diff options
Diffstat (limited to 'package/network/services/hostapd/patches')
33 files changed, 144 insertions, 1525 deletions
diff --git a/package/network/services/hostapd/patches/000-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch b/package/network/services/hostapd/patches/000-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch deleted file mode 100644 index 14b2d7c717..0000000000 --- a/package/network/services/hostapd/patches/000-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch +++ /dev/null @@ -1,154 +0,0 @@ -From: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be> -Date: Fri, 14 Jul 2017 15:15:35 +0200 -Subject: [PATCH] hostapd: Avoid key reinstallation in FT handshake - -Do not reinstall TK to the driver during Reassociation Response frame -processing if the first attempt of setting the TK succeeded. This avoids -issues related to clearing the TX/RX PN that could result in reusing -same PN values for transmitted frames (e.g., due to CCM nonce reuse and -also hitting replay protection on the receiver) and accepting replayed -frames on RX side. - -This issue was introduced by the commit -0e84c25434e6a1f283c7b4e62e483729085b78d2 ('FT: Fix PTK configuration in -authenticator') which allowed wpa_ft_install_ptk() to be called multiple -times with the same PTK. While the second configuration attempt is -needed with some drivers, it must be done only if the first attempt -failed. - -Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be> ---- - ---- a/src/ap/ieee802_11.c -+++ b/src/ap/ieee802_11.c -@@ -2522,6 +2522,7 @@ static int add_associated_sta(struct hos - { - struct ieee80211_ht_capabilities ht_cap; - struct ieee80211_vht_capabilities vht_cap; -+ int set = 1; - - /* - * Remove the STA entry to ensure the STA PS state gets cleared and -@@ -2529,9 +2530,18 @@ static int add_associated_sta(struct hos - * FT-over-the-DS, where a station re-associates back to the same AP but - * skips the authentication flow, or if working with a driver that - * does not support full AP client state. -+ * -+ * Skip this if the STA has already completed FT reassociation and the -+ * TK has been configured since the TX/RX PN must not be reset to 0 for -+ * the same key. - */ -- if (!sta->added_unassoc) -+ if (!sta->added_unassoc && -+ (!(sta->flags & WLAN_STA_AUTHORIZED) || -+ !wpa_auth_sta_ft_tk_already_set(sta->wpa_sm))) { - hostapd_drv_sta_remove(hapd, sta->addr); -+ wpa_auth_sm_event(sta->wpa_sm, WPA_DRV_STA_REMOVED); -+ set = 0; -+ } - - #ifdef CONFIG_IEEE80211N - if (sta->flags & WLAN_STA_HT) -@@ -2554,11 +2564,11 @@ static int add_associated_sta(struct hos - sta->flags & WLAN_STA_VHT ? &vht_cap : NULL, - sta->flags | WLAN_STA_ASSOC, sta->qosinfo, - sta->vht_opmode, sta->p2p_ie ? 1 : 0, -- sta->added_unassoc)) { -+ set)) { - hostapd_logger(hapd, sta->addr, - HOSTAPD_MODULE_IEEE80211, HOSTAPD_LEVEL_NOTICE, - "Could not %s STA to kernel driver", -- sta->added_unassoc ? "set" : "add"); -+ set ? "set" : "add"); - - if (sta->added_unassoc) { - hostapd_drv_sta_remove(hapd, sta->addr); ---- a/src/ap/wpa_auth.c -+++ b/src/ap/wpa_auth.c -@@ -1783,6 +1783,9 @@ int wpa_auth_sm_event(struct wpa_state_m - #else /* CONFIG_FILS */ - break; - #endif /* CONFIG_FILS */ -+ case WPA_DRV_STA_REMOVED: -+ sm->tk_already_set = FALSE; -+ return 0; - } - - #ifdef CONFIG_IEEE80211R_AP -@@ -3922,6 +3925,14 @@ int wpa_auth_sta_wpa_version(struct wpa_ - } - - -+int wpa_auth_sta_ft_tk_already_set(struct wpa_state_machine *sm) -+{ -+ if (!sm || !wpa_key_mgmt_ft(sm->wpa_key_mgmt)) -+ return 0; -+ return sm->tk_already_set; -+} -+ -+ - int wpa_auth_sta_clear_pmksa(struct wpa_state_machine *sm, - struct rsn_pmksa_cache_entry *entry) - { ---- a/src/ap/wpa_auth.h -+++ b/src/ap/wpa_auth.h -@@ -300,7 +300,7 @@ void wpa_receive(struct wpa_authenticato - u8 *data, size_t data_len); - enum wpa_event { - WPA_AUTH, WPA_ASSOC, WPA_DISASSOC, WPA_DEAUTH, WPA_REAUTH, -- WPA_REAUTH_EAPOL, WPA_ASSOC_FT, WPA_ASSOC_FILS -+ WPA_REAUTH_EAPOL, WPA_ASSOC_FT, WPA_ASSOC_FILS, WPA_DRV_STA_REMOVED - }; - void wpa_remove_ptk(struct wpa_state_machine *sm); - int wpa_auth_sm_event(struct wpa_state_machine *sm, enum wpa_event event); -@@ -313,6 +313,7 @@ int wpa_auth_pairwise_set(struct wpa_sta - int wpa_auth_get_pairwise(struct wpa_state_machine *sm); - int wpa_auth_sta_key_mgmt(struct wpa_state_machine *sm); - int wpa_auth_sta_wpa_version(struct wpa_state_machine *sm); -+int wpa_auth_sta_ft_tk_already_set(struct wpa_state_machine *sm); - int wpa_auth_sta_clear_pmksa(struct wpa_state_machine *sm, - struct rsn_pmksa_cache_entry *entry); - struct rsn_pmksa_cache_entry * ---- a/src/ap/wpa_auth_ft.c -+++ b/src/ap/wpa_auth_ft.c -@@ -1937,6 +1937,14 @@ void wpa_ft_install_ptk(struct wpa_state - return; - } - -+ if (sm->tk_already_set) { -+ /* Must avoid TK reconfiguration to prevent clearing of TX/RX -+ * PN in the driver */ -+ wpa_printf(MSG_DEBUG, -+ "FT: Do not re-install same PTK to the driver"); -+ return; -+ } -+ - /* FIX: add STA entry to kernel/driver here? The set_key will fail - * most likely without this.. At the moment, STA entry is added only - * after association has been completed. This function will be called -@@ -1949,6 +1957,7 @@ void wpa_ft_install_ptk(struct wpa_state - - /* FIX: MLME-SetProtection.Request(TA, Tx_Rx) */ - sm->pairwise_set = TRUE; -+ sm->tk_already_set = TRUE; - } - - -@@ -2152,6 +2161,7 @@ static int wpa_ft_process_auth_req(struc - - sm->pairwise = pairwise; - sm->PTK_valid = TRUE; -+ sm->tk_already_set = FALSE; - wpa_ft_install_ptk(sm); - - buflen = 2 + sizeof(struct rsn_mdie) + 2 + sizeof(struct rsn_ftie) + ---- a/src/ap/wpa_auth_i.h -+++ b/src/ap/wpa_auth_i.h -@@ -61,6 +61,7 @@ struct wpa_state_machine { - struct wpa_ptk PTK; - Boolean PTK_valid; - Boolean pairwise_set; -+ Boolean tk_already_set; - int keycount; - Boolean Pair; - struct wpa_key_replay_counter { diff --git a/package/network/services/hostapd/patches/001-Prevent-reinstallation-of-an-already-in-use-group-ke.patch b/package/network/services/hostapd/patches/001-Prevent-reinstallation-of-an-already-in-use-group-ke.patch deleted file mode 100644 index b283bf887d..0000000000 --- a/package/network/services/hostapd/patches/001-Prevent-reinstallation-of-an-already-in-use-group-ke.patch +++ /dev/null @@ -1,244 +0,0 @@ -From: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be> -Date: Wed, 12 Jul 2017 16:03:24 +0200 -Subject: [PATCH] Prevent reinstallation of an already in-use group key - -Track the current GTK and IGTK that is in use and when receiving a -(possibly retransmitted) Group Message 1 or WNM-Sleep Mode Response, do -not install the given key if it is already in use. This prevents an -attacker from trying to trick the client into resetting or lowering the -sequence counter associated to the group key. - -Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be> ---- - ---- a/src/common/wpa_common.h -+++ b/src/common/wpa_common.h -@@ -218,6 +218,17 @@ struct wpa_ptk { - size_t tk_len; - }; - -+struct wpa_gtk { -+ u8 gtk[WPA_GTK_MAX_LEN]; -+ size_t gtk_len; -+}; -+ -+#ifdef CONFIG_IEEE80211W -+struct wpa_igtk { -+ u8 igtk[WPA_IGTK_MAX_LEN]; -+ size_t igtk_len; -+}; -+#endif /* CONFIG_IEEE80211W */ - - /* WPA IE version 1 - * 00-50-f2:1 (OUI:OUI type) ---- a/src/rsn_supp/wpa.c -+++ b/src/rsn_supp/wpa.c -@@ -800,6 +800,15 @@ static int wpa_supplicant_install_gtk(st - const u8 *_gtk = gd->gtk; - u8 gtk_buf[32]; - -+ /* Detect possible key reinstallation */ -+ if (sm->gtk.gtk_len == (size_t) gd->gtk_len && -+ os_memcmp(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len) == 0) { -+ wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, -+ "WPA: Not reinstalling already in-use GTK to the driver (keyidx=%d tx=%d len=%d)", -+ gd->keyidx, gd->tx, gd->gtk_len); -+ return 0; -+ } -+ - wpa_hexdump_key(MSG_DEBUG, "WPA: Group Key", gd->gtk, gd->gtk_len); - wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, - "WPA: Installing GTK to the driver (keyidx=%d tx=%d len=%d)", -@@ -834,6 +843,9 @@ static int wpa_supplicant_install_gtk(st - } - os_memset(gtk_buf, 0, sizeof(gtk_buf)); - -+ sm->gtk.gtk_len = gd->gtk_len; -+ os_memcpy(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len); -+ - return 0; - } - -@@ -940,6 +952,48 @@ static int wpa_supplicant_pairwise_gtk(s - } - - -+#ifdef CONFIG_IEEE80211W -+static int wpa_supplicant_install_igtk(struct wpa_sm *sm, -+ const struct wpa_igtk_kde *igtk) -+{ -+ size_t len = wpa_cipher_key_len(sm->mgmt_group_cipher); -+ u16 keyidx = WPA_GET_LE16(igtk->keyid); -+ -+ /* Detect possible key reinstallation */ -+ if (sm->igtk.igtk_len == len && -+ os_memcmp(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len) == 0) { -+ wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, -+ "WPA: Not reinstalling already in-use IGTK to the driver (keyidx=%d)", -+ keyidx); -+ return 0; -+ } -+ -+ wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, -+ "WPA: IGTK keyid %d pn %02x%02x%02x%02x%02x%02x", -+ keyidx, MAC2STR(igtk->pn)); -+ wpa_hexdump_key(MSG_DEBUG, "WPA: IGTK", igtk->igtk, len); -+ if (keyidx > 4095) { -+ wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, -+ "WPA: Invalid IGTK KeyID %d", keyidx); -+ return -1; -+ } -+ if (wpa_sm_set_key(sm, wpa_cipher_to_alg(sm->mgmt_group_cipher), -+ broadcast_ether_addr, -+ keyidx, 0, igtk->pn, sizeof(igtk->pn), -+ igtk->igtk, len) < 0) { -+ wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, -+ "WPA: Failed to configure IGTK to the driver"); -+ return -1; -+ } -+ -+ sm->igtk.igtk_len = len; -+ os_memcpy(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len); -+ -+ return 0; -+} -+#endif /* CONFIG_IEEE80211W */ -+ -+ - static int ieee80211w_set_keys(struct wpa_sm *sm, - struct wpa_eapol_ie_parse *ie) - { -@@ -950,30 +1004,14 @@ static int ieee80211w_set_keys(struct wp - if (ie->igtk) { - size_t len; - const struct wpa_igtk_kde *igtk; -- u16 keyidx; -+ - len = wpa_cipher_key_len(sm->mgmt_group_cipher); - if (ie->igtk_len != WPA_IGTK_KDE_PREFIX_LEN + len) - return -1; -+ - igtk = (const struct wpa_igtk_kde *) ie->igtk; -- keyidx = WPA_GET_LE16(igtk->keyid); -- wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: IGTK keyid %d " -- "pn %02x%02x%02x%02x%02x%02x", -- keyidx, MAC2STR(igtk->pn)); -- wpa_hexdump_key(MSG_DEBUG, "WPA: IGTK", -- igtk->igtk, len); -- if (keyidx > 4095) { -- wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, -- "WPA: Invalid IGTK KeyID %d", keyidx); -+ if (wpa_supplicant_install_igtk(sm, igtk) < 0) - return -1; -- } -- if (wpa_sm_set_key(sm, wpa_cipher_to_alg(sm->mgmt_group_cipher), -- broadcast_ether_addr, -- keyidx, 0, igtk->pn, sizeof(igtk->pn), -- igtk->igtk, len) < 0) { -- wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, -- "WPA: Failed to configure IGTK to the driver"); -- return -1; -- } - } - - return 0; -@@ -2491,7 +2529,7 @@ void wpa_sm_deinit(struct wpa_sm *sm) - */ - void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid) - { -- int clear_ptk = 1; -+ int clear_keys = 1; - - if (sm == NULL) - return; -@@ -2517,7 +2555,7 @@ void wpa_sm_notify_assoc(struct wpa_sm * - /* Prepare for the next transition */ - wpa_ft_prepare_auth_request(sm, NULL); - -- clear_ptk = 0; -+ clear_keys = 0; - } - #endif /* CONFIG_IEEE80211R */ - #ifdef CONFIG_FILS -@@ -2527,11 +2565,11 @@ void wpa_sm_notify_assoc(struct wpa_sm * - * AUTHENTICATED state to get the EAPOL port Authorized. - */ - wpa_supplicant_key_neg_complete(sm, sm->bssid, 1); -- clear_ptk = 0; -+ clear_keys = 0; - } - #endif /* CONFIG_FILS */ - -- if (clear_ptk) { -+ if (clear_keys) { - /* - * IEEE 802.11, 8.4.10: Delete PTK SA on (re)association if - * this is not part of a Fast BSS Transition. -@@ -2541,6 +2579,10 @@ void wpa_sm_notify_assoc(struct wpa_sm * - os_memset(&sm->ptk, 0, sizeof(sm->ptk)); - sm->tptk_set = 0; - os_memset(&sm->tptk, 0, sizeof(sm->tptk)); -+ os_memset(&sm->gtk, 0, sizeof(sm->gtk)); -+#ifdef CONFIG_IEEE80211W -+ os_memset(&sm->igtk, 0, sizeof(sm->igtk)); -+#endif /* CONFIG_IEEE80211W */ - } - - #ifdef CONFIG_TDLS -@@ -3117,6 +3159,10 @@ void wpa_sm_drop_sa(struct wpa_sm *sm) - os_memset(sm->pmk, 0, sizeof(sm->pmk)); - os_memset(&sm->ptk, 0, sizeof(sm->ptk)); - os_memset(&sm->tptk, 0, sizeof(sm->tptk)); -+ os_memset(&sm->gtk, 0, sizeof(sm->gtk)); -+#ifdef CONFIG_IEEE80211W -+ os_memset(&sm->igtk, 0, sizeof(sm->igtk)); -+#endif /* CONFIG_IEEE80211W */ - #ifdef CONFIG_IEEE80211R - os_memset(sm->xxkey, 0, sizeof(sm->xxkey)); - os_memset(sm->pmk_r0, 0, sizeof(sm->pmk_r0)); -@@ -3189,29 +3235,11 @@ int wpa_wnmsleep_install_key(struct wpa_ - os_memset(&gd, 0, sizeof(gd)); - #ifdef CONFIG_IEEE80211W - } else if (subelem_id == WNM_SLEEP_SUBELEM_IGTK) { -- struct wpa_igtk_kde igd; -- u16 keyidx; -+ const struct wpa_igtk_kde *igtk; - -- os_memset(&igd, 0, sizeof(igd)); -- keylen = wpa_cipher_key_len(sm->mgmt_group_cipher); -- os_memcpy(igd.keyid, buf + 2, 2); -- os_memcpy(igd.pn, buf + 4, 6); -- -- keyidx = WPA_GET_LE16(igd.keyid); -- os_memcpy(igd.igtk, buf + 10, keylen); -- -- wpa_hexdump_key(MSG_DEBUG, "Install IGTK (WNM SLEEP)", -- igd.igtk, keylen); -- if (wpa_sm_set_key(sm, wpa_cipher_to_alg(sm->mgmt_group_cipher), -- broadcast_ether_addr, -- keyidx, 0, igd.pn, sizeof(igd.pn), -- igd.igtk, keylen) < 0) { -- wpa_printf(MSG_DEBUG, "Failed to install the IGTK in " -- "WNM mode"); -- os_memset(&igd, 0, sizeof(igd)); -+ igtk = (const struct wpa_igtk_kde *) (buf + 2); -+ if (wpa_supplicant_install_igtk(sm, igtk) < 0) - return -1; -- } -- os_memset(&igd, 0, sizeof(igd)); - #endif /* CONFIG_IEEE80211W */ - } else { - wpa_printf(MSG_DEBUG, "Unknown element id"); ---- a/src/rsn_supp/wpa_i.h -+++ b/src/rsn_supp/wpa_i.h -@@ -31,6 +31,10 @@ struct wpa_sm { - u8 rx_replay_counter[WPA_REPLAY_COUNTER_LEN]; - int rx_replay_counter_set; - u8 request_counter[WPA_REPLAY_COUNTER_LEN]; -+ struct wpa_gtk gtk; -+#ifdef CONFIG_IEEE80211W -+ struct wpa_igtk igtk; -+#endif /* CONFIG_IEEE80211W */ - - struct eapol_sm *eapol; /* EAPOL state machine from upper level code */ - diff --git a/package/network/services/hostapd/patches/002-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch b/package/network/services/hostapd/patches/002-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch deleted file mode 100644 index 2093d25e9c..0000000000 --- a/package/network/services/hostapd/patches/002-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch +++ /dev/null @@ -1,182 +0,0 @@ -From: Jouni Malinen <j@w1.fi> -Date: Sun, 1 Oct 2017 12:12:24 +0300 -Subject: [PATCH] Extend protection of GTK/IGTK reinstallation of WNM-Sleep - Mode cases - -This extends the protection to track last configured GTK/IGTK value -separately from EAPOL-Key frames and WNM-Sleep Mode frames to cover a -corner case where these two different mechanisms may get used when the -GTK/IGTK has changed and tracking a single value is not sufficient to -detect a possible key reconfiguration. - -Signed-off-by: Jouni Malinen <j@w1.fi> ---- - ---- a/src/rsn_supp/wpa.c -+++ b/src/rsn_supp/wpa.c -@@ -795,14 +795,17 @@ struct wpa_gtk_data { - - static int wpa_supplicant_install_gtk(struct wpa_sm *sm, - const struct wpa_gtk_data *gd, -- const u8 *key_rsc) -+ const u8 *key_rsc, int wnm_sleep) - { - const u8 *_gtk = gd->gtk; - u8 gtk_buf[32]; - - /* Detect possible key reinstallation */ -- if (sm->gtk.gtk_len == (size_t) gd->gtk_len && -- os_memcmp(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len) == 0) { -+ if ((sm->gtk.gtk_len == (size_t) gd->gtk_len && -+ os_memcmp(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len) == 0) || -+ (sm->gtk_wnm_sleep.gtk_len == (size_t) gd->gtk_len && -+ os_memcmp(sm->gtk_wnm_sleep.gtk, gd->gtk, -+ sm->gtk_wnm_sleep.gtk_len) == 0)) { - wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, - "WPA: Not reinstalling already in-use GTK to the driver (keyidx=%d tx=%d len=%d)", - gd->keyidx, gd->tx, gd->gtk_len); -@@ -843,8 +846,14 @@ static int wpa_supplicant_install_gtk(st - } - os_memset(gtk_buf, 0, sizeof(gtk_buf)); - -- sm->gtk.gtk_len = gd->gtk_len; -- os_memcpy(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len); -+ if (wnm_sleep) { -+ sm->gtk_wnm_sleep.gtk_len = gd->gtk_len; -+ os_memcpy(sm->gtk_wnm_sleep.gtk, gd->gtk, -+ sm->gtk_wnm_sleep.gtk_len); -+ } else { -+ sm->gtk.gtk_len = gd->gtk_len; -+ os_memcpy(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len); -+ } - - return 0; - } -@@ -938,7 +947,7 @@ static int wpa_supplicant_pairwise_gtk(s - (wpa_supplicant_check_group_cipher(sm, sm->group_cipher, - gtk_len, gtk_len, - &gd.key_rsc_len, &gd.alg) || -- wpa_supplicant_install_gtk(sm, &gd, key_rsc))) { -+ wpa_supplicant_install_gtk(sm, &gd, key_rsc, 0))) { - wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, - "RSN: Failed to install GTK"); - os_memset(&gd, 0, sizeof(gd)); -@@ -954,14 +963,18 @@ static int wpa_supplicant_pairwise_gtk(s - - #ifdef CONFIG_IEEE80211W - static int wpa_supplicant_install_igtk(struct wpa_sm *sm, -- const struct wpa_igtk_kde *igtk) -+ const struct wpa_igtk_kde *igtk, -+ int wnm_sleep) - { - size_t len = wpa_cipher_key_len(sm->mgmt_group_cipher); - u16 keyidx = WPA_GET_LE16(igtk->keyid); - - /* Detect possible key reinstallation */ -- if (sm->igtk.igtk_len == len && -- os_memcmp(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len) == 0) { -+ if ((sm->igtk.igtk_len == len && -+ os_memcmp(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len) == 0) || -+ (sm->igtk_wnm_sleep.igtk_len == len && -+ os_memcmp(sm->igtk_wnm_sleep.igtk, igtk->igtk, -+ sm->igtk_wnm_sleep.igtk_len) == 0)) { - wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, - "WPA: Not reinstalling already in-use IGTK to the driver (keyidx=%d)", - keyidx); -@@ -986,8 +999,14 @@ static int wpa_supplicant_install_igtk(s - return -1; - } - -- sm->igtk.igtk_len = len; -- os_memcpy(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len); -+ if (wnm_sleep) { -+ sm->igtk_wnm_sleep.igtk_len = len; -+ os_memcpy(sm->igtk_wnm_sleep.igtk, igtk->igtk, -+ sm->igtk_wnm_sleep.igtk_len); -+ } else { -+ sm->igtk.igtk_len = len; -+ os_memcpy(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len); -+ } - - return 0; - } -@@ -1010,7 +1029,7 @@ static int ieee80211w_set_keys(struct wp - return -1; - - igtk = (const struct wpa_igtk_kde *) ie->igtk; -- if (wpa_supplicant_install_igtk(sm, igtk) < 0) -+ if (wpa_supplicant_install_igtk(sm, igtk, 0) < 0) - return -1; - } - -@@ -1659,7 +1678,7 @@ static void wpa_supplicant_process_1_of_ - if (wpa_supplicant_rsc_relaxation(sm, key->key_rsc)) - key_rsc = null_rsc; - -- if (wpa_supplicant_install_gtk(sm, &gd, key_rsc) || -+ if (wpa_supplicant_install_gtk(sm, &gd, key_rsc, 0) || - wpa_supplicant_send_2_of_2(sm, key, ver, key_info) < 0) - goto failed; - os_memset(&gd, 0, sizeof(gd)); -@@ -2580,8 +2599,10 @@ void wpa_sm_notify_assoc(struct wpa_sm * - sm->tptk_set = 0; - os_memset(&sm->tptk, 0, sizeof(sm->tptk)); - os_memset(&sm->gtk, 0, sizeof(sm->gtk)); -+ os_memset(&sm->gtk_wnm_sleep, 0, sizeof(sm->gtk_wnm_sleep)); - #ifdef CONFIG_IEEE80211W - os_memset(&sm->igtk, 0, sizeof(sm->igtk)); -+ os_memset(&sm->igtk_wnm_sleep, 0, sizeof(sm->igtk_wnm_sleep)); - #endif /* CONFIG_IEEE80211W */ - } - -@@ -3160,8 +3181,10 @@ void wpa_sm_drop_sa(struct wpa_sm *sm) - os_memset(&sm->ptk, 0, sizeof(sm->ptk)); - os_memset(&sm->tptk, 0, sizeof(sm->tptk)); - os_memset(&sm->gtk, 0, sizeof(sm->gtk)); -+ os_memset(&sm->gtk_wnm_sleep, 0, sizeof(sm->gtk_wnm_sleep)); - #ifdef CONFIG_IEEE80211W - os_memset(&sm->igtk, 0, sizeof(sm->igtk)); -+ os_memset(&sm->igtk_wnm_sleep, 0, sizeof(sm->igtk_wnm_sleep)); - #endif /* CONFIG_IEEE80211W */ - #ifdef CONFIG_IEEE80211R - os_memset(sm->xxkey, 0, sizeof(sm->xxkey)); -@@ -3226,7 +3249,7 @@ int wpa_wnmsleep_install_key(struct wpa_ - - wpa_hexdump_key(MSG_DEBUG, "Install GTK (WNM SLEEP)", - gd.gtk, gd.gtk_len); -- if (wpa_supplicant_install_gtk(sm, &gd, key_rsc)) { -+ if (wpa_supplicant_install_gtk(sm, &gd, key_rsc, 1)) { - os_memset(&gd, 0, sizeof(gd)); - wpa_printf(MSG_DEBUG, "Failed to install the GTK in " - "WNM mode"); -@@ -3238,7 +3261,7 @@ int wpa_wnmsleep_install_key(struct wpa_ - const struct wpa_igtk_kde *igtk; - - igtk = (const struct wpa_igtk_kde *) (buf + 2); -- if (wpa_supplicant_install_igtk(sm, igtk) < 0) -+ if (wpa_supplicant_install_igtk(sm, igtk, 1) < 0) - return -1; - #endif /* CONFIG_IEEE80211W */ - } else { -@@ -4121,7 +4144,7 @@ int fils_process_assoc_resp(struct wpa_s - os_memcpy(gd.gtk, kde.gtk + 2, kde.gtk_len - 2); - - wpa_printf(MSG_DEBUG, "FILS: Set GTK to driver"); -- if (wpa_supplicant_install_gtk(sm, &gd, elems.key_delivery) < 0) { -+ if (wpa_supplicant_install_gtk(sm, &gd, elems.key_delivery, 0) < 0) { - wpa_printf(MSG_DEBUG, "FILS: Failed to set GTK"); - goto fail; - } ---- a/src/rsn_supp/wpa_i.h -+++ b/src/rsn_supp/wpa_i.h -@@ -32,8 +32,10 @@ struct wpa_sm { - int rx_replay_counter_set; - u8 request_counter[WPA_REPLAY_COUNTER_LEN]; - struct wpa_gtk gtk; -+ struct wpa_gtk gtk_wnm_sleep; - #ifdef CONFIG_IEEE80211W - struct wpa_igtk igtk; -+ struct wpa_igtk igtk_wnm_sleep; - #endif /* CONFIG_IEEE80211W */ - - struct eapol_sm *eapol; /* EAPOL state machine from upper level code */ diff --git a/package/network/services/hostapd/patches/003-Prevent-installation-of-an-all-zero-TK.patch b/package/network/services/hostapd/patches/003-Prevent-installation-of-an-all-zero-TK.patch deleted file mode 100644 index 30679e25c2..0000000000 --- a/package/network/services/hostapd/patches/003-Prevent-installation-of-an-all-zero-TK.patch +++ /dev/null @@ -1,73 +0,0 @@ -From: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be> -Date: Fri, 29 Sep 2017 04:22:51 +0200 -Subject: [PATCH] Prevent installation of an all-zero TK - -Properly track whether a PTK has already been installed to the driver -and the TK part cleared from memory. This prevents an attacker from -trying to trick the client into installing an all-zero TK. - -This fixes the earlier fix in commit -ad00d64e7d8827b3cebd665a0ceb08adabf15e1e ('Fix TK configuration to the -driver in EAPOL-Key 3/4 retry case') which did not take into account -possibility of an extra message 1/4 showing up between retries of -message 3/4. - -Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be> ---- - ---- a/src/common/wpa_common.h -+++ b/src/common/wpa_common.h -@@ -216,6 +216,7 @@ struct wpa_ptk { - size_t kck_len; - size_t kek_len; - size_t tk_len; -+ int installed; /* 1 if key has already been installed to driver */ - }; - - struct wpa_gtk { ---- a/src/rsn_supp/wpa.c -+++ b/src/rsn_supp/wpa.c -@@ -594,7 +594,6 @@ static void wpa_supplicant_process_1_of_ - os_memset(buf, 0, sizeof(buf)); - } - sm->tptk_set = 1; -- sm->tk_to_set = 1; - - kde = sm->assoc_wpa_ie; - kde_len = sm->assoc_wpa_ie_len; -@@ -701,7 +700,7 @@ static int wpa_supplicant_install_ptk(st - enum wpa_alg alg; - const u8 *key_rsc; - -- if (!sm->tk_to_set) { -+ if (sm->ptk.installed) { - wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, - "WPA: Do not re-install same PTK to the driver"); - return 0; -@@ -745,7 +744,7 @@ static int wpa_supplicant_install_ptk(st - - /* TK is not needed anymore in supplicant */ - os_memset(sm->ptk.tk, 0, WPA_TK_MAX_LEN); -- sm->tk_to_set = 0; -+ sm->ptk.installed = 1; - - if (sm->wpa_ptk_rekey) { - eloop_cancel_timeout(wpa_sm_rekey_ptk, sm, NULL); -@@ -4172,6 +4171,7 @@ int fils_process_assoc_resp(struct wpa_s - * takes care of association frame encryption/decryption. */ - /* TK is not needed anymore in supplicant */ - os_memset(sm->ptk.tk, 0, WPA_TK_MAX_LEN); -+ sm->ptk.installed = 1; - - /* FILS HLP Container */ - fils_process_hlp_container(sm, ie_start, end - ie_start); ---- a/src/rsn_supp/wpa_i.h -+++ b/src/rsn_supp/wpa_i.h -@@ -24,7 +24,6 @@ struct wpa_sm { - struct wpa_ptk ptk, tptk; - int ptk_set, tptk_set; - unsigned int msg_3_of_4_ok:1; -- unsigned int tk_to_set:1; - u8 snonce[WPA_NONCE_LEN]; - u8 anonce[WPA_NONCE_LEN]; /* ANonce from the last 1/4 msg */ - int renew_snonce; diff --git a/package/network/services/hostapd/patches/004-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch b/package/network/services/hostapd/patches/004-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch deleted file mode 100644 index 6f28e74314..0000000000 --- a/package/network/services/hostapd/patches/004-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch +++ /dev/null @@ -1,56 +0,0 @@ -From: Jouni Malinen <j@w1.fi> -Date: Sun, 1 Oct 2017 12:32:57 +0300 -Subject: [PATCH] Fix PTK rekeying to generate a new ANonce - -The Authenticator state machine path for PTK rekeying ended up bypassing -the AUTHENTICATION2 state where a new ANonce is generated when going -directly to the PTKSTART state since there is no need to try to -determine the PMK again in such a case. This is far from ideal since the -new PTK would depend on a new nonce only from the supplicant. - -Fix this by generating a new ANonce when moving to the PTKSTART state -for the purpose of starting new 4-way handshake to rekey PTK. - -Signed-off-by: Jouni Malinen <j@w1.fi> ---- - ---- a/src/ap/wpa_auth.c -+++ b/src/ap/wpa_auth.c -@@ -1951,6 +1951,21 @@ SM_STATE(WPA_PTK, AUTHENTICATION2) - } - - -+static int wpa_auth_sm_ptk_update(struct wpa_state_machine *sm) -+{ -+ if (random_get_bytes(sm->ANonce, WPA_NONCE_LEN)) { -+ wpa_printf(MSG_ERROR, -+ "WPA: Failed to get random data for ANonce"); -+ sm->Disconnect = TRUE; -+ return -1; -+ } -+ wpa_hexdump(MSG_DEBUG, "WPA: Assign new ANonce", sm->ANonce, -+ WPA_NONCE_LEN); -+ sm->TimeoutCtr = 0; -+ return 0; -+} -+ -+ - SM_STATE(WPA_PTK, INITPMK) - { - u8 msk[2 * PMK_LEN]; -@@ -3116,9 +3131,12 @@ SM_STEP(WPA_PTK) - SM_ENTER(WPA_PTK, AUTHENTICATION); - else if (sm->ReAuthenticationRequest) - SM_ENTER(WPA_PTK, AUTHENTICATION2); -- else if (sm->PTKRequest) -- SM_ENTER(WPA_PTK, PTKSTART); -- else switch (sm->wpa_ptk_state) { -+ else if (sm->PTKRequest) { -+ if (wpa_auth_sm_ptk_update(sm) < 0) -+ SM_ENTER(WPA_PTK, DISCONNECTED); -+ else -+ SM_ENTER(WPA_PTK, PTKSTART); -+ } else switch (sm->wpa_ptk_state) { - case WPA_PTK_INITIALIZE: - break; - case WPA_PTK_DISCONNECT: diff --git a/package/network/services/hostapd/patches/005-TDLS-Reject-TPK-TK-reconfiguration.patch b/package/network/services/hostapd/patches/005-TDLS-Reject-TPK-TK-reconfiguration.patch deleted file mode 100644 index 2ca05dd643..0000000000 --- a/package/network/services/hostapd/patches/005-TDLS-Reject-TPK-TK-reconfiguration.patch +++ /dev/null @@ -1,124 +0,0 @@ -From: Jouni Malinen <j@w1.fi> -Date: Fri, 22 Sep 2017 11:03:15 +0300 -Subject: [PATCH] TDLS: Reject TPK-TK reconfiguration - -Do not try to reconfigure the same TPK-TK to the driver after it has -been successfully configured. This is an explicit check to avoid issues -related to resetting the TX/RX packet number. There was already a check -for this for TPK M2 (retries of that message are ignored completely), so -that behavior does not get modified. - -For TPK M3, the TPK-TK could have been reconfigured, but that was -followed by immediate teardown of the link due to an issue in updating -the STA entry. Furthermore, for TDLS with any real security (i.e., -ignoring open/WEP), the TPK message exchange is protected on the AP path -and simple replay attacks are not feasible. - -As an additional corner case, make sure the local nonce gets updated if -the peer uses a very unlikely "random nonce" of all zeros. - -Signed-off-by: Jouni Malinen <j@w1.fi> ---- - ---- a/src/rsn_supp/tdls.c -+++ b/src/rsn_supp/tdls.c -@@ -112,6 +112,7 @@ struct wpa_tdls_peer { - u8 tk[16]; /* TPK-TK; assuming only CCMP will be used */ - } tpk; - int tpk_set; -+ int tk_set; /* TPK-TK configured to the driver */ - int tpk_success; - int tpk_in_progress; - -@@ -192,6 +193,20 @@ static int wpa_tdls_set_key(struct wpa_s - u8 rsc[6]; - enum wpa_alg alg; - -+ if (peer->tk_set) { -+ /* -+ * This same TPK-TK has already been configured to the driver -+ * and this new configuration attempt (likely due to an -+ * unexpected retransmitted frame) would result in clearing -+ * the TX/RX sequence number which can break security, so must -+ * not allow that to happen. -+ */ -+ wpa_printf(MSG_INFO, "TDLS: TPK-TK for the peer " MACSTR -+ " has already been configured to the driver - do not reconfigure", -+ MAC2STR(peer->addr)); -+ return -1; -+ } -+ - os_memset(rsc, 0, 6); - - switch (peer->cipher) { -@@ -209,12 +224,15 @@ static int wpa_tdls_set_key(struct wpa_s - return -1; - } - -+ wpa_printf(MSG_DEBUG, "TDLS: Configure pairwise key for peer " MACSTR, -+ MAC2STR(peer->addr)); - if (wpa_sm_set_key(sm, alg, peer->addr, -1, 1, - rsc, sizeof(rsc), peer->tpk.tk, key_len) < 0) { - wpa_printf(MSG_WARNING, "TDLS: Failed to set TPK to the " - "driver"); - return -1; - } -+ peer->tk_set = 1; - return 0; - } - -@@ -695,7 +713,7 @@ static void wpa_tdls_peer_clear(struct w - peer->cipher = 0; - peer->qos_info = 0; - peer->wmm_capable = 0; -- peer->tpk_set = peer->tpk_success = 0; -+ peer->tk_set = peer->tpk_set = peer->tpk_success = 0; - peer->chan_switch_enabled = 0; - os_memset(&peer->tpk, 0, sizeof(peer->tpk)); - os_memset(peer->inonce, 0, WPA_NONCE_LEN); -@@ -1158,6 +1176,7 @@ skip_rsnie: - wpa_tdls_peer_free(sm, peer); - return -1; - } -+ peer->tk_set = 0; /* A new nonce results in a new TK */ - wpa_hexdump(MSG_DEBUG, "TDLS: Initiator Nonce for TPK handshake", - peer->inonce, WPA_NONCE_LEN); - os_memcpy(ftie->Snonce, peer->inonce, WPA_NONCE_LEN); -@@ -1751,6 +1770,19 @@ static int wpa_tdls_addset_peer(struct w - } - - -+static int tdls_nonce_set(const u8 *nonce) -+{ -+ int i; -+ -+ for (i = 0; i < WPA_NONCE_LEN; i++) { -+ if (nonce[i]) -+ return 1; -+ } -+ -+ return 0; -+} -+ -+ - static int wpa_tdls_process_tpk_m1(struct wpa_sm *sm, const u8 *src_addr, - const u8 *buf, size_t len) - { -@@ -2004,7 +2036,8 @@ skip_rsn: - peer->rsnie_i_len = kde.rsn_ie_len; - peer->cipher = cipher; - -- if (os_memcmp(peer->inonce, ftie->Snonce, WPA_NONCE_LEN) != 0) { -+ if (os_memcmp(peer->inonce, ftie->Snonce, WPA_NONCE_LEN) != 0 || -+ !tdls_nonce_set(peer->inonce)) { - /* - * There is no point in updating the RNonce for every obtained - * TPK M1 frame (e.g., retransmission due to timeout) with the -@@ -2020,6 +2053,7 @@ skip_rsn: - "TDLS: Failed to get random data for responder nonce"); - goto error; - } -+ peer->tk_set = 0; /* A new nonce results in a new TK */ - } - - #if 0 diff --git a/package/network/services/hostapd/patches/006-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch b/package/network/services/hostapd/patches/006-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch deleted file mode 100644 index 13d78b8cbd..0000000000 --- a/package/network/services/hostapd/patches/006-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch +++ /dev/null @@ -1,35 +0,0 @@ -From: Jouni Malinen <j@w1.fi> -Date: Fri, 22 Sep 2017 11:25:02 +0300 -Subject: [PATCH] WNM: Ignore WNM-Sleep Mode Response without pending - request - -Commit 03ed0a52393710be6bdae657d1b36efa146520e5 ('WNM: Ignore WNM-Sleep -Mode Response if WNM-Sleep Mode has not been used') started ignoring the -response when no WNM-Sleep Mode Request had been used during the -association. This can be made tighter by clearing the used flag when -successfully processing a response. This adds an additional layer of -protection against unexpected retransmissions of the response frame. - -Signed-off-by: Jouni Malinen <j@w1.fi> ---- - ---- a/wpa_supplicant/wnm_sta.c -+++ b/wpa_supplicant/wnm_sta.c -@@ -260,7 +260,7 @@ static void ieee802_11_rx_wnmsleep_resp( - - if (!wpa_s->wnmsleep_used) { - wpa_printf(MSG_DEBUG, -- "WNM: Ignore WNM-Sleep Mode Response frame since WNM-Sleep Mode has not been used in this association"); -+ "WNM: Ignore WNM-Sleep Mode Response frame since WNM-Sleep Mode operation has not been requested"); - return; - } - -@@ -299,6 +299,8 @@ static void ieee802_11_rx_wnmsleep_resp( - return; - } - -+ wpa_s->wnmsleep_used = 0; -+ - if (wnmsleep_ie->status == WNM_STATUS_SLEEP_ACCEPT || - wnmsleep_ie->status == WNM_STATUS_SLEEP_EXIT_ACCEPT_GTK_UPDATE) { - wpa_printf(MSG_DEBUG, "Successfully recv WNM-Sleep Response " diff --git a/package/network/services/hostapd/patches/007-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch b/package/network/services/hostapd/patches/007-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch deleted file mode 100644 index 7712ce5198..0000000000 --- a/package/network/services/hostapd/patches/007-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch +++ /dev/null @@ -1,68 +0,0 @@ -From: Jouni Malinen <j@w1.fi> -Date: Fri, 22 Sep 2017 12:06:37 +0300 -Subject: [PATCH] FT: Do not allow multiple Reassociation Response frames - -The driver is expected to not report a second association event without -the station having explicitly request a new association. As such, this -case should not be reachable. However, since reconfiguring the same -pairwise or group keys to the driver could result in nonce reuse issues, -be extra careful here and do an additional state check to avoid this -even if the local driver ends up somehow accepting an unexpected -Reassociation Response frame. - -Signed-off-by: Jouni Malinen <j@w1.fi> ---- - ---- a/src/rsn_supp/wpa.c -+++ b/src/rsn_supp/wpa.c -@@ -2637,6 +2637,9 @@ void wpa_sm_notify_disassoc(struct wpa_s - #ifdef CONFIG_FILS - sm->fils_completed = 0; - #endif /* CONFIG_FILS */ -+#ifdef CONFIG_IEEE80211R -+ sm->ft_reassoc_completed = 0; -+#endif /* CONFIG_IEEE80211R */ - - /* Keys are not needed in the WPA state machine anymore */ - wpa_sm_drop_sa(sm); ---- a/src/rsn_supp/wpa_ft.c -+++ b/src/rsn_supp/wpa_ft.c -@@ -153,6 +153,7 @@ static u8 * wpa_ft_gen_req_ies(struct wp - u16 capab; - - sm->ft_completed = 0; -+ sm->ft_reassoc_completed = 0; - - buf_len = 2 + sizeof(struct rsn_mdie) + 2 + sizeof(struct rsn_ftie) + - 2 + sm->r0kh_id_len + ric_ies_len + 100; -@@ -687,6 +688,11 @@ int wpa_ft_validate_reassoc_resp(struct - return -1; - } - -+ if (sm->ft_reassoc_completed) { -+ wpa_printf(MSG_DEBUG, "FT: Reassociation has already been completed for this FT protocol instance - ignore unexpected retransmission"); -+ return 0; -+ } -+ - if (wpa_ft_parse_ies(ies, ies_len, &parse) < 0) { - wpa_printf(MSG_DEBUG, "FT: Failed to parse IEs"); - return -1; -@@ -787,6 +793,8 @@ int wpa_ft_validate_reassoc_resp(struct - return -1; - } - -+ sm->ft_reassoc_completed = 1; -+ - if (wpa_ft_process_gtk_subelem(sm, parse.gtk, parse.gtk_len) < 0) - return -1; - ---- a/src/rsn_supp/wpa_i.h -+++ b/src/rsn_supp/wpa_i.h -@@ -128,6 +128,7 @@ struct wpa_sm { - size_t r0kh_id_len; - u8 r1kh_id[FT_R1KH_ID_LEN]; - int ft_completed; -+ int ft_reassoc_completed; - int over_the_ds_in_progress; - u8 target_ap[ETH_ALEN]; /* over-the-DS target AP */ - int set_ptk_after_assoc; diff --git a/package/network/services/hostapd/patches/008-WPA-Extra-defense-against-PTK-reinstalls-in-4-way-ha.patch b/package/network/services/hostapd/patches/008-WPA-Extra-defense-against-PTK-reinstalls-in-4-way-ha.patch deleted file mode 100644 index 40f6b56965..0000000000 --- a/package/network/services/hostapd/patches/008-WPA-Extra-defense-against-PTK-reinstalls-in-4-way-ha.patch +++ /dev/null @@ -1,34 +0,0 @@ -From a00e946c1c9a1f9cc65c72900d2a444ceb1f872e Mon Sep 17 00:00:00 2001 -From: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be> -Date: Thu, 5 Oct 2017 23:53:01 +0200 -Subject: [PATCH] WPA: Extra defense against PTK reinstalls in 4-way handshake - -Currently, reinstallations of the PTK are prevented by (1) assuring the -same TPTK is only set once as the PTK, and (2) that one particular PTK -is only installed once. This patch makes it more explicit that point (1) -is required to prevent key reinstallations. At the same time, this patch -hardens wpa_supplicant such that future changes do not accidentally -break this property. - -Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be> ---- - src/rsn_supp/wpa.c | 8 ++++++++ - 1 file changed, 8 insertions(+) - ---- a/src/rsn_supp/wpa.c -+++ b/src/rsn_supp/wpa.c -@@ -1728,6 +1728,14 @@ static int wpa_supplicant_verify_eapol_k - sm->ptk_set = 1; - os_memcpy(&sm->ptk, &sm->tptk, sizeof(sm->ptk)); - os_memset(&sm->tptk, 0, sizeof(sm->tptk)); -+ /* -+ * This assures the same TPTK in sm->tptk can never be -+ * copied twice to sm->pkt as the new PTK. In -+ * combination with the installed flag in the wpa_ptk -+ * struct, this assures the same PTK is only installed -+ * once. -+ */ -+ sm->renew_snonce = 1; - } - } - diff --git a/package/network/services/hostapd/patches/009-Clear-PMK-length-and-check-for-this-when-deriving-PT.patch b/package/network/services/hostapd/patches/009-Clear-PMK-length-and-check-for-this-when-deriving-PT.patch deleted file mode 100644 index ed7d79ec1b..0000000000 --- a/package/network/services/hostapd/patches/009-Clear-PMK-length-and-check-for-this-when-deriving-PT.patch +++ /dev/null @@ -1,53 +0,0 @@ -From b488a12948751f57871f09baa345e59b23959a41 Mon Sep 17 00:00:00 2001 -From: Jouni Malinen <j@w1.fi> -Date: Sun, 8 Oct 2017 13:18:02 +0300 -Subject: [PATCH] Clear PMK length and check for this when deriving PTK - -Instead of setting the default PMK length for the cleared PMK, set the -length to 0 and explicitly check for this when deriving PTK to avoid -unexpected key derivation with an all-zeroes key should it be possible -to somehow trigger PTK derivation to happen before PMK derivation. - -Signed-off-by: Jouni Malinen <j@w1.fi> ---- - src/common/wpa_common.c | 5 +++++ - src/rsn_supp/wpa.c | 7 ++++--- - 2 files changed, 9 insertions(+), 3 deletions(-) - ---- a/src/common/wpa_common.c -+++ b/src/common/wpa_common.c -@@ -225,6 +225,11 @@ int wpa_pmk_to_ptk(const u8 *pmk, size_t - u8 tmp[WPA_KCK_MAX_LEN + WPA_KEK_MAX_LEN + WPA_TK_MAX_LEN]; - size_t ptk_len; - -+ if (pmk_len == 0) { -+ wpa_printf(MSG_ERROR, "WPA: No PMK set for PT derivation"); -+ return -1; -+ } -+ - if (os_memcmp(addr1, addr2, ETH_ALEN) < 0) { - os_memcpy(data, addr1, ETH_ALEN); - os_memcpy(data + ETH_ALEN, addr2, ETH_ALEN); ---- a/src/rsn_supp/wpa.c -+++ b/src/rsn_supp/wpa.c -@@ -584,7 +584,8 @@ static void wpa_supplicant_process_1_of_ - /* Calculate PTK which will be stored as a temporary PTK until it has - * been verified when processing message 3/4. */ - ptk = &sm->tptk; -- wpa_derive_ptk(sm, src_addr, key, ptk); -+ if (wpa_derive_ptk(sm, src_addr, key, ptk) < 0) -+ goto failed; - if (sm->pairwise_cipher == WPA_CIPHER_TKIP) { - u8 buf[8]; - /* Supplicant: swap tx/rx Mic keys */ -@@ -2705,8 +2706,8 @@ void wpa_sm_set_pmk_from_pmksa(struct wp - sm->pmk_len = sm->cur_pmksa->pmk_len; - os_memcpy(sm->pmk, sm->cur_pmksa->pmk, sm->pmk_len); - } else { -- sm->pmk_len = PMK_LEN; -- os_memset(sm->pmk, 0, PMK_LEN); -+ sm->pmk_len = 0; -+ os_memset(sm->pmk, 0, PMK_LEN_MAX); - } - } - diff --git a/package/network/services/hostapd/patches/010-Optional-AP-side-workaround-for-key-reinstallation-a.patch b/package/network/services/hostapd/patches/010-Optional-AP-side-workaround-for-key-reinstallation-a.patch deleted file mode 100644 index 19165cce2d..0000000000 --- a/package/network/services/hostapd/patches/010-Optional-AP-side-workaround-for-key-reinstallation-a.patch +++ /dev/null @@ -1,221 +0,0 @@ -From 6f234c1e2ee1ede29f2412b7012b3345ed8e52d3 Mon Sep 17 00:00:00 2001 -From: Jouni Malinen <j@w1.fi> -Date: Mon, 16 Oct 2017 18:37:43 +0300 -Subject: [PATCH] Optional AP side workaround for key reinstallation attacks - -This adds a new hostapd configuration parameter -wpa_disable_eapol_key_retries=1 that can be used to disable -retransmission of EAPOL-Key frames that are used to install -keys (EAPOL-Key message 3/4 and group message 1/2). This is -similar to setting wpa_group_update_count=1 and -wpa_pairwise_update_count=1, but with no impact to message 1/4 -retries and with extended timeout for messages 4/4 and group -message 2/2 to avoid causing issues with stations that may use -aggressive power saving have very long time in replying to the -EAPOL-Key messages. - -This option can be used to work around key reinstallation attacks -on the station (supplicant) side in cases those station devices -cannot be updated for some reason. By removing the -retransmissions the attacker cannot cause key reinstallation with -a delayed frame transmission. This is related to the station side -vulnerabilities CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, -CVE-2017-13080, and CVE-2017-13081. - -This workaround might cause interoperability issues and reduced -robustness of key negotiation especially in environments with -heavy traffic load due to the number of attempts to perform the -key exchange is reduced significantly. As such, this workaround -is disabled by default (unless overridden in build -configuration). To enable this, set the parameter to 1. - -It is also possible to enable this in the build by default by -adding the following to the build configuration: - -CFLAGS += -DDEFAULT_WPA_DISABLE_EAPOL_KEY_RETRIES=1 - -Signed-off-by: Jouni Malinen <j@w1.fi> ---- - hostapd/config_file.c | 2 ++ - hostapd/defconfig | 4 ++++ - hostapd/hostapd.conf | 24 ++++++++++++++++++++++++ - src/ap/ap_config.c | 6 ++++++ - src/ap/ap_config.h | 1 + - src/ap/wpa_auth.c | 22 ++++++++++++++++++++-- - src/ap/wpa_auth.h | 1 + - src/ap/wpa_auth_glue.c | 2 ++ - 8 files changed, 60 insertions(+), 2 deletions(-) - ---- a/hostapd/config_file.c -+++ b/hostapd/config_file.c -@@ -2542,6 +2542,8 @@ static int hostapd_config_fill(struct ho - return 1; - } - bss->wpa_pairwise_update_count = (u32) val; -+ } else if (os_strcmp(buf, "wpa_disable_eapol_key_retries") == 0) { -+ bss->wpa_disable_eapol_key_retries = atoi(pos); - } else if (os_strcmp(buf, "wpa_passphrase") == 0) { - int len = os_strlen(pos); - if (len < 8 || len > 63) { ---- a/hostapd/defconfig -+++ b/hostapd/defconfig -@@ -372,3 +372,7 @@ CONFIG_IPV6=y - # Opportunistic Wireless Encryption (OWE) - # Experimental implementation of draft-harkins-owe-07.txt - #CONFIG_OWE=y -+ -+# Override default value for the wpa_disable_eapol_key_retries configuration -+# parameter. See that parameter in hostapd.conf for more details. -+#CFLAGS += -DDEFAULT_WPA_DISABLE_EAPOL_KEY_RETRIES=1 ---- a/hostapd/hostapd.conf -+++ b/hostapd/hostapd.conf -@@ -1315,6 +1315,30 @@ own_ip_addr=127.0.0.1 - # Range 1..4294967295; default: 4 - #wpa_pairwise_update_count=4 - -+# Workaround for key reinstallation attacks -+# -+# This parameter can be used to disable retransmission of EAPOL-Key frames that -+# are used to install keys (EAPOL-Key message 3/4 and group message 1/2). This -+# is similar to setting wpa_group_update_count=1 and -+# wpa_pairwise_update_count=1, but with no impact to message 1/4 and with -+# extended timeout on the response to avoid causing issues with stations that -+# may use aggressive power saving have very long time in replying to the -+# EAPOL-Key messages. -+# -+# This option can be used to work around key reinstallation attacks on the -+# station (supplicant) side in cases those station devices cannot be updated -+# for some reason. By removing the retransmissions the attacker cannot cause -+# key reinstallation with a delayed frame transmission. This is related to the -+# station side vulnerabilities CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, -+# CVE-2017-13080, and CVE-2017-13081. -+# -+# This workaround might cause interoperability issues and reduced robustness of -+# key negotiation especially in environments with heavy traffic load due to the -+# number of attempts to perform the key exchange is reduced significantly. As -+# such, this workaround is disabled by default (unless overridden in build -+# configuration). To enable this, set the parameter to 1. -+#wpa_disable_eapol_key_retries=1 -+ - # Enable IEEE 802.11i/RSN/WPA2 pre-authentication. This is used to speed up - # roaming be pre-authenticating IEEE 802.1X/EAP part of the full RSN - # authentication and key handshake before actually associating with a new AP. ---- a/src/ap/ap_config.c -+++ b/src/ap/ap_config.c -@@ -37,6 +37,10 @@ static void hostapd_config_free_vlan(str - } - - -+#ifndef DEFAULT_WPA_DISABLE_EAPOL_KEY_RETRIES -+#define DEFAULT_WPA_DISABLE_EAPOL_KEY_RETRIES 0 -+#endif /* DEFAULT_WPA_DISABLE_EAPOL_KEY_RETRIES */ -+ - void hostapd_config_defaults_bss(struct hostapd_bss_config *bss) - { - dl_list_init(&bss->anqp_elem); -@@ -58,6 +62,8 @@ void hostapd_config_defaults_bss(struct - bss->wpa_gmk_rekey = 86400; - bss->wpa_group_update_count = 4; - bss->wpa_pairwise_update_count = 4; -+ bss->wpa_disable_eapol_key_retries = -+ DEFAULT_WPA_DISABLE_EAPOL_KEY_RETRIES; - bss->wpa_key_mgmt = WPA_KEY_MGMT_PSK; - bss->wpa_pairwise = WPA_CIPHER_TKIP; - bss->wpa_group = WPA_CIPHER_TKIP; ---- a/src/ap/ap_config.h -+++ b/src/ap/ap_config.h -@@ -333,6 +333,7 @@ struct hostapd_bss_config { - int wpa_ptk_rekey; - u32 wpa_group_update_count; - u32 wpa_pairwise_update_count; -+ int wpa_disable_eapol_key_retries; - int rsn_pairwise; - int rsn_preauth; - char *rsn_preauth_interfaces; ---- a/src/ap/wpa_auth.c -+++ b/src/ap/wpa_auth.c -@@ -65,6 +65,7 @@ static u8 * ieee80211w_kde_add(struct wp - static const u32 eapol_key_timeout_first = 100; /* ms */ - static const u32 eapol_key_timeout_subseq = 1000; /* ms */ - static const u32 eapol_key_timeout_first_group = 500; /* ms */ -+static const u32 eapol_key_timeout_no_retrans = 4000; /* ms */ - - /* TODO: make these configurable */ - static const int dot11RSNAConfigPMKLifetime = 43200; -@@ -1653,6 +1654,9 @@ static void wpa_send_eapol(struct wpa_au - eapol_key_timeout_first_group; - else - timeout_ms = eapol_key_timeout_subseq; -+ if (wpa_auth->conf.wpa_disable_eapol_key_retries && -+ (!pairwise || (key_info & WPA_KEY_INFO_MIC))) -+ timeout_ms = eapol_key_timeout_no_retrans; - if (pairwise && ctr == 1 && !(key_info & WPA_KEY_INFO_MIC)) - sm->pending_1_of_4_timeout = 1; - wpa_printf(MSG_DEBUG, "WPA: Use EAPOL-Key timeout of %u ms (retry " -@@ -2882,6 +2886,11 @@ SM_STATE(WPA_PTK, PTKINITNEGOTIATING) - sm->TimeoutEvt = FALSE; - - sm->TimeoutCtr++; -+ if (sm->wpa_auth->conf.wpa_disable_eapol_key_retries && -+ sm->TimeoutCtr > 1) { -+ /* Do not allow retransmission of EAPOL-Key msg 3/4 */ -+ return; -+ } - if (sm->TimeoutCtr > sm->wpa_auth->conf.wpa_pairwise_update_count) { - /* No point in sending the EAPOL-Key - we will disconnect - * immediately following this. */ -@@ -3220,7 +3229,9 @@ SM_STEP(WPA_PTK) - sm->EAPOLKeyPairwise && sm->MICVerified) - SM_ENTER(WPA_PTK, PTKINITDONE); - else if (sm->TimeoutCtr > -- sm->wpa_auth->conf.wpa_pairwise_update_count) { -+ sm->wpa_auth->conf.wpa_pairwise_update_count || -+ (sm->wpa_auth->conf.wpa_disable_eapol_key_retries && -+ sm->TimeoutCtr > 1)) { - wpa_auth->dot11RSNA4WayHandshakeFailures++; - wpa_auth_vlogger( - sm->wpa_auth, sm->addr, LOGGER_DEBUG, -@@ -3260,6 +3271,11 @@ SM_STATE(WPA_PTK_GROUP, REKEYNEGOTIATING - SM_ENTRY_MA(WPA_PTK_GROUP, REKEYNEGOTIATING, wpa_ptk_group); - - sm->GTimeoutCtr++; -+ if (sm->wpa_auth->conf.wpa_disable_eapol_key_retries && -+ sm->GTimeoutCtr > 1) { -+ /* Do not allow retransmission of EAPOL-Key group msg 1/2 */ -+ return; -+ } - if (sm->GTimeoutCtr > sm->wpa_auth->conf.wpa_group_update_count) { - /* No point in sending the EAPOL-Key - we will disconnect - * immediately following this. */ -@@ -3363,7 +3379,9 @@ SM_STEP(WPA_PTK_GROUP) - !sm->EAPOLKeyPairwise && sm->MICVerified) - SM_ENTER(WPA_PTK_GROUP, REKEYESTABLISHED); - else if (sm->GTimeoutCtr > -- sm->wpa_auth->conf.wpa_group_update_count) -+ sm->wpa_auth->conf.wpa_group_update_count || -+ (sm->wpa_auth->conf.wpa_disable_eapol_key_retries && -+ sm->GTimeoutCtr > 1)) - SM_ENTER(WPA_PTK_GROUP, KEYERROR); - else if (sm->TimeoutEvt) - SM_ENTER(WPA_PTK_GROUP, REKEYNEGOTIATING); ---- a/src/ap/wpa_auth.h -+++ b/src/ap/wpa_auth.h -@@ -165,6 +165,7 @@ struct wpa_auth_config { - int wpa_ptk_rekey; - u32 wpa_group_update_count; - u32 wpa_pairwise_update_count; -+ int wpa_disable_eapol_key_retries; - int rsn_pairwise; - int rsn_preauth; - int eapol_version; ---- a/src/ap/wpa_auth_glue.c -+++ b/src/ap/wpa_auth_glue.c -@@ -45,6 +45,8 @@ static void hostapd_wpa_auth_conf(struct - wconf->wpa_gmk_rekey = conf->wpa_gmk_rekey; - wconf->wpa_ptk_rekey = conf->wpa_ptk_rekey; - wconf->wpa_group_update_count = conf->wpa_group_update_count; -+ wconf->wpa_disable_eapol_key_retries = -+ conf->wpa_disable_eapol_key_retries; - wconf->wpa_pairwise_update_count = conf->wpa_pairwise_update_count; - wconf->rsn_pairwise = conf->rsn_pairwise; - wconf->rsn_preauth = conf->rsn_preauth; diff --git a/package/network/services/hostapd/patches/011-Additional-consistentcy-checks-for-PTK-component-len.patch b/package/network/services/hostapd/patches/011-Additional-consistentcy-checks-for-PTK-component-len.patch deleted file mode 100644 index 5cc2f7b17d..0000000000 --- a/package/network/services/hostapd/patches/011-Additional-consistentcy-checks-for-PTK-component-len.patch +++ /dev/null @@ -1,100 +0,0 @@ -From a6ea665300919d6a3af22b1f4237203647fda93a Mon Sep 17 00:00:00 2001 -From: Jouni Malinen <j@w1.fi> -Date: Tue, 17 Oct 2017 00:01:11 +0300 -Subject: [PATCH] Additional consistentcy checks for PTK component lengths - -Verify that TK, KCK, and KEK lengths are set to consistent values within -struct wpa_ptk before using them in supplicant. This is an additional -layer of protection against unexpected states. - -Signed-off-by: Jouni Malinen <j@w1.fi> ---- - src/common/wpa_common.c | 6 ++++++ - src/rsn_supp/wpa.c | 26 ++++++++++++++++++++------ - 2 files changed, 26 insertions(+), 6 deletions(-) - ---- a/src/common/wpa_common.c -+++ b/src/common/wpa_common.c -@@ -100,6 +100,12 @@ int wpa_eapol_key_mic(const u8 *key, siz - { - u8 hash[SHA512_MAC_LEN]; - -+ if (key_len == 0) { -+ wpa_printf(MSG_DEBUG, -+ "WPA: KCK not set - cannot calculate MIC"); -+ return -1; -+ } -+ - switch (ver) { - #ifndef CONFIG_FIPS - case WPA_KEY_INFO_TYPE_HMAC_MD5_RC4: ---- a/src/rsn_supp/wpa.c -+++ b/src/rsn_supp/wpa.c -@@ -725,6 +725,11 @@ static int wpa_supplicant_install_ptk(st - - alg = wpa_cipher_to_alg(sm->pairwise_cipher); - keylen = wpa_cipher_key_len(sm->pairwise_cipher); -+ if (keylen <= 0 || (unsigned int) keylen != sm->ptk.tk_len) { -+ wpa_printf(MSG_DEBUG, "WPA: TK length mismatch: %d != %lu", -+ keylen, (long unsigned int) sm->ptk.tk_len); -+ return -1; -+ } - rsclen = wpa_cipher_rsc_len(sm->pairwise_cipher); - - if (sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN) { -@@ -745,6 +750,7 @@ static int wpa_supplicant_install_ptk(st - - /* TK is not needed anymore in supplicant */ - os_memset(sm->ptk.tk, 0, WPA_TK_MAX_LEN); -+ sm->ptk.tk_len = 0; - sm->ptk.installed = 1; - - if (sm->wpa_ptk_rekey) { -@@ -1717,9 +1723,10 @@ static int wpa_supplicant_verify_eapol_k - os_memcpy(mic, key + 1, mic_len); - if (sm->tptk_set) { - os_memset(key + 1, 0, mic_len); -- wpa_eapol_key_mic(sm->tptk.kck, sm->tptk.kck_len, sm->key_mgmt, -- ver, buf, len, (u8 *) (key + 1)); -- if (os_memcmp_const(mic, key + 1, mic_len) != 0) { -+ if (wpa_eapol_key_mic(sm->tptk.kck, sm->tptk.kck_len, -+ sm->key_mgmt, -+ ver, buf, len, (u8 *) (key + 1)) < 0 || -+ os_memcmp_const(mic, key + 1, mic_len) != 0) { - wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, - "WPA: Invalid EAPOL-Key MIC " - "when using TPTK - ignoring TPTK"); -@@ -1742,9 +1749,10 @@ static int wpa_supplicant_verify_eapol_k - - if (!ok && sm->ptk_set) { - os_memset(key + 1, 0, mic_len); -- wpa_eapol_key_mic(sm->ptk.kck, sm->ptk.kck_len, sm->key_mgmt, -- ver, buf, len, (u8 *) (key + 1)); -- if (os_memcmp_const(mic, key + 1, mic_len) != 0) { -+ if (wpa_eapol_key_mic(sm->ptk.kck, sm->ptk.kck_len, -+ sm->key_mgmt, -+ ver, buf, len, (u8 *) (key + 1)) < 0 || -+ os_memcmp_const(mic, key + 1, mic_len) != 0) { - wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, - "WPA: Invalid EAPOL-Key MIC - " - "dropping packet"); -@@ -4167,6 +4175,11 @@ int fils_process_assoc_resp(struct wpa_s - - alg = wpa_cipher_to_alg(sm->pairwise_cipher); - keylen = wpa_cipher_key_len(sm->pairwise_cipher); -+ if (keylen <= 0 || (unsigned int) keylen != sm->ptk.tk_len) { -+ wpa_printf(MSG_DEBUG, "FILS: TK length mismatch: %u != %lu", -+ keylen, (long unsigned int) sm->ptk.tk_len); -+ goto fail; -+ } - rsclen = wpa_cipher_rsc_len(sm->pairwise_cipher); - wpa_hexdump_key(MSG_DEBUG, "FILS: Set TK to driver", - sm->ptk.tk, keylen); -@@ -4183,6 +4196,7 @@ int fils_process_assoc_resp(struct wpa_s - * takes care of association frame encryption/decryption. */ - /* TK is not needed anymore in supplicant */ - os_memset(sm->ptk.tk, 0, WPA_TK_MAX_LEN); -+ sm->ptk.tk_len = 0; - sm->ptk.installed = 1; - - /* FILS HLP Container */ diff --git a/package/network/services/hostapd/patches/012-Clear-BSSID-information-in-supplicant-state-machine-.patch b/package/network/services/hostapd/patches/012-Clear-BSSID-information-in-supplicant-state-machine-.patch deleted file mode 100644 index 808d34586b..0000000000 --- a/package/network/services/hostapd/patches/012-Clear-BSSID-information-in-supplicant-state-machine-.patch +++ /dev/null @@ -1,25 +0,0 @@ -From c0fe5f125a9d4a6564e1f4956ccc3809bf2fd69d Mon Sep 17 00:00:00 2001 -From: Jouni Malinen <j@w1.fi> -Date: Tue, 17 Oct 2017 01:15:24 +0300 -Subject: [PATCH] Clear BSSID information in supplicant state machine on - disconnection - -This fixes a corner case where RSN pre-authentication candidate from -scan results was ignored if the station was associated with that BSS -just before running the new scan for the connection. - -Signed-off-by: Jouni Malinen <j@w1.fi> ---- - src/rsn_supp/wpa.c | 1 + - 1 file changed, 1 insertion(+) - ---- a/src/rsn_supp/wpa.c -+++ b/src/rsn_supp/wpa.c -@@ -2662,6 +2662,7 @@ void wpa_sm_notify_disassoc(struct wpa_s - wpa_sm_drop_sa(sm); - - sm->msg_3_of_4_ok = 0; -+ os_memset(sm->bssid, 0, ETH_ALEN); - } - - diff --git a/package/network/services/hostapd/patches/013-WNM-Ignore-WNM-Sleep-Mode-Request-in-wnm_sleep_mode-.patch b/package/network/services/hostapd/patches/013-WNM-Ignore-WNM-Sleep-Mode-Request-in-wnm_sleep_mode-.patch deleted file mode 100644 index 13426e4db1..0000000000 --- a/package/network/services/hostapd/patches/013-WNM-Ignore-WNM-Sleep-Mode-Request-in-wnm_sleep_mode-.patch +++ /dev/null @@ -1,35 +0,0 @@ -From 114f2830d2c2aee6db23d48240e93415a256a37c Mon Sep 17 00:00:00 2001 -From: Jouni Malinen <jouni@qca.qualcomm.com> -Date: Fri, 20 Oct 2017 17:39:42 +0300 -Subject: [PATCH] WNM: Ignore WNM-Sleep Mode Request in wnm_sleep_mode=0 case - -The hostapd wnm_sleep_mode parameter was previously used to control -advertisement of WNM-Sleep Mode support, but it was not used when -processing a request to use WNM-Sleep Mode. Add an explicit check during -request processing as well so that any misbehaving station is ignored. - -Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com> ---- - src/ap/wnm_ap.c | 7 +++++++ - 1 file changed, 7 insertions(+) - -diff --git a/src/ap/wnm_ap.c b/src/ap/wnm_ap.c -index 7c4fde0..973e4d3 100644 ---- a/src/ap/wnm_ap.c -+++ b/src/ap/wnm_ap.c -@@ -200,6 +200,13 @@ static void ieee802_11_rx_wnmsleep_req(struct hostapd_data *hapd, - u8 *tfsreq_ie_end = NULL; - u16 tfsreq_ie_len = 0; - -+ if (!hapd->conf->wnm_sleep_mode) { -+ wpa_printf(MSG_DEBUG, "Ignore WNM-Sleep Mode Request from " -+ MACSTR " since WNM-Sleep Mode is disabled", -+ MAC2STR(addr)); -+ return; -+ } -+ - dialog_token = *pos++; - while (pos + 1 < frm + len) { - u8 ie_len = pos[1]; --- -2.1.4 diff --git a/package/network/services/hostapd/patches/110-no_eapol_fix.patch b/package/network/services/hostapd/patches/110-no_eapol_fix.patch index 3a48a7a95f..b8e057e2fa 100644 --- a/package/network/services/hostapd/patches/110-no_eapol_fix.patch +++ b/package/network/services/hostapd/patches/110-no_eapol_fix.patch @@ -1,6 +1,6 @@ --- a/wpa_supplicant/wpa_supplicant.c +++ b/wpa_supplicant/wpa_supplicant.c -@@ -265,9 +265,10 @@ void wpa_supplicant_cancel_auth_timeout( +@@ -272,9 +272,10 @@ void wpa_supplicant_cancel_auth_timeout( */ void wpa_supplicant_initiate_eapol(struct wpa_supplicant *wpa_s) { diff --git a/package/network/services/hostapd/patches/200-multicall.patch b/package/network/services/hostapd/patches/200-multicall.patch index 0d289d53a3..92a47742b4 100644 --- a/package/network/services/hostapd/patches/200-multicall.patch +++ b/package/network/services/hostapd/patches/200-multicall.patch @@ -36,7 +36,7 @@ LIBS += $(DRV_AP_LIBS) ifdef CONFIG_L2_PACKET -@@ -1204,6 +1210,12 @@ install: $(addprefix $(DESTDIR)$(BINDIR) +@@ -1270,6 +1276,12 @@ install: $(addprefix $(DESTDIR)$(BINDIR) BCHECK=../src/drivers/build.hostapd @@ -49,7 +49,7 @@ hostapd: $(BCHECK) $(OBJS) $(Q)$(CC) $(LDFLAGS) -o hostapd $(OBJS) $(LIBS) @$(E) " LD " $@ -@@ -1248,6 +1260,12 @@ ifeq ($(CONFIG_TLS), linux) +@@ -1315,6 +1327,12 @@ ifeq ($(CONFIG_TLS), linux) HOBJS += ../src/crypto/crypto_linux.o endif @@ -72,7 +72,7 @@ ifndef CONFIG_NO_GITVER # Add VERSION_STR postfix for builds from a git repository -@@ -357,7 +358,9 @@ endif +@@ -358,7 +359,9 @@ endif ifdef CONFIG_IBSS_RSN NEED_RSN_AUTHENTICATOR=y CFLAGS += -DCONFIG_IBSS_RSN @@ -82,7 +82,7 @@ OBJS += ibss_rsn.o endif -@@ -861,6 +864,10 @@ ifdef CONFIG_DYNAMIC_EAP_METHODS +@@ -866,6 +869,10 @@ ifdef CONFIG_DYNAMIC_EAP_METHODS CFLAGS += -DCONFIG_DYNAMIC_EAP_METHODS LIBS += -ldl -rdynamic endif @@ -93,7 +93,7 @@ endif ifdef CONFIG_AP -@@ -868,9 +875,11 @@ NEED_EAP_COMMON=y +@@ -873,9 +880,11 @@ NEED_EAP_COMMON=y NEED_RSN_AUTHENTICATOR=y CFLAGS += -DCONFIG_AP OBJS += ap.o @@ -105,7 +105,7 @@ OBJS += ../src/ap/hostapd.o OBJS += ../src/ap/wpa_auth_glue.o OBJS += ../src/ap/utils.o -@@ -952,6 +961,12 @@ endif +@@ -957,6 +966,12 @@ endif ifdef CONFIG_HS20 OBJS += ../src/ap/hs20.o endif @@ -118,7 +118,7 @@ endif ifdef CONFIG_MBO -@@ -960,7 +975,9 @@ CFLAGS += -DCONFIG_MBO +@@ -965,7 +980,9 @@ CFLAGS += -DCONFIG_MBO endif ifdef NEED_RSN_AUTHENTICATOR @@ -128,7 +128,7 @@ NEED_AES_WRAP=y OBJS += ../src/ap/wpa_auth.o OBJS += ../src/ap/wpa_auth_ie.o -@@ -1835,6 +1852,12 @@ wpa_priv: $(BCHECK) $(OBJS_priv) +@@ -1895,6 +1912,12 @@ wpa_priv: $(BCHECK) $(OBJS_priv) $(OBJS_c) $(OBJS_t) $(OBJS_t2) $(OBJS) $(BCHECK) $(EXTRA_progs): .config @@ -141,7 +141,7 @@ wpa_supplicant: $(BCHECK) $(OBJS) $(EXTRA_progs) $(Q)$(LDO) $(LDFLAGS) -o wpa_supplicant $(OBJS) $(LIBS) $(EXTRALIBS) @$(E) " LD " $@ -@@ -1937,6 +1960,12 @@ endif +@@ -1997,6 +2020,12 @@ endif -e 's|\@DBUS_INTERFACE\@|$(DBUS_INTERFACE)|g' $< >$@ @$(E) " sed" $< @@ -156,7 +156,7 @@ wpa_cli.exe: wpa_cli --- a/src/drivers/driver.h +++ b/src/drivers/driver.h -@@ -5317,8 +5317,8 @@ union wpa_event_data { +@@ -5418,8 +5418,8 @@ union wpa_event_data { * Driver wrapper code should call this function whenever an event is received * from the driver. */ @@ -167,7 +167,7 @@ /** * wpa_supplicant_event_global - Report a driver event for wpa_supplicant -@@ -5330,7 +5330,7 @@ void wpa_supplicant_event(void *ctx, enu +@@ -5431,7 +5431,7 @@ void wpa_supplicant_event(void *ctx, enu * Same as wpa_supplicant_event(), but we search for the interface in * wpa_global. */ @@ -178,7 +178,7 @@ /* --- a/src/ap/drv_callbacks.c +++ b/src/ap/drv_callbacks.c -@@ -1375,8 +1375,8 @@ static void hostapd_event_dfs_cac_starte +@@ -1473,8 +1473,8 @@ static void hostapd_event_dfs_cac_starte #endif /* NEED_AP_MLME */ @@ -189,7 +189,7 @@ { struct hostapd_data *hapd = ctx; #ifndef CONFIG_NO_STDOUT_DEBUG -@@ -1590,7 +1590,7 @@ void wpa_supplicant_event(void *ctx, enu +@@ -1694,7 +1694,7 @@ void wpa_supplicant_event(void *ctx, enu } @@ -211,7 +211,7 @@ { struct wpa_priv_interface *iface = ctx; -@@ -1101,7 +1101,7 @@ void wpa_supplicant_event(void *ctx, enu +@@ -1095,7 +1095,7 @@ void wpa_supplicant_event(void *ctx, enu } @@ -220,7 +220,7 @@ union wpa_event_data *data) { struct wpa_priv_global *global = ctx; -@@ -1213,6 +1213,8 @@ int main(int argc, char *argv[]) +@@ -1207,6 +1207,8 @@ int main(int argc, char *argv[]) if (os_program_init()) return -1; @@ -231,7 +231,7 @@ os_memset(&global, 0, sizeof(global)); --- a/wpa_supplicant/events.c +++ b/wpa_supplicant/events.c -@@ -3709,8 +3709,8 @@ static void wpa_supplicant_event_assoc_a +@@ -3812,8 +3812,8 @@ static void wpa_supplicant_event_assoc_a } @@ -242,7 +242,7 @@ { struct wpa_supplicant *wpa_s = ctx; int resched; -@@ -4466,7 +4466,7 @@ void wpa_supplicant_event(void *ctx, enu +@@ -4628,7 +4628,7 @@ void wpa_supplicant_event(void *ctx, enu } @@ -253,7 +253,7 @@ struct wpa_supplicant *wpa_s; --- a/wpa_supplicant/wpa_supplicant.c +++ b/wpa_supplicant/wpa_supplicant.c -@@ -5457,7 +5457,6 @@ struct wpa_interface * wpa_supplicant_ma +@@ -5678,7 +5678,6 @@ struct wpa_interface * wpa_supplicant_ma return NULL; } @@ -261,7 +261,7 @@ /** * wpa_supplicant_match_existing - Match existing interfaces * @global: Pointer to global data from wpa_supplicant_init() -@@ -5494,6 +5493,11 @@ static int wpa_supplicant_match_existing +@@ -5715,6 +5714,11 @@ static int wpa_supplicant_match_existing #endif /* CONFIG_MATCH_IFACE */ @@ -273,7 +273,7 @@ /** * wpa_supplicant_add_iface - Add a new network interface -@@ -5750,6 +5754,8 @@ struct wpa_global * wpa_supplicant_init( +@@ -5971,6 +5975,8 @@ struct wpa_global * wpa_supplicant_init( #ifndef CONFIG_NO_WPA_MSG wpa_msg_register_ifname_cb(wpa_supplicant_msg_ifname_cb); #endif /* CONFIG_NO_WPA_MSG */ @@ -284,7 +284,7 @@ wpa_debug_open_file(params->wpa_debug_file_path); --- a/hostapd/main.c +++ b/hostapd/main.c -@@ -590,6 +590,11 @@ fail: +@@ -591,6 +591,11 @@ fail: return -1; } @@ -296,9 +296,9 @@ #ifdef CONFIG_WPS static int gen_uuid(const char *txt_addr) -@@ -670,6 +675,8 @@ int main(int argc, char *argv[]) - dl_list_init(&interfaces.eth_p_oui); - #endif /* CONFIG_ETH_P_OUI */ +@@ -674,6 +679,8 @@ int main(int argc, char *argv[]) + hostapd_dpp_init_global(&interfaces); + #endif /* CONFIG_DPP */ + wpa_supplicant_event = hostapd_wpa_event; + wpa_supplicant_event_global = hostapd_wpa_event_global; diff --git a/package/network/services/hostapd/patches/300-noscan.patch b/package/network/services/hostapd/patches/300-noscan.patch index c8ca3694c0..fcd7e5a8dd 100644 --- a/package/network/services/hostapd/patches/300-noscan.patch +++ b/package/network/services/hostapd/patches/300-noscan.patch @@ -1,6 +1,6 @@ --- a/hostapd/config_file.c +++ b/hostapd/config_file.c -@@ -3016,6 +3016,10 @@ static int hostapd_config_fill(struct ho +@@ -3088,6 +3088,10 @@ static int hostapd_config_fill(struct ho } #endif /* CONFIG_IEEE80211W */ #ifdef CONFIG_IEEE80211N @@ -13,7 +13,7 @@ } else if (os_strcmp(buf, "ht_capab") == 0) { --- a/src/ap/ap_config.h +++ b/src/ap/ap_config.h -@@ -735,6 +735,8 @@ struct hostapd_config { +@@ -750,6 +750,8 @@ struct hostapd_config { int ht_op_mode_fixed; u16 ht_capab; @@ -36,17 +36,17 @@ hostapd_set_state(iface, HAPD_IFACE_HT_SCAN); --- a/src/ap/ieee802_11_ht.c +++ b/src/ap/ieee802_11_ht.c -@@ -244,6 +244,9 @@ void hostapd_2040_coex_action(struct hos - if (!(iface->conf->ht_capab & HT_CAP_INFO_SUPP_CHANNEL_WIDTH_SET)) +@@ -252,6 +252,9 @@ void hostapd_2040_coex_action(struct hos return; + } + if (iface->conf->noscan || iface->conf->no_ht_coex) + return; + - if (len < IEEE80211_HDRLEN + 2 + sizeof(*bc_ie)) - return; - -@@ -368,6 +371,9 @@ void ht40_intolerant_add(struct hostapd_ + if (len < IEEE80211_HDRLEN + 2 + sizeof(*bc_ie)) { + wpa_printf(MSG_DEBUG, + "Ignore too short 20/40 BSS Coexistence Management frame"); +@@ -412,6 +415,9 @@ void ht40_intolerant_add(struct hostapd_ if (iface->current_mode->mode != HOSTAPD_MODE_IEEE80211G) return; diff --git a/package/network/services/hostapd/patches/310-rescan_immediately.patch b/package/network/services/hostapd/patches/310-rescan_immediately.patch index 6846db2750..552fd182e4 100644 --- a/package/network/services/hostapd/patches/310-rescan_immediately.patch +++ b/package/network/services/hostapd/patches/310-rescan_immediately.patch @@ -1,6 +1,6 @@ --- a/wpa_supplicant/wpa_supplicant.c +++ b/wpa_supplicant/wpa_supplicant.c -@@ -3927,7 +3927,7 @@ wpa_supplicant_alloc(struct wpa_supplica +@@ -4126,7 +4126,7 @@ wpa_supplicant_alloc(struct wpa_supplica if (wpa_s == NULL) return NULL; wpa_s->scan_req = INITIAL_SCAN_REQ; diff --git a/package/network/services/hostapd/patches/330-nl80211_fix_set_freq.patch b/package/network/services/hostapd/patches/330-nl80211_fix_set_freq.patch index 3bc916b6b8..272d4f9240 100644 --- a/package/network/services/hostapd/patches/330-nl80211_fix_set_freq.patch +++ b/package/network/services/hostapd/patches/330-nl80211_fix_set_freq.patch @@ -1,6 +1,6 @@ --- a/src/drivers/driver_nl80211.c +++ b/src/drivers/driver_nl80211.c -@@ -4152,7 +4152,7 @@ static int nl80211_set_channel(struct i8 +@@ -4231,7 +4231,7 @@ static int nl80211_set_channel(struct i8 freq->freq, freq->ht_enabled, freq->vht_enabled, freq->bandwidth, freq->center_freq1, freq->center_freq2); diff --git a/package/network/services/hostapd/patches/350-nl80211_del_beacon_bss.patch b/package/network/services/hostapd/patches/350-nl80211_del_beacon_bss.patch index 92e6ae9ae0..fcb572766b 100644 --- a/package/network/services/hostapd/patches/350-nl80211_del_beacon_bss.patch +++ b/package/network/services/hostapd/patches/350-nl80211_del_beacon_bss.patch @@ -1,6 +1,6 @@ --- a/src/drivers/driver_nl80211.c +++ b/src/drivers/driver_nl80211.c -@@ -2536,10 +2536,15 @@ static int wpa_driver_nl80211_del_beacon +@@ -2563,10 +2563,15 @@ static int wpa_driver_nl80211_del_beacon struct nl_msg *msg; struct wpa_driver_nl80211_data *drv = bss->drv; @@ -18,7 +18,7 @@ return send_and_recv_msgs(drv, msg, NULL, NULL); } -@@ -4753,7 +4758,7 @@ static void nl80211_teardown_ap(struct i +@@ -4832,7 +4837,7 @@ static void nl80211_teardown_ap(struct i nl80211_mgmt_unsubscribe(bss, "AP teardown"); nl80211_put_wiphy_data_ap(bss); @@ -27,7 +27,7 @@ } -@@ -6853,8 +6858,6 @@ static int wpa_driver_nl80211_if_remove( +@@ -7037,8 +7042,6 @@ static int wpa_driver_nl80211_if_remove( } else { wpa_printf(MSG_DEBUG, "nl80211: First BSS - reassign context"); nl80211_teardown_ap(bss); @@ -36,7 +36,7 @@ nl80211_destroy_bss(bss); if (!bss->added_if) i802_set_iface_flags(bss, 0); -@@ -7225,7 +7228,6 @@ static int wpa_driver_nl80211_deinit_ap( +@@ -7409,7 +7412,6 @@ static int wpa_driver_nl80211_deinit_ap( if (!is_ap_interface(drv->nlmode)) return -1; wpa_driver_nl80211_del_beacon(bss); @@ -44,7 +44,7 @@ /* * If the P2P GO interface was dynamically added, then it is -@@ -7245,7 +7247,6 @@ static int wpa_driver_nl80211_stop_ap(vo +@@ -7429,7 +7431,6 @@ static int wpa_driver_nl80211_stop_ap(vo if (!is_ap_interface(drv->nlmode)) return -1; wpa_driver_nl80211_del_beacon(bss); diff --git a/package/network/services/hostapd/patches/360-ctrl_iface_reload.patch b/package/network/services/hostapd/patches/360-ctrl_iface_reload.patch index 043ddbf889..e7fc814d6a 100644 --- a/package/network/services/hostapd/patches/360-ctrl_iface_reload.patch +++ b/package/network/services/hostapd/patches/360-ctrl_iface_reload.patch @@ -1,6 +1,6 @@ --- a/hostapd/ctrl_iface.c +++ b/hostapd/ctrl_iface.c -@@ -56,6 +56,7 @@ +@@ -60,6 +60,7 @@ #include "fst/fst_ctrl_iface.h" #include "config_file.h" #include "ctrl_iface.h" @@ -8,7 +8,7 @@ #define HOSTAPD_CLI_DUP_VALUE_MAX_LEN 256 -@@ -74,6 +75,7 @@ static void hostapd_ctrl_iface_send(stru +@@ -78,6 +79,7 @@ static void hostapd_ctrl_iface_send(stru enum wpa_msg_type type, const char *buf, size_t len); @@ -16,7 +16,7 @@ static int hostapd_ctrl_iface_attach(struct hostapd_data *hapd, struct sockaddr_storage *from, -@@ -125,6 +127,61 @@ static int hostapd_ctrl_iface_new_sta(st +@@ -129,6 +131,61 @@ static int hostapd_ctrl_iface_new_sta(st return 0; } @@ -78,7 +78,7 @@ #ifdef CONFIG_IEEE80211W #ifdef NEED_AP_MLME -@@ -2607,6 +2664,8 @@ static int hostapd_ctrl_iface_receive_pr +@@ -3026,6 +3083,8 @@ static int hostapd_ctrl_iface_receive_pr } else if (os_strncmp(buf, "VENDOR ", 7) == 0) { reply_len = hostapd_ctrl_iface_vendor(hapd, buf + 7, reply, reply_size); @@ -89,7 +89,7 @@ #ifdef RADIUS_SERVER --- a/src/ap/ctrl_iface_ap.c +++ b/src/ap/ctrl_iface_ap.c -@@ -624,7 +624,13 @@ int hostapd_parse_csa_settings(const cha +@@ -857,7 +857,13 @@ int hostapd_parse_csa_settings(const cha int hostapd_ctrl_iface_stop_ap(struct hostapd_data *hapd) { diff --git a/package/network/services/hostapd/patches/370-ap_sta_support.patch b/package/network/services/hostapd/patches/370-ap_sta_support.patch index a37b193b6b..91731d34c0 100644 --- a/package/network/services/hostapd/patches/370-ap_sta_support.patch +++ b/package/network/services/hostapd/patches/370-ap_sta_support.patch @@ -12,7 +12,7 @@ * bridge_ifname - Optional bridge interface name * * If the driver interface (ifname) is included in a Linux bridge -@@ -512,6 +517,8 @@ struct wpa_supplicant { +@@ -513,6 +518,8 @@ struct wpa_supplicant { #endif /* CONFIG_CTRL_IFACE_BINDER */ char bridge_ifname[16]; @@ -45,8 +45,8 @@ CONFIG_OS=win32 --- a/wpa_supplicant/wpa_supplicant.c +++ b/wpa_supplicant/wpa_supplicant.c -@@ -118,6 +118,55 @@ const char *const wpa_supplicant_full_li - static void wpa_bss_tmp_disallow_timeout(void *eloop_ctx, void *timeout_ctx); +@@ -125,6 +125,55 @@ static void wpas_update_fils_connect_par + #endif /* CONFIG_FILS && IEEE8021X_EAPOL */ +static int hostapd_stop(struct wpa_supplicant *wpa_s) @@ -101,12 +101,16 @@ /* Configure default/group WEP keys for static WEP */ int wpa_set_wep_keys(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid) { -@@ -883,8 +932,12 @@ void wpa_supplicant_set_state(struct wpa - wpas_p2p_completed(wpa_s); +@@ -893,12 +942,16 @@ void wpa_supplicant_set_state(struct wpa sme_sched_obss_scan(wpa_s, 1); + + if (wpa_s->hostapd) + hostapd_reload(wpa_s, wpa_s->current_bss); + #if defined(CONFIG_FILS) && defined(IEEE8021X_EAPOL) + if (!fils_hlp_sent && ssid && ssid->eap.erp) + wpas_update_fils_connect_params(wpa_s); + #endif /* CONFIG_FILS && IEEE8021X_EAPOL */ } else if (state == WPA_DISCONNECTED || state == WPA_ASSOCIATING || state == WPA_ASSOCIATED) { + if (wpa_s->hostapd) @@ -114,7 +118,7 @@ wpa_s->new_connection = 1; wpa_drv_set_operstate(wpa_s, 0); #ifndef IEEE8021X_EAPOL -@@ -5080,6 +5133,20 @@ static int wpa_supplicant_init_iface(str +@@ -5301,6 +5354,20 @@ static int wpa_supplicant_init_iface(str sizeof(wpa_s->bridge_ifname)); } @@ -135,7 +139,7 @@ /* RSNA Supplicant Key Management - INITIALIZE */ eapol_sm_notify_portEnabled(wpa_s->eapol, FALSE); eapol_sm_notify_portValid(wpa_s->eapol, FALSE); -@@ -5404,6 +5471,11 @@ static void wpa_supplicant_deinit_iface( +@@ -5625,6 +5692,11 @@ static void wpa_supplicant_deinit_iface( if (terminate) wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_TERMINATING); diff --git a/package/network/services/hostapd/patches/380-disable_ctrl_iface_mib.patch b/package/network/services/hostapd/patches/380-disable_ctrl_iface_mib.patch index e977f00a25..39eb415e5e 100644 --- a/package/network/services/hostapd/patches/380-disable_ctrl_iface_mib.patch +++ b/package/network/services/hostapd/patches/380-disable_ctrl_iface_mib.patch @@ -12,7 +12,7 @@ else --- a/hostapd/ctrl_iface.c +++ b/hostapd/ctrl_iface.c -@@ -2458,6 +2458,7 @@ static int hostapd_ctrl_iface_receive_pr +@@ -2852,6 +2852,7 @@ static int hostapd_ctrl_iface_receive_pr reply_size); } else if (os_strcmp(buf, "STATUS-DRIVER") == 0) { reply_len = hostapd_drv_status(hapd, reply, reply_size); @@ -20,17 +20,17 @@ } else if (os_strcmp(buf, "MIB") == 0) { reply_len = ieee802_11_get_mib(hapd, reply, reply_size); if (reply_len >= 0) { -@@ -2499,6 +2500,7 @@ static int hostapd_ctrl_iface_receive_pr +@@ -2893,6 +2894,7 @@ static int hostapd_ctrl_iface_receive_pr } else if (os_strncmp(buf, "STA-NEXT ", 9) == 0) { reply_len = hostapd_ctrl_iface_sta_next(hapd, buf + 9, reply, reply_size); +#endif } else if (os_strcmp(buf, "ATTACH") == 0) { - if (hostapd_ctrl_iface_attach(hapd, from, fromlen)) + if (hostapd_ctrl_iface_attach(hapd, from, fromlen, NULL)) reply_len = -1; --- a/wpa_supplicant/Makefile +++ b/wpa_supplicant/Makefile -@@ -926,6 +926,9 @@ ifdef CONFIG_FILS +@@ -931,6 +931,9 @@ ifdef CONFIG_FILS OBJS += ../src/ap/fils_hlp.o endif ifdef CONFIG_CTRL_IFACE @@ -42,7 +42,7 @@ --- a/wpa_supplicant/ctrl_iface.c +++ b/wpa_supplicant/ctrl_iface.c -@@ -2070,7 +2070,7 @@ static int wpa_supplicant_ctrl_iface_sta +@@ -2130,7 +2130,7 @@ static int wpa_supplicant_ctrl_iface_sta pos += ret; } @@ -51,7 +51,7 @@ if (wpa_s->ap_iface) { pos += ap_ctrl_iface_wpa_get_status(wpa_s, pos, end - pos, -@@ -9631,6 +9631,7 @@ char * wpa_supplicant_ctrl_iface_process +@@ -9831,6 +9831,7 @@ char * wpa_supplicant_ctrl_iface_process reply_len = -1; } else if (os_strncmp(buf, "NOTE ", 5) == 0) { wpa_printf(MSG_INFO, "NOTE: %s", buf + 5); @@ -59,7 +59,7 @@ } else if (os_strcmp(buf, "MIB") == 0) { reply_len = wpa_sm_get_mib(wpa_s->wpa, reply, reply_size); if (reply_len >= 0) { -@@ -9638,6 +9639,7 @@ char * wpa_supplicant_ctrl_iface_process +@@ -9838,6 +9839,7 @@ char * wpa_supplicant_ctrl_iface_process reply + reply_len, reply_size - reply_len); } @@ -67,7 +67,7 @@ } else if (os_strncmp(buf, "STATUS", 6) == 0) { reply_len = wpa_supplicant_ctrl_iface_status( wpa_s, buf + 6, reply, reply_size); -@@ -10124,6 +10126,7 @@ char * wpa_supplicant_ctrl_iface_process +@@ -10319,6 +10321,7 @@ char * wpa_supplicant_ctrl_iface_process reply_len = wpa_supplicant_ctrl_iface_bss( wpa_s, buf + 4, reply, reply_size); #ifdef CONFIG_AP @@ -75,7 +75,7 @@ } else if (os_strcmp(buf, "STA-FIRST") == 0) { reply_len = ap_ctrl_iface_sta_first(wpa_s, reply, reply_size); } else if (os_strncmp(buf, "STA ", 4) == 0) { -@@ -10132,12 +10135,15 @@ char * wpa_supplicant_ctrl_iface_process +@@ -10327,12 +10330,15 @@ char * wpa_supplicant_ctrl_iface_process } else if (os_strncmp(buf, "STA-NEXT ", 9) == 0) { reply_len = ap_ctrl_iface_sta_next(wpa_s, buf + 9, reply, reply_size); @@ -99,9 +99,9 @@ +#ifdef CONFIG_CTRL_IFACE_MIB - static int hostapd_get_sta_tx_rx(struct hostapd_data *hapd, - struct sta_info *sta, -@@ -250,6 +251,7 @@ int hostapd_ctrl_iface_sta_next(struct h + static size_t hostapd_write_ht_mcs_bitmask(char *buf, size_t buflen, + size_t curr_len, const u8 *mcs_set) +@@ -408,6 +409,7 @@ int hostapd_ctrl_iface_sta_next(struct h return hostapd_ctrl_iface_sta_mib(hapd, sta->next, buf, buflen); } @@ -109,9 +109,24 @@ #ifdef CONFIG_P2P_MANAGER static int p2p_manager_disconnect(struct hostapd_data *hapd, u16 stype, +@@ -746,12 +748,12 @@ int hostapd_ctrl_iface_status(struct hos + return len; + len += ret; + } +- ++#ifdef CONFIG_CTRL_IFACE_MIB + if (iface->conf->ieee80211n && !hapd->conf->disable_11n && mode) { + len = hostapd_write_ht_mcs_bitmask(buf, buflen, len, + mode->mcs_set); + } +- ++#endif /* CONFIG_CTRL_IFACE_MIB */ + if (iface->current_rates && iface->num_rates) { + ret = os_snprintf(buf + len, buflen - len, "supported_rates="); + if (os_snprintf_error(buflen - len, ret)) --- a/src/ap/ieee802_1x.c +++ b/src/ap/ieee802_1x.c -@@ -2492,6 +2492,7 @@ static const char * bool_txt(Boolean val +@@ -2501,6 +2501,7 @@ static const char * bool_txt(Boolean val return val ? "TRUE" : "FALSE"; } @@ -119,7 +134,7 @@ int ieee802_1x_get_mib(struct hostapd_data *hapd, char *buf, size_t buflen) { -@@ -2667,6 +2668,7 @@ int ieee802_1x_get_mib_sta(struct hostap +@@ -2676,6 +2677,7 @@ int ieee802_1x_get_mib_sta(struct hostap return len; } @@ -129,7 +144,7 @@ static void ieee802_1x_wnm_notif_send(void *eloop_ctx, void *timeout_ctx) --- a/src/ap/wpa_auth.c +++ b/src/ap/wpa_auth.c -@@ -3780,6 +3780,7 @@ static const char * wpa_bool_txt(int val +@@ -3773,6 +3773,7 @@ static const char * wpa_bool_txt(int val return val ? "TRUE" : "FALSE"; } @@ -137,7 +152,7 @@ #define RSN_SUITE "%02x-%02x-%02x-%d" #define RSN_SUITE_ARG(s) \ -@@ -3924,7 +3925,7 @@ int wpa_get_mib_sta(struct wpa_state_mac +@@ -3917,7 +3918,7 @@ int wpa_get_mib_sta(struct wpa_state_mac return len; } @@ -148,7 +163,7 @@ { --- a/src/rsn_supp/wpa.c +++ b/src/rsn_supp/wpa.c -@@ -2356,6 +2356,8 @@ static u32 wpa_key_mgmt_suite(struct wpa +@@ -2295,6 +2295,8 @@ static u32 wpa_key_mgmt_suite(struct wpa } @@ -157,7 +172,7 @@ #define RSN_SUITE "%02x-%02x-%02x-%d" #define RSN_SUITE_ARG(s) \ ((s) >> 24) & 0xff, ((s) >> 16) & 0xff, ((s) >> 8) & 0xff, (s) & 0xff -@@ -2439,6 +2441,7 @@ int wpa_sm_get_mib(struct wpa_sm *sm, ch +@@ -2378,6 +2380,7 @@ int wpa_sm_get_mib(struct wpa_sm *sm, ch return (int) len; } @@ -167,7 +182,7 @@ --- a/wpa_supplicant/ap.c +++ b/wpa_supplicant/ap.c -@@ -1139,7 +1139,7 @@ int wpas_ap_wps_nfc_report_handover(stru +@@ -1170,7 +1170,7 @@ int wpas_ap_wps_nfc_report_handover(stru #endif /* CONFIG_WPS */ diff --git a/package/network/services/hostapd/patches/390-wpa_ie_cap_workaround.patch b/package/network/services/hostapd/patches/390-wpa_ie_cap_workaround.patch index 8f7a6879ca..70d5d97c3a 100644 --- a/package/network/services/hostapd/patches/390-wpa_ie_cap_workaround.patch +++ b/package/network/services/hostapd/patches/390-wpa_ie_cap_workaround.patch @@ -1,6 +1,6 @@ --- a/src/common/wpa_common.c +++ b/src/common/wpa_common.c -@@ -1675,6 +1675,31 @@ u32 wpa_akm_to_suite(int akm) +@@ -1847,6 +1847,31 @@ u32 wpa_akm_to_suite(int akm) } @@ -32,7 +32,7 @@ int wpa_compare_rsn_ie(int ft_initial_assoc, const u8 *ie1, size_t ie1len, const u8 *ie2, size_t ie2len) -@@ -1682,8 +1707,19 @@ int wpa_compare_rsn_ie(int ft_initial_as +@@ -1854,8 +1879,19 @@ int wpa_compare_rsn_ie(int ft_initial_as if (ie1 == NULL || ie2 == NULL) return -1; diff --git a/package/network/services/hostapd/patches/400-wps_single_auth_enc_type.patch b/package/network/services/hostapd/patches/400-wps_single_auth_enc_type.patch index c10176371f..ea144f4def 100644 --- a/package/network/services/hostapd/patches/400-wps_single_auth_enc_type.patch +++ b/package/network/services/hostapd/patches/400-wps_single_auth_enc_type.patch @@ -10,8 +10,8 @@ bss->wpa_pairwise |= WPA_CIPHER_TKIP; bss->rsn_pairwise = bss->wpa_pairwise; bss->wpa_group = wpa_select_ap_group_cipher(bss->wpa, -@@ -1067,8 +1066,7 @@ int hostapd_init_wps(struct hostapd_data - if (conf->rsn_pairwise & (WPA_CIPHER_CCMP | WPA_CIPHER_GCMP)) { +@@ -1069,8 +1068,7 @@ int hostapd_init_wps(struct hostapd_data + WPA_CIPHER_GCMP_256)) { wps->encr_types |= WPS_ENCR_AES; wps->encr_types_rsn |= WPS_ENCR_AES; - } diff --git a/package/network/services/hostapd/patches/420-indicate-features.patch b/package/network/services/hostapd/patches/420-indicate-features.patch index 2b529ca3e6..d582c8574c 100644 --- a/package/network/services/hostapd/patches/420-indicate-features.patch +++ b/package/network/services/hostapd/patches/420-indicate-features.patch @@ -8,7 +8,7 @@ #include "crypto/random.h" #include "crypto/tls.h" #include "common/version.h" -@@ -678,7 +679,7 @@ int main(int argc, char *argv[]) +@@ -682,7 +683,7 @@ int main(int argc, char *argv[]) wpa_supplicant_event = hostapd_wpa_event; wpa_supplicant_event_global = hostapd_wpa_event_global; for (;;) { @@ -17,7 +17,7 @@ if (c < 0) break; switch (c) { -@@ -715,6 +716,8 @@ int main(int argc, char *argv[]) +@@ -719,6 +720,8 @@ int main(int argc, char *argv[]) break; #endif /* CONFIG_DEBUG_LINUX_TRACING */ case 'v': diff --git a/package/network/services/hostapd/patches/430-hostapd_cli_ifdef.patch b/package/network/services/hostapd/patches/430-hostapd_cli_ifdef.patch index 32cab7ff62..c1882d84a5 100644 --- a/package/network/services/hostapd/patches/430-hostapd_cli_ifdef.patch +++ b/package/network/services/hostapd/patches/430-hostapd_cli_ifdef.patch @@ -16,7 +16,7 @@ static int hostapd_cli_cmd_disassoc_imminent(struct wpa_ctrl *ctrl, int argc, -@@ -1476,7 +1474,6 @@ static const struct hostapd_cli_cmd host +@@ -1518,7 +1516,6 @@ static const struct hostapd_cli_cmd host { "sa_query", hostapd_cli_cmd_sa_query, hostapd_complete_stations, "<addr> = send SA Query to a station" }, #endif /* CONFIG_IEEE80211W */ @@ -24,7 +24,7 @@ { "wps_pin", hostapd_cli_cmd_wps_pin, NULL, "<uuid> <pin> [timeout] [addr] = add WPS Enrollee PIN" }, { "wps_check_pin", hostapd_cli_cmd_wps_check_pin, NULL, -@@ -1501,7 +1498,6 @@ static const struct hostapd_cli_cmd host +@@ -1543,7 +1540,6 @@ static const struct hostapd_cli_cmd host "<SSID> <auth> <encr> <key> = configure AP" }, { "wps_get_status", hostapd_cli_cmd_wps_get_status, NULL, "= show current WPS status" }, diff --git a/package/network/services/hostapd/patches/450-scan_wait.patch b/package/network/services/hostapd/patches/450-scan_wait.patch index 463a362911..9620ecc520 100644 --- a/package/network/services/hostapd/patches/450-scan_wait.patch +++ b/package/network/services/hostapd/patches/450-scan_wait.patch @@ -1,6 +1,6 @@ --- a/hostapd/main.c +++ b/hostapd/main.c -@@ -37,6 +37,8 @@ struct hapd_global { +@@ -38,6 +38,8 @@ struct hapd_global { }; static struct hapd_global global; @@ -9,7 +9,7 @@ #ifndef CONFIG_NO_HOSTAPD_LOGGER -@@ -147,6 +149,14 @@ static void hostapd_logger_cb(void *ctx, +@@ -148,6 +150,14 @@ static void hostapd_logger_cb(void *ctx, } #endif /* CONFIG_NO_HOSTAPD_LOGGER */ @@ -24,7 +24,7 @@ /** * hostapd_driver_init - Preparate driver interface -@@ -165,6 +175,8 @@ static int hostapd_driver_init(struct ho +@@ -166,6 +176,8 @@ static int hostapd_driver_init(struct ho return -1; } @@ -33,7 +33,7 @@ /* Initialize the driver interface */ if (!(b[0] | b[1] | b[2] | b[3] | b[4] | b[5])) b = NULL; -@@ -405,8 +417,6 @@ static void hostapd_global_deinit(const +@@ -406,8 +418,6 @@ static void hostapd_global_deinit(const #endif /* CONFIG_NATIVE_WINDOWS */ eap_server_unregister_methods(); @@ -42,7 +42,7 @@ } -@@ -432,18 +442,6 @@ static int hostapd_global_run(struct hap +@@ -433,18 +443,6 @@ static int hostapd_global_run(struct hap } #endif /* EAP_SERVER_TNC */ @@ -61,7 +61,7 @@ eloop_run(); return 0; -@@ -645,8 +643,7 @@ int main(int argc, char *argv[]) +@@ -646,8 +644,7 @@ int main(int argc, char *argv[]) struct hapd_interfaces interfaces; int ret = 1; size_t i, j; diff --git a/package/network/services/hostapd/patches/460-wpa_supplicant-add-new-config-params-to-be-used-with.patch b/package/network/services/hostapd/patches/460-wpa_supplicant-add-new-config-params-to-be-used-with.patch index 213ee6d726..9df9239cb4 100644 --- a/package/network/services/hostapd/patches/460-wpa_supplicant-add-new-config-params-to-be-used-with.patch +++ b/package/network/services/hostapd/patches/460-wpa_supplicant-add-new-config-params-to-be-used-with.patch @@ -42,8 +42,8 @@ Signed-hostap: Antonio Quartulli <ordex@autistici.org> #include "config.h" -@@ -1985,6 +1986,97 @@ static char * wpa_config_write_mka_ckn(c - #endif /* CONFIG_MACSEC */ +@@ -2037,6 +2038,97 @@ static char * wpa_config_write_peerkey(c + #endif /* NO_CONFIG_WRITE */ +static int wpa_config_parse_mcast_rate(const struct parse_data *data, @@ -140,7 +140,7 @@ Signed-hostap: Antonio Quartulli <ordex@autistici.org> /* Helper macros for network block parser */ #ifdef OFFSET -@@ -2224,6 +2316,8 @@ static const struct parse_data ssid_fiel +@@ -2279,6 +2371,8 @@ static const struct parse_data ssid_fiel { INT(ap_max_inactivity) }, { INT(dtim_period) }, { INT(beacon_int) }, @@ -162,7 +162,7 @@ Signed-hostap: Antonio Quartulli <ordex@autistici.org> #define DEFAULT_EAP_WORKAROUND ((unsigned int) -1) -@@ -735,6 +737,9 @@ struct wpa_ssid { +@@ -743,6 +745,9 @@ struct wpa_ssid { */ void *parent_cred; @@ -174,7 +174,7 @@ Signed-hostap: Antonio Quartulli <ordex@autistici.org> * macsec_policy - Determines the policy for MACsec secure session --- a/wpa_supplicant/wpa_supplicant.c +++ b/wpa_supplicant/wpa_supplicant.c -@@ -2781,6 +2781,12 @@ static void wpas_start_assoc_cb(struct w +@@ -2942,6 +2942,12 @@ static void wpas_start_assoc_cb(struct w params.beacon_int = ssid->beacon_int; else params.beacon_int = wpa_s->conf->beacon_int; @@ -186,4 +186,4 @@ Signed-hostap: Antonio Quartulli <ordex@autistici.org> + params.mcast_rate = ssid->mcast_rate; } - params.wpa_ie = wpa_ie; + params.pairwise_suite = cipher_pairwise; diff --git a/package/network/services/hostapd/patches/461-driver_nl80211-use-new-parameters-during-ibss-join.patch b/package/network/services/hostapd/patches/461-driver_nl80211-use-new-parameters-during-ibss-join.patch index 11822366de..bf9020e2b6 100644 --- a/package/network/services/hostapd/patches/461-driver_nl80211-use-new-parameters-during-ibss-join.patch +++ b/package/network/services/hostapd/patches/461-driver_nl80211-use-new-parameters-during-ibss-join.patch @@ -10,7 +10,7 @@ Signed-hostap: Antonio Quartulli <ordex@autistici.org> --- a/src/drivers/driver_nl80211.c +++ b/src/drivers/driver_nl80211.c -@@ -5012,7 +5012,7 @@ static int wpa_driver_nl80211_ibss(struc +@@ -5091,7 +5091,7 @@ static int wpa_driver_nl80211_ibss(struc struct wpa_driver_associate_params *params) { struct nl_msg *msg; @@ -19,7 +19,7 @@ Signed-hostap: Antonio Quartulli <ordex@autistici.org> int count = 0; wpa_printf(MSG_DEBUG, "nl80211: Join IBSS (ifindex=%d)", drv->ifindex); -@@ -5039,6 +5039,37 @@ retry: +@@ -5118,6 +5118,37 @@ retry: nl80211_put_beacon_int(msg, params->beacon_int)) goto fail; diff --git a/package/network/services/hostapd/patches/463-add-mcast_rate-to-11s.patch b/package/network/services/hostapd/patches/463-add-mcast_rate-to-11s.patch index 9b5ee4bbb3..ef615d2b2f 100644 --- a/package/network/services/hostapd/patches/463-add-mcast_rate-to-11s.patch +++ b/package/network/services/hostapd/patches/463-add-mcast_rate-to-11s.patch @@ -19,7 +19,7 @@ Tested-by: Simon Wunderlich <simon.wunderlich@openmesh.com> --- a/src/drivers/driver.h +++ b/src/drivers/driver.h -@@ -1424,6 +1424,7 @@ struct wpa_driver_mesh_join_params { +@@ -1394,6 +1394,7 @@ struct wpa_driver_mesh_join_params { #define WPA_DRIVER_MESH_FLAG_SAE_AUTH 0x00000004 #define WPA_DRIVER_MESH_FLAG_AMPE 0x00000008 unsigned int flags; @@ -29,7 +29,7 @@ Tested-by: Simon Wunderlich <simon.wunderlich@openmesh.com> /** --- a/src/drivers/driver_nl80211.c +++ b/src/drivers/driver_nl80211.c -@@ -8981,6 +8981,18 @@ static int nl80211_put_mesh_id(struct nl +@@ -9210,6 +9210,18 @@ static int nl80211_put_mesh_id(struct nl } @@ -48,7 +48,7 @@ Tested-by: Simon Wunderlich <simon.wunderlich@openmesh.com> static int nl80211_put_mesh_config(struct nl_msg *msg, struct wpa_driver_mesh_bss_params *params) { -@@ -9039,6 +9051,7 @@ static int nl80211_join_mesh(struct i802 +@@ -9268,6 +9280,7 @@ static int nl80211_join_mesh(struct i802 nl80211_put_basic_rates(msg, params->basic_rates) || nl80211_put_mesh_id(msg, params->meshid, params->meshid_len) || nl80211_put_beacon_int(msg, params->beacon_int) || diff --git a/package/network/services/hostapd/patches/464-fix-mesh-obss-check.patch b/package/network/services/hostapd/patches/464-fix-mesh-obss-check.patch index 3833539489..4f8ea499c0 100644 --- a/package/network/services/hostapd/patches/464-fix-mesh-obss-check.patch +++ b/package/network/services/hostapd/patches/464-fix-mesh-obss-check.patch @@ -1,6 +1,6 @@ --- a/wpa_supplicant/wpa_supplicant.c +++ b/wpa_supplicant/wpa_supplicant.c -@@ -2010,11 +2010,13 @@ void ibss_mesh_setup_freq(struct wpa_sup +@@ -2081,11 +2081,13 @@ void ibss_mesh_setup_freq(struct wpa_sup for (j = 0; j < wpa_s->last_scan_res_used; j++) { struct wpa_bss *bss = wpa_s->last_scan_res[j]; diff --git a/package/network/services/hostapd/patches/600-ubus_support.patch b/package/network/services/hostapd/patches/600-ubus_support.patch index acdc668a7b..940e171ed0 100644 --- a/package/network/services/hostapd/patches/600-ubus_support.patch +++ b/package/network/services/hostapd/patches/600-ubus_support.patch @@ -22,7 +22,7 @@ struct wpa_ctrl_dst; struct radius_server_data; -@@ -122,6 +123,7 @@ struct hostapd_data { +@@ -129,6 +130,7 @@ struct hostapd_data { struct hostapd_iface *iface; struct hostapd_config *iconf; struct hostapd_bss_config *conf; @@ -30,7 +30,7 @@ int interface_added; /* virtual interface added for this BSS */ unsigned int started:1; unsigned int disabled:1; -@@ -370,6 +372,8 @@ struct hostapd_iface { +@@ -392,6 +394,8 @@ struct hostapd_iface { struct hostapd_config *conf; char phy[16]; /* Name of the PHY (radio) */ @@ -39,7 +39,7 @@ enum hostapd_iface_state { HAPD_IFACE_UNINITIALIZED, HAPD_IFACE_DISABLED, -@@ -518,6 +522,7 @@ hostapd_alloc_bss_data(struct hostapd_if +@@ -544,6 +548,7 @@ hostapd_alloc_bss_data(struct hostapd_if struct hostapd_bss_config *bss); int hostapd_setup_interface(struct hostapd_iface *iface); int hostapd_setup_interface_complete(struct hostapd_iface *iface, int err); @@ -75,7 +75,7 @@ { #ifdef NEED_AP_MLME u16 capab = hostapd_own_capab_info(hapd); -@@ -1711,6 +1714,7 @@ static int hostapd_setup_interface_compl +@@ -1807,6 +1810,7 @@ static int hostapd_setup_interface_compl if (err) goto fail; @@ -83,7 +83,7 @@ wpa_printf(MSG_DEBUG, "Completing interface initialization"); if (iface->conf->channel) { #ifdef NEED_AP_MLME -@@ -1890,6 +1894,7 @@ dfs_offload: +@@ -1987,6 +1991,7 @@ dfs_offload: fail: wpa_printf(MSG_ERROR, "Interface initialization failed"); @@ -91,7 +91,7 @@ hostapd_set_state(iface, HAPD_IFACE_DISABLED); wpa_msg(hapd->msg_ctx, MSG_INFO, AP_EVENT_DISABLED); #ifdef CONFIG_FST -@@ -2344,6 +2349,7 @@ void hostapd_interface_deinit_free(struc +@@ -2441,6 +2446,7 @@ void hostapd_interface_deinit_free(struc (unsigned int) iface->conf->num_bss); driver = iface->bss[0]->driver; drv_priv = iface->bss[0]->drv_priv; @@ -101,7 +101,7 @@ __func__, driver, drv_priv); --- a/src/ap/ieee802_11.c +++ b/src/ap/ieee802_11.c -@@ -1587,12 +1587,13 @@ ieee802_11_set_radius_info(struct hostap +@@ -1662,12 +1662,13 @@ ieee802_11_set_radius_info(struct hostap static void handle_auth(struct hostapd_data *hapd, @@ -117,7 +117,7 @@ u16 fc; const u8 *challenge = NULL; u32 session_timeout, acct_interim_interval; -@@ -1603,6 +1604,11 @@ static void handle_auth(struct hostapd_d +@@ -1678,6 +1679,11 @@ static void handle_auth(struct hostapd_d char *identity = NULL; char *radius_cui = NULL; u16 seq_ctrl; @@ -129,7 +129,7 @@ if (len < IEEE80211_HDRLEN + sizeof(mgmt->u.auth)) { wpa_printf(MSG_INFO, "handle_auth - too short payload (len=%lu)", -@@ -1757,6 +1763,13 @@ static void handle_auth(struct hostapd_d +@@ -1836,6 +1842,13 @@ static void handle_auth(struct hostapd_d resp = WLAN_STATUS_UNSPECIFIED_FAILURE; goto fail; } @@ -143,7 +143,7 @@ if (res == HOSTAPD_ACL_PENDING) return; -@@ -2870,12 +2883,12 @@ void fils_hlp_timeout(void *eloop_ctx, v +@@ -3102,12 +3115,12 @@ void fils_hlp_timeout(void *eloop_ctx, v static void handle_assoc(struct hostapd_data *hapd, const struct ieee80211_mgmt *mgmt, size_t len, @@ -158,7 +158,7 @@ struct sta_info *sta; u8 *tmp = NULL; struct hostapd_sta_wpa_psk_short *psk = NULL; -@@ -2884,6 +2897,11 @@ static void handle_assoc(struct hostapd_ +@@ -3116,6 +3129,11 @@ static void handle_assoc(struct hostapd_ #ifdef CONFIG_FILS int delay_assoc = 0; #endif /* CONFIG_FILS */ @@ -170,7 +170,7 @@ if (len < IEEE80211_HDRLEN + (reassoc ? sizeof(mgmt->u.reassoc_req) : sizeof(mgmt->u.assoc_req))) { -@@ -3051,6 +3069,14 @@ static void handle_assoc(struct hostapd_ +@@ -3287,6 +3305,14 @@ static void handle_assoc(struct hostapd_ } #endif /* CONFIG_MBO */ @@ -185,7 +185,7 @@ /* * sta->capability is used in check_assoc_ies() for RRM enabled * capability element. -@@ -3258,6 +3284,7 @@ static void handle_disassoc(struct hosta +@@ -3500,6 +3526,7 @@ static void handle_disassoc(struct hosta wpa_printf(MSG_DEBUG, "disassocation: STA=" MACSTR " reason_code=%d", MAC2STR(mgmt->sa), le_to_host16(mgmt->u.disassoc.reason_code)); @@ -193,7 +193,7 @@ sta = ap_get_sta(hapd, mgmt->sa); if (sta == NULL) { -@@ -3323,6 +3350,8 @@ static void handle_deauth(struct hostapd +@@ -3565,6 +3592,8 @@ static void handle_deauth(struct hostapd " reason_code=%d", MAC2STR(mgmt->sa), le_to_host16(mgmt->u.deauth.reason_code)); @@ -202,16 +202,16 @@ sta = ap_get_sta(hapd, mgmt->sa); if (sta == NULL) { wpa_msg(hapd->msg_ctx, MSG_DEBUG, "Station " MACSTR " trying " -@@ -3637,7 +3666,7 @@ int ieee802_11_mgmt(struct hostapd_data +@@ -3884,7 +3913,7 @@ int ieee802_11_mgmt(struct hostapd_data if (stype == WLAN_FC_STYPE_PROBE_REQ) { -- handle_probe_req(hapd, mgmt, len, fi->ssi_signal); +- handle_probe_req(hapd, mgmt, len, ssi_signal); + handle_probe_req(hapd, mgmt, len, fi); return 1; } -@@ -3657,17 +3686,17 @@ int ieee802_11_mgmt(struct hostapd_data +@@ -3904,17 +3933,17 @@ int ieee802_11_mgmt(struct hostapd_data switch (stype) { case WLAN_FC_STYPE_AUTH: wpa_printf(MSG_DEBUG, "mgmt::auth"); @@ -234,7 +234,7 @@ case WLAN_FC_STYPE_DISASSOC: --- a/src/ap/beacon.c +++ b/src/ap/beacon.c -@@ -716,7 +716,7 @@ void sta_track_claim_taxonomy_info(struc +@@ -720,7 +720,7 @@ void sta_track_claim_taxonomy_info(struc void handle_probe_req(struct hostapd_data *hapd, const struct ieee80211_mgmt *mgmt, size_t len, @@ -243,7 +243,7 @@ { u8 *resp; struct ieee802_11_elems elems; -@@ -725,9 +725,15 @@ void handle_probe_req(struct hostapd_dat +@@ -729,6 +729,7 @@ void handle_probe_req(struct hostapd_dat size_t i, resp_len; int noack; enum ssid_match_result res; @@ -251,6 +251,10 @@ int ret; u16 csa_offs[2]; size_t csa_offs_len; +@@ -737,6 +738,11 @@ void handle_probe_req(struct hostapd_dat + struct hostapd_sta_wpa_psk_short *psk = NULL; + char *identity = NULL; + char *radius_cui = NULL; + struct hostapd_ubus_request req = { + .type = HOSTAPD_UBUS_PROBE_REQ, + .mgmt_frame = mgmt, @@ -259,7 +263,7 @@ if (len < IEEE80211_HDRLEN) return; -@@ -894,6 +900,12 @@ void handle_probe_req(struct hostapd_dat +@@ -914,6 +920,12 @@ void handle_probe_req(struct hostapd_dat } #endif /* CONFIG_P2P */ @@ -311,7 +315,7 @@ wpabuf_free(sta->p2p_ie); --- a/src/ap/sta_info.c +++ b/src/ap/sta_info.c -@@ -404,6 +404,7 @@ void ap_handle_timer(void *eloop_ctx, vo +@@ -412,6 +412,7 @@ void ap_handle_timer(void *eloop_ctx, vo HOSTAPD_LEVEL_INFO, "deauthenticated due to " "local deauth request"); ap_free_sta(hapd, sta); @@ -319,7 +323,7 @@ return; } -@@ -551,6 +552,7 @@ skip_poll: +@@ -559,6 +560,7 @@ skip_poll: hapd, sta, WLAN_REASON_PREV_AUTH_NOT_VALID); ap_free_sta(hapd, sta); @@ -327,7 +331,7 @@ break; } } -@@ -1212,6 +1214,7 @@ void ap_sta_set_authorized(struct hostap +@@ -1220,6 +1222,7 @@ void ap_sta_set_authorized(struct hostap buf, ip_addr); } else { wpa_msg(hapd->msg_ctx, MSG_INFO, AP_STA_DISCONNECTED "%s", buf); @@ -337,7 +341,7 @@ hapd->msg_ctx_parent != hapd->msg_ctx) --- a/src/ap/wpa_auth_glue.c +++ b/src/ap/wpa_auth_glue.c -@@ -175,6 +175,7 @@ static void hostapd_wpa_auth_psk_failure +@@ -176,6 +176,7 @@ static void hostapd_wpa_auth_psk_failure struct hostapd_data *hapd = ctx; wpa_msg(hapd->msg_ctx, MSG_INFO, AP_STA_POSSIBLE_PSK_MISMATCH MACSTR, MAC2STR(addr)); |