ProHoster > Блог > labaran intanet > Sakin hostapd da wpa_supplicant 2.10

Sakin hostapd da wpa_supplicant 2.10

Bayan shekara guda da rabi na ci gaba, an shirya sakin hostapd/wpa_supplicant 2.10, saiti don tallafawa ka'idodin mara waya ta IEEE 802.1X, WPA, WPA2, WPA3 da EAP, wanda ya ƙunshi aikace-aikacen wpa_supplicant don haɗawa zuwa hanyar sadarwa mara waya. a matsayin abokin ciniki da tsarin bayanan hostapd don samar da aiki na wurin samun dama da uwar garken tabbatarwa, gami da abubuwan da aka haɗa kamar WPA Authenticator, RADIUS abokin ciniki / uwar garken, uwar garken EAP. Ana rarraba lambar tushe na aikin a ƙarƙashin lasisin BSD.

Baya ga sauye-sauyen aiki, sabon sigar ta toshe sabon sigar harin tashoshi na gefe wanda ke shafar hanyar shawarwarin haɗin yanar gizo ta SAE (Tabbacin Daidaitawa na lokaci ɗaya) da ka'idar EAP-pwd. Mai kai hari wanda ke da ikon aiwatar da lambar da ba ta da gata akan tsarin mai amfani da ke haɗawa da hanyar sadarwar mara waya zai iya, ta hanyar sa ido kan ayyukan da ke kan tsarin, samun bayanai game da halayen kalmar sirri kuma amfani da su don sauƙaƙe hasashen kalmar sirri a cikin yanayin layi. Matsalar ta samo asali ne ta hanyar ɗigon bayanai ta wasu tashoshi na uku game da halayen kalmar sirri, wanda ke ba da izini, bisa ga bayanan kai tsaye, kamar canje-canjen jinkiri yayin aiki, don fayyace daidaitattun zaɓin sassan kalmar sirri a ciki. tsarin zabar shi.

Ba kamar irin waɗannan batutuwan da aka gyara a cikin 2019 ba, sabon raunin yana faruwa ne ta hanyar gaskiyar cewa abubuwan da ake amfani da su a cikin aikin crypto_ec_point_solve_y_coord() ba su samar da lokacin aiwatarwa akai-akai ba, ko da kuwa yanayin bayanan da ake sarrafa su. Dangane da nazarin halayen cache mai sarrafawa, maharin da ke da ikon gudanar da lambar da ba ta da gata a kan ainihin processor ɗin guda ɗaya zai iya samun bayanai game da ci gaban ayyukan kalmar sirri a cikin SAE/EAP-pwd. Matsalar tana shafar duk nau'ikan wpa_supplicant da hostapd da aka haɗa tare da tallafi don SAE (CONFIG_SAE=y) da EAP-pwd (CONFIG_EAP_PWD=y).

Sauran canje-canje a cikin sabbin fitowar hostapd da wpa_supplicant:

  • Ƙara ikon ginawa tare da ɗakin karatu na sirri na OpenSSL 3.0.
  • An aiwatar da tsarin Kariyar Beacon da aka tsara a cikin sabunta ƙayyadaddun ƙayyadaddun WPA3, wanda aka ƙera don kare kai daga hare-hare a kan hanyar sadarwa mara waya wanda ke sarrafa canje-canje a cikin firam ɗin Beacon.
  • Ƙarin tallafi don DPP 2 (Ƙa'idar Samar da Na'urar Wi-Fi), wanda ke bayyana hanyar tantance maɓalli na jama'a da aka yi amfani da shi a cikin ma'aunin WPA3 don sauƙaƙe tsarin na'urori ba tare da haɗin kan allo ba. Ana yin saiti ta amfani da wani ƙarin na'ura mai ci gaba da aka haɗa zuwa cibiyar sadarwar mara waya. Misali, ana iya saita sigogi na na'urar IoT ba tare da allo ba daga wayar hannu bisa hoton lambar QR da aka buga akan harka;
  • Ƙara goyon baya don Ƙaddamar ID na Maɓalli (IEEE 802.11-2016).
  • An ƙara goyon bayan tsarin tsaro na SAE-PK (SAE Public Key) don aiwatar da hanyar shawarwarin haɗin gwiwar SAE. Ana aiwatar da yanayin tabbatarwa nan take, ta hanyar zaɓin “sae_config_immediate=1”, da kuma hanyar zanta-to-lement, ana kunna sae_pwe siga zuwa 1 ko 2.
  • Aiwatar da EAP-TLS ta ƙara tallafi don TLS 1.3 (an kashe ta tsohuwa).
  • Ƙara sabbin saituna (max_auth_rounds, max_auth_rounds_short) don canza iyaka akan adadin saƙonnin EAP yayin aiwatar da tantancewa (ana iya buƙatar canje-canjen iyakoki yayin amfani da manyan takaddun shaida).
  • Ƙara goyon baya ga tsarin PASN (Tattaunawar Tsaro ta Ƙungiyar Ƙaddamarwa) don kafa amintaccen haɗi da kuma kare musayar firam ɗin sarrafawa a matakin haɗin da ya gabata.
  • An aiwatar da tsarin naƙasasshe na Transition, wanda ke ba ku damar kashe yanayin yawo ta atomatik, wanda ke ba ku damar canzawa tsakanin wuraren shiga yayin da kuke motsawa, don haɓaka tsaro.
  • An cire goyon bayan ƙa'idar WEP daga ginanniyar tsoho (sake ginawa tare da zaɓin CONFIG_WEP = y ana buƙatar dawo da tallafin WEP). Cire ayyukan gado mai alaƙa da Inter-Access Point Protocol (IAPP). An daina goyan bayan libnl 1.1. Ƙara zaɓin ginawa CONFIG_NO_TKIP=y don ginawa ba tare da tallafin TKIP ba.
  • Kafaffen lahani a cikin aiwatar da UPnP (CVE-2020-12695), a cikin P2P/Wi-Fi Mai sarrafa kai tsaye (CVE-2021-27803) kuma a cikin tsarin kariya na PMF (CVE-2019-16275).
  • Canje-canje na ƙayyadaddun Hostapd sun haɗa da faɗaɗa tallafi don HEW (Maɗaukaki mara waya, IEEE 802.11ax) cibiyoyin sadarwa mara waya, gami da ikon amfani da kewayon mitar GHz 6.
  • Canje-canje na musamman ga wpa_supplicant:
    • Ƙara goyon baya don saitunan yanayin samun dama don SAE (WPA3-Personal).
    • Ana aiwatar da goyan bayan yanayin P802.11P don tashoshin EDMG (IEEE 2ay).
    • Ingantattun tsinkayar kayan aiki da zaɓin BSS.
    • An faɗaɗa tsarin sarrafa sarrafawa ta hanyar D-Bus.
    • An ƙara sabon madaidaicin baya don adana kalmomin shiga a cikin wani fayil daban, yana ba ku damar cire mahimman bayanai daga babban fayil ɗin daidaitawa.
    • An ƙara sabbin manufofi don SCS, MSCS da DSCP.

source: budenet.ru

Add a comment