[gentoo-commits] repo/gentoo:master commit in: net-wireless/wpa_supplicant/files/2017-1/, net-wireless/wpa_supplicant/
commit: 319c86d1f048618da77824081843a43f049eadb5 Author: Zero_Chaos gentoo org> AuthorDate: Mon Oct 16 13:35:32 2017 + Commit: Richard Farina gentoo org> CommitDate: Mon Oct 16 13:35:32 2017 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=319c86d1 net-wireless/wpa_supplicant: fix for KRACK (bug #634436) with bonus minor syntax fix Package-Manager: Portage-2.3.11, Repoman-2.3.3 ...-Avoid-key-reinstallation-in-FT-handshake.patch | 174 + ...nstallation-of-an-already-in-use-group-ke.patch | 250 + ...ection-of-GTK-IGTK-reinstallation-of-WNM-.patch | 184 ++ ...04-Prevent-installation-of-an-all-zero-TK.patch | 79 ...Fix-PTK-rekeying-to-generate-a-new-ANonce.patch | 64 ...6-0006-TDLS-Reject-TPK-TK-reconfiguration.patch | 132 +++ ...WNM-Sleep-Mode-Response-without-pending-r.patch | 43 +++ ...llow-multiple-Reassociation-Response-fram.patch | 82 + .../wpa_supplicant/wpa_supplicant-2.6-r3.ebuild| 397 + 9 files changed, 1405 insertions(+) diff --git a/net-wireless/wpa_supplicant/files/2017-1/rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch b/net-wireless/wpa_supplicant/files/2017-1/rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch new file mode 100644 index 000..727684865db --- /dev/null +++ b/net-wireless/wpa_supplicant/files/2017-1/rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch @@ -0,0 +1,174 @@ +From cf4cab804c7afd5c45505528a8d16e46163243a2 Mon Sep 17 00:00:00 2001 +From: Mathy Vanhoef +Date: Fri, 14 Jul 2017 15:15:35 +0200 +Subject: [PATCH 1/8] hostapd: Avoid key reinstallation in FT handshake + +Do not reinstall TK to the driver during Reassociation Response frame +processing if the first attempt of setting the TK succeeded. This avoids +issues related to clearing the TX/RX PN that could result in reusing +same PN values for transmitted frames (e.g., due to CCM nonce reuse and +also hitting replay protection on the receiver) and accepting replayed +frames on RX side. + +This issue was introduced by the commit +0e84c25434e6a1f283c7b4e62e483729085b78d2 ('FT: Fix PTK configuration in +authenticator') which allowed wpa_ft_install_ptk() to be called multiple +times with the same PTK. While the second configuration attempt is +needed with some drivers, it must be done only if the first attempt +failed. + +Signed-off-by: Mathy Vanhoef +--- + src/ap/ieee802_11.c | 16 +--- + src/ap/wpa_auth.c| 11 +++ + src/ap/wpa_auth.h| 3 ++- + src/ap/wpa_auth_ft.c | 10 ++ + src/ap/wpa_auth_i.h | 1 + + 5 files changed, 37 insertions(+), 4 deletions(-) + +diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c +index 4e04169..333035f 100644 +--- a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c +@@ -1841,6 +1841,7 @@ static int add_associated_sta(struct hostapd_data *hapd, + { + struct ieee80211_ht_capabilities ht_cap; + struct ieee80211_vht_capabilities vht_cap; ++ int set = 1; + + /* +* Remove the STA entry to ensure the STA PS state gets cleared and +@@ -1848,9 +1849,18 @@ static int add_associated_sta(struct hostapd_data *hapd, +* FT-over-the-DS, where a station re-associates back to the same AP but +* skips the authentication flow, or if working with a driver that +* does not support full AP client state. ++ * ++ * Skip this if the STA has already completed FT reassociation and the ++ * TK has been configured since the TX/RX PN must not be reset to 0 for ++ * the same key. +*/ +- if (!sta->added_unassoc) ++ if (!sta->added_unassoc && ++ (!(sta->flags & WLAN_STA_AUTHORIZED) || ++ !wpa_auth_sta_ft_tk_already_set(sta->wpa_sm))) { + hostapd_drv_sta_remove(hapd, sta->addr); ++ wpa_auth_sm_event(sta->wpa_sm, WPA_DRV_STA_REMOVED); ++ set = 0; ++ } + + #ifdef CONFIG_IEEE80211N + if (sta->flags & WLAN_STA_HT) +@@ -1873,11 +1883,11 @@ static int add_associated_sta(struct hostapd_data *hapd, + sta->flags & WLAN_STA_VHT ? &vht_cap : NULL, + sta->flags | WLAN_STA_ASSOC, sta->qosinfo, + sta->vht_opmode, sta->p2p_ie ? 1 : 0, +- sta->added_unassoc)) { ++ set)) { + hostapd_logger(hapd, sta->addr, + HOSTAPD_MODULE_IEEE80211, HOSTAPD_LEVEL_NOTICE, + "Could not %s STA to kernel driver", +- sta->added_unassoc ? "set" : "add"); ++ set ? "set" : "add"); + + if (sta->added_unassoc) { + hostapd_drv_sta_remove(hapd, sta->addr); +diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c +index 3587086..707971d 100644 +--- a/src/ap/wpa_auth.c b/src/ap/wpa_au
[gentoo-commits] repo/gentoo:master commit in: net-wireless/wpa_supplicant/files/2017-1/, net-wireless/wpa_supplicant/
commit: 319c86d1f048618da77824081843a43f049eadb5 Author: Zero_Chaos gentoo org> AuthorDate: Mon Oct 16 13:35:32 2017 + Commit: Richard Farina gentoo org> CommitDate: Mon Oct 16 13:35:32 2017 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=319c86d1 net-wireless/wpa_supplicant: fix for KRACK (bug #634436) with bonus minor syntax fix Package-Manager: Portage-2.3.11, Repoman-2.3.3 ...-Avoid-key-reinstallation-in-FT-handshake.patch | 174 + ...nstallation-of-an-already-in-use-group-ke.patch | 250 + ...ection-of-GTK-IGTK-reinstallation-of-WNM-.patch | 184 ++ ...04-Prevent-installation-of-an-all-zero-TK.patch | 79 ...Fix-PTK-rekeying-to-generate-a-new-ANonce.patch | 64 ...6-0006-TDLS-Reject-TPK-TK-reconfiguration.patch | 132 +++ ...WNM-Sleep-Mode-Response-without-pending-r.patch | 43 +++ ...llow-multiple-Reassociation-Response-fram.patch | 82 + .../wpa_supplicant/wpa_supplicant-2.6-r3.ebuild| 397 + 9 files changed, 1405 insertions(+) diff --git a/net-wireless/wpa_supplicant/files/2017-1/rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch b/net-wireless/wpa_supplicant/files/2017-1/rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch new file mode 100644 index 000..727684865db --- /dev/null +++ b/net-wireless/wpa_supplicant/files/2017-1/rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch @@ -0,0 +1,174 @@ +From cf4cab804c7afd5c45505528a8d16e46163243a2 Mon Sep 17 00:00:00 2001 +From: Mathy Vanhoef +Date: Fri, 14 Jul 2017 15:15:35 +0200 +Subject: [PATCH 1/8] hostapd: Avoid key reinstallation in FT handshake + +Do not reinstall TK to the driver during Reassociation Response frame +processing if the first attempt of setting the TK succeeded. This avoids +issues related to clearing the TX/RX PN that could result in reusing +same PN values for transmitted frames (e.g., due to CCM nonce reuse and +also hitting replay protection on the receiver) and accepting replayed +frames on RX side. + +This issue was introduced by the commit +0e84c25434e6a1f283c7b4e62e483729085b78d2 ('FT: Fix PTK configuration in +authenticator') which allowed wpa_ft_install_ptk() to be called multiple +times with the same PTK. While the second configuration attempt is +needed with some drivers, it must be done only if the first attempt +failed. + +Signed-off-by: Mathy Vanhoef +--- + src/ap/ieee802_11.c | 16 +--- + src/ap/wpa_auth.c| 11 +++ + src/ap/wpa_auth.h| 3 ++- + src/ap/wpa_auth_ft.c | 10 ++ + src/ap/wpa_auth_i.h | 1 + + 5 files changed, 37 insertions(+), 4 deletions(-) + +diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c +index 4e04169..333035f 100644 +--- a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c +@@ -1841,6 +1841,7 @@ static int add_associated_sta(struct hostapd_data *hapd, + { + struct ieee80211_ht_capabilities ht_cap; + struct ieee80211_vht_capabilities vht_cap; ++ int set = 1; + + /* +* Remove the STA entry to ensure the STA PS state gets cleared and +@@ -1848,9 +1849,18 @@ static int add_associated_sta(struct hostapd_data *hapd, +* FT-over-the-DS, where a station re-associates back to the same AP but +* skips the authentication flow, or if working with a driver that +* does not support full AP client state. ++ * ++ * Skip this if the STA has already completed FT reassociation and the ++ * TK has been configured since the TX/RX PN must not be reset to 0 for ++ * the same key. +*/ +- if (!sta->added_unassoc) ++ if (!sta->added_unassoc && ++ (!(sta->flags & WLAN_STA_AUTHORIZED) || ++ !wpa_auth_sta_ft_tk_already_set(sta->wpa_sm))) { + hostapd_drv_sta_remove(hapd, sta->addr); ++ wpa_auth_sm_event(sta->wpa_sm, WPA_DRV_STA_REMOVED); ++ set = 0; ++ } + + #ifdef CONFIG_IEEE80211N + if (sta->flags & WLAN_STA_HT) +@@ -1873,11 +1883,11 @@ static int add_associated_sta(struct hostapd_data *hapd, + sta->flags & WLAN_STA_VHT ? &vht_cap : NULL, + sta->flags | WLAN_STA_ASSOC, sta->qosinfo, + sta->vht_opmode, sta->p2p_ie ? 1 : 0, +- sta->added_unassoc)) { ++ set)) { + hostapd_logger(hapd, sta->addr, + HOSTAPD_MODULE_IEEE80211, HOSTAPD_LEVEL_NOTICE, + "Could not %s STA to kernel driver", +- sta->added_unassoc ? "set" : "add"); ++ set ? "set" : "add"); + + if (sta->added_unassoc) { + hostapd_drv_sta_remove(hapd, sta->addr); +diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c +index 3587086..707971d 100644 +--- a/src/ap/wpa_auth.c b/src/ap/wpa_au
[gentoo-commits] repo/gentoo:master commit in: net-wireless/wpa_supplicant/files/2017-1/, net-wireless/wpa_supplicant/
commit: 319c86d1f048618da77824081843a43f049eadb5 Author: Zero_Chaos gentoo org> AuthorDate: Mon Oct 16 13:35:32 2017 + Commit: Richard Farina gentoo org> CommitDate: Mon Oct 16 13:35:32 2017 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=319c86d1 net-wireless/wpa_supplicant: fix for KRACK (bug #634436) with bonus minor syntax fix Package-Manager: Portage-2.3.11, Repoman-2.3.3 ...-Avoid-key-reinstallation-in-FT-handshake.patch | 174 + ...nstallation-of-an-already-in-use-group-ke.patch | 250 + ...ection-of-GTK-IGTK-reinstallation-of-WNM-.patch | 184 ++ ...04-Prevent-installation-of-an-all-zero-TK.patch | 79 ...Fix-PTK-rekeying-to-generate-a-new-ANonce.patch | 64 ...6-0006-TDLS-Reject-TPK-TK-reconfiguration.patch | 132 +++ ...WNM-Sleep-Mode-Response-without-pending-r.patch | 43 +++ ...llow-multiple-Reassociation-Response-fram.patch | 82 + .../wpa_supplicant/wpa_supplicant-2.6-r3.ebuild| 397 + 9 files changed, 1405 insertions(+) diff --git a/net-wireless/wpa_supplicant/files/2017-1/rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch b/net-wireless/wpa_supplicant/files/2017-1/rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch new file mode 100644 index 000..727684865db --- /dev/null +++ b/net-wireless/wpa_supplicant/files/2017-1/rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch @@ -0,0 +1,174 @@ +From cf4cab804c7afd5c45505528a8d16e46163243a2 Mon Sep 17 00:00:00 2001 +From: Mathy Vanhoef +Date: Fri, 14 Jul 2017 15:15:35 +0200 +Subject: [PATCH 1/8] hostapd: Avoid key reinstallation in FT handshake + +Do not reinstall TK to the driver during Reassociation Response frame +processing if the first attempt of setting the TK succeeded. This avoids +issues related to clearing the TX/RX PN that could result in reusing +same PN values for transmitted frames (e.g., due to CCM nonce reuse and +also hitting replay protection on the receiver) and accepting replayed +frames on RX side. + +This issue was introduced by the commit +0e84c25434e6a1f283c7b4e62e483729085b78d2 ('FT: Fix PTK configuration in +authenticator') which allowed wpa_ft_install_ptk() to be called multiple +times with the same PTK. While the second configuration attempt is +needed with some drivers, it must be done only if the first attempt +failed. + +Signed-off-by: Mathy Vanhoef +--- + src/ap/ieee802_11.c | 16 +--- + src/ap/wpa_auth.c| 11 +++ + src/ap/wpa_auth.h| 3 ++- + src/ap/wpa_auth_ft.c | 10 ++ + src/ap/wpa_auth_i.h | 1 + + 5 files changed, 37 insertions(+), 4 deletions(-) + +diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c +index 4e04169..333035f 100644 +--- a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c +@@ -1841,6 +1841,7 @@ static int add_associated_sta(struct hostapd_data *hapd, + { + struct ieee80211_ht_capabilities ht_cap; + struct ieee80211_vht_capabilities vht_cap; ++ int set = 1; + + /* +* Remove the STA entry to ensure the STA PS state gets cleared and +@@ -1848,9 +1849,18 @@ static int add_associated_sta(struct hostapd_data *hapd, +* FT-over-the-DS, where a station re-associates back to the same AP but +* skips the authentication flow, or if working with a driver that +* does not support full AP client state. ++ * ++ * Skip this if the STA has already completed FT reassociation and the ++ * TK has been configured since the TX/RX PN must not be reset to 0 for ++ * the same key. +*/ +- if (!sta->added_unassoc) ++ if (!sta->added_unassoc && ++ (!(sta->flags & WLAN_STA_AUTHORIZED) || ++ !wpa_auth_sta_ft_tk_already_set(sta->wpa_sm))) { + hostapd_drv_sta_remove(hapd, sta->addr); ++ wpa_auth_sm_event(sta->wpa_sm, WPA_DRV_STA_REMOVED); ++ set = 0; ++ } + + #ifdef CONFIG_IEEE80211N + if (sta->flags & WLAN_STA_HT) +@@ -1873,11 +1883,11 @@ static int add_associated_sta(struct hostapd_data *hapd, + sta->flags & WLAN_STA_VHT ? &vht_cap : NULL, + sta->flags | WLAN_STA_ASSOC, sta->qosinfo, + sta->vht_opmode, sta->p2p_ie ? 1 : 0, +- sta->added_unassoc)) { ++ set)) { + hostapd_logger(hapd, sta->addr, + HOSTAPD_MODULE_IEEE80211, HOSTAPD_LEVEL_NOTICE, + "Could not %s STA to kernel driver", +- sta->added_unassoc ? "set" : "add"); ++ set ? "set" : "add"); + + if (sta->added_unassoc) { + hostapd_drv_sta_remove(hapd, sta->addr); +diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c +index 3587086..707971d 100644 +--- a/src/ap/wpa_auth.c b/src/ap/wpa_au
[gentoo-commits] repo/gentoo:master commit in: net-wireless/wpa_supplicant/files/2017-1/, net-wireless/wpa_supplicant/
commit: 319c86d1f048618da77824081843a43f049eadb5 Author: Zero_Chaos gentoo org> AuthorDate: Mon Oct 16 13:35:32 2017 + Commit: Richard Farina gentoo org> CommitDate: Mon Oct 16 13:35:32 2017 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=319c86d1 net-wireless/wpa_supplicant: fix for KRACK (bug #634436) with bonus minor syntax fix Package-Manager: Portage-2.3.11, Repoman-2.3.3 ...-Avoid-key-reinstallation-in-FT-handshake.patch | 174 + ...nstallation-of-an-already-in-use-group-ke.patch | 250 + ...ection-of-GTK-IGTK-reinstallation-of-WNM-.patch | 184 ++ ...04-Prevent-installation-of-an-all-zero-TK.patch | 79 ...Fix-PTK-rekeying-to-generate-a-new-ANonce.patch | 64 ...6-0006-TDLS-Reject-TPK-TK-reconfiguration.patch | 132 +++ ...WNM-Sleep-Mode-Response-without-pending-r.patch | 43 +++ ...llow-multiple-Reassociation-Response-fram.patch | 82 + .../wpa_supplicant/wpa_supplicant-2.6-r3.ebuild| 397 + 9 files changed, 1405 insertions(+) diff --git a/net-wireless/wpa_supplicant/files/2017-1/rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch b/net-wireless/wpa_supplicant/files/2017-1/rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch new file mode 100644 index 000..727684865db --- /dev/null +++ b/net-wireless/wpa_supplicant/files/2017-1/rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch @@ -0,0 +1,174 @@ +From cf4cab804c7afd5c45505528a8d16e46163243a2 Mon Sep 17 00:00:00 2001 +From: Mathy Vanhoef +Date: Fri, 14 Jul 2017 15:15:35 +0200 +Subject: [PATCH 1/8] hostapd: Avoid key reinstallation in FT handshake + +Do not reinstall TK to the driver during Reassociation Response frame +processing if the first attempt of setting the TK succeeded. This avoids +issues related to clearing the TX/RX PN that could result in reusing +same PN values for transmitted frames (e.g., due to CCM nonce reuse and +also hitting replay protection on the receiver) and accepting replayed +frames on RX side. + +This issue was introduced by the commit +0e84c25434e6a1f283c7b4e62e483729085b78d2 ('FT: Fix PTK configuration in +authenticator') which allowed wpa_ft_install_ptk() to be called multiple +times with the same PTK. While the second configuration attempt is +needed with some drivers, it must be done only if the first attempt +failed. + +Signed-off-by: Mathy Vanhoef +--- + src/ap/ieee802_11.c | 16 +--- + src/ap/wpa_auth.c| 11 +++ + src/ap/wpa_auth.h| 3 ++- + src/ap/wpa_auth_ft.c | 10 ++ + src/ap/wpa_auth_i.h | 1 + + 5 files changed, 37 insertions(+), 4 deletions(-) + +diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c +index 4e04169..333035f 100644 +--- a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c +@@ -1841,6 +1841,7 @@ static int add_associated_sta(struct hostapd_data *hapd, + { + struct ieee80211_ht_capabilities ht_cap; + struct ieee80211_vht_capabilities vht_cap; ++ int set = 1; + + /* +* Remove the STA entry to ensure the STA PS state gets cleared and +@@ -1848,9 +1849,18 @@ static int add_associated_sta(struct hostapd_data *hapd, +* FT-over-the-DS, where a station re-associates back to the same AP but +* skips the authentication flow, or if working with a driver that +* does not support full AP client state. ++ * ++ * Skip this if the STA has already completed FT reassociation and the ++ * TK has been configured since the TX/RX PN must not be reset to 0 for ++ * the same key. +*/ +- if (!sta->added_unassoc) ++ if (!sta->added_unassoc && ++ (!(sta->flags & WLAN_STA_AUTHORIZED) || ++ !wpa_auth_sta_ft_tk_already_set(sta->wpa_sm))) { + hostapd_drv_sta_remove(hapd, sta->addr); ++ wpa_auth_sm_event(sta->wpa_sm, WPA_DRV_STA_REMOVED); ++ set = 0; ++ } + + #ifdef CONFIG_IEEE80211N + if (sta->flags & WLAN_STA_HT) +@@ -1873,11 +1883,11 @@ static int add_associated_sta(struct hostapd_data *hapd, + sta->flags & WLAN_STA_VHT ? &vht_cap : NULL, + sta->flags | WLAN_STA_ASSOC, sta->qosinfo, + sta->vht_opmode, sta->p2p_ie ? 1 : 0, +- sta->added_unassoc)) { ++ set)) { + hostapd_logger(hapd, sta->addr, + HOSTAPD_MODULE_IEEE80211, HOSTAPD_LEVEL_NOTICE, + "Could not %s STA to kernel driver", +- sta->added_unassoc ? "set" : "add"); ++ set ? "set" : "add"); + + if (sta->added_unassoc) { + hostapd_drv_sta_remove(hapd, sta->addr); +diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c +index 3587086..707971d 100644 +--- a/src/ap/wpa_auth.c b/src/ap/wpa_au
[gentoo-commits] repo/gentoo:master commit in: net-wireless/wpa_supplicant/files/2017-1/, net-wireless/wpa_supplicant/
commit: 319c86d1f048618da77824081843a43f049eadb5 Author: Zero_Chaos gentoo org> AuthorDate: Mon Oct 16 13:35:32 2017 + Commit: Richard Farina gentoo org> CommitDate: Mon Oct 16 13:35:32 2017 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=319c86d1 net-wireless/wpa_supplicant: fix for KRACK (bug #634436) with bonus minor syntax fix Package-Manager: Portage-2.3.11, Repoman-2.3.3 ...-Avoid-key-reinstallation-in-FT-handshake.patch | 174 + ...nstallation-of-an-already-in-use-group-ke.patch | 250 + ...ection-of-GTK-IGTK-reinstallation-of-WNM-.patch | 184 ++ ...04-Prevent-installation-of-an-all-zero-TK.patch | 79 ...Fix-PTK-rekeying-to-generate-a-new-ANonce.patch | 64 ...6-0006-TDLS-Reject-TPK-TK-reconfiguration.patch | 132 +++ ...WNM-Sleep-Mode-Response-without-pending-r.patch | 43 +++ ...llow-multiple-Reassociation-Response-fram.patch | 82 + .../wpa_supplicant/wpa_supplicant-2.6-r3.ebuild| 397 + 9 files changed, 1405 insertions(+) diff --git a/net-wireless/wpa_supplicant/files/2017-1/rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch b/net-wireless/wpa_supplicant/files/2017-1/rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch new file mode 100644 index 000..727684865db --- /dev/null +++ b/net-wireless/wpa_supplicant/files/2017-1/rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch @@ -0,0 +1,174 @@ +From cf4cab804c7afd5c45505528a8d16e46163243a2 Mon Sep 17 00:00:00 2001 +From: Mathy Vanhoef +Date: Fri, 14 Jul 2017 15:15:35 +0200 +Subject: [PATCH 1/8] hostapd: Avoid key reinstallation in FT handshake + +Do not reinstall TK to the driver during Reassociation Response frame +processing if the first attempt of setting the TK succeeded. This avoids +issues related to clearing the TX/RX PN that could result in reusing +same PN values for transmitted frames (e.g., due to CCM nonce reuse and +also hitting replay protection on the receiver) and accepting replayed +frames on RX side. + +This issue was introduced by the commit +0e84c25434e6a1f283c7b4e62e483729085b78d2 ('FT: Fix PTK configuration in +authenticator') which allowed wpa_ft_install_ptk() to be called multiple +times with the same PTK. While the second configuration attempt is +needed with some drivers, it must be done only if the first attempt +failed. + +Signed-off-by: Mathy Vanhoef +--- + src/ap/ieee802_11.c | 16 +--- + src/ap/wpa_auth.c| 11 +++ + src/ap/wpa_auth.h| 3 ++- + src/ap/wpa_auth_ft.c | 10 ++ + src/ap/wpa_auth_i.h | 1 + + 5 files changed, 37 insertions(+), 4 deletions(-) + +diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c +index 4e04169..333035f 100644 +--- a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c +@@ -1841,6 +1841,7 @@ static int add_associated_sta(struct hostapd_data *hapd, + { + struct ieee80211_ht_capabilities ht_cap; + struct ieee80211_vht_capabilities vht_cap; ++ int set = 1; + + /* +* Remove the STA entry to ensure the STA PS state gets cleared and +@@ -1848,9 +1849,18 @@ static int add_associated_sta(struct hostapd_data *hapd, +* FT-over-the-DS, where a station re-associates back to the same AP but +* skips the authentication flow, or if working with a driver that +* does not support full AP client state. ++ * ++ * Skip this if the STA has already completed FT reassociation and the ++ * TK has been configured since the TX/RX PN must not be reset to 0 for ++ * the same key. +*/ +- if (!sta->added_unassoc) ++ if (!sta->added_unassoc && ++ (!(sta->flags & WLAN_STA_AUTHORIZED) || ++ !wpa_auth_sta_ft_tk_already_set(sta->wpa_sm))) { + hostapd_drv_sta_remove(hapd, sta->addr); ++ wpa_auth_sm_event(sta->wpa_sm, WPA_DRV_STA_REMOVED); ++ set = 0; ++ } + + #ifdef CONFIG_IEEE80211N + if (sta->flags & WLAN_STA_HT) +@@ -1873,11 +1883,11 @@ static int add_associated_sta(struct hostapd_data *hapd, + sta->flags & WLAN_STA_VHT ? &vht_cap : NULL, + sta->flags | WLAN_STA_ASSOC, sta->qosinfo, + sta->vht_opmode, sta->p2p_ie ? 1 : 0, +- sta->added_unassoc)) { ++ set)) { + hostapd_logger(hapd, sta->addr, + HOSTAPD_MODULE_IEEE80211, HOSTAPD_LEVEL_NOTICE, + "Could not %s STA to kernel driver", +- sta->added_unassoc ? "set" : "add"); ++ set ? "set" : "add"); + + if (sta->added_unassoc) { + hostapd_drv_sta_remove(hapd, sta->addr); +diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c +index 3587086..707971d 100644 +--- a/src/ap/wpa_auth.c b/src/ap/wpa_au
[gentoo-commits] repo/gentoo:master commit in: net-wireless/wpa_supplicant/files/2017-1/, net-wireless/wpa_supplicant/
commit: 319c86d1f048618da77824081843a43f049eadb5 Author: Zero_Chaos gentoo org> AuthorDate: Mon Oct 16 13:35:32 2017 + Commit: Richard Farina gentoo org> CommitDate: Mon Oct 16 13:35:32 2017 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=319c86d1 net-wireless/wpa_supplicant: fix for KRACK (bug #634436) with bonus minor syntax fix Package-Manager: Portage-2.3.11, Repoman-2.3.3 ...-Avoid-key-reinstallation-in-FT-handshake.patch | 174 + ...nstallation-of-an-already-in-use-group-ke.patch | 250 + ...ection-of-GTK-IGTK-reinstallation-of-WNM-.patch | 184 ++ ...04-Prevent-installation-of-an-all-zero-TK.patch | 79 ...Fix-PTK-rekeying-to-generate-a-new-ANonce.patch | 64 ...6-0006-TDLS-Reject-TPK-TK-reconfiguration.patch | 132 +++ ...WNM-Sleep-Mode-Response-without-pending-r.patch | 43 +++ ...llow-multiple-Reassociation-Response-fram.patch | 82 + .../wpa_supplicant/wpa_supplicant-2.6-r3.ebuild| 397 + 9 files changed, 1405 insertions(+) diff --git a/net-wireless/wpa_supplicant/files/2017-1/rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch b/net-wireless/wpa_supplicant/files/2017-1/rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch new file mode 100644 index 000..727684865db --- /dev/null +++ b/net-wireless/wpa_supplicant/files/2017-1/rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch @@ -0,0 +1,174 @@ +From cf4cab804c7afd5c45505528a8d16e46163243a2 Mon Sep 17 00:00:00 2001 +From: Mathy Vanhoef +Date: Fri, 14 Jul 2017 15:15:35 +0200 +Subject: [PATCH 1/8] hostapd: Avoid key reinstallation in FT handshake + +Do not reinstall TK to the driver during Reassociation Response frame +processing if the first attempt of setting the TK succeeded. This avoids +issues related to clearing the TX/RX PN that could result in reusing +same PN values for transmitted frames (e.g., due to CCM nonce reuse and +also hitting replay protection on the receiver) and accepting replayed +frames on RX side. + +This issue was introduced by the commit +0e84c25434e6a1f283c7b4e62e483729085b78d2 ('FT: Fix PTK configuration in +authenticator') which allowed wpa_ft_install_ptk() to be called multiple +times with the same PTK. While the second configuration attempt is +needed with some drivers, it must be done only if the first attempt +failed. + +Signed-off-by: Mathy Vanhoef +--- + src/ap/ieee802_11.c | 16 +--- + src/ap/wpa_auth.c| 11 +++ + src/ap/wpa_auth.h| 3 ++- + src/ap/wpa_auth_ft.c | 10 ++ + src/ap/wpa_auth_i.h | 1 + + 5 files changed, 37 insertions(+), 4 deletions(-) + +diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c +index 4e04169..333035f 100644 +--- a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c +@@ -1841,6 +1841,7 @@ static int add_associated_sta(struct hostapd_data *hapd, + { + struct ieee80211_ht_capabilities ht_cap; + struct ieee80211_vht_capabilities vht_cap; ++ int set = 1; + + /* +* Remove the STA entry to ensure the STA PS state gets cleared and +@@ -1848,9 +1849,18 @@ static int add_associated_sta(struct hostapd_data *hapd, +* FT-over-the-DS, where a station re-associates back to the same AP but +* skips the authentication flow, or if working with a driver that +* does not support full AP client state. ++ * ++ * Skip this if the STA has already completed FT reassociation and the ++ * TK has been configured since the TX/RX PN must not be reset to 0 for ++ * the same key. +*/ +- if (!sta->added_unassoc) ++ if (!sta->added_unassoc && ++ (!(sta->flags & WLAN_STA_AUTHORIZED) || ++ !wpa_auth_sta_ft_tk_already_set(sta->wpa_sm))) { + hostapd_drv_sta_remove(hapd, sta->addr); ++ wpa_auth_sm_event(sta->wpa_sm, WPA_DRV_STA_REMOVED); ++ set = 0; ++ } + + #ifdef CONFIG_IEEE80211N + if (sta->flags & WLAN_STA_HT) +@@ -1873,11 +1883,11 @@ static int add_associated_sta(struct hostapd_data *hapd, + sta->flags & WLAN_STA_VHT ? &vht_cap : NULL, + sta->flags | WLAN_STA_ASSOC, sta->qosinfo, + sta->vht_opmode, sta->p2p_ie ? 1 : 0, +- sta->added_unassoc)) { ++ set)) { + hostapd_logger(hapd, sta->addr, + HOSTAPD_MODULE_IEEE80211, HOSTAPD_LEVEL_NOTICE, + "Could not %s STA to kernel driver", +- sta->added_unassoc ? "set" : "add"); ++ set ? "set" : "add"); + + if (sta->added_unassoc) { + hostapd_drv_sta_remove(hapd, sta->addr); +diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c +index 3587086..707971d 100644 +--- a/src/ap/wpa_auth.c b/src/ap/wpa_au
[gentoo-commits] repo/gentoo:master commit in: net-wireless/wpa_supplicant/files/2017-1/, net-wireless/wpa_supplicant/
commit: 319c86d1f048618da77824081843a43f049eadb5 Author: Zero_Chaos gentoo org> AuthorDate: Mon Oct 16 13:35:32 2017 + Commit: Richard Farina gentoo org> CommitDate: Mon Oct 16 13:35:32 2017 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=319c86d1 net-wireless/wpa_supplicant: fix for KRACK (bug #634436) with bonus minor syntax fix Package-Manager: Portage-2.3.11, Repoman-2.3.3 ...-Avoid-key-reinstallation-in-FT-handshake.patch | 174 + ...nstallation-of-an-already-in-use-group-ke.patch | 250 + ...ection-of-GTK-IGTK-reinstallation-of-WNM-.patch | 184 ++ ...04-Prevent-installation-of-an-all-zero-TK.patch | 79 ...Fix-PTK-rekeying-to-generate-a-new-ANonce.patch | 64 ...6-0006-TDLS-Reject-TPK-TK-reconfiguration.patch | 132 +++ ...WNM-Sleep-Mode-Response-without-pending-r.patch | 43 +++ ...llow-multiple-Reassociation-Response-fram.patch | 82 + .../wpa_supplicant/wpa_supplicant-2.6-r3.ebuild| 397 + 9 files changed, 1405 insertions(+) diff --git a/net-wireless/wpa_supplicant/files/2017-1/rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch b/net-wireless/wpa_supplicant/files/2017-1/rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch new file mode 100644 index 000..727684865db --- /dev/null +++ b/net-wireless/wpa_supplicant/files/2017-1/rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch @@ -0,0 +1,174 @@ +From cf4cab804c7afd5c45505528a8d16e46163243a2 Mon Sep 17 00:00:00 2001 +From: Mathy Vanhoef +Date: Fri, 14 Jul 2017 15:15:35 +0200 +Subject: [PATCH 1/8] hostapd: Avoid key reinstallation in FT handshake + +Do not reinstall TK to the driver during Reassociation Response frame +processing if the first attempt of setting the TK succeeded. This avoids +issues related to clearing the TX/RX PN that could result in reusing +same PN values for transmitted frames (e.g., due to CCM nonce reuse and +also hitting replay protection on the receiver) and accepting replayed +frames on RX side. + +This issue was introduced by the commit +0e84c25434e6a1f283c7b4e62e483729085b78d2 ('FT: Fix PTK configuration in +authenticator') which allowed wpa_ft_install_ptk() to be called multiple +times with the same PTK. While the second configuration attempt is +needed with some drivers, it must be done only if the first attempt +failed. + +Signed-off-by: Mathy Vanhoef +--- + src/ap/ieee802_11.c | 16 +--- + src/ap/wpa_auth.c| 11 +++ + src/ap/wpa_auth.h| 3 ++- + src/ap/wpa_auth_ft.c | 10 ++ + src/ap/wpa_auth_i.h | 1 + + 5 files changed, 37 insertions(+), 4 deletions(-) + +diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c +index 4e04169..333035f 100644 +--- a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c +@@ -1841,6 +1841,7 @@ static int add_associated_sta(struct hostapd_data *hapd, + { + struct ieee80211_ht_capabilities ht_cap; + struct ieee80211_vht_capabilities vht_cap; ++ int set = 1; + + /* +* Remove the STA entry to ensure the STA PS state gets cleared and +@@ -1848,9 +1849,18 @@ static int add_associated_sta(struct hostapd_data *hapd, +* FT-over-the-DS, where a station re-associates back to the same AP but +* skips the authentication flow, or if working with a driver that +* does not support full AP client state. ++ * ++ * Skip this if the STA has already completed FT reassociation and the ++ * TK has been configured since the TX/RX PN must not be reset to 0 for ++ * the same key. +*/ +- if (!sta->added_unassoc) ++ if (!sta->added_unassoc && ++ (!(sta->flags & WLAN_STA_AUTHORIZED) || ++ !wpa_auth_sta_ft_tk_already_set(sta->wpa_sm))) { + hostapd_drv_sta_remove(hapd, sta->addr); ++ wpa_auth_sm_event(sta->wpa_sm, WPA_DRV_STA_REMOVED); ++ set = 0; ++ } + + #ifdef CONFIG_IEEE80211N + if (sta->flags & WLAN_STA_HT) +@@ -1873,11 +1883,11 @@ static int add_associated_sta(struct hostapd_data *hapd, + sta->flags & WLAN_STA_VHT ? &vht_cap : NULL, + sta->flags | WLAN_STA_ASSOC, sta->qosinfo, + sta->vht_opmode, sta->p2p_ie ? 1 : 0, +- sta->added_unassoc)) { ++ set)) { + hostapd_logger(hapd, sta->addr, + HOSTAPD_MODULE_IEEE80211, HOSTAPD_LEVEL_NOTICE, + "Could not %s STA to kernel driver", +- sta->added_unassoc ? "set" : "add"); ++ set ? "set" : "add"); + + if (sta->added_unassoc) { + hostapd_drv_sta_remove(hapd, sta->addr); +diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c +index 3587086..707971d 100644 +--- a/src/ap/wpa_auth.c b/src/ap/wpa_au
[gentoo-commits] repo/gentoo:master commit in: net-wireless/wpa_supplicant/files/2017-1/, net-wireless/wpa_supplicant/
commit: 319c86d1f048618da77824081843a43f049eadb5 Author: Zero_Chaos gentoo org> AuthorDate: Mon Oct 16 13:35:32 2017 + Commit: Richard Farina gentoo org> CommitDate: Mon Oct 16 13:35:32 2017 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=319c86d1 net-wireless/wpa_supplicant: fix for KRACK (bug #634436) with bonus minor syntax fix Package-Manager: Portage-2.3.11, Repoman-2.3.3 ...-Avoid-key-reinstallation-in-FT-handshake.patch | 174 + ...nstallation-of-an-already-in-use-group-ke.patch | 250 + ...ection-of-GTK-IGTK-reinstallation-of-WNM-.patch | 184 ++ ...04-Prevent-installation-of-an-all-zero-TK.patch | 79 ...Fix-PTK-rekeying-to-generate-a-new-ANonce.patch | 64 ...6-0006-TDLS-Reject-TPK-TK-reconfiguration.patch | 132 +++ ...WNM-Sleep-Mode-Response-without-pending-r.patch | 43 +++ ...llow-multiple-Reassociation-Response-fram.patch | 82 + .../wpa_supplicant/wpa_supplicant-2.6-r3.ebuild| 397 + 9 files changed, 1405 insertions(+) diff --git a/net-wireless/wpa_supplicant/files/2017-1/rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch b/net-wireless/wpa_supplicant/files/2017-1/rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch new file mode 100644 index 000..727684865db --- /dev/null +++ b/net-wireless/wpa_supplicant/files/2017-1/rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch @@ -0,0 +1,174 @@ +From cf4cab804c7afd5c45505528a8d16e46163243a2 Mon Sep 17 00:00:00 2001 +From: Mathy Vanhoef +Date: Fri, 14 Jul 2017 15:15:35 +0200 +Subject: [PATCH 1/8] hostapd: Avoid key reinstallation in FT handshake + +Do not reinstall TK to the driver during Reassociation Response frame +processing if the first attempt of setting the TK succeeded. This avoids +issues related to clearing the TX/RX PN that could result in reusing +same PN values for transmitted frames (e.g., due to CCM nonce reuse and +also hitting replay protection on the receiver) and accepting replayed +frames on RX side. + +This issue was introduced by the commit +0e84c25434e6a1f283c7b4e62e483729085b78d2 ('FT: Fix PTK configuration in +authenticator') which allowed wpa_ft_install_ptk() to be called multiple +times with the same PTK. While the second configuration attempt is +needed with some drivers, it must be done only if the first attempt +failed. + +Signed-off-by: Mathy Vanhoef +--- + src/ap/ieee802_11.c | 16 +--- + src/ap/wpa_auth.c| 11 +++ + src/ap/wpa_auth.h| 3 ++- + src/ap/wpa_auth_ft.c | 10 ++ + src/ap/wpa_auth_i.h | 1 + + 5 files changed, 37 insertions(+), 4 deletions(-) + +diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c +index 4e04169..333035f 100644 +--- a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c +@@ -1841,6 +1841,7 @@ static int add_associated_sta(struct hostapd_data *hapd, + { + struct ieee80211_ht_capabilities ht_cap; + struct ieee80211_vht_capabilities vht_cap; ++ int set = 1; + + /* +* Remove the STA entry to ensure the STA PS state gets cleared and +@@ -1848,9 +1849,18 @@ static int add_associated_sta(struct hostapd_data *hapd, +* FT-over-the-DS, where a station re-associates back to the same AP but +* skips the authentication flow, or if working with a driver that +* does not support full AP client state. ++ * ++ * Skip this if the STA has already completed FT reassociation and the ++ * TK has been configured since the TX/RX PN must not be reset to 0 for ++ * the same key. +*/ +- if (!sta->added_unassoc) ++ if (!sta->added_unassoc && ++ (!(sta->flags & WLAN_STA_AUTHORIZED) || ++ !wpa_auth_sta_ft_tk_already_set(sta->wpa_sm))) { + hostapd_drv_sta_remove(hapd, sta->addr); ++ wpa_auth_sm_event(sta->wpa_sm, WPA_DRV_STA_REMOVED); ++ set = 0; ++ } + + #ifdef CONFIG_IEEE80211N + if (sta->flags & WLAN_STA_HT) +@@ -1873,11 +1883,11 @@ static int add_associated_sta(struct hostapd_data *hapd, + sta->flags & WLAN_STA_VHT ? &vht_cap : NULL, + sta->flags | WLAN_STA_ASSOC, sta->qosinfo, + sta->vht_opmode, sta->p2p_ie ? 1 : 0, +- sta->added_unassoc)) { ++ set)) { + hostapd_logger(hapd, sta->addr, + HOSTAPD_MODULE_IEEE80211, HOSTAPD_LEVEL_NOTICE, + "Could not %s STA to kernel driver", +- sta->added_unassoc ? "set" : "add"); ++ set ? "set" : "add"); + + if (sta->added_unassoc) { + hostapd_drv_sta_remove(hapd, sta->addr); +diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c +index 3587086..707971d 100644 +--- a/src/ap/wpa_auth.c b/src/ap/wpa_au
[gentoo-commits] repo/gentoo:master commit in: net-wireless/wpa_supplicant/files/2017-1/, net-wireless/wpa_supplicant/files/, ...
commit: 83775f6e5802bb8bb1a78d86b2144bc0b7d31ab2 Author: Rick Farina gentoo org> AuthorDate: Thu Mar 17 02:15:25 2022 + Commit: Rick Farina gentoo org> CommitDate: Thu Mar 17 02:15:47 2022 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=83775f6e net-wireless/wpa_supplicant: drop unused patches Signed-off-by: Rick Farina gentoo.org> net-wireless/wpa_supplicant/Manifest | 1 - ...-Avoid-key-reinstallation-in-FT-handshake.patch | 174 -- ...nstallation-of-an-already-in-use-group-ke.patch | 250 - ...ection-of-GTK-IGTK-reinstallation-of-WNM-.patch | 184 --- ...04-Prevent-installation-of-an-all-zero-TK.patch | 79 --- ...Fix-PTK-rekeying-to-generate-a-new-ANonce.patch | 64 -- ...6-0006-TDLS-Reject-TPK-TK-reconfiguration.patch | 132 --- ...WNM-Sleep-Mode-Response-without-pending-r.patch | 43 ...llow-multiple-Reassociation-Response-fram.patch | 82 --- ...y-ignore-management-frame-from-unexpected.patch | 73 -- .../wpa_supplicant/wpa_supplicant-2.10-r1.ebuild | 1 - .../wpa_supplicant/wpa_supplicant-.ebuild | 1 - 12 files changed, 1084 deletions(-) diff --git a/net-wireless/wpa_supplicant/Manifest b/net-wireless/wpa_supplicant/Manifest index f3bd37dd4029..0e445ba324c5 100644 --- a/net-wireless/wpa_supplicant/Manifest +++ b/net-wireless/wpa_supplicant/Manifest @@ -1,2 +1 @@ DIST wpa_supplicant-2.10.tar.gz 3511622 BLAKE2B 7f6045e5dcf24f7ccf1ea75c99541f9d68fadaea858a6ca11a95c997de14e33b3aa89138e748664579b5a4ea493d247cf6613da3c5fae49a4dbb5cd58dace752 SHA512 021c2a48f45d39c1dc6557730be5debaee071bc0ff82a271638beee6e32314e353e49d39e2f0dc8dff6e094dcc7008cfe1c32d0c7a34a1a345a12a3f1c1e11a1 -DIST wpa_supplicant-2.9-r3-patches.tar.bz2 5266 BLAKE2B 284fdeaf6328c35b1f5e88075c62c3b008ec2c400b0cc163a59d9cf8d7c356c3e58f8798e5bade102259d2e5be2ed298b63a0001d0a4ab71d90604a8ee8bf274 SHA512 80e4950ddc99d1134a29a3e5a39767c756f7c9f9f283749e688db3435184631f0384b78954f926724ceff86c96d05b4fb042160265e9d00f976a96e864b7ecc5 diff --git a/net-wireless/wpa_supplicant/files/2017-1/rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch b/net-wireless/wpa_supplicant/files/2017-1/rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch deleted file mode 100644 index 727684865dbd.. --- a/net-wireless/wpa_supplicant/files/2017-1/rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch +++ /dev/null @@ -1,174 +0,0 @@ -From cf4cab804c7afd5c45505528a8d16e46163243a2 Mon Sep 17 00:00:00 2001 -From: Mathy Vanhoef -Date: Fri, 14 Jul 2017 15:15:35 +0200 -Subject: [PATCH 1/8] hostapd: Avoid key reinstallation in FT handshake - -Do not reinstall TK to the driver during Reassociation Response frame -processing if the first attempt of setting the TK succeeded. This avoids -issues related to clearing the TX/RX PN that could result in reusing -same PN values for transmitted frames (e.g., due to CCM nonce reuse and -also hitting replay protection on the receiver) and accepting replayed -frames on RX side. - -This issue was introduced by the commit -0e84c25434e6a1f283c7b4e62e483729085b78d2 ('FT: Fix PTK configuration in -authenticator') which allowed wpa_ft_install_ptk() to be called multiple -times with the same PTK. While the second configuration attempt is -needed with some drivers, it must be done only if the first attempt -failed. - -Signed-off-by: Mathy Vanhoef - src/ap/ieee802_11.c | 16 +--- - src/ap/wpa_auth.c| 11 +++ - src/ap/wpa_auth.h| 3 ++- - src/ap/wpa_auth_ft.c | 10 ++ - src/ap/wpa_auth_i.h | 1 + - 5 files changed, 37 insertions(+), 4 deletions(-) - -diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c -index 4e04169..333035f 100644 a/src/ap/ieee802_11.c -+++ b/src/ap/ieee802_11.c -@@ -1841,6 +1841,7 @@ static int add_associated_sta(struct hostapd_data *hapd, - { - struct ieee80211_ht_capabilities ht_cap; - struct ieee80211_vht_capabilities vht_cap; -+ int set = 1; - - /* -* Remove the STA entry to ensure the STA PS state gets cleared and -@@ -1848,9 +1849,18 @@ static int add_associated_sta(struct hostapd_data *hapd, -* FT-over-the-DS, where a station re-associates back to the same AP but -* skips the authentication flow, or if working with a driver that -* does not support full AP client state. -+ * -+ * Skip this if the STA has already completed FT reassociation and the -+ * TK has been configured since the TX/RX PN must not be reset to 0 for -+ * the same key. -*/ -- if (!sta->added_unassoc) -+ if (!sta->added_unassoc && -+ (!(sta->flags & WLAN_STA_AUTHORIZED) || -+ !wpa_auth_sta_ft_tk_already_set(sta->wpa_sm))) { - hostapd_drv_sta_remove(hapd, sta->addr); -+ wpa_auth_sm_event(sta->wpa_sm, WPA_DRV_STA_REMOVED); -+
[gentoo-commits] repo/gentoo:master commit in: net-wireless/wpa_supplicant/files/2017-1/, net-wireless/wpa_supplicant/files/, ...
commit: 83775f6e5802bb8bb1a78d86b2144bc0b7d31ab2 Author: Rick Farina gentoo org> AuthorDate: Thu Mar 17 02:15:25 2022 + Commit: Rick Farina gentoo org> CommitDate: Thu Mar 17 02:15:47 2022 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=83775f6e net-wireless/wpa_supplicant: drop unused patches Signed-off-by: Rick Farina gentoo.org> net-wireless/wpa_supplicant/Manifest | 1 - ...-Avoid-key-reinstallation-in-FT-handshake.patch | 174 -- ...nstallation-of-an-already-in-use-group-ke.patch | 250 - ...ection-of-GTK-IGTK-reinstallation-of-WNM-.patch | 184 --- ...04-Prevent-installation-of-an-all-zero-TK.patch | 79 --- ...Fix-PTK-rekeying-to-generate-a-new-ANonce.patch | 64 -- ...6-0006-TDLS-Reject-TPK-TK-reconfiguration.patch | 132 --- ...WNM-Sleep-Mode-Response-without-pending-r.patch | 43 ...llow-multiple-Reassociation-Response-fram.patch | 82 --- ...y-ignore-management-frame-from-unexpected.patch | 73 -- .../wpa_supplicant/wpa_supplicant-2.10-r1.ebuild | 1 - .../wpa_supplicant/wpa_supplicant-.ebuild | 1 - 12 files changed, 1084 deletions(-) diff --git a/net-wireless/wpa_supplicant/Manifest b/net-wireless/wpa_supplicant/Manifest index f3bd37dd4029..0e445ba324c5 100644 --- a/net-wireless/wpa_supplicant/Manifest +++ b/net-wireless/wpa_supplicant/Manifest @@ -1,2 +1 @@ DIST wpa_supplicant-2.10.tar.gz 3511622 BLAKE2B 7f6045e5dcf24f7ccf1ea75c99541f9d68fadaea858a6ca11a95c997de14e33b3aa89138e748664579b5a4ea493d247cf6613da3c5fae49a4dbb5cd58dace752 SHA512 021c2a48f45d39c1dc6557730be5debaee071bc0ff82a271638beee6e32314e353e49d39e2f0dc8dff6e094dcc7008cfe1c32d0c7a34a1a345a12a3f1c1e11a1 -DIST wpa_supplicant-2.9-r3-patches.tar.bz2 5266 BLAKE2B 284fdeaf6328c35b1f5e88075c62c3b008ec2c400b0cc163a59d9cf8d7c356c3e58f8798e5bade102259d2e5be2ed298b63a0001d0a4ab71d90604a8ee8bf274 SHA512 80e4950ddc99d1134a29a3e5a39767c756f7c9f9f283749e688db3435184631f0384b78954f926724ceff86c96d05b4fb042160265e9d00f976a96e864b7ecc5 diff --git a/net-wireless/wpa_supplicant/files/2017-1/rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch b/net-wireless/wpa_supplicant/files/2017-1/rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch deleted file mode 100644 index 727684865dbd.. --- a/net-wireless/wpa_supplicant/files/2017-1/rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch +++ /dev/null @@ -1,174 +0,0 @@ -From cf4cab804c7afd5c45505528a8d16e46163243a2 Mon Sep 17 00:00:00 2001 -From: Mathy Vanhoef -Date: Fri, 14 Jul 2017 15:15:35 +0200 -Subject: [PATCH 1/8] hostapd: Avoid key reinstallation in FT handshake - -Do not reinstall TK to the driver during Reassociation Response frame -processing if the first attempt of setting the TK succeeded. This avoids -issues related to clearing the TX/RX PN that could result in reusing -same PN values for transmitted frames (e.g., due to CCM nonce reuse and -also hitting replay protection on the receiver) and accepting replayed -frames on RX side. - -This issue was introduced by the commit -0e84c25434e6a1f283c7b4e62e483729085b78d2 ('FT: Fix PTK configuration in -authenticator') which allowed wpa_ft_install_ptk() to be called multiple -times with the same PTK. While the second configuration attempt is -needed with some drivers, it must be done only if the first attempt -failed. - -Signed-off-by: Mathy Vanhoef - src/ap/ieee802_11.c | 16 +--- - src/ap/wpa_auth.c| 11 +++ - src/ap/wpa_auth.h| 3 ++- - src/ap/wpa_auth_ft.c | 10 ++ - src/ap/wpa_auth_i.h | 1 + - 5 files changed, 37 insertions(+), 4 deletions(-) - -diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c -index 4e04169..333035f 100644 a/src/ap/ieee802_11.c -+++ b/src/ap/ieee802_11.c -@@ -1841,6 +1841,7 @@ static int add_associated_sta(struct hostapd_data *hapd, - { - struct ieee80211_ht_capabilities ht_cap; - struct ieee80211_vht_capabilities vht_cap; -+ int set = 1; - - /* -* Remove the STA entry to ensure the STA PS state gets cleared and -@@ -1848,9 +1849,18 @@ static int add_associated_sta(struct hostapd_data *hapd, -* FT-over-the-DS, where a station re-associates back to the same AP but -* skips the authentication flow, or if working with a driver that -* does not support full AP client state. -+ * -+ * Skip this if the STA has already completed FT reassociation and the -+ * TK has been configured since the TX/RX PN must not be reset to 0 for -+ * the same key. -*/ -- if (!sta->added_unassoc) -+ if (!sta->added_unassoc && -+ (!(sta->flags & WLAN_STA_AUTHORIZED) || -+ !wpa_auth_sta_ft_tk_already_set(sta->wpa_sm))) { - hostapd_drv_sta_remove(hapd, sta->addr); -+ wpa_auth_sm_event(sta->wpa_sm, WPA_DRV_STA_REMOVED); -+
[gentoo-commits] repo/gentoo:master commit in: net-wireless/wpa_supplicant/files/2017-1/, net-wireless/wpa_supplicant/files/, ...
commit: 83775f6e5802bb8bb1a78d86b2144bc0b7d31ab2 Author: Rick Farina gentoo org> AuthorDate: Thu Mar 17 02:15:25 2022 + Commit: Rick Farina gentoo org> CommitDate: Thu Mar 17 02:15:47 2022 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=83775f6e net-wireless/wpa_supplicant: drop unused patches Signed-off-by: Rick Farina gentoo.org> net-wireless/wpa_supplicant/Manifest | 1 - ...-Avoid-key-reinstallation-in-FT-handshake.patch | 174 -- ...nstallation-of-an-already-in-use-group-ke.patch | 250 - ...ection-of-GTK-IGTK-reinstallation-of-WNM-.patch | 184 --- ...04-Prevent-installation-of-an-all-zero-TK.patch | 79 --- ...Fix-PTK-rekeying-to-generate-a-new-ANonce.patch | 64 -- ...6-0006-TDLS-Reject-TPK-TK-reconfiguration.patch | 132 --- ...WNM-Sleep-Mode-Response-without-pending-r.patch | 43 ...llow-multiple-Reassociation-Response-fram.patch | 82 --- ...y-ignore-management-frame-from-unexpected.patch | 73 -- .../wpa_supplicant/wpa_supplicant-2.10-r1.ebuild | 1 - .../wpa_supplicant/wpa_supplicant-.ebuild | 1 - 12 files changed, 1084 deletions(-) diff --git a/net-wireless/wpa_supplicant/Manifest b/net-wireless/wpa_supplicant/Manifest index f3bd37dd4029..0e445ba324c5 100644 --- a/net-wireless/wpa_supplicant/Manifest +++ b/net-wireless/wpa_supplicant/Manifest @@ -1,2 +1 @@ DIST wpa_supplicant-2.10.tar.gz 3511622 BLAKE2B 7f6045e5dcf24f7ccf1ea75c99541f9d68fadaea858a6ca11a95c997de14e33b3aa89138e748664579b5a4ea493d247cf6613da3c5fae49a4dbb5cd58dace752 SHA512 021c2a48f45d39c1dc6557730be5debaee071bc0ff82a271638beee6e32314e353e49d39e2f0dc8dff6e094dcc7008cfe1c32d0c7a34a1a345a12a3f1c1e11a1 -DIST wpa_supplicant-2.9-r3-patches.tar.bz2 5266 BLAKE2B 284fdeaf6328c35b1f5e88075c62c3b008ec2c400b0cc163a59d9cf8d7c356c3e58f8798e5bade102259d2e5be2ed298b63a0001d0a4ab71d90604a8ee8bf274 SHA512 80e4950ddc99d1134a29a3e5a39767c756f7c9f9f283749e688db3435184631f0384b78954f926724ceff86c96d05b4fb042160265e9d00f976a96e864b7ecc5 diff --git a/net-wireless/wpa_supplicant/files/2017-1/rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch b/net-wireless/wpa_supplicant/files/2017-1/rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch deleted file mode 100644 index 727684865dbd.. --- a/net-wireless/wpa_supplicant/files/2017-1/rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch +++ /dev/null @@ -1,174 +0,0 @@ -From cf4cab804c7afd5c45505528a8d16e46163243a2 Mon Sep 17 00:00:00 2001 -From: Mathy Vanhoef -Date: Fri, 14 Jul 2017 15:15:35 +0200 -Subject: [PATCH 1/8] hostapd: Avoid key reinstallation in FT handshake - -Do not reinstall TK to the driver during Reassociation Response frame -processing if the first attempt of setting the TK succeeded. This avoids -issues related to clearing the TX/RX PN that could result in reusing -same PN values for transmitted frames (e.g., due to CCM nonce reuse and -also hitting replay protection on the receiver) and accepting replayed -frames on RX side. - -This issue was introduced by the commit -0e84c25434e6a1f283c7b4e62e483729085b78d2 ('FT: Fix PTK configuration in -authenticator') which allowed wpa_ft_install_ptk() to be called multiple -times with the same PTK. While the second configuration attempt is -needed with some drivers, it must be done only if the first attempt -failed. - -Signed-off-by: Mathy Vanhoef - src/ap/ieee802_11.c | 16 +--- - src/ap/wpa_auth.c| 11 +++ - src/ap/wpa_auth.h| 3 ++- - src/ap/wpa_auth_ft.c | 10 ++ - src/ap/wpa_auth_i.h | 1 + - 5 files changed, 37 insertions(+), 4 deletions(-) - -diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c -index 4e04169..333035f 100644 a/src/ap/ieee802_11.c -+++ b/src/ap/ieee802_11.c -@@ -1841,6 +1841,7 @@ static int add_associated_sta(struct hostapd_data *hapd, - { - struct ieee80211_ht_capabilities ht_cap; - struct ieee80211_vht_capabilities vht_cap; -+ int set = 1; - - /* -* Remove the STA entry to ensure the STA PS state gets cleared and -@@ -1848,9 +1849,18 @@ static int add_associated_sta(struct hostapd_data *hapd, -* FT-over-the-DS, where a station re-associates back to the same AP but -* skips the authentication flow, or if working with a driver that -* does not support full AP client state. -+ * -+ * Skip this if the STA has already completed FT reassociation and the -+ * TK has been configured since the TX/RX PN must not be reset to 0 for -+ * the same key. -*/ -- if (!sta->added_unassoc) -+ if (!sta->added_unassoc && -+ (!(sta->flags & WLAN_STA_AUTHORIZED) || -+ !wpa_auth_sta_ft_tk_already_set(sta->wpa_sm))) { - hostapd_drv_sta_remove(hapd, sta->addr); -+ wpa_auth_sm_event(sta->wpa_sm, WPA_DRV_STA_REMOVED); -+
[gentoo-commits] repo/gentoo:master commit in: net-wireless/wpa_supplicant/files/2017-1/, net-wireless/wpa_supplicant/files/, ...
commit: 83775f6e5802bb8bb1a78d86b2144bc0b7d31ab2 Author: Rick Farina gentoo org> AuthorDate: Thu Mar 17 02:15:25 2022 + Commit: Rick Farina gentoo org> CommitDate: Thu Mar 17 02:15:47 2022 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=83775f6e net-wireless/wpa_supplicant: drop unused patches Signed-off-by: Rick Farina gentoo.org> net-wireless/wpa_supplicant/Manifest | 1 - ...-Avoid-key-reinstallation-in-FT-handshake.patch | 174 -- ...nstallation-of-an-already-in-use-group-ke.patch | 250 - ...ection-of-GTK-IGTK-reinstallation-of-WNM-.patch | 184 --- ...04-Prevent-installation-of-an-all-zero-TK.patch | 79 --- ...Fix-PTK-rekeying-to-generate-a-new-ANonce.patch | 64 -- ...6-0006-TDLS-Reject-TPK-TK-reconfiguration.patch | 132 --- ...WNM-Sleep-Mode-Response-without-pending-r.patch | 43 ...llow-multiple-Reassociation-Response-fram.patch | 82 --- ...y-ignore-management-frame-from-unexpected.patch | 73 -- .../wpa_supplicant/wpa_supplicant-2.10-r1.ebuild | 1 - .../wpa_supplicant/wpa_supplicant-.ebuild | 1 - 12 files changed, 1084 deletions(-) diff --git a/net-wireless/wpa_supplicant/Manifest b/net-wireless/wpa_supplicant/Manifest index f3bd37dd4029..0e445ba324c5 100644 --- a/net-wireless/wpa_supplicant/Manifest +++ b/net-wireless/wpa_supplicant/Manifest @@ -1,2 +1 @@ DIST wpa_supplicant-2.10.tar.gz 3511622 BLAKE2B 7f6045e5dcf24f7ccf1ea75c99541f9d68fadaea858a6ca11a95c997de14e33b3aa89138e748664579b5a4ea493d247cf6613da3c5fae49a4dbb5cd58dace752 SHA512 021c2a48f45d39c1dc6557730be5debaee071bc0ff82a271638beee6e32314e353e49d39e2f0dc8dff6e094dcc7008cfe1c32d0c7a34a1a345a12a3f1c1e11a1 -DIST wpa_supplicant-2.9-r3-patches.tar.bz2 5266 BLAKE2B 284fdeaf6328c35b1f5e88075c62c3b008ec2c400b0cc163a59d9cf8d7c356c3e58f8798e5bade102259d2e5be2ed298b63a0001d0a4ab71d90604a8ee8bf274 SHA512 80e4950ddc99d1134a29a3e5a39767c756f7c9f9f283749e688db3435184631f0384b78954f926724ceff86c96d05b4fb042160265e9d00f976a96e864b7ecc5 diff --git a/net-wireless/wpa_supplicant/files/2017-1/rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch b/net-wireless/wpa_supplicant/files/2017-1/rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch deleted file mode 100644 index 727684865dbd.. --- a/net-wireless/wpa_supplicant/files/2017-1/rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch +++ /dev/null @@ -1,174 +0,0 @@ -From cf4cab804c7afd5c45505528a8d16e46163243a2 Mon Sep 17 00:00:00 2001 -From: Mathy Vanhoef -Date: Fri, 14 Jul 2017 15:15:35 +0200 -Subject: [PATCH 1/8] hostapd: Avoid key reinstallation in FT handshake - -Do not reinstall TK to the driver during Reassociation Response frame -processing if the first attempt of setting the TK succeeded. This avoids -issues related to clearing the TX/RX PN that could result in reusing -same PN values for transmitted frames (e.g., due to CCM nonce reuse and -also hitting replay protection on the receiver) and accepting replayed -frames on RX side. - -This issue was introduced by the commit -0e84c25434e6a1f283c7b4e62e483729085b78d2 ('FT: Fix PTK configuration in -authenticator') which allowed wpa_ft_install_ptk() to be called multiple -times with the same PTK. While the second configuration attempt is -needed with some drivers, it must be done only if the first attempt -failed. - -Signed-off-by: Mathy Vanhoef - src/ap/ieee802_11.c | 16 +--- - src/ap/wpa_auth.c| 11 +++ - src/ap/wpa_auth.h| 3 ++- - src/ap/wpa_auth_ft.c | 10 ++ - src/ap/wpa_auth_i.h | 1 + - 5 files changed, 37 insertions(+), 4 deletions(-) - -diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c -index 4e04169..333035f 100644 a/src/ap/ieee802_11.c -+++ b/src/ap/ieee802_11.c -@@ -1841,6 +1841,7 @@ static int add_associated_sta(struct hostapd_data *hapd, - { - struct ieee80211_ht_capabilities ht_cap; - struct ieee80211_vht_capabilities vht_cap; -+ int set = 1; - - /* -* Remove the STA entry to ensure the STA PS state gets cleared and -@@ -1848,9 +1849,18 @@ static int add_associated_sta(struct hostapd_data *hapd, -* FT-over-the-DS, where a station re-associates back to the same AP but -* skips the authentication flow, or if working with a driver that -* does not support full AP client state. -+ * -+ * Skip this if the STA has already completed FT reassociation and the -+ * TK has been configured since the TX/RX PN must not be reset to 0 for -+ * the same key. -*/ -- if (!sta->added_unassoc) -+ if (!sta->added_unassoc && -+ (!(sta->flags & WLAN_STA_AUTHORIZED) || -+ !wpa_auth_sta_ft_tk_already_set(sta->wpa_sm))) { - hostapd_drv_sta_remove(hapd, sta->addr); -+ wpa_auth_sm_event(sta->wpa_sm, WPA_DRV_STA_REMOVED); -+
[gentoo-commits] repo/gentoo:master commit in: net-wireless/wpa_supplicant/files/2017-1/, net-wireless/wpa_supplicant/files/, ...
commit: 83775f6e5802bb8bb1a78d86b2144bc0b7d31ab2 Author: Rick Farina gentoo org> AuthorDate: Thu Mar 17 02:15:25 2022 + Commit: Rick Farina gentoo org> CommitDate: Thu Mar 17 02:15:47 2022 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=83775f6e net-wireless/wpa_supplicant: drop unused patches Signed-off-by: Rick Farina gentoo.org> net-wireless/wpa_supplicant/Manifest | 1 - ...-Avoid-key-reinstallation-in-FT-handshake.patch | 174 -- ...nstallation-of-an-already-in-use-group-ke.patch | 250 - ...ection-of-GTK-IGTK-reinstallation-of-WNM-.patch | 184 --- ...04-Prevent-installation-of-an-all-zero-TK.patch | 79 --- ...Fix-PTK-rekeying-to-generate-a-new-ANonce.patch | 64 -- ...6-0006-TDLS-Reject-TPK-TK-reconfiguration.patch | 132 --- ...WNM-Sleep-Mode-Response-without-pending-r.patch | 43 ...llow-multiple-Reassociation-Response-fram.patch | 82 --- ...y-ignore-management-frame-from-unexpected.patch | 73 -- .../wpa_supplicant/wpa_supplicant-2.10-r1.ebuild | 1 - .../wpa_supplicant/wpa_supplicant-.ebuild | 1 - 12 files changed, 1084 deletions(-) diff --git a/net-wireless/wpa_supplicant/Manifest b/net-wireless/wpa_supplicant/Manifest index f3bd37dd4029..0e445ba324c5 100644 --- a/net-wireless/wpa_supplicant/Manifest +++ b/net-wireless/wpa_supplicant/Manifest @@ -1,2 +1 @@ DIST wpa_supplicant-2.10.tar.gz 3511622 BLAKE2B 7f6045e5dcf24f7ccf1ea75c99541f9d68fadaea858a6ca11a95c997de14e33b3aa89138e748664579b5a4ea493d247cf6613da3c5fae49a4dbb5cd58dace752 SHA512 021c2a48f45d39c1dc6557730be5debaee071bc0ff82a271638beee6e32314e353e49d39e2f0dc8dff6e094dcc7008cfe1c32d0c7a34a1a345a12a3f1c1e11a1 -DIST wpa_supplicant-2.9-r3-patches.tar.bz2 5266 BLAKE2B 284fdeaf6328c35b1f5e88075c62c3b008ec2c400b0cc163a59d9cf8d7c356c3e58f8798e5bade102259d2e5be2ed298b63a0001d0a4ab71d90604a8ee8bf274 SHA512 80e4950ddc99d1134a29a3e5a39767c756f7c9f9f283749e688db3435184631f0384b78954f926724ceff86c96d05b4fb042160265e9d00f976a96e864b7ecc5 diff --git a/net-wireless/wpa_supplicant/files/2017-1/rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch b/net-wireless/wpa_supplicant/files/2017-1/rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch deleted file mode 100644 index 727684865dbd.. --- a/net-wireless/wpa_supplicant/files/2017-1/rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch +++ /dev/null @@ -1,174 +0,0 @@ -From cf4cab804c7afd5c45505528a8d16e46163243a2 Mon Sep 17 00:00:00 2001 -From: Mathy Vanhoef -Date: Fri, 14 Jul 2017 15:15:35 +0200 -Subject: [PATCH 1/8] hostapd: Avoid key reinstallation in FT handshake - -Do not reinstall TK to the driver during Reassociation Response frame -processing if the first attempt of setting the TK succeeded. This avoids -issues related to clearing the TX/RX PN that could result in reusing -same PN values for transmitted frames (e.g., due to CCM nonce reuse and -also hitting replay protection on the receiver) and accepting replayed -frames on RX side. - -This issue was introduced by the commit -0e84c25434e6a1f283c7b4e62e483729085b78d2 ('FT: Fix PTK configuration in -authenticator') which allowed wpa_ft_install_ptk() to be called multiple -times with the same PTK. While the second configuration attempt is -needed with some drivers, it must be done only if the first attempt -failed. - -Signed-off-by: Mathy Vanhoef - src/ap/ieee802_11.c | 16 +--- - src/ap/wpa_auth.c| 11 +++ - src/ap/wpa_auth.h| 3 ++- - src/ap/wpa_auth_ft.c | 10 ++ - src/ap/wpa_auth_i.h | 1 + - 5 files changed, 37 insertions(+), 4 deletions(-) - -diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c -index 4e04169..333035f 100644 a/src/ap/ieee802_11.c -+++ b/src/ap/ieee802_11.c -@@ -1841,6 +1841,7 @@ static int add_associated_sta(struct hostapd_data *hapd, - { - struct ieee80211_ht_capabilities ht_cap; - struct ieee80211_vht_capabilities vht_cap; -+ int set = 1; - - /* -* Remove the STA entry to ensure the STA PS state gets cleared and -@@ -1848,9 +1849,18 @@ static int add_associated_sta(struct hostapd_data *hapd, -* FT-over-the-DS, where a station re-associates back to the same AP but -* skips the authentication flow, or if working with a driver that -* does not support full AP client state. -+ * -+ * Skip this if the STA has already completed FT reassociation and the -+ * TK has been configured since the TX/RX PN must not be reset to 0 for -+ * the same key. -*/ -- if (!sta->added_unassoc) -+ if (!sta->added_unassoc && -+ (!(sta->flags & WLAN_STA_AUTHORIZED) || -+ !wpa_auth_sta_ft_tk_already_set(sta->wpa_sm))) { - hostapd_drv_sta_remove(hapd, sta->addr); -+ wpa_auth_sm_event(sta->wpa_sm, WPA_DRV_STA_REMOVED); -+
[gentoo-commits] repo/gentoo:master commit in: net-wireless/wpa_supplicant/files/2017-1/, net-wireless/wpa_supplicant/files/, ...
commit: 83775f6e5802bb8bb1a78d86b2144bc0b7d31ab2 Author: Rick Farina gentoo org> AuthorDate: Thu Mar 17 02:15:25 2022 + Commit: Rick Farina gentoo org> CommitDate: Thu Mar 17 02:15:47 2022 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=83775f6e net-wireless/wpa_supplicant: drop unused patches Signed-off-by: Rick Farina gentoo.org> net-wireless/wpa_supplicant/Manifest | 1 - ...-Avoid-key-reinstallation-in-FT-handshake.patch | 174 -- ...nstallation-of-an-already-in-use-group-ke.patch | 250 - ...ection-of-GTK-IGTK-reinstallation-of-WNM-.patch | 184 --- ...04-Prevent-installation-of-an-all-zero-TK.patch | 79 --- ...Fix-PTK-rekeying-to-generate-a-new-ANonce.patch | 64 -- ...6-0006-TDLS-Reject-TPK-TK-reconfiguration.patch | 132 --- ...WNM-Sleep-Mode-Response-without-pending-r.patch | 43 ...llow-multiple-Reassociation-Response-fram.patch | 82 --- ...y-ignore-management-frame-from-unexpected.patch | 73 -- .../wpa_supplicant/wpa_supplicant-2.10-r1.ebuild | 1 - .../wpa_supplicant/wpa_supplicant-.ebuild | 1 - 12 files changed, 1084 deletions(-) diff --git a/net-wireless/wpa_supplicant/Manifest b/net-wireless/wpa_supplicant/Manifest index f3bd37dd4029..0e445ba324c5 100644 --- a/net-wireless/wpa_supplicant/Manifest +++ b/net-wireless/wpa_supplicant/Manifest @@ -1,2 +1 @@ DIST wpa_supplicant-2.10.tar.gz 3511622 BLAKE2B 7f6045e5dcf24f7ccf1ea75c99541f9d68fadaea858a6ca11a95c997de14e33b3aa89138e748664579b5a4ea493d247cf6613da3c5fae49a4dbb5cd58dace752 SHA512 021c2a48f45d39c1dc6557730be5debaee071bc0ff82a271638beee6e32314e353e49d39e2f0dc8dff6e094dcc7008cfe1c32d0c7a34a1a345a12a3f1c1e11a1 -DIST wpa_supplicant-2.9-r3-patches.tar.bz2 5266 BLAKE2B 284fdeaf6328c35b1f5e88075c62c3b008ec2c400b0cc163a59d9cf8d7c356c3e58f8798e5bade102259d2e5be2ed298b63a0001d0a4ab71d90604a8ee8bf274 SHA512 80e4950ddc99d1134a29a3e5a39767c756f7c9f9f283749e688db3435184631f0384b78954f926724ceff86c96d05b4fb042160265e9d00f976a96e864b7ecc5 diff --git a/net-wireless/wpa_supplicant/files/2017-1/rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch b/net-wireless/wpa_supplicant/files/2017-1/rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch deleted file mode 100644 index 727684865dbd.. --- a/net-wireless/wpa_supplicant/files/2017-1/rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch +++ /dev/null @@ -1,174 +0,0 @@ -From cf4cab804c7afd5c45505528a8d16e46163243a2 Mon Sep 17 00:00:00 2001 -From: Mathy Vanhoef -Date: Fri, 14 Jul 2017 15:15:35 +0200 -Subject: [PATCH 1/8] hostapd: Avoid key reinstallation in FT handshake - -Do not reinstall TK to the driver during Reassociation Response frame -processing if the first attempt of setting the TK succeeded. This avoids -issues related to clearing the TX/RX PN that could result in reusing -same PN values for transmitted frames (e.g., due to CCM nonce reuse and -also hitting replay protection on the receiver) and accepting replayed -frames on RX side. - -This issue was introduced by the commit -0e84c25434e6a1f283c7b4e62e483729085b78d2 ('FT: Fix PTK configuration in -authenticator') which allowed wpa_ft_install_ptk() to be called multiple -times with the same PTK. While the second configuration attempt is -needed with some drivers, it must be done only if the first attempt -failed. - -Signed-off-by: Mathy Vanhoef - src/ap/ieee802_11.c | 16 +--- - src/ap/wpa_auth.c| 11 +++ - src/ap/wpa_auth.h| 3 ++- - src/ap/wpa_auth_ft.c | 10 ++ - src/ap/wpa_auth_i.h | 1 + - 5 files changed, 37 insertions(+), 4 deletions(-) - -diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c -index 4e04169..333035f 100644 a/src/ap/ieee802_11.c -+++ b/src/ap/ieee802_11.c -@@ -1841,6 +1841,7 @@ static int add_associated_sta(struct hostapd_data *hapd, - { - struct ieee80211_ht_capabilities ht_cap; - struct ieee80211_vht_capabilities vht_cap; -+ int set = 1; - - /* -* Remove the STA entry to ensure the STA PS state gets cleared and -@@ -1848,9 +1849,18 @@ static int add_associated_sta(struct hostapd_data *hapd, -* FT-over-the-DS, where a station re-associates back to the same AP but -* skips the authentication flow, or if working with a driver that -* does not support full AP client state. -+ * -+ * Skip this if the STA has already completed FT reassociation and the -+ * TK has been configured since the TX/RX PN must not be reset to 0 for -+ * the same key. -*/ -- if (!sta->added_unassoc) -+ if (!sta->added_unassoc && -+ (!(sta->flags & WLAN_STA_AUTHORIZED) || -+ !wpa_auth_sta_ft_tk_already_set(sta->wpa_sm))) { - hostapd_drv_sta_remove(hapd, sta->addr); -+ wpa_auth_sm_event(sta->wpa_sm, WPA_DRV_STA_REMOVED); -+
[gentoo-commits] repo/gentoo:master commit in: net-wireless/wpa_supplicant/files/2017-1/, net-wireless/wpa_supplicant/files/, ...
commit: 83775f6e5802bb8bb1a78d86b2144bc0b7d31ab2 Author: Rick Farina gentoo org> AuthorDate: Thu Mar 17 02:15:25 2022 + Commit: Rick Farina gentoo org> CommitDate: Thu Mar 17 02:15:47 2022 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=83775f6e net-wireless/wpa_supplicant: drop unused patches Signed-off-by: Rick Farina gentoo.org> net-wireless/wpa_supplicant/Manifest | 1 - ...-Avoid-key-reinstallation-in-FT-handshake.patch | 174 -- ...nstallation-of-an-already-in-use-group-ke.patch | 250 - ...ection-of-GTK-IGTK-reinstallation-of-WNM-.patch | 184 --- ...04-Prevent-installation-of-an-all-zero-TK.patch | 79 --- ...Fix-PTK-rekeying-to-generate-a-new-ANonce.patch | 64 -- ...6-0006-TDLS-Reject-TPK-TK-reconfiguration.patch | 132 --- ...WNM-Sleep-Mode-Response-without-pending-r.patch | 43 ...llow-multiple-Reassociation-Response-fram.patch | 82 --- ...y-ignore-management-frame-from-unexpected.patch | 73 -- .../wpa_supplicant/wpa_supplicant-2.10-r1.ebuild | 1 - .../wpa_supplicant/wpa_supplicant-.ebuild | 1 - 12 files changed, 1084 deletions(-) diff --git a/net-wireless/wpa_supplicant/Manifest b/net-wireless/wpa_supplicant/Manifest index f3bd37dd4029..0e445ba324c5 100644 --- a/net-wireless/wpa_supplicant/Manifest +++ b/net-wireless/wpa_supplicant/Manifest @@ -1,2 +1 @@ DIST wpa_supplicant-2.10.tar.gz 3511622 BLAKE2B 7f6045e5dcf24f7ccf1ea75c99541f9d68fadaea858a6ca11a95c997de14e33b3aa89138e748664579b5a4ea493d247cf6613da3c5fae49a4dbb5cd58dace752 SHA512 021c2a48f45d39c1dc6557730be5debaee071bc0ff82a271638beee6e32314e353e49d39e2f0dc8dff6e094dcc7008cfe1c32d0c7a34a1a345a12a3f1c1e11a1 -DIST wpa_supplicant-2.9-r3-patches.tar.bz2 5266 BLAKE2B 284fdeaf6328c35b1f5e88075c62c3b008ec2c400b0cc163a59d9cf8d7c356c3e58f8798e5bade102259d2e5be2ed298b63a0001d0a4ab71d90604a8ee8bf274 SHA512 80e4950ddc99d1134a29a3e5a39767c756f7c9f9f283749e688db3435184631f0384b78954f926724ceff86c96d05b4fb042160265e9d00f976a96e864b7ecc5 diff --git a/net-wireless/wpa_supplicant/files/2017-1/rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch b/net-wireless/wpa_supplicant/files/2017-1/rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch deleted file mode 100644 index 727684865dbd.. --- a/net-wireless/wpa_supplicant/files/2017-1/rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch +++ /dev/null @@ -1,174 +0,0 @@ -From cf4cab804c7afd5c45505528a8d16e46163243a2 Mon Sep 17 00:00:00 2001 -From: Mathy Vanhoef -Date: Fri, 14 Jul 2017 15:15:35 +0200 -Subject: [PATCH 1/8] hostapd: Avoid key reinstallation in FT handshake - -Do not reinstall TK to the driver during Reassociation Response frame -processing if the first attempt of setting the TK succeeded. This avoids -issues related to clearing the TX/RX PN that could result in reusing -same PN values for transmitted frames (e.g., due to CCM nonce reuse and -also hitting replay protection on the receiver) and accepting replayed -frames on RX side. - -This issue was introduced by the commit -0e84c25434e6a1f283c7b4e62e483729085b78d2 ('FT: Fix PTK configuration in -authenticator') which allowed wpa_ft_install_ptk() to be called multiple -times with the same PTK. While the second configuration attempt is -needed with some drivers, it must be done only if the first attempt -failed. - -Signed-off-by: Mathy Vanhoef - src/ap/ieee802_11.c | 16 +--- - src/ap/wpa_auth.c| 11 +++ - src/ap/wpa_auth.h| 3 ++- - src/ap/wpa_auth_ft.c | 10 ++ - src/ap/wpa_auth_i.h | 1 + - 5 files changed, 37 insertions(+), 4 deletions(-) - -diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c -index 4e04169..333035f 100644 a/src/ap/ieee802_11.c -+++ b/src/ap/ieee802_11.c -@@ -1841,6 +1841,7 @@ static int add_associated_sta(struct hostapd_data *hapd, - { - struct ieee80211_ht_capabilities ht_cap; - struct ieee80211_vht_capabilities vht_cap; -+ int set = 1; - - /* -* Remove the STA entry to ensure the STA PS state gets cleared and -@@ -1848,9 +1849,18 @@ static int add_associated_sta(struct hostapd_data *hapd, -* FT-over-the-DS, where a station re-associates back to the same AP but -* skips the authentication flow, or if working with a driver that -* does not support full AP client state. -+ * -+ * Skip this if the STA has already completed FT reassociation and the -+ * TK has been configured since the TX/RX PN must not be reset to 0 for -+ * the same key. -*/ -- if (!sta->added_unassoc) -+ if (!sta->added_unassoc && -+ (!(sta->flags & WLAN_STA_AUTHORIZED) || -+ !wpa_auth_sta_ft_tk_already_set(sta->wpa_sm))) { - hostapd_drv_sta_remove(hapd, sta->addr); -+ wpa_auth_sm_event(sta->wpa_sm, WPA_DRV_STA_REMOVED); -+
[gentoo-commits] repo/gentoo:master commit in: net-wireless/wpa_supplicant/files/2017-1/, net-wireless/wpa_supplicant/files/, ...
commit: 83775f6e5802bb8bb1a78d86b2144bc0b7d31ab2 Author: Rick Farina gentoo org> AuthorDate: Thu Mar 17 02:15:25 2022 + Commit: Rick Farina gentoo org> CommitDate: Thu Mar 17 02:15:47 2022 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=83775f6e net-wireless/wpa_supplicant: drop unused patches Signed-off-by: Rick Farina gentoo.org> net-wireless/wpa_supplicant/Manifest | 1 - ...-Avoid-key-reinstallation-in-FT-handshake.patch | 174 -- ...nstallation-of-an-already-in-use-group-ke.patch | 250 - ...ection-of-GTK-IGTK-reinstallation-of-WNM-.patch | 184 --- ...04-Prevent-installation-of-an-all-zero-TK.patch | 79 --- ...Fix-PTK-rekeying-to-generate-a-new-ANonce.patch | 64 -- ...6-0006-TDLS-Reject-TPK-TK-reconfiguration.patch | 132 --- ...WNM-Sleep-Mode-Response-without-pending-r.patch | 43 ...llow-multiple-Reassociation-Response-fram.patch | 82 --- ...y-ignore-management-frame-from-unexpected.patch | 73 -- .../wpa_supplicant/wpa_supplicant-2.10-r1.ebuild | 1 - .../wpa_supplicant/wpa_supplicant-.ebuild | 1 - 12 files changed, 1084 deletions(-) diff --git a/net-wireless/wpa_supplicant/Manifest b/net-wireless/wpa_supplicant/Manifest index f3bd37dd4029..0e445ba324c5 100644 --- a/net-wireless/wpa_supplicant/Manifest +++ b/net-wireless/wpa_supplicant/Manifest @@ -1,2 +1 @@ DIST wpa_supplicant-2.10.tar.gz 3511622 BLAKE2B 7f6045e5dcf24f7ccf1ea75c99541f9d68fadaea858a6ca11a95c997de14e33b3aa89138e748664579b5a4ea493d247cf6613da3c5fae49a4dbb5cd58dace752 SHA512 021c2a48f45d39c1dc6557730be5debaee071bc0ff82a271638beee6e32314e353e49d39e2f0dc8dff6e094dcc7008cfe1c32d0c7a34a1a345a12a3f1c1e11a1 -DIST wpa_supplicant-2.9-r3-patches.tar.bz2 5266 BLAKE2B 284fdeaf6328c35b1f5e88075c62c3b008ec2c400b0cc163a59d9cf8d7c356c3e58f8798e5bade102259d2e5be2ed298b63a0001d0a4ab71d90604a8ee8bf274 SHA512 80e4950ddc99d1134a29a3e5a39767c756f7c9f9f283749e688db3435184631f0384b78954f926724ceff86c96d05b4fb042160265e9d00f976a96e864b7ecc5 diff --git a/net-wireless/wpa_supplicant/files/2017-1/rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch b/net-wireless/wpa_supplicant/files/2017-1/rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch deleted file mode 100644 index 727684865dbd.. --- a/net-wireless/wpa_supplicant/files/2017-1/rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch +++ /dev/null @@ -1,174 +0,0 @@ -From cf4cab804c7afd5c45505528a8d16e46163243a2 Mon Sep 17 00:00:00 2001 -From: Mathy Vanhoef -Date: Fri, 14 Jul 2017 15:15:35 +0200 -Subject: [PATCH 1/8] hostapd: Avoid key reinstallation in FT handshake - -Do not reinstall TK to the driver during Reassociation Response frame -processing if the first attempt of setting the TK succeeded. This avoids -issues related to clearing the TX/RX PN that could result in reusing -same PN values for transmitted frames (e.g., due to CCM nonce reuse and -also hitting replay protection on the receiver) and accepting replayed -frames on RX side. - -This issue was introduced by the commit -0e84c25434e6a1f283c7b4e62e483729085b78d2 ('FT: Fix PTK configuration in -authenticator') which allowed wpa_ft_install_ptk() to be called multiple -times with the same PTK. While the second configuration attempt is -needed with some drivers, it must be done only if the first attempt -failed. - -Signed-off-by: Mathy Vanhoef - src/ap/ieee802_11.c | 16 +--- - src/ap/wpa_auth.c| 11 +++ - src/ap/wpa_auth.h| 3 ++- - src/ap/wpa_auth_ft.c | 10 ++ - src/ap/wpa_auth_i.h | 1 + - 5 files changed, 37 insertions(+), 4 deletions(-) - -diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c -index 4e04169..333035f 100644 a/src/ap/ieee802_11.c -+++ b/src/ap/ieee802_11.c -@@ -1841,6 +1841,7 @@ static int add_associated_sta(struct hostapd_data *hapd, - { - struct ieee80211_ht_capabilities ht_cap; - struct ieee80211_vht_capabilities vht_cap; -+ int set = 1; - - /* -* Remove the STA entry to ensure the STA PS state gets cleared and -@@ -1848,9 +1849,18 @@ static int add_associated_sta(struct hostapd_data *hapd, -* FT-over-the-DS, where a station re-associates back to the same AP but -* skips the authentication flow, or if working with a driver that -* does not support full AP client state. -+ * -+ * Skip this if the STA has already completed FT reassociation and the -+ * TK has been configured since the TX/RX PN must not be reset to 0 for -+ * the same key. -*/ -- if (!sta->added_unassoc) -+ if (!sta->added_unassoc && -+ (!(sta->flags & WLAN_STA_AUTHORIZED) || -+ !wpa_auth_sta_ft_tk_already_set(sta->wpa_sm))) { - hostapd_drv_sta_remove(hapd, sta->addr); -+ wpa_auth_sm_event(sta->wpa_sm, WPA_DRV_STA_REMOVED); -+