Miroirs/slackware-current
1
0
Fork 0
mirror of git://slackware.nl/current.git synced 2025-02-05 20:46:11 +01:00
Code Issues Projects Releases Packages Wiki Activity
slackware-current/source/n/wpa_supplicant/2017-1/rebased-v2.6-0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch
Patrick J Volkerding 527328c5da Sat Dec 29 23:13:15 UTC 2018 
a/kernel-generic-4.19.13-x86_64-1.txz:  Upgraded.
a/kernel-huge-4.19.13-x86_64-1.txz:  Upgraded.
a/kernel-modules-4.19.13-x86_64-1.txz:  Upgraded.
d/doxygen-1.8.15-x86_64-1.txz:  Upgraded.
d/kernel-headers-4.19.13-x86-1.txz:  Upgraded.
k/kernel-source-4.19.13-noarch-1.txz:  Upgraded.
  FRAMEBUFFER_CONSOLE_DEFERRED_TAKEOVER y -> n
l/libsecret-0.18.7-x86_64-1.txz:  Upgraded.
n/wpa_supplicant-2.6-x86_64-6.txz:  Upgraded.
  It seems we're not the only ones with broken WPA2-Enterprise support
  with wpa_supplicant-2.7, so we'll fix it the same way as everyone else -
  by reverting to wpa_supplicant-2.6 for now.
isolinux/initrd.img:  Rebuilt.
kernels/*:  Upgraded.
testing/packages/wpa_supplicant-2.7-x86_64-2.txz:  Upgraded.
  Applied a patch from Gentoo to allow building CONFIG_IEEE80211X=y without
  the experimental CONFIG_FILS=y option.
usb-and-pxe-installers/usbboot.img:  Rebuilt.
2018-12-30 08:59:46 +01:00

64 lines
1.9 KiB
Diff
Raw Blame History

From 12fac09b437a1dc8a0f253e265934a8aaf4d2f8b Mon Sep 17 00:00:00 2001
From: Jouni Malinen <j@w1.fi>
Date: Sun, 1 Oct 2017 12:32:57 +0300
Subject: [PATCH 5/8] Fix PTK rekeying to generate a new ANonce
The Authenticator state machine path for PTK rekeying ended up bypassing
the AUTHENTICATION2 state where a new ANonce is generated when going
directly to the PTKSTART state since there is no need to try to
determine the PMK again in such a case. This is far from ideal since the
new PTK would depend on a new nonce only from the supplicant.
Fix this by generating a new ANonce when moving to the PTKSTART state
for the purpose of starting new 4-way handshake to rekey PTK.
Signed-off-by: Jouni Malinen <j@w1.fi>
---
src/ap/wpa_auth.c | 24 +++++++++++++++++++++---
1 file changed, 21 insertions(+), 3 deletions(-)
diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c
index 707971d..bf10cc1 100644
--- a/src/ap/wpa_auth.c
+++ b/src/ap/wpa_auth.c
@@ -1901,6 +1901,21 @@ SM_STATE(WPA_PTK, AUTHENTICATION2)
}
+static int wpa_auth_sm_ptk_update(struct wpa_state_machine *sm)
+{
+ if (random_get_bytes(sm->ANonce, WPA_NONCE_LEN)) {
+ wpa_printf(MSG_ERROR,
+ "WPA: Failed to get random data for ANonce");
+ sm->Disconnect = TRUE;
+ return -1;
+ }
+ wpa_hexdump(MSG_DEBUG, "WPA: Assign new ANonce", sm->ANonce,
+ WPA_NONCE_LEN);
+ sm->TimeoutCtr = 0;
+ return 0;
+}
+
+
SM_STATE(WPA_PTK, INITPMK)
{
u8 msk[2 * PMK_LEN];
@@ -2458,9 +2473,12 @@ SM_STEP(WPA_PTK)
SM_ENTER(WPA_PTK, AUTHENTICATION);
else if (sm->ReAuthenticationRequest)
SM_ENTER(WPA_PTK, AUTHENTICATION2);
- else if (sm->PTKRequest)
- SM_ENTER(WPA_PTK, PTKSTART);
- else switch (sm->wpa_ptk_state) {
+ else if (sm->PTKRequest) {
+ if (wpa_auth_sm_ptk_update(sm) < 0)
+ SM_ENTER(WPA_PTK, DISCONNECTED);
+ else
+ SM_ENTER(WPA_PTK, PTKSTART);
+ } else switch (sm->wpa_ptk_state) {
case WPA_PTK_INITIALIZE:
break;
case WPA_PTK_DISCONNECT:
--
2.7.4
Reference in a new issue View git blame Copy permalink