All of lore.kernel.org
 help / color / mirror / Atom feed
From: Sergey Matyukevich <geomatsi@gmail.com>
To: Yegor Yefremov <yegorslists@googlemail.com>
Cc: Matt Weber <matthew.weber@collins.com>,
	buildroot <buildroot@buildroot.org>
Subject: Re: [Buildroot] [PATCH 1/2] package/wpa_supplicant: bump version to 2.10
Date: Tue, 1 Feb 2022 13:46:15 +0300	[thread overview]
Message-ID: <YfkPd6po3cYygwok@curiosity> (raw)
In-Reply-To: <CAGm1_kse4gtvY0pMo+12RoFMM_u09LwLq6RW42HMv_jfjK4N=w@mail.gmail.com>

> Hi Sergey,
> 
> On Tue, Feb 1, 2022 at 9:53 AM Sergey Matyukevich <geomatsi@gmail.com> wrote:
> >
> > Hi Yegor,
> >
> > > On Mon, Jan 31, 2022 at 9:38 PM Sergey Matyukevich <geomatsi@gmail.com> wrote:
> > > >
> > > > Hello Yegor,
> > > >
> > > > > Hi Sergey,
> > > > >
> > > > > On Mon, Jan 31, 2022 at 8:48 PM Sergey Matyukevich <geomatsi@gmail.com> wrote:
> > > > > >
> > > > > > Update wpa_supplicant to the latest release v2.10. Drop all the patches
> > > > > > as they have already been upstreamed. Remove from .mk file all the
> > > > > > WPA_SUPPLICANT_IGNORE_CVES records since those CVEs will not be
> > > > > > reported against the new version.
> > > > > >
> > > > > > Signed-off-by: Sergey Matyukevich <geomatsi@gmail.com>
> > > >
> > > > ...
> > > >
> > > > > Have you tried to build wpa_supplicant without
> > > > > BR2_PACKAGE_WPA_SUPPLICANT_WPA3 and enabled
> > > > > BR2_PACKAGE_WPA_SUPPLICANT_MESH_NETWORKING? I've got a linking error.
> > > > > I have also sent a quick and dirty patch to the hostap mailing list
> > > > > [1] but still got no answer.
> > > > >
> > > > > [1] http://lists.infradead.org/pipermail/hostap/2022-January/040181.html
> > > >
> > > > So far I have not observed that problem. I think we can handle it
> > > > independently from the revision update, adding fixup patches if needed.
> > > >
> > > > I tried to reproduce it using the following wpa_supplicant configuration:
> > > >
> > > > BR2_PACKAGE_WPA_SUPPLICANT=y
> > > > BR2_PACKAGE_WPA_SUPPLICANT_NL80211=y
> > > > BR2_PACKAGE_WPA_SUPPLICANT_AP_SUPPORT=y
> > > > BR2_PACKAGE_WPA_SUPPLICANT_MESH_NETWORKING=y
> > > >
> > > > However build succeeded. Could you please post your wpa_supplicant
> > > > configuration snippet ? Probably the root cause is in openssl and some
> > > > of its features need to be enabled in package/wpa_supplicant/Config.in.
> > >
> > > I have pinned it down:
> > >
> > > BR2_PACKAGE_WPA_SUPPLICANT=y
> > > BR2_PACKAGE_WPA_SUPPLICANT_NL80211=y
> > > BR2_PACKAGE_WPA_SUPPLICANT_AP_SUPPORT=y
> > > BR2_PACKAGE_WPA_SUPPLICANT_MESH_NETWORKING=y
> > > BR2_PACKAGE_WPA_SUPPLICANT_EAP=y
> > >
> > > It is BR2_PACKAGE_WPA_SUPPLICANT_EAP option the selects NEED_SHA384.
> >
> > Thanks ! I reproduced the problem using your wpa_supplicant config snippet.
> > Looking into Makefile of wpa_supplicant:
> > - CONFIG_MESH for some reason needs SAE, so it enables CONFIG_SAE
> > - CONFIG_SAE enables only HMAC_SHA256_KDF, which is apparently not enough
> >
> > It turns out that at least HMAC_SHA384_KDF is required for successful build.
> > Here is a minimal patch for wpa_supplicant that fixes build for your snippet:
> >
> > diff --git a/wpa_supplicant/Makefile b/wpa_supplicant/Makefile
> > index cb66defac..c8e53a3c9 100644
> > --- a/wpa_supplicant/Makefile
> > +++ b/wpa_supplicant/Makefile
> > @@ -246,6 +246,7 @@ endif
> >  ifdef CONFIG_MESH
> >  NEED_80211_COMMON=y
> >  NEED_AES_SIV=y
> > +NEED_HMAC_SHA384_KDF=y
> >  CONFIG_SAE=y
> >  CONFIG_AP=y
> >  CFLAGS += -DCONFIG_MESH
> >
> >
> > In fact, it looks like wpa_supplicant build would fail for any configuration
> > when we enable SAE without DPP. However in Buildroot we enable all WPA3
> > support at once which includes OWE/SAE/DPP. Meanwhile DPP enables all
> > the NEED_HMAC_SHA***_KDF options.
> 
> Would you then add this patch to the version bump? I'll keep an eye on
> what happens with the official solution on the hostap mailing list.

I will send it separately on top of version update patches.

Regards,
Sergey
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

  reply	other threads:[~2022-02-01 10:46 UTC|newest]

Thread overview: 11+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-01-31 19:48 [Buildroot] [PATCH 1/2] package/wpa_supplicant: bump version to 2.10 Sergey Matyukevich
2022-01-31 19:48 ` [Buildroot] [PATCH 2/2] package/hostapd: " Sergey Matyukevich
2022-02-01 17:22   ` Yegor Yefremov via buildroot
2022-01-31 20:14 ` [Buildroot] [PATCH 1/2] package/wpa_supplicant: " Yegor Yefremov via buildroot
2022-01-31 20:38   ` Sergey Matyukevich
2022-01-31 21:32     ` Yegor Yefremov via buildroot
2022-02-01  8:53       ` Sergey Matyukevich
2022-02-01 10:25         ` Yegor Yefremov via buildroot
2022-02-01 10:46           ` Sergey Matyukevich [this message]
2022-02-01 17:22 ` Yegor Yefremov via buildroot
2022-02-12 13:45 ` Arnout Vandecappelle

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=YfkPd6po3cYygwok@curiosity \
    --to=geomatsi@gmail.com \
    --cc=buildroot@buildroot.org \
    --cc=matthew.weber@collins.com \
    --cc=yegorslists@googlemail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.