Fix creating 6 GHz IBSS/mesh on 5/6 GHz-capable PHYs
If the PHY supports both 5 GHz and 6 GHz bands, there will be two
different struct hostapd_hw_modes with mode HOSTAPD_MODE_IEEE80211A,
one for each band, with potentially different capabilities.
Check that the struct hostapd_hw_modes actually contains the frequency
before selecting it.
Signed-off-by: Nicolas Cavallari <nicolas.cavallari@green-communications.fr>
Split ibss_mesh_setup_freq() into multiple functions
ibss_mesh_setup_freq() has become a 342 line function with 23 local
variables, 1 or 2 goto labels depending on ifdefs and its logic is
quite unpredictable.
Split it into multiple functions. No functional change intended, it
should be bug-compatible with the original code, except for some log
messages that are skipped more often.
Signed-off-by: Nicolas Cavallari <nicolas.cavallari@green-communications.fr>
Kaidong Wang [Fri, 3 Feb 2023 02:05:40 +0000 (02:05 +0000)]
Apply bias towards 6 GHz in roaming
wpa_supplicant_need_to_roam_within_ess() applies bias to the minimum
difference of the signal level required to roam if the roam is from 2.4
GHz to higher band, but doesn't apply bias if the roam is from a lower
band to 6 GHz. Add bias towards 6 GHz, as 6 GHz networks usually provide
higher throughput.
Signed-off-by: Kaidong Wang <kaidong@chromium.org>
Antonio Prcela [Thu, 2 Feb 2023 23:02:07 +0000 (00:02 +0100)]
hostapd: Output hw_mode when using STATUS
Adding the hw_mode config parameter to the STATUS output to easier
determine the current hw_mode of an hostapd access-point. Currently
neither STATUS, GET hw_mode, nor GET_CONFIG output it.
Useful if the hostapd access point has been created with
wpa_ctrl_request() without using a *.conf file, like hostapd.conf.
Signed-off-by: Antonio Prcela <antonio.prcela@gmail.com> Signed-off-by: Antonio Prcela <antonio.prcela@sartura.hr>
Send broadcast Probe Response frames on the 6 GHz band
Change Probe Response frames to be sent as broadcast for 6 GHz band per
IEEE Std 802.11ax‐2021, 26.17.2.3.2: "If a 6 GHz AP receives a Probe
Request frame and responds with a Probe Response frame (per 11.1.4.3.4),
the Address 1 field of the Probe Response frame shall be set to the
broadcast address, unless the AP is not indicating its actual SSID in
the SSID element of its Beacon frames."
Signed-off-by: Hari Chandrakanthan <quic_haric@quicinc.com>
MLD STA: Add support for SAE external authentication offload to userspace
Enable MLO for SAE authentication when the driver indicates the AP MLD
address in an external authentication request. The MAC address of the
interface on which the external authentication request received will be
used as the own MLD address.
This commit does below for enabling MLO during external SAE
authentication:
- Use MLD addresses for SAE authentication.
- Add Basic Multi-Link element with the own MLD address in SAE
Authentication frames.
- Send SAE Authentication frames with the source address as the own MLD
address, destination address and BSSID as the AP MLD address to the
driver.
- Validate the MLD address indicated by the AP in SAE Authentication
frames against the AP MLD address indicated in external authentication
request.
- Store the PMKSA with the AP MLD address after completing SAE
authentication.
Add QCA_WLAN_VENDOR_MCC_QUOTA_TYPE_LOW_LATENCY attribute
to enable/disable Multi-Channel concurrency low latency mode.
The firmware will do optimization of channel time quota for
low latency in Multi-Channel concurrency state if enabled.
Jouni Malinen [Tue, 14 Feb 2023 09:29:30 +0000 (11:29 +0200)]
FT: Store PMK-R0/PMK-R1 after EAPOL-Key msg 2/4 MIC validation
hostapd was previously storing the derived PMK-R0 and PMK-R1 as soon as
these keys were derived. While that is fine for most purposes, it is
unnecessary to do that so quickly and if anything were to fail before
the supplicant is able to return a valid EAPOL-Key msg 2/4, there would
not really be any real use for the derived keys.
For the special case of FT-PSK and VLAN determination based on the
wpa_psk file, the VLAN information is set in the per-STA data structures
only after the EAPOL-Key msg 2/4 MIC has been verified. This ended up
storing the PMK-R0/PMK-R1 entries without correct VLAN assignment and as
such, any use of the FT protocol would not be able to transfer the VLAN
information through RRB.
Split local storing of the FT key hierarchy for the cases using the FT
4-way handshake so that PMK-R0 and PMK-R1 are first derived and then
stored as a separate step after having verified the MIC in the EAPOL-Key
msg 2/4 (i.e., after having confirmed the per-STA passphrase/PSK was
selected) and VLAN update. This fixes VLAN information for the
wpa_psk_file cases with FT-PSK.
During implementation of commit 257b119c2d87 ("QCA vendor attribute of
update roaming cached statistics info") some deficiencies were noted as
listed below, so fix them. Since these are pre-implementation changes,
no ABI breakage is introduced.
1) Change all RSSI values to be signed values.
2) Add enums for scan type and dwell type instead of documenting
their values with comments
3) Add missing QCA_ROAM_REASON_STA_KICKOUT to enum qca_roam_reason
Signed-off-by: Chunquan Luo <quic_chunquan@quicinc.com>
Jouni Malinen [Fri, 10 Feb 2023 11:11:54 +0000 (13:11 +0200)]
tests: Make pmksa_cache_and_cui more robust
Make sure hostapd has had time to complete 4-way handshake processing
before initiating reauthentication from wpa_supplicant. There is a small
window for race condition here when testing with UML and time travel.
Jouni Malinen [Fri, 10 Feb 2023 10:31:01 +0000 (12:31 +0200)]
MACsec: Remove EAP Session-Id length constraint
The initial MACsec implementation required the EAP Session-Id to be at
least 65 octets long and by truncating the value to that length, the
practical limit of functional cases was limited to that exact length of
65 octets. While that happens to work with EAP method that use TLS, it
does not work with most other EAP methods.
Remove the EAP Session-Id length constraint and allow any length of the
Session-Id as long as the EAP method provides one. In addition, simplify
this be removing the unnecessary copying of the Session Id into a new
allocated buffer.
Fixes: dd10abccc86d ("MACsec: wpa_supplicant integration") Fixes: a93b369c17b3 ("macsec: Support IEEE 802.1X(EAP)/PSK MACsec Key Agreement in hostapd") Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Raphaël Mélotte [Wed, 4 Jan 2023 15:53:50 +0000 (16:53 +0100)]
hostapd: Report error on unknown ACCEPT_ACL/DENY_ACL commands
Currently when using ACCEPT_ACL or DENY_ACL, no error is reported if
the rest of the command is unknown (e.g. 'ACCEPT_ACL FOOBAR' reports
'OK').
On the other hand, hostapd_cli makes it possible to use 'accept_acl'
and 'deny_acl' in lowercase, but the rest of the command (i.e. 'SHOW',
'ADD_MAC', 'CLEAR', etc) must be in uppercase.
As a result, the command 'accept_acl clear' could seem valid when
using hostapd_cli (as it reports 'OK'), while it actually does not do
anything (because 'clear' must be in uppercase).
To let users know whether the command really succeeded or not, report
an error when the command was not understood.
Note that this is also consistent with the way it is currently
implemented in wpa_supplicant.
Krishna T [Mon, 9 Jan 2023 20:09:10 +0000 (01:39 +0530)]
Fix BSS age underflow
While checking for stale BSSes, the current time is used as a basis and
then based on age the stale check time is calculated, but if this is
done too early in the boot and if either BOOTTIME/MONOTONIC (the one
Zephyr uses by default) are used then the stale check time underflows
and goes to future causing active BSS entries in the scan to be treated
as stale and flushed.
Fix this by adding a check before calculating stale time and ignore this
check till the system reaches the BSS expiration time (this would never
happen with REALTIME clock).
Signed-off-by: Krishna T <krishna.t@nordicsemi.no> Signed-off-by: Sridhar Nuvusetty <sridhar.nuvusetty@nordicsemi.no>
Jouni Malinen [Wed, 1 Feb 2023 16:21:55 +0000 (18:21 +0200)]
tests: wpa_supplicant config file parsing of an invalid network
This is a regression test for a NULL pointer dereferencing from commit d8d2b3a338a1 ("Implement read-only mode for SSIDs from the additional
config (-I)") .
MLD STA: Use AP MLD address in PMKSA cache attempts for driver-SME case
The previous implementation handles PMKSA cache attempts with AP MLD
address only for SME-in-wpa_supplicant cases since wpa_s->valid_links
wouldn't be set for SME-in-driver cases.
Fix SME-in-driver behavior by enabling PMKSA cache attempts with AP MLD
address when driver supports MLO and SME offload to driver.
Jouni Malinen [Mon, 30 Jan 2023 21:09:53 +0000 (23:09 +0200)]
SAE: Update PT value at later point for SME cases, if needed
It was possible to hit a case where the SAE PT had not yet been derived,
e.g., when using P2P group re-invocation. Update PT use at the time
authentication is started, if needed, to avoid this. While this is not
really ideal from the externally observable timing view point, this is
done only for the case where there is no other option available with a
dynamically changing network configuration for P2P. Similar design was
already in place for the SAE offload-from-driver (external auth) case.
Qiwei Cai [Wed, 11 Jan 2023 11:59:01 +0000 (19:59 +0800)]
P2P: Enable SAE-H2E for client when joining a 6 GHz group
Both P2P GO and client always save key_mgmt = WPA_KEY_MGMT_PSK in the
configuration when storing a persistent group. Next time, when a GO is
started as an autonomous GO on a 6 GHz channel, it will change key_mgmt
to SAE and use hash-to-element mechanism, but the P2P client doesn't
change the parameter even if the group it wants to join is operating on
a 6 GHz channel. The P2P connection will be failed due to reason 'reject
due to mismatch with WPA/WPA2'.
Jouni Malinen [Mon, 30 Jan 2023 21:07:21 +0000 (23:07 +0200)]
SAE: Extend automatic enabling of H2E on 6 GHz to additional cases
Commit 3a0edb2cd86e ("SAE: Enable H2E for 6 GHz BSS") started enabling
H2E automatically for SAE use on the 6 GHz band, but it did not update
these steps in verifying whether the STA has matching configuration for
a BSS that mandates use of H2E and whether to use PT for SAE in SME.
Update these to be aware of automatic H2E enabling.
Shivani Baranwal [Wed, 21 Dec 2022 06:35:12 +0000 (12:05 +0530)]
P2P: Fix handling Service Discovery Response received by GO device
The received Service Discovery Response frame follows the ap_mgmt_rx()
path in P2P GO mode. If gas_query_rx_frame() doesn't process the frame,
call the Public Action frame callbacks if any are registered for further
processing of the RX frame.
Fixes: 9c2b8204e662 ("DPP: Integration for hostapd") Signed-off-by: Shivani Baranwal <quic_shivbara@quicinc.com>
Set OCV capability based on Association Request frame RSNE
Currently, OCV self-capability is being set into the RSN supplicant
state machine only during the initial connection and never getting
updated. But for the driver-SME cases the driver may enable/disable OCV
in (Re)Association Request frame RSNE based on the AP chosen to roam.
This will lead to missing synchronization between wpa_supplicant and the
driver. Thus, update OCV self-capability in the wpa_supplicant RSN state
machine based on the (Re)Association Request frame RSNE indicated in the
connect response.
Jouni Malinen [Wed, 25 Jan 2023 18:43:16 +0000 (20:43 +0200)]
tests: Work around pyrad issues with octet strings that start with "0x"
pyrad's tools.py EncodeOctets() uses a design that tries to
automatically determine when the octetstring is a hex string based on
the binary data starting with "0x". That is not really nice since it
will result in failing one out of 65536 possible random inputs with
"binascii.Error: Non-hexadecimal digit found" when trying to decode an
actual (non-hex) binary string as a hexstring.
Work around this by convering the special cases where the
Message-Authenticator binary value happens to start with b"0x" to a
hexstring.
Jouni Malinen [Fri, 20 Jan 2023 17:56:20 +0000 (19:56 +0200)]
tests: Allow some more time for a scan in discovery_group_client
This makes the test case a bit more likely to be able to complete with
S1G being enabled in mac80211_hwsim. However, the 15 second P2P protocol
timeout itself can be hit in this type of a case and the test case will
still fail every now and then if all mac80211_hwsim supported channels
are included.
Jouni Malinen [Fri, 20 Jan 2023 17:46:32 +0000 (19:46 +0200)]
tests: Allow more VMs to be used that there are screen lines
curses prints were causing parallel-vm.py to terminate if there were too
many VMs to fit into the screen. For now, simply hide any VMs from the
live status if there is not sufficient room for them.
Jouni Malinen [Fri, 20 Jan 2023 17:08:07 +0000 (19:08 +0200)]
WPS: Do not indicate incorrect PBC overlap based on partner link
The check for PBC overlap on a partner link should not be done unless
the current interface is actually in active PBC mode. Furthermore, the
wpa_s->wps_overlap variable needs to be cleared in additional places to
avoid leaving it set indefinitely.
This was found with the following test case sequence:
dbus_wps_pbc_overlap dbus_p2p_two_groups
Fixes: b43e19f3f369 ("WPS: Cross band overlap detection with multiple interfaces") Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Jouni Malinen [Fri, 20 Jan 2023 16:02:26 +0000 (18:02 +0200)]
P2P: Make wpas_p2p_notif_pbc_overlap() static
Commit ace0fbdb69b4 ("P2P: Fix segfault when PBC overlap is detected")
removed the external calls to this function, but did not mark it static.
Mark it static now to clarify expected uses through the
wpas_p2p_pbc_overlap_cb() timer handler.
chunquan [Wed, 2 Nov 2022 03:40:00 +0000 (11:40 +0800)]
QCA vendor attribute of update roaming cached statistics info
Add vendor subcmd QCA_NL80211_VENDOR_SUBCMD_ROAM_STATS and attribute id
in enum qca_wlan_vendor_attr_roam_cached_stats for collecting roaming
statistics information when diagnosing roaming behavior.
Signed-off-by: Chunquan Luo <quic_chunquan.quicinc.com>
Jouni Malinen [Tue, 10 Jan 2023 10:38:59 +0000 (12:38 +0200)]
wlantest: Use AP MLD address in CCMP/GCMP AAD for A3
Commit b20991da6936 ("wlantest: MLD MAC Address in CCMP/GCMP AAD/nonce")
updated AAD and nonce construction to use MLD addresses in AAD for A1
and A2. IEEE P802.11be has additional cases where A3 in AAD is set to
the AP MLD address, so cover those as well.
Jouni Malinen [Tue, 10 Jan 2023 10:00:59 +0000 (12:00 +0200)]
wlantest: Select BSS more carefully for MLO EAPOL-Key cases
Prefer a BSS entry that has a matching STA entry when processing
EAPOL-Key frames. This avoids issues where some combination of MLD
and/or link addresses are used in a sequence that could end up
generating two separate STA entries for the same non-AP MLD.
Jouni Malinen [Tue, 20 Dec 2022 15:29:19 +0000 (17:29 +0200)]
dpp-nfc: Try to request with alternative URL in additional cases
There was a race condition between the NFC handover requester and
selector role processing that ended up not sending out the alternative
proposal in some cases. Catch those at the end of
run_dpp_handover_client() processing (or immediately after returning
from that function without having sent out the alternative proposal).
Add QCA vendor command to get the monitor mode status
Add a new vendor command QCA_NL80211_VENDOR_SUBCMD_GET_MONITOR_MODE to
get the local packet capture status in the monitor mode. Add required
attributes to respond with status of the monitor mode. The monitor mode
can be started/configured by using the
QCA_NL80211_VENDOR_SUBCMD_SET_MONITOR_MODE subcommand.
Michal Kazior [Wed, 3 Mar 2021 09:53:33 +0000 (09:53 +0000)]
DPP: Respond to GAS on the same channel it was received on
When I was testing dpp_auth_init on an AP with Enrollee on a different
channel from the AP I was getting failures. This happened on hwsim in
UML with time-travel for me. I don't recall seeing this with real
devices, presumably because of lax offchan implementation.
The DPP authentication would succeed. However the station would then try
to get configuration through a GAS request and fail.
The AP reported the following logs (grepped):
> 1614762426.860212: RX_ACTION category 4 action 10 sa 02:00:00:00:01:00 da 02:00:00:00:00:00 len 227 freq 2412
> 1614762426.860212: wlan0: GAS: GAS Initial Request from 02:00:00:00:01:00 (dialog token 239)
> 1614762426.860233: DPP: Wait for Configuration Result
> 1614762426.860234: nl80211: Send Action frame (ifindex=5, freq=2462 MHz wait=0 ms no_cck=0 offchanok=0)
> 1614762428.861186: DPP: Timeout while waiting for Configuration Result
> 1614762428.861186: wlan0: DPP-CONF-FAILED
While the STA reported the following logs (grepped):
> 1614762426.860193: wlan1: DPP-AUTH-SUCCESS init=0
> 1614762426.860195: DPP: Stop listen on 2412 MHz
> 1614762426.860202: wlan1: GAS-QUERY-START addr=02:00:00:00:00:00 dialog_token=239 freq=2412
> 1614762428.861185: GAS: No response received for query to 02:00:00:00:00:00 dialog token 239
> 1614762428.861189: DPP: GAS query did not succeed
> 1614762428.861189: wlan1: DPP-CONF-FAILED
AP would still receive the GAS request on ch1 but would then try to
respond on ch11 while STA was waiting on ch1.
Jouni Malinen [Sun, 18 Dec 2022 18:32:23 +0000 (20:32 +0200)]
Force MFPR=1 to be used on the 6 GHz band
IEEE Std 802.11ax-2021, 12.12.2 requires this, so force MFPR=1 when
associating on the 6 GHz band so that ieee80211w=1 (i.e., MFPC=1 MFPR=0)
configuration can be used to get MFPC=1 behavior on other bands and
MFPR=1 on the 6 GHz band.
Matthew Wang [Fri, 16 Dec 2022 19:10:02 +0000 (11:10 -0800)]
P2P: Support preferred GO band based optimization for scanning
Allow specifying preferred GO band in addition to frequency. If a band
is specified, the first two scans will be limited to only non-DFS
channels to shorten scan times, and the next two will scan the entire
band.
Signed-off-by: Matthew Wang <matthewmwang@chromium.org>
Jouni Malinen [Sun, 18 Dec 2022 10:04:36 +0000 (12:04 +0200)]
Do not flush PMKSA cache on restoring dedicated per-ESS MAC address
Now that we check in PMKSA cache code whether the entry was created for
the same local address, it is fine to leave the old entries in the cache
even if we have changed addresses. This allows a valid PMKSA cache entry
to be used when restoring the same MAC address for the same ESS.
Jouni Malinen [Sun, 18 Dec 2022 09:25:05 +0000 (11:25 +0200)]
Make random MAC address style parameters use common enum values
This makes the implementation more readable by sharing the same set of
enum values for all the parameters related to what kind of random MAC
addresses are used.
Jouni Malinen [Sun, 18 Dec 2022 10:21:54 +0000 (12:21 +0200)]
Check both sec and usec values to see if MAC address was changed
wpa_s->last_mac_addr_change.sec might be zero in the special case of UML
testing with time travel since it would be possible to complete the test
case steps within one second of the system start.
wpa_supplicant: Handle MAC address randomization changes for same ESS
When MAC address randomization settings change we should use a new MAC
address even if we are associating to the same ESS.
For example, consider this scenario:
- hardware MAC is being used,
- we disconnect from the network,
- policy/style is changed via D-Bus to turn randomization on,
- we reconnect to the same network.
In the last step a randomized MAC address should be used.
Changes to the randomization settings include both changes to the
policy/style to be used and changes to the pregenerated MAC address
value in case of mac_addr==3.
Signed-off-by: Andrzej Ostruszka <amo@semihalf.com>
Jouni Malinen [Sun, 18 Dec 2022 10:31:36 +0000 (12:31 +0200)]
tests: Use different mechanism for failing random MAC address change
gas_failures was using an invalid preassoc_mac_addr value 1111 to
trigger a failure. That won't work once wpa_supplicant starts validating
the range of the configuration parameter. Use a different mechanism to
force a failure in the actual random MAC address change functionality.
Jouni Malinen [Sun, 18 Dec 2022 10:19:03 +0000 (12:19 +0200)]
tests: Set address lifetime to be sufficiently large for the test
sta_dynamic_random_mac_addr and sta_dynamic_random_mac_addr_keep_oui
assumed that the same random MAC address remains in use even though it
set the lifetime to 0 seconds. This might have worked in the past by
accident, but set this properly to configure a longer lifetime.
Jintao Lin [Tue, 6 Dec 2022 17:41:58 +0000 (17:41 +0000)]
dbus: Do not bring down primary interface when removing created AP interface
If the CreateInterface command was used to create a virtual AP
interface, deleting this interface using the RemoveInterface command was
also bringing down the primary interface.
wpa_supplicant never uses hostapd style multi-BSS setup with
type=WPA_IF_AP_BSS and setup_ap=1 to if_add() when creating an AP
interface in wpa_driver_nl80211_if_add(), so it should not go through
the multi-BSS tear down procedure in wpa_driver_nl80211_if_remove(). The
virtual AP resources init and deinit are well handled in
wpa_driver_nl80211_init() and wpa_driver_nl80211_deinit().
Collapse the interface type to WPA_IF_STATION for the D-Bus interface to
skip the multi-BSS cleanup procedure. This is inline with the control
interface design. Add comments before the code to avoid confusion.
Signed-off-by: Jintao Lin <jintaolin@chromium.org>
Jouni Malinen [Sat, 17 Dec 2022 18:32:15 +0000 (20:32 +0200)]
EHT: Update EHT Operation element to P802.11be/D2.3 in AP settings
IEEE P802.11be/D2.0 added a 4-octet Basic EHT-MCS And Nss Set field into
the EHT Operation element. cfg80211 is now verifying that the EHT
Operation element has large enough payload and that check is failing
with the previous version. This commit does not really set the correct
Basic EHT-MCS And Nss Set values, but the IE length check is now passing
to allow initial mac80211_hwsim testing to succeed.
The driver is expected to translate the link addresses to MLD addresses
when processing an Authentication frame from a MLD AP. Thus, accept
Authentication frame when the peer matches the expected MLD address.
Signed-off-by: Ilan Peer <ilan.peer@intel.com> Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
SME: Add support for handling association with MLD
In case both the local driver and the AP support MLD, request an MLD
association from the driver.
When processing the association event from the driver verify that the
multi link information in the (Re)Association Response frame ML element
matches the links on which the association was expected.
Signed-off-by: Ilan Peer <ilan.peer@intel.com> Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
SME: Add support for handling authentication with MLD
In case both the local driver and the AP support MLD, request an MLD
authentication from the driver. When processing the authentication event
from the driver verify that the MLD address in the authentication data
matches that of the requested AP.
Signed-off-by: Ilan Peer <ilan.peer@intel.com> Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Authentication frames include several fixed body parts (see Table 9-68
(Authentication frame body) and Table 9-69 (Presence of fields and
elements in Authentication frames) in IEEE P802.11-REVme/D2.0).
To be able to parse the IE part, these fields need to be skipped. Since
SAE logic already implements this parsing, change SAE authentication
handling functions to return the offset to the IE part. This preparation
is needed for future MLD patches that need to parse out the ML related
elements in the Authentication frames.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Vinayak Yadawad [Tue, 6 Dec 2022 09:22:27 +0000 (14:52 +0530)]
WPA3: Update transition disable bitmap based on port authorized event
In case of drivers that offload the 4-way handshake to the driver, there
was no way of updating wpa_supplicant about the transition disable
bitmap received as a part of EAPOL-Key msg 3/4.
With latest provisions in cfg80211_port_authorized(), the TD bitmap can
be sent to the upper layer. Parse that as a part of the port authorized
event and set the transition disable information accordingly.
Jintao Lin [Tue, 6 Dec 2022 00:37:04 +0000 (00:37 +0000)]
nl80211: Enforce unique address for AP iftype
Some Wi-Fi SoCs do not ensure unique MAC address for the new virtual
interface. Enforce unique address is used for the created AP interface
similarly to other previously address interface types.
Signed-off-by: Jintao Lin <jintaolin@chromium.org>
Jintao Lin [Tue, 6 Dec 2022 00:37:04 +0000 (00:37 +0000)]
dbus: Pass in MAC address in CreateInterface method
chromeOS uses random generated MAC address for AP interface so that the
device could remain anonymous and untrackable. Add an address parameter
for CreateInterface method to pass in OS managed MAC address.
Signed-off-by: Jintao Lin <jintaolin@chromium.org>
Jintao Lin [Tue, 6 Dec 2022 00:37:04 +0000 (00:37 +0000)]
dbus: Fix a memory leak on error path in CreateInterface method
Fix a potential memory leak in CreateInterface method.
Fixes: 0ba266d86c90 ("dbus: Add virtual interface create/remove logic to be inline with ctrl_iface") Signed-off-by: Jintao Lin <jintaolin@chromium.org>
Micha Hashkes [Mon, 5 Dec 2022 13:31:17 +0000 (15:31 +0200)]
crypto: Check if crypto_bignum_to_bin() is successful
Return value of crypto_bignum_to_bin() wasn't always checked, resulting
in potential access to uninitialized values. Fix it, as some analyzers
complain about it.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com> Signed-off-by: Micha Hashkes <micha.hashkes@intel.com>
Ilan Peer [Mon, 5 Dec 2022 10:42:38 +0000 (12:42 +0200)]
HS 2.0: Restore ifdef for DEFINE_STACK_OF in est.c
DEFINE_STACK_OF() was only introduced in OpenSSL 1.1.0 and newer, but
the ifdef directive that wrapped it was wrongly removed when cleaning
some BoringSSL definitions. Use ifdef confistently for defining and
using AttrOrOID.
Fixes: faf9c04cb51c ("Remove a host of unnecessary OPENSSL_IS_BORINGSSL ifdefs") Signed-off-by: Ilan Peer <ilan.peer@intel.com> Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
PASN: Align RSNXE with IEEE P802.11az/D7.0 definitions
RSNXE bits were modified, so update the relevant places accordingly.
Please note, WLAN_RSNX_CAPAB_PROT_RANGE_NEG was renamed to
WLAN_RSNX_CAPAB_URNM_MFPR and the bit position is changed to 15 instead
of 10, while BIT 10 is used for WLAN_RSNX_CAPAB_URNM_MFPR_X20 and is not
supported yet.
Signed-off-by: Ilan Peer <ilan.peer@intel.com> Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
projects / thirdparty / hostap.git / log
