Helmut Schaa [Sat, 19 Nov 2011 17:02:05 +0000 (19:02 +0200)]
Allow MLME frames to be sent without expecting an ACK (no retries)
In some situations it might be benefical to send a unicast frame without
the need for getting it ACKed (probe responses for example). In order to
achieve this add a new noack parameter to the drivers send_mlme callback
that can be used to advise the driver to not wait for an ACK for this
frame.
Signed-hostap: Helmut Schaa <helmut.schaa@googlemail.com>
Jouni Malinen [Sat, 19 Nov 2011 15:01:53 +0000 (17:01 +0200)]
Do not try to add wildcard SSID into active sched_scan
Even though scan_ssid should not really be set for wildcard SSID,
better verify that here explicitly insead of assuming that the
SSID is set.
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 19 Nov 2011 14:52:52 +0000 (16:52 +0200)]
EAP-pwd: Remove struct eap_pwd_hdr
This structure was not really used for anything apart from figuring out
length of the EAP-pwd header (and even that in a way that would not work
with fragmentation). Since the bitfields in the structure could have
been problematic depending on target endianness, remove this unnecessary
structure.
Signed-hostap: Jouni Malinen <j@w1.fi>
Dan Harkins [Sat, 19 Nov 2011 14:47:25 +0000 (16:47 +0200)]
EAP-pwd: Fix zero-padding of input to H()
Another niceness of OpenSSL is that if the high-order bit of a 521-bit
big num is not set then BN_bn2bin() will just return 65 bytes instead of
66 bytes with the 1st (big endian, after all) being all zero. When this
happens the wrong number of octets are mixed into function H(). So
there's a whole bunch of "offset" computations and BN_bn2bin() dumps the
big number into a buffer + offset. That should be obvious in the patch
too.
Dan Harkins [Sat, 19 Nov 2011 14:43:49 +0000 (16:43 +0200)]
EAP-pwd: Fix KDF for group 21
The previous EAP-pwd KDF implemented has an issue with group 21, that is
an elliptic curve group based on a 521 bit prime. 521 is not an even
multiple of 8, and therein lies the problem.
OpenSSL's BN library interprets a string of bits as in big-endian format
so all the calls of BN_bin2bn() will take the binary blob of bits and
turn it into a big number in big-endian format. In the EAP-pwd KDF, I am
stretching the key to "primebitlen". When that is not an even multiple
of 8 I have to mask off the excess. But I was masking off the excess
bits in the 1st octet (big endian after all) but that isn't right. The
KDF produces a string of endian-less bits. The 521st bit is the first
bit in the last octet, not the 7th bit in the first octet. So that has
been fixed and you can see in the attached diff what I'm doing.
Dan Harkins [Sat, 19 Nov 2011 14:32:21 +0000 (16:32 +0200)]
EAP-pwd: Document group configuration for hostapd authentication server
Johannes Berg [Sat, 19 Nov 2011 12:23:46 +0000 (14:23 +0200)]
nl80211: Support in-kernel station poll
If the kernel supports this, don't use manual null
data frame transmissions. This is one thing to get
rid of cooked monitor interfaces.
Signed-hostap: Johannes Berg <johannes.berg@intel.com>
Johannes Berg [Sat, 19 Nov 2011 12:00:53 +0000 (14:00 +0200)]
nl80211: Use non-receiving socket for EAPOL TX
The non-monitor TX currently uses a normal L2 abstraction
socket, but that will also receive frames we don't want,
so use a plain socket that isn't bound for RX. This might
be possible using the L2 abstraction, but we need a plain
socket later for getting TX status events here.
Signed-hostap: Johannes Berg <johannes.berg@intel.com>
Johannes Berg [Sat, 19 Nov 2011 11:42:49 +0000 (13:42 +0200)]
nl80211: Use device AP SME capability
This changes the auto-detection of whether or not the device contains
the AP SME away from monitor interface addition failing to the explicit
attribute in nl80211. Keep the old auto-detection for a little while so
that ath6kl isn't broken right away.
Signed-hostap: Johannes Berg <johannes.berg@intel.com>
Jouni Malinen [Sat, 19 Nov 2011 11:40:07 +0000 (13:40 +0200)]
nl80211: Sync with wireless-testing.git linux/nl80211.h
Signed-hostap: Jouni Malinen <j@w1.fi>
Johannes Berg [Sat, 19 Nov 2011 11:00:30 +0000 (13:00 +0200)]
AP: Add explicit EAPOL TX status event
The new event can be used when EAPOL TX status can't be reported as a
complete 802.11 frame but is instead reported as just the EAPOL data as
originally passed to hapd_send_eapol().
Signed-hostap: Johannes Berg <johannes.berg@intel.com>
Maciej Szmigiero [Sat, 19 Nov 2011 10:06:59 +0000 (12:06 +0200)]
OpenSSL: Read certificate chain from server_cert file
Currently OpenSSL implementation of TLS in hostapd loads only top
certificate in server certificate file. Change this to try to the
whole chain first and only if that fails, revert to old behavior.
Signed-off-by: Maciej Szmigiero <mhej@o2.pl>
Alan T. DeKok [Sat, 19 Nov 2011 09:46:39 +0000 (11:46 +0200)]
wpa_supplicant: Make objects depend on the .config file
The source code compiles into different objects depending on
the contents of .config. Therefore, the objects should depend
on .config.
Previously, only the executables depended on .config. This meant
that they were re-linked when .config changed. But that relink
process used the old (and now wrong) objects.
Jithu Jance [Sat, 19 Nov 2011 09:23:49 +0000 (11:23 +0200)]
nl80211: Implement shared_freq
This patch implements shared_freq handler for driver_nl80211.c. If a
"p2p_group_add" happens after legacy STA association, then this patch
will help to start the GO on the same frequency. This is useful when
supplicant is started on multiple interface running over a singly "PHY"
and the station interface is not used for the P2P device operations.
For example, wpa_supplicant -iwlan0 .. -N -iwlan1 ... and wlan0 is used
for station connection and wlan1 as the P2P device interface.
Signed-hostap: Jithu Jance <jithu@broadcom.com>
Ben Greear [Fri, 18 Nov 2011 21:41:52 +0000 (23:41 +0200)]
nl80211: Make MLME failure messages unique
Without this, it is impossible to tell exactly which
MLME code returned the error.
Also, convert to wpa_dbg so that we get device names
in the messages.
Signed-hostap: Ben Greear <greearb@candelatech.com>
Johannes Berg [Fri, 18 Nov 2011 21:34:53 +0000 (23:34 +0200)]
P2P: Clear WPS method when GO negotiation fails
When GO negotation fails the WPS method is currently not cleared, which
can result in GO negotiation being resumed when a GO negotiation request
frame is received from the peer. That is unexpected as locally we
already gave up.
This manifests itself in getting
1319574733.955685: wlan0: P2P-GO-NEG-FAILURE status=-1
1319574733.955723: P2P: Removing pending group interface p2p-wlan0-0
...
1319574736.648378: wlan0: P2P: Starting GO Negotiation with previously
authorized peer
...
1319574736.650115: wlan0: P2P: Sending GO Negotiation Response
...
1319574736.988038: wlan0: P2P-GO-NEG-SUCCESS
1319574736.988233: P2P: No pending group interface
1319574736.988268: P2P: Create a new interface p2p-wlan0-1 for the group
Clear the WPS method to avoid this situation. I wasn't
able to test this though, but given the log I can only
assume this is how the situation happened.
Reported-by: Reinette Chatre <reinette.chatre@intel.com>
Signed-hostap: Johannes Berg <johannes.berg@intel.com>
Johannes Berg [Fri, 18 Nov 2011 21:32:03 +0000 (23:32 +0200)]
P2P: Simplify code in wpas_p2p_connect()
There's some duplicated code there that can be simplified
with just a single new variable.
Signed-hostap: Johannes Berg <johannes.berg@intel.com>
Dan Williams [Fri, 18 Nov 2011 21:23:45 +0000 (23:23 +0200)]
nl80211: Fix UNSPEC signal quality reporting
r->level got assigned so it's clearly not INVALID; instead
r->qual should be invalid.
Signed-hostap: Dan Williams <dcbw@redhat.com>
Jithu Jance [Fri, 18 Nov 2011 21:13:03 +0000 (23:13 +0200)]
P2P: Indicate GO Negotiation failure on peer expiration
If P2P device expires while a GO Negotiation is in progress, currently
p2p->go_neg_peer is cleared without indicating GO Nego failure. This
will result in pending group interfaces to be left over. This patch will
indicate GO Negotiation failure and will remove any pending group
interfaces.
This patch addresses a corner case in GO-Negotiation case. Consider the
scenario where two devices A and B are in discovery stage and Device B
vanishes [moves out of range] when a connect is issued on the Device A.
Then Device A keeps on retrying the GO Negotiation Request till the
retry limit is reached. On reaching retry limit, the pending group
interface is removed. But suppose if the peer entry in the device list
expires before the retry limit is reached, then pending group interface
was not removed.
Signed-off-by: Jithu Jance <jithu@broadcom.com>
Eyal Shapira [Fri, 18 Nov 2011 21:05:57 +0000 (23:05 +0200)]
sched scan: Fix passive scanning
Scan wasn't initiated in case the config contained only networks without
scan_ssid. In such a case we want scan to be initiated without any SSIDs
to actively scan but include all the SSIDs in the filter list. Also
added some debug logs to easily see which SSIDs were included in which
list.
Cc: Luciano Coelho <coelho@ti.com>
Signed-off-by: Eyal Shapira <eyal@wizery.com>
Jouni Malinen [Fri, 18 Nov 2011 20:07:30 +0000 (22:07 +0200)]
Use NULL instead of 0 for pointers
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Fri, 18 Nov 2011 19:58:18 +0000 (21:58 +0200)]
P2P: Fix collection of member-in-group information for peer entries
Invalid use of memcpy instead of memcmp in comparison resulted in the
GO interface address getting set incorrectly if the GO did not show up
in scan results anymore.
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Fri, 18 Nov 2011 19:53:36 +0000 (21:53 +0200)]
Mark local functions static
These functions are not used outside the file in which they are defined.
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Fri, 18 Nov 2011 19:53:03 +0000 (21:53 +0200)]
Include wpa_auth_glue.h to verify function prototypes
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Fri, 18 Nov 2011 19:43:43 +0000 (21:43 +0200)]
Include list.h after trace.h to avoid offsetof refinition
trace.h may end up including system header files that define offsetof,
so include the compatibility definition from list.h only after this.
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Fri, 18 Nov 2011 19:41:37 +0000 (21:41 +0200)]
Include wpa_supplicant_i.h to verify function prototype match
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Fri, 18 Nov 2011 19:39:10 +0000 (21:39 +0200)]
Remove incorrect le16 type cast
HT_INFO_OPERATION_MODE_OP_MODE_MASK is used with variables in host
byte order, so it should not be claimed as le16.
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Thu, 17 Nov 2011 21:05:19 +0000 (23:05 +0200)]
Fix the debug message in the previous commit
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Thu, 17 Nov 2011 20:59:31 +0000 (22:59 +0200)]
Set Secure=1 for EAPOL-Key msg 3/4 in WPA conditional on 2/4
This is a workaround for Windows 7 supplicant rejecting WPA msg 3/4
in case it used Secure=1 in msg 2/4. This can happen, e.g., when
rekeying PTK after EAPOL-Key Error Request (Michael MIC failure)
from the supplicant.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Thu, 17 Nov 2011 18:06:33 +0000 (20:06 +0200)]
Use a single define for maximum number of EAP methods
This cleans up the code a bit by not having to deal with theoretical
possibility of maximum number of EAP methods to be different between
various components in hostapd.
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Thu, 17 Nov 2011 18:01:19 +0000 (20:01 +0200)]
Remove unused header file inclusion
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Thu, 17 Nov 2011 17:58:33 +0000 (19:58 +0200)]
WPS: Use strdup to initialize dev_password for PBC
Some static analyzers complain about memset with '0' value. This was
used correctly here, but since use of strdup is about as good an option,
use that to silence the invalid warnings.
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Thu, 17 Nov 2011 17:54:26 +0000 (19:54 +0200)]
Avoid 0-length memmove from buffer end to keep static analyzers happier
This avoid incorrect errors from some static analyzers that do not like
memmove with pointers just after the end of a buffer even if the number
of bytes to move is zero.
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Thu, 17 Nov 2011 14:21:11 +0000 (16:21 +0200)]
P2P: Cancel previous operation before starting new p2p_listen
Some drivers do not handle concurrent remain-on-channel operation
requests, so run p2p_stop_find() prior to starting p2p_listen. This
addresses some issues with P2P_LISTEN command being issues again
while already in Listen state.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Thu, 17 Nov 2011 11:41:54 +0000 (13:41 +0200)]
Remove obsolete build tests
These have not been updated for years and do not really work
anymore.
Signed-hostap: Jouni Malinen <j@w1.fi>
Johannes Berg [Wed, 16 Nov 2011 14:42:49 +0000 (16:42 +0200)]
nl80211: Get rid of family/cache objects
All we really need is the family ID, and we can
get that with genl_ctrl_resolve() and then don't
need to worry about family/cache objects.
Signed-hostap: Johannes Berg <johannes.berg@intel.com>
Johannes Berg [Wed, 16 Nov 2011 14:36:40 +0000 (16:36 +0200)]
P2P: Deal with a peer associating while connected
If a P2P client associates with the group while it is
already associated, two member entries may be added to
the group which also confuses num_members counting.
Deal with this by removing the existing entry first
before adding a new one.
I think the way Reinette ran into this was due to our
tx_sync implementation in iwlagn, mac80211 might have
queued two association frames thinking the first one
just failed, but both only went out after the sync was
really successful (which tx_sync doesn't wait for).
Reported-by: Reinette Chatre <reinette.chatre@intel.com>
Signed-hostap: Johannes Berg <johannes.berg@intel.com>
Vasanthakumar Thiagarajan [Wed, 16 Nov 2011 14:30:36 +0000 (16:30 +0200)]
wpa_supplicant: Set configured auth_algs for AP mode
In AP mode, authentication algorithm is reset in
hostapd_config_defaults_bss() and never set to the configured one. This
would pass the default auth_algs (OPEN|SHARED) to driver regardless of
what the wpa_supplicant configuration is requesting.
Signed-off-by: Vasanthakumar Thiagarajan <vthiagar@qca.qualcomm.com>
Jouni Malinen [Tue, 15 Nov 2011 19:25:21 +0000 (21:25 +0200)]
P2P: Wait until ongoing scan completes before starting P2P find
The P2P_FIND command was failing if it was issued at the moment when
a scan operation was in progress. Avoid returning failure in this
case by scheduling the P2P find to start once the ongoing scan is
completed.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Tue, 15 Nov 2011 18:03:00 +0000 (20:03 +0200)]
WEXT: Use linux/wireless.h instead of wireless_copy.h
WEXT is not really changing anymore and more or less all Linux
distros come with linux/wireless.h that is recent enough to
allow the driver wrappers to be build.
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Tue, 15 Nov 2011 16:37:10 +0000 (18:37 +0200)]
Android: Update libnl use to match with Android ICS
The libnl_2 library uses static linking and different path for
header files in the Android ICS release.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Tue, 15 Nov 2011 16:35:58 +0000 (18:35 +0200)]
Android: Fix D-Bus P2P interface location in Android.mk
This was supposed to be in the new D-Bus interface block, not in
the old one.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Tue, 15 Nov 2011 16:34:57 +0000 (18:34 +0200)]
Android: Fix hostapd_cli build
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Tue, 15 Nov 2011 16:34:09 +0000 (18:34 +0200)]
Android: Fix hostapd build
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Mon, 14 Nov 2011 20:33:26 +0000 (22:33 +0200)]
wlantest: Fix handling of PTK rekeying
Use a temporary PTK buffer during 4-way handshake when rekeying PTK
so that the new EAPOL-Key frame MIC values are checked against the
new PTK and frames are decrypted using the old PTK. Take the new
PTK into use once msg 4/4 is processed and clear RSC counters at
that point (including moving of RSC update to avoid setting RSC
based on the msg 4/4).
In addition, add a workaround to handle supplicant implementations that
set Secure bit to one during PTK rekeying 4-way handshake in msg 2/4.
This was previously assumed to be msg 4/4, but the key data contents
can be used to figure out whether this is msg 2/4 even if the Secure
bit is set to one.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Mon, 14 Nov 2011 14:26:45 +0000 (16:26 +0200)]
Do not add P2P IE into Beacon/Probe Response if P2P is disabled
P2P IE was incorrectly added in wpa_supplicant AP mode even if P2P
function was not actually enabled.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Mon, 14 Nov 2011 14:16:29 +0000 (16:16 +0200)]
AP: Only enable WPS for open and WPA/WPA2-Personal configuration
When wpa_supplicant AP mode is used, WPS was enabled by default
regardless of security mode. This is not desired for WEP, so change
the AP configuration to enable WPS only for open and WPA/WPA2-Personal
networks.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Mon, 14 Nov 2011 14:10:54 +0000 (16:10 +0200)]
Fix P2P IE configuration for GO mode
Commit
c2ff13c533306ac06f08fd03fca9e04cc994cabd broke this with a
copy-paste typo that ended up adding the Probe Request P2P IE into the
Beacon frame (i.e., Beacon frame had two P2P IEs while Probe Response
had none).
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Sun, 13 Nov 2011 21:24:08 +0000 (23:24 +0200)]
Make crypto_hash_init() easier for static analyzers
Avoid zero-length memset at the end of the buffer. This is not really
needed, but it makes the code a bit easier for static analyzers.
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 13 Nov 2011 21:19:19 +0000 (23:19 +0200)]
Make crypto_hash_init() easier for static analyzers
Avoid zero-length memset at the end of the buffer. This is not really
needed, but it makes the code a bit easier for static analyzers.
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 13 Nov 2011 21:14:57 +0000 (23:14 +0200)]
Make radius_msg_add_attr_user_password() easier for static analyzers
Explicitly validate data_len so that static analyzers do not get
confused about the padlen validation. This is not really needed, but it
makes the code a bit easier for static analyzers.
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 13 Nov 2011 20:59:33 +0000 (22:59 +0200)]
Make fips186_2_prf() easier for static analyzers
Explicitly validate seed_len to skip memset call with zero length
of copied data at the end of the buffer. This is not really needed,
but it makes the code a bit easier for static analyzers.
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 13 Nov 2011 20:47:14 +0000 (22:47 +0200)]
Make phase2_method initialization easier for static analyzers
data->phase2_method cannot really be NULL if
eap_fast_init_phase2_method() returns success, but this construction
seems to be too difficult for some static analyzers. While this change
is not really needed in practice, it makes it easier to go through
warnings from such analyzers.
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 13 Nov 2011 20:45:16 +0000 (22:45 +0200)]
Make time_adv use easier for static analyzers
hapd->time_adv cannot really be NULL if hostapd_update_time_adv()
returns success, but this construction seems to be too difficult
for some static analyzers. While this change is not really needed
in practice, it makes it easier to go through warnings from such
analyzers.
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 13 Nov 2011 20:39:57 +0000 (22:39 +0200)]
nl80211: Verify that global driver pointer is not NULL
driver_nl80211.c assumes that global driver pointer is set, so better
make this more consistent.
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 13 Nov 2011 20:33:32 +0000 (22:33 +0200)]
P2P: Verify that assoc req IEs are available for group update
Do not call p2p_group_notif_assoc() if the driver did not return
IEs from the association request.
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 13 Nov 2011 20:13:04 +0000 (22:13 +0200)]
Remove unnecessary include file inclusion
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 13 Nov 2011 19:43:31 +0000 (21:43 +0200)]
Use shared SHA-256 define for the block size
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 13 Nov 2011 19:36:23 +0000 (21:36 +0200)]
Make sha256_process() easier for static analyzers
md->curlen cannot indicate full buffer size here since the buffered
data is processed whenever the full block size of data is available.
Avoid invalid warnings from static analyzers on memcpy() outside the
buffer length by verifying that curlen is smaller than block size.
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 13 Nov 2011 18:57:32 +0000 (20:57 +0200)]
TLS: Fix double-free on error path
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 13 Nov 2011 18:54:44 +0000 (20:54 +0200)]
dbus: Remove unused default string for bridge_ifname
wpa_s->bridge_ifname is an array and cannot be NULL.
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 13 Nov 2011 17:47:51 +0000 (19:47 +0200)]
Add REAUTHENTICATE ctrl_iface command
This can be used to trigger EAPOL reauthentication which can be useful
for testing purposes.
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 13 Nov 2011 17:06:37 +0000 (19:06 +0200)]
Use a pre-processor macro to simplify event_to_string()
Signed-hostap: Jouni Malinen <j@w1.fi>
Ben Greear [Sun, 13 Nov 2011 17:01:38 +0000 (19:01 +0200)]
Print human readable driver event names
This makes it easier to understand the event related logs.
Signed-hostap: Ben Greear <greearb@candelatech.com>
Jouni Malinen [Sun, 13 Nov 2011 16:56:26 +0000 (18:56 +0200)]
Move wpa_scan_results_free() into shared C file
Replace the inline helper function with a new C file that can be used
for common driver API related function.
Signed-hostap: Jouni Malinen <j@w1.fi>
Fu Yingang [Sun, 13 Nov 2011 16:35:15 +0000 (18:35 +0200)]
Correct a spelling mistake
The word "targer" in the comments for pending_bssid of
wpa_supplicant data structure should be "target".
Jouni Malinen [Sun, 13 Nov 2011 09:29:17 +0000 (11:29 +0200)]
PEAP: Verify peap_prfplus() result
This function can fail in theory since the SHA-1 functions are
allowed to return an error. While this does not really happen in
practice (we would not get this far if SHA-1 does not work), it is
cleaner to include the error handling here to keep static analyzers
happier. [Bug 421]
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 13 Nov 2011 09:13:13 +0000 (11:13 +0200)]
Remove station functionality from hostap and madwifi driver wrappers
This has been obsoleted by the more generic Linux WEXT (driver_wext.c)
support. The hostap and madwifi driver wrappers can now be used only
with hostapd. The old station interface remains available in releases up
to 1.x.
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 13 Nov 2011 08:57:46 +0000 (10:57 +0200)]
Remove unmaintained driver wrappers
The driver wrappers broadcom, iphone, osx, and ralink have not been
maintained for a while and it does not look like they will be in the
future either. As such, remove them from the development branch. The
previous versions will be included in older releases up to 1.x.
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 13 Nov 2011 08:49:27 +0000 (10:49 +0200)]
Add test-https for testing internal TLS client functionality
This tool can be used to test the internal TLS client implementation
against HTTPS servers.
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 13 Nov 2011 08:47:04 +0000 (10:47 +0200)]
TLS: Add preliminary support for partial message processing
Reassemble partial TLS records to make the internal TLS client
implementation more convenient for stream sockets.
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 13 Nov 2011 08:42:06 +0000 (10:42 +0200)]
TLS: Fix block cipher padding validation
The padding validation was done on the last padding-length octets in the
buffer which misses the first padding octet (the last octet is the
padding length). Fix the starting offset for the comparison loop to get
the first octet verified. [Bug 420]
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 5 Nov 2011 11:04:02 +0000 (13:04 +0200)]
TLS: Clean up TLS record layer processing
Return number of user input bytes from tlsv1_record_receive() to
move this detail into the proper record layer processing. In addition,
ignore unknown content types at record layer and allow processing to
continue after warning level TLS alerts to provide minimal workaround
for closure alerts.
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 5 Nov 2011 11:02:31 +0000 (13:02 +0200)]
Add random.c into libcrypto.a
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Fri, 4 Nov 2011 20:10:54 +0000 (22:10 +0200)]
Fix test-x509v3 build
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Thu, 3 Nov 2011 20:17:41 +0000 (22:17 +0200)]
Move AP events for STA connected/disconnected into one function
Instead of trying to remember to add wpa_msg() calls for every possible
path where a STA becomes authorized or unauthorized, use
ap_sta_set_authorized() to send these events more consistently.
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Thu, 3 Nov 2011 20:04:17 +0000 (22:04 +0200)]
Fix some recent wpa_msg() calls in hostapd use correct context
wpa_msg() has to use hapd->msg_ctx instead of hapd as the context
pointer to work properly in wpa_supplicant AP mode.
Signed-hostap: Jouni Malinen <j@w1.fi>
Nicolas Cavallari [Thu, 3 Nov 2011 19:58:22 +0000 (21:58 +0200)]
hostapd: Send an event when an inactive station is removed
Currently, there is no events over the control interface
when a AP disconnects a station due to inactivity. With
this patch, an "AP-STA-DISCONNECTED" event will be sent.
Signed-hostap: Nicolas Cavallari <nicolas.cavallari@lri.fr>
Jouni Malinen [Thu, 3 Nov 2011 16:45:21 +0000 (18:45 +0200)]
ndis: Work around lack of C99 designated initializers in MSVC
Use a driver_ndis.c specific initialization function to fill in the
wpa_driver_ops information to make it easier to modify struct
wpa_driver_ops in the future. Being able to build driver_ndis.c
with MSVC was the only reason for having to maintain the same order
of function pointers in struct wpa_driver_ops and for having to
update driver_ndis.c for all changes in that structure.
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Thu, 3 Nov 2011 16:02:28 +0000 (18:02 +0200)]
wpa_cli: Fix compiler warnings on unused functions
Some of the parameter completion functions are only used if
CONFIG_P2P=y.
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Thu, 3 Nov 2011 16:00:57 +0000 (18:00 +0200)]
Include time.h to fix Windows builds
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Thu, 3 Nov 2011 15:48:31 +0000 (17:48 +0200)]
Remove obsoleted Qt3-based wpa_gui
This code has not been maintained for years and there is no plan on
doing so either in the future. The Qt4-based wpa_gui-qt4 version can be
used as a replacement for this older wpa_gui version.
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Thu, 3 Nov 2011 11:02:04 +0000 (13:02 +0200)]
Remove kerneldoc2doxygen.pl from hostap.git
This is a separate tool for preparing source code files for Doxygen.
It does not need to be distributed with hostap.git and it can now be
downloaded separately from http://w1.fi/tools/kerneldoc2doxygen-hostap.pl
by anyone who wants to build the developers' documents with Doxygen.
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Thu, 3 Nov 2011 10:19:44 +0000 (12:19 +0200)]
Update version number to 2.0-devel
hostap.git is now a development branch for 2.0 with 1.x releases
having been forked to hostap-1.git.
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Wed, 2 Nov 2011 08:48:26 +0000 (10:48 +0200)]
dbus: Fix some build combination without new D-Bus interface
Include common/defs.h to get full enum definitions to avoid compiler
errors without CONFIG_CTRL_IFACE_DBUS_NEW.
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Tue, 1 Nov 2011 08:39:49 +0000 (10:39 +0200)]
Fix Android library configuration with OpenSSL build
Commit
bf9d5518d55e314cad2dbac0715ce151b2807691 did not split
LOCAL_SHARED_LIBRARIES properly and ended up removing the needed
libraries.
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 30 Oct 2011 20:37:12 +0000 (22:37 +0200)]
Process RSN pre-authentication candidates when skipping roam
wpa_supplicant_rsn_preauth_scan_results() needs to be called to
update RSN pre-authentication candidates. This cannot be done before
the wpa_supplicant_connect() call on the first association, but when
trying to figure out whether to roam, it is fine to do so for the
case when roaming is skipped.
Signed-hostap: Jouni Malinen <j@w1.fi>
Yoni Divinsky [Sun, 30 Oct 2011 20:19:49 +0000 (22:19 +0200)]
Configure new GTK/IGTK to driver in case of TKIP countermeasures
The GTK is renewed in the hostapd after a MIC attack dissassociation
without informing the driver, causing decryption failures. This patch
sends the new GTK/IGTK to the driver after it is updated by the hostapd.
Signed-off-by: Yoni Divinsky <yoni.divinsky@ti.com>
Olivier Sobrie [Sun, 30 Oct 2011 20:10:40 +0000 (22:10 +0200)]
WPS: Send the credential when learning AP params in registrar role
When the supplicant acts as a registrar to learn the access point
parameters send the credentials to the wpa_cli interface after
receiving the 7th message. This is needed for proper behavior with
wps_cred_processing set to 1 or 2.
Without this patch, after the 7th message you got the WPS-CRED-RECEIVED
notification without the credentials. This was because the cred_attr and
cred_attr_len were not filled in in the wps structure.
Signed-off-by: Olivier Sobrie <olivier@sobrie.be>
Pavel Roskin [Sun, 30 Oct 2011 19:50:22 +0000 (21:50 +0200)]
random: Improve error messages about writing to entropy file
Jouni Malinen [Sun, 30 Oct 2011 18:33:08 +0000 (20:33 +0200)]
Clean up debug dump for scan results sorting
There is not much need for showing the interim qsort steps, so just show
the ordered results.
Signed-hostap: Jouni Malinen <j@w1.fi>
Gary Morain [Fri, 5 Aug 2011 23:23:12 +0000 (16:23 -0700)]
Prefer 5 GHz networks over 2.4 GHz networks
In scan.c, merge a channel's noise value into the scan results. When
comparing scan results, compute the signal-to-noise ratio and use it
when available. Prefer a 5 GHz network if its SNR is really big (> 30)
or if its SNR is relatively close to the other network's.
Jouni Malinen [Sun, 30 Oct 2011 10:49:26 +0000 (12:49 +0200)]
Ignore Michael MIC failure reports if cipher is not TKIP
Some stations have been reported to send EAPOL-Key Error Reports
indicating Michael MIC failures even when the cipher is not TKIP
(e.g., when the network is using only CCMP). Ignore such reports
to avoid starting TKIP countermeasures unnecessarily. This can
prevent certaint types of denial of service attacks by insiders,
but mostly this is to work around invalid station implementations.
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 30 Oct 2011 10:21:08 +0000 (12:21 +0200)]
Move Michael MIC error report processing into separate function
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 30 Oct 2011 10:43:30 +0000 (12:43 +0200)]
Fix TKIP countermeasures stopping in deinit paths
The eloop timeout to stop TKIP countermeasures has to be canceled
on deinit path to avoid leaving bogus timeouts behind.
Signed-hostap: Jouni Malinen <j@w1.fi>
Dan Williams [Mon, 24 Oct 2011 16:09:06 +0000 (11:09 -0500)]
Implement control request replies for the D-Bus interface
Add a D-Bus mechanism for clients to respond to the NetworkRequest
signal.
Signed-off-by: Dan Williams <dcbw@redhat.com>
Dan Williams [Mon, 24 Oct 2011 16:07:02 +0000 (11:07 -0500)]
Make control response processing available to other control interfaces
The D-Bus interface wants to use it too, so it makes sense
to have it generic.
Signed-off-by: Dan Williams <dcbw@redhat.com>
Dan Williams [Mon, 24 Oct 2011 16:04:40 +0000 (11:04 -0500)]
Add wpa_supplicant_ctrl_req_from_string()
Converts from a string to a control request enum when input
from a control interface is received. Will be used by a
subsequent patch.
Signed-off-by: Dan Williams <dcbw@redhat.com>
Dan Williams [Mon, 24 Oct 2011 16:03:04 +0000 (11:03 -0500)]
dbus: Implement EAP SM control request signals
Add a D-Bus signal for EAP SM requests. This signal is emitted on the
Interface object so that clients only have to listen to one object for
requests rather than to all network objects. This signal is analogous
to the socket control interface's CTRL-REQ- request.
Signed-off-by: Dan Williams <dcbw@redhat.com>
Dan Williams [Mon, 24 Oct 2011 16:00:19 +0000 (11:00 -0500)]
Use an enum for EAP SM requests
Control requests will be extended for non-EAP uses later, so it makes
sense to have them be generic. Furthermore, having them defined as an
enum is easier for processing internally, and more generic for control
interfaces that may not use field names. The public ctrl_req_type /
field_name conversion function will be used later by the D-Bus control
interface too.
Signed-off-by: Dan Williams <dcbw@redhat.com>