11.1/releng-p2.diff - freebsd-patches - Rivoreo Source Code Repositories

 Index: UPDATING
 ===================================================================
 --- UPDATING	(版本 322342)
 +++ UPDATING	(版本 324699)
 @@ -16,6 +16,10 @@
  the tip of head, and then rebuild without this option. The bootstrap process
  from older version of current across the gcc/clang cutover is a bit fragile.

 +20171017	p13	FreeBSD-SA-17:07.wpa
 +
 +	Fix WPA2 protocol vulnerability. [SA-17:07]
 +
  20170810	p1	FreeBSD-SA-17:06.openssh
  			FreeBSD-EN-17:07.vnet
  			FreeBSD-EN-17:08.pf
 Index: contrib/wpa/src/ap/wpa_auth.c
 ===================================================================
 --- contrib/wpa/src/ap/wpa_auth.c	(版本 322342)
 +++ contrib/wpa/src/ap/wpa_auth.c	(版本 324699)
 @@ -1893,6 +1893,21 @@
  }


 +static int wpa_auth_sm_ptk_update(struct wpa_state_machine *sm)
 +{
 +	if (random_get_bytes(sm->ANonce, WPA_NONCE_LEN)) {
 +		wpa_printf(MSG_ERROR,
 +			   "WPA: Failed to get random data for ANonce");
 +		sm->Disconnect = TRUE;
 +		return -1;
 +	}
 +	wpa_hexdump(MSG_DEBUG, "WPA: Assign new ANonce", sm->ANonce,
 +		    WPA_NONCE_LEN);
 +	sm->TimeoutCtr = 0;
 +	return 0;
 +}
 +
 +
  SM_STATE(WPA_PTK, INITPMK)
  {
  	u8 msk[2 * PMK_LEN];
 @@ -2414,9 +2429,12 @@
  		SM_ENTER(WPA_PTK, AUTHENTICATION);
  	else if (sm->ReAuthenticationRequest)
  		SM_ENTER(WPA_PTK, AUTHENTICATION2);
 -	else if (sm->PTKRequest)
 -		SM_ENTER(WPA_PTK, PTKSTART);
 -	else switch (sm->wpa_ptk_state) {
 +	else if (sm->PTKRequest) {
 +		if (wpa_auth_sm_ptk_update(sm) < 0)
 +			SM_ENTER(WPA_PTK, DISCONNECTED);
 +		else
 +			SM_ENTER(WPA_PTK, PTKSTART);
 +	} else switch (sm->wpa_ptk_state) {
  	case WPA_PTK_INITIALIZE:
  		break;
  	case WPA_PTK_DISCONNECT:
 @@ -3209,6 +3227,14 @@
  }


 +int wpa_auth_sta_ft_tk_already_set(struct wpa_state_machine *sm)
 +{
 +	if (!sm || !wpa_key_mgmt_ft(sm->wpa_key_mgmt))
 +		return 0;
 +	return sm->tk_already_set;
 +}
 +
 +
  int wpa_auth_sta_clear_pmksa(struct wpa_state_machine *sm,
  			     struct rsn_pmksa_cache_entry *entry)
  {
 Index: contrib/wpa/src/ap/wpa_auth.h
 ===================================================================
 --- contrib/wpa/src/ap/wpa_auth.h	(版本 322342)
 +++ contrib/wpa/src/ap/wpa_auth.h	(版本 324699)
 @@ -271,6 +271,7 @@
  int wpa_auth_get_pairwise(struct wpa_state_machine *sm);
  int wpa_auth_sta_key_mgmt(struct wpa_state_machine *sm);
  int wpa_auth_sta_wpa_version(struct wpa_state_machine *sm);
 +int wpa_auth_sta_ft_tk_already_set(struct wpa_state_machine *sm);
  int wpa_auth_sta_clear_pmksa(struct wpa_state_machine *sm,
  			     struct rsn_pmksa_cache_entry *entry);
  struct rsn_pmksa_cache_entry *
 Index: contrib/wpa/src/ap/wpa_auth_ft.c
 ===================================================================
 --- contrib/wpa/src/ap/wpa_auth_ft.c	(版本 322342)
 +++ contrib/wpa/src/ap/wpa_auth_ft.c	(版本 324699)
 @@ -780,6 +780,14 @@
  		return;
  	}

 +	if (sm->tk_already_set) {
 +		/* Must avoid TK reconfiguration to prevent clearing of TX/RX
 +		 * PN in the driver */
 +		wpa_printf(MSG_DEBUG,
 +			   "FT: Do not re-install same PTK to the driver");
 +		return;
 +	}
 +
  	/* FIX: add STA entry to kernel/driver here? The set_key will fail
  	 * most likely without this.. At the moment, STA entry is added only
  	 * after association has been completed. This function will be called
 @@ -792,6 +800,7 @@

  	/* FIX: MLME-SetProtection.Request(TA, Tx_Rx) */
  	sm->pairwise_set = TRUE;
 +	sm->tk_already_set = TRUE;
  }


 @@ -898,6 +907,7 @@

  	sm->pairwise = pairwise;
  	sm->PTK_valid = TRUE;
 +	sm->tk_already_set = FALSE;
  	wpa_ft_install_ptk(sm);

  	buflen = 2 + sizeof(struct rsn_mdie) + 2 + sizeof(struct rsn_ftie) +
 Index: contrib/wpa/src/ap/wpa_auth_i.h
 ===================================================================
 --- contrib/wpa/src/ap/wpa_auth_i.h	(版本 322342)
 +++ contrib/wpa/src/ap/wpa_auth_i.h	(版本 324699)
 @@ -64,6 +64,7 @@
  	struct wpa_ptk PTK;
  	Boolean PTK_valid;
  	Boolean pairwise_set;
 +	Boolean tk_already_set;
  	int keycount;
  	Boolean Pair;
  	struct wpa_key_replay_counter {
 Index: contrib/wpa/src/common/wpa_common.h
 ===================================================================
 --- contrib/wpa/src/common/wpa_common.h	(版本 322342)
 +++ contrib/wpa/src/common/wpa_common.h	(版本 324699)
 @@ -213,9 +213,21 @@
  	size_t kck_len;
  	size_t kek_len;
  	size_t tk_len;
 +	int installed; /* 1 if key has already been installed to driver */
  };

 +struct wpa_gtk {
 +	u8 gtk[WPA_GTK_MAX_LEN];
 +	size_t gtk_len;
 +};

 +#ifdef CONFIG_IEEE80211W
 +struct wpa_igtk {
 +	u8 igtk[WPA_IGTK_MAX_LEN];
 +	size_t igtk_len;
 +};
 +#endif /* CONFIG_IEEE80211W */
 +
  /* WPA IE version 1
   * 00-50-f2:1 (OUI:OUI type)
   * 0x01 0x00 (version; little endian)
 Index: contrib/wpa/src/rsn_supp/tdls.c
 ===================================================================
 --- contrib/wpa/src/rsn_supp/tdls.c	(版本 322342)
 +++ contrib/wpa/src/rsn_supp/tdls.c	(版本 324699)
 @@ -112,6 +112,7 @@
  		u8 tk[16]; /* TPK-TK; assuming only CCMP will be used */
  	} tpk;
  	int tpk_set;
 +	int tk_set; /* TPK-TK configured to the driver */
  	int tpk_success;
  	int tpk_in_progress;

 @@ -192,6 +193,20 @@
  	u8 rsc[6];
  	enum wpa_alg alg;

 +	if (peer->tk_set) {
 +		/*
 +		 * This same TPK-TK has already been configured to the driver
 +		 * and this new configuration attempt (likely due to an
 +		 * unexpected retransmitted frame) would result in clearing
 +		 * the TX/RX sequence number which can break security, so must
 +		 * not allow that to happen.
 +		 */
 +		wpa_printf(MSG_INFO, "TDLS: TPK-TK for the peer " MACSTR
 +			   " has already been configured to the driver - do not reconfigure",
 +			   MAC2STR(peer->addr));
 +		return -1;
 +	}
 +
  	os_memset(rsc, 0, 6);

  	switch (peer->cipher) {
 @@ -209,6 +224,8 @@
  		return -1;
  	}

 +	wpa_printf(MSG_DEBUG, "TDLS: Configure pairwise key for peer " MACSTR,
 +		   MAC2STR(peer->addr));
  	if (wpa_sm_set_key(sm, alg, peer->addr, -1, 1,
  			   rsc, sizeof(rsc), peer->tpk.tk, key_len) < 0) {
  		wpa_printf(MSG_WARNING, "TDLS: Failed to set TPK to the "
 @@ -215,6 +232,7 @@
  			   "driver");
  		return -1;
  	}
 +	peer->tk_set = 1;
  	return 0;
  }

 @@ -690,7 +708,7 @@
  	peer->cipher = 0;
  	peer->qos_info = 0;
  	peer->wmm_capable = 0;
 -	peer->tpk_set = peer->tpk_success = 0;
 +	peer->tk_set = peer->tpk_set = peer->tpk_success = 0;
  	peer->chan_switch_enabled = 0;
  	os_memset(&peer->tpk, 0, sizeof(peer->tpk));
  	os_memset(peer->inonce, 0, WPA_NONCE_LEN);
 @@ -1153,6 +1171,7 @@
  		wpa_tdls_peer_free(sm, peer);
  		return -1;
  	}
 +	peer->tk_set = 0; /* A new nonce results in a new TK */
  	wpa_hexdump(MSG_DEBUG, "TDLS: Initiator Nonce for TPK handshake",
  		    peer->inonce, WPA_NONCE_LEN);
  	os_memcpy(ftie->Snonce, peer->inonce, WPA_NONCE_LEN);
 @@ -1745,6 +1764,19 @@
  }


 +static int tdls_nonce_set(const u8 *nonce)
 +{
 +	int i;
 +
 +	for (i = 0; i < WPA_NONCE_LEN; i++) {
 +		if (nonce[i])
 +			return 1;
 +	}
 +
 +	return 0;
 +}
 +
 +
  static int wpa_tdls_process_tpk_m1(struct wpa_sm *sm, const u8 *src_addr,
  				   const u8 *buf, size_t len)
  {
 @@ -1998,7 +2030,8 @@
  	peer->rsnie_i_len = kde.rsn_ie_len;
  	peer->cipher = cipher;

 -	if (os_memcmp(peer->inonce, ftie->Snonce, WPA_NONCE_LEN) != 0) {
 +	if (os_memcmp(peer->inonce, ftie->Snonce, WPA_NONCE_LEN) != 0 ||
 +	    !tdls_nonce_set(peer->inonce)) {
  		/*
  		 * There is no point in updating the RNonce for every obtained
  		 * TPK M1 frame (e.g., retransmission due to timeout) with the
 @@ -2014,6 +2047,7 @@
  				"TDLS: Failed to get random data for responder nonce");
  			goto error;
  		}
 +		peer->tk_set = 0; /* A new nonce results in a new TK */
  	}

  #if 0
 @@ -2170,6 +2204,14 @@
  			   "ignore TPK M2 from " MACSTR, MAC2STR(src_addr));
  		return -1;
  	}
 +
 +	if (peer->tpk_success) {
 +		wpa_printf(MSG_INFO, "TDLS: Ignore incoming TPK M2 retry, from "
 +			   MACSTR " as TPK M3 was already sent",
 +			   MAC2STR(src_addr));
 +		return 0;
 +	}
 +
  	wpa_tdls_tpk_retry_timeout_cancel(sm, peer, WLAN_TDLS_SETUP_REQUEST);

  	if (len < 3 + 2 + 1) {
 Index: contrib/wpa/src/rsn_supp/wpa.c
 ===================================================================
 --- contrib/wpa/src/rsn_supp/wpa.c	(版本 322342)
 +++ contrib/wpa/src/rsn_supp/wpa.c	(版本 324699)
 @@ -605,6 +605,12 @@
  	const u8 *key_rsc;
  	u8 null_rsc[8] = { 0, 0, 0, 0, 0, 0, 0, 0 };

 +	if (sm->ptk.installed) {
 +		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
 +			"WPA: Do not re-install same PTK to the driver");
 +		return 0;
 +	}
 +
  	wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
  		"WPA: Installing PTK to the driver");

 @@ -643,6 +649,7 @@

  	/* TK is not needed anymore in supplicant */
  	os_memset(sm->ptk.tk, 0, WPA_TK_MAX_LEN);
 +	sm->ptk.installed = 1;

  	if (sm->wpa_ptk_rekey) {
  		eloop_cancel_timeout(wpa_sm_rekey_ptk, sm, NULL);
 @@ -692,11 +699,23 @@

  static int wpa_supplicant_install_gtk(struct wpa_sm *sm,
  				      const struct wpa_gtk_data *gd,
 -				      const u8 *key_rsc)
 +				      const u8 *key_rsc, int wnm_sleep)
  {
  	const u8 *_gtk = gd->gtk;
  	u8 gtk_buf[32];

 +	/* Detect possible key reinstallation */
 +	if ((sm->gtk.gtk_len == (size_t) gd->gtk_len &&
 +	     os_memcmp(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len) == 0) ||
 +	    (sm->gtk_wnm_sleep.gtk_len == (size_t) gd->gtk_len &&
 +	     os_memcmp(sm->gtk_wnm_sleep.gtk, gd->gtk,
 +		       sm->gtk_wnm_sleep.gtk_len) == 0)) {
 +		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
 +			"WPA: Not reinstalling already in-use GTK to the driver (keyidx=%d tx=%d len=%d)",
 +			gd->keyidx, gd->tx, gd->gtk_len);
 +		return 0;
 +	}
 +
  	wpa_hexdump_key(MSG_DEBUG, "WPA: Group Key", gd->gtk, gd->gtk_len);
  	wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
  		"WPA: Installing GTK to the driver (keyidx=%d tx=%d len=%d)",
 @@ -731,6 +750,15 @@
  	}
  	os_memset(gtk_buf, 0, sizeof(gtk_buf));

 +	if (wnm_sleep) {
 +		sm->gtk_wnm_sleep.gtk_len = gd->gtk_len;
 +		os_memcpy(sm->gtk_wnm_sleep.gtk, gd->gtk,
 +			  sm->gtk_wnm_sleep.gtk_len);
 +	} else {
 +		sm->gtk.gtk_len = gd->gtk_len;
 +		os_memcpy(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len);
 +	}
 +
  	return 0;
  }

 @@ -788,7 +816,7 @@
  	    (wpa_supplicant_check_group_cipher(sm, sm->group_cipher,
  					       gtk_len, gtk_len,
  					       &gd.key_rsc_len, &gd.alg) ||
 -	     wpa_supplicant_install_gtk(sm, &gd, key->key_rsc))) {
 +	     wpa_supplicant_install_gtk(sm, &gd, key->key_rsc, 0))) {
  		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
  			"RSN: Failed to install GTK");
  		os_memset(&gd, 0, sizeof(gd));
 @@ -802,6 +830,58 @@
  }


 +#ifdef CONFIG_IEEE80211W
 +static int wpa_supplicant_install_igtk(struct wpa_sm *sm,
 +				       const struct wpa_igtk_kde *igtk,
 +				       int wnm_sleep)
 +{
 +	size_t len = wpa_cipher_key_len(sm->mgmt_group_cipher);
 +	u16 keyidx = WPA_GET_LE16(igtk->keyid);
 +
 +	/* Detect possible key reinstallation */
 +	if ((sm->igtk.igtk_len == len &&
 +	     os_memcmp(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len) == 0) ||
 +	    (sm->igtk_wnm_sleep.igtk_len == len &&
 +	     os_memcmp(sm->igtk_wnm_sleep.igtk, igtk->igtk,
 +		       sm->igtk_wnm_sleep.igtk_len) == 0)) {
 +		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
 +			"WPA: Not reinstalling already in-use IGTK to the driver (keyidx=%d)",
 +			keyidx);
 +		return  0;
 +	}
 +
 +	wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
 +		"WPA: IGTK keyid %d pn %02x%02x%02x%02x%02x%02x",
 +		keyidx, MAC2STR(igtk->pn));
 +	wpa_hexdump_key(MSG_DEBUG, "WPA: IGTK", igtk->igtk, len);
 +	if (keyidx > 4095) {
 +		wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
 +			"WPA: Invalid IGTK KeyID %d", keyidx);
 +		return -1;
 +	}
 +	if (wpa_sm_set_key(sm, wpa_cipher_to_alg(sm->mgmt_group_cipher),
 +			   broadcast_ether_addr,
 +			   keyidx, 0, igtk->pn, sizeof(igtk->pn),
 +			   igtk->igtk, len) < 0) {
 +		wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
 +			"WPA: Failed to configure IGTK to the driver");
 +		return -1;
 +	}
 +
 +	if (wnm_sleep) {
 +		sm->igtk_wnm_sleep.igtk_len = len;
 +		os_memcpy(sm->igtk_wnm_sleep.igtk, igtk->igtk,
 +			  sm->igtk_wnm_sleep.igtk_len);
 +	} else {
 +		sm->igtk.igtk_len = len;
 +		os_memcpy(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len);
 +	}
 +
 +	return 0;
 +}
 +#endif /* CONFIG_IEEE80211W */
 +
 +
  static int ieee80211w_set_keys(struct wpa_sm *sm,
  			       struct wpa_eapol_ie_parse *ie)
  {
 @@ -812,30 +892,14 @@
  	if (ie->igtk) {
  		size_t len;
  		const struct wpa_igtk_kde *igtk;
 -		u16 keyidx;
 +
  		len = wpa_cipher_key_len(sm->mgmt_group_cipher);
  		if (ie->igtk_len != WPA_IGTK_KDE_PREFIX_LEN + len)
  			return -1;
 +
  		igtk = (const struct wpa_igtk_kde *) ie->igtk;
 -		keyidx = WPA_GET_LE16(igtk->keyid);
 -		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: IGTK keyid %d "
 -			"pn %02x%02x%02x%02x%02x%02x",
 -			keyidx, MAC2STR(igtk->pn));
 -		wpa_hexdump_key(MSG_DEBUG, "WPA: IGTK",
 -				igtk->igtk, len);
 -		if (keyidx > 4095) {
 -			wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
 -				"WPA: Invalid IGTK KeyID %d", keyidx);
 +		if (wpa_supplicant_install_igtk(sm, igtk, 0) < 0)
  			return -1;
 -		}
 -		if (wpa_sm_set_key(sm, wpa_cipher_to_alg(sm->mgmt_group_cipher),
 -				   broadcast_ether_addr,
 -				   keyidx, 0, igtk->pn, sizeof(igtk->pn),
 -				   igtk->igtk, len) < 0) {
 -			wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
 -				"WPA: Failed to configure IGTK to the driver");
 -			return -1;
 -		}
  	}

  	return 0;
 @@ -1483,7 +1547,7 @@
  	if (ret)
  		goto failed;

 -	if (wpa_supplicant_install_gtk(sm, &gd, key->key_rsc) ||
 +	if (wpa_supplicant_install_gtk(sm, &gd, key->key_rsc, 0) ||
  	    wpa_supplicant_send_2_of_2(sm, key, ver, key_info))
  		goto failed;
  	os_memset(&gd, 0, sizeof(gd));
 @@ -2251,7 +2315,7 @@
   */
  void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid)
  {
 -	int clear_ptk = 1;
 +	int clear_keys = 1;

  	if (sm == NULL)
  		return;
 @@ -2277,11 +2341,11 @@
  		/* Prepare for the next transition */
  		wpa_ft_prepare_auth_request(sm, NULL);

 -		clear_ptk = 0;
 +		clear_keys = 0;
  	}
  #endif /* CONFIG_IEEE80211R */

 -	if (clear_ptk) {
 +	if (clear_keys) {
  		/*
  		 * IEEE 802.11, 8.4.10: Delete PTK SA on (re)association if
  		 * this is not part of a Fast BSS Transition.
 @@ -2291,6 +2355,12 @@
  		os_memset(&sm->ptk, 0, sizeof(sm->ptk));
  		sm->tptk_set = 0;
  		os_memset(&sm->tptk, 0, sizeof(sm->tptk));
 +		os_memset(&sm->gtk, 0, sizeof(sm->gtk));
 +		os_memset(&sm->gtk_wnm_sleep, 0, sizeof(sm->gtk_wnm_sleep));
 +#ifdef CONFIG_IEEE80211W
 +		os_memset(&sm->igtk, 0, sizeof(sm->igtk));
 +		os_memset(&sm->igtk_wnm_sleep, 0, sizeof(sm->igtk_wnm_sleep));
 +#endif /* CONFIG_IEEE80211W */
  	}

  #ifdef CONFIG_TDLS
 @@ -2322,6 +2392,9 @@
  #ifdef CONFIG_TDLS
  	wpa_tdls_disassoc(sm);
  #endif /* CONFIG_TDLS */
 +#ifdef CONFIG_IEEE80211R
 +	sm->ft_reassoc_completed = 0;
 +#endif /* CONFIG_IEEE80211R */

  	/* Keys are not needed in the WPA state machine anymore */
  	wpa_sm_drop_sa(sm);
 @@ -2807,6 +2880,12 @@
  	os_memset(sm->pmk, 0, sizeof(sm->pmk));
  	os_memset(&sm->ptk, 0, sizeof(sm->ptk));
  	os_memset(&sm->tptk, 0, sizeof(sm->tptk));
 +	os_memset(&sm->gtk, 0, sizeof(sm->gtk));
 +	os_memset(&sm->gtk_wnm_sleep, 0, sizeof(sm->gtk_wnm_sleep));
 +#ifdef CONFIG_IEEE80211W
 +	os_memset(&sm->igtk, 0, sizeof(sm->igtk));
 +	os_memset(&sm->igtk_wnm_sleep, 0, sizeof(sm->igtk_wnm_sleep));
 +#endif /* CONFIG_IEEE80211W */
  #ifdef CONFIG_IEEE80211R
  	os_memset(sm->xxkey, 0, sizeof(sm->xxkey));
  	os_memset(sm->pmk_r0, 0, sizeof(sm->pmk_r0));
 @@ -2870,7 +2949,7 @@

  		wpa_hexdump_key(MSG_DEBUG, "Install GTK (WNM SLEEP)",
  				gd.gtk, gd.gtk_len);
 -		if (wpa_supplicant_install_gtk(sm, &gd, key_rsc)) {
 +		if (wpa_supplicant_install_gtk(sm, &gd, key_rsc, 1)) {
  			os_memset(&gd, 0, sizeof(gd));
  			wpa_printf(MSG_DEBUG, "Failed to install the GTK in "
  				   "WNM mode");
 @@ -2879,29 +2958,11 @@
  		os_memset(&gd, 0, sizeof(gd));
  #ifdef CONFIG_IEEE80211W
  	} else if (subelem_id == WNM_SLEEP_SUBELEM_IGTK) {
 -		struct wpa_igtk_kde igd;
 -		u16 keyidx;
 +		const struct wpa_igtk_kde *igtk;

 -		os_memset(&igd, 0, sizeof(igd));
 -		keylen = wpa_cipher_key_len(sm->mgmt_group_cipher);
 -		os_memcpy(igd.keyid, buf + 2, 2);
 -		os_memcpy(igd.pn, buf + 4, 6);
 -
 -		keyidx = WPA_GET_LE16(igd.keyid);
 -		os_memcpy(igd.igtk, buf + 10, keylen);
 -
 -		wpa_hexdump_key(MSG_DEBUG, "Install IGTK (WNM SLEEP)",
 -				igd.igtk, keylen);
 -		if (wpa_sm_set_key(sm, wpa_cipher_to_alg(sm->mgmt_group_cipher),
 -				   broadcast_ether_addr,
 -				   keyidx, 0, igd.pn, sizeof(igd.pn),
 -				   igd.igtk, keylen) < 0) {
 -			wpa_printf(MSG_DEBUG, "Failed to install the IGTK in "
 -				   "WNM mode");
 -			os_memset(&igd, 0, sizeof(igd));
 +		igtk = (const struct wpa_igtk_kde *) (buf + 2);
 +		if (wpa_supplicant_install_igtk(sm, igtk, 1) < 0)
  			return -1;
 -		}
 -		os_memset(&igd, 0, sizeof(igd));
  #endif /* CONFIG_IEEE80211W */
  	} else {
  		wpa_printf(MSG_DEBUG, "Unknown element id");
 Index: contrib/wpa/src/rsn_supp/wpa_ft.c
 ===================================================================
 --- contrib/wpa/src/rsn_supp/wpa_ft.c	(版本 322342)
 +++ contrib/wpa/src/rsn_supp/wpa_ft.c	(版本 324699)
 @@ -153,6 +153,7 @@
  	u16 capab;

  	sm->ft_completed = 0;
 +	sm->ft_reassoc_completed = 0;

  	buf_len = 2 + sizeof(struct rsn_mdie) + 2 + sizeof(struct rsn_ftie) +
  		2 + sm->r0kh_id_len + ric_ies_len + 100;
 @@ -681,6 +682,11 @@
  		return -1;
  	}

 +	if (sm->ft_reassoc_completed) {
 +		wpa_printf(MSG_DEBUG, "FT: Reassociation has already been completed for this FT protocol instance - ignore unexpected retransmission");
 +		return 0;
 +	}
 +
  	if (wpa_ft_parse_ies(ies, ies_len, &parse) < 0) {
  		wpa_printf(MSG_DEBUG, "FT: Failed to parse IEs");
  		return -1;
 @@ -781,6 +787,8 @@
  		return -1;
  	}

 +	sm->ft_reassoc_completed = 1;
 +
  	if (wpa_ft_process_gtk_subelem(sm, parse.gtk, parse.gtk_len) < 0)
  		return -1;

 Index: contrib/wpa/src/rsn_supp/wpa_i.h
 ===================================================================
 --- contrib/wpa/src/rsn_supp/wpa_i.h	(版本 322342)
 +++ contrib/wpa/src/rsn_supp/wpa_i.h	(版本 324699)
 @@ -30,6 +30,12 @@
  	u8 rx_replay_counter[WPA_REPLAY_COUNTER_LEN];
  	int rx_replay_counter_set;
  	u8 request_counter[WPA_REPLAY_COUNTER_LEN];
 +	struct wpa_gtk gtk;
 +	struct wpa_gtk gtk_wnm_sleep;
 +#ifdef CONFIG_IEEE80211W
 +	struct wpa_igtk igtk;
 +	struct wpa_igtk igtk_wnm_sleep;
 +#endif /* CONFIG_IEEE80211W */

  	struct eapol_sm *eapol; /* EAPOL state machine from upper level code */

 @@ -121,6 +127,7 @@
  	size_t r0kh_id_len;
  	u8 r1kh_id[FT_R1KH_ID_LEN];
  	int ft_completed;
 +	int ft_reassoc_completed;
  	int over_the_ds_in_progress;
  	u8 target_ap[ETH_ALEN]; /* over-the-DS target AP */
  	int set_ptk_after_assoc;
 Index: contrib/wpa/wpa_supplicant/ctrl_iface.c
 ===================================================================
 --- contrib/wpa/wpa_supplicant/ctrl_iface.c	(版本 322342)
 +++ contrib/wpa/wpa_supplicant/ctrl_iface.c	(版本 324699)
 @@ -6891,6 +6891,7 @@
  	}

  	eloop_cancel_timeout(wpas_network_reenabled, wpa_s, NULL);
 +	wpa_s->wnmsleep_used = 0;
  }


 Index: contrib/wpa/wpa_supplicant/events.c
 ===================================================================
 --- contrib/wpa/wpa_supplicant/events.c	(版本 322342)
 +++ contrib/wpa/wpa_supplicant/events.c	(版本 324699)
 @@ -303,6 +303,7 @@
  	wpa_s->key_mgmt = 0;

  	wpas_rrm_reset(wpa_s);
 +	wpa_s->wnmsleep_used = 0;
  }


 Index: contrib/wpa/wpa_supplicant/wnm_sta.c
 ===================================================================
 --- contrib/wpa/wpa_supplicant/wnm_sta.c	(版本 322342)
 +++ contrib/wpa/wpa_supplicant/wnm_sta.c	(版本 324699)
 @@ -137,6 +137,8 @@
  	if (res < 0)
  		wpa_printf(MSG_DEBUG, "Failed to send WNM-Sleep Request "
  			   "(action=%d, intval=%d)", action, intval);
 +	else
 +		wpa_s->wnmsleep_used = 1;

  	os_free(wnmsleep_ie);
  	os_free(wnmtfs_ie);
 @@ -187,6 +189,12 @@
  	end = ptr + key_len_total;
  	wpa_hexdump_key(MSG_DEBUG, "WNM: Key Data", ptr, key_len_total);

 +	if (key_len_total && !wpa_sm_pmf_enabled(wpa_s->wpa)) {
 +		wpa_msg(wpa_s, MSG_INFO,
 +			"WNM: Ignore Key Data in WNM-Sleep Mode Response - PMF not enabled");
 +		return;
 +	}
 +
  	while (ptr + 1 < end) {
  		if (ptr + 2 + ptr[1] > end) {
  			wpa_printf(MSG_DEBUG, "WNM: Invalid Key Data element "
 @@ -247,6 +255,12 @@
  	u8 *tfsresp_ie_end = NULL;
  	size_t left;

 +	if (!wpa_s->wnmsleep_used) {
 +		wpa_printf(MSG_DEBUG,
 +			   "WNM: Ignore WNM-Sleep Mode Response frame since WNM-Sleep Mode operation has not been requested");
 +		return;
 +	}
 +
  	if (len < 3)
  		return;
  	key_len_total = WPA_GET_LE16(frm + 1);
 @@ -282,6 +296,8 @@
  		return;
  	}

 +	wpa_s->wnmsleep_used = 0;
 +
  	if (wnmsleep_ie->status == WNM_STATUS_SLEEP_ACCEPT ||
  	    wnmsleep_ie->status == WNM_STATUS_SLEEP_EXIT_ACCEPT_GTK_UPDATE) {
  		wpa_printf(MSG_DEBUG, "Successfully recv WNM-Sleep Response "
 Index: contrib/wpa/wpa_supplicant/wpa_supplicant_i.h
 ===================================================================
 --- contrib/wpa/wpa_supplicant/wpa_supplicant_i.h	(版本 322342)
 +++ contrib/wpa/wpa_supplicant/wpa_supplicant_i.h	(版本 324699)
 @@ -658,6 +658,7 @@
  	unsigned int reattach:1; /* reassociation to the same BSS requested */
  	unsigned int mac_addr_changed:1;
  	unsigned int added_vif:1;
 +	unsigned int wnmsleep_used:1;

  	struct os_reltime last_mac_addr_change;
  	int last_mac_addr_style;
 Index: sys/conf/newvers.sh
 ===================================================================
 --- sys/conf/newvers.sh	(版本 322342)
 +++ sys/conf/newvers.sh	(版本 324699)
 @@ -44,7 +44,7 @@

  TYPE="FreeBSD"
  REVISION="11.1"
 -BRANCH="RELEASE-p1"
 +BRANCH="RELEASE-p2"
  if [ -n "${BRANCH_OVERRIDE}" ]; then
  	BRANCH=${BRANCH_OVERRIDE}
  fi
	Index: UPDATING
	===================================================================
	--- UPDATING (版本 322342)
	+++ UPDATING (版本 324699)
	@@ -16,6 +16,10 @@
	the tip of head, and then rebuild without this option. The bootstrap process
	from older version of current across the gcc/clang cutover is a bit fragile.

	+20171017 p13 FreeBSD-SA-17:07.wpa
	+
	+ Fix WPA2 protocol vulnerability. [SA-17:07]
	+
	20170810 p1 FreeBSD-SA-17:06.openssh
	FreeBSD-EN-17:07.vnet
	FreeBSD-EN-17:08.pf
	Index: contrib/wpa/src/ap/wpa_auth.c
	===================================================================
	--- contrib/wpa/src/ap/wpa_auth.c (版本 322342)
	+++ contrib/wpa/src/ap/wpa_auth.c (版本 324699)
	@@ -1893,6 +1893,21 @@
	}


	+static int wpa_auth_sm_ptk_update(struct wpa_state_machine *sm)
	+{
	+ if (random_get_bytes(sm->ANonce, WPA_NONCE_LEN)) {
	+ wpa_printf(MSG_ERROR,
	+ "WPA: Failed to get random data for ANonce");
	+ sm->Disconnect = TRUE;
	+ return -1;
	+ }
	+ wpa_hexdump(MSG_DEBUG, "WPA: Assign new ANonce", sm->ANonce,
	+ WPA_NONCE_LEN);
	+ sm->TimeoutCtr = 0;
	+ return 0;
	+}
	+
	+
	SM_STATE(WPA_PTK, INITPMK)
	{
	u8 msk[2 * PMK_LEN];
	@@ -2414,9 +2429,12 @@
	SM_ENTER(WPA_PTK, AUTHENTICATION);
	else if (sm->ReAuthenticationRequest)
	SM_ENTER(WPA_PTK, AUTHENTICATION2);
	- else if (sm->PTKRequest)
	- SM_ENTER(WPA_PTK, PTKSTART);
	- else switch (sm->wpa_ptk_state) {
	+ else if (sm->PTKRequest) {
	+ if (wpa_auth_sm_ptk_update(sm) < 0)
	+ SM_ENTER(WPA_PTK, DISCONNECTED);
	+ else
	+ SM_ENTER(WPA_PTK, PTKSTART);
	+ } else switch (sm->wpa_ptk_state) {
	case WPA_PTK_INITIALIZE:
	break;
	case WPA_PTK_DISCONNECT:
	@@ -3209,6 +3227,14 @@
	}


	+int wpa_auth_sta_ft_tk_already_set(struct wpa_state_machine *sm)
	+{
	+ if (!sm \|\| !wpa_key_mgmt_ft(sm->wpa_key_mgmt))
	+ return 0;
	+ return sm->tk_already_set;
	+}
	+
	+
	int wpa_auth_sta_clear_pmksa(struct wpa_state_machine *sm,
	struct rsn_pmksa_cache_entry *entry)
	{
	Index: contrib/wpa/src/ap/wpa_auth.h
	===================================================================
	--- contrib/wpa/src/ap/wpa_auth.h (版本 322342)
	+++ contrib/wpa/src/ap/wpa_auth.h (版本 324699)
	@@ -271,6 +271,7 @@
	int wpa_auth_get_pairwise(struct wpa_state_machine *sm);
	int wpa_auth_sta_key_mgmt(struct wpa_state_machine *sm);
	int wpa_auth_sta_wpa_version(struct wpa_state_machine *sm);
	+int wpa_auth_sta_ft_tk_already_set(struct wpa_state_machine *sm);
	int wpa_auth_sta_clear_pmksa(struct wpa_state_machine *sm,
	struct rsn_pmksa_cache_entry *entry);
	struct rsn_pmksa_cache_entry *
	Index: contrib/wpa/src/ap/wpa_auth_ft.c
	===================================================================
	--- contrib/wpa/src/ap/wpa_auth_ft.c (版本 322342)
	+++ contrib/wpa/src/ap/wpa_auth_ft.c (版本 324699)
	@@ -780,6 +780,14 @@
	return;
	}

	+ if (sm->tk_already_set) {
	+ /* Must avoid TK reconfiguration to prevent clearing of TX/RX
	+ * PN in the driver */
	+ wpa_printf(MSG_DEBUG,
	+ "FT: Do not re-install same PTK to the driver");
	+ return;
	+ }
	+
	/* FIX: add STA entry to kernel/driver here? The set_key will fail
	* most likely without this.. At the moment, STA entry is added only
	* after association has been completed. This function will be called
	@@ -792,6 +800,7 @@

	/* FIX: MLME-SetProtection.Request(TA, Tx_Rx) */
	sm->pairwise_set = TRUE;
	+ sm->tk_already_set = TRUE;
	}


	@@ -898,6 +907,7 @@

	sm->pairwise = pairwise;
	sm->PTK_valid = TRUE;
	+ sm->tk_already_set = FALSE;
	wpa_ft_install_ptk(sm);

	buflen = 2 + sizeof(struct rsn_mdie) + 2 + sizeof(struct rsn_ftie) +
	Index: contrib/wpa/src/ap/wpa_auth_i.h
	===================================================================
	--- contrib/wpa/src/ap/wpa_auth_i.h (版本 322342)
	+++ contrib/wpa/src/ap/wpa_auth_i.h (版本 324699)
	@@ -64,6 +64,7 @@
	struct wpa_ptk PTK;
	Boolean PTK_valid;
	Boolean pairwise_set;
	+ Boolean tk_already_set;
	int keycount;
	Boolean Pair;
	struct wpa_key_replay_counter {
	Index: contrib/wpa/src/common/wpa_common.h
	===================================================================
	--- contrib/wpa/src/common/wpa_common.h (版本 322342)
	+++ contrib/wpa/src/common/wpa_common.h (版本 324699)
	@@ -213,9 +213,21 @@
	size_t kck_len;
	size_t kek_len;
	size_t tk_len;
	+ int installed; /* 1 if key has already been installed to driver */
	};

	+struct wpa_gtk {
	+ u8 gtk[WPA_GTK_MAX_LEN];
	+ size_t gtk_len;
	+};

	+#ifdef CONFIG_IEEE80211W
	+struct wpa_igtk {
	+ u8 igtk[WPA_IGTK_MAX_LEN];
	+ size_t igtk_len;
	+};
	+#endif /* CONFIG_IEEE80211W */
	+
	/* WPA IE version 1
	* 00-50-f2:1 (OUI:OUI type)
	* 0x01 0x00 (version; little endian)
	Index: contrib/wpa/src/rsn_supp/tdls.c
	===================================================================
	--- contrib/wpa/src/rsn_supp/tdls.c (版本 322342)
	+++ contrib/wpa/src/rsn_supp/tdls.c (版本 324699)
	@@ -112,6 +112,7 @@
	u8 tk[16]; /* TPK-TK; assuming only CCMP will be used */
	} tpk;
	int tpk_set;
	+ int tk_set; /* TPK-TK configured to the driver */
	int tpk_success;
	int tpk_in_progress;

	@@ -192,6 +193,20 @@
	u8 rsc[6];
	enum wpa_alg alg;

	+ if (peer->tk_set) {
	+ /*
	+ * This same TPK-TK has already been configured to the driver
	+ * and this new configuration attempt (likely due to an
	+ * unexpected retransmitted frame) would result in clearing
	+ * the TX/RX sequence number which can break security, so must
	+ * not allow that to happen.
	+ */
	+ wpa_printf(MSG_INFO, "TDLS: TPK-TK for the peer " MACSTR
	+ " has already been configured to the driver - do not reconfigure",
	+ MAC2STR(peer->addr));
	+ return -1;
	+ }
	+
	os_memset(rsc, 0, 6);

	switch (peer->cipher) {
	@@ -209,6 +224,8 @@
	return -1;
	}

	+ wpa_printf(MSG_DEBUG, "TDLS: Configure pairwise key for peer " MACSTR,
	+ MAC2STR(peer->addr));
	if (wpa_sm_set_key(sm, alg, peer->addr, -1, 1,
	rsc, sizeof(rsc), peer->tpk.tk, key_len) < 0) {
	wpa_printf(MSG_WARNING, "TDLS: Failed to set TPK to the "
	@@ -215,6 +232,7 @@
	"driver");
	return -1;
	}
	+ peer->tk_set = 1;
	return 0;
	}

	@@ -690,7 +708,7 @@
	peer->cipher = 0;
	peer->qos_info = 0;
	peer->wmm_capable = 0;
	- peer->tpk_set = peer->tpk_success = 0;
	+ peer->tk_set = peer->tpk_set = peer->tpk_success = 0;
	peer->chan_switch_enabled = 0;
	os_memset(&peer->tpk, 0, sizeof(peer->tpk));
	os_memset(peer->inonce, 0, WPA_NONCE_LEN);
	@@ -1153,6 +1171,7 @@
	wpa_tdls_peer_free(sm, peer);
	return -1;
	}
	+ peer->tk_set = 0; /* A new nonce results in a new TK */
	wpa_hexdump(MSG_DEBUG, "TDLS: Initiator Nonce for TPK handshake",
	peer->inonce, WPA_NONCE_LEN);
	os_memcpy(ftie->Snonce, peer->inonce, WPA_NONCE_LEN);
	@@ -1745,6 +1764,19 @@
	}


	+static int tdls_nonce_set(const u8 *nonce)
	+{
	+ int i;
	+
	+ for (i = 0; i < WPA_NONCE_LEN; i++) {
	+ if (nonce[i])
	+ return 1;
	+ }
	+
	+ return 0;
	+}
	+
	+
	static int wpa_tdls_process_tpk_m1(struct wpa_sm sm, const u8 src_addr,
	const u8 *buf, size_t len)
	{
	@@ -1998,7 +2030,8 @@
	peer->rsnie_i_len = kde.rsn_ie_len;
	peer->cipher = cipher;

	- if (os_memcmp(peer->inonce, ftie->Snonce, WPA_NONCE_LEN) != 0) {
	+ if (os_memcmp(peer->inonce, ftie->Snonce, WPA_NONCE_LEN) != 0 \|\|
	+ !tdls_nonce_set(peer->inonce)) {
	/*
	* There is no point in updating the RNonce for every obtained
	* TPK M1 frame (e.g., retransmission due to timeout) with the
	@@ -2014,6 +2047,7 @@
	"TDLS: Failed to get random data for responder nonce");
	goto error;
	}
	+ peer->tk_set = 0; /* A new nonce results in a new TK */
	}

	#if 0
	@@ -2170,6 +2204,14 @@
	"ignore TPK M2 from " MACSTR, MAC2STR(src_addr));
	return -1;
	}
	+
	+ if (peer->tpk_success) {
	+ wpa_printf(MSG_INFO, "TDLS: Ignore incoming TPK M2 retry, from "
	+ MACSTR " as TPK M3 was already sent",
	+ MAC2STR(src_addr));
	+ return 0;
	+ }
	+
	wpa_tdls_tpk_retry_timeout_cancel(sm, peer, WLAN_TDLS_SETUP_REQUEST);

	if (len < 3 + 2 + 1) {
	Index: contrib/wpa/src/rsn_supp/wpa.c
	===================================================================
	--- contrib/wpa/src/rsn_supp/wpa.c (版本 322342)
	+++ contrib/wpa/src/rsn_supp/wpa.c (版本 324699)
	@@ -605,6 +605,12 @@
	const u8 *key_rsc;
	u8 null_rsc[8] = { 0, 0, 0, 0, 0, 0, 0, 0 };

	+ if (sm->ptk.installed) {
	+ wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
	+ "WPA: Do not re-install same PTK to the driver");
	+ return 0;
	+ }
	+
	wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
	"WPA: Installing PTK to the driver");

	@@ -643,6 +649,7 @@

	/* TK is not needed anymore in supplicant */
	os_memset(sm->ptk.tk, 0, WPA_TK_MAX_LEN);
	+ sm->ptk.installed = 1;

	if (sm->wpa_ptk_rekey) {
	eloop_cancel_timeout(wpa_sm_rekey_ptk, sm, NULL);
	@@ -692,11 +699,23 @@

	static int wpa_supplicant_install_gtk(struct wpa_sm *sm,
	const struct wpa_gtk_data *gd,
	- const u8 *key_rsc)
	+ const u8 *key_rsc, int wnm_sleep)
	{
	const u8 *_gtk = gd->gtk;
	u8 gtk_buf[32];

	+ /* Detect possible key reinstallation */
	+ if ((sm->gtk.gtk_len == (size_t) gd->gtk_len &&
	+ os_memcmp(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len) == 0) \|\|
	+ (sm->gtk_wnm_sleep.gtk_len == (size_t) gd->gtk_len &&
	+ os_memcmp(sm->gtk_wnm_sleep.gtk, gd->gtk,
	+ sm->gtk_wnm_sleep.gtk_len) == 0)) {
	+ wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
	+ "WPA: Not reinstalling already in-use GTK to the driver (keyidx=%d tx=%d len=%d)",
	+ gd->keyidx, gd->tx, gd->gtk_len);
	+ return 0;
	+ }
	+
	wpa_hexdump_key(MSG_DEBUG, "WPA: Group Key", gd->gtk, gd->gtk_len);
	wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
	"WPA: Installing GTK to the driver (keyidx=%d tx=%d len=%d)",
	@@ -731,6 +750,15 @@
	}
	os_memset(gtk_buf, 0, sizeof(gtk_buf));

	+ if (wnm_sleep) {
	+ sm->gtk_wnm_sleep.gtk_len = gd->gtk_len;
	+ os_memcpy(sm->gtk_wnm_sleep.gtk, gd->gtk,
	+ sm->gtk_wnm_sleep.gtk_len);
	+ } else {
	+ sm->gtk.gtk_len = gd->gtk_len;
	+ os_memcpy(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len);
	+ }
	+
	return 0;
	}

	@@ -788,7 +816,7 @@
	(wpa_supplicant_check_group_cipher(sm, sm->group_cipher,
	gtk_len, gtk_len,
	&gd.key_rsc_len, &gd.alg) \|\|
	- wpa_supplicant_install_gtk(sm, &gd, key->key_rsc))) {
	+ wpa_supplicant_install_gtk(sm, &gd, key->key_rsc, 0))) {
	wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
	"RSN: Failed to install GTK");
	os_memset(&gd, 0, sizeof(gd));
	@@ -802,6 +830,58 @@
	}


	+#ifdef CONFIG_IEEE80211W
	+static int wpa_supplicant_install_igtk(struct wpa_sm *sm,
	+ const struct wpa_igtk_kde *igtk,
	+ int wnm_sleep)
	+{
	+ size_t len = wpa_cipher_key_len(sm->mgmt_group_cipher);
	+ u16 keyidx = WPA_GET_LE16(igtk->keyid);
	+
	+ /* Detect possible key reinstallation */
	+ if ((sm->igtk.igtk_len == len &&
	+ os_memcmp(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len) == 0) \|\|
	+ (sm->igtk_wnm_sleep.igtk_len == len &&
	+ os_memcmp(sm->igtk_wnm_sleep.igtk, igtk->igtk,
	+ sm->igtk_wnm_sleep.igtk_len) == 0)) {
	+ wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
	+ "WPA: Not reinstalling already in-use IGTK to the driver (keyidx=%d)",
	+ keyidx);
	+ return 0;
	+ }
	+
	+ wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
	+ "WPA: IGTK keyid %d pn %02x%02x%02x%02x%02x%02x",
	+ keyidx, MAC2STR(igtk->pn));
	+ wpa_hexdump_key(MSG_DEBUG, "WPA: IGTK", igtk->igtk, len);
	+ if (keyidx > 4095) {
	+ wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
	+ "WPA: Invalid IGTK KeyID %d", keyidx);
	+ return -1;
	+ }
	+ if (wpa_sm_set_key(sm, wpa_cipher_to_alg(sm->mgmt_group_cipher),
	+ broadcast_ether_addr,
	+ keyidx, 0, igtk->pn, sizeof(igtk->pn),
	+ igtk->igtk, len) < 0) {
	+ wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
	+ "WPA: Failed to configure IGTK to the driver");
	+ return -1;
	+ }
	+
	+ if (wnm_sleep) {
	+ sm->igtk_wnm_sleep.igtk_len = len;
	+ os_memcpy(sm->igtk_wnm_sleep.igtk, igtk->igtk,
	+ sm->igtk_wnm_sleep.igtk_len);
	+ } else {
	+ sm->igtk.igtk_len = len;
	+ os_memcpy(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len);
	+ }
	+
	+ return 0;
	+}
	+#endif /* CONFIG_IEEE80211W */
	+
	+
	static int ieee80211w_set_keys(struct wpa_sm *sm,
	struct wpa_eapol_ie_parse *ie)
	{
	@@ -812,30 +892,14 @@
	if (ie->igtk) {
	size_t len;
	const struct wpa_igtk_kde *igtk;
	- u16 keyidx;
	+
	len = wpa_cipher_key_len(sm->mgmt_group_cipher);
	if (ie->igtk_len != WPA_IGTK_KDE_PREFIX_LEN + len)
	return -1;
	+
	igtk = (const struct wpa_igtk_kde *) ie->igtk;
	- keyidx = WPA_GET_LE16(igtk->keyid);
	- wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: IGTK keyid %d "
	- "pn %02x%02x%02x%02x%02x%02x",
	- keyidx, MAC2STR(igtk->pn));
	- wpa_hexdump_key(MSG_DEBUG, "WPA: IGTK",
	- igtk->igtk, len);
	- if (keyidx > 4095) {
	- wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
	- "WPA: Invalid IGTK KeyID %d", keyidx);
	+ if (wpa_supplicant_install_igtk(sm, igtk, 0) < 0)
	return -1;
	- }
	- if (wpa_sm_set_key(sm, wpa_cipher_to_alg(sm->mgmt_group_cipher),
	- broadcast_ether_addr,
	- keyidx, 0, igtk->pn, sizeof(igtk->pn),
	- igtk->igtk, len) < 0) {
	- wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
	- "WPA: Failed to configure IGTK to the driver");
	- return -1;
	- }
	}

	return 0;
	@@ -1483,7 +1547,7 @@
	if (ret)
	goto failed;

	- if (wpa_supplicant_install_gtk(sm, &gd, key->key_rsc) \|\|
	+ if (wpa_supplicant_install_gtk(sm, &gd, key->key_rsc, 0) \|\|
	wpa_supplicant_send_2_of_2(sm, key, ver, key_info))
	goto failed;
	os_memset(&gd, 0, sizeof(gd));
	@@ -2251,7 +2315,7 @@
	*/
	void wpa_sm_notify_assoc(struct wpa_sm sm, const u8 bssid)
	{
	- int clear_ptk = 1;
	+ int clear_keys = 1;

	if (sm == NULL)
	return;
	@@ -2277,11 +2341,11 @@
	/* Prepare for the next transition */
	wpa_ft_prepare_auth_request(sm, NULL);

	- clear_ptk = 0;
	+ clear_keys = 0;
	}
	#endif /* CONFIG_IEEE80211R */

	- if (clear_ptk) {
	+ if (clear_keys) {
	/*
	* IEEE 802.11, 8.4.10: Delete PTK SA on (re)association if
	* this is not part of a Fast BSS Transition.
	@@ -2291,6 +2355,12 @@
	os_memset(&sm->ptk, 0, sizeof(sm->ptk));
	sm->tptk_set = 0;
	os_memset(&sm->tptk, 0, sizeof(sm->tptk));
	+ os_memset(&sm->gtk, 0, sizeof(sm->gtk));
	+ os_memset(&sm->gtk_wnm_sleep, 0, sizeof(sm->gtk_wnm_sleep));
	+#ifdef CONFIG_IEEE80211W
	+ os_memset(&sm->igtk, 0, sizeof(sm->igtk));
	+ os_memset(&sm->igtk_wnm_sleep, 0, sizeof(sm->igtk_wnm_sleep));
	+#endif /* CONFIG_IEEE80211W */
	}

	#ifdef CONFIG_TDLS
	@@ -2322,6 +2392,9 @@
	#ifdef CONFIG_TDLS
	wpa_tdls_disassoc(sm);
	#endif /* CONFIG_TDLS */
	+#ifdef CONFIG_IEEE80211R
	+ sm->ft_reassoc_completed = 0;
	+#endif /* CONFIG_IEEE80211R */

	/* Keys are not needed in the WPA state machine anymore */
	wpa_sm_drop_sa(sm);
	@@ -2807,6 +2880,12 @@
	os_memset(sm->pmk, 0, sizeof(sm->pmk));
	os_memset(&sm->ptk, 0, sizeof(sm->ptk));
	os_memset(&sm->tptk, 0, sizeof(sm->tptk));
	+ os_memset(&sm->gtk, 0, sizeof(sm->gtk));
	+ os_memset(&sm->gtk_wnm_sleep, 0, sizeof(sm->gtk_wnm_sleep));
	+#ifdef CONFIG_IEEE80211W
	+ os_memset(&sm->igtk, 0, sizeof(sm->igtk));
	+ os_memset(&sm->igtk_wnm_sleep, 0, sizeof(sm->igtk_wnm_sleep));
	+#endif /* CONFIG_IEEE80211W */
	#ifdef CONFIG_IEEE80211R
	os_memset(sm->xxkey, 0, sizeof(sm->xxkey));
	os_memset(sm->pmk_r0, 0, sizeof(sm->pmk_r0));
	@@ -2870,7 +2949,7 @@

	wpa_hexdump_key(MSG_DEBUG, "Install GTK (WNM SLEEP)",
	gd.gtk, gd.gtk_len);
	- if (wpa_supplicant_install_gtk(sm, &gd, key_rsc)) {
	+ if (wpa_supplicant_install_gtk(sm, &gd, key_rsc, 1)) {
	os_memset(&gd, 0, sizeof(gd));
	wpa_printf(MSG_DEBUG, "Failed to install the GTK in "
	"WNM mode");
	@@ -2879,29 +2958,11 @@
	os_memset(&gd, 0, sizeof(gd));
	#ifdef CONFIG_IEEE80211W
	} else if (subelem_id == WNM_SLEEP_SUBELEM_IGTK) {
	- struct wpa_igtk_kde igd;
	- u16 keyidx;
	+ const struct wpa_igtk_kde *igtk;

	- os_memset(&igd, 0, sizeof(igd));
	- keylen = wpa_cipher_key_len(sm->mgmt_group_cipher);
	- os_memcpy(igd.keyid, buf + 2, 2);
	- os_memcpy(igd.pn, buf + 4, 6);
	-
	- keyidx = WPA_GET_LE16(igd.keyid);
	- os_memcpy(igd.igtk, buf + 10, keylen);
	-
	- wpa_hexdump_key(MSG_DEBUG, "Install IGTK (WNM SLEEP)",
	- igd.igtk, keylen);
	- if (wpa_sm_set_key(sm, wpa_cipher_to_alg(sm->mgmt_group_cipher),
	- broadcast_ether_addr,
	- keyidx, 0, igd.pn, sizeof(igd.pn),
	- igd.igtk, keylen) < 0) {
	- wpa_printf(MSG_DEBUG, "Failed to install the IGTK in "
	- "WNM mode");
	- os_memset(&igd, 0, sizeof(igd));
	+ igtk = (const struct wpa_igtk_kde *) (buf + 2);
	+ if (wpa_supplicant_install_igtk(sm, igtk, 1) < 0)
	return -1;
	- }
	- os_memset(&igd, 0, sizeof(igd));
	#endif /* CONFIG_IEEE80211W */
	} else {
	wpa_printf(MSG_DEBUG, "Unknown element id");
	Index: contrib/wpa/src/rsn_supp/wpa_ft.c
	===================================================================
	--- contrib/wpa/src/rsn_supp/wpa_ft.c (版本 322342)
	+++ contrib/wpa/src/rsn_supp/wpa_ft.c (版本 324699)
	@@ -153,6 +153,7 @@
	u16 capab;

	sm->ft_completed = 0;
	+ sm->ft_reassoc_completed = 0;

	buf_len = 2 + sizeof(struct rsn_mdie) + 2 + sizeof(struct rsn_ftie) +
	2 + sm->r0kh_id_len + ric_ies_len + 100;
	@@ -681,6 +682,11 @@
	return -1;
	}

	+ if (sm->ft_reassoc_completed) {
	+ wpa_printf(MSG_DEBUG, "FT: Reassociation has already been completed for this FT protocol instance - ignore unexpected retransmission");
	+ return 0;
	+ }
	+
	if (wpa_ft_parse_ies(ies, ies_len, &parse) < 0) {
	wpa_printf(MSG_DEBUG, "FT: Failed to parse IEs");
	return -1;
	@@ -781,6 +787,8 @@
	return -1;
	}

	+ sm->ft_reassoc_completed = 1;
	+
	if (wpa_ft_process_gtk_subelem(sm, parse.gtk, parse.gtk_len) < 0)
	return -1;

	Index: contrib/wpa/src/rsn_supp/wpa_i.h
	===================================================================
	--- contrib/wpa/src/rsn_supp/wpa_i.h (版本 322342)
	+++ contrib/wpa/src/rsn_supp/wpa_i.h (版本 324699)
	@@ -30,6 +30,12 @@
	u8 rx_replay_counter[WPA_REPLAY_COUNTER_LEN];
	int rx_replay_counter_set;
	u8 request_counter[WPA_REPLAY_COUNTER_LEN];
	+ struct wpa_gtk gtk;
	+ struct wpa_gtk gtk_wnm_sleep;
	+#ifdef CONFIG_IEEE80211W
	+ struct wpa_igtk igtk;
	+ struct wpa_igtk igtk_wnm_sleep;
	+#endif /* CONFIG_IEEE80211W */

	struct eapol_sm eapol; / EAPOL state machine from upper level code */

	@@ -121,6 +127,7 @@
	size_t r0kh_id_len;
	u8 r1kh_id[FT_R1KH_ID_LEN];
	int ft_completed;
	+ int ft_reassoc_completed;
	int over_the_ds_in_progress;
	u8 target_ap[ETH_ALEN]; /* over-the-DS target AP */
	int set_ptk_after_assoc;
	Index: contrib/wpa/wpa_supplicant/ctrl_iface.c
	===================================================================
	--- contrib/wpa/wpa_supplicant/ctrl_iface.c (版本 322342)
	+++ contrib/wpa/wpa_supplicant/ctrl_iface.c (版本 324699)
	@@ -6891,6 +6891,7 @@
	}

	eloop_cancel_timeout(wpas_network_reenabled, wpa_s, NULL);
	+ wpa_s->wnmsleep_used = 0;
	}


	Index: contrib/wpa/wpa_supplicant/events.c
	===================================================================
	--- contrib/wpa/wpa_supplicant/events.c (版本 322342)
	+++ contrib/wpa/wpa_supplicant/events.c (版本 324699)
	@@ -303,6 +303,7 @@
	wpa_s->key_mgmt = 0;

	wpas_rrm_reset(wpa_s);
	+ wpa_s->wnmsleep_used = 0;
	}


	Index: contrib/wpa/wpa_supplicant/wnm_sta.c
	===================================================================
	--- contrib/wpa/wpa_supplicant/wnm_sta.c (版本 322342)
	+++ contrib/wpa/wpa_supplicant/wnm_sta.c (版本 324699)
	@@ -137,6 +137,8 @@
	if (res < 0)
	wpa_printf(MSG_DEBUG, "Failed to send WNM-Sleep Request "
	"(action=%d, intval=%d)", action, intval);
	+ else
	+ wpa_s->wnmsleep_used = 1;

	os_free(wnmsleep_ie);
	os_free(wnmtfs_ie);
	@@ -187,6 +189,12 @@
	end = ptr + key_len_total;
	wpa_hexdump_key(MSG_DEBUG, "WNM: Key Data", ptr, key_len_total);

	+ if (key_len_total && !wpa_sm_pmf_enabled(wpa_s->wpa)) {
	+ wpa_msg(wpa_s, MSG_INFO,
	+ "WNM: Ignore Key Data in WNM-Sleep Mode Response - PMF not enabled");
	+ return;
	+ }
	+
	while (ptr + 1 < end) {
	if (ptr + 2 + ptr[1] > end) {
	wpa_printf(MSG_DEBUG, "WNM: Invalid Key Data element "
	@@ -247,6 +255,12 @@
	u8 *tfsresp_ie_end = NULL;
	size_t left;

	+ if (!wpa_s->wnmsleep_used) {
	+ wpa_printf(MSG_DEBUG,
	+ "WNM: Ignore WNM-Sleep Mode Response frame since WNM-Sleep Mode operation has not been requested");
	+ return;
	+ }
	+
	if (len < 3)
	return;
	key_len_total = WPA_GET_LE16(frm + 1);
	@@ -282,6 +296,8 @@
	return;
	}

	+ wpa_s->wnmsleep_used = 0;
	+
	if (wnmsleep_ie->status == WNM_STATUS_SLEEP_ACCEPT \|\|
	wnmsleep_ie->status == WNM_STATUS_SLEEP_EXIT_ACCEPT_GTK_UPDATE) {
	wpa_printf(MSG_DEBUG, "Successfully recv WNM-Sleep Response "
	Index: contrib/wpa/wpa_supplicant/wpa_supplicant_i.h
	===================================================================
	--- contrib/wpa/wpa_supplicant/wpa_supplicant_i.h (版本 322342)
	+++ contrib/wpa/wpa_supplicant/wpa_supplicant_i.h (版本 324699)
	@@ -658,6 +658,7 @@
	unsigned int reattach:1; /* reassociation to the same BSS requested */
	unsigned int mac_addr_changed:1;
	unsigned int added_vif:1;
	+ unsigned int wnmsleep_used:1;

	struct os_reltime last_mac_addr_change;
	int last_mac_addr_style;
	Index: sys/conf/newvers.sh
	===================================================================
	--- sys/conf/newvers.sh (版本 322342)
	+++ sys/conf/newvers.sh (版本 324699)
	@@ -44,7 +44,7 @@

	TYPE="FreeBSD"
	REVISION="11.1"
	-BRANCH="RELEASE-p1"
	+BRANCH="RELEASE-p2"
	if [ -n "${BRANCH_OVERRIDE}" ]; then
	BRANCH=${BRANCH_OVERRIDE}
	fi