diff options
Diffstat (limited to 'package/network/services/hostapd/patches/009-Clear-PMK-length-and-check-for-this-when-deriving-PT.patch')
| -rw-r--r-- | package/network/services/hostapd/patches/009-Clear-PMK-length-and-check-for-this-when-deriving-PT.patch | 53 |
1 files changed, 53 insertions, 0 deletions
diff --git a/package/network/services/hostapd/patches/009-Clear-PMK-length-and-check-for-this-when-deriving-PT.patch b/package/network/services/hostapd/patches/009-Clear-PMK-length-and-check-for-this-when-deriving-PT.patch new file mode 100644 index 0000000..ed7d79e --- /dev/null +++ b/package/network/services/hostapd/patches/009-Clear-PMK-length-and-check-for-this-when-deriving-PT.patch @@ -0,0 +1,53 @@ +From b488a12948751f57871f09baa345e59b23959a41 Mon Sep 17 00:00:00 2001 +From: Jouni Malinen <j@w1.fi> +Date: Sun, 8 Oct 2017 13:18:02 +0300 +Subject: [PATCH] Clear PMK length and check for this when deriving PTK + +Instead of setting the default PMK length for the cleared PMK, set the +length to 0 and explicitly check for this when deriving PTK to avoid +unexpected key derivation with an all-zeroes key should it be possible +to somehow trigger PTK derivation to happen before PMK derivation. + +Signed-off-by: Jouni Malinen <j@w1.fi> +--- + src/common/wpa_common.c | 5 +++++ + src/rsn_supp/wpa.c | 7 ++++--- + 2 files changed, 9 insertions(+), 3 deletions(-) + +--- a/src/common/wpa_common.c ++++ b/src/common/wpa_common.c +@@ -225,6 +225,11 @@ int wpa_pmk_to_ptk(const u8 *pmk, size_t + u8 tmp[WPA_KCK_MAX_LEN + WPA_KEK_MAX_LEN + WPA_TK_MAX_LEN]; + size_t ptk_len; + ++ if (pmk_len == 0) { ++ wpa_printf(MSG_ERROR, "WPA: No PMK set for PT derivation"); ++ return -1; ++ } ++ + if (os_memcmp(addr1, addr2, ETH_ALEN) < 0) { + os_memcpy(data, addr1, ETH_ALEN); + os_memcpy(data + ETH_ALEN, addr2, ETH_ALEN); +--- a/src/rsn_supp/wpa.c ++++ b/src/rsn_supp/wpa.c +@@ -584,7 +584,8 @@ static void wpa_supplicant_process_1_of_ + /* Calculate PTK which will be stored as a temporary PTK until it has + * been verified when processing message 3/4. */ + ptk = &sm->tptk; +- wpa_derive_ptk(sm, src_addr, key, ptk); ++ if (wpa_derive_ptk(sm, src_addr, key, ptk) < 0) ++ goto failed; + if (sm->pairwise_cipher == WPA_CIPHER_TKIP) { + u8 buf[8]; + /* Supplicant: swap tx/rx Mic keys */ +@@ -2705,8 +2706,8 @@ void wpa_sm_set_pmk_from_pmksa(struct wp + sm->pmk_len = sm->cur_pmksa->pmk_len; + os_memcpy(sm->pmk, sm->cur_pmksa->pmk, sm->pmk_len); + } else { +- sm->pmk_len = PMK_LEN; +- os_memset(sm->pmk, 0, PMK_LEN); ++ sm->pmk_len = 0; ++ os_memset(sm->pmk, 0, PMK_LEN_MAX); + } + } + |