Jouni Malinen [Mon, 18 Aug 2014 18:04:56 +0000 (11:04 -0700)]
STA: Update scan results for ap_scan=1 skip-selection case also
The commit
5cd4740580350371d77618ac037deef90b48d339 has rearranged the
update scan results code and hence the IEs were not getting updated
properly for ap_scan=1 case. This can result in a 4-way handshake
failure in the roaming case (IE mismatch in 3/4 EAPOL). Fix this by
updating the scan results even if ap_scan=1 is used and network does not
need to get reselected based on association information.
Signed-off-by: Jithu Jance <jithu@broadcom.com>
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
Signed-off-by: Jouni Malinen <j@w1.fi>
Dan Williams [Wed, 10 Sep 2014 17:34:56 +0000 (12:34 -0500)]
dbus: Add SignalPoll() method to report current signal properties
Analogous to the control interface's SIGNAL_POLL request.
Signed-hostap: Dan Williams <dcbw@redhat.com>
vandwalle [Thu, 11 Sep 2014 18:40:14 +0000 (11:40 -0700)]
Android: Add NO_EVENTS parameter to status command
It also allows to use the STATUS command with default behavior,
say for debug, i.e., don't generate a "fake" CONNECTION and
SUPPLICANT_STATE_CHANGE events with the new STATUS-NO_EVENTS case.
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
Jouni Malinen [Sat, 13 Sep 2014 13:27:52 +0000 (16:27 +0300)]
P2P: Check os_get_random() return value more consistently
In theory, this call could fail, so check the return value before using
the received data. These specific cases would not really care much about
the failures, but this keeps the code more consistent and keeps static
analyzer warnings more useful. (CID 72678, CID 72679, CID 72680,
CID 72683, CID 72689, CID 72698, CID 72703)
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 13 Sep 2014 13:22:16 +0000 (16:22 +0300)]
RADIUS server: Remove unreachable code
The previous break will already stop the loop, so this unnecessary check
can be removed (CID 72708).
Signed-off-by: Jouni Malinen <j@w1.fi>
Darshan Paranji Sri [Fri, 12 Sep 2014 15:46:56 +0000 (18:46 +0300)]
FT: Fix hostapd with driver-based SME to authorize the STA
The driver-based SME case did not set STA flags properly to the kernel
in the way that hostapd-SME did in ieee802_11.c. This resulted in the FT
protocol case not marking the STA entry authorized. Fix that by handling
the special WLAN_AUTH_FT case in hostapd_notif_assoc() and also add the
forgotten hostapd_set_sta_flags() call to synchronize these flag to the
driver.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Thu, 11 Sep 2014 12:56:37 +0000 (15:56 +0300)]
tests: Roaming policy change with the bssid parameter
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Thu, 11 Sep 2014 12:54:57 +0000 (15:54 +0300)]
nl80211: Add roaming policy update using QCA vendor command
This allows updating roaming policy for drivers that select the BSS
internally so that wpa_supplicant (based on bssid parameter
configuration) and the driver remain in sync.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Thu, 11 Sep 2014 12:52:37 +0000 (15:52 +0300)]
Add support for driver command to update roaming policy
The network block bssid parameter can be used to force a specific BSS to
be used for a connection. It is also possible to modify this parameter
during an association. Previously, that did not result in any
notification to the driver which was somewhat problematic with drivers
that take care of BSS selection. Add a new mechanism to allow
wpa_supplicant to provide a driver update if the bssid parameter change
for the current connection modifies roaming policy (roaming
allowed/disallowed within ESS).
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Thu, 11 Sep 2014 08:25:04 +0000 (11:25 +0300)]
nl80211: Print debug info on STA flag changes
This makes it easier to follow how kernel STA flags are managed.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Tue, 9 Sep 2014 14:20:23 +0000 (17:20 +0300)]
P2P: Fix radio work issue with wait-for-peer GO Negotiation
If a TX status event and RX event for a GO Negotiation frame gets
delayed long enough to miss the initial wait, it was possible for
reception of a GO Negotiation Response frame with status 1 to try to
initiate a new p2p-listen work item to wait for the peer to become ready
while a previous p2p-listen was already in progress due to that earlier
timeout while waiting for peer. This would result in the new
start_listen request getting rejected ("P2P: Reject start_listen since
p2p_listen_work already exists") and the negotiation not proceeding.
Work around this by using P2P_WAIT_PEER_CONNECT state instead of
P2P_WAIT_PEER_IDLE if P2P_CONNECT_LISTEN state has already been entered
when processing this special GO Negotiation Response status=1 case. This
can avoid double-scheduling of p2p-listen and as such, completion of the
GO negotiation even if the driver event or peer response are not
received in time (the response is supposed to be there within 100 ms per
spec, but there are number of deployed devices that do not really meet
this requirement).
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Mon, 8 Sep 2014 14:18:01 +0000 (17:18 +0300)]
Work around broken AP PMKSA caching implementation
An interoperability issue with a deployed AP has been identified where
the connection fails due to that AP failing to operate correctly if
PMKID is included in the Association Request frame. To work around this,
allow EAPOL-Start packet to be transmitted on startWhen reaching 0 even
when trying to use PMKSA caching. In practice, this allows fallback to
full EAP authentication if the AP/Authenticator takes more than 1-2
seconds to initiate 4-way handshake for PMKSA caching or full EAP
authentication if there was no PMKSA cache match.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Mon, 8 Sep 2014 13:49:08 +0000 (16:49 +0300)]
WPS: Set EAPOL workarounds dynamically based on association
Previously, the shorter startWhen value was used based on build
parameters (i.e., if WPS was enabled). This is not really ideal and the
knowledge of WPS use can be provided to the EAPOL state machine to allow
this (and similar WPS workarounds) to be done only when the association
is for the purpose of WPS.
Reduce the default startWhen value from 3 to 2 seconds for non-WPS case
since WPS builds have likely received most testing for the past years
with the 1 second value and there is no strong justification for forcing
the longer 3 second wait should a frame be lost or something else
require the EAPOL-Start to initiate operation after a connection.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Mon, 8 Sep 2014 09:54:18 +0000 (12:54 +0300)]
WPS: Extend internal entropy pool help for key/snonce derivation
The internal entropy pool was previously used to prevent 4-way handshake
in AP mode from completing before sufficient entropy was available to
allow secure keys to be generated. This commit extends that workaround
for boards that do not provide secure OS level PRNG (e.g., /dev/urandom
does not get enough entropy) for the most critical WPS operations by
rejecting AP-as-enrollee case (use of AP PIN to learn/modify AP
configuration) and new PSK/passphrase generation. This does not have any
effect on devices that have an appropriately working OS level PRNG
(e.g., /dev/random and /dev/urandom on Linux).
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Dmitry Shmidt [Thu, 14 Aug 2014 23:56:00 +0000 (16:56 -0700)]
Remove WPA_EVENT_SCAN_STARTED message from MSG_INFO log
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
Eduardo Abinader [Thu, 21 Aug 2014 03:30:24 +0000 (23:30 -0400)]
P2P: Deauth p2p client just after dbus notify
Currently to signal PropertiesChanged upon group client
removal (group property), wpa_supplicant dbus uses wpa_s
members like go_dev_addr and current_ssid, for instance.
Thus, deferring p2p client deauth to after dbus notify,
but keeping the same order as before, solves the issue,
as wpa_s is not yet completely deinitialized.
Signed-off-by: Eduardo Abinader <eduardo.abinader@openbossa.org>
Eduardo Abinader [Mon, 1 Sep 2014 03:20:21 +0000 (23:20 -0400)]
nl80211: Register eloop after hs20 action frame
Even when hs20 action frame is unable to be registered,
for whatever reason, it should be possible to register
event handle for received driver messages. This patch also
avoids a segmentation fault, when p2p and hs20 were enabled
and GO NEG was unable to create p2p iface, the destroy eloop
was crashing by reading an invalid handle.
Signed-off-by: Eduardo Abinader <eduardo.abinader@openbossa.org>
Dan Williams [Thu, 4 Sep 2014 18:10:54 +0000 (13:10 -0500)]
dbus: add BSS Age property to indicate last-seen time
"Age" is the age in seconds since the BSS was last seen, and is
emitted as a PropertyChanged signal whenever the BSS is updated
from a scan result. It also returns the correct age when queried
directly.
This property can be used to resolve issues where, if no other
properties of the BSS changed from scan results (for example,
if the BSS always had 100% signal) no D-Bus signals would be
emitted to indicate that the BSS had just been seen in the scan.
Signed-hostap: Dan Williams <dcbw@redhat.com>
Masashi Honma [Fri, 5 Sep 2014 06:42:32 +0000 (15:42 +0900)]
openssl: Fix memory leak in openssl ec deinit
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
Jouni Malinen [Sun, 7 Sep 2014 15:40:05 +0000 (18:40 +0300)]
Fix hostapd GET_CONFIG wpa_pairwise_cipher value
Copy-paste error ended up getting rsn_pairwise_cipher value for both
rsn_pairwise_cipher and wpa_pairwise_cipher (CID 72693).
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 7 Sep 2014 15:35:46 +0000 (18:35 +0300)]
RADIUS client: Check getsockname() return value
In theory, this function could fail, so check the return value before
printing out the RADIUS local address debug message (CID 72700).
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 7 Sep 2014 15:30:58 +0000 (18:30 +0300)]
HTTP: Fix OCSP status check
Due to a missing curly brackets, the OCSP status checking was not
working in the expected way. Instead of allowing optional-OCSP
configuration to accept connection when OCSP response was ready, all
such cases were marked as hard failures. In addition, the debug prints
were not necessarily accurate for the mandatory-OCSP-but-no-response
case (CID 72694, CID 72704).
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 7 Sep 2014 15:27:42 +0000 (18:27 +0300)]
SME: Verify that os_get_random() succeeds for SA Query
Be more consistent on checking os_get_random() return value (CID 72706).
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 7 Sep 2014 15:25:04 +0000 (18:25 +0300)]
RADIUS server: Fix IPv6 radiusAuthClientAddress mask
Incorrect buffer was used when writing the IPv6 mask for RADIUS server
MIB information (CID 72707).
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 7 Sep 2014 15:05:53 +0000 (18:05 +0300)]
P2P: Verify that os_get_random() succeeds
Be more consistent with os_get_random() use (CID 72710).
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 7 Sep 2014 14:10:33 +0000 (17:10 +0300)]
EAP-PAX server: Add explicit CID length limit
Instead of using implicit limit based on 16-bit unsigned integer having
a maximum value of 65535, limit the maximum length of a CID explicitly
to 1500 bytes. This will hopefully help in reducing false warnings from
static analyzers (CID 72712).
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 7 Sep 2014 13:40:33 +0000 (16:40 +0300)]
Remove unnecessarily shadowed local variable
The same local X509 *cert variable can be used for both the X509_dup()
calls.
Signed-off-by: Jouni Malinen <j@w1.fi>
Ashok Kumar Ponnaiah [Fri, 29 Aug 2014 13:05:05 +0000 (16:05 +0300)]
wlantest: Add decryption of CCMP-256, GCMP, GCMP-256
This extends wlantest support for decrypting the new cipher suites.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Ashok Kumar Ponnaiah [Fri, 29 Aug 2014 13:04:08 +0000 (16:04 +0300)]
wlantest: Indicate if a TKIP/CCMP replay has Retry=1
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Ashok Kumar Ponnaiah [Fri, 29 Aug 2014 13:03:01 +0000 (16:03 +0300)]
wlantest: Recognize CCMP-256, GCMP, and GCMP-256 ciphers
This adds support for displaying whether a BSS or STA is using one of
the newer cipher suites.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Wed, 3 Sep 2014 12:37:58 +0000 (15:37 +0300)]
hostapd: Remove unused variable assignment
The local bss variable is used only within the while loop, so no need to
assign or even make it visible outside the loop.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Sunil Dutt [Tue, 2 Sep 2014 13:13:54 +0000 (18:43 +0530)]
TDLS: Decline Setup Request with status code 37 if BSSID does not match
TDLS Setup Request frame has to be rejected with status code 37 ("The
request has been declined"), if the BSSID in the received Link
Identifier does not match the current BSSID per IEEE Std 802.11-2012,
10.22.4 ('TDLS direct-link establishment') step (b). The previously used
status code 7 ('Not in same BSS') is described to used only when
processing TPK Handshake Message 2 in TDLS Setup Response frame.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Mahesh A Saptasagar [Thu, 28 Aug 2014 09:22:25 +0000 (14:52 +0530)]
TDLS: Add RSN and Timeout interval IEs in TDLS Discovery Response frame
If RSN is enabled, add RSN and Timeout interval elements in TDLS
Discovery Response frames.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Edhar, Mahesh Kumar [Tue, 2 Sep 2014 05:03:44 +0000 (10:33 +0530)]
P2P: Do not add P2P IEs on P2P disabled interface
While building Association Request frame IEs we should consider adding
P2P IEs only on interface where P2P functionality is enabled. Consider
per interface p2p_disabled parameter before adding P2P IEs to complete
the checks for this.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Mon, 1 Sep 2014 13:27:27 +0000 (16:27 +0300)]
tests: P2P GO netdev in a bridge
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Mon, 1 Sep 2014 13:18:01 +0000 (16:18 +0300)]
nl80211: Add more RTM_NEWLINK/DELLINK debug messages
This makes it easier to figure out what operations are generating each
RTM_DELLINK message.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Mon, 1 Sep 2014 13:14:07 +0000 (16:14 +0300)]
nl80211: Fix RTM_DELLINK processing for bridge events
When a netdev is removed from a bridge, RTM_DELLINK message is received
with ifname (IFLA_IFNAME) pointing to the main netdev event though that
netdev is not deleted. This was causing issues with P2P GO interface
getting disabled when the netdev was removed from a bridge. Fix this by
filtering RTM_DELLINK events that are related to the bridge when
indicating interface status changes.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Fri, 29 Aug 2014 17:13:35 +0000 (20:13 +0300)]
tests: WPS mixed-WPA/WPA2 credential merging
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Hu Wang [Fri, 29 Aug 2014 17:11:13 +0000 (20:11 +0300)]
WPS: Merge mixed-WPA/WPA2 credentials if received in same session
Some deployed APs send two credentials when in mixed-WPA/WPA2
configuration; one for the WPA-Personal/TKIP and the other for
WPA2-Personal/CCMP. Previously, this would result in two network blocks
getting added for the single AP. This can be somewhat confusing and
unnecessary, so merge such credentials into a single one that allows
both WPA and WPA2 to be used.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Srinivas Girigowda [Thu, 28 Aug 2014 15:25:32 +0000 (18:25 +0300)]
Add printf NULL checks to silence static analyzer
Add NULL checks to take care of issues reported by static analyzer tool
on potentially using NULL with printf format %s (which has undefined
behavior even though many compilers end up printing "(null)").
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Wed, 27 Aug 2014 13:22:53 +0000 (16:22 +0300)]
tests: Verify that sec_dev_type gets reported for P2P peer
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Chandrasekaran, Manishekar [Thu, 14 Aug 2014 11:14:32 +0000 (16:44 +0530)]
P2P: Overwrite pending interface only after verifying BSS entry
Previously, the P2P Interface Address of the peer gets updated in the
peer table every time based on the scan results.
For example, in a two port concurrency scenario, where the peer device
has two interfaces with unique P2P Interface Addresses and with same P2P
Device Address, based on the Probe Response/Beacon frames from these two
interfaces, their peer table gets updated, but each of these updates
happens in the peer table only based on the P2P Device Address. So, the
same peer's P2P Interface address is updated every time and hence, at
any instant, only one P2P Device Address to P2P Interface Address
mapping entry exist in the peer table for the peer which has two
interfaces.
When we try to join a group operated by the peer, lookup happens in the
peer table and when an interface entry is not available, the pending
interface address gets overwritten with the P2P Device Address and hence
the P2P connection can fail. Since the BSS table is the one that is
up-to-date, this fix will ensure that the interface overwriting will
happen only when there is no BSS entry for the pending P2P Interface
Address as well.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Tue, 26 Aug 2014 14:57:26 +0000 (17:57 +0300)]
tests: P2P GO channel preference and regulatory rule mismatch
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Tue, 26 Aug 2014 14:23:02 +0000 (17:23 +0300)]
hostapd: Check that EVENT_ASSOC data is present before using it
While hostapd should not really receive the EVENT_ASSOC message for
IBSS, driver_nl80211.c could potentially generate that if something
external forces the interface into IBSS mode and the IBSS case does not
provide the struct assoc_info data. Avoid the potential NULL pointer
dereference by explicitly verifying for the event data to be present.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Bojan Prtvar [Mon, 11 Aug 2014 10:25:03 +0000 (12:25 +0200)]
wpa_supplicant: Use freq_list scan filtar in sched_scan
Global freq_list scan filtar was taken into account only by
req_scan and not by req_sched_scan. We want to allow the user
to limit the channels that wpa_supplicant will scan in req_sched_scan
requests as well.
Signed-off-by: Bojan Prtvar <bojan.prtvar@rt-rk.com>
Eduardo Abinader [Sun, 3 Aug 2014 22:48:15 +0000 (18:48 -0400)]
dbus: Close dbus dict just after appending data
Before fixing this issue, calling wpas_dbus_getter_p2p_device_config
was causing early termination of dbus connection, due to writing
values to an already closed dict.
Signed-off-by: Eduardo Abinader <eduardo.abinader@openbossa.org>
Avinash Patil [Tue, 5 Aug 2014 07:20:53 +0000 (12:50 +0530)]
nl80211: Disable Probe Request reporting for static AP during deinit
Disable Probe Request reporting for statically created AP interfaces
during de-initialization. We will enable it again while starting AP
operations.
Signed-off-by: Avinash Patil <avinashapatil@gmail.com>
Avinash Patil [Tue, 5 Aug 2014 07:19:46 +0000 (12:49 +0530)]
nl80211: Do not change iftype for static AP interface
Some devices have limitations which do not allow changing virtual
interface mode from AP to station or vice versa. To work around this,
check if such AP interface is not dynamic. If such an interface is
enumarated, just set ifmode to AP and avoid setting nlmode to default
station mode on deinit.
Signed-off-by: Avinash Patil <avinashapatil@gmail.com>
Jean-Marie Lemetayer [Fri, 8 Aug 2014 08:45:00 +0000 (10:45 +0200)]
wext: Add signal_poll callback
Add a basic implementation of a signal_poll callback for wext drivers.
Signed-off-by: Jean-Marie Lemetayer <jeanmarie.lemetayer@gmail.com>
Eduardo Abinader [Fri, 8 Aug 2014 10:51:23 +0000 (06:51 -0400)]
P2P: Use ssid instead of wpa_ssid to find GO iface
In order to find a GO interface, there has to be a
comparison among two SSIDs, instead of a wpa_ssid and
a ssid.
Signed-off-by: Eduardo Abinader <eduardo.abinader@openbossa.org>
Jouni Malinen [Thu, 31 Jul 2014 16:53:25 +0000 (19:53 +0300)]
Add RSN cipher/AKM suite attributes into RADIUS messages
This adds hostapd support for the new WLAN-Pairwise-Cipher,
WLAN-Group-Cipher, WLAN-AKM-Suite, and WLAN-Group-Mgmt-Pairwise-Cipher
attributes defined in RFC 7268. These attributes are added to RADIUS
messages when the station negotiates use of WPA/RSN.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Thu, 31 Jul 2014 16:11:31 +0000 (19:11 +0300)]
Add WLAN-HESSID into RADIUS messages
This adds hostapd support for the new WLAN-HESSID attribute defined in
RFC 7268. This attribute contains the HESSID and it is added whenever
Interworking is enabled and HESSID is configured.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Thu, 31 Jul 2014 16:00:37 +0000 (19:00 +0300)]
Add Mobility-Domain-Id into RADIUS messages
This adds hostapd support for the new Mobility-Domain-Id attribute
defined in RFC 7268. This attribute contains the mobility domain id and
it is added whenever the station negotiates use of FT.
Signed-off-by: Jouni Malinen <j@w1.fi>
Tomasz Bursztyka [Tue, 8 Jul 2014 12:56:11 +0000 (15:56 +0300)]
dbus: Declare and implement GroupFinished as for GroupStarted
First for better concistancy but also to tell about the group_object
that is getting removed, thus the client will know about it and will be
able to act accordingly.
Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
Jithu Jance [Tue, 29 Jul 2014 13:04:32 +0000 (18:34 +0530)]
P2P: Cancel pending action TX radio work on p2p_cancel
When p2p_cancel is invoked while the GO Negotiation Action TX was
pending, the p2p_send_action_work was not getting cleared.
Signed-off-by: Jithu Jance <jithu@broadcom.com>
Philippe Nunes [Wed, 23 Jul 2014 10:16:41 +0000 (12:16 +0200)]
Fix writing of the wowlan_triggers parameter
The parameter wowlan_triggers is a global string and is not recognised
if it is embraced with double-quotes.
Signed-off-by: Philippe Nunes <philippe.nunes@linux.intel.com>
Elliott Hughes [Sat, 19 Jul 2014 00:45:49 +0000 (17:45 -0700)]
Android: Always #include <sys/...>, not <linux/...>
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
Jouni Malinen [Sat, 26 Jul 2014 18:12:49 +0000 (21:12 +0300)]
EAP-FAST server: Fix potential read-after-buffer (by one byte)
The special PAC_OPAQUE_TYPE_PAD case did not skip incrementing of the
pos pointer and could result in one octet read-after-buffer when parsing
the PAC-Opaque data.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 26 Jul 2014 17:28:03 +0000 (20:28 +0300)]
Interworking: Remove unnecessary placeholder for PAME-BI
The PAME-BI bit in the Advertisement Protocol element is reserved for
non-AP STA, so this function will never set that bit to one and as such,
there is not much point in maintaining the placeholder dead code for
this either. (CID 68107)
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 26 Jul 2014 16:31:10 +0000 (19:31 +0300)]
tests: No EAP fast session resumption between network blocks
Verify that EAP fast session resumption is skipped if the connection
uses a different network configuration than the last EAP connection.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 26 Jul 2014 16:35:02 +0000 (19:35 +0300)]
EAP: Do not allow fast session resumption with different network block
This forces EAP peer implementation to drop any possible fast resumption
data if the network block for the current connection is not the same as
the one used for the previous one. This allows different network blocks
to be used with non-matching parameters to enforce different rules even
if the same authentication server is used. For example, this allows
different CA trust rules to be enforced with different ca_cert
parameters which can prevent EAP-TTLS Phase 2 from being used based on
TLS session resumption.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 26 Jul 2014 10:11:34 +0000 (13:11 +0300)]
P2P: Remove PSK/passphrase from P2P-GROUP-STARTED debug log entry
The PSK/passphrase are needed for the control interface events since the
upper layer UI component is required by the specification to be able to
make this available for manual configuration. However, this is not
needed in the INFO verbosity level debug entry, so split the event
generation into two parts.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 26 Jul 2014 10:09:17 +0000 (13:09 +0300)]
P2P: Use a helper function for P2P_EVENT_GROUP_STARTED events
This makes it easier to change the event message message for indication
when P2P group has stated and removes some duplicated code.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 26 Jul 2014 10:04:03 +0000 (13:04 +0300)]
Add wpa_msg_global_ctrl()
This is similar to wpa_msg_global() in the same way as wpa_msg_ctrl() is
to wpa_msg(). In other words, wpa_msg_global_ctrl() is used to send
global control interface events without printing them into the debug
log.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Thu, 24 Jul 2014 16:55:15 +0000 (19:55 +0300)]
EAP-pwd: Clear identity string and temporary buffer explicitly
Use an explicit memset call to clear any configuration parameter and
dynamic data that contains private information like keys or identity.
This brings in an additional layer of protection by reducing the length
of time this type of private data is kept in memory.
Signed-off-by: Jouni Malinen <j@w1.fi>
Florent Daigniere [Fri, 27 Jun 2014 10:24:30 +0000 (12:24 +0200)]
EAP-pwd: Verify BN_rand_range return code
This makes the EAP-pwd server and peer implementations more robust
should OpenSSL fail to derive random number for some reason. While this
is unlikely to happen in practice, the implementation better be prepared
for this should something unexpected ever happen. See
http://jbp.io/2014/01/16/openssl-rand-api/#review-of-randbytes-callers
for more details.
Signed-off-by: Florent Daigniere <nextgens@freenetproject.org>
Florent Daigniere [Fri, 27 Jun 2014 10:05:47 +0000 (12:05 +0200)]
EAP-pwd: Use os_memcmp_const() for hash comparisons
This makes the implementation less likely to provide useful timing
information to potential attackers from comparisons of information
received from a remote device and private material known only by the
authorized devices.
Signed-off-by: Florent Daigniere <nextgens@freenetproject.org>
Florent Daigniere [Fri, 27 Jun 2014 09:59:45 +0000 (11:59 +0200)]
OpenSSL: Use EC_POINT_clear_free instead of EC_POINT_free
This changes OpenSSL calls to explicitly clear the EC_POINT memory
allocations when freeing them. This adds an extra layer of security by
avoiding leaving potentially private keys into local memory after they
are not needed anymore. While some of these variables are not really
private (e.g., they are sent in clear anyway), the extra cost of
clearing them is not significant and it is simpler to just clear these
explicitly rather than review each possible code path to confirm where
this does not help.
Signed-off-by: Florent Daigniere <nextgens@freenetproject.org>
Florent Daigniere [Fri, 27 Jun 2014 09:58:10 +0000 (11:58 +0200)]
OpenSSL: Use BN_clear_free instead of BN_free
This changes OpenSSL calls to explicitly clear the bignum memory
allocations when freeing them. This adds an extra layer of security by
avoiding leaving potentially private keys into local memory after they
are not needed anymore. While some of these variables are not really
private (e.g., they are sent in clear anyway), the extra cost of
clearing them is not significant and it is simpler to just clear these
explicitly rather than review each possible code path to confirm where
this does not help.
Signed-off-by: Florent Daigniere <nextgens@freenetproject.org>
Dmitry Shmidt [Wed, 16 Jul 2014 17:25:41 +0000 (10:25 -0700)]
HS 2.0R2: Keep backward compatibility with old icu
This allows hs20-osu-client to be build with additional Android
versions.
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
Dmitry Shmidt [Wed, 16 Jul 2014 18:01:26 +0000 (11:01 -0700)]
EAP-TTLS: Remove FreeRADIUS workaround for EAP-TTLS/MSCHAPv2
FreeRADIUS releases before 1.1.4 did not send MS-CHAP2-Success in
EAP-TTLS/MSCHAPv2. A wpa_supplicant workaround for that was added in
2005 and it has been enabled by default to avoid interoperability
issues. This could be disabled with all other EAP workarounds
(eap_workaround=0). However, that will disable some workarounds that are
still needed with number of authentication servers.
Old FreeRADIUS versions should not be in use anymore, so it makes sense
to remove this EAP-TTLS/MSCHAPv2 workaround completely to get more
complete validation of server behavior. This allows MSCHAPv2 to verify
that the server knows the password instead of relying only on the TLS
certificate validation.
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
Cedric IZOARD [Tue, 8 Jul 2014 07:50:32 +0000 (09:50 +0200)]
nl80211: Ensure nl_preq unregistration on driver deinit
When driver interface is destroyed (via wpa_driver_nl80211_deinit) the
"preq" nl socket isn't always deleted but the callback struct associated
is. After the interface is destroyed we may still get event on the
socket but as the callback has been freed this will cause wpa_supplicant
to crash.
This patch ensures that the "preq" socket is destroyed when destroying
the interface.
Signed-off-by: Cedric IZOARD <cedricx.izoard@intel.com>
Jouni Malinen [Fri, 4 Jul 2014 17:33:01 +0000 (20:33 +0300)]
tests: P2P vendor specific extensions
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Fri, 4 Jul 2014 17:14:19 +0000 (20:14 +0300)]
P2P: Make unrecognized vendor elements available in P2P_PEER
This allows external programs to use vendor specific information from
P2P peers without wpa_supplicant having to be able to parse and
understand all such vendor specific elements.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Fri, 4 Jul 2014 15:23:43 +0000 (18:23 +0300)]
Add generic mechanism for adding vendor elements into frames
This adds following new control interface commands to allow arbitrary
vendor elements to be added into number of frames:
VENDOR_ELEM_ADD <frame id> <hexdump of elem(s)>
VENDOR_ELEM_GET <frame id>
VENDOR_ELEM_REMOVE <frame id> <hexdump of elem(s)>
VENDOR_ELEM_REMOVE <frame id> *
The following frames are supported in this commit (additional frames can
be added in the future):
0 = Probe Request frame in P2P device discovery
1 = Probe Response frame from P2P Device role
2 = Probe Response frame from P2P GO
3 = Beacon frame from P2P GO
4 = PD Req
5 = PD Resp
6 = GO Neg Req
7 = GO Neg Resp
8 = GO Neg Conf
9 = Invitation Request
10 = Invitation Response
11 = P2P Association Request
12 = P2P Association Response
One or more vendor element can be added/removed with the commands. The
hexdump of the element(s) needs to contain the full element (id, len,
payload) and the buffer needs to pass IE parsing requirements to be
accepted.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Dmitry Shmidt [Wed, 2 Jul 2014 19:31:38 +0000 (12:31 -0700)]
PNO: Send Probe Request frames only for hidden SSIDs
Previously, offloaded scanning (PNO) on Android was including SSIDs from
all enabled networks regardless of the scan_ssid parameter which
resulted in different behavior for the offloaded case when comparing to
wpa_supplicant initiated scans.
Use the sched_scan match filter to allow broadcast SSID to be used for
scan_ssid=1 networks also with PNO to avoid running active scans for
SSIDs that have not been explicitly marked as requiring an SSID-specific
scan. This reduces exposure of configured network names on the device
when running offloaded scans while the host device is in sleep.
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
Jouni Malinen [Wed, 2 Jul 2014 21:53:13 +0000 (00:53 +0300)]
P2P: Add explicit check for ssid->p2p_client_list != NULL
This would not really be needed since these functions check the pointer
above. However, this seems to be too difficult for some static analyzer,
so add the extra check to avoid false reports.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Wed, 2 Jul 2014 21:51:47 +0000 (00:51 +0300)]
DFS: Remove dead assignment
set_dfs_state() return value is not currently checked anywhere, so
remove the dead assignment to avoid static analyzer complaints.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Wed, 2 Jul 2014 12:51:20 +0000 (15:51 +0300)]
tests: update_identifier in network block
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Dmitry Shmidt [Mon, 30 Jun 2014 16:59:17 +0000 (09:59 -0700)]
HS 2.0R2: Add update_identifier field to network
This can be used to configure a Hotspot 2.0 Release 2 network externally
for a case where wpa_supplicant-based Interworking network selection is
not used and the update_identifier cannot be copied directly from a
cred.
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
Jouni Malinen [Wed, 2 Jul 2014 10:12:36 +0000 (13:12 +0300)]
Fix some sparse warnings about u16 vs. le16
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Wed, 2 Jul 2014 10:33:24 +0000 (13:33 +0300)]
tests: Fix wpas_ctrl_country to match the fixed event data
This test case for enforcing the incorrect init=DRIVER instead of
init=CORE for the event due to bug in the event message.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Wed, 2 Jul 2014 10:09:00 +0000 (13:09 +0300)]
Fix CTRL-EVENT-REGDOM-CHANGE event init= value
Incorrect field was used to determine the init=<value> in the regulatory
domain changed control interface event.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Wed, 2 Jul 2014 10:07:44 +0000 (13:07 +0300)]
Mark function static
This function is not used outside this file.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Wed, 2 Jul 2014 10:03:45 +0000 (13:03 +0300)]
dbus: Fix indentation level to match code logic
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Wed, 2 Jul 2014 10:03:22 +0000 (13:03 +0300)]
Mark functions static
These functions are not used outside this file.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Tue, 1 Jul 2014 20:57:57 +0000 (23:57 +0300)]
tests: SCAN scan_id
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Li Jianyun [Tue, 1 Jul 2014 15:22:56 +0000 (23:22 +0800)]
Allow SCAN command to specify scan_ssid=1 SSIDs
The new "scan_id=<comma separated list of network ids>" parameter can
now be used to specify a list of network ids that have scan_ssid=1 to
indicate active scanning of the SSID. This adds the listed SSIDs to the
scan command to allow manual scan requests to perform active scans for
hidden SSIDs. For example, "SCAN scan_id=1,7,11" would run a scan with
the SSID fetched from the configured network blocks 1, 7, and 11
(assuming those are set with scan_ssid=1). The SSIDs will be included
even from network blocks that are currently disabled.
The maximum number of SSIDs added to the request is limited by the
driver support. If more than supported values are specified, the command
will fail (returns "FAIL").
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Tue, 1 Jul 2014 22:46:45 +0000 (01:46 +0300)]
WPS: Clear keys/PINs explicitly
Use an explicit memset call to clear any configuration parameter and
dynamic data that contains private information like keys or identity.
This brings in an additional layer of protection by reducing the length
of time this type of private data is kept in memory.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Tue, 1 Jul 2014 22:45:45 +0000 (01:45 +0300)]
Clear hostapd configuration keys explicitly
Use an explicit memset call to clear any hostapd configuration parameter
that contains private information like keys or identity. This brings in
an additional layer of protection by reducing the length of time this
type of private data is kept in memory.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Tue, 1 Jul 2014 22:43:33 +0000 (01:43 +0300)]
HS 2.0 R2: Clear hs20-osu-client configuration keys explicitly
Use an explicit memset call to clear any hs20-osu-client configuration
parameter that contains private information like keys or identity. This
brings in an additional layer of protection by reducing the length of
time this type of private data is kept in memory.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 29 Jun 2014 22:48:41 +0000 (01:48 +0300)]
EAP server: Clear keying material on deinit
Reduce the amount of time keying material (MSK, EMSK, temporary private
data) remains in memory in EAP methods. This provides additional
protection should there be any issues that could expose process memory
to external observers.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 29 Jun 2014 18:16:30 +0000 (21:16 +0300)]
EAP peer: Clear keying material on deinit
Reduce the amount of time keying material (MSK, EMSK, temporary private
data) remains in memory in EAP methods. This provides additional
protection should there be any issues that could expose process memory
to external observers.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 29 Jun 2014 22:32:07 +0000 (01:32 +0300)]
Clear wpa_supplicant configuration keys explicitly
Use an explicit memset call to clear any wpa_supplicant configuration
parameter that contains private information like keys or identity. This
brings in an additional layer of protection by reducing the length of
time this type of private data is kept in memory.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 29 Jun 2014 22:47:44 +0000 (01:47 +0300)]
EAP-AKA: Remove unnecessary dead increment
The pos pointer is not used after this now nor in future plans, so no
need to increment the value. This remove a static analyzer warning about
dead increment.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 29 Jun 2014 22:46:42 +0000 (01:46 +0300)]
EAP-GPSK: Avoid dead increment by checking pos pointer
Instead of using the pre-calculated length of the buffer, determine the
length of used data based on the pos pointer. This avoids a static
analyzer warning about dead increment.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 29 Jun 2014 22:45:26 +0000 (01:45 +0300)]
FT: Debug print extra response data
This shows any extra data from FT response and also avoids a static
analyzer warning on dead increment.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 29 Jun 2014 22:44:33 +0000 (01:44 +0300)]
PCSC: Debug print extra response data
This shows any extra data from USIM response and also avoids a static
analyzer warning on dead increment.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 29 Jun 2014 22:08:49 +0000 (01:08 +0300)]
Interworking: Remove unnecessary dead increment
build_root_nai() will not be extended to write something after the
domain, so there is no need to update the pos pointer after the final
os_snprintf() call in the function. Remove this to make a static
analyzer happier.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 29 Jun 2014 21:56:27 +0000 (00:56 +0300)]
Check for no key_mgmt/proto/auth_alg entries in config writer
This is not really necessary check, but it keeps a static analyzer
happier by avoiding dead increment. Doing it this way rather than
removing the increment is less likely to cause problems when new entries
are added here in the future (the "dead" increment would be very much
needed in those cases).
Signed-off-by: Jouni Malinen <j@w1.fi>