Buildroot Archive on lore.kernel.org
 help / color / mirror / Atom feed
From: Sergey Matyukevich <geomatsi@gmail.com>
To: Yegor Yefremov <yegorslists@googlemail.com>
Cc: Matt Weber <matthew.weber@collins.com>,
	buildroot <buildroot@buildroot.org>
Subject: Re: [Buildroot] [PATCH 1/2] package/wpa_supplicant: bump version to 2.10
Date: Tue, 1 Feb 2022 11:53:15 +0300	[thread overview]
Message-ID: <Yfj0+/0smquecnm0@curiosity> (raw)
In-Reply-To: <CAGm1_ku=iCDJZqDpDPoQAnF7YwtCtKdo3OZbdyb8yJ6Wv5wRXA@mail.gmail.com>

Hi Yegor,

> On Mon, Jan 31, 2022 at 9:38 PM Sergey Matyukevich <geomatsi@gmail.com> wrote:
> >
> > Hello Yegor,
> >
> > > Hi Sergey,
> > >
> > > On Mon, Jan 31, 2022 at 8:48 PM Sergey Matyukevich <geomatsi@gmail.com> wrote:
> > > >
> > > > Update wpa_supplicant to the latest release v2.10. Drop all the patches
> > > > as they have already been upstreamed. Remove from .mk file all the
> > > > WPA_SUPPLICANT_IGNORE_CVES records since those CVEs will not be
> > > > reported against the new version.
> > > >
> > > > Signed-off-by: Sergey Matyukevich <geomatsi@gmail.com>
> >
> > ...
> >
> > > Have you tried to build wpa_supplicant without
> > > BR2_PACKAGE_WPA_SUPPLICANT_WPA3 and enabled
> > > BR2_PACKAGE_WPA_SUPPLICANT_MESH_NETWORKING? I've got a linking error.
> > > I have also sent a quick and dirty patch to the hostap mailing list
> > > [1] but still got no answer.
> > >
> > > [1] http://lists.infradead.org/pipermail/hostap/2022-January/040181.html
> >
> > So far I have not observed that problem. I think we can handle it
> > independently from the revision update, adding fixup patches if needed.
> >
> > I tried to reproduce it using the following wpa_supplicant configuration:
> >
> > BR2_PACKAGE_WPA_SUPPLICANT=y
> > BR2_PACKAGE_WPA_SUPPLICANT_NL80211=y
> > BR2_PACKAGE_WPA_SUPPLICANT_AP_SUPPORT=y
> > BR2_PACKAGE_WPA_SUPPLICANT_MESH_NETWORKING=y
> >
> > However build succeeded. Could you please post your wpa_supplicant
> > configuration snippet ? Probably the root cause is in openssl and some
> > of its features need to be enabled in package/wpa_supplicant/Config.in.
> 
> I have pinned it down:
> 
> BR2_PACKAGE_WPA_SUPPLICANT=y
> BR2_PACKAGE_WPA_SUPPLICANT_NL80211=y
> BR2_PACKAGE_WPA_SUPPLICANT_AP_SUPPORT=y
> BR2_PACKAGE_WPA_SUPPLICANT_MESH_NETWORKING=y
> BR2_PACKAGE_WPA_SUPPLICANT_EAP=y
> 
> It is BR2_PACKAGE_WPA_SUPPLICANT_EAP option the selects NEED_SHA384.

Thanks ! I reproduced the problem using your wpa_supplicant config snippet.
Looking into Makefile of wpa_supplicant:
- CONFIG_MESH for some reason needs SAE, so it enables CONFIG_SAE
- CONFIG_SAE enables only HMAC_SHA256_KDF, which is apparently not enough

It turns out that at least HMAC_SHA384_KDF is required for successful build.
Here is a minimal patch for wpa_supplicant that fixes build for your snippet:

diff --git a/wpa_supplicant/Makefile b/wpa_supplicant/Makefile
index cb66defac..c8e53a3c9 100644
--- a/wpa_supplicant/Makefile
+++ b/wpa_supplicant/Makefile
@@ -246,6 +246,7 @@ endif
 ifdef CONFIG_MESH
 NEED_80211_COMMON=y
 NEED_AES_SIV=y
+NEED_HMAC_SHA384_KDF=y
 CONFIG_SAE=y
 CONFIG_AP=y
 CFLAGS += -DCONFIG_MESH


In fact, it looks like wpa_supplicant build would fail for any configuration
when we enable SAE without DPP. However in Buildroot we enable all WPA3
support at once which includes OWE/SAE/DPP. Meanwhile DPP enables all
the NEED_HMAC_SHA***_KDF options.

Regards,
Sergey
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

  reply	other threads:[~2022-02-01  8:53 UTC|newest]

Thread overview: 11+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-01-31 19:48 [Buildroot] [PATCH 1/2] package/wpa_supplicant: bump version to 2.10 Sergey Matyukevich
2022-01-31 19:48 ` [Buildroot] [PATCH 2/2] package/hostapd: " Sergey Matyukevich
2022-02-01 17:22   ` Yegor Yefremov via buildroot
2022-01-31 20:14 ` [Buildroot] [PATCH 1/2] package/wpa_supplicant: " Yegor Yefremov via buildroot
2022-01-31 20:38   ` Sergey Matyukevich
2022-01-31 21:32     ` Yegor Yefremov via buildroot
2022-02-01  8:53       ` Sergey Matyukevich [this message]
2022-02-01 10:25         ` Yegor Yefremov via buildroot
2022-02-01 10:46           ` Sergey Matyukevich
2022-02-01 17:22 ` Yegor Yefremov via buildroot
2022-02-12 13:45 ` Arnout Vandecappelle

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=Yfj0+/0smquecnm0@curiosity \
    --to=geomatsi@gmail.com \
    --cc=buildroot@buildroot.org \
    --cc=matthew.weber@collins.com \
    --cc=yegorslists@googlemail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox