@ -0,0 +1,1968 @@ +------------------------------------------------------------------- +Wed Apr 1 10:12:41 UTC 2020 - Clemens Famulla-Conrad <cfamullacon...@suse.com> + +- Change wpa_supplicant.service to ensure wpa_supplicant gets started before + network. Fix WLAN config on boot with wicked. (bsc#1166933) + +------------------------------------------------------------------- +Fri Feb 28 12:42:14 UTC 2020 - Tomáš Chvátal <tchva...@suse.com> + +- Adjust the service to start after network.target wrt bsc#1165266 + +------------------------------------------------------------------- +Fri Oct 19 10:58:31 UTC 2018 - Karol Babioch <kbabi...@suse.com> + +- Renamed patches: + - wpa-supplicant-log-file-permission.patch -> wpa_supplicant-log-file-permission.patch + - wpa-supplicant-log-file-cloexec.patch -> wpa_supplicant-log-file-cloexec.patch +- wpa_supplicant-log-file-permission.patch: Using O_WRONLY flag +- Enabled timestamps in log files (bsc#1080798) + +------------------------------------------------------------------- +Mon Oct 15 16:20:25 CEST 2018 - r...@suse.de + +- compile eapol_test binary to allow testing via + radius proxy and server + (note: this does not match CONFIG_EAPOL_TEST which sets -Werror + and activates an assert call inside the code of wpa_supplicant) + (bsc#1111873), (fate#326725) +- add patch to fix wrong operator precedence in ieee802_11.c + wpa_supplicant-git-fa67debf4c6ddbc881a212b175faa6d5d0d90c8c.patch +- add patch to avoid redefinition of __bitwise macro + wpa_supplicant-git-f5b74b966c942feb95a8ddbb7d130540b15b796d.patch + +------------------------------------------------------------------- +Fri Oct 12 06:55:06 UTC 2018 - Karol Babioch <kbabi...@suse.com> + +- Added wpa-supplicant-log-file-permission.patch: Fixes the default file + permissions of the debug log file to more sane values, i.e. it is no longer + world-readable (bsc#1098854). +- Added wpa-supplicant-log-file-cloexec.patch: Open the debug log file with + O_CLOEXEC, which will prevent file descriptor leaking to child processes + (bsc#1098854). + +------------------------------------------------------------------- +Wed Sep 26 14:35:04 UTC 2018 - Karol Babioch <kbabi...@suse.com> + +- Added rebased-v2.6-0009-WPA-Ignore-unauthenticated-encrypted-EAPOL-Key-data.patch: + Ignore unauthenticated encrypted EAPOL-Key data (CVE-2018-14526, bsc#1104205). + +------------------------------------------------------------------- +Fri Sep 21 09:53:38 UTC 2018 - Karol Babioch <kbabi...@suse.com> + +- Enabled PWD as EAP method. This allows for password-based authentication, + which is easier to setup than most of the other methods, and is used by the + Eduroam network (bsc#1109209). + +------------------------------------------------------------------- +Fri Jul 20 13:48:52 CEST 2018 - r...@suse.de + +- add two patches from upstream to fix reading private key + passwords from the configuration file (bsc#1099835) + - add patch for git 89971d8b1e328a2f79699c953625d1671fd40384 + wpa_supplicant-bnc-1099835-clear-default_passwd_cb.patch + - add patch for git f665c93e1d28fbab3d9127a8c3985cc32940824f + wpa_supplicant-bnc-1099835-fix-private-key-password.patch + +------------------------------------------------------------------- +Mon Oct 16 13:32:07 UTC 2017 - meiss...@suse.com + +- Fix KRACK attacks (bsc#1056061, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13087, CVE-2017-13088): + - rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch + - rebased-v2.6-0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch + - rebased-v2.6-0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch + - rebased-v2.6-0004-Prevent-installation-of-an-all-zero-TK.patch + - rebased-v2.6-0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch + - rebased-v2.6-0006-TDLS-Reject-TPK-TK-reconfiguration.patch + - rebased-v2.6-0007-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch + - rebased-v2.6-0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch + +------------------------------------------------------------------- +Fri Apr 21 11:02:18 UTC 2017 - o...@botter.cc + +- fix wpa_supplicant-sigusr1-changes-debuglevel.patch to match + eloop_signal_handler type (needed to build eapol_test via config) + +------------------------------------------------------------------- +Fri Dec 23 11:12:05 UTC 2016 - dw...@suse.com + +- Added .service files that accept interfaces as %i arguments so it's possible + to call the daemon with: + "systemctl start wpa_supplicant@$INTERFACE_NAME.service" + (like openvpn for example) + +------------------------------------------------------------------- +Thu Oct 6 15:42:23 UTC 2016 - meiss...@suse.com + +- updated to 2.6 / 2016-10-02 + * fixed WNM Sleep Mode processing when PMF is not enabled + [http://w1.fi/security/2015-6/] (CVE-2015-5310 bsc#952254) + * fixed EAP-pwd last fragment validation + [http://w1.fi/security/2015-7/] (CVE-2015-5315 bsc#953115) + * fixed EAP-pwd unexpected Confirm message processing + [http://w1.fi/security/2015-8/] (CVE-2015-5316 bsc#953115) + * fixed WPS configuration update vulnerability with malformed passphrase + [http://w1.fi/security/2016-1/] (CVE-2016-4476 bsc#978172) + * fixed configuration update vulnerability with malformed parameters set + over the local control interface + [http://w1.fi/security/2016-1/] (CVE-2016-4477 bsc#978175) + * fixed TK configuration to the driver in EAPOL-Key 3/4 retry case + * extended channel switch support for P2P GO + * started to throttle control interface event message bursts to avoid + issues with monitor sockets running out of buffer space + * mesh mode fixes/improvements + - generate proper AID for peer + - enable WMM by default + - add VHT support + - fix PMKID derivation + - improve robustness on various exchanges + - fix peer link counting in reconnect case + - improve mesh joining behavior + - allow DTIM period to be configured + - allow HT to be disabled (disable_ht=1) + - add MESH_PEER_ADD and MESH_PEER_REMOVE commands + - add support for PMKSA caching + - add minimal support for SAE group negotiation + - allow pairwise/group cipher to be configured in the network profile + - use ieee80211w profile parameter to enable/disable PMF and derive + a separate TX IGTK if PMF is enabled instead of using MGTK + incorrectly + - fix AEK and MTK derivation + - remove GTKdata and IGTKdata from Mesh Peering Confirm/Close + - note: these changes are not fully backwards compatible for secure + (RSN) mesh network + * fixed PMKID derivation with SAE + * added support for requesting and fetching arbitrary ANQP-elements + without internal support in wpa_supplicant for the specific element + (anqp[265]=<hexdump> in "BSS <BSSID>" command output) + * P2P + - filter control characters in group client device names to be + consistent with other P2P peer cases + - support VHT 80+80 MHz and 160 MHz + - indicate group completion in P2P Client role after data association + instead of already after the WPS provisioning step + - improve group-join operation to use SSID, if known, to filter BSS + entries + - added optional ssid=<hexdump> argument to P2P_CONNECT for join case + - added P2P_GROUP_MEMBER command to fetch client interface address + * P2PS + - fix follow-on PD Response behavior + - fix PD Response generation for unknown peer + - fix persistent group reporting + - add channel policy to PD Request + - add group SSID to the P2PS-PROV-DONE event + - allow "P2P_CONNECT <addr> p2ps" to be used without specifying the + default PIN + * BoringSSL + - support for OCSP stapling + - support building of h20-osu-client + * D-Bus + - add ExpectDisconnect() + - add global config parameters as properties + - add SaveConfig() + - add VendorElemAdd(), VendorElemGet(), VendorElemRem() + * fixed Suite B 192-bit AKM to use proper PMK length + (note: this makes old releases incompatible with the fixed behavior) + * improved PMF behavior for cases where the AP and STA has different + configuration by not trying to connect in some corner cases where the + connection cannot succeed + * added option to reopen debug log (e.g., to rotate the file) upon + receipt of SIGHUP signal + * EAP-pwd: added support for Brainpool Elliptic Curves + (with OpenSSL 1.0.2 and newer) + * fixed EAPOL reauthentication after FT protocol run + * fixed FTIE generation for 4-way handshake after FT protocol run + * extended INTERFACE_ADD command to allow certain type (sta/ap) + interface to be created + * fixed and improved various FST operations + * added 80+80 MHz and 160 MHz VHT support for IBSS/mesh + * fixed SIGNAL_POLL in IBSS and mesh cases + * added an option to abort an ongoing scan (used to speed up connection + and can also be done with the new ABORT_SCAN command) + * TLS client + - do not verify CA certificates when ca_cert is not specified + - support validating server certificate hash + - support SHA384 and SHA512 hashes + - add signature_algorithms extension into ClientHello + - support TLS v1.2 signature algorithm with SHA384 and SHA512 + - support server certificate probing + - allow specific TLS versions to be disabled with phase2 parameter + - support extKeyUsage + - support PKCS #5 v2.0 PBES2 + - support PKCS #5 with PKCS #12 style key decryption + - minimal support for PKCS #12 + - support OCSP stapling (including ocsp_multi) + * OpenSSL + - support OpenSSL 1.1 API changes + - drop support for OpenSSL 0.9.8 ++++ 1771 more lines (skipped) ++++ between /dev/null ++++ and /work/SRC/openSUSE:Leap:15.1:Update/.wpa_supplicant.12256.new.3248/wpa_supplicant.changes New: ---- config fi.epitest.hostap.WPASupplicant.service fi.w1.wpa_supplicant1.service logrotate.wpa_supplicant rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch rebased-v2.6-0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch rebased-v2.6-0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch rebased-v2.6-0004-Prevent-installation-of-an-all-zero-TK.patch rebased-v2.6-0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch rebased-v2.6-0006-TDLS-Reject-TPK-TK-reconfiguration.patch rebased-v2.6-0007-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch rebased-v2.6-0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch rebased-v2.6-0009-WPA-Ignore-unauthenticated-encrypted-EAPOL-Key-data.patch wpa_supplicant-2.6.tar.gz wpa_supplicant-alloc_size.patch wpa_supplicant-bnc-1099835-clear-default_passwd_cb.patch wpa_supplicant-bnc-1099835-fix-private-key-password.patch wpa_supplicant-dump-certificate-as-PEM-in-debug-mode.diff wpa_supplicant-flush-debug-output.patch wpa_supplicant-getrandom.patch wpa_supplicant-git-f5b74b966c942feb95a8ddbb7d130540b15b796d.patch wpa_supplicant-git-fa67debf4c6ddbc881a212b175faa6d5d0d90c8c.patch wpa_supplicant-log-file-cloexec.patch wpa_supplicant-log-file-permission.patch wpa_supplicant-sigusr1-changes-debuglevel.patch wpa_supplicant.changes wpa_supplicant.conf wpa_supplicant.service wpa_supplicant.spec wpa_supplicant@.service ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ wpa_supplicant.spec ++++++ # # spec file for package wpa_supplicant # # Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via https://bugs.opensuse.org/ # Name: wpa_supplicant Version: 2.6 Release: 0 Summary: WPA supplicant implementation License: BSD-3-Clause AND GPL-2.0-or-later Group: Productivity/Networking/Other Url: http://hostap.epitest.fi/wpa_supplicant/ Source: http://hostap.epitest.fi/releases/wpa_supplicant-%{version}.tar.gz Source1: config Source2: %{name}.conf Source3: fi.epitest.hostap.WPASupplicant.service Source4: logrotate.wpa_supplicant Source5: fi.w1.wpa_supplicant1.service Source6: wpa_supplicant.service Source7: wpa_supplicant@.service # wpa_supplicant-flush-debug-output.patch won't go upstream as it might # change timings Patch1: wpa_supplicant-flush-debug-output.patch # wpa_supplicant-sigusr1-changes-debuglevel.patch won't go upstream as it # is not portable Patch2: wpa_supplicant-sigusr1-changes-debuglevel.patch Patch3: wpa_supplicant-alloc_size.patch Patch4: wpa_supplicant-getrandom.patch Patch5: wpa_supplicant-dump-certificate-as-PEM-in-debug-mode.diff Patch10: rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch Patch11: rebased-v2.6-0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch Patch12: rebased-v2.6-0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch Patch13: rebased-v2.6-0004-Prevent-installation-of-an-all-zero-TK.patch Patch14: rebased-v2.6-0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch Patch15: rebased-v2.6-0006-TDLS-Reject-TPK-TK-reconfiguration.patch Patch16: rebased-v2.6-0007-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch Patch17: rebased-v2.6-0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch Patch18: wpa_supplicant-bnc-1099835-fix-private-key-password.patch Patch19: wpa_supplicant-bnc-1099835-clear-default_passwd_cb.patch Patch20: rebased-v2.6-0009-WPA-Ignore-unauthenticated-encrypted-EAPOL-Key-data.patch Patch21: wpa_supplicant-log-file-permission.patch Patch22: wpa_supplicant-log-file-cloexec.patch Patch23: wpa_supplicant-git-fa67debf4c6ddbc881a212b175faa6d5d0d90c8c.patch Patch24: wpa_supplicant-git-f5b74b966c942feb95a8ddbb7d130540b15b796d.patch BuildRequires: openssl-devel BuildRequires: pkgconfig BuildRequires: readline-devel BuildRequires: systemd-rpm-macros BuildRequires: pkgconfig(Qt5Core) BuildRequires: pkgconfig(Qt5Gui) BuildRequires: pkgconfig(Qt5Widgets) BuildRequires: pkgconfig(dbus-1) BuildRequires: pkgconfig(libnl-3.0) Requires: logrotate BuildRoot: %{_tmppath}/%{name}-%{version}-build %{?systemd_requires} %description wpa_supplicant is an implementation of the WPA Supplicant component, i.e., the part that runs in the client stations. It implements key negotiation with a WPA Authenticator and it controls the roaming and IEEE 802.11 authentication/association of the wlan driver. %package gui Summary: WPA supplicant graphical front-end Group: System/Monitoring Requires: wpa_supplicant %description gui This package contains a graphical front-end to wpa_supplicant, an implementation of the WPA Supplicant component. %prep %setup -q -n wpa_supplicant-%{version} rm -rf wpa_supplicant-%{version}/patches cp %{SOURCE1} wpa_supplicant/.config %patch1 %patch2 -p1 %patch3 -p1 %patch4 -p1 %patch5 -p1 %patch10 -p1 %patch11 -p1 %patch12 -p1 %patch13 -p1 %patch14 -p1 %patch15 -p1 %patch16 -p1 %patch17 -p1 %patch18 -p1 %patch19 -p1 %patch20 -p1 %patch21 -p1 %patch22 -p1 %patch23 -p1 %patch24 -p1 %build cd wpa_supplicant CFLAGS="%{optflags}" make V=1 %{?_smp_mflags} CFLAGS="%{optflags}" make V=1 %{?_smp_mflags} eapol_test cd wpa_gui-qt4 %qmake5 make %{?_smp_mflags} %install install -d %{buildroot}/%{_sbindir} install -m 0755 wpa_supplicant/wpa_cli %{buildroot}%{_sbindir} install -m 0755 wpa_supplicant/wpa_passphrase %{buildroot}%{_sbindir} install -m 0755 wpa_supplicant/wpa_supplicant %{buildroot}%{_sbindir} install -m 0755 wpa_supplicant/eapol_test %{buildroot}%{_sbindir} install -d %{buildroot}%{_sysconfdir}/dbus-1/system.d install -m 0644 wpa_supplicant/dbus/dbus-wpa_supplicant.conf %{buildroot}%{_sysconfdir}/dbus-1/system.d/wpa_supplicant.conf install -d %{buildroot}/%{_sysconfdir}/%{name} install -m 0600 %{SOURCE2} %{buildroot}/%{_sysconfdir}/%{name} install -d %{buildroot}/%{_datadir}/dbus-1/system-services install -m 0644 %{SOURCE3} %{buildroot}/%{_datadir}/dbus-1/system-services install -m 0644 %{SOURCE5} %{buildroot}/%{_datadir}/dbus-1/system-services install -d %{buildroot}/%{_sysconfdir}/logrotate.d/ install -m 644 %{SOURCE4} %{buildroot}/%{_sysconfdir}/logrotate.d/wpa_supplicant install -d %{buildroot}/%{_rundir}/%{name} install -d %{buildroot}%{_mandir}/man{5,8} install -m 0644 wpa_supplicant/doc/docbook/*.8 %{buildroot}%{_mandir}/man8 # wpa_supplicant is built without CONFIG_PRIVSEP rm %{buildroot}%{_mandir}/man8/wpa_priv.* install -m 0644 wpa_supplicant/doc/docbook/*.5 %{buildroot}%{_mandir}/man5 install -m 755 wpa_supplicant/wpa_gui-qt4/wpa_gui %{buildroot}%{_sbindir} install -d %{buildroot}%{_unitdir} install -m 0644 %{SOURCE6} %{buildroot}%{_unitdir} install -m 0644 %{SOURCE7} %{buildroot}%{_unitdir} ln -s service %{buildroot}/%{_sbindir}/rcwpa_supplicant # avoid spurious dependency on /usr/bin/python chmod -x wpa_supplicant/examples/*.py # dbus auto activation boo#966535 ln -s wpa_supplicant.service %{buildroot}%{_unitdir}/dbus-fi.epitest.hostap.WPASupplicant.service ln -s wpa_supplicant.service %{buildroot}%{_unitdir}/dbus-fi.w1.wpa_supplicant1.service %pre %service_add_pre wpa_supplicant.service %post %service_add_post wpa_supplicant.service %preun %service_del_preun wpa_supplicant.service %postun %service_del_postun wpa_supplicant.service %files %defattr(-,root,root) %doc wpa_supplicant/ChangeLog COPYING README wpa_supplicant/todo.txt wpa_supplicant/examples wpa_supplicant/wpa_supplicant.conf %{_sbindir}/eapol_test %{_sbindir}/rcwpa_supplicant %{_sbindir}/wpa_cli %{_sbindir}/wpa_passphrase %{_sbindir}/wpa_supplicant %config %{_sysconfdir}/dbus-1/system.d/%{name}.conf %{_datadir}/dbus-1/system-services %config %{_sysconfdir}/%{name}/%{name}.conf %config(noreplace) %{_sysconfdir}/logrotate.d/wpa_supplicant %dir %{_rundir}/%{name} %ghost %{_rundir}/%{name} %{_unitdir}/wpa_supplicant.service %{_unitdir}/wpa_supplicant@.service %{_unitdir}/dbus-fi.epitest.hostap.WPASupplicant.service %{_unitdir}/dbus-fi.w1.wpa_supplicant1.service %dir %{_sysconfdir}/%{name} %{_mandir}/man8/* %exclude %{_mandir}/man8/wpa_gui.* %{_mandir}/man5/* %files gui %defattr(-,root,root) %{_sbindir}/wpa_gui %{_mandir}/man8/wpa_gui* %changelog ++++++ config ++++++ # Example wpa_supplicant build time configuration # # This file lists the configuration options that are used when building the # hostapd binary. All lines starting with # are ignored. Configuration option # lines must be commented out complete, if they are not to be included, i.e., # just setting VARIABLE=n is not disabling that variable. # # This file is included in Makefile, so variables like CFLAGS and LIBS can also # be modified from here. In most cases, these lines should use += in order not # to override previous values of the variables. # Uncomment following two lines and fix the paths if you have installed OpenSSL # or GnuTLS in non-default location #CFLAGS += -I/usr/local/openssl/include #LIBS += -L/usr/local/openssl/lib # Some Red Hat versions seem to include kerberos header files from OpenSSL, but # the kerberos files are not in the default include path. Following line can be # used to fix build issues on such systems (krb5.h not found). #CFLAGS += -I/usr/include/kerberos # Driver interface for generic Linux wireless extensions # Note: WEXT is deprecated in the current Linux kernel version and no new # functionality is added to it. nl80211-based interface is the new # replacement for WEXT and its use allows wpa_supplicant to properly control # the driver to improve existing functionality like roaming and to support new # functionality. CONFIG_DRIVER_WEXT=y # Driver interface for Linux drivers using the nl80211 kernel interface CONFIG_DRIVER_NL80211=y # driver_nl80211.c requires libnl. If you are compiling it yourself # you may need to point hostapd to your version of libnl. # #CFLAGS += -I$<path to libnl include files> #LIBS += -L$<path to libnl library files> # Use libnl v2.0 (or 3.0) libraries. #CONFIG_LIBNL20=y # Use libnl 3.2 libraries (if this is selected, CONFIG_LIBNL20 is ignored) CONFIG_LIBNL32=y # Driver interface for FreeBSD net80211 layer (e.g., Atheros driver) #CONFIG_DRIVER_BSD=y #CFLAGS += -I/usr/local/include #LIBS += -L/usr/local/lib #LIBS_p += -L/usr/local/lib #LIBS_c += -L/usr/local/lib # Driver interface for Windows NDIS #CONFIG_DRIVER_NDIS=y #CFLAGS += -I/usr/include/w32api/ddk #LIBS += -L/usr/local/lib # For native build using mingw #CONFIG_NATIVE_WINDOWS=y # Additional directories for cross-compilation on Linux host for mingw target #CFLAGS += -I/opt/mingw/mingw32/include/ddk #LIBS += -L/opt/mingw/mingw32/lib #CC=mingw32-gcc # By default, driver_ndis uses WinPcap for low-level operations. This can be # replaced with the following option which replaces WinPcap calls with NDISUIO. # However, this requires that WZC is disabled (net stop wzcsvc) before starting # wpa_supplicant. # CONFIG_USE_NDISUIO=y # Driver interface for wired Ethernet drivers CONFIG_DRIVER_WIRED=y # Driver interface for the Broadcom RoboSwitch family #CONFIG_DRIVER_ROBOSWITCH=y # Driver interface for no driver (e.g., WPS ER only) #CONFIG_DRIVER_NONE=y # Solaris libraries #LIBS += -lsocket -ldlpi -lnsl #LIBS_c += -lsocket # Enable IEEE 802.1X Supplicant (automatically included if any EAP method is # included) CONFIG_IEEE8021X_EAPOL=y # EAP-MD5 CONFIG_EAP_MD5=y # EAP-MSCHAPv2 CONFIG_EAP_MSCHAPV2=y # EAP-TLS CONFIG_EAP_TLS=y # EAL-PEAP CONFIG_EAP_PEAP=y # EAP-TTLS CONFIG_EAP_TTLS=y # EAP-FAST # Note: If OpenSSL is used as the TLS library, OpenSSL 1.0 or newer is needed # for EAP-FAST support. Older OpenSSL releases would need to be patched, e.g., # with openssl-0.9.8x-tls-extensions.patch, to add the needed functions. CONFIG_EAP_FAST=y # EAP-GTC CONFIG_EAP_GTC=y # EAP-OTP CONFIG_EAP_OTP=y # EAP-SIM (enable CONFIG_PCSC, if EAP-SIM is used) #CONFIG_EAP_SIM=y # EAP-PSK (experimental; this is _not_ needed for WPA-PSK) #CONFIG_EAP_PSK=y # EAP-pwd (secure authentication using only a password) CONFIG_EAP_PWD=y # EAP-PAX CONFIG_EAP_PAX=y # LEAP CONFIG_EAP_LEAP=y # EAP-AKA (enable CONFIG_PCSC, if EAP-AKA is used) CONFIG_EAP_AKA=y # EAP-AKA' (enable CONFIG_PCSC, if EAP-AKA' is used). # This requires CONFIG_EAP_AKA to be enabled, too. CONFIG_EAP_AKA_PRIME=y # Enable USIM simulator (Milenage) for EAP-AKA #CONFIG_USIM_SIMULATOR=y # EAP-SAKE CONFIG_EAP_SAKE=y # EAP-GPSK CONFIG_EAP_GPSK=y # Include support for optional SHA256 cipher suite in EAP-GPSK CONFIG_EAP_GPSK_SHA256=y # EAP-TNC and related Trusted Network Connect support (experimental) CONFIG_EAP_TNC=y # Wi-Fi Protected Setup (WPS) CONFIG_WPS=y # Enable WPS external registrar functionality CONFIG_WPS_ER=y # Disable credentials for an open network by default when acting as a WPS # registrar. #CONFIG_WPS_REG_DISABLE_OPEN=y # Enable WPS support with NFC config method CONFIG_WPS_NFC=y # EAP-IKEv2 CONFIG_EAP_IKEV2=y # EAP-EKE #CONFIG_EAP_EKE=y # PKCS#12 (PFX) support (used to read private key and certificate file from # a file that usually has extension .p12 or .pfx) CONFIG_PKCS12=y # Smartcard support (i.e., private key on a smartcard), e.g., with openssl # engine. CONFIG_SMARTCARD=y # PC/SC interface for smartcards (USIM, GSM SIM) # Enable this if EAP-SIM or EAP-AKA is included #CONFIG_PCSC=y # Support HT overrides (disable HT/HT40, mask MCS rates, etc.) #CONFIG_HT_OVERRIDES=y # Support VHT overrides (disable VHT, mask MCS rates, etc.) #CONFIG_VHT_OVERRIDES=y # Development testing #CONFIG_EAPOL_TEST=y # Select control interface backend for external programs, e.g, wpa_cli: # unix = UNIX domain sockets (default for Linux/*BSD) # udp = UDP sockets using localhost (127.0.0.1) # udp6 = UDP IPv6 sockets using localhost (::1) # named_pipe = Windows Named Pipe (default for Windows) # udp-remote = UDP sockets with remote access (only for tests systems/purpose) # udp6-remote = UDP IPv6 sockets with remote access (only for tests purpose) # y = use default (backwards compatibility) # If this option is commented out, control interface is not included in the # build. CONFIG_CTRL_IFACE=y # Include support for GNU Readline and History Libraries in wpa_cli. # When building a wpa_cli binary for distribution, please note that these # libraries are licensed under GPL and as such, BSD license may not apply for # the resulting binary. #CONFIG_READLINE=y # Include internal line edit mode in wpa_cli. This can be used as a replacement # for GNU Readline to provide limited command line editing and history support. #CONFIG_WPA_CLI_EDIT=y # Remove debugging code that is printing out debug message to stdout. # This can be used to reduce the size of the wpa_supplicant considerably # if debugging code is not needed. The size reduction can be around 35% # (e.g., 90 kB). #CONFIG_NO_STDOUT_DEBUG=y # Remove WPA support, e.g., for wired-only IEEE 802.1X supplicant, to save # 35-50 kB in code size. #CONFIG_NO_WPA=y # Remove IEEE 802.11i/WPA-Personal ASCII passphrase support # This option can be used to reduce code size by removing support for # converting ASCII passphrases into PSK. If this functionality is removed, the # PSK can only be configured as the 64-octet hexstring (e.g., from # wpa_passphrase). This saves about 0.5 kB in code size. #CONFIG_NO_WPA_PASSPHRASE=y # Disable scan result processing (ap_mode=1) to save code size by about 1 kB. # This can be used if ap_scan=1 mode is never enabled. #CONFIG_NO_SCAN_PROCESSING=y # Select configuration backend: # file = text file (e.g., wpa_supplicant.conf; note: the configuration file # path is given on command line, not here; this option is just used to # select the backend that allows configuration files to be used) # winreg = Windows registry (see win_example.reg for an example) CONFIG_BACKEND=file # Remove configuration write functionality (i.e., to allow the configuration # file to be updated based on runtime configuration changes). The runtime # configuration can still be changed, the changes are just not going to be # persistent over restarts. This option can be used to reduce code size by # about 3.5 kB. #CONFIG_NO_CONFIG_WRITE=y # Remove support for configuration blobs to reduce code size by about 1.5 kB. #CONFIG_NO_CONFIG_BLOBS=y # Select program entry point implementation: # main = UNIX/POSIX like main() function (default) # main_winsvc = Windows service (read parameters from registry) # main_none = Very basic example (development use only) #CONFIG_MAIN=main # Select wrapper for operating system and C library specific functions # unix = UNIX/POSIX like systems (default) # win32 = Windows systems # none = Empty template #CONFIG_OS=unix # Select event loop implementation # eloop = select() loop (default) # eloop_win = Windows events and WaitForMultipleObject() loop #CONFIG_ELOOP=eloop # Should we use poll instead of select? Select is used by default. #CONFIG_ELOOP_POLL=y # Should we use epoll instead of select? Select is used by default. #CONFIG_ELOOP_EPOLL=y # Select layer 2 packet implementation # linux = Linux packet socket (default) # pcap = libpcap/libdnet/WinPcap # freebsd = FreeBSD libpcap # winpcap = WinPcap with receive thread # ndis = Windows NDISUIO (note: requires CONFIG_USE_NDISUIO=y) # none = Empty template #CONFIG_L2_PACKET=linux # PeerKey handshake for Station to Station Link (IEEE 802.11e DLS) CONFIG_PEERKEY=y # IEEE 802.11w (management frame protection), also known as PMF # Driver support is also needed for IEEE 802.11w. CONFIG_IEEE80211W=y # Select TLS implementation # openssl = OpenSSL (default) # gnutls = GnuTLS # internal = Internal TLSv1 implementation (experimental) # none = Empty template #CONFIG_TLS=openssl # TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.1) # can be enabled to get a stronger construction of messages when block ciphers # are used. It should be noted that some existing TLS v1.0 -based # implementation may not be compatible with TLS v1.1 message (ClientHello is # sent prior to negotiating which version will be used) #CONFIG_TLSV11=y # TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.2) # can be enabled to enable use of stronger crypto algorithms. It should be # noted that some existing TLS v1.0 -based implementation may not be compatible # with TLS v1.2 message (ClientHello is sent prior to negotiating which version # will be used) #CONFIG_TLSV12=y # If CONFIG_TLS=internal is used, additional library and include paths are # needed for LibTomMath. Alternatively, an integrated, minimal version of # LibTomMath can be used. See beginning of libtommath.c for details on benefits # and drawbacks of this option. #CONFIG_INTERNAL_LIBTOMMATH=y #ifndef CONFIG_INTERNAL_LIBTOMMATH #LTM_PATH=/usr/src/libtommath-0.39 #CFLAGS += -I$(LTM_PATH) #LIBS += -L$(LTM_PATH) #LIBS_p += -L$(LTM_PATH) #endif # At the cost of about 4 kB of additional binary size, the internal LibTomMath # can be configured to include faster routines for exptmod, sqr, and div to # speed up DH and RSA calculation considerably #CONFIG_INTERNAL_LIBTOMMATH_FAST=y # Include NDIS event processing through WMI into wpa_supplicant/wpasvc. # This is only for Windows builds and requires WMI-related header files and # WbemUuid.Lib from Platform SDK even when building with MinGW. #CONFIG_NDIS_EVENTS_INTEGRATED=y #PLATFORMSDKLIB="/opt/Program Files/Microsoft Platform SDK/Lib" # Add support for old DBus control interface # (fi.epitest.hostap.WPASupplicant) CONFIG_CTRL_IFACE_DBUS=y # Add support for new DBus control interface # (fi.w1.hostap.wpa_supplicant1) CONFIG_CTRL_IFACE_DBUS_NEW=y # Add introspection support for new DBus control interface CONFIG_CTRL_IFACE_DBUS_INTRO=y # Add support for loading EAP methods dynamically as shared libraries. # When this option is enabled, each EAP method can be either included # statically (CONFIG_EAP_<method>=y) or dynamically (CONFIG_EAP_<method>=dyn). # Dynamic EAP methods are build as shared objects (eap_*.so) and they need to # be loaded in the beginning of the wpa_supplicant configuration file # (see load_dynamic_eap parameter in the example file) before being used in # the network blocks. # # Note that some shared parts of EAP methods are included in the main program # and in order to be able to use dynamic EAP methods using these parts, the # main program must have been build with the EAP method enabled (=y or =dyn). # This means that EAP-TLS/PEAP/TTLS/FAST cannot be added as dynamic libraries # unless at least one of them was included in the main build to force inclusion # of the shared code. Similarly, at least one of EAP-SIM/AKA must be included # in the main build to be able to load these methods dynamically. # # Please also note that using dynamic libraries will increase the total binary # size. Thus, it may not be the best option for targets that have limited # amount of memory/flash. #CONFIG_DYNAMIC_EAP_METHODS=y # IEEE Std 802.11r-2008 (Fast BSS Transition) #CONFIG_IEEE80211R=y # Add support for writing debug log to a file (/tmp/wpa_supplicant-log-#.txt) CONFIG_DEBUG_FILE=y # Send debug messages to syslog instead of stdout #CONFIG_DEBUG_SYSLOG=y # Set syslog facility for debug messages #CONFIG_DEBUG_SYSLOG_FACILITY=LOG_DAEMON # Add support for sending all debug messages (regardless of debug verbosity) # to the Linux kernel tracing facility. This helps debug the entire stack by # making it easy to record everything happening from the driver up into the # same file, e.g., using trace-cmd. #CONFIG_DEBUG_LINUX_TRACING=y # Add support for writing debug log to Android logcat instead of standard # output #CONFIG_ANDROID_LOG=y # Enable privilege separation (see README 'Privilege separation' for details) #CONFIG_PRIVSEP=y # Enable mitigation against certain attacks against TKIP by delaying Michael # MIC error reports by a random amount of time between 0 and 60 seconds #CONFIG_DELAYED_MIC_ERROR_REPORT=y # Enable tracing code for developer debugging # This tracks use of memory allocations and other registrations and reports # incorrect use with a backtrace of call (or allocation) location. #CONFIG_WPA_TRACE=y # For BSD, uncomment these. #LIBS += -lexecinfo #LIBS_p += -lexecinfo #LIBS_c += -lexecinfo # Use libbfd to get more details for developer debugging # This enables use of libbfd to get more detailed symbols for the backtraces # generated by CONFIG_WPA_TRACE=y. #CONFIG_WPA_TRACE_BFD=y # For BSD, uncomment these. #LIBS += -lbfd -liberty -lz #LIBS_p += -lbfd -liberty -lz #LIBS_c += -lbfd -liberty -lz # wpa_supplicant depends on strong random number generation being available # from the operating system. os_get_random() function is used to fetch random # data when needed, e.g., for key generation. On Linux and BSD systems, this # works by reading /dev/urandom. It should be noted that the OS entropy pool # needs to be properly initialized before wpa_supplicant is started. This is # important especially on embedded devices that do not have a hardware random # number generator and may by default start up with minimal entropy available # for random number generation. # # As a safety net, wpa_supplicant is by default trying to internally collect # additional entropy for generating random data to mix in with the data fetched # from the OS. This by itself is not considered to be very strong, but it may # help in cases where the system pool is not initialized properly. However, it # is very strongly recommended that the system pool is initialized with enough # entropy either by using hardware assisted random number generator or by # storing state over device reboots. # # wpa_supplicant can be configured to maintain its own entropy store over # restarts to enhance random number generation. This is not perfect, but it is # much more secure than using the same sequence of random numbers after every # reboot. This can be enabled with -e<entropy file> command line option. The # specified file needs to be readable and writable by wpa_supplicant. # # If the os_get_random() is known to provide strong random data (e.g., on # Linux/BSD, the board in question is known to have reliable source of random # data from /dev/urandom), the internal wpa_supplicant random pool can be # disabled. This will save some in binary size and CPU use. However, this # should only be considered for builds that are known to be used on devices # that meet the requirements described above. CONFIG_NO_RANDOM_POOL=y # IEEE 802.11n (High Throughput) support (mainly for AP mode) CONFIG_IEEE80211N=y # IEEE 802.11ac (Very High Throughput) support (mainly for AP mode) # (depends on CONFIG_IEEE80211N) CONFIG_IEEE80211AC=y # Wireless Network Management (IEEE Std 802.11v-2011) # Note: This is experimental and not complete implementation. #CONFIG_WNM=y # Interworking (IEEE 802.11u) # This can be used to enable functionality to improve interworking with # external networks (GAS/ANQP to learn more about the networks and network # selection based on available credentials). #CONFIG_INTERWORKING=y # Hotspot 2.0 #CONFIG_HS20=y # Disable roaming in wpa_supplicant #CONFIG_NO_ROAMING=y # AP mode operations with wpa_supplicant # This can be used for controlling AP mode operations with wpa_supplicant. It # should be noted that this is mainly aimed at simple cases like # WPA2-Personal while more complex configurations like WPA2-Enterprise with an # external RADIUS server can be supported with hostapd. CONFIG_AP=y # P2P (Wi-Fi Direct) # This can be used to enable P2P support in wpa_supplicant. See README-P2P for # more information on P2P operations. CONFIG_P2P=y # Enable TDLS support CONFIG_TDLS=y # Wi-Fi Direct # This can be used to enable Wi-Fi Direct extensions for P2P using an external # program to control the additional information exchanges in the messages. CONFIG_WIFI_DISPLAY=y # Autoscan # This can be used to enable automatic scan support in wpa_supplicant. # See wpa_supplicant.conf for more information on autoscan usage. # # Enabling directly a module will enable autoscan support. # For exponential module: #CONFIG_AUTOSCAN_EXPONENTIAL=y # For periodic module: #CONFIG_AUTOSCAN_PERIODIC=y # Password (and passphrase, etc.) backend for external storage # These optional mechanisms can be used to add support for storing passwords # and other secrets in external (to wpa_supplicant) location. This allows, for # example, operating system specific key storage to be used # # External password backend for testing purposes (developer use) #CONFIG_EXT_PASSWORD_TEST=y # Enable background scan to improve roaming CONFIG_BGSCAN_SIMPLE=y # Enable RSN IBSS/AdHoc CONFIG_IBSS_RSN=y ++++++ fi.epitest.hostap.WPASupplicant.service ++++++ [D-BUS Service] Name=fi.epitest.hostap.WPASupplicant Exec=/usr/sbin/wpa_supplicant -c /etc/wpa_supplicant/wpa_supplicant.conf -u -t -f /var/log/wpa_supplicant.log User=root SystemdService=wpa_supplicant.service ++++++ fi.w1.wpa_supplicant1.service ++++++ [D-BUS Service] Name=fi.w1.wpa_supplicant1 Exec=/usr/sbin/wpa_supplicant -c /etc/wpa_supplicant/wpa_supplicant.conf -u -t -f /var/log/wpa_supplicant.log User=root SystemdService=wpa_supplicant.service ++++++ logrotate.wpa_supplicant ++++++ /var/log/wpa_supplicant.log { compress dateext maxage 365 rotate 99 missingok notifempty size +4096k copytruncate } ++++++ rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch ++++++ >From cf4cab804c7afd5c45505528a8d16e46163243a2 Mon Sep 17 00:00:00 2001 From: Mathy Vanhoef <mathy.vanh...@cs.kuleuven.be> Date: Fri, 14 Jul 2017 15:15:35 +0200 Subject: [PATCH 1/8] hostapd: Avoid key reinstallation in FT handshake Do not reinstall TK to the driver during Reassociation Response frame processing if the first attempt of setting the TK succeeded. This avoids issues related to clearing the TX/RX PN that could result in reusing same PN values for transmitted frames (e.g., due to CCM nonce reuse and also hitting replay protection on the receiver) and accepting replayed frames on RX side. This issue was introduced by the commit 0e84c25434e6a1f283c7b4e62e483729085b78d2 ('FT: Fix PTK configuration in authenticator') which allowed wpa_ft_install_ptk() to be called multiple times with the same PTK. While the second configuration attempt is needed with some drivers, it must be done only if the first attempt failed. Signed-off-by: Mathy Vanhoef <mathy.vanh...@cs.kuleuven.be> --- src/ap/ieee802_11.c | 16 +++++++++++++--- src/ap/wpa_auth.c | 11 +++++++++++ src/ap/wpa_auth.h | 3 ++- src/ap/wpa_auth_ft.c | 10 ++++++++++ src/ap/wpa_auth_i.h | 1 + 5 files changed, 37 insertions(+), 4 deletions(-) diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c index 4e04169..333035f 100644 --- a/src/ap/ieee802_11.c +++ b/src/ap/ieee802_11.c @@ -1841,6 +1841,7 @@ static int add_associated_sta(struct hostapd_data *hapd, { struct ieee80211_ht_capabilities ht_cap; struct ieee80211_vht_capabilities vht_cap; + int set = 1; /* * Remove the STA entry to ensure the STA PS state gets cleared and @@ -1848,9 +1849,18 @@ static int add_associated_sta(struct hostapd_data *hapd, * FT-over-the-DS, where a station re-associates back to the same AP but * skips the authentication flow, or if working with a driver that * does not support full AP client state. + * + * Skip this if the STA has already completed FT reassociation and the + * TK has been configured since the TX/RX PN must not be reset to 0 for + * the same key. */ - if (!sta->added_unassoc) + if (!sta->added_unassoc && + (!(sta->flags & WLAN_STA_AUTHORIZED) || + !wpa_auth_sta_ft_tk_already_set(sta->wpa_sm))) { hostapd_drv_sta_remove(hapd, sta->addr); + wpa_auth_sm_event(sta->wpa_sm, WPA_DRV_STA_REMOVED); + set = 0; + } #ifdef CONFIG_IEEE80211N if (sta->flags & WLAN_STA_HT) @@ -1873,11 +1883,11 @@ static int add_associated_sta(struct hostapd_data *hapd, sta->flags & WLAN_STA_VHT ? &vht_cap : NULL, sta->flags | WLAN_STA_ASSOC, sta->qosinfo, sta->vht_opmode, sta->p2p_ie ? 1 : 0, - sta->added_unassoc)) { + set)) { hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, HOSTAPD_LEVEL_NOTICE, "Could not %s STA to kernel driver", - sta->added_unassoc ? "set" : "add"); + set ? "set" : "add"); if (sta->added_unassoc) { hostapd_drv_sta_remove(hapd, sta->addr); diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c index 3587086..707971d 100644 --- a/src/ap/wpa_auth.c +++ b/src/ap/wpa_auth.c @@ -1745,6 +1745,9 @@ int wpa_auth_sm_event(struct wpa_state_machine *sm, enum wpa_event event) #else /* CONFIG_IEEE80211R */ break; #endif /* CONFIG_IEEE80211R */ + case WPA_DRV_STA_REMOVED: + sm->tk_already_set = FALSE; + return 0; } #ifdef CONFIG_IEEE80211R @@ -3250,6 +3253,14 @@ int wpa_auth_sta_wpa_version(struct wpa_state_machine *sm) } +int wpa_auth_sta_ft_tk_already_set(struct wpa_state_machine *sm) +{ + if (!sm || !wpa_key_mgmt_ft(sm->wpa_key_mgmt)) + return 0; + return sm->tk_already_set; +} + + int wpa_auth_sta_clear_pmksa(struct wpa_state_machine *sm, struct rsn_pmksa_cache_entry *entry) { diff --git a/src/ap/wpa_auth.h b/src/ap/wpa_auth.h index 0de8d97..97461b0 100644 --- a/src/ap/wpa_auth.h +++ b/src/ap/wpa_auth.h @@ -267,7 +267,7 @@ void wpa_receive(struct wpa_authenticator *wpa_auth, u8 *data, size_t data_len); enum wpa_event { WPA_AUTH, WPA_ASSOC, WPA_DISASSOC, WPA_DEAUTH, WPA_REAUTH, - WPA_REAUTH_EAPOL, WPA_ASSOC_FT + WPA_REAUTH_EAPOL, WPA_ASSOC_FT, WPA_DRV_STA_REMOVED }; void wpa_remove_ptk(struct wpa_state_machine *sm); int wpa_auth_sm_event(struct wpa_state_machine *sm, enum wpa_event event); @@ -280,6 +280,7 @@ int wpa_auth_pairwise_set(struct wpa_state_machine *sm); int wpa_auth_get_pairwise(struct wpa_state_machine *sm); int wpa_auth_sta_key_mgmt(struct wpa_state_machine *sm); int wpa_auth_sta_wpa_version(struct wpa_state_machine *sm); +int wpa_auth_sta_ft_tk_already_set(struct wpa_state_machine *sm); int wpa_auth_sta_clear_pmksa(struct wpa_state_machine *sm, struct rsn_pmksa_cache_entry *entry); struct rsn_pmksa_cache_entry * diff --git a/src/ap/wpa_auth_ft.c b/src/ap/wpa_auth_ft.c index 42242a5..e63b99a 100644 --- a/src/ap/wpa_auth_ft.c +++ b/src/ap/wpa_auth_ft.c @@ -780,6 +780,14 @@ void wpa_ft_install_ptk(struct wpa_state_machine *sm) return; } + if (sm->tk_already_set) { + /* Must avoid TK reconfiguration to prevent clearing of TX/RX + * PN in the driver */ + wpa_printf(MSG_DEBUG, + "FT: Do not re-install same PTK to the driver"); + return; + } + /* FIX: add STA entry to kernel/driver here? The set_key will fail * most likely without this.. At the moment, STA entry is added only * after association has been completed. This function will be called @@ -792,6 +800,7 @@ void wpa_ft_install_ptk(struct wpa_state_machine *sm) /* FIX: MLME-SetProtection.Request(TA, Tx_Rx) */ sm->pairwise_set = TRUE; + sm->tk_already_set = TRUE; } @@ -898,6 +907,7 @@ static int wpa_ft_process_auth_req(struct wpa_state_machine *sm, sm->pairwise = pairwise; sm->PTK_valid = TRUE; + sm->tk_already_set = FALSE; wpa_ft_install_ptk(sm); buflen = 2 + sizeof(struct rsn_mdie) + 2 + sizeof(struct rsn_ftie) + diff --git a/src/ap/wpa_auth_i.h b/src/ap/wpa_auth_i.h index 72b7eb3..7fd8f05 100644 --- a/src/ap/wpa_auth_i.h +++ b/src/ap/wpa_auth_i.h @@ -65,6 +65,7 @@ struct wpa_state_machine { struct wpa_ptk PTK; Boolean PTK_valid; Boolean pairwise_set; + Boolean tk_already_set; int keycount; Boolean Pair; struct wpa_key_replay_counter { -- 2.7.4 ++++++ rebased-v2.6-0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch ++++++ >From 927f891007c402fefd1ff384645b3f07597c3ede Mon Sep 17 00:00:00 2001 From: Mathy Vanhoef <mathy.vanh...@cs.kuleuven.be> Date: Wed, 12 Jul 2017 16:03:24 +0200 Subject: [PATCH 2/8] Prevent reinstallation of an already in-use group key Track the current GTK and IGTK that is in use and when receiving a (possibly retransmitted) Group Message 1 or WNM-Sleep Mode Response, do not install the given key if it is already in use. This prevents an attacker from trying to trick the client into resetting or lowering the sequence counter associated to the group key. Signed-off-by: Mathy Vanhoef <mathy.vanh...@cs.kuleuven.be> --- src/common/wpa_common.h | 11 +++++ src/rsn_supp/wpa.c | 116 ++++++++++++++++++++++++++++++------------------ src/rsn_supp/wpa_i.h | 4 ++ 3 files changed, 87 insertions(+), 44 deletions(-) diff --git a/src/common/wpa_common.h b/src/common/wpa_common.h index af1d0f0..d200285 100644 --- a/src/common/wpa_common.h +++ b/src/common/wpa_common.h @@ -217,6 +217,17 @@ struct wpa_ptk { size_t tk_len; }; +struct wpa_gtk { + u8 gtk[WPA_GTK_MAX_LEN]; + size_t gtk_len; +}; + +#ifdef CONFIG_IEEE80211W +struct wpa_igtk { + u8 igtk[WPA_IGTK_MAX_LEN]; + size_t igtk_len; +}; +#endif /* CONFIG_IEEE80211W */ /* WPA IE version 1 * 00-50-f2:1 (OUI:OUI type) diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c index 3c47879..95bd7be 100644 --- a/src/rsn_supp/wpa.c +++ b/src/rsn_supp/wpa.c @@ -714,6 +714,15 @@ static int wpa_supplicant_install_gtk(struct wpa_sm *sm, const u8 *_gtk = gd->gtk; u8 gtk_buf[32]; + /* Detect possible key reinstallation */ + if (sm->gtk.gtk_len == (size_t) gd->gtk_len && + os_memcmp(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len) == 0) { + wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, + "WPA: Not reinstalling already in-use GTK to the driver (keyidx=%d tx=%d len=%d)", + gd->keyidx, gd->tx, gd->gtk_len); + return 0; + } + wpa_hexdump_key(MSG_DEBUG, "WPA: Group Key", gd->gtk, gd->gtk_len); wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Installing GTK to the driver (keyidx=%d tx=%d len=%d)", @@ -748,6 +757,9 @@ static int wpa_supplicant_install_gtk(struct wpa_sm *sm, } os_memset(gtk_buf, 0, sizeof(gtk_buf)); + sm->gtk.gtk_len = gd->gtk_len; + os_memcpy(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len); + return 0; } @@ -854,6 +866,48 @@ static int wpa_supplicant_pairwise_gtk(struct wpa_sm *sm, } +#ifdef CONFIG_IEEE80211W +static int wpa_supplicant_install_igtk(struct wpa_sm *sm, + const struct wpa_igtk_kde *igtk) +{ + size_t len = wpa_cipher_key_len(sm->mgmt_group_cipher); + u16 keyidx = WPA_GET_LE16(igtk->keyid); + + /* Detect possible key reinstallation */ + if (sm->igtk.igtk_len == len && + os_memcmp(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len) == 0) { + wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, + "WPA: Not reinstalling already in-use IGTK to the driver (keyidx=%d)", + keyidx); + return 0; + } + + wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, + "WPA: IGTK keyid %d pn %02x%02x%02x%02x%02x%02x", + keyidx, MAC2STR(igtk->pn)); + wpa_hexdump_key(MSG_DEBUG, "WPA: IGTK", igtk->igtk, len); + if (keyidx > 4095) { + wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, + "WPA: Invalid IGTK KeyID %d", keyidx); + return -1; + } + if (wpa_sm_set_key(sm, wpa_cipher_to_alg(sm->mgmt_group_cipher), + broadcast_ether_addr, + keyidx, 0, igtk->pn, sizeof(igtk->pn), + igtk->igtk, len) < 0) { + wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, + "WPA: Failed to configure IGTK to the driver"); + return -1; + } + + sm->igtk.igtk_len = len; + os_memcpy(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len); + + return 0; +} +#endif /* CONFIG_IEEE80211W */ + + static int ieee80211w_set_keys(struct wpa_sm *sm, struct wpa_eapol_ie_parse *ie) { @@ -864,30 +918,14 @@ static int ieee80211w_set_keys(struct wpa_sm *sm, if (ie->igtk) { size_t len; const struct wpa_igtk_kde *igtk; - u16 keyidx; + len = wpa_cipher_key_len(sm->mgmt_group_cipher); if (ie->igtk_len != WPA_IGTK_KDE_PREFIX_LEN + len) return -1; + igtk = (const struct wpa_igtk_kde *) ie->igtk; - keyidx = WPA_GET_LE16(igtk->keyid); - wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: IGTK keyid %d " - "pn %02x%02x%02x%02x%02x%02x", - keyidx, MAC2STR(igtk->pn)); - wpa_hexdump_key(MSG_DEBUG, "WPA: IGTK", - igtk->igtk, len); - if (keyidx > 4095) { - wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, - "WPA: Invalid IGTK KeyID %d", keyidx); - return -1; - } - if (wpa_sm_set_key(sm, wpa_cipher_to_alg(sm->mgmt_group_cipher), - broadcast_ether_addr, - keyidx, 0, igtk->pn, sizeof(igtk->pn), - igtk->igtk, len) < 0) { - wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, - "WPA: Failed to configure IGTK to the driver"); + if (wpa_supplicant_install_igtk(sm, igtk) < 0) return -1; - } } return 0; @@ -2307,7 +2345,7 @@ void wpa_sm_deinit(struct wpa_sm *sm) */ void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid) { - int clear_ptk = 1; + int clear_keys = 1; if (sm == NULL) return; @@ -2333,11 +2371,11 @@ void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid) /* Prepare for the next transition */ wpa_ft_prepare_auth_request(sm, NULL); - clear_ptk = 0; + clear_keys = 0; } #endif /* CONFIG_IEEE80211R */ - if (clear_ptk) { + if (clear_keys) { /* * IEEE 802.11, 8.4.10: Delete PTK SA on (re)association if * this is not part of a Fast BSS Transition. @@ -2347,6 +2385,10 @@ void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid) os_memset(&sm->ptk, 0, sizeof(sm->ptk)); sm->tptk_set = 0; os_memset(&sm->tptk, 0, sizeof(sm->tptk)); + os_memset(&sm->gtk, 0, sizeof(sm->gtk)); +#ifdef CONFIG_IEEE80211W + os_memset(&sm->igtk, 0, sizeof(sm->igtk)); +#endif /* CONFIG_IEEE80211W */ } #ifdef CONFIG_TDLS @@ -2877,6 +2919,10 @@ void wpa_sm_drop_sa(struct wpa_sm *sm) os_memset(sm->pmk, 0, sizeof(sm->pmk)); os_memset(&sm->ptk, 0, sizeof(sm->ptk)); os_memset(&sm->tptk, 0, sizeof(sm->tptk)); + os_memset(&sm->gtk, 0, sizeof(sm->gtk)); +#ifdef CONFIG_IEEE80211W + os_memset(&sm->igtk, 0, sizeof(sm->igtk)); +#endif /* CONFIG_IEEE80211W */ #ifdef CONFIG_IEEE80211R os_memset(sm->xxkey, 0, sizeof(sm->xxkey)); os_memset(sm->pmk_r0, 0, sizeof(sm->pmk_r0)); @@ -2949,29 +2995,11 @@ int wpa_wnmsleep_install_key(struct wpa_sm *sm, u8 subelem_id, u8 *buf) os_memset(&gd, 0, sizeof(gd)); #ifdef CONFIG_IEEE80211W } else if (subelem_id == WNM_SLEEP_SUBELEM_IGTK) { - struct wpa_igtk_kde igd; - u16 keyidx; - - os_memset(&igd, 0, sizeof(igd)); - keylen = wpa_cipher_key_len(sm->mgmt_group_cipher); - os_memcpy(igd.keyid, buf + 2, 2); - os_memcpy(igd.pn, buf + 4, 6); - - keyidx = WPA_GET_LE16(igd.keyid); - os_memcpy(igd.igtk, buf + 10, keylen); - - wpa_hexdump_key(MSG_DEBUG, "Install IGTK (WNM SLEEP)", - igd.igtk, keylen); - if (wpa_sm_set_key(sm, wpa_cipher_to_alg(sm->mgmt_group_cipher), - broadcast_ether_addr, - keyidx, 0, igd.pn, sizeof(igd.pn), - igd.igtk, keylen) < 0) { - wpa_printf(MSG_DEBUG, "Failed to install the IGTK in " - "WNM mode"); - os_memset(&igd, 0, sizeof(igd)); + const struct wpa_igtk_kde *igtk; + + igtk = (const struct wpa_igtk_kde *) (buf + 2); + if (wpa_supplicant_install_igtk(sm, igtk) < 0) return -1; - } - os_memset(&igd, 0, sizeof(igd)); #endif /* CONFIG_IEEE80211W */ } else { wpa_printf(MSG_DEBUG, "Unknown element id"); diff --git a/src/rsn_supp/wpa_i.h b/src/rsn_supp/wpa_i.h index f653ba6..afc9e37 100644 --- a/src/rsn_supp/wpa_i.h +++ b/src/rsn_supp/wpa_i.h @@ -31,6 +31,10 @@ struct wpa_sm { u8 rx_replay_counter[WPA_REPLAY_COUNTER_LEN]; int rx_replay_counter_set; u8 request_counter[WPA_REPLAY_COUNTER_LEN]; + struct wpa_gtk gtk; +#ifdef CONFIG_IEEE80211W + struct wpa_igtk igtk; +#endif /* CONFIG_IEEE80211W */ struct eapol_sm *eapol; /* EAPOL state machine from upper level code */ -- 2.7.4 ++++++ rebased-v2.6-0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch ++++++ >From 8280294e74846ea342389a0cd17215050fa5afe8 Mon Sep 17 00:00:00 2001 From: Jouni Malinen <j...@w1.fi> Date: Sun, 1 Oct 2017 12:12:24 +0300 Subject: [PATCH 3/8] Extend protection of GTK/IGTK reinstallation of WNM-Sleep Mode cases This extends the protection to track last configured GTK/IGTK value separately from EAPOL-Key frames and WNM-Sleep Mode frames to cover a corner case where these two different mechanisms may get used when the GTK/IGTK has changed and tracking a single value is not sufficient to detect a possible key reconfiguration. Signed-off-by: Jouni Malinen <j...@w1.fi> --- src/rsn_supp/wpa.c | 53 +++++++++++++++++++++++++++++++++++++--------------- src/rsn_supp/wpa_i.h | 2 ++ 2 files changed, 40 insertions(+), 15 deletions(-) diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c index 95bd7be..7a2c68d 100644 --- a/src/rsn_supp/wpa.c +++ b/src/rsn_supp/wpa.c @@ -709,14 +709,17 @@ struct wpa_gtk_data { static int wpa_supplicant_install_gtk(struct wpa_sm *sm, const struct wpa_gtk_data *gd, - const u8 *key_rsc) + const u8 *key_rsc, int wnm_sleep) { const u8 *_gtk = gd->gtk; u8 gtk_buf[32]; /* Detect possible key reinstallation */ - if (sm->gtk.gtk_len == (size_t) gd->gtk_len && - os_memcmp(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len) == 0) { + if ((sm->gtk.gtk_len == (size_t) gd->gtk_len && + os_memcmp(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len) == 0) || + (sm->gtk_wnm_sleep.gtk_len == (size_t) gd->gtk_len && + os_memcmp(sm->gtk_wnm_sleep.gtk, gd->gtk, + sm->gtk_wnm_sleep.gtk_len) == 0)) { wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Not reinstalling already in-use GTK to the driver (keyidx=%d tx=%d len=%d)", gd->keyidx, gd->tx, gd->gtk_len); @@ -757,8 +760,14 @@ static int wpa_supplicant_install_gtk(struct wpa_sm *sm, } os_memset(gtk_buf, 0, sizeof(gtk_buf)); - sm->gtk.gtk_len = gd->gtk_len; - os_memcpy(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len); + if (wnm_sleep) { + sm->gtk_wnm_sleep.gtk_len = gd->gtk_len; + os_memcpy(sm->gtk_wnm_sleep.gtk, gd->gtk, + sm->gtk_wnm_sleep.gtk_len); + } else { + sm->gtk.gtk_len = gd->gtk_len; + os_memcpy(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len); + } return 0; } @@ -852,7 +861,7 @@ static int wpa_supplicant_pairwise_gtk(struct wpa_sm *sm, (wpa_supplicant_check_group_cipher(sm, sm->group_cipher, gtk_len, gtk_len, &gd.key_rsc_len, &gd.alg) || - wpa_supplicant_install_gtk(sm, &gd, key_rsc))) { + wpa_supplicant_install_gtk(sm, &gd, key_rsc, 0))) { wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "RSN: Failed to install GTK"); os_memset(&gd, 0, sizeof(gd)); @@ -868,14 +877,18 @@ static int wpa_supplicant_pairwise_gtk(struct wpa_sm *sm, #ifdef CONFIG_IEEE80211W static int wpa_supplicant_install_igtk(struct wpa_sm *sm, - const struct wpa_igtk_kde *igtk) + const struct wpa_igtk_kde *igtk, + int wnm_sleep) { size_t len = wpa_cipher_key_len(sm->mgmt_group_cipher); u16 keyidx = WPA_GET_LE16(igtk->keyid); /* Detect possible key reinstallation */ - if (sm->igtk.igtk_len == len && - os_memcmp(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len) == 0) { + if ((sm->igtk.igtk_len == len && + os_memcmp(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len) == 0) || + (sm->igtk_wnm_sleep.igtk_len == len && + os_memcmp(sm->igtk_wnm_sleep.igtk, igtk->igtk, + sm->igtk_wnm_sleep.igtk_len) == 0)) { wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Not reinstalling already in-use IGTK to the driver (keyidx=%d)", keyidx); @@ -900,8 +913,14 @@ static int wpa_supplicant_install_igtk(struct wpa_sm *sm, return -1; } - sm->igtk.igtk_len = len; - os_memcpy(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len); + if (wnm_sleep) { + sm->igtk_wnm_sleep.igtk_len = len; + os_memcpy(sm->igtk_wnm_sleep.igtk, igtk->igtk, + sm->igtk_wnm_sleep.igtk_len); + } else { + sm->igtk.igtk_len = len; + os_memcpy(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len); + } return 0; } @@ -924,7 +943,7 @@ static int ieee80211w_set_keys(struct wpa_sm *sm, return -1; igtk = (const struct wpa_igtk_kde *) ie->igtk; - if (wpa_supplicant_install_igtk(sm, igtk) < 0) + if (wpa_supplicant_install_igtk(sm, igtk, 0) < 0) return -1; } @@ -1574,7 +1593,7 @@ static void wpa_supplicant_process_1_of_2(struct wpa_sm *sm, if (wpa_supplicant_rsc_relaxation(sm, key->key_rsc)) key_rsc = null_rsc; - if (wpa_supplicant_install_gtk(sm, &gd, key_rsc) || + if (wpa_supplicant_install_gtk(sm, &gd, key_rsc, 0) || wpa_supplicant_send_2_of_2(sm, key, ver, key_info) < 0) goto failed; os_memset(&gd, 0, sizeof(gd)); @@ -2386,8 +2405,10 @@ void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid) sm->tptk_set = 0; os_memset(&sm->tptk, 0, sizeof(sm->tptk)); os_memset(&sm->gtk, 0, sizeof(sm->gtk)); + os_memset(&sm->gtk_wnm_sleep, 0, sizeof(sm->gtk_wnm_sleep)); #ifdef CONFIG_IEEE80211W os_memset(&sm->igtk, 0, sizeof(sm->igtk)); + os_memset(&sm->igtk_wnm_sleep, 0, sizeof(sm->igtk_wnm_sleep)); #endif /* CONFIG_IEEE80211W */ } @@ -2920,8 +2941,10 @@ void wpa_sm_drop_sa(struct wpa_sm *sm) os_memset(&sm->ptk, 0, sizeof(sm->ptk)); os_memset(&sm->tptk, 0, sizeof(sm->tptk)); os_memset(&sm->gtk, 0, sizeof(sm->gtk)); + os_memset(&sm->gtk_wnm_sleep, 0, sizeof(sm->gtk_wnm_sleep)); #ifdef CONFIG_IEEE80211W os_memset(&sm->igtk, 0, sizeof(sm->igtk)); + os_memset(&sm->igtk_wnm_sleep, 0, sizeof(sm->igtk_wnm_sleep)); #endif /* CONFIG_IEEE80211W */ #ifdef CONFIG_IEEE80211R os_memset(sm->xxkey, 0, sizeof(sm->xxkey)); @@ -2986,7 +3009,7 @@ int wpa_wnmsleep_install_key(struct wpa_sm *sm, u8 subelem_id, u8 *buf) wpa_hexdump_key(MSG_DEBUG, "Install GTK (WNM SLEEP)", gd.gtk, gd.gtk_len); - if (wpa_supplicant_install_gtk(sm, &gd, key_rsc)) { + if (wpa_supplicant_install_gtk(sm, &gd, key_rsc, 1)) { os_memset(&gd, 0, sizeof(gd)); wpa_printf(MSG_DEBUG, "Failed to install the GTK in " "WNM mode"); @@ -2998,7 +3021,7 @@ int wpa_wnmsleep_install_key(struct wpa_sm *sm, u8 subelem_id, u8 *buf) const struct wpa_igtk_kde *igtk; igtk = (const struct wpa_igtk_kde *) (buf + 2); - if (wpa_supplicant_install_igtk(sm, igtk) < 0) + if (wpa_supplicant_install_igtk(sm, igtk, 1) < 0) return -1; #endif /* CONFIG_IEEE80211W */ } else { diff --git a/src/rsn_supp/wpa_i.h b/src/rsn_supp/wpa_i.h index afc9e37..9a54631 100644 --- a/src/rsn_supp/wpa_i.h +++ b/src/rsn_supp/wpa_i.h @@ -32,8 +32,10 @@ struct wpa_sm { int rx_replay_counter_set; u8 request_counter[WPA_REPLAY_COUNTER_LEN]; struct wpa_gtk gtk; + struct wpa_gtk gtk_wnm_sleep; #ifdef CONFIG_IEEE80211W struct wpa_igtk igtk; + struct wpa_igtk igtk_wnm_sleep; #endif /* CONFIG_IEEE80211W */ struct eapol_sm *eapol; /* EAPOL state machine from upper level code */ -- 2.7.4 ++++++ rebased-v2.6-0004-Prevent-installation-of-an-all-zero-TK.patch ++++++ >From 8f82bc94e8697a9d47fa8774dfdaaede1084912c Mon Sep 17 00:00:00 2001 From: Mathy Vanhoef <mathy.vanh...@cs.kuleuven.be> Date: Fri, 29 Sep 2017 04:22:51 +0200 Subject: [PATCH 4/8] Prevent installation of an all-zero TK Properly track whether a PTK has already been installed to the driver and the TK part cleared from memory. This prevents an attacker from trying to trick the client into installing an all-zero TK. This fixes the earlier fix in commit ad00d64e7d8827b3cebd665a0ceb08adabf15e1e ('Fix TK configuration to the driver in EAPOL-Key 3/4 retry case') which did not take into account possibility of an extra message 1/4 showing up between retries of message 3/4. Signed-off-by: Mathy Vanhoef <mathy.vanh...@cs.kuleuven.be> --- src/common/wpa_common.h | 1 + src/rsn_supp/wpa.c | 5 ++--- src/rsn_supp/wpa_i.h | 1 - 3 files changed, 3 insertions(+), 4 deletions(-) diff --git a/src/common/wpa_common.h b/src/common/wpa_common.h index d200285..1021ccb 100644 --- a/src/common/wpa_common.h +++ b/src/common/wpa_common.h @@ -215,6 +215,7 @@ struct wpa_ptk { size_t kck_len; size_t kek_len; size_t tk_len; + int installed; /* 1 if key has already been installed to driver */ }; struct wpa_gtk { diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c index 7a2c68d..0550a41 100644 --- a/src/rsn_supp/wpa.c +++ b/src/rsn_supp/wpa.c @@ -510,7 +510,6 @@ static void wpa_supplicant_process_1_of_4(struct wpa_sm *sm, os_memset(buf, 0, sizeof(buf)); } sm->tptk_set = 1; - sm->tk_to_set = 1; kde = sm->assoc_wpa_ie; kde_len = sm->assoc_wpa_ie_len; @@ -615,7 +614,7 @@ static int wpa_supplicant_install_ptk(struct wpa_sm *sm, enum wpa_alg alg; const u8 *key_rsc; - if (!sm->tk_to_set) { + if (sm->ptk.installed) { wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Do not re-install same PTK to the driver"); return 0; @@ -659,7 +658,7 @@ static int wpa_supplicant_install_ptk(struct wpa_sm *sm, /* TK is not needed anymore in supplicant */ os_memset(sm->ptk.tk, 0, WPA_TK_MAX_LEN); - sm->tk_to_set = 0; + sm->ptk.installed = 1; if (sm->wpa_ptk_rekey) { eloop_cancel_timeout(wpa_sm_rekey_ptk, sm, NULL); diff --git a/src/rsn_supp/wpa_i.h b/src/rsn_supp/wpa_i.h index 9a54631..41f371f 100644 --- a/src/rsn_supp/wpa_i.h +++ b/src/rsn_supp/wpa_i.h @@ -24,7 +24,6 @@ struct wpa_sm { struct wpa_ptk ptk, tptk; int ptk_set, tptk_set; unsigned int msg_3_of_4_ok:1; - unsigned int tk_to_set:1; u8 snonce[WPA_NONCE_LEN]; u8 anonce[WPA_NONCE_LEN]; /* ANonce from the last 1/4 msg */ int renew_snonce; -- 2.7.4 ++++++ rebased-v2.6-0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch ++++++ >From 12fac09b437a1dc8a0f253e265934a8aaf4d2f8b Mon Sep 17 00:00:00 2001 From: Jouni Malinen <j...@w1.fi> Date: Sun, 1 Oct 2017 12:32:57 +0300 Subject: [PATCH 5/8] Fix PTK rekeying to generate a new ANonce The Authenticator state machine path for PTK rekeying ended up bypassing the AUTHENTICATION2 state where a new ANonce is generated when going directly to the PTKSTART state since there is no need to try to determine the PMK again in such a case. This is far from ideal since the new PTK would depend on a new nonce only from the supplicant. Fix this by generating a new ANonce when moving to the PTKSTART state for the purpose of starting new 4-way handshake to rekey PTK. Signed-off-by: Jouni Malinen <j...@w1.fi> --- src/ap/wpa_auth.c | 24 +++++++++++++++++++++--- 1 file changed, 21 insertions(+), 3 deletions(-) diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c index 707971d..bf10cc1 100644 --- a/src/ap/wpa_auth.c +++ b/src/ap/wpa_auth.c @@ -1901,6 +1901,21 @@ SM_STATE(WPA_PTK, AUTHENTICATION2) } +static int wpa_auth_sm_ptk_update(struct wpa_state_machine *sm) +{ + if (random_get_bytes(sm->ANonce, WPA_NONCE_LEN)) { + wpa_printf(MSG_ERROR, + "WPA: Failed to get random data for ANonce"); + sm->Disconnect = TRUE; + return -1; + } + wpa_hexdump(MSG_DEBUG, "WPA: Assign new ANonce", sm->ANonce, + WPA_NONCE_LEN); + sm->TimeoutCtr = 0; + return 0; +} + + SM_STATE(WPA_PTK, INITPMK) { u8 msk[2 * PMK_LEN]; @@ -2458,9 +2473,12 @@ SM_STEP(WPA_PTK) SM_ENTER(WPA_PTK, AUTHENTICATION); else if (sm->ReAuthenticationRequest) SM_ENTER(WPA_PTK, AUTHENTICATION2); - else if (sm->PTKRequest) - SM_ENTER(WPA_PTK, PTKSTART); - else switch (sm->wpa_ptk_state) { + else if (sm->PTKRequest) { + if (wpa_auth_sm_ptk_update(sm) < 0) + SM_ENTER(WPA_PTK, DISCONNECTED); + else + SM_ENTER(WPA_PTK, PTKSTART); + } else switch (sm->wpa_ptk_state) { case WPA_PTK_INITIALIZE: break; case WPA_PTK_DISCONNECT: -- 2.7.4 ++++++ rebased-v2.6-0006-TDLS-Reject-TPK-TK-reconfiguration.patch ++++++ >From 6c4bed4f47d1960ec04981a9d50e5076aea5223d Mon Sep 17 00:00:00 2001 From: Jouni Malinen <j...@w1.fi> Date: Fri, 22 Sep 2017 11:03:15 +0300 Subject: [PATCH 6/8] TDLS: Reject TPK-TK reconfiguration Do not try to reconfigure the same TPK-TK to the driver after it has been successfully configured. This is an explicit check to avoid issues related to resetting the TX/RX packet number. There was already a check for this for TPK M2 (retries of that message are ignored completely), so that behavior does not get modified. For TPK M3, the TPK-TK could have been reconfigured, but that was followed by immediate teardown of the link due to an issue in updating the STA entry. Furthermore, for TDLS with any real security (i.e., ignoring open/WEP), the TPK message exchange is protected on the AP path and simple replay attacks are not feasible. As an additional corner case, make sure the local nonce gets updated if the peer uses a very unlikely "random nonce" of all zeros. Signed-off-by: Jouni Malinen <j...@w1.fi> --- src/rsn_supp/tdls.c | 38 ++++++++++++++++++++++++++++++++++++-- 1 file changed, 36 insertions(+), 2 deletions(-) diff --git a/src/rsn_supp/tdls.c b/src/rsn_supp/tdls.c index e424168..9eb9738 100644 --- a/src/rsn_supp/tdls.c +++ b/src/rsn_supp/tdls.c @@ -112,6 +112,7 @@ struct wpa_tdls_peer { u8 tk[16]; /* TPK-TK; assuming only CCMP will be used */ } tpk; int tpk_set; + int tk_set; /* TPK-TK configured to the driver */ int tpk_success; int tpk_in_progress; @@ -192,6 +193,20 @@ static int wpa_tdls_set_key(struct wpa_sm *sm, struct wpa_tdls_peer *peer) u8 rsc[6]; enum wpa_alg alg; + if (peer->tk_set) { + /* + * This same TPK-TK has already been configured to the driver + * and this new configuration attempt (likely due to an + * unexpected retransmitted frame) would result in clearing + * the TX/RX sequence number which can break security, so must + * not allow that to happen. + */ + wpa_printf(MSG_INFO, "TDLS: TPK-TK for the peer " MACSTR + " has already been configured to the driver - do not reconfigure", + MAC2STR(peer->addr)); + return -1; + } + os_memset(rsc, 0, 6); switch (peer->cipher) { @@ -209,12 +224,15 @@ static int wpa_tdls_set_key(struct wpa_sm *sm, struct wpa_tdls_peer *peer) return -1; } + wpa_printf(MSG_DEBUG, "TDLS: Configure pairwise key for peer " MACSTR, + MAC2STR(peer->addr)); if (wpa_sm_set_key(sm, alg, peer->addr, -1, 1, rsc, sizeof(rsc), peer->tpk.tk, key_len) < 0) { wpa_printf(MSG_WARNING, "TDLS: Failed to set TPK to the " "driver"); return -1; } + peer->tk_set = 1; return 0; } @@ -696,7 +714,7 @@ static void wpa_tdls_peer_clear(struct wpa_sm *sm, struct wpa_tdls_peer *peer) peer->cipher = 0; peer->qos_info = 0; peer->wmm_capable = 0; - peer->tpk_set = peer->tpk_success = 0; + peer->tk_set = peer->tpk_set = peer->tpk_success = 0; peer->chan_switch_enabled = 0; os_memset(&peer->tpk, 0, sizeof(peer->tpk)); os_memset(peer->inonce, 0, WPA_NONCE_LEN); @@ -1159,6 +1177,7 @@ skip_rsnie: wpa_tdls_peer_free(sm, peer); return -1; } + peer->tk_set = 0; /* A new nonce results in a new TK */ wpa_hexdump(MSG_DEBUG, "TDLS: Initiator Nonce for TPK handshake", peer->inonce, WPA_NONCE_LEN); os_memcpy(ftie->Snonce, peer->inonce, WPA_NONCE_LEN); @@ -1751,6 +1770,19 @@ static int wpa_tdls_addset_peer(struct wpa_sm *sm, struct wpa_tdls_peer *peer, } +static int tdls_nonce_set(const u8 *nonce) +{ + int i; + + for (i = 0; i < WPA_NONCE_LEN; i++) { + if (nonce[i]) + return 1; + } + + return 0; +} + + static int wpa_tdls_process_tpk_m1(struct wpa_sm *sm, const u8 *src_addr, const u8 *buf, size_t len) { @@ -2004,7 +2036,8 @@ skip_rsn: peer->rsnie_i_len = kde.rsn_ie_len; peer->cipher = cipher; - if (os_memcmp(peer->inonce, ftie->Snonce, WPA_NONCE_LEN) != 0) { + if (os_memcmp(peer->inonce, ftie->Snonce, WPA_NONCE_LEN) != 0 || + !tdls_nonce_set(peer->inonce)) { /* * There is no point in updating the RNonce for every obtained * TPK M1 frame (e.g., retransmission due to timeout) with the @@ -2020,6 +2053,7 @@ skip_rsn: "TDLS: Failed to get random data for responder nonce"); goto error; } + peer->tk_set = 0; /* A new nonce results in a new TK */ } #if 0 -- 2.7.4 ++++++ rebased-v2.6-0007-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch ++++++ >From 53c5eb58e95004f86e65ee9fbfccbc291b139057 Mon Sep 17 00:00:00 2001 From: Jouni Malinen <j...@w1.fi> Date: Fri, 22 Sep 2017 11:25:02 +0300 Subject: [PATCH 7/8] WNM: Ignore WNM-Sleep Mode Response without pending request Commit 03ed0a52393710be6bdae657d1b36efa146520e5 ('WNM: Ignore WNM-Sleep Mode Response if WNM-Sleep Mode has not been used') started ignoring the response when no WNM-Sleep Mode Request had been used during the association. This can be made tighter by clearing the used flag when successfully processing a response. This adds an additional layer of protection against unexpected retransmissions of the response frame. Signed-off-by: Jouni Malinen <j...@w1.fi> --- wpa_supplicant/wnm_sta.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/wpa_supplicant/wnm_sta.c b/wpa_supplicant/wnm_sta.c index 1b3409c..67a07ff 100644 --- a/wpa_supplicant/wnm_sta.c +++ b/wpa_supplicant/wnm_sta.c @@ -260,7 +260,7 @@ static void ieee802_11_rx_wnmsleep_resp(struct wpa_supplicant *wpa_s, if (!wpa_s->wnmsleep_used) { wpa_printf(MSG_DEBUG, - "WNM: Ignore WNM-Sleep Mode Response frame since WNM-Sleep Mode has not been used in this association"); + "WNM: Ignore WNM-Sleep Mode Response frame since WNM-Sleep Mode operation has not been requested"); return; } @@ -299,6 +299,8 @@ static void ieee802_11_rx_wnmsleep_resp(struct wpa_supplicant *wpa_s, return; } + wpa_s->wnmsleep_used = 0; + if (wnmsleep_ie->status == WNM_STATUS_SLEEP_ACCEPT || wnmsleep_ie->status == WNM_STATUS_SLEEP_EXIT_ACCEPT_GTK_UPDATE) { wpa_printf(MSG_DEBUG, "Successfully recv WNM-Sleep Response " -- 2.7.4 ++++++ rebased-v2.6-0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch ++++++ >From b372ab0b7daea719749194dc554b26e6367603f2 Mon Sep 17 00:00:00 2001 From: Jouni Malinen <j...@w1.fi> Date: Fri, 22 Sep 2017 12:06:37 +0300 Subject: [PATCH 8/8] FT: Do not allow multiple Reassociation Response frames The driver is expected to not report a second association event without the station having explicitly request a new association. As such, this case should not be reachable. However, since reconfiguring the same pairwise or group keys to the driver could result in nonce reuse issues, be extra careful here and do an additional state check to avoid this even if the local driver ends up somehow accepting an unexpected Reassociation Response frame. Signed-off-by: Jouni Malinen <j...@w1.fi> --- src/rsn_supp/wpa.c | 3 +++ src/rsn_supp/wpa_ft.c | 8 ++++++++ src/rsn_supp/wpa_i.h | 1 + 3 files changed, 12 insertions(+) diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c index 0550a41..2a53c6f 100644 --- a/src/rsn_supp/wpa.c +++ b/src/rsn_supp/wpa.c @@ -2440,6 +2440,9 @@ void wpa_sm_notify_disassoc(struct wpa_sm *sm) #ifdef CONFIG_TDLS wpa_tdls_disassoc(sm); #endif /* CONFIG_TDLS */ +#ifdef CONFIG_IEEE80211R + sm->ft_reassoc_completed = 0; +#endif /* CONFIG_IEEE80211R */ /* Keys are not needed in the WPA state machine anymore */ wpa_sm_drop_sa(sm); diff --git a/src/rsn_supp/wpa_ft.c b/src/rsn_supp/wpa_ft.c index 205793e..d45bb45 100644 --- a/src/rsn_supp/wpa_ft.c +++ b/src/rsn_supp/wpa_ft.c @@ -153,6 +153,7 @@ static u8 * wpa_ft_gen_req_ies(struct wpa_sm *sm, size_t *len, u16 capab; sm->ft_completed = 0; + sm->ft_reassoc_completed = 0; buf_len = 2 + sizeof(struct rsn_mdie) + 2 + sizeof(struct rsn_ftie) + 2 + sm->r0kh_id_len + ric_ies_len + 100; @@ -681,6 +682,11 @@ int wpa_ft_validate_reassoc_resp(struct wpa_sm *sm, const u8 *ies, return -1; } + if (sm->ft_reassoc_completed) { + wpa_printf(MSG_DEBUG, "FT: Reassociation has already been completed for this FT protocol instance - ignore unexpected retransmission"); + return 0; + } + if (wpa_ft_parse_ies(ies, ies_len, &parse) < 0) { wpa_printf(MSG_DEBUG, "FT: Failed to parse IEs"); return -1; @@ -781,6 +787,8 @@ int wpa_ft_validate_reassoc_resp(struct wpa_sm *sm, const u8 *ies, return -1; } + sm->ft_reassoc_completed = 1; + if (wpa_ft_process_gtk_subelem(sm, parse.gtk, parse.gtk_len) < 0) return -1; diff --git a/src/rsn_supp/wpa_i.h b/src/rsn_supp/wpa_i.h index 41f371f..56f88dc 100644 --- a/src/rsn_supp/wpa_i.h +++ b/src/rsn_supp/wpa_i.h @@ -128,6 +128,7 @@ struct wpa_sm { size_t r0kh_id_len; u8 r1kh_id[FT_R1KH_ID_LEN]; int ft_completed; + int ft_reassoc_completed; int over_the_ds_in_progress; u8 target_ap[ETH_ALEN]; /* over-the-DS target AP */ int set_ptk_after_assoc; -- 2.7.4 ++++++ rebased-v2.6-0009-WPA-Ignore-unauthenticated-encrypted-EAPOL-Key-data.patch ++++++ >From 3e34cfdff6b192fe337c6fb3f487f73e96582961 Mon Sep 17 00:00:00 2001 From: Mathy Vanhoef <mathy.vanh...@cs.kuleuven.be> Date: Sun, 15 Jul 2018 01:25:53 +0200 Subject: [PATCH] WPA: Ignore unauthenticated encrypted EAPOL-Key data Ignore unauthenticated encrypted EAPOL-Key data in supplicant processing. When using WPA2, these are frames that have the Encrypted flag set, but not the MIC flag. When using WPA2, EAPOL-Key frames that had the Encrypted flag set but not the MIC flag, had their data field decrypted without first verifying the MIC. In case the data field was encrypted using RC4 (i.e., when negotiating TKIP as the pairwise cipher), this meant that unauthenticated but decrypted data would then be processed. An adversary could abuse this as a decryption oracle to recover sensitive information in the data field of EAPOL-Key messages (e.g., the group key). (CVE-2018-14526) Signed-off-by: Mathy Vanhoef <mathy.vanh...@cs.kuleuven.be> --- src/rsn_supp/wpa.c | 11 +++++++++++ 1 file changed, 11 insertions(+) diff -upr wpa_supplicant-2.6.orig/src/rsn_supp/wpa.c wpa_supplicant-2.6/src/rsn_supp/wpa.c --- wpa_supplicant-2.6.orig/src/rsn_supp/wpa.c 2016-10-02 21:51:11.000000000 +0300 +++ wpa_supplicant-2.6/src/rsn_supp/wpa.c 2018-08-08 16:55:11.506831029 +0300 @@ -2016,6 +2016,17 @@ int wpa_sm_rx_eapol(struct wpa_sm *sm, c if ((sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN) && (key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) { + /* + * Only decrypt the Key Data field if the frame's authenticity + * was verified. When using AES-SIV (FILS), the MIC flag is not + * set, so this check should only be performed if mic_len != 0 + * which is the case in this code branch. + */ + if (!(key_info & WPA_KEY_INFO_MIC)) { + wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, + "WPA: Ignore EAPOL-Key with encrypted but unauthenticated data"); + goto out; + } if (wpa_supplicant_decrypt_key_data(sm, key, ver, key_data, &key_data_len)) goto out; ++++++ wpa_supplicant-alloc_size.patch ++++++ --- wpa_supplicant-2.4.orig/src/utils/os.h +++ wpa_supplicant-2.4/src/utils/os.h @@ -253,7 +253,7 @@ int os_file_exists(const char *fname); * * Caller is responsible for freeing the returned buffer with os_free(). */ -void * os_zalloc(size_t size); +void * os_zalloc(size_t size) __attribute((malloc, alloc_size(1))); /** * os_calloc - Allocate and zero memory for an array @@ -267,6 +267,8 @@ void * os_zalloc(size_t size); * * Caller is responsible for freeing the returned buffer with os_free(). */ + +__attribute((malloc, alloc_size(1,2))) static inline void * os_calloc(size_t nmemb, size_t size) { if (size && nmemb > (~(size_t) 0) / size) ++++++ wpa_supplicant-bnc-1099835-clear-default_passwd_cb.patch ++++++ commit 89971d8b1e328a2f79699c953625d1671fd40384 Author: Jouni Malinen <j...@w1.fi> Date: Mon Jul 17 12:06:17 2017 +0300 OpenSSL: Clear default_passwd_cb more thoroughly Previously, the pointer to strdup passwd was left in OpenSSL library default_passwd_cb_userdata and even the default_passwd_cb was left set on an error path. To avoid unexpected behavior if something were to manage to use there pointers, clear them explicitly once done with loading of the private key. Signed-off-by: Jouni Malinen <j...@w1.fi> diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c index c790b53ea..903c38cff 100644 --- a/src/crypto/tls_openssl.c +++ b/src/crypto/tls_openssl.c @@ -2775,6 +2775,19 @@ static int tls_connection_engine_private_key(struct tls_connection *conn) } +static void tls_clear_default_passwd_cb(SSL_CTX *ssl_ctx, SSL *ssl) +{ +#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) + if (ssl) { + SSL_set_default_passwd_cb(ssl, NULL); + SSL_set_default_passwd_cb_userdata(ssl, NULL); + } +#endif /* >= 1.1.0f && !LibreSSL */ + SSL_CTX_set_default_passwd_cb(ssl_ctx, NULL); + SSL_CTX_set_default_passwd_cb_userdata(ssl_ctx, NULL); +} + + static int tls_connection_private_key(struct tls_data *data, struct tls_connection *conn, const char *private_key, @@ -2891,14 +2904,12 @@ static int tls_connection_private_key(struct tls_data *data, if (!ok) { tls_show_errors(MSG_INFO, __func__, "Failed to load private key"); + tls_clear_default_passwd_cb(ssl_ctx, conn->ssl); os_free(passwd); return -1; } ERR_clear_error(); -#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) - SSL_set_default_passwd_cb(conn->ssl, NULL); -#endif /* >= 1.1.0f && !LibreSSL */ - SSL_CTX_set_default_passwd_cb(ssl_ctx, NULL); + tls_clear_default_passwd_cb(ssl_ctx, conn->ssl); os_free(passwd); if (!SSL_check_private_key(conn->ssl)) { @@ -2941,13 +2952,14 @@ static int tls_global_private_key(struct tls_data *data, tls_read_pkcs12(data, NULL, private_key, passwd)) { tls_show_errors(MSG_INFO, __func__, "Failed to load private key"); + tls_clear_default_passwd_cb(ssl_ctx, NULL); os_free(passwd); ERR_clear_error(); return -1; } + tls_clear_default_passwd_cb(ssl_ctx, NULL); os_free(passwd); ERR_clear_error(); - SSL_CTX_set_default_passwd_cb(ssl_ctx, NULL); if (!SSL_CTX_check_private_key(ssl_ctx)) { tls_show_errors(MSG_INFO, __func__, ++++++ wpa_supplicant-bnc-1099835-fix-private-key-password.patch ++++++ commit f665c93e1d28fbab3d9127a8c3985cc32940824f Author: Beniamino Galvani <bgalv...@redhat.com> Date: Sun Jul 9 11:14:10 2017 +0200 OpenSSL: Fix private key password handling with OpenSSL >= 1.1.0f Since OpenSSL version 1.1.0f, SSL_use_PrivateKey_file() uses the callback from the SSL object instead of the one from the CTX, so let's set the callback on both SSL and CTX. Note that SSL_set_default_passwd_cb*() is available only in 1.1.0. Signed-off-by: Beniamino Galvani <bgalv...@redhat.com> diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c index fd94eaf46..c790b53ea 100644 --- a/src/crypto/tls_openssl.c +++ b/src/crypto/tls_openssl.c @@ -2796,6 +2796,15 @@ static int tls_connection_private_key(struct tls_data *data, } else passwd = NULL; +#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) + /* + * In OpenSSL >= 1.1.0f SSL_use_PrivateKey_file() uses the callback + * from the SSL object. See OpenSSL commit d61461a75253. + */ + SSL_set_default_passwd_cb(conn->ssl, tls_passwd_cb); + SSL_set_default_passwd_cb_userdata(conn->ssl, passwd); +#endif /* >= 1.1.0f && !LibreSSL */ + /* Keep these for OpenSSL < 1.1.0f */ SSL_CTX_set_default_passwd_cb(ssl_ctx, tls_passwd_cb); SSL_CTX_set_default_passwd_cb_userdata(ssl_ctx, passwd); @@ -2886,6 +2895,9 @@ static int tls_connection_private_key(struct tls_data *data, return -1; } ERR_clear_error(); +#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) + SSL_set_default_passwd_cb(conn->ssl, NULL); +#endif /* >= 1.1.0f && !LibreSSL */ SSL_CTX_set_default_passwd_cb(ssl_ctx, NULL); os_free(passwd); ++++++ wpa_supplicant-dump-certificate-as-PEM-in-debug-mode.diff ++++++ >From f40c1d989762c4f3b585c86ca5d9a216d120fa12 Mon Sep 17 00:00:00 2001 From: Ludwig Nussel <ludwig.nus...@suse.de> Date: Fri, 16 Sep 2011 11:41:16 +0200 Subject: [PATCH] dump certificate as PEM in debug mode --- src/crypto/tls_openssl.c | 13 +++++++++++++ src/utils/wpa_debug.c | 5 +++++ src/utils/wpa_debug.h | 8 ++++++++ 3 files changed, 26 insertions(+) Index: wpa_supplicant-2.4/src/crypto/tls_openssl.c =================================================================== --- wpa_supplicant-2.4.orig/src/crypto/tls_openssl.c +++ wpa_supplicant-2.4/src/crypto/tls_openssl.c @@ -1484,6 +1484,19 @@ static int tls_verify_cb(int preverify_o SSL_get_ex_data_X509_STORE_CTX_idx()); X509_NAME_oneline(X509_get_subject_name(err_cert), buf, sizeof(buf)); + if (wpa_debug_enabled(MSG_DEBUG)) { + long len; + char* data = NULL; + BIO* bio = BIO_new(BIO_s_mem()); + //X509_print_ex(bio, err_cert, (XN_FLAG_MULTILINE|ASN1_STRFLGS_UTF8_CONVERT)&~ASN1_STRFLGS_ESC_MSB, 0); + PEM_write_bio_X509(bio, err_cert); + len = BIO_get_mem_data(bio, &data); + if (len) { + wpa_printf(MSG_DEBUG, "OpenSSL certificate at depth %d:\n%*s", depth, (int)len, data); + } + BIO_free(bio); + } + conn = SSL_get_app_data(ssl); if (conn == NULL) return 0; Index: wpa_supplicant-2.4/src/utils/wpa_debug.c =================================================================== --- wpa_supplicant-2.4.orig/src/utils/wpa_debug.c +++ wpa_supplicant-2.4/src/utils/wpa_debug.c @@ -62,6 +62,11 @@ static FILE *out_file = NULL; #endif /* CONFIG_DEBUG_FILE */ +int wpa_debug_enabled(int level) +{ + return level >= wpa_debug_level; +} + void wpa_debug_print_timestamp(void) { #ifndef CONFIG_ANDROID_LOG Index: wpa_supplicant-2.4/src/utils/wpa_debug.h =================================================================== --- wpa_supplicant-2.4.orig/src/utils/wpa_debug.h +++ wpa_supplicant-2.4/src/utils/wpa_debug.h @@ -24,6 +24,7 @@ enum { #ifdef CONFIG_NO_STDOUT_DEBUG +#define wpa_debug_enabled(x) do { } while (0) #define wpa_debug_print_timestamp() do { } while (0) #define wpa_printf(args...) do { } while (0) #define wpa_hexdump(l,t,b,le) do { } while (0) @@ -50,6 +51,13 @@ void wpa_debug_close_file(void); void wpa_debug_setup_stdout(void); /** + * wpa_debug_enabled: check whether given debug level is enabled + * @level: priority level (MSG_*) of the message + * @return: 0 or 1 + */ +int wpa_debug_enabled(int level); + +/** * wpa_debug_printf_timestamp - Print timestamp for debug output * * This function prints a timestamp in seconds_from_1970.microsoconds ++++++ wpa_supplicant-flush-debug-output.patch ++++++ Index: src/utils/wpa_debug.c =================================================================== --- src/utils/wpa_debug.c.orig +++ src/utils/wpa_debug.c @@ -45,6 +45,7 @@ void wpa_debug_print_timestamp(void) if (out_file) { fprintf(out_file, "%ld.%06u: ", (long) tv.sec, (unsigned int) tv.usec); + fflush(out_file); } else #endif /* CONFIG_DEBUG_FILE */ printf("%ld.%06u: ", (long) tv.sec, (unsigned int) tv.usec); @@ -111,6 +112,7 @@ void wpa_printf(int level, const char *f if (out_file) { vfprintf(out_file, fmt, ap); fprintf(out_file, "\n"); + fflush(out_file); } else { #endif /* CONFIG_DEBUG_FILE */ vprintf(fmt, ap); @@ -146,6 +148,7 @@ static void _wpa_hexdump(int level, cons fprintf(out_file, " [REMOVED]"); } fprintf(out_file, "\n"); + fflush(out_file); } else { #endif /* CONFIG_DEBUG_FILE */ printf("%s - hexdump(len=%lu):", title, (unsigned long) len); @@ -191,12 +194,14 @@ static void _wpa_hexdump_ascii(int level fprintf(out_file, "%s - hexdump_ascii(len=%lu): [REMOVED]\n", title, (unsigned long) len); + fflush(out_file); return; } if (buf == NULL) { fprintf(out_file, "%s - hexdump_ascii(len=%lu): [NULL]\n", title, (unsigned long) len); + fflush(out_file); return; } fprintf(out_file, "%s - hexdump_ascii(len=%lu):\n", @@ -221,6 +226,7 @@ static void _wpa_hexdump_ascii(int level pos += llen; len -= llen; } + fflush(out_file); } else { #endif /* CONFIG_DEBUG_FILE */ if (!show) { ++++++ wpa_supplicant-getrandom.patch ++++++ --- wpa_supplicant-2.4.orig/src/utils/os_unix.c +++ wpa_supplicant-2.4/src/utils/os_unix.c @@ -6,11 +6,15 @@ * See README for more details. */ +#ifndef _GNU_SOURCE +#define _GNU_SOURCE +#endif #include "includes.h" #include <time.h> #include <sys/wait.h> - +#include <sys/syscall.h> +#include <unistd.h> #ifdef ANDROID #include <sys/capability.h> #include <sys/prctl.h> @@ -223,6 +227,10 @@ void os_daemonize_terminate(const char * int os_get_random(unsigned char *buf, size_t len) { +#ifdef SYS_getrandom + int gr = TEMP_FAILURE_RETRY(syscall(SYS_getrandom, buf, len, 0)); + return (gr != -1 && gr == len) ? 0 : -1; +#else FILE *f; size_t rc; @@ -232,10 +240,13 @@ int os_get_random(unsigned char *buf, si return -1; } + setbuf(f, NULL); + rc = fread(buf, 1, len, f); fclose(f); return rc != len ? -1 : 0; +#endif } ++++++ wpa_supplicant-git-f5b74b966c942feb95a8ddbb7d130540b15b796d.patch ++++++ commit f5b74b966c942feb95a8ddbb7d130540b15b796d Author: Beniamino Galvani <bgalv...@redhat.com> Date: Mon Oct 30 11:14:40 2017 +0100 common: Avoid conflict with __bitwise macro from linux/types.h Undefine the __bitwise macro before defining it to avoid conflicts with the one from linux/types.h; the same is done some lines above when __CHECKER__ is defined. Fixes the following warning: In file included from ../src/l2_packet/l2_packet_linux.c:15:0: hostap/src/utils/common.h:438:0: warning: "__bitwise" redefined #define __bitwise In file included from /usr/include/linux/filter.h:9:0, from ../src/l2_packet/l2_packet_linux.c:13: /usr/include/linux/types.h:21:0: note: this is the location of the previous definition #define __bitwise __bitwise__ Signed-off-by: Beniamino Galvani <bgalv...@redhat.com> diff --git a/src/utils/common.h b/src/utils/common.h index 46e96a65b..fec7f6013 100644 --- a/src/utils/common.h +++ b/src/utils/common.h @@ -435,6 +435,7 @@ void perror(const char *s); #define __bitwise __attribute__((bitwise)) #else #define __force +#undef __bitwise #define __bitwise #endif ++++++ wpa_supplicant-git-fa67debf4c6ddbc881a212b175faa6d5d0d90c8c.patch ++++++ commit fa67debf4c6ddbc881a212b175faa6d5d0d90c8c Author: Jouni Malinen <jo...@qca.qualcomm.com> Date: Sat Jan 14 01:04:31 2017 +0200 Fix duplicate Reassociation Request frame dropping Relational operators (==) have higher precedence than the ternary conditional in C. The last_subtype check for association/reassociation was broken due to incorrect assumption about the precedence. Fix this by adding parenthesis around the ternary conditional. The previous implementation worked for Association Request frames by accident since WLAN_FC_STYPE_ASSOC_REQ happens to have value 0 and when the last receive frame was an Association Request frame, the sta->last_subtype == reassoc check was true and non-zero WLAN_FC_STYPE_REASSOC_REQ was interpreted as true. However, this was broken for Reassociation Request frame. reassoc == 1 in that case could have matched received Association Response frame (subtype == 1), but those are not received in AP mode and as such, this did not break other behavior apart from not being able to drop duplicated Reassociation Request frames. Signed-off-by: Jouni Malinen <jo...@qca.qualcomm.com> diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c index 060b63517..92a7ec6db 100644 --- a/src/ap/ieee802_11.c +++ b/src/ap/ieee802_11.c @@ -2527,8 +2527,8 @@ static void handle_assoc(struct hostapd_data *hapd, if ((fc & WLAN_FC_RETRY) && sta->last_seq_ctrl != WLAN_INVALID_MGMT_SEQ && sta->last_seq_ctrl == seq_ctrl && - sta->last_subtype == reassoc ? WLAN_FC_STYPE_REASSOC_REQ : - WLAN_FC_STYPE_ASSOC_REQ) { + sta->last_subtype == (reassoc ? WLAN_FC_STYPE_REASSOC_REQ : + WLAN_FC_STYPE_ASSOC_REQ)) { hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, HOSTAPD_LEVEL_DEBUG, "Drop repeated association frame seq_ctrl=0x%x", ++++++ wpa_supplicant-log-file-cloexec.patch ++++++ >From a386bc4950e02975ba9a21a5be82e91a53ec9281 Mon Sep 17 00:00:00 2001 From: Karol Babioch <ka...@babioch.de> Date: Thu, 11 Oct 2018 21:22:03 +0200 Subject: [PATCH v3 2/2] Enable the close-on-exec flag for the debug log file descriptor On Linux this flag will make sure that no file descriptor is accidentally leaked into potential child processes. While this is not a problem right now, it is considered to be good practice these days when dealing with file descriptors on the Linux. Signed-off-by: Karol Babioch <ka...@babioch.de> --- src/utils/wpa_debug.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/src/utils/wpa_debug.c b/src/utils/wpa_debug.c index 5d2f7becb..12873737c 100644 --- a/src/utils/wpa_debug.c +++ b/src/utils/wpa_debug.c @@ -60,6 +60,9 @@ static int wpa_to_android_level(int level) #ifdef CONFIG_DEBUG_FILE #include <sys/types.h> #include <sys/stat.h> +#ifdef __linux__ +#include <fcntl.h> +#endif /* __linux__ */ static FILE *out_file = NULL; #endif /* CONFIG_DEBUG_FILE */ @@ -566,6 +569,13 @@ int wpa_debug_open_file(const char *path) close(out_fd); return -1; } + +#ifdef __linux__ + if (fcntl(out_fd, F_SETFD, FD_CLOEXEC) == -1) { + wpa_printf(MSG_ERROR, "wpa_debug_open_file: Failed to set O_CLOEXEC " + "on output file descriptor, using standard output"); + } +#endif /* __linux__ */ #ifndef _WIN32 setvbuf(out_file, NULL, _IOLBF, 0); #endif /* _WIN32 */ -- 2.19.1 ++++++ wpa_supplicant-log-file-permission.patch ++++++ >From 2fb45cd0370f1bc6d452df15dc1f7bf6575ed55c Mon Sep 17 00:00:00 2001 From: Karol Babioch <ka...@babioch.de> Date: Thu, 11 Oct 2018 21:21:30 +0200 Subject: [PATCH v3 1/2] Create debug log file with more sane file permissions Previously the file permissions for the debug log file were not explicitly set. Instead it was implicitly relying on a secure umask, which in most cases would result in a file that is world-readable. This is a violation of good practices, since not very user of a file should have access to sensitive information that might be contained in the debug log file. This commit will explicitly set sane default file permissions in case the file is newly created. Unfortunately the fopen(3) function does not provide such a facility, so the approach needs to be changed in the following way: 1.) The file descriptor needs to be created manually using the open(3) function with the correct flags and the desired mode set. 2.) fdopen(3) can then be used on the file descriptor to associate a file stream with it. Note: This modification will not change the file permissions of any already existing debug log files, and only applies to newly created ones. Signed-off-by: Karol Babioch <ka...@babioch.de> --- src/utils/wpa_debug.c | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/src/utils/wpa_debug.c b/src/utils/wpa_debug.c index 62758d864..5d2f7becb 100644 --- a/src/utils/wpa_debug.c +++ b/src/utils/wpa_debug.c @@ -58,6 +58,9 @@ static int wpa_to_android_level(int level) #ifndef CONFIG_NO_STDOUT_DEBUG #ifdef CONFIG_DEBUG_FILE +#include <sys/types.h> +#include <sys/stat.h> + static FILE *out_file = NULL; #endif /* CONFIG_DEBUG_FILE */ @@ -548,10 +551,19 @@ int wpa_debug_open_file(const char *path) last_path = os_strdup(path); } - out_file = fopen(path, "a"); + int out_fd = -1; + out_fd = open(path, O_CREAT | O_WRONLY | O_APPEND, S_IRUSR | S_IWUSR | S_IRGRP); + if (out_fd < 0) { + wpa_printf(MSG_ERROR, "wpa_debug_open_file: Failed to open " + "output file descriptor, using standard output"); + return -1; + } + + out_file = fdopen(out_fd, "a"); if (out_file == NULL) { wpa_printf(MSG_ERROR, "wpa_debug_open_file: Failed to open " "output file, using standard output"); + close(out_fd); return -1; } #ifndef _WIN32 -- 2.19.1 ++++++ wpa_supplicant-sigusr1-changes-debuglevel.patch ++++++ --- wpa_supplicant/wpa_supplicant.c | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) --- a/wpa_supplicant/wpa_supplicant.c +++ b/wpa_supplicant/wpa_supplicant.c @@ -123,6 +123,22 @@ int wpa_set_wep_keys(struct wpa_supplica return set; } +static void wpa_supplicant_handle_sigusr1(int sig, + void *signal_ctx) +{ + /* Increase verbosity (by decreasing the debug level) and wrap back + * to MSG_INFO when needed. + */ + if (wpa_debug_level) + wpa_debug_level--; + else + wpa_debug_level = MSG_INFO; + + wpa_printf(MSG_INFO, "Signal %d received - changing debug level to %s", sig, + (wpa_debug_level == MSG_INFO) ? "INFO" : + ((wpa_debug_level == MSG_DEBUG) ? "DEBUG" : + ((wpa_debug_level == MSG_MSGDUMP) ? "MSGDUMP" : "UNKNOWN"))); +} int wpa_supplicant_set_wpa_none_key(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid) @@ -4124,6 +4140,8 @@ int wpa_supplicant_run(struct wpa_global eloop_register_signal_terminate(wpa_supplicant_terminate, global); eloop_register_signal_reconfig(wpa_supplicant_reconfig, global); + eloop_register_signal(SIGUSR1, wpa_supplicant_handle_sigusr1, NULL); + eloop_run(); return 0; ++++++ wpa_supplicant.conf ++++++ ctrl_interface=/var/run/wpa_supplicant ctrl_interface_group=wheel ++++++ wpa_supplicant.service ++++++ [Unit] Description=WPA Supplicant daemon After=dbus.service Before=network-pre.target Wants=network-pre.target [Service] Type=dbus BusName=fi.w1.wpa_supplicant1 ExecStart=/usr/sbin/wpa_supplicant -c /etc/wpa_supplicant/wpa_supplicant.conf -u -t -f /var/log/wpa_supplicant.log [Install] WantedBy=multi-user.target ++++++ wpa_supplicant@.service ++++++ [Unit] Description=WPA Supplicant daemon (interface %i) After=dbus.service network.target [Service] Type=dbus BusName=fi.w1.wpa_supplicant1 ExecStart=/usr/sbin/wpa_supplicant -i%i -c /etc/wpa_supplicant/wpa_supplicant.conf -u -t -f /var/log/wpa_supplicant.log [Install] WantedBy=multi-user.target
