From 2127425434046ae2b9f02fdbbdd37cac447af19c Mon Sep 17 00:00:00 2001 From: Stijn Tintel Date: Tue, 17 Oct 2017 16:24:14 +0300 Subject: hostapd: backport extra changes related to KRACK While these changes are not included in the advisory, upstream encourages users to merge them. See http://lists.infradead.org/pipermail/hostap/2017-October/037989.html Signed-off-by: Stijn Tintel --- ...efense-against-PTK-reinstalls-in-4-way-ha.patch | 34 ++++++++++++++++++++++ 1 file changed, 34 insertions(+) create mode 100644 package/network/services/hostapd/patches/008-WPA-Extra-defense-against-PTK-reinstalls-in-4-way-ha.patch (limited to 'package/network/services/hostapd/patches/008-WPA-Extra-defense-against-PTK-reinstalls-in-4-way-ha.patch') diff --git a/package/network/services/hostapd/patches/008-WPA-Extra-defense-against-PTK-reinstalls-in-4-way-ha.patch b/package/network/services/hostapd/patches/008-WPA-Extra-defense-against-PTK-reinstalls-in-4-way-ha.patch new file mode 100644 index 0000000000..40f6b56965 --- /dev/null +++ b/package/network/services/hostapd/patches/008-WPA-Extra-defense-against-PTK-reinstalls-in-4-way-ha.patch @@ -0,0 +1,34 @@ +From a00e946c1c9a1f9cc65c72900d2a444ceb1f872e Mon Sep 17 00:00:00 2001 +From: Mathy Vanhoef +Date: Thu, 5 Oct 2017 23:53:01 +0200 +Subject: [PATCH] WPA: Extra defense against PTK reinstalls in 4-way handshake + +Currently, reinstallations of the PTK are prevented by (1) assuring the +same TPTK is only set once as the PTK, and (2) that one particular PTK +is only installed once. This patch makes it more explicit that point (1) +is required to prevent key reinstallations. At the same time, this patch +hardens wpa_supplicant such that future changes do not accidentally +break this property. + +Signed-off-by: Mathy Vanhoef +--- + src/rsn_supp/wpa.c | 8 ++++++++ + 1 file changed, 8 insertions(+) + +--- a/src/rsn_supp/wpa.c ++++ b/src/rsn_supp/wpa.c +@@ -1728,6 +1728,14 @@ static int wpa_supplicant_verify_eapol_k + sm->ptk_set = 1; + os_memcpy(&sm->ptk, &sm->tptk, sizeof(sm->ptk)); + os_memset(&sm->tptk, 0, sizeof(sm->tptk)); ++ /* ++ * This assures the same TPTK in sm->tptk can never be ++ * copied twice to sm->pkt as the new PTK. In ++ * combination with the installed flag in the wpa_ptk ++ * struct, this assures the same PTK is only installed ++ * once. ++ */ ++ sm->renew_snonce = 1; + } + } + -- cgit v1.2.3