Jouni Malinen [Wed, 10 Dec 2014 23:41:48 +0000 (01:41 +0200)]
Fix ANQP_GET/HS20_GET_ANQP parsing to skip space after address
The space following the BSSID was not skipped properly if the following
parameter started with the "hs20:" prefix. For other cases, atoi() ended
up ignoring the space, but it is cleaner to skip it anyway for all
cases.
Jouni Malinen [Wed, 10 Dec 2014 17:25:35 +0000 (19:25 +0200)]
tests: ProxyARP ARP processing
This verifies processing of various ARP messages at an AP that enables
ProxyARP. All the validation steps have not yet been scripted, i.e., the
sniffer traces need manual analysis for full coverage.
Jouni Malinen [Tue, 9 Dec 2014 23:54:27 +0000 (01:54 +0200)]
P2P: Allow cross connection on the parent interface
Previously, any P2P capable interface was skipped in cross connection
uplink consideration. However, this ends up skipping more or less all
nl80211-based driver cases now since they mark the main interface P2P
capable. Relax this rule to allow the parent interface to be used as the
non-P2P station interface for cross connection purposes.
Jouni Malinen [Tue, 9 Dec 2014 21:55:41 +0000 (23:55 +0200)]
OpenSSL: Simplify EAP-FAST peer workaround
Commit d4913c585ec9b62a667473878a7fd7d8600d3388 ('OpenSSL: Fix EAP-FAST
peer regression') introduced a workaround to use a new SSL_CTX instance
set for TLSv1_method() when using EAP-FAST. While that works, it is
unnecessarily complex since there is not really a need to use a separate
SSL_CTX to be able to do that. Instead, simply use SSL_set_ssl_method()
to update the ssl_method for the SSL instance. In practice, this commit
reverts most of the tls_openssl.c changes from that earlier commit and
adds that single call into tls_connection_set_params() based on EAP-FAST
flag.
Jouni Malinen [Tue, 9 Dec 2014 21:41:09 +0000 (23:41 +0200)]
Add tls_session_reused=<0/1> into EAP peer TLS status
This can be used to determine whether the last TLS-based EAP
authentication instance re-used a previous session (e.g., TLS session
resumption or EAP-FAST session ticket).
Chet Lanctot [Sat, 6 Dec 2014 00:48:23 +0000 (16:48 -0800)]
nl80211: Add QCA vendor specific query of device/driver features
This commit introduces a QCA vendor command that allows interrogation of
the vendor-specific features supported by the device/driver. Currently
the only defined feature is the ability to offload key management.
Jouni Malinen [Tue, 9 Dec 2014 13:57:03 +0000 (15:57 +0200)]
OpenSSL: Fix EAP-FAST peer regression
Commit 35efa2479ff19c3f13e69dc50d2708ce79a99beb ('OpenSSL: Allow TLS
v1.1 and v1.2 to be negotiated by default') changed from using
TLSv1_method() to SSLv23_method() to allow negotiation of TLS v1.0,
v1.1, and v1.2.
Unfortunately, it looks like EAP-FAST does not work with this due to
OpenSSL not allowing ClientHello extensions to be configured with
SSL_set_session_ticket_ext() when SSLv23_method() is used. Work around
this regression by initiating a separate SSL_CTX instance for EAP-FAST
phase 1 needs with TLSv1_method() while leaving all other EAP cases
using TLS to work with the new default that allows v1.1 and v1.2 to be
negotiated. This is not ideal and will hopefully get fixed in the future
with a new OpenSSL method, but until that time, this can be used allow
other methods use newer TLS versions while still allowing EAP-FAST to be
used even if it remains to be constraint to TLS v1.0 only.
Jouni Malinen [Tue, 9 Dec 2014 11:19:22 +0000 (13:19 +0200)]
Fix OpenSSL 0.9.8za patch for EAP-FAST support
OpenSSL 0.9.8za added a fix for CVE-2014-0224 and the original fix broke
EAP-FAST support due to forgotten SSL3_FLAGS_CCS_OK marking for
tls_session_secret_cb. Fix for this regression was added into OpenSSL
1.x and newer. The same fix is needed in this backport patch for
0.9.8za.
Jouni Malinen [Tue, 9 Dec 2014 10:05:03 +0000 (12:05 +0200)]
OpenSSL: Remove support for the old EAP-FAST interface
Commit f5fa824e9a86940835e30a5a0b1fd3d8a7c4c640 ('Update OpenSSL 0.9.8
patch for EAP-FAST support') changed the OpenSSL 0.9.8 patch to support
the new API that was introduced in OpenSSL 1.0.0 for EAP-FAST. As such,
there should be no valid users of the old API anymore and tls_openssl.c
can be cleaned up to use only the new API.
Xiaofei Shen [Tue, 9 Dec 2014 14:20:31 +0000 (16:20 +0200)]
MACsec: Update protect frames and replay on reauthentication
Some cases like ifconfig down/up may require MACsec restart. To make
sure the appropriate protect frames and replay parameters get configured
in cases where the interface was down, set these parameters from KaY
configuration to the driver before creating a new transmit SC. This
allows MACsec functionality to recover automatically on such restart.
Jouni Malinen [Mon, 8 Dec 2014 23:56:57 +0000 (01:56 +0200)]
tests: Invitation Request retry and duplicated response
This verifies that the corner case of a duplicated, retransmitted
Invitation Response frame ends up being dropped instead of being
processed twice for the case of Invitation Request getting resend with
social channel as an operating channel in case of no common channels
found.
Sunil Dutt [Mon, 8 Dec 2014 09:41:16 +0000 (15:11 +0530)]
P2P: Check Invitation Response dialog token match for resend case
Commit ac330cfd87397a1a01e697984f3944f427e88dad ('P2P: Reinvite with
social operation channel if no common channels') introduced a mechamisn
to reinvite a peer during a persistent group reinvocation from a GO with
a different operating channel proposal. This mechanism can fail if the
inviting device (GO) ends up getting a retransmitted, duplicated
Invitation Response frame processed second time while waiting for the
response to the retried Invitation Request (using one of the social
channels as the operating channel). IEEE 802.11 duplicate frame
detection mechanisms are supposed to prevent this type of sequence, but
not all drivers support those rules properly for pre-association frames,
including P2P Public Action frames.
Work around this issue by checking that the dialog token in the
Invitation Response frame matches the one from the last Invitation
Request if the special invitation retry mechanism is used. This is safer
to do now than to enable dialog token matching for all invitation cases.
Jouni Malinen [Mon, 8 Dec 2014 14:22:13 +0000 (16:22 +0200)]
Clear wpa_s->disconnected on ctrl_iface FLUSH
This is needed to get into more consistent state after the FLUSH
command. DISCONNECT followed by FLUSH could result in
wpa_s->disconnected being left to 1 and this resulted in a test failure,
e.g., when running wpas_ctrl_dup_network followed by
wpas_ctrl_enable_disable_network where the latter was expecting
ENABLE_NETWORK on a disabled network to connect automatically and that
does not happen if wpa_s->disconnected == 1.
Jouni Malinen [Mon, 8 Dec 2014 14:10:46 +0000 (16:10 +0200)]
nl80211: Try to unmask 11b rates again on next connection request
It is possible for unmasking of 11b rates to fail if a P2P group is
terminated while the netdev is down (e.g., due to rfkill block). This
could result in the 11b TX rates being left masked for non-P2P
operations. This would be particularly unfortunate for channel 14 use
since OFDM rates are not allowed on channel 14 and only OFDM rates were
configured P2P. This issue showed up, e.g., when running hwsim test case
rfkill_autogo followed by ap_wps_conf_chan14.
It may be possible to allow the failed operation in cfg80211/mac80211,
but it looks better to work around this on wpa_supplicant side as well.
Try to unmask the 11b rates again on the next connection request if the
rate unmasking operation had failed.
Jouni Malinen [Mon, 8 Dec 2014 09:22:52 +0000 (11:22 +0200)]
Check os_snprintf() result more consistently - automatic 3
This converts os_snprintf() result validation cases to use
os_snprintf_error() where the comparison was 'res > size' instead of
'res >= size - 1'. These changes were done automatically with spatch
using the following semantic patch:
Jouni Malinen [Mon, 8 Dec 2014 09:18:39 +0000 (11:18 +0200)]
Check os_snprintf() result more consistently - automatic 2
This converts os_snprintf() result validation cases to use
os_snprintf_error() where the comparison was 'res > size' instead of
'res >= size'. These changes were done automatically with spatch using
the following semantic patch:
Jouni Malinen [Mon, 8 Dec 2014 09:15:51 +0000 (11:15 +0200)]
Check os_snprintf() result more consistently - automatic 1
This converts os_snprintf() result validation cases to use
os_snprintf_error() where the exact rule used in os_snprintf_error() was
used. These changes were done automatically with spatch using the
following semantic patch:
Jouni Malinen [Sun, 7 Dec 2014 10:15:34 +0000 (12:15 +0200)]
Check os_snprintf() result more consistently - success case
This converts os_snprintf() result validation cases to use
os_snprintf_error() in cases where success condition was used to execute
a step. These changes were done automatically with spatch using the
following semantic patch:
Jouni Malinen [Sun, 7 Dec 2014 10:11:13 +0000 (12:11 +0200)]
Check os_snprintf() result more consistently - maximum length
This adds verification of os_snprintf() result against the maximum
buffer length. These changes were done automatically with spatch
using the following semantic patch:
Jouni Malinen [Sun, 7 Dec 2014 23:37:39 +0000 (01:37 +0200)]
tests: Optimize WPS tests by avoiding full scan
A single channel scan just before WPS_REG, WPS_PBC, and WPS_PIN commands
can be used to avoid having to run a full scan. This saves significant
amount of time in the WPS test cases.
Jouni Malinen [Sun, 7 Dec 2014 23:25:26 +0000 (01:25 +0200)]
WPS: Start EAPOL immediately even without WPA on WPS association
Previously, the immediate EAPOL authenticator startup was scheduled
without having received EAPOL-Start only for the case where WPA/WPA2 was
enabled. This can be extended to speed up non-WPA/WPA2 cases as well if
the STA includes WPS IE in Association Request frame.
Jouni Malinen [Sun, 7 Dec 2014 21:27:45 +0000 (23:27 +0200)]
tests: Additional coverage for SCAN_RESULTS and BSS entry flags
This increases wpa_supplicant_ie_txt(), print_bss_info(), and
wpa_supplicant_ctrl_iface_scan_result() testing coverage to include the
previously missing key management options.
Jouni Malinen [Sun, 7 Dec 2014 20:02:57 +0000 (22:02 +0200)]
base64: Try to avoid static analyzer warning (part 2)
Shift right on unsigned char limits the value to 0..63 which is within
bounds for base64_table[]. Anyway, some static analyzers do not seem to
understand that. See if an otherwise unnecessary masking gets rid of
false warnings. (CID 62858)
Jouni Malinen [Sun, 7 Dec 2014 13:31:38 +0000 (15:31 +0200)]
tests: Remove test names from VM command with parallel-vm.py
There is no need to pass the test case names to the VMs when using
parallel-vm.py. Removing those from the command line helps in avoiding
kernel panic if maximum number of kernel parameters limit is hit.
Jouni Malinen [Sat, 6 Dec 2014 17:03:52 +0000 (19:03 +0200)]
base64: Try to avoid static analyzer warning
Shift right on unsigned char limits the value to 0..63 which is within
bounds for base64_table[]. Anyway, some static analyzers do not seem to
understand that. See if an otherwise unnecessary masking gets rid of
false warnings. (CID 62858)
Jouni Malinen [Sat, 6 Dec 2014 16:51:23 +0000 (18:51 +0200)]
Interworking: Make bounds checking easier for static analyzers
'num * 5 > end - pos' handles bounds checking a bit more efficiently,
but apparently that is not clear enough for all static analyzers.
Replace with 'num > left / 5' to avoid false reports. (CID 68117)
Jouni Malinen [Sat, 6 Dec 2014 16:34:23 +0000 (18:34 +0200)]
TLS: Reorder length bounds checking to avoid static analyzer warning
For some reason, "pos + len > end" is not clear enough, but "len > end -
pos" is recognized. Use that to get rid of a false positive from a
static analyzer (CID 72697).
Jouni Malinen [Sat, 6 Dec 2014 16:28:00 +0000 (18:28 +0200)]
EAP-SIM DB: Make recv() null termination easier for static analyzers
For some reason, the previous version was not understood to be null
terminating the buffer from recv(). It was doing this fine, though. Try
to use a bit more simpler design in hopes of getting static analyzers to
understand this. (CID 72702)
Jouni Malinen [Sat, 6 Dec 2014 16:13:29 +0000 (18:13 +0200)]
Replace send_ft_action() driver_op with send_action()
This reduced number of unnecessarily duplicated driver interface
callback functions for sending Action frames by using the more generic
send_action() instead of FT specific send_ft_action().
Jouni Malinen [Sat, 6 Dec 2014 14:47:12 +0000 (16:47 +0200)]
nl80211: Clean up nl80211_scan_common() to use nl80211_cmd_msg()
This helper function had not used the nl80211_set_iface_id() helper, but
there is no reason why it couldn't re-use the same helper as other
places using nl80211_cmd_msg().
Jouni Malinen [Sat, 6 Dec 2014 11:04:29 +0000 (13:04 +0200)]
nl80211: Use the new nl80211_cmd_msg() helper
This removes duplicated code for building nl80211 commands for a BSS.
This commit handles the functions that were already using
nl80211_set_iface_id().
Jouni Malinen [Fri, 5 Dec 2014 18:33:08 +0000 (20:33 +0200)]
nl80211: Continue getting rid of NLA_PUT* macro use
This gets rid of more NLA_PUT* macro uses in nl80211 to reduce the
number of functions that depend on the hidden behavior of jumping to the
nla_put_failure label.
Jouni Malinen [Fri, 5 Dec 2014 17:24:38 +0000 (19:24 +0200)]
nl80211: Get rid of NLA_PUT* macro use in capability checking
This gets rid of NLA_PUT* macro use in checking nl80211 capabilities to
reduce the number of functions that depend on the hidden behavior of
jumping to the nla_put_failure label.
Jouni Malinen [Fri, 5 Dec 2014 21:05:11 +0000 (23:05 +0200)]
Make GTK length validation easier to analyze
Bounds checking for gd->gtk_len in wpa_supplicant_check_group_cipher()
was apparently too complex for some static analyzers. Use a local
variable and a more explicit validation step to avoid false report.
(CID 62864)
Jouni Malinen [Fri, 5 Dec 2014 20:59:20 +0000 (22:59 +0200)]
FT: Make aes_wrap() call easier to analyze
Using aes_wrap() to initialize a data structure seemed to be too much
for some static analyzers to understand. Make it obvious that the target
is not just the single struct member. (CID 68111)
Jouni Malinen [Fri, 5 Dec 2014 20:52:06 +0000 (22:52 +0200)]
FT: Make aes_unwrap() calls easier to analyze
Using aes_unwrap() to initialize a data structure seemed to be too much
for some static analyzers to understand. Make it obvious that the target
is initialized and that the target is not just the single struct member.
In addition, clean up the design to avoid removal of const with a
typecast. (CID 68112, CID 68134, CID 68135, CID 68136)
Jouni Malinen [Fri, 5 Dec 2014 20:34:27 +0000 (22:34 +0200)]
P2P: Split p2p_channels_union() into two functions
The separate p2p_channels_union_inplace() makes the function easier for
static analyzers to see that the result buffer is always initialized.
(CID 74494)
Jouni Malinen [Fri, 5 Dec 2014 15:12:30 +0000 (17:12 +0200)]
tests: Optimize FT test cases
Use single channel scan instead of full scan to save time. In addition,
use EAP-GPSK which takes significantly less CPU that EAP-EKE with
default parameters.
Jouni Malinen [Fri, 5 Dec 2014 13:22:33 +0000 (15:22 +0200)]
WFD: Allow WFD_SUBELEM_SET/GET all to be used with full IE buffer
This extends the previously used WFD_SUBELEM_SET/GET <subelem id> design
to allow special "all" value to be used as an id to indicate that all
WFD subelements are to be set/get. This uses similar interface as was
previously added over D-Bus.
projects / thirdparty / hostap.git / log
