Michael Braun [Thu, 21 Jan 2016 13:52:01 +0000 (14:52 +0100)]
wpa_supplicant: Parse ifname argument from DATA_TEST_CONFIG
This is required to test tagged VLANs.
Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
Michael Braun [Thu, 21 Jan 2016 13:52:00 +0000 (14:52 +0100)]
VLAN: Add per-STA vif option
This allows the stations to be assigned to their own vif. It does not
need dynamic_vlan to be set. Make hostapd call ap_sta_set_vlan even if
!vlan_desc.notempty, so vlan_id can be assigned regardless.
Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
Michael Braun [Thu, 21 Jan 2016 13:51:59 +0000 (14:51 +0100)]
VLAN: Actually add tagged VLANs to AP_VLAN
This makes vlan_newlink() and vlan_dellink() add tagged VLANs to AP_VLAN
interfaces as given by struct vlan_description.
hostapd_vlan_if_remove() is done in vlan_dellink() as tagged interfaces
need to be removed before the interface can be deleted and a DELLINK
message can be generated.
Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
Michael Braun [Thu, 21 Jan 2016 13:51:58 +0000 (14:51 +0100)]
VLAN: Factor out per-vid code in newlink/dellink
To prepare for adding tagged VLAN support in vlan_init.c, vlan_newlink()
and vlan_dellink() are split into multiple functions. This reduces
indention and eases adding tagged VLANs as well.
Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
Michael Braun [Thu, 21 Jan 2016 13:51:57 +0000 (14:51 +0100)]
radius: Add tagged VLAN parsing
1. Add tagged VLAN to struct vlan_description
(compile limited number of tagged VLANs per description)
For k tagged VLANs, the first k entries in vlan_description.tagged
are used. They are sorted in ascending order. All other entries are
zero. This way os_memcmp() can find identical configurations.
2. Let tagged VLANs be parsed from RADIUS Access-Accept
3. Print VLAN %d+ with %d=untagged VID if tagged VLANs are set
4. Select an unused vlan_id > 4096 for new tagged VLAN configurations
5. Add EGRESS_VLAN RADIUS attribute parsing also for untagged VLANs
Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
Michael Braun [Thu, 21 Jan 2016 13:51:56 +0000 (14:51 +0100)]
VLAN: Separate station grouping and uplink configuration
Separate uplink configuration (IEEE 802.1q VID) and grouping of stations
into AP_VLAN interfaces.
The int vlan_id will continue to identify the AP_VLAN interface the
station should be assigned to. Each AP_VLAN interface corresponds to an
instance of struct hostapd_vlan that is uniquely identified by int
vlan_id within an BSS.
New: Each station and struct hostapd_vlan holds a struct
vlan_description vlan_desc member that describes the uplink
configuration requested. Currently this is just an int untagged IEEE
802.1q VID, but can be extended to tagged VLANs and other settings
easily.
When the station was about to be assigned its vlan_id, vlan_desc and
vlan_id will now be set simultaneously by ap_sta_set_vlan(). So
sta->vlan_id can still be tested for whether the station needs to be
moved to an AP_VLAN interface.
To ease addition of tagged VLAN support, a member notempty is added to
struct vlan_description. Is is set to 1 if an untagged or tagged VLAN
assignment is requested and needs to be validated. The inverted form
allows os_zalloc() to initialize an empty description.
Though not depended on by the code, vlan_id assignment ensures:
* vlan_id = 0 will continue to mean no AP_VLAN interface
* vlan_id < 4096 will continue to mean vlan_id = untagged vlan id
with no per_sta_vif and no extra tagged vlan.
* vlan_id > 4096 will be used for per_sta_vif and/or tagged vlans.
This way struct wpa_group and drivers API do not need to be changed in
order to implement tagged VLANs or per_sta_vif support.
DYNAMIC_VLAN_* will refer to (struct vlan_description).notempty only,
thus grouping of the stations for per_sta_vif can be used with
DYNAMIC_VLAN_DISABLED, but not with CONFIG_NO_VLAN, as struct
hostapd_vlan is still used to manage AP_VLAN interfaces.
MAX_VLAN_ID will be checked in hostapd_vlan_valid and during setup of
VLAN interfaces and refer to IEEE 802.1q VID. VLAN_ID_WILDCARD will
continue to refer to int vlan_id.
Renaming vlan_id to vlan_desc when type changed from int to struct
vlan_description was avoided when vlan_id was also used in a way that
did not depend on its type (for example, when passed to another
function).
Output of "VLAN ID %d" continues to refer to int vlan_id, while "VLAN
%d" will refer to untagged IEEE 802.1q VID.
Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
Jouni Malinen [Tue, 16 Feb 2016 16:30:55 +0000 (18:30 +0200)]
OpenSSL: Fix PKCS#12 parsing of extra certificates with OpenSSL 1.0.1
Commit
8bcf8de827e841a35841034edd6f8281a7a3aeba ('OpenSSL: Fix memory
leak in PKCS12 additional certificate parsing') tried to fix a memory
leak in both the 1.0.2(and newer) and 1.0.1 branches of PKCS12 parsing.
However, the 1.0.1 case was not properly tested and freeing of the
certificate after a successful SSL_CTX_add_extra_chain_cert() call
resulted in use of freed memory when going through the TLS handshake.
Fix this by not freeing the certificate in that specific case.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Tue, 16 Feb 2016 13:52:08 +0000 (15:52 +0200)]
wpa_cli: Clean up logical operation
While '!func() == 0' here resulted in correct behavior, it is not clear
and clang is starting to warn about this (-Wlogical-not-parentheses).
Use 'func()' instead as the condition to clear this.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Tue, 16 Feb 2016 13:49:28 +0000 (15:49 +0200)]
TDLS: Clean up os_memcmp use
Ciuple of the nonce comparisons used a strange '!os_memcmp() == 0' to
check if the values were different. While this resulted in correct
behavior, the construction is not exactly clear and clang has started
warning about this (-Wlogical-not-parentheses). Clean this up by using
'os_mecmp() != 0'.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Tue, 16 Feb 2016 13:28:16 +0000 (15:28 +0200)]
tests: Fix eap_proto_sake_errors with OpenSSL 1.1.0
The use of the newer OpenSSL API in openssl_hmac_vector() removes one of
the memory allocations, so the TEST_ALLOC_FAIL here could not trigger.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Tue, 16 Feb 2016 12:10:29 +0000 (14:10 +0200)]
trace: Free symbols on program exit
This makes valgrind memleak checks with CONFIG_WPA_TRACE=y somewhat
cleaner.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Tue, 16 Feb 2016 11:29:40 +0000 (13:29 +0200)]
OpenSSL: Fix memory leak in PKCS12 additional certificate parsing
The additional PKCS12 certificates were not freed properly in the loop
added in commit
de2a7b796d82d92120aa9532450863f503e1885a ('OpenSSL: Use
connection certificate chain with PKCS#12 extra certs').
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Tue, 16 Feb 2016 11:13:36 +0000 (13:13 +0200)]
OpenSSL: Fix memory leak in HMAC_CTX compatibility wrapper function
Commit
5c9a33702fd9e9ae9c349d6461a6621801d4f9cb ('OpenSSL: Clean up
crypto_hash_*() to use a single implementation') added a wrapper
function to allow the new OpenSSL API to be used with older OpenSSL
versions. However, the HMAC_CTX_free() wrapper was incorrectly skipping
the call to HMAC_CTX_cleanup() which is still needed to free the
resources OpenSSL allocated internally.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Mon, 15 Feb 2016 22:40:41 +0000 (00:40 +0200)]
OpenSSL: Fix memory leak in OCSP parsing
The result from OCSP_cert_to_id() needs to be freed.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Mon, 15 Feb 2016 22:35:34 +0000 (00:35 +0200)]
OpenSSL: Do not use library init/deinit functions with 1.1.0
SSL_library_init() does not work properly after EVP_cleanup() starting
from OpenSSL 1.1.0 pre release 3. The automated library init/deinit
functions in that pre release are supposed to handle all initialization
and deinitialiation, so comment out the explicit calls to these function
with OpenSSL 1.1.0 and newer.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Mon, 15 Feb 2016 22:34:42 +0000 (00:34 +0200)]
OpenSSL: Fix memory leak in subjectAltName parsing
The parsed data from X509_get_ext_d2i() needs to be freed.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Mon, 15 Feb 2016 22:33:27 +0000 (00:33 +0200)]
curl: Fix memory leak in subjectAltName parsing
The parsed data from X509_get_ext_d2i() needs to be freed.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Mon, 15 Feb 2016 22:30:43 +0000 (00:30 +0200)]
OpenSSL: Fix memory leak with EVP_CIPHER_CTX_new()
Commit
1eb87ae48d829b77e805de9ba71f958b53930c88 ('OpenSSL: Use
EVP_CIPHER_CTX_new() to work with OpenSSL 1.1.0') started using
EVP_CIPHER_CTX_new() to allocate EVP_CIPHER_CTX from heap instead of
using stack memory. This commit used incorrect EVP_CIPHER_CTX_reset()
function in number of cases when the allocated memory was supposed to be
freed instead of just reset for reuse. Fix this by using
EVP_CIPHER_CTX_free() properly.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Mon, 15 Feb 2016 22:14:47 +0000 (00:14 +0200)]
rfkill: Fix a memory leak
rfkill_init() uses realpath() which allocates memory and that memory was
not freed on the success path.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Mon, 15 Feb 2016 19:53:33 +0000 (21:53 +0200)]
OpenSSL: Fix memory leak on error path
If SSL_CTX_new(SSLv23_method()) fails, tls_init() error path did not
free the allocated struct tls_data instance.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Lior David [Mon, 8 Feb 2016 10:30:04 +0000 (12:30 +0200)]
wpa_supplicant: Basic support for PBSS/PCP
PBSS (Personal Basic Service Set) is a new BSS type for DMG
networks. It is similar to infrastructure BSS, having an AP-like
entity called PCP (PBSS Control Point), but it has few differences.
PBSS support is mandatory for IEEE 802.11ad devices.
Add a new "pbss" argument to network block. The argument is used
in the following scenarios:
1. When network has mode=2 (AP), when pbss flag is set will start
as a PCP instead of an AP.
2. When network has mode=0 (station), when pbss flag is set will
connect to PCP instead of AP.
The function wpa_scan_res_match() was modified to match BSS according to
the pbss flag in the network block (wpa_ssid structure). When pbss flag
is set it will match only PCPs, and when it is clear it will match only
APs.
Signed-off-by: Lior David <qca_liord@qca.qualcomm.com>
Lior David [Mon, 8 Feb 2016 10:16:45 +0000 (12:16 +0200)]
nl80211: Basic support for PBSS/PCP
PBSS (Personal Basic Service Set) is a new BSS type for DMG
networks. It is similar to infrastructure BSS, having an AP-like
entity called PCP (PBSS Control Point), but it has few differences.
PBSS support is mandatory for IEEE 802.11ad devices.
Add a pbss flag to the relevant structures to support starting a PCP and
connecting to a PCP. Implement support in the nl80211 driver by using
the new PBSS flag attribute.
Signed-off-by: Lior David <qca_liord@qca.qualcomm.com>
Jouni Malinen [Mon, 8 Feb 2016 20:12:57 +0000 (22:12 +0200)]
Sync with mac80211-next.git include/uapi/linux/nl80211.h
This brings in nl80211 definitions as of 2016-01-28.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 7 Feb 2016 19:14:45 +0000 (21:14 +0200)]
tests: EAP state machine status information
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 7 Feb 2016 19:05:02 +0000 (21:05 +0200)]
tests: Additional EAP-Finish local error coverage
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 7 Feb 2016 19:01:41 +0000 (21:01 +0200)]
EAP peer: Simplify buildNotify return
There is no need for the local variable and two return statements.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 7 Feb 2016 19:01:06 +0000 (21:01 +0200)]
tests: EAP Notification errors
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 7 Feb 2016 18:51:04 +0000 (20:51 +0200)]
Clean up EAP peer PCSC identity functions
Leave out more code if PCSC_FUNCS is not defined since config->pcsc != 0
case cannot be used with such a build.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 7 Feb 2016 18:43:48 +0000 (20:43 +0200)]
tests: EAP-Nak special cases
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 7 Feb 2016 18:35:35 +0000 (20:35 +0200)]
tests: Memory allocation failing for expanded EAP-Nak
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 7 Feb 2016 18:27:13 +0000 (20:27 +0200)]
tests: EAP-Success/Failure prior to any EAP method
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 7 Feb 2016 18:16:04 +0000 (20:16 +0200)]
tests: ERP init error case on allocation failure
Signed-off-by: Jouni Malinen <j@w1.fi>
Nick Lowe [Sun, 7 Feb 2016 10:11:46 +0000 (10:11 +0000)]
Use stronger PRNG for MS-MPPE-Send/Recv-Key salt
When generating a MS-MPPE-Send/Recv-Key, don't use a weak PRNG for the
salt.
Signed-off-by: Nick Lowe <nick.lowe@lugatech.com>
Jouni Malinen [Sun, 7 Feb 2016 16:08:02 +0000 (18:08 +0200)]
eloop: Clean up coding style for eloop debug prints
Signed-off-by: Jouni Malinen <j@w1.fi>
Roy Marples [Fri, 22 Jan 2016 20:28:25 +0000 (20:28 +0000)]
Implement kqueue(2) support via CONFIG_ELOOP_KQUEUE
NOTE: kqueue has to be closed and re-build after forking. epoll *should*
do the same, but it seems that wpa_supplicant doesn't need it at least.
I have re-worked a little bit of the epoll code (moved into a similar
kqueue function) so it's trivial to requeue epoll if needed in the
future.
Signed-off-by: Roy Marples <roy@marples.name>
Roy Marples [Fri, 22 Jan 2016 20:28:25 +0000 (20:28 +0000)]
eloop: Add eloop_sock_requeue()
This function can be used to re-build eloop socket tables after forking
for eloop implementations that need this.
Signed-off-by: Roy Marples <roy@marples.name>
Jörg Krause [Tue, 26 Jan 2016 15:28:53 +0000 (16:28 +0100)]
wpa_ctrl: Retry select() on EINTR
Retry select() if it was interrupted by a signal.
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Lubomir Rintel [Wed, 27 Jan 2016 16:02:07 +0000 (17:02 +0100)]
D-Bus: Don't do <deny send_interface="..." /> in dbus service file
It does more than intended; apart from denying messages to that
particular interface it also denies all messages non-qualified with an
interface globally. This blocks messages completely unrelated to
wpa_supplicant, such as NetworkManager communication with the VPN
plugins.
From the dbus-daemon manual:
Be careful with send_interface/receive_interface, because the
interface field in messages is optional. In particular, do NOT
specify <deny send_interface="org.foo.Bar"/>! This will cause
no-interface messages to be blocked for all services, which is almost
certainly not what you intended. Always use rules of the form: <deny
send_interface="org.foo.Bar" send_destination="org.foo.Service"/>
We can just safely remove those rules, since we're sufficiently
protected by the send_destination matches and method calls are
disallowed by default anyway.
Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
Jouni Malinen [Sat, 6 Feb 2016 19:24:48 +0000 (21:24 +0200)]
tests: Secure mesh network plink counting during reconnection
This verifies that num_plinks is decremented properly if a peer mesh STA
reconnects without closing the link explicitly.
Signed-off-by: Jouni Malinen <j@w1.fi>
Srinivasa Duvvuri [Sun, 31 Jan 2016 02:45:30 +0000 (18:45 -0800)]
mesh: Fix peer link counting when a mesh peer reconnects
When a mesh point reconnects by starting from Authentication frame
sequence, the plink count was not decremented from its last connection.
This resulted in leaking peer link count and causing wpa_supplicant to
reject the connection after max_peer_links (default: 99) reconnects.
This was reproduced by pre-configuring 2 mesh points with mesh
credentials. Boot both mesh points and make sure they connect to each
other. Then in a loop reboot one of the mesh points after it
successfully connects while leaving the other mesh point up and running.
After 99 iterations the supplicant on mesh point that is not rebooting
will reject the connection request from the other mesh point.
Fix this by decrementing num_plinks when freeing a STA entry that is
still in PLINK_ESTAB state.
Signed-off-by: Srinivasa Duvvuri <sduvvuri@chromium.org>
Avraham Stern [Mon, 25 Jan 2016 10:28:49 +0000 (12:28 +0200)]
P2P: Fall back to no VHT when starting AP/P2P GO
In cases where the bandwidth is not set when starting an AP/P2P GO,
the code tries to use 160 MHz or 80 MHz channels. As a result, the
AP/P2P GO configuration is set to use these channel widths even if
they are not available, which may results in failing to start the
AP/P2P GO.
Fix this by changing the AP/P2P GO configuration not to use VHT channels
when they are not available. In this case the AP/P2P GO will use a 40
MHz channel, if available, or a 20 MHz channel, if this is the maximum
available width.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
Avraham Stern [Mon, 25 Jan 2016 10:28:48 +0000 (12:28 +0200)]
P2P: Reduce off channel wait time for some P2P Action frames
Setting a long off channel wait time for P2P Action frames when
we know we are already on the right channel may cause a delay in
sending the Action frame (because the driver may not be able to
satisfy the request for long wait time until previous off channel
requests are over). This may be crucial for P2P response frames
that must be sent within 100 milliseconds of receiving the request.
Fix this by adjusting P2P Action frame wait times as follows:
1. For GO Negotiation Response frame, shorten the wait time to 100 ms.
This is reasonable because the peer has just sent us the GO
Negotiation Request frame, so it is known to be on the right
channel and is probably ready to send us the GO Negotiation
Confirmation frame without delay.
2. For GO Negotiation Confirmation, P2P Invitation Response, and
Provision Discovery Response frames, there is no need for wait
time at all as this is the last frame in the exchange. So set
the wait time to 50 ms to ensure there is enough time to send the
frame.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
Jouni Malinen [Sat, 6 Feb 2016 14:27:52 +0000 (16:27 +0200)]
RADIUS: Share a single function for generating session IDs
There is no need to maintain three copies of this functionality even if
it is currently implemented as a single function call.
Signed-off-by: Jouni Malinen <j@w1.fi>
Nick Lowe [Wed, 27 Jan 2016 13:22:48 +0000 (13:22 +0000)]
RADIUS: Redesign Request Authenticator generation
Simplify and make properly random the generation of the Request
Authenticator.
Signed-off-by: Nick Lowe <nick.lowe@lugatech.com>
Nick Lowe [Mon, 25 Jan 2016 16:49:59 +0000 (16:49 +0000)]
Send an Acct-Multi-Session-Id attribute in Access-Request packets
Previously, this was included only in Accounting-Request packets.
Signed-off-by: Nick Lowe <nick.lowe@lugatech.com>
Nick Lowe [Mon, 25 Jan 2016 10:43:33 +0000 (10:43 +0000)]
Add Acct-Session-Id to Accounting-On/Off
An Acct-Session-Id is required on Accounting-On and Accounting-Off forms
of Accounting-Request.
Signed-off-by: Nick Lowe <nick.lowe@lugatech.com>
Nick Lowe [Sun, 24 Jan 2016 11:37:46 +0000 (11:37 +0000)]
RADIUS: Use more likely unique accounting Acct-{,Multi-}Session-Id
Rework the Acct-Session-Id and Acct-Multi-Session-Id implementation to
give better global and temporal uniqueness. Previously, only 32-bits of
the Acct-Session-Id would contain random data, the other 32-bits would
be incremented. Previously, the Acct-Multi-Session-Id would not use
random data. Switch from two u32 variables to a single u64 for the
Acct-Session-Id and Acct-Multi-Session-Id. Do not increment, this serves
no legitimate purpose. Exclusively use os_get_random() to get quality
random numbers, do not use or mix in the time. Inherently take a
dependency on /dev/urandom working properly therefore. Remove the global
Acct-Session-Id and Acct-Multi-Session-Id values that serve no
legitimate purpose.
Signed-off-by: Nick Lowe <nick.lowe@lugatech.com>
Jouni Malinen [Sat, 6 Feb 2016 14:31:28 +0000 (16:31 +0200)]
EAPOL auth: Move radius_cui/identity freeing to eapol_auth_free()
These can get allocated within eapol_auth_alloc(), so it is more logical
to free them in eapol_auth_free() instead of ieee802_1x_free_station()
that ends up calling eapol_auth_free().
Signed-off-by: Jouni Malinen <j@w1.fi>
Roshan Pius [Thu, 21 Jan 2016 23:15:13 +0000 (15:15 -0800)]
wpa_supplicant: Fix couple of C++ compiler errors with header files
Need to include these headers in C++ files for adding a binder interface
to wpa_supplicant. So, fix the following C++ compiler errors in them:
1. Add explicit C-style casts in wpa_buf.h header.
2. Move the nested definition of wpa_driver_scan_ssid in driver.h
outside of wpa_driver_scan_params because it is used in another
structure below.
Signed-off-by: Roshan Pius <rpius@google.com>
Jouni Malinen [Sat, 6 Feb 2016 11:23:42 +0000 (13:23 +0200)]
tests: Additional EAP-FAST PAC coverage
Signed-off-by: Jouni Malinen <j@w1.fi>
Nick Lowe [Sun, 24 Jan 2016 11:38:40 +0000 (11:38 +0000)]
Add Event-Timestamp to all Accounting-Request packets
Event-Timestamp should be sent for all Accounting-Request packets and
only after the system clock has a sane value, not where there's a value
close to the Unix time epoch.
Signed-off-by: Nick Lowe <nick.lowe@lugatech.com>
Max Stepanov [Mon, 25 Jan 2016 10:28:50 +0000 (12:28 +0200)]
GAS: Calculate response buffer length of ANQP elements
Calculate the required length needed for the extra ANQP elements added
to GAS response buffer instead of using fixed size and truncating the
response if there was not sufficient space.
Signed-off-by: Max Stepanov <Max.Stepanov@intel.com>
Jouni Malinen [Fri, 5 Feb 2016 23:09:42 +0000 (01:09 +0200)]
tests: PKCS#12 with extra certs on the server
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Ayala Beker [Mon, 25 Jan 2016 10:28:47 +0000 (12:28 +0200)]
OpenSSL: Fix server side PKCS#12 processing with extra certificates
Fix a possible null pointer dereference in tls_parse_pkcs12() when
loading a PKCS#12 file for the server keys and the file includes extra
certificates.
Signed-off-by: Ayala Beker <ayala.beker@intel.com>
Ayala Beker [Mon, 25 Jan 2016 10:28:46 +0000 (12:28 +0200)]
OpenSSL: Fix possible null pointer dereference on an OCSP error path
Fix possible null pointer dereference in check_ocsp_resp() if an memory
allocation fails.
Signed-off-by: Ayala Beker <ayala.beker@intel.com>
Roy Marples [Fri, 5 Feb 2016 16:11:50 +0000 (16:11 +0000)]
Remove -w support from wpa_supplicant README
wpa_supplicant dropped the -w option long long time ago..
Signed-off-by: Roy Marples <roy@marples.name>
Jouni Malinen [Fri, 5 Feb 2016 22:28:16 +0000 (00:28 +0200)]
tests: EAP-FAST and binary PAC errors
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Fri, 5 Feb 2016 22:26:31 +0000 (00:26 +0200)]
EAP-FAST: Fix an error path in PAC binary format parsing
Need to clear the pac pointer for the first error case to avoid freeing
the previous PAC entry if the following entry has an invalid header.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
John Ernberg [Mon, 1 Feb 2016 12:04:57 +0000 (12:04 +0000)]
D-Bus: Fix p2p interface capability message
If the config file for the interface says "p2p_disabled=1", don't report
p2p capabilities on this interface. This helps programs like Connman to
not enable p2p when it's been disabled in wpa_supplicant.
Signed-off-by: John Ernberg <john.ernberg@actia.se>
Nick Lowe [Mon, 25 Jan 2016 10:53:28 +0000 (10:53 +0000)]
Do not send Acct-Authentic in Accounting-On/Off
Acct-Authentic is used to indicate how the user was authenticated and as
such, should not be sent in Accounting-On and Accounting-Off.
Signed-off-by: Nick Lowe <nick.lowe@lugatech.com>
Nick Lowe [Sun, 24 Jan 2016 10:20:33 +0000 (10:20 +0000)]
RADIUS: Do not include Acct-Terminate-Cause in Accounting-On/Off
Per RFC 2866, 5.10, it is invalid to send Acct-Terminate-Cause in
Accounting-On and Accounting-Off (this is included only when
Acct-Status-Type is set to Stop).
Signed-off-by: Nick Lowe <nick.lowe@lugatech.com>
Eduardo Abinader [Thu, 21 Jan 2016 10:26:35 +0000 (11:26 +0100)]
Make fallback from HT40 to HT20 work
Ensure that if it is not possible to configure an allowed 20 MHz
channel pair, hostapd falls back to a single 20 MHz channel.
Signed-off-by: Eduardo Abinader <eabinader@ocedo.com>
Jouni Malinen [Fri, 5 Feb 2016 15:51:24 +0000 (17:51 +0200)]
tests: Allow fallback to 20 MHz in ap_ht40_5ghz_invalid_pair
This test case for enforcing that AP setup fails in case there is need
to fall back to 20 MHz channel due to invalid 40 MHz configuration.
Modify this to allow successful AP startup as long as 40 MHz channel
does not get enabled.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Roy Marples [Wed, 20 Jan 2016 17:13:12 +0000 (17:13 +0000)]
BSD: Zero ifindex on interface removal
If an interface is removed, zero the remembered ifindex.
Don't try to set properties on the interface when it is removed.
Signed-off-by: Roy Marples <roy@marples.name>
Rubin Xu [Tue, 10 Nov 2015 17:14:51 +0000 (17:14 +0000)]
Android: Support multiple CA certs when connecting to EAP network
In the Android-specific case, make ca_cert directive parse a
space-separated list of hex-encoded CA certificate aliases following the
"keystores://" prefix. Server certificate validation should succeed as
long as the chain ends with one of them.
Signed-off-by: Rubin Xu <rubinxu@google.com>
Jouni Malinen [Fri, 5 Feb 2016 15:07:48 +0000 (17:07 +0200)]
tests: WNM BSS Transition Management with invalid operating class
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Fri, 5 Feb 2016 15:06:06 +0000 (17:06 +0200)]
WNM: Workaround for broken AP operating class behavior
Some APs do not advertise operating classes correctly for BSS Transition
Management. Try to determine the most likely operating frequency based
on the channel number (1..14 --> 2.4 GHz; 36..169 --> 5 GHz) if invalid
op_class == 0 is received in a BSS Transition Management Request. This
speeds up the following operating by avoiding a full scan due to an
unknown channel.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Roy Marples [Tue, 19 Jan 2016 17:48:01 +0000 (17:48 +0000)]
BSD: Disable interface on down
Instead of removing the interface when downed, disable it. Enable it
when it comes back up again.
Signed-off-by: Roy Marples <roy@marples.name>
Roy Marples [Tue, 19 Jan 2016 16:36:45 +0000 (16:36 +0000)]
BSD: Use correct ifindex from route messages
Use the interface index from the correct structure according to the
message instead of assuming rtm_index is correct.
Signed-off-by: Roy Marples <roy@marples.name>
Roy Marples [Tue, 19 Jan 2016 15:33:17 +0000 (15:33 +0000)]
BSD: __FUNCTION__ -> __func__
Signed-off-by: Roy Marples <roy@marples.name>
Jouni Malinen [Thu, 4 Feb 2016 21:47:47 +0000 (23:47 +0200)]
OSU: Add debug printing of more LogotypeExtn fields
Couple of the image info fields were not printed previously in debug
log. Add those to make this more complete.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Wed, 3 Feb 2016 10:58:07 +0000 (12:58 +0200)]
Add the selector suite into wpa_parse_wpa_ie_rsn() "invalid group cipher"
This makes it easier to debug AP selection issues in case of a invalid
RSN element or use of customer cipher suites that are not supported by
wpa_supplicant.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Tue, 2 Feb 2016 11:27:32 +0000 (13:27 +0200)]
tests: P2P persistent group re-invocation with peer having dropped info
This verifies that the persistent group information gets dropped based
on peer response (unknown group) and that a new group formation can be
completed after such invitation failure.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Mon, 1 Feb 2016 22:24:50 +0000 (00:24 +0200)]
tests: EAP-TLS error cases
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 31 Jan 2016 17:13:27 +0000 (19:13 +0200)]
tests: EAP-TLS protocol tests
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Mon, 1 Feb 2016 09:27:13 +0000 (11:27 +0200)]
tests: Generate new certificates for Suite B test cases
The previous version expired in January. The new ones are from running
ec-generate.sh and ec2-generate.sh again.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Thu, 17 Dec 2015 16:39:19 +0000 (18:39 +0200)]
VHT: Add an interoperability workaround for 80+80 and 160 MHz channels
Number of deployed 80 MHz capable VHT stations that do not support 80+80
and 160 MHz bandwidths seem to misbehave when trying to connect to an AP
that advertises 80+80 or 160 MHz channel bandwidth in the VHT Operation
element. To avoid such issues with deployed devices, modify the design
based on newly proposed IEEE 802.11 standard changes.
This allows poorly implemented VHT 80 MHz stations to connect with the
AP in 80 MHz mode. 80+80 and 160 MHz capable stations need to support
the new workaround mechanism to allow full bandwidth to be used.
However, there are more or less no impacted station with 80+80/160
capability deployed.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Purushottam Kushwaha [Fri, 15 Jan 2016 11:31:03 +0000 (11:31 +0000)]
nl8021: Avoid potential memory leak on error path
The called function nl80211_ht_vht_overrides() was not freeing "msg"
resource in error cases.
Signed-off-by: Purushottam Kushwaha <p.kushwaha@samsung.com>
Jouni Malinen [Fri, 15 Jan 2016 18:25:38 +0000 (20:25 +0200)]
tests: Verify that ip_addr_* gets written to config file
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Purushottam Kushwaha [Fri, 15 Jan 2016 11:00:06 +0000 (11:00 +0000)]
Allow re-write of ip_addr* configurations to conf file.
This patch keeps ip_addr* configuration in conf file while
updating supplicant conf file either internally by supplicant or
due to save_config command.
Signed-off-by: Purushottam Kushwaha <p.kushwaha@samsung.com>
Signed-off-by: Avichal Agarwal <avichal.a@samsung.com>
Purushottam Kushwaha [Fri, 15 Jan 2016 10:58:08 +0000 (10:58 +0000)]
dbus: Restrict DeviceName size to 32 characters in setter
The maximum WPS Device Name length is 32 characters and that limit was
already enforced for the control interface and configuration files.
Signed-off-by: Purushottam Kushwaha <p.kushwaha@samsung.com>
Roy Marples [Thu, 14 Jan 2016 15:35:25 +0000 (15:35 +0000)]
Sort options and reduce printf calls in wpa_supplicant usage text
Signed-off-by: Roy Marples <roy@marples.name>
Jouni Malinen [Fri, 15 Jan 2016 18:04:41 +0000 (20:04 +0200)]
Fix wpa_supplicant build with IEEE8021X_EAPOL=y and CONFIG_NO_WPA=y
The PMKSA caching and RSN pre-authentication components were marked as
conditional on IEEE8021X_EAPOL. However, the empty wrappers are needed
also in a case IEEE8021X_EAPOL is defined with CONFIG_NO_WPA.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Fri, 15 Jan 2016 17:16:07 +0000 (19:16 +0200)]
tests: Roam between two WPA2-PSK APs and try to hit a disconnection race
This is a regression test case for hostapd bug where the
disconnection/deauthentication TX status callback timeout could be
forgotten after new association if no ACK frame was received and the STA
managed to reconnect within two seconds.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Fri, 15 Jan 2016 17:17:40 +0000 (19:17 +0200)]
AP: Print interface name in more STA events
This makes it easier to follow a debug log from a hostapd process that
manages multiple interfaces.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Fri, 15 Jan 2016 17:28:58 +0000 (19:28 +0200)]
AP: Fix Deauth/Disassoc TX status timeout handling
The ap_sta_deauth_cb and ap_sta_disassoc_cb eloop timeouts are used to
clear a disconnecting STA from the kernel driver if the STA did not ACK
the Deauthentication/Disassociation frame from the AP within two
seconds. However, it was possible for a STA to not ACK such a frame,
e.g., when the disconnection happened due to hostapd pruning old
associations from other BSSes and the STA was not on the old channel
anymore. If that same STA then started a new authentication/association
with the BSS, the two second timeout could trigger during this new
association and result in the STA entry getting removed from the kernel.
Fix this by canceling these eloop timeouts when receiving an indication
of a new authentication or association.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Fri, 15 Jan 2016 16:41:30 +0000 (18:41 +0200)]
EAP peer: Use ifdef PCSC_FUNCS to get rid of compiler warnings
clang started warning about the use of || with constants that came from
PCSC_FUNCS not being enabled in the build. It seems to be easier to just
ifdef this block out completely since that has the same outcome for
builds that do not include PC/SC support.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Fri, 15 Jan 2016 16:40:21 +0000 (18:40 +0200)]
FST: Get rid of gcc extensions in structure/array initialization
These constructions were causing warnings when build with clang.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Fri, 15 Jan 2016 16:39:03 +0000 (18:39 +0200)]
hs20-osu-client: Fix check for osu_nai being available
This is an array, so the pointer is never NULL; need to check that the
first character is not '\0' instead.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Fri, 15 Jan 2016 16:18:25 +0000 (18:18 +0200)]
tests: Fix EAP-SAKE error test case coverage
This was missing the second eap_sake_compute_mic() call in
eap_sake_process_confirm().
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Fri, 15 Jan 2016 15:42:13 +0000 (17:42 +0200)]
tests: More EAP-MSCHAPv2 error coverage
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Fri, 15 Jan 2016 14:27:13 +0000 (16:27 +0200)]
tests: Fix wpas_ctrl_oom
The OpenSSL memory allocation changes broke this test case. Fix this by
removing the cases that do not get triggered anymore and add a separate
wpas_ctrl_error test case to cover the fail_test() versions of errors.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Fri, 15 Jan 2016 12:17:16 +0000 (14:17 +0200)]
OpenSSL: Clean up openssl_digest_vector() to use a single implementation
Use compatibility wrapper functions to allow a single implementation
based on the latest OpenSSL API to be used to implement these functions
instead of having to maintain two conditional implementation based on
the library version.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Fri, 15 Jan 2016 12:14:07 +0000 (14:14 +0200)]
OpenSSL: Clean up crypto_hash_*() to use a single implementation
Use compatibility wrapper functions to allow a single implementation
based on the latest OpenSSL API to be used to implement these functions
instead of having to maintain two conditional implementation based on
the library version.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Fri, 15 Jan 2016 12:06:46 +0000 (14:06 +0200)]
LibreSSL: Fix build with LibreSSL
The changes needed for OpenSSL 1.1.0 had broken this since LibreSSL is
defining OPENSSL_VERSION_NUMBER in a manner that claims it to be newer
than the current OpenSSL version even though it does not support the
current OpenSSL API.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Fri, 15 Jan 2016 11:37:15 +0000 (13:37 +0200)]
EAP-TTLS peer: Fix success after fragmented final Phase 2 message
If the final Phase 2 message needed fragmentation, EAP method decision
was cleared from UNCOND_SUCC or COND_SUCC to FAIL and that resulted in
the authentication failing when the EAP-Success message from the server
got rejected. Fix this by restoring the EAP method decision after
fragmentation.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Fri, 15 Jan 2016 08:37:04 +0000 (10:37 +0200)]
tests: Clean up eap_proto_ikev2
Use helper variable to indicate end of the test case instead of having
to use a fixed length of the loop.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Fri, 15 Jan 2016 08:36:41 +0000 (10:36 +0200)]
tests: EAP-IKEv2 with default fragment_size
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Thu, 14 Jan 2016 23:15:11 +0000 (01:15 +0200)]
tests: More EAP-SIM and EAP-AKA local error coverage
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Thu, 14 Jan 2016 17:46:14 +0000 (19:46 +0200)]
tests: fail_test instead of alloc_fail for aes_{encrypt,decrypt}_init
This is needed to fix ap_wpa2_eap_psk_oom, ap_wpa2_eap_sim_oom,
eap_proto_psk_errors, and ap_ft_oom with the new OpenSSL dynamic memory
allocation design.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
projects / mech_eap.git / log