include $(TOPDIR)/rules.mk
PKG_NAME:=hostapd
-PKG_RELEASE:=6
+PKG_RELEASE:=1
PKG_SOURCE_URL:=http://w1.fi/hostap.git
PKG_SOURCE_PROTO:=git
-PKG_SOURCE_DATE:=2017-08-24
-PKG_SOURCE_VERSION:=c2d4f2eb5dba0b5c5a8c5805823084da958a9b52
-PKG_MIRROR_HASH:=c6ad9a73fc1ae0ba8bc48f71cf14394b274bc9c2c1d1b53c2775f08312597e74
+PKG_SOURCE_DATE:=2018-03-26
+PKG_SOURCE_VERSION:=64624f31cf81dc6164462fa153ee7a5909e21183
+PKG_MIRROR_HASH:=2c9e2548b1e6bbafe1b4e545543999b587bbd31a85eba69d54ffced8d7394f30
PKG_MAINTAINER:=Felix Fietkau <nbd@nbd.name>
PKG_LICENSE:=BSD-3-Clause
if [ ${#key} -eq 64 ]; then
passphrase="psk=${key}"
else
- passphrase="psk=\"${key}\""
+ if [ "$_w_mode" = "mesh" ]; then
+ passphrase="sae_password=\"${key}\""
+ else
+ passphrase="psk=\"${key}\""
+ fi
fi
append network_data "$passphrase" "$N$T"
;;
+++ /dev/null
-From: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
-Date: Fri, 14 Jul 2017 15:15:35 +0200
-Subject: [PATCH] hostapd: Avoid key reinstallation in FT handshake
-
-Do not reinstall TK to the driver during Reassociation Response frame
-processing if the first attempt of setting the TK succeeded. This avoids
-issues related to clearing the TX/RX PN that could result in reusing
-same PN values for transmitted frames (e.g., due to CCM nonce reuse and
-also hitting replay protection on the receiver) and accepting replayed
-frames on RX side.
-
-This issue was introduced by the commit
-0e84c25434e6a1f283c7b4e62e483729085b78d2 ('FT: Fix PTK configuration in
-authenticator') which allowed wpa_ft_install_ptk() to be called multiple
-times with the same PTK. While the second configuration attempt is
-needed with some drivers, it must be done only if the first attempt
-failed.
-
-Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
----
-
---- a/src/ap/ieee802_11.c
-+++ b/src/ap/ieee802_11.c
-@@ -2522,6 +2522,7 @@ static int add_associated_sta(struct hos
- {
- struct ieee80211_ht_capabilities ht_cap;
- struct ieee80211_vht_capabilities vht_cap;
-+ int set = 1;
-
- /*
- * Remove the STA entry to ensure the STA PS state gets cleared and
-@@ -2529,9 +2530,18 @@ static int add_associated_sta(struct hos
- * FT-over-the-DS, where a station re-associates back to the same AP but
- * skips the authentication flow, or if working with a driver that
- * does not support full AP client state.
-+ *
-+ * Skip this if the STA has already completed FT reassociation and the
-+ * TK has been configured since the TX/RX PN must not be reset to 0 for
-+ * the same key.
- */
-- if (!sta->added_unassoc)
-+ if (!sta->added_unassoc &&
-+ (!(sta->flags & WLAN_STA_AUTHORIZED) ||
-+ !wpa_auth_sta_ft_tk_already_set(sta->wpa_sm))) {
- hostapd_drv_sta_remove(hapd, sta->addr);
-+ wpa_auth_sm_event(sta->wpa_sm, WPA_DRV_STA_REMOVED);
-+ set = 0;
-+ }
-
- #ifdef CONFIG_IEEE80211N
- if (sta->flags & WLAN_STA_HT)
-@@ -2554,11 +2564,11 @@ static int add_associated_sta(struct hos
- sta->flags & WLAN_STA_VHT ? &vht_cap : NULL,
- sta->flags | WLAN_STA_ASSOC, sta->qosinfo,
- sta->vht_opmode, sta->p2p_ie ? 1 : 0,
-- sta->added_unassoc)) {
-+ set)) {
- hostapd_logger(hapd, sta->addr,
- HOSTAPD_MODULE_IEEE80211, HOSTAPD_LEVEL_NOTICE,
- "Could not %s STA to kernel driver",
-- sta->added_unassoc ? "set" : "add");
-+ set ? "set" : "add");
-
- if (sta->added_unassoc) {
- hostapd_drv_sta_remove(hapd, sta->addr);
---- a/src/ap/wpa_auth.c
-+++ b/src/ap/wpa_auth.c
-@@ -1783,6 +1783,9 @@ int wpa_auth_sm_event(struct wpa_state_m
- #else /* CONFIG_FILS */
- break;
- #endif /* CONFIG_FILS */
-+ case WPA_DRV_STA_REMOVED:
-+ sm->tk_already_set = FALSE;
-+ return 0;
- }
-
- #ifdef CONFIG_IEEE80211R_AP
-@@ -3922,6 +3925,14 @@ int wpa_auth_sta_wpa_version(struct wpa_
- }
-
-
-+int wpa_auth_sta_ft_tk_already_set(struct wpa_state_machine *sm)
-+{
-+ if (!sm || !wpa_key_mgmt_ft(sm->wpa_key_mgmt))
-+ return 0;
-+ return sm->tk_already_set;
-+}
-+
-+
- int wpa_auth_sta_clear_pmksa(struct wpa_state_machine *sm,
- struct rsn_pmksa_cache_entry *entry)
- {
---- a/src/ap/wpa_auth.h
-+++ b/src/ap/wpa_auth.h
-@@ -300,7 +300,7 @@ void wpa_receive(struct wpa_authenticato
- u8 *data, size_t data_len);
- enum wpa_event {
- WPA_AUTH, WPA_ASSOC, WPA_DISASSOC, WPA_DEAUTH, WPA_REAUTH,
-- WPA_REAUTH_EAPOL, WPA_ASSOC_FT, WPA_ASSOC_FILS
-+ WPA_REAUTH_EAPOL, WPA_ASSOC_FT, WPA_ASSOC_FILS, WPA_DRV_STA_REMOVED
- };
- void wpa_remove_ptk(struct wpa_state_machine *sm);
- int wpa_auth_sm_event(struct wpa_state_machine *sm, enum wpa_event event);
-@@ -313,6 +313,7 @@ int wpa_auth_pairwise_set(struct wpa_sta
- int wpa_auth_get_pairwise(struct wpa_state_machine *sm);
- int wpa_auth_sta_key_mgmt(struct wpa_state_machine *sm);
- int wpa_auth_sta_wpa_version(struct wpa_state_machine *sm);
-+int wpa_auth_sta_ft_tk_already_set(struct wpa_state_machine *sm);
- int wpa_auth_sta_clear_pmksa(struct wpa_state_machine *sm,
- struct rsn_pmksa_cache_entry *entry);
- struct rsn_pmksa_cache_entry *
---- a/src/ap/wpa_auth_ft.c
-+++ b/src/ap/wpa_auth_ft.c
-@@ -1937,6 +1937,14 @@ void wpa_ft_install_ptk(struct wpa_state
- return;
- }
-
-+ if (sm->tk_already_set) {
-+ /* Must avoid TK reconfiguration to prevent clearing of TX/RX
-+ * PN in the driver */
-+ wpa_printf(MSG_DEBUG,
-+ "FT: Do not re-install same PTK to the driver");
-+ return;
-+ }
-+
- /* FIX: add STA entry to kernel/driver here? The set_key will fail
- * most likely without this.. At the moment, STA entry is added only
- * after association has been completed. This function will be called
-@@ -1949,6 +1957,7 @@ void wpa_ft_install_ptk(struct wpa_state
-
- /* FIX: MLME-SetProtection.Request(TA, Tx_Rx) */
- sm->pairwise_set = TRUE;
-+ sm->tk_already_set = TRUE;
- }
-
-
-@@ -2152,6 +2161,7 @@ static int wpa_ft_process_auth_req(struc
-
- sm->pairwise = pairwise;
- sm->PTK_valid = TRUE;
-+ sm->tk_already_set = FALSE;
- wpa_ft_install_ptk(sm);
-
- buflen = 2 + sizeof(struct rsn_mdie) + 2 + sizeof(struct rsn_ftie) +
---- a/src/ap/wpa_auth_i.h
-+++ b/src/ap/wpa_auth_i.h
-@@ -61,6 +61,7 @@ struct wpa_state_machine {
- struct wpa_ptk PTK;
- Boolean PTK_valid;
- Boolean pairwise_set;
-+ Boolean tk_already_set;
- int keycount;
- Boolean Pair;
- struct wpa_key_replay_counter {
+++ /dev/null
-From: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
-Date: Wed, 12 Jul 2017 16:03:24 +0200
-Subject: [PATCH] Prevent reinstallation of an already in-use group key
-
-Track the current GTK and IGTK that is in use and when receiving a
-(possibly retransmitted) Group Message 1 or WNM-Sleep Mode Response, do
-not install the given key if it is already in use. This prevents an
-attacker from trying to trick the client into resetting or lowering the
-sequence counter associated to the group key.
-
-Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
----
-
---- a/src/common/wpa_common.h
-+++ b/src/common/wpa_common.h
-@@ -218,6 +218,17 @@ struct wpa_ptk {
- size_t tk_len;
- };
-
-+struct wpa_gtk {
-+ u8 gtk[WPA_GTK_MAX_LEN];
-+ size_t gtk_len;
-+};
-+
-+#ifdef CONFIG_IEEE80211W
-+struct wpa_igtk {
-+ u8 igtk[WPA_IGTK_MAX_LEN];
-+ size_t igtk_len;
-+};
-+#endif /* CONFIG_IEEE80211W */
-
- /* WPA IE version 1
- * 00-50-f2:1 (OUI:OUI type)
---- a/src/rsn_supp/wpa.c
-+++ b/src/rsn_supp/wpa.c
-@@ -800,6 +800,15 @@ static int wpa_supplicant_install_gtk(st
- const u8 *_gtk = gd->gtk;
- u8 gtk_buf[32];
-
-+ /* Detect possible key reinstallation */
-+ if (sm->gtk.gtk_len == (size_t) gd->gtk_len &&
-+ os_memcmp(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len) == 0) {
-+ wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
-+ "WPA: Not reinstalling already in-use GTK to the driver (keyidx=%d tx=%d len=%d)",
-+ gd->keyidx, gd->tx, gd->gtk_len);
-+ return 0;
-+ }
-+
- wpa_hexdump_key(MSG_DEBUG, "WPA: Group Key", gd->gtk, gd->gtk_len);
- wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
- "WPA: Installing GTK to the driver (keyidx=%d tx=%d len=%d)",
-@@ -834,6 +843,9 @@ static int wpa_supplicant_install_gtk(st
- }
- os_memset(gtk_buf, 0, sizeof(gtk_buf));
-
-+ sm->gtk.gtk_len = gd->gtk_len;
-+ os_memcpy(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len);
-+
- return 0;
- }
-
-@@ -940,6 +952,48 @@ static int wpa_supplicant_pairwise_gtk(s
- }
-
-
-+#ifdef CONFIG_IEEE80211W
-+static int wpa_supplicant_install_igtk(struct wpa_sm *sm,
-+ const struct wpa_igtk_kde *igtk)
-+{
-+ size_t len = wpa_cipher_key_len(sm->mgmt_group_cipher);
-+ u16 keyidx = WPA_GET_LE16(igtk->keyid);
-+
-+ /* Detect possible key reinstallation */
-+ if (sm->igtk.igtk_len == len &&
-+ os_memcmp(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len) == 0) {
-+ wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
-+ "WPA: Not reinstalling already in-use IGTK to the driver (keyidx=%d)",
-+ keyidx);
-+ return 0;
-+ }
-+
-+ wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
-+ "WPA: IGTK keyid %d pn %02x%02x%02x%02x%02x%02x",
-+ keyidx, MAC2STR(igtk->pn));
-+ wpa_hexdump_key(MSG_DEBUG, "WPA: IGTK", igtk->igtk, len);
-+ if (keyidx > 4095) {
-+ wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
-+ "WPA: Invalid IGTK KeyID %d", keyidx);
-+ return -1;
-+ }
-+ if (wpa_sm_set_key(sm, wpa_cipher_to_alg(sm->mgmt_group_cipher),
-+ broadcast_ether_addr,
-+ keyidx, 0, igtk->pn, sizeof(igtk->pn),
-+ igtk->igtk, len) < 0) {
-+ wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
-+ "WPA: Failed to configure IGTK to the driver");
-+ return -1;
-+ }
-+
-+ sm->igtk.igtk_len = len;
-+ os_memcpy(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len);
-+
-+ return 0;
-+}
-+#endif /* CONFIG_IEEE80211W */
-+
-+
- static int ieee80211w_set_keys(struct wpa_sm *sm,
- struct wpa_eapol_ie_parse *ie)
- {
-@@ -950,30 +1004,14 @@ static int ieee80211w_set_keys(struct wp
- if (ie->igtk) {
- size_t len;
- const struct wpa_igtk_kde *igtk;
-- u16 keyidx;
-+
- len = wpa_cipher_key_len(sm->mgmt_group_cipher);
- if (ie->igtk_len != WPA_IGTK_KDE_PREFIX_LEN + len)
- return -1;
-+
- igtk = (const struct wpa_igtk_kde *) ie->igtk;
-- keyidx = WPA_GET_LE16(igtk->keyid);
-- wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: IGTK keyid %d "
-- "pn %02x%02x%02x%02x%02x%02x",
-- keyidx, MAC2STR(igtk->pn));
-- wpa_hexdump_key(MSG_DEBUG, "WPA: IGTK",
-- igtk->igtk, len);
-- if (keyidx > 4095) {
-- wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
-- "WPA: Invalid IGTK KeyID %d", keyidx);
-+ if (wpa_supplicant_install_igtk(sm, igtk) < 0)
- return -1;
-- }
-- if (wpa_sm_set_key(sm, wpa_cipher_to_alg(sm->mgmt_group_cipher),
-- broadcast_ether_addr,
-- keyidx, 0, igtk->pn, sizeof(igtk->pn),
-- igtk->igtk, len) < 0) {
-- wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
-- "WPA: Failed to configure IGTK to the driver");
-- return -1;
-- }
- }
-
- return 0;
-@@ -2491,7 +2529,7 @@ void wpa_sm_deinit(struct wpa_sm *sm)
- */
- void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid)
- {
-- int clear_ptk = 1;
-+ int clear_keys = 1;
-
- if (sm == NULL)
- return;
-@@ -2517,7 +2555,7 @@ void wpa_sm_notify_assoc(struct wpa_sm *
- /* Prepare for the next transition */
- wpa_ft_prepare_auth_request(sm, NULL);
-
-- clear_ptk = 0;
-+ clear_keys = 0;
- }
- #endif /* CONFIG_IEEE80211R */
- #ifdef CONFIG_FILS
-@@ -2527,11 +2565,11 @@ void wpa_sm_notify_assoc(struct wpa_sm *
- * AUTHENTICATED state to get the EAPOL port Authorized.
- */
- wpa_supplicant_key_neg_complete(sm, sm->bssid, 1);
-- clear_ptk = 0;
-+ clear_keys = 0;
- }
- #endif /* CONFIG_FILS */
-
-- if (clear_ptk) {
-+ if (clear_keys) {
- /*
- * IEEE 802.11, 8.4.10: Delete PTK SA on (re)association if
- * this is not part of a Fast BSS Transition.
-@@ -2541,6 +2579,10 @@ void wpa_sm_notify_assoc(struct wpa_sm *
- os_memset(&sm->ptk, 0, sizeof(sm->ptk));
- sm->tptk_set = 0;
- os_memset(&sm->tptk, 0, sizeof(sm->tptk));
-+ os_memset(&sm->gtk, 0, sizeof(sm->gtk));
-+#ifdef CONFIG_IEEE80211W
-+ os_memset(&sm->igtk, 0, sizeof(sm->igtk));
-+#endif /* CONFIG_IEEE80211W */
- }
-
- #ifdef CONFIG_TDLS
-@@ -3117,6 +3159,10 @@ void wpa_sm_drop_sa(struct wpa_sm *sm)
- os_memset(sm->pmk, 0, sizeof(sm->pmk));
- os_memset(&sm->ptk, 0, sizeof(sm->ptk));
- os_memset(&sm->tptk, 0, sizeof(sm->tptk));
-+ os_memset(&sm->gtk, 0, sizeof(sm->gtk));
-+#ifdef CONFIG_IEEE80211W
-+ os_memset(&sm->igtk, 0, sizeof(sm->igtk));
-+#endif /* CONFIG_IEEE80211W */
- #ifdef CONFIG_IEEE80211R
- os_memset(sm->xxkey, 0, sizeof(sm->xxkey));
- os_memset(sm->pmk_r0, 0, sizeof(sm->pmk_r0));
-@@ -3189,29 +3235,11 @@ int wpa_wnmsleep_install_key(struct wpa_
- os_memset(&gd, 0, sizeof(gd));
- #ifdef CONFIG_IEEE80211W
- } else if (subelem_id == WNM_SLEEP_SUBELEM_IGTK) {
-- struct wpa_igtk_kde igd;
-- u16 keyidx;
-+ const struct wpa_igtk_kde *igtk;
-
-- os_memset(&igd, 0, sizeof(igd));
-- keylen = wpa_cipher_key_len(sm->mgmt_group_cipher);
-- os_memcpy(igd.keyid, buf + 2, 2);
-- os_memcpy(igd.pn, buf + 4, 6);
--
-- keyidx = WPA_GET_LE16(igd.keyid);
-- os_memcpy(igd.igtk, buf + 10, keylen);
--
-- wpa_hexdump_key(MSG_DEBUG, "Install IGTK (WNM SLEEP)",
-- igd.igtk, keylen);
-- if (wpa_sm_set_key(sm, wpa_cipher_to_alg(sm->mgmt_group_cipher),
-- broadcast_ether_addr,
-- keyidx, 0, igd.pn, sizeof(igd.pn),
-- igd.igtk, keylen) < 0) {
-- wpa_printf(MSG_DEBUG, "Failed to install the IGTK in "
-- "WNM mode");
-- os_memset(&igd, 0, sizeof(igd));
-+ igtk = (const struct wpa_igtk_kde *) (buf + 2);
-+ if (wpa_supplicant_install_igtk(sm, igtk) < 0)
- return -1;
-- }
-- os_memset(&igd, 0, sizeof(igd));
- #endif /* CONFIG_IEEE80211W */
- } else {
- wpa_printf(MSG_DEBUG, "Unknown element id");
---- a/src/rsn_supp/wpa_i.h
-+++ b/src/rsn_supp/wpa_i.h
-@@ -31,6 +31,10 @@ struct wpa_sm {
- u8 rx_replay_counter[WPA_REPLAY_COUNTER_LEN];
- int rx_replay_counter_set;
- u8 request_counter[WPA_REPLAY_COUNTER_LEN];
-+ struct wpa_gtk gtk;
-+#ifdef CONFIG_IEEE80211W
-+ struct wpa_igtk igtk;
-+#endif /* CONFIG_IEEE80211W */
-
- struct eapol_sm *eapol; /* EAPOL state machine from upper level code */
-
+++ /dev/null
-From: Jouni Malinen <j@w1.fi>
-Date: Sun, 1 Oct 2017 12:12:24 +0300
-Subject: [PATCH] Extend protection of GTK/IGTK reinstallation of WNM-Sleep
- Mode cases
-
-This extends the protection to track last configured GTK/IGTK value
-separately from EAPOL-Key frames and WNM-Sleep Mode frames to cover a
-corner case where these two different mechanisms may get used when the
-GTK/IGTK has changed and tracking a single value is not sufficient to
-detect a possible key reconfiguration.
-
-Signed-off-by: Jouni Malinen <j@w1.fi>
----
-
---- a/src/rsn_supp/wpa.c
-+++ b/src/rsn_supp/wpa.c
-@@ -795,14 +795,17 @@ struct wpa_gtk_data {
-
- static int wpa_supplicant_install_gtk(struct wpa_sm *sm,
- const struct wpa_gtk_data *gd,
-- const u8 *key_rsc)
-+ const u8 *key_rsc, int wnm_sleep)
- {
- const u8 *_gtk = gd->gtk;
- u8 gtk_buf[32];
-
- /* Detect possible key reinstallation */
-- if (sm->gtk.gtk_len == (size_t) gd->gtk_len &&
-- os_memcmp(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len) == 0) {
-+ if ((sm->gtk.gtk_len == (size_t) gd->gtk_len &&
-+ os_memcmp(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len) == 0) ||
-+ (sm->gtk_wnm_sleep.gtk_len == (size_t) gd->gtk_len &&
-+ os_memcmp(sm->gtk_wnm_sleep.gtk, gd->gtk,
-+ sm->gtk_wnm_sleep.gtk_len) == 0)) {
- wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
- "WPA: Not reinstalling already in-use GTK to the driver (keyidx=%d tx=%d len=%d)",
- gd->keyidx, gd->tx, gd->gtk_len);
-@@ -843,8 +846,14 @@ static int wpa_supplicant_install_gtk(st
- }
- os_memset(gtk_buf, 0, sizeof(gtk_buf));
-
-- sm->gtk.gtk_len = gd->gtk_len;
-- os_memcpy(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len);
-+ if (wnm_sleep) {
-+ sm->gtk_wnm_sleep.gtk_len = gd->gtk_len;
-+ os_memcpy(sm->gtk_wnm_sleep.gtk, gd->gtk,
-+ sm->gtk_wnm_sleep.gtk_len);
-+ } else {
-+ sm->gtk.gtk_len = gd->gtk_len;
-+ os_memcpy(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len);
-+ }
-
- return 0;
- }
-@@ -938,7 +947,7 @@ static int wpa_supplicant_pairwise_gtk(s
- (wpa_supplicant_check_group_cipher(sm, sm->group_cipher,
- gtk_len, gtk_len,
- &gd.key_rsc_len, &gd.alg) ||
-- wpa_supplicant_install_gtk(sm, &gd, key_rsc))) {
-+ wpa_supplicant_install_gtk(sm, &gd, key_rsc, 0))) {
- wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
- "RSN: Failed to install GTK");
- os_memset(&gd, 0, sizeof(gd));
-@@ -954,14 +963,18 @@ static int wpa_supplicant_pairwise_gtk(s
-
- #ifdef CONFIG_IEEE80211W
- static int wpa_supplicant_install_igtk(struct wpa_sm *sm,
-- const struct wpa_igtk_kde *igtk)
-+ const struct wpa_igtk_kde *igtk,
-+ int wnm_sleep)
- {
- size_t len = wpa_cipher_key_len(sm->mgmt_group_cipher);
- u16 keyidx = WPA_GET_LE16(igtk->keyid);
-
- /* Detect possible key reinstallation */
-- if (sm->igtk.igtk_len == len &&
-- os_memcmp(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len) == 0) {
-+ if ((sm->igtk.igtk_len == len &&
-+ os_memcmp(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len) == 0) ||
-+ (sm->igtk_wnm_sleep.igtk_len == len &&
-+ os_memcmp(sm->igtk_wnm_sleep.igtk, igtk->igtk,
-+ sm->igtk_wnm_sleep.igtk_len) == 0)) {
- wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
- "WPA: Not reinstalling already in-use IGTK to the driver (keyidx=%d)",
- keyidx);
-@@ -986,8 +999,14 @@ static int wpa_supplicant_install_igtk(s
- return -1;
- }
-
-- sm->igtk.igtk_len = len;
-- os_memcpy(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len);
-+ if (wnm_sleep) {
-+ sm->igtk_wnm_sleep.igtk_len = len;
-+ os_memcpy(sm->igtk_wnm_sleep.igtk, igtk->igtk,
-+ sm->igtk_wnm_sleep.igtk_len);
-+ } else {
-+ sm->igtk.igtk_len = len;
-+ os_memcpy(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len);
-+ }
-
- return 0;
- }
-@@ -1010,7 +1029,7 @@ static int ieee80211w_set_keys(struct wp
- return -1;
-
- igtk = (const struct wpa_igtk_kde *) ie->igtk;
-- if (wpa_supplicant_install_igtk(sm, igtk) < 0)
-+ if (wpa_supplicant_install_igtk(sm, igtk, 0) < 0)
- return -1;
- }
-
-@@ -1659,7 +1678,7 @@ static void wpa_supplicant_process_1_of_
- if (wpa_supplicant_rsc_relaxation(sm, key->key_rsc))
- key_rsc = null_rsc;
-
-- if (wpa_supplicant_install_gtk(sm, &gd, key_rsc) ||
-+ if (wpa_supplicant_install_gtk(sm, &gd, key_rsc, 0) ||
- wpa_supplicant_send_2_of_2(sm, key, ver, key_info) < 0)
- goto failed;
- os_memset(&gd, 0, sizeof(gd));
-@@ -2580,8 +2599,10 @@ void wpa_sm_notify_assoc(struct wpa_sm *
- sm->tptk_set = 0;
- os_memset(&sm->tptk, 0, sizeof(sm->tptk));
- os_memset(&sm->gtk, 0, sizeof(sm->gtk));
-+ os_memset(&sm->gtk_wnm_sleep, 0, sizeof(sm->gtk_wnm_sleep));
- #ifdef CONFIG_IEEE80211W
- os_memset(&sm->igtk, 0, sizeof(sm->igtk));
-+ os_memset(&sm->igtk_wnm_sleep, 0, sizeof(sm->igtk_wnm_sleep));
- #endif /* CONFIG_IEEE80211W */
- }
-
-@@ -3160,8 +3181,10 @@ void wpa_sm_drop_sa(struct wpa_sm *sm)
- os_memset(&sm->ptk, 0, sizeof(sm->ptk));
- os_memset(&sm->tptk, 0, sizeof(sm->tptk));
- os_memset(&sm->gtk, 0, sizeof(sm->gtk));
-+ os_memset(&sm->gtk_wnm_sleep, 0, sizeof(sm->gtk_wnm_sleep));
- #ifdef CONFIG_IEEE80211W
- os_memset(&sm->igtk, 0, sizeof(sm->igtk));
-+ os_memset(&sm->igtk_wnm_sleep, 0, sizeof(sm->igtk_wnm_sleep));
- #endif /* CONFIG_IEEE80211W */
- #ifdef CONFIG_IEEE80211R
- os_memset(sm->xxkey, 0, sizeof(sm->xxkey));
-@@ -3226,7 +3249,7 @@ int wpa_wnmsleep_install_key(struct wpa_
-
- wpa_hexdump_key(MSG_DEBUG, "Install GTK (WNM SLEEP)",
- gd.gtk, gd.gtk_len);
-- if (wpa_supplicant_install_gtk(sm, &gd, key_rsc)) {
-+ if (wpa_supplicant_install_gtk(sm, &gd, key_rsc, 1)) {
- os_memset(&gd, 0, sizeof(gd));
- wpa_printf(MSG_DEBUG, "Failed to install the GTK in "
- "WNM mode");
-@@ -3238,7 +3261,7 @@ int wpa_wnmsleep_install_key(struct wpa_
- const struct wpa_igtk_kde *igtk;
-
- igtk = (const struct wpa_igtk_kde *) (buf + 2);
-- if (wpa_supplicant_install_igtk(sm, igtk) < 0)
-+ if (wpa_supplicant_install_igtk(sm, igtk, 1) < 0)
- return -1;
- #endif /* CONFIG_IEEE80211W */
- } else {
-@@ -4121,7 +4144,7 @@ int fils_process_assoc_resp(struct wpa_s
- os_memcpy(gd.gtk, kde.gtk + 2, kde.gtk_len - 2);
-
- wpa_printf(MSG_DEBUG, "FILS: Set GTK to driver");
-- if (wpa_supplicant_install_gtk(sm, &gd, elems.key_delivery) < 0) {
-+ if (wpa_supplicant_install_gtk(sm, &gd, elems.key_delivery, 0) < 0) {
- wpa_printf(MSG_DEBUG, "FILS: Failed to set GTK");
- goto fail;
- }
---- a/src/rsn_supp/wpa_i.h
-+++ b/src/rsn_supp/wpa_i.h
-@@ -32,8 +32,10 @@ struct wpa_sm {
- int rx_replay_counter_set;
- u8 request_counter[WPA_REPLAY_COUNTER_LEN];
- struct wpa_gtk gtk;
-+ struct wpa_gtk gtk_wnm_sleep;
- #ifdef CONFIG_IEEE80211W
- struct wpa_igtk igtk;
-+ struct wpa_igtk igtk_wnm_sleep;
- #endif /* CONFIG_IEEE80211W */
-
- struct eapol_sm *eapol; /* EAPOL state machine from upper level code */
+++ /dev/null
-From: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
-Date: Fri, 29 Sep 2017 04:22:51 +0200
-Subject: [PATCH] Prevent installation of an all-zero TK
-
-Properly track whether a PTK has already been installed to the driver
-and the TK part cleared from memory. This prevents an attacker from
-trying to trick the client into installing an all-zero TK.
-
-This fixes the earlier fix in commit
-ad00d64e7d8827b3cebd665a0ceb08adabf15e1e ('Fix TK configuration to the
-driver in EAPOL-Key 3/4 retry case') which did not take into account
-possibility of an extra message 1/4 showing up between retries of
-message 3/4.
-
-Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
----
-
---- a/src/common/wpa_common.h
-+++ b/src/common/wpa_common.h
-@@ -216,6 +216,7 @@ struct wpa_ptk {
- size_t kck_len;
- size_t kek_len;
- size_t tk_len;
-+ int installed; /* 1 if key has already been installed to driver */
- };
-
- struct wpa_gtk {
---- a/src/rsn_supp/wpa.c
-+++ b/src/rsn_supp/wpa.c
-@@ -594,7 +594,6 @@ static void wpa_supplicant_process_1_of_
- os_memset(buf, 0, sizeof(buf));
- }
- sm->tptk_set = 1;
-- sm->tk_to_set = 1;
-
- kde = sm->assoc_wpa_ie;
- kde_len = sm->assoc_wpa_ie_len;
-@@ -701,7 +700,7 @@ static int wpa_supplicant_install_ptk(st
- enum wpa_alg alg;
- const u8 *key_rsc;
-
-- if (!sm->tk_to_set) {
-+ if (sm->ptk.installed) {
- wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
- "WPA: Do not re-install same PTK to the driver");
- return 0;
-@@ -745,7 +744,7 @@ static int wpa_supplicant_install_ptk(st
-
- /* TK is not needed anymore in supplicant */
- os_memset(sm->ptk.tk, 0, WPA_TK_MAX_LEN);
-- sm->tk_to_set = 0;
-+ sm->ptk.installed = 1;
-
- if (sm->wpa_ptk_rekey) {
- eloop_cancel_timeout(wpa_sm_rekey_ptk, sm, NULL);
-@@ -4172,6 +4171,7 @@ int fils_process_assoc_resp(struct wpa_s
- * takes care of association frame encryption/decryption. */
- /* TK is not needed anymore in supplicant */
- os_memset(sm->ptk.tk, 0, WPA_TK_MAX_LEN);
-+ sm->ptk.installed = 1;
-
- /* FILS HLP Container */
- fils_process_hlp_container(sm, ie_start, end - ie_start);
---- a/src/rsn_supp/wpa_i.h
-+++ b/src/rsn_supp/wpa_i.h
-@@ -24,7 +24,6 @@ struct wpa_sm {
- struct wpa_ptk ptk, tptk;
- int ptk_set, tptk_set;
- unsigned int msg_3_of_4_ok:1;
-- unsigned int tk_to_set:1;
- u8 snonce[WPA_NONCE_LEN];
- u8 anonce[WPA_NONCE_LEN]; /* ANonce from the last 1/4 msg */
- int renew_snonce;
+++ /dev/null
-From: Jouni Malinen <j@w1.fi>
-Date: Sun, 1 Oct 2017 12:32:57 +0300
-Subject: [PATCH] Fix PTK rekeying to generate a new ANonce
-
-The Authenticator state machine path for PTK rekeying ended up bypassing
-the AUTHENTICATION2 state where a new ANonce is generated when going
-directly to the PTKSTART state since there is no need to try to
-determine the PMK again in such a case. This is far from ideal since the
-new PTK would depend on a new nonce only from the supplicant.
-
-Fix this by generating a new ANonce when moving to the PTKSTART state
-for the purpose of starting new 4-way handshake to rekey PTK.
-
-Signed-off-by: Jouni Malinen <j@w1.fi>
----
-
---- a/src/ap/wpa_auth.c
-+++ b/src/ap/wpa_auth.c
-@@ -1951,6 +1951,21 @@ SM_STATE(WPA_PTK, AUTHENTICATION2)
- }
-
-
-+static int wpa_auth_sm_ptk_update(struct wpa_state_machine *sm)
-+{
-+ if (random_get_bytes(sm->ANonce, WPA_NONCE_LEN)) {
-+ wpa_printf(MSG_ERROR,
-+ "WPA: Failed to get random data for ANonce");
-+ sm->Disconnect = TRUE;
-+ return -1;
-+ }
-+ wpa_hexdump(MSG_DEBUG, "WPA: Assign new ANonce", sm->ANonce,
-+ WPA_NONCE_LEN);
-+ sm->TimeoutCtr = 0;
-+ return 0;
-+}
-+
-+
- SM_STATE(WPA_PTK, INITPMK)
- {
- u8 msk[2 * PMK_LEN];
-@@ -3116,9 +3131,12 @@ SM_STEP(WPA_PTK)
- SM_ENTER(WPA_PTK, AUTHENTICATION);
- else if (sm->ReAuthenticationRequest)
- SM_ENTER(WPA_PTK, AUTHENTICATION2);
-- else if (sm->PTKRequest)
-- SM_ENTER(WPA_PTK, PTKSTART);
-- else switch (sm->wpa_ptk_state) {
-+ else if (sm->PTKRequest) {
-+ if (wpa_auth_sm_ptk_update(sm) < 0)
-+ SM_ENTER(WPA_PTK, DISCONNECTED);
-+ else
-+ SM_ENTER(WPA_PTK, PTKSTART);
-+ } else switch (sm->wpa_ptk_state) {
- case WPA_PTK_INITIALIZE:
- break;
- case WPA_PTK_DISCONNECT:
+++ /dev/null
-From: Jouni Malinen <j@w1.fi>
-Date: Fri, 22 Sep 2017 11:03:15 +0300
-Subject: [PATCH] TDLS: Reject TPK-TK reconfiguration
-
-Do not try to reconfigure the same TPK-TK to the driver after it has
-been successfully configured. This is an explicit check to avoid issues
-related to resetting the TX/RX packet number. There was already a check
-for this for TPK M2 (retries of that message are ignored completely), so
-that behavior does not get modified.
-
-For TPK M3, the TPK-TK could have been reconfigured, but that was
-followed by immediate teardown of the link due to an issue in updating
-the STA entry. Furthermore, for TDLS with any real security (i.e.,
-ignoring open/WEP), the TPK message exchange is protected on the AP path
-and simple replay attacks are not feasible.
-
-As an additional corner case, make sure the local nonce gets updated if
-the peer uses a very unlikely "random nonce" of all zeros.
-
-Signed-off-by: Jouni Malinen <j@w1.fi>
----
-
---- a/src/rsn_supp/tdls.c
-+++ b/src/rsn_supp/tdls.c
-@@ -112,6 +112,7 @@ struct wpa_tdls_peer {
- u8 tk[16]; /* TPK-TK; assuming only CCMP will be used */
- } tpk;
- int tpk_set;
-+ int tk_set; /* TPK-TK configured to the driver */
- int tpk_success;
- int tpk_in_progress;
-
-@@ -192,6 +193,20 @@ static int wpa_tdls_set_key(struct wpa_s
- u8 rsc[6];
- enum wpa_alg alg;
-
-+ if (peer->tk_set) {
-+ /*
-+ * This same TPK-TK has already been configured to the driver
-+ * and this new configuration attempt (likely due to an
-+ * unexpected retransmitted frame) would result in clearing
-+ * the TX/RX sequence number which can break security, so must
-+ * not allow that to happen.
-+ */
-+ wpa_printf(MSG_INFO, "TDLS: TPK-TK for the peer " MACSTR
-+ " has already been configured to the driver - do not reconfigure",
-+ MAC2STR(peer->addr));
-+ return -1;
-+ }
-+
- os_memset(rsc, 0, 6);
-
- switch (peer->cipher) {
-@@ -209,12 +224,15 @@ static int wpa_tdls_set_key(struct wpa_s
- return -1;
- }
-
-+ wpa_printf(MSG_DEBUG, "TDLS: Configure pairwise key for peer " MACSTR,
-+ MAC2STR(peer->addr));
- if (wpa_sm_set_key(sm, alg, peer->addr, -1, 1,
- rsc, sizeof(rsc), peer->tpk.tk, key_len) < 0) {
- wpa_printf(MSG_WARNING, "TDLS: Failed to set TPK to the "
- "driver");
- return -1;
- }
-+ peer->tk_set = 1;
- return 0;
- }
-
-@@ -695,7 +713,7 @@ static void wpa_tdls_peer_clear(struct w
- peer->cipher = 0;
- peer->qos_info = 0;
- peer->wmm_capable = 0;
-- peer->tpk_set = peer->tpk_success = 0;
-+ peer->tk_set = peer->tpk_set = peer->tpk_success = 0;
- peer->chan_switch_enabled = 0;
- os_memset(&peer->tpk, 0, sizeof(peer->tpk));
- os_memset(peer->inonce, 0, WPA_NONCE_LEN);
-@@ -1158,6 +1176,7 @@ skip_rsnie:
- wpa_tdls_peer_free(sm, peer);
- return -1;
- }
-+ peer->tk_set = 0; /* A new nonce results in a new TK */
- wpa_hexdump(MSG_DEBUG, "TDLS: Initiator Nonce for TPK handshake",
- peer->inonce, WPA_NONCE_LEN);
- os_memcpy(ftie->Snonce, peer->inonce, WPA_NONCE_LEN);
-@@ -1751,6 +1770,19 @@ static int wpa_tdls_addset_peer(struct w
- }
-
-
-+static int tdls_nonce_set(const u8 *nonce)
-+{
-+ int i;
-+
-+ for (i = 0; i < WPA_NONCE_LEN; i++) {
-+ if (nonce[i])
-+ return 1;
-+ }
-+
-+ return 0;
-+}
-+
-+
- static int wpa_tdls_process_tpk_m1(struct wpa_sm *sm, const u8 *src_addr,
- const u8 *buf, size_t len)
- {
-@@ -2004,7 +2036,8 @@ skip_rsn:
- peer->rsnie_i_len = kde.rsn_ie_len;
- peer->cipher = cipher;
-
-- if (os_memcmp(peer->inonce, ftie->Snonce, WPA_NONCE_LEN) != 0) {
-+ if (os_memcmp(peer->inonce, ftie->Snonce, WPA_NONCE_LEN) != 0 ||
-+ !tdls_nonce_set(peer->inonce)) {
- /*
- * There is no point in updating the RNonce for every obtained
- * TPK M1 frame (e.g., retransmission due to timeout) with the
-@@ -2020,6 +2053,7 @@ skip_rsn:
- "TDLS: Failed to get random data for responder nonce");
- goto error;
- }
-+ peer->tk_set = 0; /* A new nonce results in a new TK */
- }
-
- #if 0
+++ /dev/null
-From: Jouni Malinen <j@w1.fi>
-Date: Fri, 22 Sep 2017 11:25:02 +0300
-Subject: [PATCH] WNM: Ignore WNM-Sleep Mode Response without pending
- request
-
-Commit 03ed0a52393710be6bdae657d1b36efa146520e5 ('WNM: Ignore WNM-Sleep
-Mode Response if WNM-Sleep Mode has not been used') started ignoring the
-response when no WNM-Sleep Mode Request had been used during the
-association. This can be made tighter by clearing the used flag when
-successfully processing a response. This adds an additional layer of
-protection against unexpected retransmissions of the response frame.
-
-Signed-off-by: Jouni Malinen <j@w1.fi>
----
-
---- a/wpa_supplicant/wnm_sta.c
-+++ b/wpa_supplicant/wnm_sta.c
-@@ -260,7 +260,7 @@ static void ieee802_11_rx_wnmsleep_resp(
-
- if (!wpa_s->wnmsleep_used) {
- wpa_printf(MSG_DEBUG,
-- "WNM: Ignore WNM-Sleep Mode Response frame since WNM-Sleep Mode has not been used in this association");
-+ "WNM: Ignore WNM-Sleep Mode Response frame since WNM-Sleep Mode operation has not been requested");
- return;
- }
-
-@@ -299,6 +299,8 @@ static void ieee802_11_rx_wnmsleep_resp(
- return;
- }
-
-+ wpa_s->wnmsleep_used = 0;
-+
- if (wnmsleep_ie->status == WNM_STATUS_SLEEP_ACCEPT ||
- wnmsleep_ie->status == WNM_STATUS_SLEEP_EXIT_ACCEPT_GTK_UPDATE) {
- wpa_printf(MSG_DEBUG, "Successfully recv WNM-Sleep Response "
+++ /dev/null
-From: Jouni Malinen <j@w1.fi>
-Date: Fri, 22 Sep 2017 12:06:37 +0300
-Subject: [PATCH] FT: Do not allow multiple Reassociation Response frames
-
-The driver is expected to not report a second association event without
-the station having explicitly request a new association. As such, this
-case should not be reachable. However, since reconfiguring the same
-pairwise or group keys to the driver could result in nonce reuse issues,
-be extra careful here and do an additional state check to avoid this
-even if the local driver ends up somehow accepting an unexpected
-Reassociation Response frame.
-
-Signed-off-by: Jouni Malinen <j@w1.fi>
----
-
---- a/src/rsn_supp/wpa.c
-+++ b/src/rsn_supp/wpa.c
-@@ -2637,6 +2637,9 @@ void wpa_sm_notify_disassoc(struct wpa_s
- #ifdef CONFIG_FILS
- sm->fils_completed = 0;
- #endif /* CONFIG_FILS */
-+#ifdef CONFIG_IEEE80211R
-+ sm->ft_reassoc_completed = 0;
-+#endif /* CONFIG_IEEE80211R */
-
- /* Keys are not needed in the WPA state machine anymore */
- wpa_sm_drop_sa(sm);
---- a/src/rsn_supp/wpa_ft.c
-+++ b/src/rsn_supp/wpa_ft.c
-@@ -153,6 +153,7 @@ static u8 * wpa_ft_gen_req_ies(struct wp
- u16 capab;
-
- sm->ft_completed = 0;
-+ sm->ft_reassoc_completed = 0;
-
- buf_len = 2 + sizeof(struct rsn_mdie) + 2 + sizeof(struct rsn_ftie) +
- 2 + sm->r0kh_id_len + ric_ies_len + 100;
-@@ -687,6 +688,11 @@ int wpa_ft_validate_reassoc_resp(struct
- return -1;
- }
-
-+ if (sm->ft_reassoc_completed) {
-+ wpa_printf(MSG_DEBUG, "FT: Reassociation has already been completed for this FT protocol instance - ignore unexpected retransmission");
-+ return 0;
-+ }
-+
- if (wpa_ft_parse_ies(ies, ies_len, &parse) < 0) {
- wpa_printf(MSG_DEBUG, "FT: Failed to parse IEs");
- return -1;
-@@ -787,6 +793,8 @@ int wpa_ft_validate_reassoc_resp(struct
- return -1;
- }
-
-+ sm->ft_reassoc_completed = 1;
-+
- if (wpa_ft_process_gtk_subelem(sm, parse.gtk, parse.gtk_len) < 0)
- return -1;
-
---- a/src/rsn_supp/wpa_i.h
-+++ b/src/rsn_supp/wpa_i.h
-@@ -128,6 +128,7 @@ struct wpa_sm {
- size_t r0kh_id_len;
- u8 r1kh_id[FT_R1KH_ID_LEN];
- int ft_completed;
-+ int ft_reassoc_completed;
- int over_the_ds_in_progress;
- u8 target_ap[ETH_ALEN]; /* over-the-DS target AP */
- int set_ptk_after_assoc;
+++ /dev/null
-From a00e946c1c9a1f9cc65c72900d2a444ceb1f872e Mon Sep 17 00:00:00 2001
-From: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
-Date: Thu, 5 Oct 2017 23:53:01 +0200
-Subject: [PATCH] WPA: Extra defense against PTK reinstalls in 4-way handshake
-
-Currently, reinstallations of the PTK are prevented by (1) assuring the
-same TPTK is only set once as the PTK, and (2) that one particular PTK
-is only installed once. This patch makes it more explicit that point (1)
-is required to prevent key reinstallations. At the same time, this patch
-hardens wpa_supplicant such that future changes do not accidentally
-break this property.
-
-Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
----
- src/rsn_supp/wpa.c | 8 ++++++++
- 1 file changed, 8 insertions(+)
-
---- a/src/rsn_supp/wpa.c
-+++ b/src/rsn_supp/wpa.c
-@@ -1728,6 +1728,14 @@ static int wpa_supplicant_verify_eapol_k
- sm->ptk_set = 1;
- os_memcpy(&sm->ptk, &sm->tptk, sizeof(sm->ptk));
- os_memset(&sm->tptk, 0, sizeof(sm->tptk));
-+ /*
-+ * This assures the same TPTK in sm->tptk can never be
-+ * copied twice to sm->pkt as the new PTK. In
-+ * combination with the installed flag in the wpa_ptk
-+ * struct, this assures the same PTK is only installed
-+ * once.
-+ */
-+ sm->renew_snonce = 1;
- }
- }
-
+++ /dev/null
-From b488a12948751f57871f09baa345e59b23959a41 Mon Sep 17 00:00:00 2001
-From: Jouni Malinen <j@w1.fi>
-Date: Sun, 8 Oct 2017 13:18:02 +0300
-Subject: [PATCH] Clear PMK length and check for this when deriving PTK
-
-Instead of setting the default PMK length for the cleared PMK, set the
-length to 0 and explicitly check for this when deriving PTK to avoid
-unexpected key derivation with an all-zeroes key should it be possible
-to somehow trigger PTK derivation to happen before PMK derivation.
-
-Signed-off-by: Jouni Malinen <j@w1.fi>
----
- src/common/wpa_common.c | 5 +++++
- src/rsn_supp/wpa.c | 7 ++++---
- 2 files changed, 9 insertions(+), 3 deletions(-)
-
---- a/src/common/wpa_common.c
-+++ b/src/common/wpa_common.c
-@@ -225,6 +225,11 @@ int wpa_pmk_to_ptk(const u8 *pmk, size_t
- u8 tmp[WPA_KCK_MAX_LEN + WPA_KEK_MAX_LEN + WPA_TK_MAX_LEN];
- size_t ptk_len;
-
-+ if (pmk_len == 0) {
-+ wpa_printf(MSG_ERROR, "WPA: No PMK set for PT derivation");
-+ return -1;
-+ }
-+
- if (os_memcmp(addr1, addr2, ETH_ALEN) < 0) {
- os_memcpy(data, addr1, ETH_ALEN);
- os_memcpy(data + ETH_ALEN, addr2, ETH_ALEN);
---- a/src/rsn_supp/wpa.c
-+++ b/src/rsn_supp/wpa.c
-@@ -584,7 +584,8 @@ static void wpa_supplicant_process_1_of_
- /* Calculate PTK which will be stored as a temporary PTK until it has
- * been verified when processing message 3/4. */
- ptk = &sm->tptk;
-- wpa_derive_ptk(sm, src_addr, key, ptk);
-+ if (wpa_derive_ptk(sm, src_addr, key, ptk) < 0)
-+ goto failed;
- if (sm->pairwise_cipher == WPA_CIPHER_TKIP) {
- u8 buf[8];
- /* Supplicant: swap tx/rx Mic keys */
-@@ -2705,8 +2706,8 @@ void wpa_sm_set_pmk_from_pmksa(struct wp
- sm->pmk_len = sm->cur_pmksa->pmk_len;
- os_memcpy(sm->pmk, sm->cur_pmksa->pmk, sm->pmk_len);
- } else {
-- sm->pmk_len = PMK_LEN;
-- os_memset(sm->pmk, 0, PMK_LEN);
-+ sm->pmk_len = 0;
-+ os_memset(sm->pmk, 0, PMK_LEN_MAX);
- }
- }
-
+++ /dev/null
-From 6f234c1e2ee1ede29f2412b7012b3345ed8e52d3 Mon Sep 17 00:00:00 2001
-From: Jouni Malinen <j@w1.fi>
-Date: Mon, 16 Oct 2017 18:37:43 +0300
-Subject: [PATCH] Optional AP side workaround for key reinstallation attacks
-
-This adds a new hostapd configuration parameter
-wpa_disable_eapol_key_retries=1 that can be used to disable
-retransmission of EAPOL-Key frames that are used to install
-keys (EAPOL-Key message 3/4 and group message 1/2). This is
-similar to setting wpa_group_update_count=1 and
-wpa_pairwise_update_count=1, but with no impact to message 1/4
-retries and with extended timeout for messages 4/4 and group
-message 2/2 to avoid causing issues with stations that may use
-aggressive power saving have very long time in replying to the
-EAPOL-Key messages.
-
-This option can be used to work around key reinstallation attacks
-on the station (supplicant) side in cases those station devices
-cannot be updated for some reason. By removing the
-retransmissions the attacker cannot cause key reinstallation with
-a delayed frame transmission. This is related to the station side
-vulnerabilities CVE-2017-13077, CVE-2017-13078, CVE-2017-13079,
-CVE-2017-13080, and CVE-2017-13081.
-
-This workaround might cause interoperability issues and reduced
-robustness of key negotiation especially in environments with
-heavy traffic load due to the number of attempts to perform the
-key exchange is reduced significantly. As such, this workaround
-is disabled by default (unless overridden in build
-configuration). To enable this, set the parameter to 1.
-
-It is also possible to enable this in the build by default by
-adding the following to the build configuration:
-
-CFLAGS += -DDEFAULT_WPA_DISABLE_EAPOL_KEY_RETRIES=1
-
-Signed-off-by: Jouni Malinen <j@w1.fi>
----
- hostapd/config_file.c | 2 ++
- hostapd/defconfig | 4 ++++
- hostapd/hostapd.conf | 24 ++++++++++++++++++++++++
- src/ap/ap_config.c | 6 ++++++
- src/ap/ap_config.h | 1 +
- src/ap/wpa_auth.c | 22 ++++++++++++++++++++--
- src/ap/wpa_auth.h | 1 +
- src/ap/wpa_auth_glue.c | 2 ++
- 8 files changed, 60 insertions(+), 2 deletions(-)
-
---- a/hostapd/config_file.c
-+++ b/hostapd/config_file.c
-@@ -2542,6 +2542,8 @@ static int hostapd_config_fill(struct ho
- return 1;
- }
- bss->wpa_pairwise_update_count = (u32) val;
-+ } else if (os_strcmp(buf, "wpa_disable_eapol_key_retries") == 0) {
-+ bss->wpa_disable_eapol_key_retries = atoi(pos);
- } else if (os_strcmp(buf, "wpa_passphrase") == 0) {
- int len = os_strlen(pos);
- if (len < 8 || len > 63) {
---- a/hostapd/defconfig
-+++ b/hostapd/defconfig
-@@ -372,3 +372,7 @@ CONFIG_IPV6=y
- # Opportunistic Wireless Encryption (OWE)
- # Experimental implementation of draft-harkins-owe-07.txt
- #CONFIG_OWE=y
-+
-+# Override default value for the wpa_disable_eapol_key_retries configuration
-+# parameter. See that parameter in hostapd.conf for more details.
-+#CFLAGS += -DDEFAULT_WPA_DISABLE_EAPOL_KEY_RETRIES=1
---- a/hostapd/hostapd.conf
-+++ b/hostapd/hostapd.conf
-@@ -1315,6 +1315,30 @@ own_ip_addr=127.0.0.1
- # Range 1..4294967295; default: 4
- #wpa_pairwise_update_count=4
-
-+# Workaround for key reinstallation attacks
-+#
-+# This parameter can be used to disable retransmission of EAPOL-Key frames that
-+# are used to install keys (EAPOL-Key message 3/4 and group message 1/2). This
-+# is similar to setting wpa_group_update_count=1 and
-+# wpa_pairwise_update_count=1, but with no impact to message 1/4 and with
-+# extended timeout on the response to avoid causing issues with stations that
-+# may use aggressive power saving have very long time in replying to the
-+# EAPOL-Key messages.
-+#
-+# This option can be used to work around key reinstallation attacks on the
-+# station (supplicant) side in cases those station devices cannot be updated
-+# for some reason. By removing the retransmissions the attacker cannot cause
-+# key reinstallation with a delayed frame transmission. This is related to the
-+# station side vulnerabilities CVE-2017-13077, CVE-2017-13078, CVE-2017-13079,
-+# CVE-2017-13080, and CVE-2017-13081.
-+#
-+# This workaround might cause interoperability issues and reduced robustness of
-+# key negotiation especially in environments with heavy traffic load due to the
-+# number of attempts to perform the key exchange is reduced significantly. As
-+# such, this workaround is disabled by default (unless overridden in build
-+# configuration). To enable this, set the parameter to 1.
-+#wpa_disable_eapol_key_retries=1
-+
- # Enable IEEE 802.11i/RSN/WPA2 pre-authentication. This is used to speed up
- # roaming be pre-authenticating IEEE 802.1X/EAP part of the full RSN
- # authentication and key handshake before actually associating with a new AP.
---- a/src/ap/ap_config.c
-+++ b/src/ap/ap_config.c
-@@ -37,6 +37,10 @@ static void hostapd_config_free_vlan(str
- }
-
-
-+#ifndef DEFAULT_WPA_DISABLE_EAPOL_KEY_RETRIES
-+#define DEFAULT_WPA_DISABLE_EAPOL_KEY_RETRIES 0
-+#endif /* DEFAULT_WPA_DISABLE_EAPOL_KEY_RETRIES */
-+
- void hostapd_config_defaults_bss(struct hostapd_bss_config *bss)
- {
- dl_list_init(&bss->anqp_elem);
-@@ -58,6 +62,8 @@ void hostapd_config_defaults_bss(struct
- bss->wpa_gmk_rekey = 86400;
- bss->wpa_group_update_count = 4;
- bss->wpa_pairwise_update_count = 4;
-+ bss->wpa_disable_eapol_key_retries =
-+ DEFAULT_WPA_DISABLE_EAPOL_KEY_RETRIES;
- bss->wpa_key_mgmt = WPA_KEY_MGMT_PSK;
- bss->wpa_pairwise = WPA_CIPHER_TKIP;
- bss->wpa_group = WPA_CIPHER_TKIP;
---- a/src/ap/ap_config.h
-+++ b/src/ap/ap_config.h
-@@ -333,6 +333,7 @@ struct hostapd_bss_config {
- int wpa_ptk_rekey;
- u32 wpa_group_update_count;
- u32 wpa_pairwise_update_count;
-+ int wpa_disable_eapol_key_retries;
- int rsn_pairwise;
- int rsn_preauth;
- char *rsn_preauth_interfaces;
---- a/src/ap/wpa_auth.c
-+++ b/src/ap/wpa_auth.c
-@@ -65,6 +65,7 @@ static u8 * ieee80211w_kde_add(struct wp
- static const u32 eapol_key_timeout_first = 100; /* ms */
- static const u32 eapol_key_timeout_subseq = 1000; /* ms */
- static const u32 eapol_key_timeout_first_group = 500; /* ms */
-+static const u32 eapol_key_timeout_no_retrans = 4000; /* ms */
-
- /* TODO: make these configurable */
- static const int dot11RSNAConfigPMKLifetime = 43200;
-@@ -1653,6 +1654,9 @@ static void wpa_send_eapol(struct wpa_au
- eapol_key_timeout_first_group;
- else
- timeout_ms = eapol_key_timeout_subseq;
-+ if (wpa_auth->conf.wpa_disable_eapol_key_retries &&
-+ (!pairwise || (key_info & WPA_KEY_INFO_MIC)))
-+ timeout_ms = eapol_key_timeout_no_retrans;
- if (pairwise && ctr == 1 && !(key_info & WPA_KEY_INFO_MIC))
- sm->pending_1_of_4_timeout = 1;
- wpa_printf(MSG_DEBUG, "WPA: Use EAPOL-Key timeout of %u ms (retry "
-@@ -2882,6 +2886,11 @@ SM_STATE(WPA_PTK, PTKINITNEGOTIATING)
- sm->TimeoutEvt = FALSE;
-
- sm->TimeoutCtr++;
-+ if (sm->wpa_auth->conf.wpa_disable_eapol_key_retries &&
-+ sm->TimeoutCtr > 1) {
-+ /* Do not allow retransmission of EAPOL-Key msg 3/4 */
-+ return;
-+ }
- if (sm->TimeoutCtr > sm->wpa_auth->conf.wpa_pairwise_update_count) {
- /* No point in sending the EAPOL-Key - we will disconnect
- * immediately following this. */
-@@ -3220,7 +3229,9 @@ SM_STEP(WPA_PTK)
- sm->EAPOLKeyPairwise && sm->MICVerified)
- SM_ENTER(WPA_PTK, PTKINITDONE);
- else if (sm->TimeoutCtr >
-- sm->wpa_auth->conf.wpa_pairwise_update_count) {
-+ sm->wpa_auth->conf.wpa_pairwise_update_count ||
-+ (sm->wpa_auth->conf.wpa_disable_eapol_key_retries &&
-+ sm->TimeoutCtr > 1)) {
- wpa_auth->dot11RSNA4WayHandshakeFailures++;
- wpa_auth_vlogger(
- sm->wpa_auth, sm->addr, LOGGER_DEBUG,
-@@ -3260,6 +3271,11 @@ SM_STATE(WPA_PTK_GROUP, REKEYNEGOTIATING
- SM_ENTRY_MA(WPA_PTK_GROUP, REKEYNEGOTIATING, wpa_ptk_group);
-
- sm->GTimeoutCtr++;
-+ if (sm->wpa_auth->conf.wpa_disable_eapol_key_retries &&
-+ sm->GTimeoutCtr > 1) {
-+ /* Do not allow retransmission of EAPOL-Key group msg 1/2 */
-+ return;
-+ }
- if (sm->GTimeoutCtr > sm->wpa_auth->conf.wpa_group_update_count) {
- /* No point in sending the EAPOL-Key - we will disconnect
- * immediately following this. */
-@@ -3363,7 +3379,9 @@ SM_STEP(WPA_PTK_GROUP)
- !sm->EAPOLKeyPairwise && sm->MICVerified)
- SM_ENTER(WPA_PTK_GROUP, REKEYESTABLISHED);
- else if (sm->GTimeoutCtr >
-- sm->wpa_auth->conf.wpa_group_update_count)
-+ sm->wpa_auth->conf.wpa_group_update_count ||
-+ (sm->wpa_auth->conf.wpa_disable_eapol_key_retries &&
-+ sm->GTimeoutCtr > 1))
- SM_ENTER(WPA_PTK_GROUP, KEYERROR);
- else if (sm->TimeoutEvt)
- SM_ENTER(WPA_PTK_GROUP, REKEYNEGOTIATING);
---- a/src/ap/wpa_auth.h
-+++ b/src/ap/wpa_auth.h
-@@ -165,6 +165,7 @@ struct wpa_auth_config {
- int wpa_ptk_rekey;
- u32 wpa_group_update_count;
- u32 wpa_pairwise_update_count;
-+ int wpa_disable_eapol_key_retries;
- int rsn_pairwise;
- int rsn_preauth;
- int eapol_version;
---- a/src/ap/wpa_auth_glue.c
-+++ b/src/ap/wpa_auth_glue.c
-@@ -45,6 +45,8 @@ static void hostapd_wpa_auth_conf(struct
- wconf->wpa_gmk_rekey = conf->wpa_gmk_rekey;
- wconf->wpa_ptk_rekey = conf->wpa_ptk_rekey;
- wconf->wpa_group_update_count = conf->wpa_group_update_count;
-+ wconf->wpa_disable_eapol_key_retries =
-+ conf->wpa_disable_eapol_key_retries;
- wconf->wpa_pairwise_update_count = conf->wpa_pairwise_update_count;
- wconf->rsn_pairwise = conf->rsn_pairwise;
- wconf->rsn_preauth = conf->rsn_preauth;
+++ /dev/null
-From a6ea665300919d6a3af22b1f4237203647fda93a Mon Sep 17 00:00:00 2001
-From: Jouni Malinen <j@w1.fi>
-Date: Tue, 17 Oct 2017 00:01:11 +0300
-Subject: [PATCH] Additional consistentcy checks for PTK component lengths
-
-Verify that TK, KCK, and KEK lengths are set to consistent values within
-struct wpa_ptk before using them in supplicant. This is an additional
-layer of protection against unexpected states.
-
-Signed-off-by: Jouni Malinen <j@w1.fi>
----
- src/common/wpa_common.c | 6 ++++++
- src/rsn_supp/wpa.c | 26 ++++++++++++++++++++------
- 2 files changed, 26 insertions(+), 6 deletions(-)
-
---- a/src/common/wpa_common.c
-+++ b/src/common/wpa_common.c
-@@ -100,6 +100,12 @@ int wpa_eapol_key_mic(const u8 *key, siz
- {
- u8 hash[SHA512_MAC_LEN];
-
-+ if (key_len == 0) {
-+ wpa_printf(MSG_DEBUG,
-+ "WPA: KCK not set - cannot calculate MIC");
-+ return -1;
-+ }
-+
- switch (ver) {
- #ifndef CONFIG_FIPS
- case WPA_KEY_INFO_TYPE_HMAC_MD5_RC4:
---- a/src/rsn_supp/wpa.c
-+++ b/src/rsn_supp/wpa.c
-@@ -725,6 +725,11 @@ static int wpa_supplicant_install_ptk(st
-
- alg = wpa_cipher_to_alg(sm->pairwise_cipher);
- keylen = wpa_cipher_key_len(sm->pairwise_cipher);
-+ if (keylen <= 0 || (unsigned int) keylen != sm->ptk.tk_len) {
-+ wpa_printf(MSG_DEBUG, "WPA: TK length mismatch: %d != %lu",
-+ keylen, (long unsigned int) sm->ptk.tk_len);
-+ return -1;
-+ }
- rsclen = wpa_cipher_rsc_len(sm->pairwise_cipher);
-
- if (sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN) {
-@@ -745,6 +750,7 @@ static int wpa_supplicant_install_ptk(st
-
- /* TK is not needed anymore in supplicant */
- os_memset(sm->ptk.tk, 0, WPA_TK_MAX_LEN);
-+ sm->ptk.tk_len = 0;
- sm->ptk.installed = 1;
-
- if (sm->wpa_ptk_rekey) {
-@@ -1717,9 +1723,10 @@ static int wpa_supplicant_verify_eapol_k
- os_memcpy(mic, key + 1, mic_len);
- if (sm->tptk_set) {
- os_memset(key + 1, 0, mic_len);
-- wpa_eapol_key_mic(sm->tptk.kck, sm->tptk.kck_len, sm->key_mgmt,
-- ver, buf, len, (u8 *) (key + 1));
-- if (os_memcmp_const(mic, key + 1, mic_len) != 0) {
-+ if (wpa_eapol_key_mic(sm->tptk.kck, sm->tptk.kck_len,
-+ sm->key_mgmt,
-+ ver, buf, len, (u8 *) (key + 1)) < 0 ||
-+ os_memcmp_const(mic, key + 1, mic_len) != 0) {
- wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
- "WPA: Invalid EAPOL-Key MIC "
- "when using TPTK - ignoring TPTK");
-@@ -1742,9 +1749,10 @@ static int wpa_supplicant_verify_eapol_k
-
- if (!ok && sm->ptk_set) {
- os_memset(key + 1, 0, mic_len);
-- wpa_eapol_key_mic(sm->ptk.kck, sm->ptk.kck_len, sm->key_mgmt,
-- ver, buf, len, (u8 *) (key + 1));
-- if (os_memcmp_const(mic, key + 1, mic_len) != 0) {
-+ if (wpa_eapol_key_mic(sm->ptk.kck, sm->ptk.kck_len,
-+ sm->key_mgmt,
-+ ver, buf, len, (u8 *) (key + 1)) < 0 ||
-+ os_memcmp_const(mic, key + 1, mic_len) != 0) {
- wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
- "WPA: Invalid EAPOL-Key MIC - "
- "dropping packet");
-@@ -4167,6 +4175,11 @@ int fils_process_assoc_resp(struct wpa_s
-
- alg = wpa_cipher_to_alg(sm->pairwise_cipher);
- keylen = wpa_cipher_key_len(sm->pairwise_cipher);
-+ if (keylen <= 0 || (unsigned int) keylen != sm->ptk.tk_len) {
-+ wpa_printf(MSG_DEBUG, "FILS: TK length mismatch: %u != %lu",
-+ keylen, (long unsigned int) sm->ptk.tk_len);
-+ goto fail;
-+ }
- rsclen = wpa_cipher_rsc_len(sm->pairwise_cipher);
- wpa_hexdump_key(MSG_DEBUG, "FILS: Set TK to driver",
- sm->ptk.tk, keylen);
-@@ -4183,6 +4196,7 @@ int fils_process_assoc_resp(struct wpa_s
- * takes care of association frame encryption/decryption. */
- /* TK is not needed anymore in supplicant */
- os_memset(sm->ptk.tk, 0, WPA_TK_MAX_LEN);
-+ sm->ptk.tk_len = 0;
- sm->ptk.installed = 1;
-
- /* FILS HLP Container */
+++ /dev/null
-From c0fe5f125a9d4a6564e1f4956ccc3809bf2fd69d Mon Sep 17 00:00:00 2001
-From: Jouni Malinen <j@w1.fi>
-Date: Tue, 17 Oct 2017 01:15:24 +0300
-Subject: [PATCH] Clear BSSID information in supplicant state machine on
- disconnection
-
-This fixes a corner case where RSN pre-authentication candidate from
-scan results was ignored if the station was associated with that BSS
-just before running the new scan for the connection.
-
-Signed-off-by: Jouni Malinen <j@w1.fi>
----
- src/rsn_supp/wpa.c | 1 +
- 1 file changed, 1 insertion(+)
-
---- a/src/rsn_supp/wpa.c
-+++ b/src/rsn_supp/wpa.c
-@@ -2662,6 +2662,7 @@ void wpa_sm_notify_disassoc(struct wpa_s
- wpa_sm_drop_sa(sm);
-
- sm->msg_3_of_4_ok = 0;
-+ os_memset(sm->bssid, 0, ETH_ALEN);
- }
-
-
+++ /dev/null
-From 114f2830d2c2aee6db23d48240e93415a256a37c Mon Sep 17 00:00:00 2001
-From: Jouni Malinen <jouni@qca.qualcomm.com>
-Date: Fri, 20 Oct 2017 17:39:42 +0300
-Subject: [PATCH] WNM: Ignore WNM-Sleep Mode Request in wnm_sleep_mode=0 case
-
-The hostapd wnm_sleep_mode parameter was previously used to control
-advertisement of WNM-Sleep Mode support, but it was not used when
-processing a request to use WNM-Sleep Mode. Add an explicit check during
-request processing as well so that any misbehaving station is ignored.
-
-Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
----
- src/ap/wnm_ap.c | 7 +++++++
- 1 file changed, 7 insertions(+)
-
-diff --git a/src/ap/wnm_ap.c b/src/ap/wnm_ap.c
-index 7c4fde0..973e4d3 100644
---- a/src/ap/wnm_ap.c
-+++ b/src/ap/wnm_ap.c
-@@ -200,6 +200,13 @@ static void ieee802_11_rx_wnmsleep_req(struct hostapd_data *hapd,
- u8 *tfsreq_ie_end = NULL;
- u16 tfsreq_ie_len = 0;
-
-+ if (!hapd->conf->wnm_sleep_mode) {
-+ wpa_printf(MSG_DEBUG, "Ignore WNM-Sleep Mode Request from "
-+ MACSTR " since WNM-Sleep Mode is disabled",
-+ MAC2STR(addr));
-+ return;
-+ }
-+
- dialog_token = *pos++;
- while (pos + 1 < frm + len) {
- u8 ie_len = pos[1];
---
-2.1.4
--- a/wpa_supplicant/wpa_supplicant.c
+++ b/wpa_supplicant/wpa_supplicant.c
-@@ -265,9 +265,10 @@ void wpa_supplicant_cancel_auth_timeout(
+@@ -272,9 +272,10 @@ void wpa_supplicant_cancel_auth_timeout(
*/
void wpa_supplicant_initiate_eapol(struct wpa_supplicant *wpa_s)
{
LIBS += $(DRV_AP_LIBS)
ifdef CONFIG_L2_PACKET
-@@ -1204,6 +1210,12 @@ install: $(addprefix $(DESTDIR)$(BINDIR)
+@@ -1270,6 +1276,12 @@ install: $(addprefix $(DESTDIR)$(BINDIR)
BCHECK=../src/drivers/build.hostapd
hostapd: $(BCHECK) $(OBJS)
$(Q)$(CC) $(LDFLAGS) -o hostapd $(OBJS) $(LIBS)
@$(E) " LD " $@
-@@ -1248,6 +1260,12 @@ ifeq ($(CONFIG_TLS), linux)
+@@ -1315,6 +1327,12 @@ ifeq ($(CONFIG_TLS), linux)
HOBJS += ../src/crypto/crypto_linux.o
endif
ifndef CONFIG_NO_GITVER
# Add VERSION_STR postfix for builds from a git repository
-@@ -357,7 +358,9 @@ endif
+@@ -358,7 +359,9 @@ endif
ifdef CONFIG_IBSS_RSN
NEED_RSN_AUTHENTICATOR=y
CFLAGS += -DCONFIG_IBSS_RSN
OBJS += ibss_rsn.o
endif
-@@ -861,6 +864,10 @@ ifdef CONFIG_DYNAMIC_EAP_METHODS
+@@ -866,6 +869,10 @@ ifdef CONFIG_DYNAMIC_EAP_METHODS
CFLAGS += -DCONFIG_DYNAMIC_EAP_METHODS
LIBS += -ldl -rdynamic
endif
endif
ifdef CONFIG_AP
-@@ -868,9 +875,11 @@ NEED_EAP_COMMON=y
+@@ -873,9 +880,11 @@ NEED_EAP_COMMON=y
NEED_RSN_AUTHENTICATOR=y
CFLAGS += -DCONFIG_AP
OBJS += ap.o
OBJS += ../src/ap/hostapd.o
OBJS += ../src/ap/wpa_auth_glue.o
OBJS += ../src/ap/utils.o
-@@ -952,6 +961,12 @@ endif
+@@ -957,6 +966,12 @@ endif
ifdef CONFIG_HS20
OBJS += ../src/ap/hs20.o
endif
endif
ifdef CONFIG_MBO
-@@ -960,7 +975,9 @@ CFLAGS += -DCONFIG_MBO
+@@ -965,7 +980,9 @@ CFLAGS += -DCONFIG_MBO
endif
ifdef NEED_RSN_AUTHENTICATOR
NEED_AES_WRAP=y
OBJS += ../src/ap/wpa_auth.o
OBJS += ../src/ap/wpa_auth_ie.o
-@@ -1835,6 +1852,12 @@ wpa_priv: $(BCHECK) $(OBJS_priv)
+@@ -1895,6 +1912,12 @@ wpa_priv: $(BCHECK) $(OBJS_priv)
$(OBJS_c) $(OBJS_t) $(OBJS_t2) $(OBJS) $(BCHECK) $(EXTRA_progs): .config
wpa_supplicant: $(BCHECK) $(OBJS) $(EXTRA_progs)
$(Q)$(LDO) $(LDFLAGS) -o wpa_supplicant $(OBJS) $(LIBS) $(EXTRALIBS)
@$(E) " LD " $@
-@@ -1937,6 +1960,12 @@ endif
+@@ -1997,6 +2020,12 @@ endif
-e 's|\@DBUS_INTERFACE\@|$(DBUS_INTERFACE)|g' $< >$@
@$(E) " sed" $<
wpa_cli.exe: wpa_cli
--- a/src/drivers/driver.h
+++ b/src/drivers/driver.h
-@@ -5317,8 +5317,8 @@ union wpa_event_data {
+@@ -5418,8 +5418,8 @@ union wpa_event_data {
* Driver wrapper code should call this function whenever an event is received
* from the driver.
*/
/**
* wpa_supplicant_event_global - Report a driver event for wpa_supplicant
-@@ -5330,7 +5330,7 @@ void wpa_supplicant_event(void *ctx, enu
+@@ -5431,7 +5431,7 @@ void wpa_supplicant_event(void *ctx, enu
* Same as wpa_supplicant_event(), but we search for the interface in
* wpa_global.
*/
/*
--- a/src/ap/drv_callbacks.c
+++ b/src/ap/drv_callbacks.c
-@@ -1375,8 +1375,8 @@ static void hostapd_event_dfs_cac_starte
+@@ -1473,8 +1473,8 @@ static void hostapd_event_dfs_cac_starte
#endif /* NEED_AP_MLME */
{
struct hostapd_data *hapd = ctx;
#ifndef CONFIG_NO_STDOUT_DEBUG
-@@ -1590,7 +1590,7 @@ void wpa_supplicant_event(void *ctx, enu
+@@ -1694,7 +1694,7 @@ void wpa_supplicant_event(void *ctx, enu
}
{
struct wpa_priv_interface *iface = ctx;
-@@ -1101,7 +1101,7 @@ void wpa_supplicant_event(void *ctx, enu
+@@ -1095,7 +1095,7 @@ void wpa_supplicant_event(void *ctx, enu
}
union wpa_event_data *data)
{
struct wpa_priv_global *global = ctx;
-@@ -1213,6 +1213,8 @@ int main(int argc, char *argv[])
+@@ -1207,6 +1207,8 @@ int main(int argc, char *argv[])
if (os_program_init())
return -1;
os_memset(&global, 0, sizeof(global));
--- a/wpa_supplicant/events.c
+++ b/wpa_supplicant/events.c
-@@ -3709,8 +3709,8 @@ static void wpa_supplicant_event_assoc_a
+@@ -3812,8 +3812,8 @@ static void wpa_supplicant_event_assoc_a
}
{
struct wpa_supplicant *wpa_s = ctx;
int resched;
-@@ -4466,7 +4466,7 @@ void wpa_supplicant_event(void *ctx, enu
+@@ -4628,7 +4628,7 @@ void wpa_supplicant_event(void *ctx, enu
}
struct wpa_supplicant *wpa_s;
--- a/wpa_supplicant/wpa_supplicant.c
+++ b/wpa_supplicant/wpa_supplicant.c
-@@ -5457,7 +5457,6 @@ struct wpa_interface * wpa_supplicant_ma
+@@ -5678,7 +5678,6 @@ struct wpa_interface * wpa_supplicant_ma
return NULL;
}
/**
* wpa_supplicant_match_existing - Match existing interfaces
* @global: Pointer to global data from wpa_supplicant_init()
-@@ -5494,6 +5493,11 @@ static int wpa_supplicant_match_existing
+@@ -5715,6 +5714,11 @@ static int wpa_supplicant_match_existing
#endif /* CONFIG_MATCH_IFACE */
/**
* wpa_supplicant_add_iface - Add a new network interface
-@@ -5750,6 +5754,8 @@ struct wpa_global * wpa_supplicant_init(
+@@ -5971,6 +5975,8 @@ struct wpa_global * wpa_supplicant_init(
#ifndef CONFIG_NO_WPA_MSG
wpa_msg_register_ifname_cb(wpa_supplicant_msg_ifname_cb);
#endif /* CONFIG_NO_WPA_MSG */
wpa_debug_open_file(params->wpa_debug_file_path);
--- a/hostapd/main.c
+++ b/hostapd/main.c
-@@ -590,6 +590,11 @@ fail:
+@@ -591,6 +591,11 @@ fail:
return -1;
}
#ifdef CONFIG_WPS
static int gen_uuid(const char *txt_addr)
-@@ -670,6 +675,8 @@ int main(int argc, char *argv[])
- dl_list_init(&interfaces.eth_p_oui);
- #endif /* CONFIG_ETH_P_OUI */
+@@ -674,6 +679,8 @@ int main(int argc, char *argv[])
+ hostapd_dpp_init_global(&interfaces);
+ #endif /* CONFIG_DPP */
+ wpa_supplicant_event = hostapd_wpa_event;
+ wpa_supplicant_event_global = hostapd_wpa_event_global;
--- a/hostapd/config_file.c
+++ b/hostapd/config_file.c
-@@ -3016,6 +3016,10 @@ static int hostapd_config_fill(struct ho
+@@ -3088,6 +3088,10 @@ static int hostapd_config_fill(struct ho
}
#endif /* CONFIG_IEEE80211W */
#ifdef CONFIG_IEEE80211N
} else if (os_strcmp(buf, "ht_capab") == 0) {
--- a/src/ap/ap_config.h
+++ b/src/ap/ap_config.h
-@@ -735,6 +735,8 @@ struct hostapd_config {
+@@ -750,6 +750,8 @@ struct hostapd_config {
int ht_op_mode_fixed;
u16 ht_capab;
hostapd_set_state(iface, HAPD_IFACE_HT_SCAN);
--- a/src/ap/ieee802_11_ht.c
+++ b/src/ap/ieee802_11_ht.c
-@@ -244,6 +244,9 @@ void hostapd_2040_coex_action(struct hos
- if (!(iface->conf->ht_capab & HT_CAP_INFO_SUPP_CHANNEL_WIDTH_SET))
+@@ -252,6 +252,9 @@ void hostapd_2040_coex_action(struct hos
return;
+ }
+ if (iface->conf->noscan || iface->conf->no_ht_coex)
+ return;
+
- if (len < IEEE80211_HDRLEN + 2 + sizeof(*bc_ie))
- return;
-
-@@ -368,6 +371,9 @@ void ht40_intolerant_add(struct hostapd_
+ if (len < IEEE80211_HDRLEN + 2 + sizeof(*bc_ie)) {
+ wpa_printf(MSG_DEBUG,
+ "Ignore too short 20/40 BSS Coexistence Management frame");
+@@ -412,6 +415,9 @@ void ht40_intolerant_add(struct hostapd_
if (iface->current_mode->mode != HOSTAPD_MODE_IEEE80211G)
return;
--- a/wpa_supplicant/wpa_supplicant.c
+++ b/wpa_supplicant/wpa_supplicant.c
-@@ -3927,7 +3927,7 @@ wpa_supplicant_alloc(struct wpa_supplica
+@@ -4126,7 +4126,7 @@ wpa_supplicant_alloc(struct wpa_supplica
if (wpa_s == NULL)
return NULL;
wpa_s->scan_req = INITIAL_SCAN_REQ;
--- a/src/drivers/driver_nl80211.c
+++ b/src/drivers/driver_nl80211.c
-@@ -4152,7 +4152,7 @@ static int nl80211_set_channel(struct i8
+@@ -4231,7 +4231,7 @@ static int nl80211_set_channel(struct i8
freq->freq, freq->ht_enabled, freq->vht_enabled,
freq->bandwidth, freq->center_freq1, freq->center_freq2);
--- a/src/drivers/driver_nl80211.c
+++ b/src/drivers/driver_nl80211.c
-@@ -2536,10 +2536,15 @@ static int wpa_driver_nl80211_del_beacon
+@@ -2563,10 +2563,15 @@ static int wpa_driver_nl80211_del_beacon
struct nl_msg *msg;
struct wpa_driver_nl80211_data *drv = bss->drv;
return send_and_recv_msgs(drv, msg, NULL, NULL);
}
-@@ -4753,7 +4758,7 @@ static void nl80211_teardown_ap(struct i
+@@ -4832,7 +4837,7 @@ static void nl80211_teardown_ap(struct i
nl80211_mgmt_unsubscribe(bss, "AP teardown");
nl80211_put_wiphy_data_ap(bss);
}
-@@ -6853,8 +6858,6 @@ static int wpa_driver_nl80211_if_remove(
+@@ -7037,8 +7042,6 @@ static int wpa_driver_nl80211_if_remove(
} else {
wpa_printf(MSG_DEBUG, "nl80211: First BSS - reassign context");
nl80211_teardown_ap(bss);
nl80211_destroy_bss(bss);
if (!bss->added_if)
i802_set_iface_flags(bss, 0);
-@@ -7225,7 +7228,6 @@ static int wpa_driver_nl80211_deinit_ap(
+@@ -7409,7 +7412,6 @@ static int wpa_driver_nl80211_deinit_ap(
if (!is_ap_interface(drv->nlmode))
return -1;
wpa_driver_nl80211_del_beacon(bss);
/*
* If the P2P GO interface was dynamically added, then it is
-@@ -7245,7 +7247,6 @@ static int wpa_driver_nl80211_stop_ap(vo
+@@ -7429,7 +7431,6 @@ static int wpa_driver_nl80211_stop_ap(vo
if (!is_ap_interface(drv->nlmode))
return -1;
wpa_driver_nl80211_del_beacon(bss);
--- a/hostapd/ctrl_iface.c
+++ b/hostapd/ctrl_iface.c
-@@ -56,6 +56,7 @@
+@@ -60,6 +60,7 @@
#include "fst/fst_ctrl_iface.h"
#include "config_file.h"
#include "ctrl_iface.h"
#define HOSTAPD_CLI_DUP_VALUE_MAX_LEN 256
-@@ -74,6 +75,7 @@ static void hostapd_ctrl_iface_send(stru
+@@ -78,6 +79,7 @@ static void hostapd_ctrl_iface_send(stru
enum wpa_msg_type type,
const char *buf, size_t len);
static int hostapd_ctrl_iface_attach(struct hostapd_data *hapd,
struct sockaddr_storage *from,
-@@ -125,6 +127,61 @@ static int hostapd_ctrl_iface_new_sta(st
+@@ -129,6 +131,61 @@ static int hostapd_ctrl_iface_new_sta(st
return 0;
}
#ifdef CONFIG_IEEE80211W
#ifdef NEED_AP_MLME
-@@ -2607,6 +2664,8 @@ static int hostapd_ctrl_iface_receive_pr
+@@ -3026,6 +3083,8 @@ static int hostapd_ctrl_iface_receive_pr
} else if (os_strncmp(buf, "VENDOR ", 7) == 0) {
reply_len = hostapd_ctrl_iface_vendor(hapd, buf + 7, reply,
reply_size);
#ifdef RADIUS_SERVER
--- a/src/ap/ctrl_iface_ap.c
+++ b/src/ap/ctrl_iface_ap.c
-@@ -624,7 +624,13 @@ int hostapd_parse_csa_settings(const cha
+@@ -857,7 +857,13 @@ int hostapd_parse_csa_settings(const cha
int hostapd_ctrl_iface_stop_ap(struct hostapd_data *hapd)
{
* bridge_ifname - Optional bridge interface name
*
* If the driver interface (ifname) is included in a Linux bridge
-@@ -512,6 +517,8 @@ struct wpa_supplicant {
+@@ -513,6 +518,8 @@ struct wpa_supplicant {
#endif /* CONFIG_CTRL_IFACE_BINDER */
char bridge_ifname[16];
CONFIG_OS=win32
--- a/wpa_supplicant/wpa_supplicant.c
+++ b/wpa_supplicant/wpa_supplicant.c
-@@ -118,6 +118,55 @@ const char *const wpa_supplicant_full_li
- static void wpa_bss_tmp_disallow_timeout(void *eloop_ctx, void *timeout_ctx);
+@@ -125,6 +125,55 @@ static void wpas_update_fils_connect_par
+ #endif /* CONFIG_FILS && IEEE8021X_EAPOL */
+static int hostapd_stop(struct wpa_supplicant *wpa_s)
/* Configure default/group WEP keys for static WEP */
int wpa_set_wep_keys(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid)
{
-@@ -883,8 +932,12 @@ void wpa_supplicant_set_state(struct wpa
- wpas_p2p_completed(wpa_s);
+@@ -893,12 +942,16 @@ void wpa_supplicant_set_state(struct wpa
sme_sched_obss_scan(wpa_s, 1);
+
+ if (wpa_s->hostapd)
+ hostapd_reload(wpa_s, wpa_s->current_bss);
+ #if defined(CONFIG_FILS) && defined(IEEE8021X_EAPOL)
+ if (!fils_hlp_sent && ssid && ssid->eap.erp)
+ wpas_update_fils_connect_params(wpa_s);
+ #endif /* CONFIG_FILS && IEEE8021X_EAPOL */
} else if (state == WPA_DISCONNECTED || state == WPA_ASSOCIATING ||
state == WPA_ASSOCIATED) {
+ if (wpa_s->hostapd)
wpa_s->new_connection = 1;
wpa_drv_set_operstate(wpa_s, 0);
#ifndef IEEE8021X_EAPOL
-@@ -5080,6 +5133,20 @@ static int wpa_supplicant_init_iface(str
+@@ -5301,6 +5354,20 @@ static int wpa_supplicant_init_iface(str
sizeof(wpa_s->bridge_ifname));
}
/* RSNA Supplicant Key Management - INITIALIZE */
eapol_sm_notify_portEnabled(wpa_s->eapol, FALSE);
eapol_sm_notify_portValid(wpa_s->eapol, FALSE);
-@@ -5404,6 +5471,11 @@ static void wpa_supplicant_deinit_iface(
+@@ -5625,6 +5692,11 @@ static void wpa_supplicant_deinit_iface(
if (terminate)
wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_TERMINATING);
else
--- a/hostapd/ctrl_iface.c
+++ b/hostapd/ctrl_iface.c
-@@ -2458,6 +2458,7 @@ static int hostapd_ctrl_iface_receive_pr
+@@ -2852,6 +2852,7 @@ static int hostapd_ctrl_iface_receive_pr
reply_size);
} else if (os_strcmp(buf, "STATUS-DRIVER") == 0) {
reply_len = hostapd_drv_status(hapd, reply, reply_size);
} else if (os_strcmp(buf, "MIB") == 0) {
reply_len = ieee802_11_get_mib(hapd, reply, reply_size);
if (reply_len >= 0) {
-@@ -2499,6 +2500,7 @@ static int hostapd_ctrl_iface_receive_pr
+@@ -2893,6 +2894,7 @@ static int hostapd_ctrl_iface_receive_pr
} else if (os_strncmp(buf, "STA-NEXT ", 9) == 0) {
reply_len = hostapd_ctrl_iface_sta_next(hapd, buf + 9, reply,
reply_size);
+#endif
} else if (os_strcmp(buf, "ATTACH") == 0) {
- if (hostapd_ctrl_iface_attach(hapd, from, fromlen))
+ if (hostapd_ctrl_iface_attach(hapd, from, fromlen, NULL))
reply_len = -1;
--- a/wpa_supplicant/Makefile
+++ b/wpa_supplicant/Makefile
-@@ -926,6 +926,9 @@ ifdef CONFIG_FILS
+@@ -931,6 +931,9 @@ ifdef CONFIG_FILS
OBJS += ../src/ap/fils_hlp.o
endif
ifdef CONFIG_CTRL_IFACE
--- a/wpa_supplicant/ctrl_iface.c
+++ b/wpa_supplicant/ctrl_iface.c
-@@ -2070,7 +2070,7 @@ static int wpa_supplicant_ctrl_iface_sta
+@@ -2130,7 +2130,7 @@ static int wpa_supplicant_ctrl_iface_sta
pos += ret;
}
if (wpa_s->ap_iface) {
pos += ap_ctrl_iface_wpa_get_status(wpa_s, pos,
end - pos,
-@@ -9631,6 +9631,7 @@ char * wpa_supplicant_ctrl_iface_process
+@@ -9831,6 +9831,7 @@ char * wpa_supplicant_ctrl_iface_process
reply_len = -1;
} else if (os_strncmp(buf, "NOTE ", 5) == 0) {
wpa_printf(MSG_INFO, "NOTE: %s", buf + 5);
} else if (os_strcmp(buf, "MIB") == 0) {
reply_len = wpa_sm_get_mib(wpa_s->wpa, reply, reply_size);
if (reply_len >= 0) {
-@@ -9638,6 +9639,7 @@ char * wpa_supplicant_ctrl_iface_process
+@@ -9838,6 +9839,7 @@ char * wpa_supplicant_ctrl_iface_process
reply + reply_len,
reply_size - reply_len);
}
} else if (os_strncmp(buf, "STATUS", 6) == 0) {
reply_len = wpa_supplicant_ctrl_iface_status(
wpa_s, buf + 6, reply, reply_size);
-@@ -10124,6 +10126,7 @@ char * wpa_supplicant_ctrl_iface_process
+@@ -10319,6 +10321,7 @@ char * wpa_supplicant_ctrl_iface_process
reply_len = wpa_supplicant_ctrl_iface_bss(
wpa_s, buf + 4, reply, reply_size);
#ifdef CONFIG_AP
} else if (os_strcmp(buf, "STA-FIRST") == 0) {
reply_len = ap_ctrl_iface_sta_first(wpa_s, reply, reply_size);
} else if (os_strncmp(buf, "STA ", 4) == 0) {
-@@ -10132,12 +10135,15 @@ char * wpa_supplicant_ctrl_iface_process
+@@ -10327,12 +10330,15 @@ char * wpa_supplicant_ctrl_iface_process
} else if (os_strncmp(buf, "STA-NEXT ", 9) == 0) {
reply_len = ap_ctrl_iface_sta_next(wpa_s, buf + 9, reply,
reply_size);
+#ifdef CONFIG_CTRL_IFACE_MIB
- static int hostapd_get_sta_tx_rx(struct hostapd_data *hapd,
- struct sta_info *sta,
-@@ -250,6 +251,7 @@ int hostapd_ctrl_iface_sta_next(struct h
+ static size_t hostapd_write_ht_mcs_bitmask(char *buf, size_t buflen,
+ size_t curr_len, const u8 *mcs_set)
+@@ -408,6 +409,7 @@ int hostapd_ctrl_iface_sta_next(struct h
return hostapd_ctrl_iface_sta_mib(hapd, sta->next, buf, buflen);
}
#ifdef CONFIG_P2P_MANAGER
static int p2p_manager_disconnect(struct hostapd_data *hapd, u16 stype,
+@@ -746,12 +748,12 @@ int hostapd_ctrl_iface_status(struct hos
+ return len;
+ len += ret;
+ }
+-
++#ifdef CONFIG_CTRL_IFACE_MIB
+ if (iface->conf->ieee80211n && !hapd->conf->disable_11n && mode) {
+ len = hostapd_write_ht_mcs_bitmask(buf, buflen, len,
+ mode->mcs_set);
+ }
+-
++#endif /* CONFIG_CTRL_IFACE_MIB */
+ if (iface->current_rates && iface->num_rates) {
+ ret = os_snprintf(buf + len, buflen - len, "supported_rates=");
+ if (os_snprintf_error(buflen - len, ret))
--- a/src/ap/ieee802_1x.c
+++ b/src/ap/ieee802_1x.c
-@@ -2492,6 +2492,7 @@ static const char * bool_txt(Boolean val
+@@ -2501,6 +2501,7 @@ static const char * bool_txt(Boolean val
return val ? "TRUE" : "FALSE";
}
int ieee802_1x_get_mib(struct hostapd_data *hapd, char *buf, size_t buflen)
{
-@@ -2667,6 +2668,7 @@ int ieee802_1x_get_mib_sta(struct hostap
+@@ -2676,6 +2677,7 @@ int ieee802_1x_get_mib_sta(struct hostap
return len;
}
static void ieee802_1x_wnm_notif_send(void *eloop_ctx, void *timeout_ctx)
--- a/src/ap/wpa_auth.c
+++ b/src/ap/wpa_auth.c
-@@ -3780,6 +3780,7 @@ static const char * wpa_bool_txt(int val
+@@ -3773,6 +3773,7 @@ static const char * wpa_bool_txt(int val
return val ? "TRUE" : "FALSE";
}
#define RSN_SUITE "%02x-%02x-%02x-%d"
#define RSN_SUITE_ARG(s) \
-@@ -3924,7 +3925,7 @@ int wpa_get_mib_sta(struct wpa_state_mac
+@@ -3917,7 +3918,7 @@ int wpa_get_mib_sta(struct wpa_state_mac
return len;
}
{
--- a/src/rsn_supp/wpa.c
+++ b/src/rsn_supp/wpa.c
-@@ -2356,6 +2356,8 @@ static u32 wpa_key_mgmt_suite(struct wpa
+@@ -2295,6 +2295,8 @@ static u32 wpa_key_mgmt_suite(struct wpa
}
#define RSN_SUITE "%02x-%02x-%02x-%d"
#define RSN_SUITE_ARG(s) \
((s) >> 24) & 0xff, ((s) >> 16) & 0xff, ((s) >> 8) & 0xff, (s) & 0xff
-@@ -2439,6 +2441,7 @@ int wpa_sm_get_mib(struct wpa_sm *sm, ch
+@@ -2378,6 +2380,7 @@ int wpa_sm_get_mib(struct wpa_sm *sm, ch
return (int) len;
}
--- a/wpa_supplicant/ap.c
+++ b/wpa_supplicant/ap.c
-@@ -1139,7 +1139,7 @@ int wpas_ap_wps_nfc_report_handover(stru
+@@ -1170,7 +1170,7 @@ int wpas_ap_wps_nfc_report_handover(stru
#endif /* CONFIG_WPS */
--- a/src/common/wpa_common.c
+++ b/src/common/wpa_common.c
-@@ -1675,6 +1675,31 @@ u32 wpa_akm_to_suite(int akm)
+@@ -1847,6 +1847,31 @@ u32 wpa_akm_to_suite(int akm)
}
int wpa_compare_rsn_ie(int ft_initial_assoc,
const u8 *ie1, size_t ie1len,
const u8 *ie2, size_t ie2len)
-@@ -1682,8 +1707,19 @@ int wpa_compare_rsn_ie(int ft_initial_as
+@@ -1854,8 +1879,19 @@ int wpa_compare_rsn_ie(int ft_initial_as
if (ie1 == NULL || ie2 == NULL)
return -1;
bss->wpa_pairwise |= WPA_CIPHER_TKIP;
bss->rsn_pairwise = bss->wpa_pairwise;
bss->wpa_group = wpa_select_ap_group_cipher(bss->wpa,
-@@ -1067,8 +1066,7 @@ int hostapd_init_wps(struct hostapd_data
- if (conf->rsn_pairwise & (WPA_CIPHER_CCMP | WPA_CIPHER_GCMP)) {
+@@ -1069,8 +1068,7 @@ int hostapd_init_wps(struct hostapd_data
+ WPA_CIPHER_GCMP_256)) {
wps->encr_types |= WPS_ENCR_AES;
wps->encr_types_rsn |= WPS_ENCR_AES;
- }
#include "crypto/random.h"
#include "crypto/tls.h"
#include "common/version.h"
-@@ -678,7 +679,7 @@ int main(int argc, char *argv[])
+@@ -682,7 +683,7 @@ int main(int argc, char *argv[])
wpa_supplicant_event = hostapd_wpa_event;
wpa_supplicant_event_global = hostapd_wpa_event_global;
for (;;) {
if (c < 0)
break;
switch (c) {
-@@ -715,6 +716,8 @@ int main(int argc, char *argv[])
+@@ -719,6 +720,8 @@ int main(int argc, char *argv[])
break;
#endif /* CONFIG_DEBUG_LINUX_TRACING */
case 'v':
static int hostapd_cli_cmd_disassoc_imminent(struct wpa_ctrl *ctrl, int argc,
-@@ -1476,7 +1474,6 @@ static const struct hostapd_cli_cmd host
+@@ -1518,7 +1516,6 @@ static const struct hostapd_cli_cmd host
{ "sa_query", hostapd_cli_cmd_sa_query, hostapd_complete_stations,
"<addr> = send SA Query to a station" },
#endif /* CONFIG_IEEE80211W */
{ "wps_pin", hostapd_cli_cmd_wps_pin, NULL,
"<uuid> <pin> [timeout] [addr] = add WPS Enrollee PIN" },
{ "wps_check_pin", hostapd_cli_cmd_wps_check_pin, NULL,
-@@ -1501,7 +1498,6 @@ static const struct hostapd_cli_cmd host
+@@ -1543,7 +1540,6 @@ static const struct hostapd_cli_cmd host
"<SSID> <auth> <encr> <key> = configure AP" },
{ "wps_get_status", hostapd_cli_cmd_wps_get_status, NULL,
"= show current WPS status" },
--- a/hostapd/main.c
+++ b/hostapd/main.c
-@@ -37,6 +37,8 @@ struct hapd_global {
+@@ -38,6 +38,8 @@ struct hapd_global {
};
static struct hapd_global global;
#ifndef CONFIG_NO_HOSTAPD_LOGGER
-@@ -147,6 +149,14 @@ static void hostapd_logger_cb(void *ctx,
+@@ -148,6 +150,14 @@ static void hostapd_logger_cb(void *ctx,
}
#endif /* CONFIG_NO_HOSTAPD_LOGGER */
/**
* hostapd_driver_init - Preparate driver interface
-@@ -165,6 +175,8 @@ static int hostapd_driver_init(struct ho
+@@ -166,6 +176,8 @@ static int hostapd_driver_init(struct ho
return -1;
}
/* Initialize the driver interface */
if (!(b[0] | b[1] | b[2] | b[3] | b[4] | b[5]))
b = NULL;
-@@ -405,8 +417,6 @@ static void hostapd_global_deinit(const
+@@ -406,8 +418,6 @@ static void hostapd_global_deinit(const
#endif /* CONFIG_NATIVE_WINDOWS */
eap_server_unregister_methods();
}
-@@ -432,18 +442,6 @@ static int hostapd_global_run(struct hap
+@@ -433,18 +443,6 @@ static int hostapd_global_run(struct hap
}
#endif /* EAP_SERVER_TNC */
eloop_run();
return 0;
-@@ -645,8 +643,7 @@ int main(int argc, char *argv[])
+@@ -646,8 +644,7 @@ int main(int argc, char *argv[])
struct hapd_interfaces interfaces;
int ret = 1;
size_t i, j;
#include "config.h"
-@@ -1985,6 +1986,97 @@ static char * wpa_config_write_mka_ckn(c
- #endif /* CONFIG_MACSEC */
+@@ -2037,6 +2038,97 @@ static char * wpa_config_write_peerkey(c
+ #endif /* NO_CONFIG_WRITE */
+static int wpa_config_parse_mcast_rate(const struct parse_data *data,
/* Helper macros for network block parser */
#ifdef OFFSET
-@@ -2224,6 +2316,8 @@ static const struct parse_data ssid_fiel
+@@ -2279,6 +2371,8 @@ static const struct parse_data ssid_fiel
{ INT(ap_max_inactivity) },
{ INT(dtim_period) },
{ INT(beacon_int) },
#define DEFAULT_EAP_WORKAROUND ((unsigned int) -1)
-@@ -735,6 +737,9 @@ struct wpa_ssid {
+@@ -743,6 +745,9 @@ struct wpa_ssid {
*/
void *parent_cred;
* macsec_policy - Determines the policy for MACsec secure session
--- a/wpa_supplicant/wpa_supplicant.c
+++ b/wpa_supplicant/wpa_supplicant.c
-@@ -2781,6 +2781,12 @@ static void wpas_start_assoc_cb(struct w
+@@ -2942,6 +2942,12 @@ static void wpas_start_assoc_cb(struct w
params.beacon_int = ssid->beacon_int;
else
params.beacon_int = wpa_s->conf->beacon_int;
+ params.mcast_rate = ssid->mcast_rate;
}
- params.wpa_ie = wpa_ie;
+ params.pairwise_suite = cipher_pairwise;
--- a/src/drivers/driver_nl80211.c
+++ b/src/drivers/driver_nl80211.c
-@@ -5012,7 +5012,7 @@ static int wpa_driver_nl80211_ibss(struc
+@@ -5091,7 +5091,7 @@ static int wpa_driver_nl80211_ibss(struc
struct wpa_driver_associate_params *params)
{
struct nl_msg *msg;
int count = 0;
wpa_printf(MSG_DEBUG, "nl80211: Join IBSS (ifindex=%d)", drv->ifindex);
-@@ -5039,6 +5039,37 @@ retry:
+@@ -5118,6 +5118,37 @@ retry:
nl80211_put_beacon_int(msg, params->beacon_int))
goto fail;
--- a/src/drivers/driver.h
+++ b/src/drivers/driver.h
-@@ -1424,6 +1424,7 @@ struct wpa_driver_mesh_join_params {
+@@ -1394,6 +1394,7 @@ struct wpa_driver_mesh_join_params {
#define WPA_DRIVER_MESH_FLAG_SAE_AUTH 0x00000004
#define WPA_DRIVER_MESH_FLAG_AMPE 0x00000008
unsigned int flags;
/**
--- a/src/drivers/driver_nl80211.c
+++ b/src/drivers/driver_nl80211.c
-@@ -8981,6 +8981,18 @@ static int nl80211_put_mesh_id(struct nl
+@@ -9210,6 +9210,18 @@ static int nl80211_put_mesh_id(struct nl
}
static int nl80211_put_mesh_config(struct nl_msg *msg,
struct wpa_driver_mesh_bss_params *params)
{
-@@ -9039,6 +9051,7 @@ static int nl80211_join_mesh(struct i802
+@@ -9268,6 +9280,7 @@ static int nl80211_join_mesh(struct i802
nl80211_put_basic_rates(msg, params->basic_rates) ||
nl80211_put_mesh_id(msg, params->meshid, params->meshid_len) ||
nl80211_put_beacon_int(msg, params->beacon_int) ||
--- a/wpa_supplicant/wpa_supplicant.c
+++ b/wpa_supplicant/wpa_supplicant.c
-@@ -2010,11 +2010,13 @@ void ibss_mesh_setup_freq(struct wpa_sup
+@@ -2081,11 +2081,13 @@ void ibss_mesh_setup_freq(struct wpa_sup
for (j = 0; j < wpa_s->last_scan_res_used; j++) {
struct wpa_bss *bss = wpa_s->last_scan_res[j];
struct wpa_ctrl_dst;
struct radius_server_data;
-@@ -122,6 +123,7 @@ struct hostapd_data {
+@@ -129,6 +130,7 @@ struct hostapd_data {
struct hostapd_iface *iface;
struct hostapd_config *iconf;
struct hostapd_bss_config *conf;
int interface_added; /* virtual interface added for this BSS */
unsigned int started:1;
unsigned int disabled:1;
-@@ -370,6 +372,8 @@ struct hostapd_iface {
+@@ -392,6 +394,8 @@ struct hostapd_iface {
struct hostapd_config *conf;
char phy[16]; /* Name of the PHY (radio) */
enum hostapd_iface_state {
HAPD_IFACE_UNINITIALIZED,
HAPD_IFACE_DISABLED,
-@@ -518,6 +522,7 @@ hostapd_alloc_bss_data(struct hostapd_if
+@@ -544,6 +548,7 @@ hostapd_alloc_bss_data(struct hostapd_if
struct hostapd_bss_config *bss);
int hostapd_setup_interface(struct hostapd_iface *iface);
int hostapd_setup_interface_complete(struct hostapd_iface *iface, int err);
{
#ifdef NEED_AP_MLME
u16 capab = hostapd_own_capab_info(hapd);
-@@ -1711,6 +1714,7 @@ static int hostapd_setup_interface_compl
+@@ -1807,6 +1810,7 @@ static int hostapd_setup_interface_compl
if (err)
goto fail;
wpa_printf(MSG_DEBUG, "Completing interface initialization");
if (iface->conf->channel) {
#ifdef NEED_AP_MLME
-@@ -1890,6 +1894,7 @@ dfs_offload:
+@@ -1987,6 +1991,7 @@ dfs_offload:
fail:
wpa_printf(MSG_ERROR, "Interface initialization failed");
hostapd_set_state(iface, HAPD_IFACE_DISABLED);
wpa_msg(hapd->msg_ctx, MSG_INFO, AP_EVENT_DISABLED);
#ifdef CONFIG_FST
-@@ -2344,6 +2349,7 @@ void hostapd_interface_deinit_free(struc
+@@ -2441,6 +2446,7 @@ void hostapd_interface_deinit_free(struc
(unsigned int) iface->conf->num_bss);
driver = iface->bss[0]->driver;
drv_priv = iface->bss[0]->drv_priv;
__func__, driver, drv_priv);
--- a/src/ap/ieee802_11.c
+++ b/src/ap/ieee802_11.c
-@@ -1587,12 +1587,13 @@ ieee802_11_set_radius_info(struct hostap
+@@ -1662,12 +1662,13 @@ ieee802_11_set_radius_info(struct hostap
static void handle_auth(struct hostapd_data *hapd,
u16 fc;
const u8 *challenge = NULL;
u32 session_timeout, acct_interim_interval;
-@@ -1603,6 +1604,11 @@ static void handle_auth(struct hostapd_d
+@@ -1678,6 +1679,11 @@ static void handle_auth(struct hostapd_d
char *identity = NULL;
char *radius_cui = NULL;
u16 seq_ctrl;
if (len < IEEE80211_HDRLEN + sizeof(mgmt->u.auth)) {
wpa_printf(MSG_INFO, "handle_auth - too short payload (len=%lu)",
-@@ -1757,6 +1763,13 @@ static void handle_auth(struct hostapd_d
+@@ -1836,6 +1842,13 @@ static void handle_auth(struct hostapd_d
resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
goto fail;
}
if (res == HOSTAPD_ACL_PENDING)
return;
-@@ -2870,12 +2883,12 @@ void fils_hlp_timeout(void *eloop_ctx, v
+@@ -3102,12 +3115,12 @@ void fils_hlp_timeout(void *eloop_ctx, v
static void handle_assoc(struct hostapd_data *hapd,
const struct ieee80211_mgmt *mgmt, size_t len,
struct sta_info *sta;
u8 *tmp = NULL;
struct hostapd_sta_wpa_psk_short *psk = NULL;
-@@ -2884,6 +2897,11 @@ static void handle_assoc(struct hostapd_
+@@ -3116,6 +3129,11 @@ static void handle_assoc(struct hostapd_
#ifdef CONFIG_FILS
int delay_assoc = 0;
#endif /* CONFIG_FILS */
if (len < IEEE80211_HDRLEN + (reassoc ? sizeof(mgmt->u.reassoc_req) :
sizeof(mgmt->u.assoc_req))) {
-@@ -3051,6 +3069,14 @@ static void handle_assoc(struct hostapd_
+@@ -3287,6 +3305,14 @@ static void handle_assoc(struct hostapd_
}
#endif /* CONFIG_MBO */
/*
* sta->capability is used in check_assoc_ies() for RRM enabled
* capability element.
-@@ -3258,6 +3284,7 @@ static void handle_disassoc(struct hosta
+@@ -3500,6 +3526,7 @@ static void handle_disassoc(struct hosta
wpa_printf(MSG_DEBUG, "disassocation: STA=" MACSTR " reason_code=%d",
MAC2STR(mgmt->sa),
le_to_host16(mgmt->u.disassoc.reason_code));
sta = ap_get_sta(hapd, mgmt->sa);
if (sta == NULL) {
-@@ -3323,6 +3350,8 @@ static void handle_deauth(struct hostapd
+@@ -3565,6 +3592,8 @@ static void handle_deauth(struct hostapd
" reason_code=%d",
MAC2STR(mgmt->sa), le_to_host16(mgmt->u.deauth.reason_code));
sta = ap_get_sta(hapd, mgmt->sa);
if (sta == NULL) {
wpa_msg(hapd->msg_ctx, MSG_DEBUG, "Station " MACSTR " trying "
-@@ -3637,7 +3666,7 @@ int ieee802_11_mgmt(struct hostapd_data
+@@ -3884,7 +3913,7 @@ int ieee802_11_mgmt(struct hostapd_data
if (stype == WLAN_FC_STYPE_PROBE_REQ) {
-- handle_probe_req(hapd, mgmt, len, fi->ssi_signal);
+- handle_probe_req(hapd, mgmt, len, ssi_signal);
+ handle_probe_req(hapd, mgmt, len, fi);
return 1;
}
-@@ -3657,17 +3686,17 @@ int ieee802_11_mgmt(struct hostapd_data
+@@ -3904,17 +3933,17 @@ int ieee802_11_mgmt(struct hostapd_data
switch (stype) {
case WLAN_FC_STYPE_AUTH:
wpa_printf(MSG_DEBUG, "mgmt::auth");
case WLAN_FC_STYPE_DISASSOC:
--- a/src/ap/beacon.c
+++ b/src/ap/beacon.c
-@@ -716,7 +716,7 @@ void sta_track_claim_taxonomy_info(struc
+@@ -720,7 +720,7 @@ void sta_track_claim_taxonomy_info(struc
void handle_probe_req(struct hostapd_data *hapd,
const struct ieee80211_mgmt *mgmt, size_t len,
{
u8 *resp;
struct ieee802_11_elems elems;
-@@ -725,9 +725,15 @@ void handle_probe_req(struct hostapd_dat
+@@ -729,6 +729,7 @@ void handle_probe_req(struct hostapd_dat
size_t i, resp_len;
int noack;
enum ssid_match_result res;
int ret;
u16 csa_offs[2];
size_t csa_offs_len;
+@@ -737,6 +738,11 @@ void handle_probe_req(struct hostapd_dat
+ struct hostapd_sta_wpa_psk_short *psk = NULL;
+ char *identity = NULL;
+ char *radius_cui = NULL;
+ struct hostapd_ubus_request req = {
+ .type = HOSTAPD_UBUS_PROBE_REQ,
+ .mgmt_frame = mgmt,
if (len < IEEE80211_HDRLEN)
return;
-@@ -894,6 +900,12 @@ void handle_probe_req(struct hostapd_dat
+@@ -914,6 +920,12 @@ void handle_probe_req(struct hostapd_dat
}
#endif /* CONFIG_P2P */
wpabuf_free(sta->p2p_ie);
--- a/src/ap/sta_info.c
+++ b/src/ap/sta_info.c
-@@ -404,6 +404,7 @@ void ap_handle_timer(void *eloop_ctx, vo
+@@ -412,6 +412,7 @@ void ap_handle_timer(void *eloop_ctx, vo
HOSTAPD_LEVEL_INFO, "deauthenticated due to "
"local deauth request");
ap_free_sta(hapd, sta);
return;
}
-@@ -551,6 +552,7 @@ skip_poll:
+@@ -559,6 +560,7 @@ skip_poll:
hapd, sta,
WLAN_REASON_PREV_AUTH_NOT_VALID);
ap_free_sta(hapd, sta);
break;
}
}
-@@ -1212,6 +1214,7 @@ void ap_sta_set_authorized(struct hostap
+@@ -1220,6 +1222,7 @@ void ap_sta_set_authorized(struct hostap
buf, ip_addr);
} else {
wpa_msg(hapd->msg_ctx, MSG_INFO, AP_STA_DISCONNECTED "%s", buf);
hapd->msg_ctx_parent != hapd->msg_ctx)
--- a/src/ap/wpa_auth_glue.c
+++ b/src/ap/wpa_auth_glue.c
-@@ -175,6 +175,7 @@ static void hostapd_wpa_auth_psk_failure
+@@ -176,6 +176,7 @@ static void hostapd_wpa_auth_psk_failure
struct hostapd_data *hapd = ctx;
wpa_msg(hapd->msg_ctx, MSG_INFO, AP_STA_POSSIBLE_PSK_MISMATCH MACSTR,
MAC2STR(addr));