Jouni Malinen [Fri, 11 Sep 2009 14:13:59 +0000 (17:13 +0300)]
WPS: Add parsing of AP Setup Locked attribute
Jouni Malinen [Fri, 11 Sep 2009 13:45:34 +0000 (16:45 +0300)]
Fix driver_test for hostapd
Commit
0b55b934ee6243f2682524b0a733cc1468e20050 broke this by not
initializing drv->ap = 1 in hostapd case since the mode updating
code ended up unlinking the socket file. Setting drv->ap = 1
removes the mode change and as such, unlinking of the socket file.
Jouni Malinen [Fri, 11 Sep 2009 13:36:59 +0000 (16:36 +0300)]
Convert WPS IE concat routine to a generic helper
This may also be needed in wpa_supplicant and potentially for other
IE types, too.
Jouni Malinen [Thu, 10 Sep 2009 21:22:35 +0000 (00:22 +0300)]
driver_test: Update BSS data when using wpa_supplicant AP mode
Jouni Malinen [Thu, 10 Sep 2009 21:17:35 +0000 (00:17 +0300)]
driver_test: Implement set_mode for wpa_supplicant AP deinit
Jouni Malinen [Thu, 10 Sep 2009 14:41:29 +0000 (17:41 +0300)]
driver_test: Preliminary support for wpa_supplicant AP functionality
Jouni Malinen [Thu, 10 Sep 2009 14:03:51 +0000 (17:03 +0300)]
driver_test: Share the same deinit() for hostapd and wpa_supplicant
Jouni Malinen [Thu, 10 Sep 2009 13:52:03 +0000 (16:52 +0300)]
driver_test: Merge socket_dir into test_dir
Jouni Malinen [Thu, 10 Sep 2009 13:48:10 +0000 (16:48 +0300)]
driver_test: Some additional merging of send_mlme
Jouni Malinen [Thu, 10 Sep 2009 13:30:35 +0000 (16:30 +0300)]
driver_test: Claim AP mode capability for wpa_supplicant
Jouni Malinen [Thu, 10 Sep 2009 13:28:47 +0000 (16:28 +0300)]
driver_test: Build most of code in unconditionally
It is simpler to just build in all the test driver code regardless
of whether this is for hostapd or wpa_supplicant (which will eventually
get AP mode support with driver_test, too).
Jouni Malinen [Thu, 10 Sep 2009 13:18:04 +0000 (16:18 +0300)]
driver_test: Merge wpa_supplicant and hostapd data structures
There is no real need to keep these in separate data structures with
different names.
Jouni Malinen [Thu, 10 Sep 2009 11:43:08 +0000 (14:43 +0300)]
wpa_gui-qt4: Add context menu for peers dialog
Replace the clicked() event with more appropriate context menu
and add a WPS PIN entry as an example command.
Alex Badea [Wed, 9 Sep 2009 20:54:03 +0000 (23:54 +0300)]
radius_server: clean up completed sessions sooner
radius_server_encapsulate_eap() resets sess->eap->if->eap{Success,Fail}
to FALSE, such that the completion condition is never true.
The net effect is that completed sessions would linger for
RADIUS_SESSION_TIMEOUT seconds.
Signed-off-by: Alex Badea <vamposdecampos@gmail.com>
Previously, the default settings allowed 100 sessions in 60 seconds.
With this fix, the default limit is now 100 sessions per 10 seconds.
[Bug 329]
Jouni Malinen [Wed, 9 Sep 2009 08:11:42 +0000 (11:11 +0300)]
wpa_gui-qt4: Include cstdio to avoid some compiler issues
It looks like some build systems do not find snprintf() here unless
cstdio is included explicitly.
Jouni Malinen [Tue, 8 Sep 2009 13:28:41 +0000 (16:28 +0300)]
wpa_gui-qt4: Add a new window for showing peer information
This provides some initial functionality for showing peer information,
i.e., showing information about other devices that has been discovered.
Currently, information is only available in the AP mode (list of
associated stations), but this is expected to increase in the future
(e.g., show the current AP in station mode, other stations in IBSS,
etc.). Furthermore, there will be actions available for doing things
like providing a WPS PIN for a station.
Jouni Malinen [Tue, 8 Sep 2009 09:58:02 +0000 (12:58 +0300)]
Add station table query to wpa_supplicant AP ctrl_iface
"wpa_cli all_sta" and "wpa_cli sta <addr>" can now be used to fetch
information about stations associated with the
wpa_supplicant-controlled AP.
Jouni Malinen [Tue, 8 Sep 2009 09:56:07 +0000 (12:56 +0300)]
Move STA list ctrl_iface handlers to a separate file
This makes it easier to share the hostapd station table query
functionality with wpa_supplicant AP mode operations.
Jouni Malinen [Mon, 7 Sep 2009 19:09:13 +0000 (22:09 +0300)]
WPS: Store device info and make it available through AP ctrl_iface
Store a copy of device attributes during WPS protocol run and make it
available for external programs via the control interface STA MIB
command for associated stations. This gives access to device name and
type which can be useful when showing user information about associated
stations.
Jouni Malinen [Sun, 6 Sep 2009 10:58:15 +0000 (13:58 +0300)]
WPS: Add support for AP reconfiguration with wps_reg
wpa_supplicant can now reconfigure the AP by acting as an External
Registrar with the wps_reg command. Previously, this was only used
to fetch the current AP settings, but now the wps_reg command has
optional arguments which can be used to provide the new AP
configuration. When the new parameters are set, the WPS protocol run
is allowed to continue through M8 to reconfigure the AP instead of
stopping at M7.
Jouni Malinen [Sun, 6 Sep 2009 10:55:01 +0000 (13:55 +0300)]
Fix WPA reconfiguration to update GTK
The group key state machine needs to be re-initialized with possible
updated GTK length when restarting WPA (e.g., when WPS was used to
reconfigure the AP).
Jouni Malinen [Fri, 4 Sep 2009 15:04:41 +0000 (18:04 +0300)]
Delay processing of EAPOL frames when not associated
If an EAPOL frame is received while wpa_supplicant thinks the driver is
not associated, queue the frame for processing at the moment when the
association event is received. This is a workaround to a race condition
in receiving data frames and management events from the kernel.
The pending EAPOL frame will not be processed unless an association
event is received within 100 msec for the same BSSID.
Jouni Malinen [Fri, 4 Sep 2009 13:39:41 +0000 (16:39 +0300)]
nl80211: Ignore connect/roam/disconnect events when using SME
Getting double association/disassociation events can get core code
confused, so better filter out the extra events.
Zhu Yi [Thu, 3 Sep 2009 18:31:29 +0000 (21:31 +0300)]
nl80211: Connect API support
If the driver does not support separate authentication and association
steps, use the connect API instead.
Zhu Yi [Thu, 3 Sep 2009 17:39:59 +0000 (20:39 +0300)]
nl80211: Add connect/disconnect event processing
Zhu Yi [Thu, 3 Sep 2009 17:36:09 +0000 (20:36 +0300)]
nl80211: Check whether the driver support separate auth/assoc commands
This is an initial step in adding support for the new connect command.
For now, we just add the capability query. The actual use of the new
command will be added separately.
Zhu Yi [Thu, 3 Sep 2009 17:21:18 +0000 (20:21 +0300)]
nl80211: Use defines for cipher suite selectors
Chuck Tuffli [Wed, 26 Aug 2009 20:51:12 +0000 (23:51 +0300)]
Fix comment in wpa_supplicant_event_associnfo
Found what I think is a copy/paste error in the comments for the .11r
code.
Masashi Honma [Wed, 26 Aug 2009 20:40:51 +0000 (23:40 +0300)]
OpenBSD: wired IEEE 802.1X for OpenBSD
This is a patch for OpenBSD wired IEEE 802.1X. This is only for wired,
not wireless, because OpenBSD uses wpa_supplicant only on wired now.
http://www.openbsd.org/cgi-bin/cvsweb/ports/security/wpa_supplicant/
I have tested with these.
OS : OpenBSD 4.5
EAP : EAP-TLS
Switch : CentreCOM 8724SL
Masashi Honma [Wed, 26 Aug 2009 20:34:54 +0000 (23:34 +0300)]
WPS: Aggregate deinit calls in WPS OOB
In WPS OOB, deinit_func() is called from 3 locations.
This patch aggregates these to one.
Witold Sowa [Wed, 26 Aug 2009 17:18:24 +0000 (20:18 +0300)]
Fix a bug with ap_rx_from_unknown_sta() recursion
ap_rx_from_unknown_sta was going into infinite recursion,
or could even crash because of corrupted pointer cast.
Jouni Malinen [Wed, 26 Aug 2009 09:10:50 +0000 (12:10 +0300)]
nl80211: Use two sockets to avoid mixing command replies with events
Previously, both the command replies and unsolicited events were
received from the same socket. This could cause problems if an event
message is received between a command and the response to that command.
Using two sockets avoids this issue.
Jouni Malinen [Sun, 23 Aug 2009 18:32:27 +0000 (21:32 +0300)]
Disable PMTU discovery for RADIUS packets (sent them without DF)
When Linux has Path MTU discovery enabled, it sets by default the DF bit
on all outgoing datagrams, also UDP ones. If a RADIUS message is bigger
than the smallest MTU size to the target, it will be discarded.
This effectively limits RADIUS messages to ~ 1500 Bytes, while they can
be up to 4k according to RFC2865. In practice, this can mean trouble
when doing EAP-TLS with many RADIUS attributes besides the EAP-Message.
[Bug 326]
Stefan Winter [Sun, 23 Aug 2009 18:21:25 +0000 (21:21 +0300)]
Disable PMTU discovery for RADIUS packets (sent them without DF)
When Linux has Path MTU discovery enabled, it sets by default the DF bit
on all outgoing datagrams, also UDP ones. If a RADIUS message is bigger
than the smallest MTU size to the target, it will be discarded.
This effectively limits RADIUS messages to ~ 1500 Bytes, while they can
be up to 4k according to RFC2865. In practice, this can mean trouble
when doing EAP-TLS with many RADIUS attributes besides the EAP-Message.
[Bug 326]
Jouni Malinen [Sun, 23 Aug 2009 18:00:38 +0000 (21:00 +0300)]
Reject X.509 certificate strings with embedded NUL characters
These could, at least in theory, be used to generate unexpected common
name or subject alternative name matches should a CA sign strings with
NUL (C string termination) in them. For now, just reject the certificate
if an embedded NUL is detected. In theory, all the comparison routines
could be made to compare these strings as binary blobs (with additional
X.509 rules to handle some exceptions) and display NUL characters
somehow. Anyway, just rejecting the certificate will get rid of
potential problems with the C string getting terminated and it should
not really be used in certificates, so this should not break valid use
cases.
Jouni Malinen [Tue, 18 Aug 2009 08:33:40 +0000 (11:33 +0300)]
Sync with linux/nl80211.h from wireless-testing.git
Jouni Malinen [Mon, 17 Aug 2009 17:27:25 +0000 (20:27 +0300)]
Remove unneeded aes_i.h inclusion from number of places
The BLOCK_SIZE define can be made more specific by using AES_ prefix and
by moving it to aes.h. After this, most aes-*.c do not really need to
include anything from the internal aes_i.h header file. In other words,
aes_i.h can now be used only for the code that uses the internal AES
block operation implementation and none of the code that can use AES
implementation from an external library do not need to include this
header file.
Jouni Malinen [Sun, 16 Aug 2009 19:35:15 +0000 (22:35 +0300)]
Verify that EAPOL-Key MIC generation succeeds
This can now fail, e.g., if trying to use TKIP in FIPS mode.
Jouni Malinen [Sun, 16 Aug 2009 19:28:40 +0000 (22:28 +0300)]
Verify that RC4 operation succeeds
Jouni Malinen [Sun, 16 Aug 2009 19:26:59 +0000 (22:26 +0300)]
Fix crypto_cipher_init() EVP initialization
Better not specify EVP_CIPHER again for the second init call since that
will override key length with the default value. The previous version
was likely to work since most use cases would be likely to use the
default key length. Anyway, better make this handle variable length
ciphers (mainly, RC4), too, just in case it is needed in the future.
Jouni Malinen [Sun, 16 Aug 2009 19:26:13 +0000 (22:26 +0300)]
Use OpenSSL for RC4 instead of internal implementation
Jouni Malinen [Sun, 16 Aug 2009 17:13:14 +0000 (20:13 +0300)]
Move RC4 into crypto.h as a replaceable crypto function
This allows crypto library wrappers to override the internal RC4
implementation in the same way as can already be done for other crypto
algorithms.
Jouni Malinen [Sun, 16 Aug 2009 16:57:50 +0000 (19:57 +0300)]
Remove rc4() wrapper
This is not really of that much use since rc4_skip() can be used as
easily. In addition, rc4 has caused some symbol conflicts in the past,
so it is easier to live without that as an exported symbol.
Jouni Malinen [Sun, 16 Aug 2009 16:56:33 +0000 (19:56 +0300)]
Fix build with non-FIPS capable OpenSSL
Jouni Malinen [Sun, 16 Aug 2009 16:07:57 +0000 (19:07 +0300)]
Verify CHAP/MSCHAPv2 return code
Check the return code in some (but not yet all) places where the
functions from ms_funcs.c are used.
Jouni Malinen [Sun, 16 Aug 2009 16:05:29 +0000 (19:05 +0300)]
Fix OpenSSL build (internal SHA256 not used anymore)
Jouni Malinen [Sun, 16 Aug 2009 16:00:49 +0000 (19:00 +0300)]
Fix FIPS mode build of eapol_test
Jouni Malinen [Sun, 16 Aug 2009 15:56:48 +0000 (18:56 +0300)]
Allow non-FIPS MD5 to be used with TLS PRF even in FIPS mode
This is allowed per FIPS1402IG.pdf since the TLS PRF depends fully on
both MD5 and SHA-1.
Jouni Malinen [Sun, 16 Aug 2009 15:38:35 +0000 (18:38 +0300)]
Pass digest return value to CHAP/MSCHAPv2 caller
Jouni Malinen [Sun, 16 Aug 2009 11:24:22 +0000 (14:24 +0300)]
Preliminary support for FIPS mode operation with OpenSSL
wpa_supplicant can now be built with FIPS capable OpenSSL for FIPS mode
operation. Currently, this is only enabling the FIPS mode in OpenSSL
without providing any higher level enforcement in wpa_supplicant.
Consequently, invalid configuration will fail during the authentication
run. Proper configuration (e.g., WPA2-Enterprise with EAP-TLS) allows
the connection to be completed.
Jouni Malinen [Sun, 16 Aug 2009 11:18:59 +0000 (14:18 +0300)]
Pass error values from digest calls to ms_funcs callers
These function calls can now fail, so better let the caller know if that
happened.
Jouni Malinen [Sun, 16 Aug 2009 11:15:36 +0000 (14:15 +0300)]
OpenSSL: Use library version of SHA256
There is no need to use the internal SHA256 implementation when using
OpenSSL.
Jouni Malinen [Sun, 16 Aug 2009 11:12:06 +0000 (14:12 +0300)]
OpenSSL: Use EVP_Digest*() functions
Instead of using low level, digest-specific functions, use the generic
EVP interface for digest functions. In addition, report OpenSSL errors
in more detail.
Jouni Malinen [Sun, 16 Aug 2009 11:06:00 +0000 (14:06 +0300)]
Make hash functions return error value
Some crypto libraries can return in these functions (e.g., if a specific
hash function is disabled), so we better provide the caller a chance to
check whether the call failed. The return values are not yet used
anywhere, but they will be needed for future changes.
Jouni Malinen [Sun, 16 Aug 2009 07:25:13 +0000 (10:25 +0300)]
Enable SHA256 digest support in OpenSSL
This is needed to allow X.509 certificates with SHA256 digest to be
used. [Bug 323]
Bjarke Istrup Pedersen [Sun, 16 Aug 2009 06:47:56 +0000 (09:47 +0300)]
Use LDFLAGS in all linker commands
When building hostapd and wpa_supplicant, the build system does not
respect the LDFLAGS selected in the environment in some cases. [Bug 311]
Jouni Malinen [Sun, 16 Aug 2009 06:35:31 +0000 (09:35 +0300)]
Use PEM format RSA private key with eap_example
It looks like GnuTLS does not know how to parse the previously used
DER-formatted PKCS#1 private key (server.key). To work around this, use
a PEM-formatted version of the same key. This format can now be used by
OpenSSL, GnuTLS, and the internal TLS implementation.
Jouni Malinen [Sun, 16 Aug 2009 06:34:58 +0000 (09:34 +0300)]
Add GnuTLS build option for eap_example
Jouni Malinen [Sun, 16 Aug 2009 06:34:21 +0000 (09:34 +0300)]
Support PEM format RSA private key with internal TLS implementation
Witold Sowa [Sat, 15 Aug 2009 18:04:50 +0000 (21:04 +0300)]
Set current ssid when entering AP mode
After successful starting AP mode, current_ssid field is set to
ssid used to create AP.
Masashi Honma [Sat, 15 Aug 2009 17:59:16 +0000 (20:59 +0300)]
NetBSD: Fix wired IEEE 802.1X problem
On NetBSD 5.0, when I use wired 802.1X, "Invalid argument" occurs
on SIOCADDMULTI ioctl and 802.1X fails.
I tried FreeBSD code, but "Address family not supported by protocol family"
occurs on SIOCADDMULTI ioctl and 802.1X fails, too.
This patch solves this issue.
I have tested with these:
OS : NetBSD 5.0
EAP : EAP-MD5
Switch : CentreCOM 8724SL
Jouni Malinen [Sat, 15 Aug 2009 17:51:35 +0000 (20:51 +0300)]
Added new SHA1 files into VS project files to fix the build
Jouni Malinen [Sat, 15 Aug 2009 17:40:45 +0000 (20:40 +0300)]
WPS: Workaround mixed-mode WPA+WPA2 auth type in credentials
An SMC router was reported to use 0x22 (WPAPSK + WPA2PSK) in the
authentication type of the provisioned credential and wpa_supplicant
rejected this as invalid. Work around this by replacing WPAPSK + WPA2PSK
with WPA2PSK.
Jouni Malinen [Sat, 15 Aug 2009 17:09:24 +0000 (20:09 +0300)]
Figure out absolute path for the pid file before daemonizing
This allows relative path to be used in the same way as was already
supported by wpa_supplicant.
Jouni Malinen [Fri, 14 Aug 2009 17:40:37 +0000 (20:40 +0300)]
Force rebuilding of src/drivers between hostapd and wpa_supplicant
This is a (hopefully) temporary workaround to allow the same source code
tree to be used for building hostapd and wpa_supplicant without having
to manually force recompilation of some files. Currently, some of the
driver wrapper files need to be built separately for hostapd and
wpa_supplicant (#ifdef's in the files based on AP functionality).
This is somewhat racy as far as parallel make execution is concerned,
i.e., it may be necessary to run "make -j#" twice (plain "make" works
fine. Since this is supposed to be a temporary workaround, there is not
much point in trying to fix this with any more complex make processing.
Johannes Berg [Fri, 14 Aug 2009 17:01:41 +0000 (20:01 +0300)]
Replace NEED_MLME with NEED_AP_MLME
This makes it clearer that it's about the AP, not client-side MLME, even
when built into the client (wpa_supplicant).
Johannes Berg [Fri, 14 Aug 2009 16:53:27 +0000 (19:53 +0300)]
Create a common drivers makefile snippet
Instead of having all driver stuff collected across wpa_supplicant
and hostapd, create a common snippet that they both include and
that handles the build configuration.
Jouni Malinen [Thu, 13 Aug 2009 14:07:36 +0000 (17:07 +0300)]
wpa_passphrase does not need FIPS PRF, MD4, or AES extra functionality
Jouni Malinen [Thu, 13 Aug 2009 13:36:41 +0000 (16:36 +0300)]
Avoid a theoretical integer overflow in base64_encode()
If base64_encode() were to be used with a huge data array, the
previous version could have resulted in overwriting the allocated
buffer due to an integer overflow as pointed out in
http://www.freebsd.org/cgi/query-pr.cgi?pr=137484. However, there
are no know use cases in hostapd or wpa_supplicant that would do that.
Anyway, the recommended change looks reasonable and provides additional
protection should the base64_encode() function be used for something
else in the future.
Jouni Malinen [Thu, 13 Aug 2009 08:50:52 +0000 (11:50 +0300)]
Fix hlr_auc_gw build after crypto build cleanup
Jouni Malinen [Thu, 13 Aug 2009 08:44:15 +0000 (11:44 +0300)]
Ignore the generated libeap.a file
Jouni Malinen [Thu, 13 Aug 2009 08:43:32 +0000 (11:43 +0300)]
Fix eap_example build after the crypto build cleanup
Johannes Berg [Thu, 13 Aug 2009 08:40:28 +0000 (11:40 +0300)]
Crypto build cleanup: remove CONFIG_NO_AES_*
Instead of using a defines and conditional building of AES parts,
move the conditional functionality into separate files.
Johannes Berg [Thu, 13 Aug 2009 08:28:03 +0000 (11:28 +0300)]
Remove some more crypto ifdef, fix a few small bugs
Johannes Berg [Thu, 13 Aug 2009 08:21:32 +0000 (11:21 +0300)]
Crypto build cleanup: remove CONFIG_NO_AES_ENCRYPT
Instead of using a define and conditional building of AES parts,
move the AES encryption routines into a separate file.
Johannes Berg [Thu, 13 Aug 2009 08:16:21 +0000 (11:16 +0300)]
Crypto build cleanup: remove CONFIG_NO_AES_DECRYPT
Instead of using a define and conditional building of AES parts,
move the AES decryption routines into a separate file.
Johannes Berg [Tue, 11 Aug 2009 17:31:39 +0000 (20:31 +0300)]
Crypto build cleanup: remove CONFIG_NO_PBKDF2
Instead of using a define and conditional building of sha1.c parts,
move the PBKDF2 implementation into a separate file.
Johannes Berg [Tue, 11 Aug 2009 17:24:06 +0000 (20:24 +0300)]
Crypto build cleanup: remove CONFIG_NO_TLS_PRF
Instead of using a define and conditional building of sha1.c parts,
move the TLS PRF implementation into a separate file.
Johannes Berg [Tue, 11 Aug 2009 17:19:37 +0000 (20:19 +0300)]
Crypto build cleanup: remove CONFIG_NO_T_PRF
Instead of using a define and conditional building of sha1.c parts,
move the T-PRF implementation into a separate file.
Johannes Berg [Tue, 11 Aug 2009 17:06:23 +0000 (20:06 +0300)]
Crypto build cleanup: remove NEED_FIPS186_2_PRF
Instead of using a define and conditional building of crypto wrapper
parts, move the FIPS 186-2 PRF implementation into separate files.
Johannes Berg [Tue, 28 Jul 2009 18:36:13 +0000 (21:36 +0300)]
Crypto build cleanup: remove INTERNAL_MD5
Instead of using a define and conditional building of md5.c parts,
move the internal-MD5 into a separate file.
Johannes Berg [Tue, 28 Jul 2009 18:27:02 +0000 (21:27 +0300)]
Crypto build cleanup: remove INTERNAL_MD4
In addition, rename md4.c to md4-internal.c to match in style with
SHA-1 conditionally built internal implementation.
Johannes Berg [Tue, 28 Jul 2009 18:20:04 +0000 (21:20 +0300)]
Crypto build cleanup: remove INTERNAL_SHA256
Instead of using a define and conditional building of sha256.c parts,
move the internal-SHA256 into a separate file.
Johannes Berg [Tue, 28 Jul 2009 18:09:57 +0000 (21:09 +0300)]
Crypto build cleanup: remove INTERNAL_AES
In addition, rename aes.c to aes-internal.c to match in style with
SHA-1 conditionally built internal implementation.
Johannes Berg [Tue, 28 Jul 2009 18:00:44 +0000 (21:00 +0300)]
Crypto build cleanup: remove INTERNAL_DES
In addition, rename des.c to des-internal.c to match in style with
SHA-1 conditionally built internal implementation.
Johannes Berg [Tue, 28 Jul 2009 17:47:04 +0000 (20:47 +0300)]
Crypto build cleanup: remove INTERNAL_SHA1
Instead of using a define and conditional building of sha1.c parts,
move the internal-SHA-1 into a separate file.
Johannes Berg [Tue, 28 Jul 2009 17:25:19 +0000 (20:25 +0300)]
CONFIG_WIRELESS_EXTENSION need not be in CFLAGS
Johannes Berg [Fri, 24 Jul 2009 00:43:56 +0000 (02:43 +0200)]
CONFIG_WIRELESS_EXTENSION is purely internal to the Makefile
Johannes Berg [Fri, 24 Jul 2009 00:11:29 +0000 (02:11 +0200)]
make the build process quieter to see warnings
Johannes Berg [Thu, 23 Jul 2009 21:16:55 +0000 (23:16 +0200)]
Remove mac80211_hwsim code
The hwsim code here can only compile with a very specific kernel
version, but is shipped with current kernels so you just need to enable
it in your kernel instead.
Johannes Berg [Thu, 23 Jul 2009 21:44:36 +0000 (23:44 +0200)]
Clean up some more binaries in wpa_supplicant 'make clean'
Johannes Berg [Sun, 26 Jul 2009 18:22:55 +0000 (21:22 +0300)]
nl80211: Fix WEP key configuration
Current wpa_supplicant has a bug with WEP keys, it adds a zero-length
sequence counter field to netlink which the kernel doesn't accept.
Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Johannes Berg [Sun, 26 Jul 2009 18:15:47 +0000 (21:15 +0300)]
hostapd: fix auth encryption
hostapd currently tries to encrypt all auth frames,
except for "OPEN" and "SHARED with transaction 3".
This means that it will send an encrypted "unknown
auth algorithm" reply for all other algorithsm. Fix
this by changing the logic to only encrypt shared
key auth frames with transaction 3.
Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Jon Loeliger [Sat, 25 Jul 2009 14:21:52 +0000 (17:21 +0300)]
Allow wpa_supplicant to use libnl-2.0
Change existing CONFIG_LIBNL20 compatibility code in
driver_nl80211.c to be used by both wpa_supplicant
and hostapd, but take care of nl_handle too now.
Propagate CONFIG_LIBNL20 out of .config file and onto
CFLAGS in the Makefile.
Use libnl-gen now too.
Signed-off-by: Jon Loeliger <jdl@bigfootnetworks.com>
---
Witold Sowa [Sat, 25 Jul 2009 14:01:23 +0000 (17:01 +0300)]
Set state to COMPLETE when AP mode has been initialized successfully
Jouni Malinen [Tue, 30 Jun 2009 16:52:10 +0000 (19:52 +0300)]
Fix eap_example build with renamed EAP_* server defines
1e5839e06fbc20945044239984b652da9c3fc772 renamed the defines for EAP
server, but did not update the eap_example Makefile to match. This
broke the server side of the EAP example (no methods were actually
enabled).
Ryuji [Tue, 30 Jun 2009 16:39:13 +0000 (19:39 +0300)]
Fix EAP-TNC peer memory leak on an error path
Jouni Malinen [Mon, 29 Jun 2009 18:47:19 +0000 (21:47 +0300)]
Add root .gitignore file to cleanup ignore lists
This removes need for local configuration to ignore *.o and *~
and allows the src/*/.gitignore files to be removed (subdirectories
will inherit the rules from the root .gitignore).
Jouni Malinen [Mon, 29 Jun 2009 18:42:29 +0000 (21:42 +0300)]
EAP-SIM peer: Remove AT_NOTIFICATION from Notification response
This attribute is not supposed to be used in the response frame (i.e.,
it is only in the EAP-Request/SIM-Notification frame) per RFC 4186
chapters 10.1 and 9.9. This is a minor bug since the server is required
to ignore the contents of the EAP-Response/SIM-Notification during
protected result indication per chapter 6.2.
EAP-AKA peer was already following the similar specification in RFC 4187,
but this was somehow missed in the EAP-SIM peer implementation.
Jouni Malinen [Mon, 29 Jun 2009 18:26:48 +0000 (21:26 +0300)]
Rename variable to avoid gcc warning about shadowed names