wpa-supplicant: fix the bug for PATCHTOOL = "patch"

When switch PATCHTOOL to patch, applying 'key-replay-cve-multiple.patch' failed: checking file src/ap/ieee802_11.c checking file src/ap/wpa_auth.c checking file src/ap/wpa_auth.h checking file src/ap/wpa_auth_ft.c checking file src/ap/wpa_auth_i.h checking file src/common/wpa_common.h checking file src/rsn_supp/wpa.c checking file src/rsn_supp/wpa_i.h checking file src/rsn_supp/wpa.c Hunk #1 FAILED at 709. Hunk #2 FAILED at 757. Hunk #3 succeeded at 840 (offset -12 lines). Hunk #4 FAILED at 868. Hunk #5 FAILED at 900. Hunk #6 FAILED at 924. Hunk #7 succeeded at 1536 (offset -38 lines). Hunk #8 FAILED at 2386. Hunk #9 FAILED at 2920. Hunk #10 succeeded at 2940 (offset -46 lines). Hunk #11 FAILED at 2998. 8 out of 11 hunks FAILED checking file src/rsn_supp/wpa_i.h Hunk #1 FAILED at 32. 1 out of 1 hunk FAILED checking file src/common/wpa_common.h Hunk #1 succeeded at 215 with fuzz 1. checking file src/rsn_supp/wpa.c checking file src/rsn_supp/wpa_i.h checking file src/ap/wpa_auth.c Hunk #1 succeeded at 1898 (offset -3 lines). Hunk #2 succeeded at 2470 (offset -3 lines). checking file src/rsn_supp/tdls.c checking file wpa_supplicant/wnm_sta.c checking file src/rsn_supp/wpa.c Hunk #1 succeeded at 2378 (offset -62 lines). checking file src/rsn_supp/wpa_ft.c checking file src/rsn_supp/wpa_i.h Hunk #1 succeeded at 123 (offset -5 lines). So split the wpa-supplicant/key-replay-cve-multiple to 8 patches. (From OE-Core rev: 4e9bc513c22b9a52c48588ef276e2ab7f7781526) Signed-off-by: Hong Liu <hongl.fnst@cn.fujitsu.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Hong Liu <hongl.fnst@cn.fujitsu.com> 2018-06-05 16:10:56 +0800
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2018-06-15 17:56:24 +0100
commit: 61e587b32d10c796503f98f16eb3d66f24835708 (patch)
tree: 3915b26534a782f7017a588c5b86f4f1b3285fa4 /meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple5.patch
parent: c8a1e372f3aa962b483b4f2280c7c44392c8b2f7 (diff)
download: poky-61e587b32d10c796503f98f16eb3d66f24835708.tar.gz
1 files changed, 81 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple5.patch b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple5.patch
new file mode 100644
index 0000000000..b262dcac55
--- /dev/null
+++ b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple5.patch
@@ -0,0 +1,81 @@
+The WPA2 four-way handshake protocol is vulnerable to replay attacks which can
+result in unauthenticated clients gaining access to the network.
+Backport a number of patches from upstream to fix this.
+CVE: CVE-2017-13077
+CVE: CVE-2017-13078
+CVE: CVE-2017-13079
+CVE: CVE-2017-13080
+CVE: CVE-2017-13081
+CVE: CVE-2017-13082
+CVE: CVE-2017-13086
+CVE: CVE-2017-13087
+CVE: CVE-2017-13088
+Upstream-Status: Backport
+Signed-off-by: Ross Burton <ross.burton@intel.com>
+From 12fac09b437a1dc8a0f253e265934a8aaf4d2f8b Mon Sep 17 00:00:00 2001
+From: Jouni Malinen <j@w1.fi>
+Date: Sun, 1 Oct 2017 12:32:57 +0300
+Subject: [PATCH 5/8] Fix PTK rekeying to generate a new ANonce
+The Authenticator state machine path for PTK rekeying ended up bypassing
+the AUTHENTICATION2 state where a new ANonce is generated when going
+directly to the PTKSTART state since there is no need to try to
+determine the PMK again in such a case. This is far from ideal since the
+new PTK would depend on a new nonce only from the supplicant.
+Fix this by generating a new ANonce when moving to the PTKSTART state
+for the purpose of starting new 4-way handshake to rekey PTK.
+Signed-off-by: Jouni Malinen <j@w1.fi>
+---
+ src/ap/wpa_auth.c | 24 +++++++++++++++++++++---
+ 1 file changed, 21 insertions(+), 3 deletions(-)
+diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c
+index 707971d..bf10cc1 100644
+--- a/src/ap/wpa_auth.c
+++ b/src/ap/wpa_auth.c
+@@ -1901,6 +1901,21 @@ SM_STATE(WPA_PTK, AUTHENTICATION2)
+ }
+ 
+ 
+static int wpa_auth_sm_ptk_update(struct wpa_state_machine *sm)
+{
+       if (random_get_bytes(sm->ANonce, WPA_NONCE_LEN)) {
+               wpa_printf(MSG_ERROR,
+                          "WPA: Failed to get random data for ANonce");
+               sm->Disconnect = TRUE;
+               return -1;
+       }
+       wpa_hexdump(MSG_DEBUG, "WPA: Assign new ANonce", sm->ANonce,
+                   WPA_NONCE_LEN);
+       sm->TimeoutCtr = 0;
+       return 0;
+}
+
+
+ SM_STATE(WPA_PTK, INITPMK)
+ {
+        u8 msk[2 * PMK_LEN];
+@@ -2458,9 +2473,12 @@ SM_STEP(WPA_PTK)
+                SM_ENTER(WPA_PTK, AUTHENTICATION);
+        else if (sm->ReAuthenticationRequest)
+                SM_ENTER(WPA_PTK, AUTHENTICATION2);
+-       else if (sm->PTKRequest)
+-               SM_ENTER(WPA_PTK, PTKSTART);
+-       else switch (sm->wpa_ptk_state) {
+       else if (sm->PTKRequest) {
+               if (wpa_auth_sm_ptk_update(sm) < 0)
+                       SM_ENTER(WPA_PTK, DISCONNECTED);
+               else
+                       SM_ENTER(WPA_PTK, PTKSTART);
+       } else switch (sm->wpa_ptk_state) {
+        case WPA_PTK_INITIALIZE:
+                break;
+        case WPA_PTK_DISCONNECT:
+-- 
+2.7.4
+\ No newline at end of file
author	Hong Liu <hongl.fnst@cn.fujitsu.com>	2018-06-05 16:10:56 +0800
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2018-06-15 17:56:24 +0100
commit	61e587b32d10c796503f98f16eb3d66f24835708 (patch)
tree	3915b26534a782f7017a588c5b86f4f1b3285fa4 /meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple5.patch
parent	c8a1e372f3aa962b483b4f2280c7c44392c8b2f7 (diff)
download	poky-61e587b32d10c796503f98f16eb3d66f24835708.tar.gz

diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple5.patch b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple5.patch new file mode 100644 index 0000000000..b262dcac55 --- /dev/null +++ b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple5.patch
@@ -0,0 +1,81 @@
	1	The WPA2 four-way handshake protocol is vulnerable to replay attacks which can
	2	result in unauthenticated clients gaining access to the network.
	3
	4	Backport a number of patches from upstream to fix this.
	5
	6	CVE: CVE-2017-13077
	7	CVE: CVE-2017-13078
	8	CVE: CVE-2017-13079
	9	CVE: CVE-2017-13080
	10	CVE: CVE-2017-13081
	11	CVE: CVE-2017-13082
	12	CVE: CVE-2017-13086
	13	CVE: CVE-2017-13087
	14	CVE: CVE-2017-13088
	15
	16	Upstream-Status: Backport
	17	Signed-off-by: Ross Burton <ross.burton@intel.com>
	18
	19	From 12fac09b437a1dc8a0f253e265934a8aaf4d2f8b Mon Sep 17 00:00:00 2001
	20	From: Jouni Malinen <j@w1.fi>
	21	Date: Sun, 1 Oct 2017 12:32:57 +0300
	22	Subject: [PATCH 5/8] Fix PTK rekeying to generate a new ANonce
	23
	24	The Authenticator state machine path for PTK rekeying ended up bypassing
	25	the AUTHENTICATION2 state where a new ANonce is generated when going
	26	directly to the PTKSTART state since there is no need to try to
	27	determine the PMK again in such a case. This is far from ideal since the
	28	new PTK would depend on a new nonce only from the supplicant.
	29
	30	Fix this by generating a new ANonce when moving to the PTKSTART state
	31	for the purpose of starting new 4-way handshake to rekey PTK.
	32
	33	Signed-off-by: Jouni Malinen <j@w1.fi>
	34	---
	35	src/ap/wpa_auth.c \| 24 +++++++++++++++++++++---
	36	1 file changed, 21 insertions(+), 3 deletions(-)
	37
	38	diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c
	39	index 707971d..bf10cc1 100644
	40	--- a/src/ap/wpa_auth.c
	41	+++ b/src/ap/wpa_auth.c
	42	@@ -1901,6 +1901,21 @@ SM_STATE(WPA_PTK, AUTHENTICATION2)
	43	}
	44
	45
	46	+static int wpa_auth_sm_ptk_update(struct wpa_state_machine *sm)
	47	+{
	48	+ if (random_get_bytes(sm->ANonce, WPA_NONCE_LEN)) {
	49	+ wpa_printf(MSG_ERROR,
	50	+ "WPA: Failed to get random data for ANonce");
	51	+ sm->Disconnect = TRUE;
	52	+ return -1;
	53	+ }
	54	+ wpa_hexdump(MSG_DEBUG, "WPA: Assign new ANonce", sm->ANonce,
	55	+ WPA_NONCE_LEN);
	56	+ sm->TimeoutCtr = 0;
	57	+ return 0;
	58	+}
	59	+
	60	+
	61	SM_STATE(WPA_PTK, INITPMK)
	62	{
	63	u8 msk[2 * PMK_LEN];
	64	@@ -2458,9 +2473,12 @@ SM_STEP(WPA_PTK)
	65	SM_ENTER(WPA_PTK, AUTHENTICATION);
	66	else if (sm->ReAuthenticationRequest)
	67	SM_ENTER(WPA_PTK, AUTHENTICATION2);
	68	- else if (sm->PTKRequest)
	69	- SM_ENTER(WPA_PTK, PTKSTART);
	70	- else switch (sm->wpa_ptk_state) {
	71	+ else if (sm->PTKRequest) {
	72	+ if (wpa_auth_sm_ptk_update(sm) < 0)
	73	+ SM_ENTER(WPA_PTK, DISCONNECTED);
	74	+ else
	75	+ SM_ENTER(WPA_PTK, PTKSTART);
	76	+ } else switch (sm->wpa_ptk_state) {
	77	case WPA_PTK_INITIALIZE:
	78	break;
	79	case WPA_PTK_DISCONNECT:
	80	--
	81	2.7.4 \ No newline at end of file