diff options
author | Daniel Golle <daniel@makrotopia.org> | 2018-03-27 19:24:27 +0200 |
---|---|---|
committer | Daniel Golle <daniel@makrotopia.org> | 2018-03-27 19:25:32 +0200 |
commit | eba3b028e46dbfe54f1208e9edf47bb0c6f73ac8 (patch) | |
tree | 81958e21f681ba5d044688fa4838a54ff0698f53 /package/network/services/hostapd/patches/008-WPA-Extra-defense-against-PTK-reinstalls-in-4-way-ha.patch | |
parent | 9b92afa3aa3bf19986983f4dceb54b4952d4b970 (diff) | |
download | upstream-eba3b028e46dbfe54f1208e9edf47bb0c6f73ac8.tar.gz upstream-eba3b028e46dbfe54f1208e9edf47bb0c6f73ac8.tar.bz2 upstream-eba3b028e46dbfe54f1208e9edf47bb0c6f73ac8.zip |
hostapd: update to git snapshot of 2018-03-26
The following patches were merged upstream:
000-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch
replaced by commit 0e3bd7ac6
001-Prevent-reinstallation-of-an-already-in-use-group-ke.patch
replaced by commit cb5132bb3
002-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch
replaced by commit 87e2db16b
003-Prevent-installation-of-an-all-zero-TK.patch
replaced by commit 53bb18cc8
004-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch
replaced by commit 0adc9b28b
005-TDLS-Reject-TPK-TK-reconfiguration.patch
replaced by commit ff89af96e
006-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch
replaced by commit adae51f8b
007-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch
replaced by commit 2a9c5217b
008-WPA-Extra-defense-against-PTK-reinstalls-in-4-way-ha.patch
replaced by commit a00e946c1
009-Clear-PMK-length-and-check-for-this-when-deriving-PT.patch
replaced by commit b488a1294
010-Optional-AP-side-workaround-for-key-reinstallation-a.patch
replaced by commit 6f234c1e2
011-Additional-consistentcy-checks-for-PTK-component-len.patch
replaced by commit a6ea66530
012-Clear-BSSID-information-in-supplicant-state-machine-.patch
replaced by commit c0fe5f125
013-WNM-Ignore-WNM-Sleep-Mode-Request-in-wnm_sleep_mode-.patch
replaced by commit 114f2830d
Some patches had to be modified to work with changed upstream source:
380-disable_ctrl_iface_mib.patch (adding more ifdef'ery)
plus some minor knits needed for other patches to apply which are not
worth being explicitely listed here.
For SAE key management in mesh mode, use the newly introduce
sae_password parameter instead of the psk parameter to also support
SAE keys which would fail the checks applied on the psk field (ie.
length and such). This fixes compatibility issues for users migrating
from authsae.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Diffstat (limited to 'package/network/services/hostapd/patches/008-WPA-Extra-defense-against-PTK-reinstalls-in-4-way-ha.patch')
-rw-r--r-- | package/network/services/hostapd/patches/008-WPA-Extra-defense-against-PTK-reinstalls-in-4-way-ha.patch | 34 |
1 files changed, 0 insertions, 34 deletions
diff --git a/package/network/services/hostapd/patches/008-WPA-Extra-defense-against-PTK-reinstalls-in-4-way-ha.patch b/package/network/services/hostapd/patches/008-WPA-Extra-defense-against-PTK-reinstalls-in-4-way-ha.patch deleted file mode 100644 index 40f6b56965..0000000000 --- a/package/network/services/hostapd/patches/008-WPA-Extra-defense-against-PTK-reinstalls-in-4-way-ha.patch +++ /dev/null @@ -1,34 +0,0 @@ -From a00e946c1c9a1f9cc65c72900d2a444ceb1f872e Mon Sep 17 00:00:00 2001 -From: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be> -Date: Thu, 5 Oct 2017 23:53:01 +0200 -Subject: [PATCH] WPA: Extra defense against PTK reinstalls in 4-way handshake - -Currently, reinstallations of the PTK are prevented by (1) assuring the -same TPTK is only set once as the PTK, and (2) that one particular PTK -is only installed once. This patch makes it more explicit that point (1) -is required to prevent key reinstallations. At the same time, this patch -hardens wpa_supplicant such that future changes do not accidentally -break this property. - -Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be> ---- - src/rsn_supp/wpa.c | 8 ++++++++ - 1 file changed, 8 insertions(+) - ---- a/src/rsn_supp/wpa.c -+++ b/src/rsn_supp/wpa.c -@@ -1728,6 +1728,14 @@ static int wpa_supplicant_verify_eapol_k - sm->ptk_set = 1; - os_memcpy(&sm->ptk, &sm->tptk, sizeof(sm->ptk)); - os_memset(&sm->tptk, 0, sizeof(sm->tptk)); -+ /* -+ * This assures the same TPTK in sm->tptk can never be -+ * copied twice to sm->pkt as the new PTK. In -+ * combination with the installed flag in the wpa_ptk -+ * struct, this assures the same PTK is only installed -+ * once. -+ */ -+ sm->renew_snonce = 1; - } - } - |