subject:"svn commit\: r324696 \- in head\/contrib\/wpa\: src\/ap src\/common src\/rsn_supp wpa

RE: svn commit: r324696 - in head/contrib/wpa: src/ap src/common src/rsn_supp wpa_supplicant

2017-11-12 Thread Cy Schubert

This managed to get stuck in the outbox on my phone. Better late than never.

I think we need to start planning to upgrade to 2.6 (and 2.7 when it comes 
out), or at least thinking about it, especially with 10.x being badly out of 
date.

Also possibly remove hostapd, instead relying on the port for that.

---
Sent using a tiny phone keyboard. Apologies for any typos and autocorrect.

Cy Schubert
 or 

-Original Message-
From: Gordon Tetlow
Sent: 17/10/2017 10:22
To: src-committ...@freebsd.org; svn-src-...@freebsd.org; 
svn-src-head@freebsd.org
Subject: svn commit: r324696 - in head/contrib/wpa: src/ap src/common 
src/rsn_supp wpa_supplicant

Author: gordon
Date: Tue Oct 17 17:22:36 2017
New Revision: 324696
URL: https://svnweb.freebsd.org/changeset/base/324696

Log:
  Update wpa_supplicant/hostapd for 2017-01 vulnerability release.
  
  hostapd: Avoid key reinstallation in FT handshake
  Prevent reinstallation of an already in-use group key
  Extend protection of GTK/IGTK reinstallation of WNM-Sleep Mode cases
  Fix TK configuration to the driver in EAPOL-Key 3/4 retry case
  Prevent installation of an all-zero TK
  Fix PTK rekeying to generate a new ANonce
  TDLS: Reject TPK-TK reconfiguration
  WNM: Ignore Key Data in WNM Sleep Mode Response frame if no PMF in use
  WNM: Ignore WNM-Sleep Mode Response if WNM-Sleep Mode has not been used
  WNM: Ignore WNM-Sleep Mode Response without pending request
  FT: Do not allow multiple Reassociation Response frames
  TDLS: Ignore incoming TDLS Setup Response retries
  
  Submitted by: jhb
  Obtained from:https://w1.fi/security/2017-01/ (against later version)
  Security: FreeBSD-SA-17:07
  Security: CERT VU#228519
  Security: CVE-2017-13077
  Security: CVE-2017-13078
  Security: CVE-2017-13079
  Security: CVE-2017-13080
  Security: CVE-2017-13081
  Security: CVE-2017-13082
  Security: CVE-2017-13086
  Security: CVE-2017-13087
  Security: CVE-2017-13088
  Differential Revision:https://reviews.freebsd.org/D12693

Modified:
  head/contrib/wpa/src/ap/wpa_auth.c
  head/contrib/wpa/src/ap/wpa_auth.h
  head/contrib/wpa/src/ap/wpa_auth_ft.c
  head/contrib/wpa/src/ap/wpa_auth_i.h
  head/contrib/wpa/src/common/wpa_common.h
  head/contrib/wpa/src/rsn_supp/tdls.c
  head/contrib/wpa/src/rsn_supp/wpa.c
  head/contrib/wpa/src/rsn_supp/wpa_ft.c
  head/contrib/wpa/src/rsn_supp/wpa_i.h
  head/contrib/wpa/wpa_supplicant/ctrl_iface.c
  head/contrib/wpa/wpa_supplicant/events.c
  head/contrib/wpa/wpa_supplicant/wnm_sta.c
  head/contrib/wpa/wpa_supplicant/wpa_supplicant_i.h

Modified: head/contrib/wpa/src/ap/wpa_auth.c
==
--- head/contrib/wpa/src/ap/wpa_auth.c  Tue Oct 17 16:29:50 2017
(r324695)
+++ head/contrib/wpa/src/ap/wpa_auth.c  Tue Oct 17 17:22:36 2017
(r324696)
@@ -1893,6 +1893,21 @@ SM_STATE(WPA_PTK, AUTHENTICATION2)
 }
 
 
+static int wpa_auth_sm_ptk_update(struct wpa_state_machine *sm)
+{
+   if (random_get_bytes(sm->ANonce, WPA_NONCE_LEN)) {
+   wpa_printf(MSG_ERROR,
+  "WPA: Failed to get random data for ANonce");
+   sm->Disconnect = TRUE;
+   return -1;
+   }
+   wpa_hexdump(MSG_DEBUG, "WPA: Assign new ANonce", sm->ANonce,
+   WPA_NONCE_LEN);
+   sm->TimeoutCtr = 0;
+   return 0;
+}
+
+
 SM_STATE(WPA_PTK, INITPMK)
 {
u8 msk[2 * PMK_LEN];
@@ -2414,9 +2429,12 @@ SM_STEP(WPA_PTK)
SM_ENTER(WPA_PTK, AUTHENTICATION);
else if (sm->ReAuthenticationRequest)
SM_ENTER(WPA_PTK, AUTHENTICATION2);
-   else if (sm->PTKRequest)
-   SM_ENTER(WPA_PTK, PTKSTART);
-   else switch (sm->wpa_ptk_state) {
+   else if (sm->PTKRequest) {
+   if (wpa_auth_sm_ptk_update(sm) < 0)
+   SM_ENTER(WPA_PTK, DISCONNECTED);
+   else
+   SM_ENTER(WPA_PTK, PTKSTART);
+   } else switch (sm->wpa_ptk_state) {
case WPA_PTK_INITIALIZE:
break;
case WPA_PTK_DISCONNECT:
@@ -3206,6 +3224,14 @@ int wpa_auth_sta_wpa_version(struct wpa_state_machine 
if (sm == NULL)
return 0;
return sm->wpa;
+}
+
+
+int wpa_auth_sta_ft_tk_already_set(struct wpa_state_machine *sm)
+{
+   if (!sm || !wpa_key_mgmt_ft(sm->wpa_key_mgmt))
+   return 0;
+   return sm->tk_already_set;
 }
 
 

Modified: head/contrib/wpa/src/ap/wpa_auth.h
==
--- head/contrib/wpa/src/ap/wpa_auth.h  Tue Oct 17 16:29:50 2017
(r324695)
+++ head/contrib/wpa/src/ap/wpa_auth.h  Tue Oct 17 17:22:36 2017
(r324696)
@@ -271,6 +271,7 @@ int wpa_auth_pairwise_set(struct wpa_state_machine *sm
 int wpa_auth_get_pairwise(struct wpa_state_machine *sm);
 in

svn commit: r324696 - in head/contrib/wpa: src/ap src/common src/rsn_supp wpa_supplicant

2017-10-17 Thread Gordon Tetlow

Author: gordon
Date: Tue Oct 17 17:22:36 2017
New Revision: 324696
URL: https://svnweb.freebsd.org/changeset/base/324696

Log:
  Update wpa_supplicant/hostapd for 2017-01 vulnerability release.
  
  hostapd: Avoid key reinstallation in FT handshake
  Prevent reinstallation of an already in-use group key
  Extend protection of GTK/IGTK reinstallation of WNM-Sleep Mode cases
  Fix TK configuration to the driver in EAPOL-Key 3/4 retry case
  Prevent installation of an all-zero TK
  Fix PTK rekeying to generate a new ANonce
  TDLS: Reject TPK-TK reconfiguration
  WNM: Ignore Key Data in WNM Sleep Mode Response frame if no PMF in use
  WNM: Ignore WNM-Sleep Mode Response if WNM-Sleep Mode has not been used
  WNM: Ignore WNM-Sleep Mode Response without pending request
  FT: Do not allow multiple Reassociation Response frames
  TDLS: Ignore incoming TDLS Setup Response retries
  
  Submitted by: jhb
  Obtained from:https://w1.fi/security/2017-01/ (against later version)
  Security: FreeBSD-SA-17:07
  Security: CERT VU#228519
  Security: CVE-2017-13077
  Security: CVE-2017-13078
  Security: CVE-2017-13079
  Security: CVE-2017-13080
  Security: CVE-2017-13081
  Security: CVE-2017-13082
  Security: CVE-2017-13086
  Security: CVE-2017-13087
  Security: CVE-2017-13088
  Differential Revision:https://reviews.freebsd.org/D12693

Modified:
  head/contrib/wpa/src/ap/wpa_auth.c
  head/contrib/wpa/src/ap/wpa_auth.h
  head/contrib/wpa/src/ap/wpa_auth_ft.c
  head/contrib/wpa/src/ap/wpa_auth_i.h
  head/contrib/wpa/src/common/wpa_common.h
  head/contrib/wpa/src/rsn_supp/tdls.c
  head/contrib/wpa/src/rsn_supp/wpa.c
  head/contrib/wpa/src/rsn_supp/wpa_ft.c
  head/contrib/wpa/src/rsn_supp/wpa_i.h
  head/contrib/wpa/wpa_supplicant/ctrl_iface.c
  head/contrib/wpa/wpa_supplicant/events.c
  head/contrib/wpa/wpa_supplicant/wnm_sta.c
  head/contrib/wpa/wpa_supplicant/wpa_supplicant_i.h

Modified: head/contrib/wpa/src/ap/wpa_auth.c
==
--- head/contrib/wpa/src/ap/wpa_auth.c  Tue Oct 17 16:29:50 2017
(r324695)
+++ head/contrib/wpa/src/ap/wpa_auth.c  Tue Oct 17 17:22:36 2017
(r324696)
@@ -1893,6 +1893,21 @@ SM_STATE(WPA_PTK, AUTHENTICATION2)
 }
 
 
+static int wpa_auth_sm_ptk_update(struct wpa_state_machine *sm)
+{
+   if (random_get_bytes(sm->ANonce, WPA_NONCE_LEN)) {
+   wpa_printf(MSG_ERROR,
+  "WPA: Failed to get random data for ANonce");
+   sm->Disconnect = TRUE;
+   return -1;
+   }
+   wpa_hexdump(MSG_DEBUG, "WPA: Assign new ANonce", sm->ANonce,
+   WPA_NONCE_LEN);
+   sm->TimeoutCtr = 0;
+   return 0;
+}
+
+
 SM_STATE(WPA_PTK, INITPMK)
 {
u8 msk[2 * PMK_LEN];
@@ -2414,9 +2429,12 @@ SM_STEP(WPA_PTK)
SM_ENTER(WPA_PTK, AUTHENTICATION);
else if (sm->ReAuthenticationRequest)
SM_ENTER(WPA_PTK, AUTHENTICATION2);
-   else if (sm->PTKRequest)
-   SM_ENTER(WPA_PTK, PTKSTART);
-   else switch (sm->wpa_ptk_state) {
+   else if (sm->PTKRequest) {
+   if (wpa_auth_sm_ptk_update(sm) < 0)
+   SM_ENTER(WPA_PTK, DISCONNECTED);
+   else
+   SM_ENTER(WPA_PTK, PTKSTART);
+   } else switch (sm->wpa_ptk_state) {
case WPA_PTK_INITIALIZE:
break;
case WPA_PTK_DISCONNECT:
@@ -3206,6 +3224,14 @@ int wpa_auth_sta_wpa_version(struct wpa_state_machine 
if (sm == NULL)
return 0;
return sm->wpa;
+}
+
+
+int wpa_auth_sta_ft_tk_already_set(struct wpa_state_machine *sm)
+{
+   if (!sm || !wpa_key_mgmt_ft(sm->wpa_key_mgmt))
+   return 0;
+   return sm->tk_already_set;
 }
 
 

Modified: head/contrib/wpa/src/ap/wpa_auth.h
==
--- head/contrib/wpa/src/ap/wpa_auth.h  Tue Oct 17 16:29:50 2017
(r324695)
+++ head/contrib/wpa/src/ap/wpa_auth.h  Tue Oct 17 17:22:36 2017
(r324696)
@@ -271,6 +271,7 @@ int wpa_auth_pairwise_set(struct wpa_state_machine *sm
 int wpa_auth_get_pairwise(struct wpa_state_machine *sm);
 int wpa_auth_sta_key_mgmt(struct wpa_state_machine *sm);
 int wpa_auth_sta_wpa_version(struct wpa_state_machine *sm);
+int wpa_auth_sta_ft_tk_already_set(struct wpa_state_machine *sm);
 int wpa_auth_sta_clear_pmksa(struct wpa_state_machine *sm,
 struct rsn_pmksa_cache_entry *entry);
 struct rsn_pmksa_cache_entry *

Modified: head/contrib/wpa/src/ap/wpa_auth_ft.c
==
--- head/contrib/wpa/src/ap/wpa_auth_ft.c   Tue Oct 17 16:29:50 2017
(r324695)
+++ head/contrib/wpa/src/ap/wpa_auth_ft.c   Tue Oct 17 17:22:36 2017
(r324696)
@@ -780,6 +780,14 @@ void wpa_ft_install_ptk(struct wpa_state_machine *sm

RE: svn commit: r324696 - in head/contrib/wpa: src/ap src/common src/rsn_supp wpa_supplicant

svn commit: r324696 - in head/contrib/wpa: src/ap src/common src/rsn_supp wpa_supplicant

2 matches

Site Navigation

Mail list logo

Footer information