Jouni Malinen [Tue, 15 Sep 2009 08:23:48 +0000 (11:23 +0300)]
nl80211: Use defines for NL80211_KEY_CIPHER values
Jouni Malinen [Tue, 15 Sep 2009 08:21:25 +0000 (11:21 +0300)]
Revert "nl80211: Share the same routine for NL80211_ATTR_KEY_CIPHER setup"
This reverts commit
5aa9cb5cca24268ae3a8cc35c85215b4a9a513b6.
The nested key attribute is using different attribute values
(NL80211_KEY_* vs. NL80211_ATTR_KEY_*), so cannot share the same routine
for these purposes..
Jouni Malinen [Tue, 15 Sep 2009 07:54:41 +0000 (10:54 +0300)]
nl80211: Share the same routine for NL80211_ATTR_KEY_CIPHER setup
Johannes Berg [Tue, 15 Sep 2009 07:48:30 +0000 (10:48 +0300)]
driver_nl80211: Fix MLME key settings for static WEP
Current wpa_supplicant has a bug with WEP keys, it adds a zero-length
sequence counter field to netlink which the kernel doesn't accept.
Additionally, the kernel API slightly changed to accept keys only when
connected, so we need to send it the keys after that. For that to work
with shared key authentication, we also include the default WEP TX key
in the authentication command.
To upload the keys properly _after_ associating, add a new flag
WPA_DRIVER_FLAGS_SET_KEYS_AFTER_ASSOC_DONE indicating that the driver
needs the keys at that point and not earlier.
Jouni Malinen [Mon, 14 Sep 2009 21:08:24 +0000 (00:08 +0300)]
Add preliminary background scan and roaming module design
This allows background scanning and roaming decisions to be contained in
a single place based on a defined set of notification events which will
hopefully make it easier to experiment with roaming improvements. In
addition, this allows multiple intra-ESS roaming policies to be used
(each network configuration block can configure its own bgscan module).
The beacon loss and signal strength notifications are implemented for
the bgscan API, but the actual events are not yet available from the
driver.
The included sample bgscan module ("simple") is an example of what can
be done with the new bgscan mechanism. It requests periodic background
scans when the device remains associated with an ESS and has couple of
notes on what a more advanced bgscan module could do to optimize
background scanning and roaming. The periodic scans will cause the scan
result handler to pick a better AP if one becomes available. This bgscan
module can be taken into use by adding bgscan="simple" (or
bgscan="simple:<bgscan interval in seconds>") into the network
configuration block.
Samuel Ortiz [Mon, 14 Sep 2009 14:25:03 +0000 (17:25 +0300)]
Getting back to DISCONNECTED afer SCANNING
After transitioning from DISCONNECTED to SCANNING, we never go back
to DISCONNECTED even though scanning is done or failed.
We're thus stuck in SCANNING while scanning is actually done.
Masashi Honma [Mon, 14 Sep 2009 13:50:53 +0000 (16:50 +0300)]
WPS: Fix CONFIG_WPS=y compilation of wpa_supplicant
The wpa_supplicant compilation failed with CONFIG_WPS=y option
if CONFIG_CLIENT_MLME and CONFIG_IEEE80211R are not used.
Witold Sowa [Sun, 13 Sep 2009 19:21:52 +0000 (22:21 +0300)]
Share same freeing and error checking code in get_scan_results
Convert wpa_supplicant_get_scan_results_old() to use the same return
style with the other get_scan_results options and clean up the code
by sharing the same scan result freeing and error checking code for
all the options.
Witold Sowa [Sun, 13 Sep 2009 18:16:43 +0000 (21:16 +0300)]
Use shared functions for network operations and param changes
Instead of implementing these separately in various control
interface handlers, use shared functions. These add some of the
previously missing notification calls, too, for the affected areas.
Jouni Malinen [Sun, 13 Sep 2009 17:53:32 +0000 (20:53 +0300)]
Add wpa_supplicant notification calls
This introduces a new mechanism for collecting notification calls into
a single place (notify.c). As a result of this, most of the
wpa_supplicant code does not need to know about dbus (etc. mechanisms
that could use the notifications). Some empty placeholder functions are
also added in preparation of new dbus code that needs more event
notifications.
Witold Sowa [Sun, 13 Sep 2009 17:27:54 +0000 (20:27 +0300)]
Remove extra whitespace
Jouni Malinen [Fri, 11 Sep 2009 16:06:38 +0000 (19:06 +0300)]
wpa_gui-qt4: Fix WPS AP detection for peer window
Jouni Malinen [Fri, 11 Sep 2009 15:37:16 +0000 (18:37 +0300)]
wpa_gui-qt4: Add scan results into the peer window
In addition, add a peer entry type for each peer entry. Currently,
this is only stored as an integer and visible in the context menu.
Eventually, different icons should be used based on this type.
Jouni Malinen [Fri, 11 Sep 2009 14:52:46 +0000 (17:52 +0300)]
wpa_gui-qt4: Handle UNKNOWN COMMAND reply during peer window update
Avoid an infinite loop if wpa_supplicant is not built with AP support.
Jouni Malinen [Fri, 11 Sep 2009 14:14:49 +0000 (17:14 +0300)]
Add parsed information from WPS IE(s) into scan results
This makes it easier for external programs to show WPS information
since they do not need to parse the WPS IE themselves anymore.
Jouni Malinen [Fri, 11 Sep 2009 14:13:59 +0000 (17:13 +0300)]
WPS: Add parsing of AP Setup Locked attribute
Jouni Malinen [Fri, 11 Sep 2009 13:45:34 +0000 (16:45 +0300)]
Fix driver_test for hostapd
Commit
0b55b934ee6243f2682524b0a733cc1468e20050 broke this by not
initializing drv->ap = 1 in hostapd case since the mode updating
code ended up unlinking the socket file. Setting drv->ap = 1
removes the mode change and as such, unlinking of the socket file.
Jouni Malinen [Fri, 11 Sep 2009 13:36:59 +0000 (16:36 +0300)]
Convert WPS IE concat routine to a generic helper
This may also be needed in wpa_supplicant and potentially for other
IE types, too.
Jouni Malinen [Thu, 10 Sep 2009 21:22:35 +0000 (00:22 +0300)]
driver_test: Update BSS data when using wpa_supplicant AP mode
Jouni Malinen [Thu, 10 Sep 2009 21:17:35 +0000 (00:17 +0300)]
driver_test: Implement set_mode for wpa_supplicant AP deinit
Jouni Malinen [Thu, 10 Sep 2009 14:41:29 +0000 (17:41 +0300)]
driver_test: Preliminary support for wpa_supplicant AP functionality
Jouni Malinen [Thu, 10 Sep 2009 14:03:51 +0000 (17:03 +0300)]
driver_test: Share the same deinit() for hostapd and wpa_supplicant
Jouni Malinen [Thu, 10 Sep 2009 13:52:03 +0000 (16:52 +0300)]
driver_test: Merge socket_dir into test_dir
Jouni Malinen [Thu, 10 Sep 2009 13:48:10 +0000 (16:48 +0300)]
driver_test: Some additional merging of send_mlme
Jouni Malinen [Thu, 10 Sep 2009 13:30:35 +0000 (16:30 +0300)]
driver_test: Claim AP mode capability for wpa_supplicant
Jouni Malinen [Thu, 10 Sep 2009 13:28:47 +0000 (16:28 +0300)]
driver_test: Build most of code in unconditionally
It is simpler to just build in all the test driver code regardless
of whether this is for hostapd or wpa_supplicant (which will eventually
get AP mode support with driver_test, too).
Jouni Malinen [Thu, 10 Sep 2009 13:18:04 +0000 (16:18 +0300)]
driver_test: Merge wpa_supplicant and hostapd data structures
There is no real need to keep these in separate data structures with
different names.
Jouni Malinen [Thu, 10 Sep 2009 11:43:08 +0000 (14:43 +0300)]
wpa_gui-qt4: Add context menu for peers dialog
Replace the clicked() event with more appropriate context menu
and add a WPS PIN entry as an example command.
Alex Badea [Wed, 9 Sep 2009 20:54:03 +0000 (23:54 +0300)]
radius_server: clean up completed sessions sooner
radius_server_encapsulate_eap() resets sess->eap->if->eap{Success,Fail}
to FALSE, such that the completion condition is never true.
The net effect is that completed sessions would linger for
RADIUS_SESSION_TIMEOUT seconds.
Signed-off-by: Alex Badea <vamposdecampos@gmail.com>
Previously, the default settings allowed 100 sessions in 60 seconds.
With this fix, the default limit is now 100 sessions per 10 seconds.
[Bug 329]
Jouni Malinen [Wed, 9 Sep 2009 08:11:42 +0000 (11:11 +0300)]
wpa_gui-qt4: Include cstdio to avoid some compiler issues
It looks like some build systems do not find snprintf() here unless
cstdio is included explicitly.
Jouni Malinen [Tue, 8 Sep 2009 13:28:41 +0000 (16:28 +0300)]
wpa_gui-qt4: Add a new window for showing peer information
This provides some initial functionality for showing peer information,
i.e., showing information about other devices that has been discovered.
Currently, information is only available in the AP mode (list of
associated stations), but this is expected to increase in the future
(e.g., show the current AP in station mode, other stations in IBSS,
etc.). Furthermore, there will be actions available for doing things
like providing a WPS PIN for a station.
Jouni Malinen [Tue, 8 Sep 2009 09:58:02 +0000 (12:58 +0300)]
Add station table query to wpa_supplicant AP ctrl_iface
"wpa_cli all_sta" and "wpa_cli sta <addr>" can now be used to fetch
information about stations associated with the
wpa_supplicant-controlled AP.
Jouni Malinen [Tue, 8 Sep 2009 09:56:07 +0000 (12:56 +0300)]
Move STA list ctrl_iface handlers to a separate file
This makes it easier to share the hostapd station table query
functionality with wpa_supplicant AP mode operations.
Jouni Malinen [Mon, 7 Sep 2009 19:09:13 +0000 (22:09 +0300)]
WPS: Store device info and make it available through AP ctrl_iface
Store a copy of device attributes during WPS protocol run and make it
available for external programs via the control interface STA MIB
command for associated stations. This gives access to device name and
type which can be useful when showing user information about associated
stations.
Jouni Malinen [Sun, 6 Sep 2009 10:58:15 +0000 (13:58 +0300)]
WPS: Add support for AP reconfiguration with wps_reg
wpa_supplicant can now reconfigure the AP by acting as an External
Registrar with the wps_reg command. Previously, this was only used
to fetch the current AP settings, but now the wps_reg command has
optional arguments which can be used to provide the new AP
configuration. When the new parameters are set, the WPS protocol run
is allowed to continue through M8 to reconfigure the AP instead of
stopping at M7.
Jouni Malinen [Sun, 6 Sep 2009 10:55:01 +0000 (13:55 +0300)]
Fix WPA reconfiguration to update GTK
The group key state machine needs to be re-initialized with possible
updated GTK length when restarting WPA (e.g., when WPS was used to
reconfigure the AP).
Jouni Malinen [Fri, 4 Sep 2009 15:04:41 +0000 (18:04 +0300)]
Delay processing of EAPOL frames when not associated
If an EAPOL frame is received while wpa_supplicant thinks the driver is
not associated, queue the frame for processing at the moment when the
association event is received. This is a workaround to a race condition
in receiving data frames and management events from the kernel.
The pending EAPOL frame will not be processed unless an association
event is received within 100 msec for the same BSSID.
Jouni Malinen [Fri, 4 Sep 2009 13:39:41 +0000 (16:39 +0300)]
nl80211: Ignore connect/roam/disconnect events when using SME
Getting double association/disassociation events can get core code
confused, so better filter out the extra events.
Zhu Yi [Thu, 3 Sep 2009 18:31:29 +0000 (21:31 +0300)]
nl80211: Connect API support
If the driver does not support separate authentication and association
steps, use the connect API instead.
Zhu Yi [Thu, 3 Sep 2009 17:39:59 +0000 (20:39 +0300)]
nl80211: Add connect/disconnect event processing
Zhu Yi [Thu, 3 Sep 2009 17:36:09 +0000 (20:36 +0300)]
nl80211: Check whether the driver support separate auth/assoc commands
This is an initial step in adding support for the new connect command.
For now, we just add the capability query. The actual use of the new
command will be added separately.
Zhu Yi [Thu, 3 Sep 2009 17:21:18 +0000 (20:21 +0300)]
nl80211: Use defines for cipher suite selectors
Chuck Tuffli [Wed, 26 Aug 2009 20:51:12 +0000 (23:51 +0300)]
Fix comment in wpa_supplicant_event_associnfo
Found what I think is a copy/paste error in the comments for the .11r
code.
Masashi Honma [Wed, 26 Aug 2009 20:40:51 +0000 (23:40 +0300)]
OpenBSD: wired IEEE 802.1X for OpenBSD
This is a patch for OpenBSD wired IEEE 802.1X. This is only for wired,
not wireless, because OpenBSD uses wpa_supplicant only on wired now.
http://www.openbsd.org/cgi-bin/cvsweb/ports/security/wpa_supplicant/
I have tested with these.
OS : OpenBSD 4.5
EAP : EAP-TLS
Switch : CentreCOM 8724SL
Masashi Honma [Wed, 26 Aug 2009 20:34:54 +0000 (23:34 +0300)]
WPS: Aggregate deinit calls in WPS OOB
In WPS OOB, deinit_func() is called from 3 locations.
This patch aggregates these to one.
Witold Sowa [Wed, 26 Aug 2009 17:18:24 +0000 (20:18 +0300)]
Fix a bug with ap_rx_from_unknown_sta() recursion
ap_rx_from_unknown_sta was going into infinite recursion,
or could even crash because of corrupted pointer cast.
Jouni Malinen [Wed, 26 Aug 2009 09:10:50 +0000 (12:10 +0300)]
nl80211: Use two sockets to avoid mixing command replies with events
Previously, both the command replies and unsolicited events were
received from the same socket. This could cause problems if an event
message is received between a command and the response to that command.
Using two sockets avoids this issue.
Jouni Malinen [Sun, 23 Aug 2009 18:32:27 +0000 (21:32 +0300)]
Disable PMTU discovery for RADIUS packets (sent them without DF)
When Linux has Path MTU discovery enabled, it sets by default the DF bit
on all outgoing datagrams, also UDP ones. If a RADIUS message is bigger
than the smallest MTU size to the target, it will be discarded.
This effectively limits RADIUS messages to ~ 1500 Bytes, while they can
be up to 4k according to RFC2865. In practice, this can mean trouble
when doing EAP-TLS with many RADIUS attributes besides the EAP-Message.
[Bug 326]
Stefan Winter [Sun, 23 Aug 2009 18:21:25 +0000 (21:21 +0300)]
Disable PMTU discovery for RADIUS packets (sent them without DF)
When Linux has Path MTU discovery enabled, it sets by default the DF bit
on all outgoing datagrams, also UDP ones. If a RADIUS message is bigger
than the smallest MTU size to the target, it will be discarded.
This effectively limits RADIUS messages to ~ 1500 Bytes, while they can
be up to 4k according to RFC2865. In practice, this can mean trouble
when doing EAP-TLS with many RADIUS attributes besides the EAP-Message.
[Bug 326]
Jouni Malinen [Sun, 23 Aug 2009 18:00:38 +0000 (21:00 +0300)]
Reject X.509 certificate strings with embedded NUL characters
These could, at least in theory, be used to generate unexpected common
name or subject alternative name matches should a CA sign strings with
NUL (C string termination) in them. For now, just reject the certificate
if an embedded NUL is detected. In theory, all the comparison routines
could be made to compare these strings as binary blobs (with additional
X.509 rules to handle some exceptions) and display NUL characters
somehow. Anyway, just rejecting the certificate will get rid of
potential problems with the C string getting terminated and it should
not really be used in certificates, so this should not break valid use
cases.
Jouni Malinen [Tue, 18 Aug 2009 08:33:40 +0000 (11:33 +0300)]
Sync with linux/nl80211.h from wireless-testing.git
Jouni Malinen [Mon, 17 Aug 2009 17:27:25 +0000 (20:27 +0300)]
Remove unneeded aes_i.h inclusion from number of places
The BLOCK_SIZE define can be made more specific by using AES_ prefix and
by moving it to aes.h. After this, most aes-*.c do not really need to
include anything from the internal aes_i.h header file. In other words,
aes_i.h can now be used only for the code that uses the internal AES
block operation implementation and none of the code that can use AES
implementation from an external library do not need to include this
header file.
Jouni Malinen [Sun, 16 Aug 2009 19:35:15 +0000 (22:35 +0300)]
Verify that EAPOL-Key MIC generation succeeds
This can now fail, e.g., if trying to use TKIP in FIPS mode.
Jouni Malinen [Sun, 16 Aug 2009 19:28:40 +0000 (22:28 +0300)]
Verify that RC4 operation succeeds
Jouni Malinen [Sun, 16 Aug 2009 19:26:59 +0000 (22:26 +0300)]
Fix crypto_cipher_init() EVP initialization
Better not specify EVP_CIPHER again for the second init call since that
will override key length with the default value. The previous version
was likely to work since most use cases would be likely to use the
default key length. Anyway, better make this handle variable length
ciphers (mainly, RC4), too, just in case it is needed in the future.
Jouni Malinen [Sun, 16 Aug 2009 19:26:13 +0000 (22:26 +0300)]
Use OpenSSL for RC4 instead of internal implementation
Jouni Malinen [Sun, 16 Aug 2009 17:13:14 +0000 (20:13 +0300)]
Move RC4 into crypto.h as a replaceable crypto function
This allows crypto library wrappers to override the internal RC4
implementation in the same way as can already be done for other crypto
algorithms.
Jouni Malinen [Sun, 16 Aug 2009 16:57:50 +0000 (19:57 +0300)]
Remove rc4() wrapper
This is not really of that much use since rc4_skip() can be used as
easily. In addition, rc4 has caused some symbol conflicts in the past,
so it is easier to live without that as an exported symbol.
Jouni Malinen [Sun, 16 Aug 2009 16:56:33 +0000 (19:56 +0300)]
Fix build with non-FIPS capable OpenSSL
Jouni Malinen [Sun, 16 Aug 2009 16:07:57 +0000 (19:07 +0300)]
Verify CHAP/MSCHAPv2 return code
Check the return code in some (but not yet all) places where the
functions from ms_funcs.c are used.
Jouni Malinen [Sun, 16 Aug 2009 16:05:29 +0000 (19:05 +0300)]
Fix OpenSSL build (internal SHA256 not used anymore)
Jouni Malinen [Sun, 16 Aug 2009 16:00:49 +0000 (19:00 +0300)]
Fix FIPS mode build of eapol_test
Jouni Malinen [Sun, 16 Aug 2009 15:56:48 +0000 (18:56 +0300)]
Allow non-FIPS MD5 to be used with TLS PRF even in FIPS mode
This is allowed per FIPS1402IG.pdf since the TLS PRF depends fully on
both MD5 and SHA-1.
Jouni Malinen [Sun, 16 Aug 2009 15:38:35 +0000 (18:38 +0300)]
Pass digest return value to CHAP/MSCHAPv2 caller
Jouni Malinen [Sun, 16 Aug 2009 11:24:22 +0000 (14:24 +0300)]
Preliminary support for FIPS mode operation with OpenSSL
wpa_supplicant can now be built with FIPS capable OpenSSL for FIPS mode
operation. Currently, this is only enabling the FIPS mode in OpenSSL
without providing any higher level enforcement in wpa_supplicant.
Consequently, invalid configuration will fail during the authentication
run. Proper configuration (e.g., WPA2-Enterprise with EAP-TLS) allows
the connection to be completed.
Jouni Malinen [Sun, 16 Aug 2009 11:18:59 +0000 (14:18 +0300)]
Pass error values from digest calls to ms_funcs callers
These function calls can now fail, so better let the caller know if that
happened.
Jouni Malinen [Sun, 16 Aug 2009 11:15:36 +0000 (14:15 +0300)]
OpenSSL: Use library version of SHA256
There is no need to use the internal SHA256 implementation when using
OpenSSL.
Jouni Malinen [Sun, 16 Aug 2009 11:12:06 +0000 (14:12 +0300)]
OpenSSL: Use EVP_Digest*() functions
Instead of using low level, digest-specific functions, use the generic
EVP interface for digest functions. In addition, report OpenSSL errors
in more detail.
Jouni Malinen [Sun, 16 Aug 2009 11:06:00 +0000 (14:06 +0300)]
Make hash functions return error value
Some crypto libraries can return in these functions (e.g., if a specific
hash function is disabled), so we better provide the caller a chance to
check whether the call failed. The return values are not yet used
anywhere, but they will be needed for future changes.
Jouni Malinen [Sun, 16 Aug 2009 07:25:13 +0000 (10:25 +0300)]
Enable SHA256 digest support in OpenSSL
This is needed to allow X.509 certificates with SHA256 digest to be
used. [Bug 323]
Bjarke Istrup Pedersen [Sun, 16 Aug 2009 06:47:56 +0000 (09:47 +0300)]
Use LDFLAGS in all linker commands
When building hostapd and wpa_supplicant, the build system does not
respect the LDFLAGS selected in the environment in some cases. [Bug 311]
Jouni Malinen [Sun, 16 Aug 2009 06:35:31 +0000 (09:35 +0300)]
Use PEM format RSA private key with eap_example
It looks like GnuTLS does not know how to parse the previously used
DER-formatted PKCS#1 private key (server.key). To work around this, use
a PEM-formatted version of the same key. This format can now be used by
OpenSSL, GnuTLS, and the internal TLS implementation.
Jouni Malinen [Sun, 16 Aug 2009 06:34:58 +0000 (09:34 +0300)]
Add GnuTLS build option for eap_example
Jouni Malinen [Sun, 16 Aug 2009 06:34:21 +0000 (09:34 +0300)]
Support PEM format RSA private key with internal TLS implementation
Witold Sowa [Sat, 15 Aug 2009 18:04:50 +0000 (21:04 +0300)]
Set current ssid when entering AP mode
After successful starting AP mode, current_ssid field is set to
ssid used to create AP.
Masashi Honma [Sat, 15 Aug 2009 17:59:16 +0000 (20:59 +0300)]
NetBSD: Fix wired IEEE 802.1X problem
On NetBSD 5.0, when I use wired 802.1X, "Invalid argument" occurs
on SIOCADDMULTI ioctl and 802.1X fails.
I tried FreeBSD code, but "Address family not supported by protocol family"
occurs on SIOCADDMULTI ioctl and 802.1X fails, too.
This patch solves this issue.
I have tested with these:
OS : NetBSD 5.0
EAP : EAP-MD5
Switch : CentreCOM 8724SL
Jouni Malinen [Sat, 15 Aug 2009 17:51:35 +0000 (20:51 +0300)]
Added new SHA1 files into VS project files to fix the build
Jouni Malinen [Sat, 15 Aug 2009 17:40:45 +0000 (20:40 +0300)]
WPS: Workaround mixed-mode WPA+WPA2 auth type in credentials
An SMC router was reported to use 0x22 (WPAPSK + WPA2PSK) in the
authentication type of the provisioned credential and wpa_supplicant
rejected this as invalid. Work around this by replacing WPAPSK + WPA2PSK
with WPA2PSK.
Jouni Malinen [Sat, 15 Aug 2009 17:09:24 +0000 (20:09 +0300)]
Figure out absolute path for the pid file before daemonizing
This allows relative path to be used in the same way as was already
supported by wpa_supplicant.
Jouni Malinen [Fri, 14 Aug 2009 17:40:37 +0000 (20:40 +0300)]
Force rebuilding of src/drivers between hostapd and wpa_supplicant
This is a (hopefully) temporary workaround to allow the same source code
tree to be used for building hostapd and wpa_supplicant without having
to manually force recompilation of some files. Currently, some of the
driver wrapper files need to be built separately for hostapd and
wpa_supplicant (#ifdef's in the files based on AP functionality).
This is somewhat racy as far as parallel make execution is concerned,
i.e., it may be necessary to run "make -j#" twice (plain "make" works
fine. Since this is supposed to be a temporary workaround, there is not
much point in trying to fix this with any more complex make processing.
Johannes Berg [Fri, 14 Aug 2009 17:01:41 +0000 (20:01 +0300)]
Replace NEED_MLME with NEED_AP_MLME
This makes it clearer that it's about the AP, not client-side MLME, even
when built into the client (wpa_supplicant).
Johannes Berg [Fri, 14 Aug 2009 16:53:27 +0000 (19:53 +0300)]
Create a common drivers makefile snippet
Instead of having all driver stuff collected across wpa_supplicant
and hostapd, create a common snippet that they both include and
that handles the build configuration.
Jouni Malinen [Thu, 13 Aug 2009 14:07:36 +0000 (17:07 +0300)]
wpa_passphrase does not need FIPS PRF, MD4, or AES extra functionality
Jouni Malinen [Thu, 13 Aug 2009 13:36:41 +0000 (16:36 +0300)]
Avoid a theoretical integer overflow in base64_encode()
If base64_encode() were to be used with a huge data array, the
previous version could have resulted in overwriting the allocated
buffer due to an integer overflow as pointed out in
http://www.freebsd.org/cgi/query-pr.cgi?pr=137484. However, there
are no know use cases in hostapd or wpa_supplicant that would do that.
Anyway, the recommended change looks reasonable and provides additional
protection should the base64_encode() function be used for something
else in the future.
Jouni Malinen [Thu, 13 Aug 2009 08:50:52 +0000 (11:50 +0300)]
Fix hlr_auc_gw build after crypto build cleanup
Jouni Malinen [Thu, 13 Aug 2009 08:44:15 +0000 (11:44 +0300)]
Ignore the generated libeap.a file
Jouni Malinen [Thu, 13 Aug 2009 08:43:32 +0000 (11:43 +0300)]
Fix eap_example build after the crypto build cleanup
Johannes Berg [Thu, 13 Aug 2009 08:40:28 +0000 (11:40 +0300)]
Crypto build cleanup: remove CONFIG_NO_AES_*
Instead of using a defines and conditional building of AES parts,
move the conditional functionality into separate files.
Johannes Berg [Thu, 13 Aug 2009 08:28:03 +0000 (11:28 +0300)]
Remove some more crypto ifdef, fix a few small bugs
Johannes Berg [Thu, 13 Aug 2009 08:21:32 +0000 (11:21 +0300)]
Crypto build cleanup: remove CONFIG_NO_AES_ENCRYPT
Instead of using a define and conditional building of AES parts,
move the AES encryption routines into a separate file.
Johannes Berg [Thu, 13 Aug 2009 08:16:21 +0000 (11:16 +0300)]
Crypto build cleanup: remove CONFIG_NO_AES_DECRYPT
Instead of using a define and conditional building of AES parts,
move the AES decryption routines into a separate file.
Johannes Berg [Tue, 11 Aug 2009 17:31:39 +0000 (20:31 +0300)]
Crypto build cleanup: remove CONFIG_NO_PBKDF2
Instead of using a define and conditional building of sha1.c parts,
move the PBKDF2 implementation into a separate file.
Johannes Berg [Tue, 11 Aug 2009 17:24:06 +0000 (20:24 +0300)]
Crypto build cleanup: remove CONFIG_NO_TLS_PRF
Instead of using a define and conditional building of sha1.c parts,
move the TLS PRF implementation into a separate file.
Johannes Berg [Tue, 11 Aug 2009 17:19:37 +0000 (20:19 +0300)]
Crypto build cleanup: remove CONFIG_NO_T_PRF
Instead of using a define and conditional building of sha1.c parts,
move the T-PRF implementation into a separate file.
Johannes Berg [Tue, 11 Aug 2009 17:06:23 +0000 (20:06 +0300)]
Crypto build cleanup: remove NEED_FIPS186_2_PRF
Instead of using a define and conditional building of crypto wrapper
parts, move the FIPS 186-2 PRF implementation into separate files.
Johannes Berg [Tue, 28 Jul 2009 18:36:13 +0000 (21:36 +0300)]
Crypto build cleanup: remove INTERNAL_MD5
Instead of using a define and conditional building of md5.c parts,
move the internal-MD5 into a separate file.
Johannes Berg [Tue, 28 Jul 2009 18:27:02 +0000 (21:27 +0300)]
Crypto build cleanup: remove INTERNAL_MD4
In addition, rename md4.c to md4-internal.c to match in style with
SHA-1 conditionally built internal implementation.
Johannes Berg [Tue, 28 Jul 2009 18:20:04 +0000 (21:20 +0300)]
Crypto build cleanup: remove INTERNAL_SHA256
Instead of using a define and conditional building of sha256.c parts,
move the internal-SHA256 into a separate file.
Johannes Berg [Tue, 28 Jul 2009 18:09:57 +0000 (21:09 +0300)]
Crypto build cleanup: remove INTERNAL_AES
In addition, rename aes.c to aes-internal.c to match in style with
SHA-1 conditionally built internal implementation.
Johannes Berg [Tue, 28 Jul 2009 18:00:44 +0000 (21:00 +0300)]
Crypto build cleanup: remove INTERNAL_DES
In addition, rename des.c to des-internal.c to match in style with
SHA-1 conditionally built internal implementation.