Jouni Malinen [Sat, 10 Jan 2015 22:56:17 +0000 (00:56 +0200)]
Work around Windows build issues
At least MinGW did not have ENOTCONN, EOPNOTSUPP, ECANCELED, so define
these to allow the build to go through.
wpas_rrm_send_neighbor_rep_request() is not really used on Windows, so
the exact error code values do not make any difference here.
Jouni Malinen [Sat, 10 Jan 2015 22:52:19 +0000 (00:52 +0200)]
Define host_to_le32() for Windows builds
This define had been forgotten at some point in time and wpa_supplicant
compilation for Windows failed with some recently added code that
depended on this.
Jouni Malinen [Sat, 10 Jan 2015 22:43:30 +0000 (00:43 +0200)]
Remove Network Security Service (NSS) support
NSS as a TLS/crypto library alternative was never completed and this
barely functional code does not even build with the current NSS version.
Taken into account that there has not been much interest in working on
this crypto wrapper over the years, it is better to just remove this
code rather than try to get it into somewhat more functional state.
Validation of these parameters has not been implemented with schannel.
Instead of ignoring them silently, reject the configuration to avoid
giving incorrect impression of the parameters being used if
wpa_supplicant is built with schannel instead of the default OpenSSL.
Validation of these parameters has not been implemented in the internal
TLS implementation. Instead of ignoring them silently, reject the
configuration to avoid giving incorrect impression of the parameters
being used if wpa_supplicant is built with the internal TLS
implementation instead of the default OpenSSL.
Validation of these parameters has not been implemented with GnuTLS.
Instead of ignoring them silently, reject the configuration to avoid
giving incorrect impression of the parameters being used if
wpa_supplicant is built with GnuTLS instead of the default OpenSSL.
Jouni Malinen [Sat, 10 Jan 2015 22:00:04 +0000 (00:00 +0200)]
Improve subject_match and domain_suffix_match documentation
These were already covered in both README-HS20 for credentials and in
header files for developers' documentation, but the copy in
wpa_supplicant.conf did not include all the details. In addition, add a
clearer note pointing at subject_match not being suitable for suffix
matching domain names; domain_suffix_match must be used for that.
Stefan Tomanek [Mon, 5 Jan 2015 20:10:16 +0000 (21:10 +0100)]
Add address masks to BSSID lists
In many applications it is useful not just to enumerate a group of well
known access points, but to use a address/mask notation to match an
entire set of addresses (ca:ff:ee:00:00:00/ff:ff:ff:00:00:00).
This change expands the data structures used by MAC lists to include a
mask indicating the significant (non-masked) portions of an address and
extends the list parser to recognize mask suffixes.
Signed-off-by: Stefan Tomanek <stefan.tomanek@wertarbyte.de>
Stefan Tomanek [Mon, 5 Jan 2015 20:08:49 +0000 (21:08 +0100)]
Add network specific BSSID black and white lists
This change adds the configuration options "bssid_whitelist" and
"bssid_blacklist" used to limit the AP selection of a network to a
specified (finite) set or discard certain APs.
This can be useful for environments where multiple networks operate
using the same SSID and roaming between those is not desired. It is also
useful to ignore a faulty or otherwise unwanted AP.
Signed-off-by: Stefan Tomanek <stefan.tomanek@wertarbyte.de>
Jouni Malinen [Sat, 10 Jan 2015 10:43:33 +0000 (12:43 +0200)]
Remove mesh_ht_mode network block parameter
There should not be a mesh-specific mechanism for setting up channel
parameters since that will just result in duplicated code. IBSS, mesh,
and AP mode can use the same data structures and parameters for setting
up such parameters.
Jouni Malinen [Sat, 10 Jan 2015 11:03:45 +0000 (13:03 +0200)]
mesh: Use the shared function with IBSS to determine channel parameters
Automatically enable HT20, HT40+, HT40-, or VHT, based on driver
capabilities. This obsoletes the mesh_ht_mode network block parameter
that was previously used to configure HT parameters.
Jouni Malinen [Sat, 10 Jan 2015 10:39:42 +0000 (12:39 +0200)]
tests: Drop mesh_ht_mode parameter from mesh test cases
This network profile parameter will be removed with the cleanup that
makes mesh use shared functions for setting channel parameters. That
will allow HT to be enabled automatically based on driver capabilities.
Janusz Dziedzic [Wed, 7 Jan 2015 08:29:43 +0000 (09:29 +0100)]
IBSS: Add WPA_DRIVER_FLAGS_HT_IBSS
Add WPA_DRIVER_FLAGS_HT_IBSS driver feature flag. Some drivers could not
set this feature and next could fail when we will enable HT support for
IBSS with error message: nl80211: Join IBSS failed: ret=-22 (Invalid
argument).
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
Bob Copeland [Wed, 7 Jan 2015 06:10:56 +0000 (01:10 -0500)]
SAE: Centralize function for sending initial COMMIT
When performing SAE authentication in mesh, one station may
initiate authentication by sending a COMMIT as soon as a peer
candidate is discovered. Previously we did this in mesh_rsn.c,
but this left some of the state initialization in a different
part of the code from the rest of the state machine, and we may
need to add other initializations here in the future, so move
that to a more central function.
Imre Vadasz [Tue, 6 Jan 2015 14:08:37 +0000 (15:08 +0100)]
bsd: Fix parsing of ieee80211req_scan_result on FreeBSD and DragonFly
On FreeBSD and DragonFly BSD, we additionally need to skip the
isr_meshid_len bytes of the MESH ID, to get the correct address for
copying the IE data.
The isr_meshid_len field was added in the FreeBSD svn revision r195618
in 2009, so I don't think we need to check the FreeBSD version here.
Jouni Malinen [Thu, 8 Jan 2015 20:39:18 +0000 (22:39 +0200)]
Handle interface disabled/enabled more consistently
It was possible for the interface not to be marked in INTERFACE_DISABLED
state in case the event was processed for P2P GO because the wpa_s
instance could have been removed in case of a separate group interface.
Change the state first to avoid leaving different state for the case
where separate group interface is not used.
Mark scan to be a normal scan on INTERFACE_ENABLED so that scanning
rules (e.g., skip scan if no networks enabled) get used consistently.
Jouni Malinen [Thu, 8 Jan 2015 20:13:17 +0000 (22:13 +0200)]
P2P: Indicate reason=UNAVAILABLE for group netdev going down
There is a race condition between receiving an AP stopped event and
netdev down event. These resulted in different group removal reasons on
a GO device (UNAVAILABLE for stop AP event coming first and REQUESTED
for netdev event first). Make this more consistent by reporting
UNAVAILABLE for both possible cases.
Jouni Malinen [Thu, 8 Jan 2015 00:31:11 +0000 (02:31 +0200)]
tests: Add out-of-memory loop tests for hostapd startup
These test cases run hostapd interface setup multiple times with
TEST_ALLOC_FAIL commands triggering memory allocation failures one by
one at each possible location in the setup sequence. Effectively, these
test cases will hit most error paths for memory allocation issue cases
(i.e., only the cases requiring more than one allocation failure in a
sequence are not covered).
Jouni Malinen [Wed, 7 Jan 2015 14:29:19 +0000 (16:29 +0200)]
tests: Make scan_random_mac more robust
There is a race condition between wlantest having received and written
the sniffer log and this test case using tshark to process it. Wait one
second before running tshark to make it less likely to get truncated
results that can result in the test case failing.
Jouni Malinen [Mon, 5 Jan 2015 18:30:28 +0000 (20:30 +0200)]
Add support for testing memory allocation failures
The new control interface command TEST_ALLOC_FAIL and GET_ALLOC_FAIL can
now be used to trigger memory allocation failures for testing purposes.
TEST_ALLOC_FAIL sets a failure conditions with
<count>:func[;func][;func]... string and GET_ALLOC_FAIL returns the
current state using the same format. Whenever an allocation is made with
a matching backtrace of calling functions, the count is decremented by
one and once zero is reached, the allocation is forced to fail.
Function names can be prefixed with either '=' or '?' to get different
matching behavior. '=' requires this specific function to be the next
one in the backtrace (i.e., do not skip any other functions in the list
which is the default behavior). '?' allows the function to be optionally
present in the backtrace.
Jouni Malinen [Tue, 6 Jan 2015 20:54:52 +0000 (22:54 +0200)]
TDLS: Fix an interface addition error path
It is possible for wpa_tdls_teardown_peers() to be called with sm ==
NULL in case interface addition fails before the WPA state machine is
initialized.
Jouni Malinen [Tue, 6 Jan 2015 15:04:24 +0000 (17:04 +0200)]
D-Bus: Fix string array dict entry parser in out-of-memory case
entry->strarray_value was left to point to freed memory in case
os_realloc_array() failed. This resulted in the following
wpa_dbus_dict_entry_clear() trying to free an already freed memory area.
In addition, the separately allocated strings in the array would have
been leaked in such a case. Furthermore, wpa_dbus_dict_entry_clear() was
not prepared for the possibility of the initial os_calloc() call failing
and entry->strarray_value being NULL without array_len being cleared to
zero. That would have resulted in reading uninitialized memory and NULL
pointer dereference.
Jouni Malinen [Tue, 6 Jan 2015 14:45:16 +0000 (16:45 +0200)]
D-Bus: Fix byte array dict entry parser in out-of-memory case
entry->bytearray_value was left to point to freed memory in case
os_realloc_array() failed. This resulted in the following
wpa_dbus_dict_entry_clear() trying to free an already freed memory area.
Jouni Malinen [Tue, 6 Jan 2015 11:22:06 +0000 (13:22 +0200)]
D-Bus (old): Fix message handler error paths
The error reply needs to be sent out as a response. The "out" label was
in incorrect place to allow that to happen; instead, it ended up leaking
memory for the generated reply message.
Jouni Malinen [Tue, 6 Jan 2015 09:46:46 +0000 (11:46 +0200)]
trace: Fix compiler warning on 32-bit builds with bfd support
With CONFIG_WPA_TRACE_BFD, the type cast from void* to integer was
generating a compiler warning due to the target integer being larger in
size in case of 32-bit builds. Type case to bfd_hostptr_t instead of
directly to bfd_vma to avoid this.
Jouni Malinen [Mon, 5 Jan 2015 19:57:15 +0000 (21:57 +0200)]
Fix hostapd initialization error path on allocation failure
If hostapd_alloc_bss_data() failed to allocate the struct hostapd_data
instance, dynamic interface addition path ended up trying to dereference
freed memory due to incorrect cleanup steps. Fix this by decrementing
the interface count when the newly added interface is removed. In
addition, make the setup more robust by clearing all changes within
hostapd_data_alloc() if any of the allocations fails.
Jouni Malinen [Tue, 6 Jan 2015 16:27:06 +0000 (18:27 +0200)]
nl80211: Fix compilation with libnl 1.1 and 2.0
Unfortunately, libnl 3.0 has changed the API in a way that is not
backwards compatible by renaming nlmsg_len() to nlmsg_datalen() without
leaving the older nlmsg_len() defined. As such, there does not seem to
be any clean way of using this function without breaking the build with
some libnl versions. For now, replace this call with direct calculation
of the data length since it can be done with a simple one-liner that
compiles with all libnl versions.
Jouni Malinen [Mon, 5 Jan 2015 15:27:08 +0000 (17:27 +0200)]
OpenSSL: Fix pbkdf2_sha1() wrapper
This was supposed to use the iterations parameter from the caller
instead of the hardcoded 4096. In practice, this did not have problems
for normal uses since that 4096 value was used in all cases.
Jouni Malinen [Mon, 5 Jan 2015 13:48:17 +0000 (15:48 +0200)]
tests: Add module tests for AES-SIV
This moves the AES-SIV test case from tests/test-aes.c to be part of
wpa_supplicant module testing framework with a new
src/crypto/crypto_module_tests.c component. In addition, the second test
vector from RFC 5297 is also included for additional coverage.
Jouni Malinen [Mon, 5 Jan 2015 11:40:07 +0000 (13:40 +0200)]
nl80211: Simplify event processing error paths
These are practically unreachable code since cfg80211 fills in the
required attributes or does not send the event. Keep the checks in
place, but minimize the extra code in wpa_supplicant/hostapd.
Jouni Malinen [Mon, 5 Jan 2015 10:21:12 +0000 (12:21 +0200)]
nl80211: Remove cfg80211 state mismatch workaround for authentication
cfg80211 dropped support for tracking BSS authentication state and
setting NL80211_BSS_STATUS_AUTHENTICATED in 'cfg80211: stop tracking
authenticated state' three years ago (starting in Linux 3.4). As such,
this workaround code in wpa_supplicant cannot be reached anymore. There
is no real need for maintaining it for older kernels either, since there
are other ways of detecting and working around state mismatches with the
actual authentication operations failing.
Jouni Malinen [Mon, 5 Jan 2015 10:00:09 +0000 (12:00 +0200)]
nl80211: Check support for rekey offload on first use
While there is no explicit driver capability advertisement for this in
nl80211, the EOPNOTSUPP response can be interpreted as a clear
indication of NL80211_CMD_SET_REKEY_OFFLOAD not being supported. Check
for that and don't try to offload keys again if the driver has not use
for them.
Ilan Peer [Mon, 29 Dec 2014 06:41:06 +0000 (01:41 -0500)]
scan: Add MAC address randomization in scan handling
1. Supported MAC address randomization for scan.
2. Supported MAC address randomization for scheduled scan.
2. Supported MAC address randomization for pno.
4. Add functions to set and clear the MAC address randomization
state variables.
Ilan Peer [Mon, 29 Dec 2014 06:41:04 +0000 (01:41 -0500)]
driver: Add definitions for MAC address randomization in scan
1. Add parameters to the scan command to allow MAC address
randomization during scan and scheduled scan.
2. Add capability bits to publish MAC address randomization support
in scan and scheduled scan.
projects / thirdparty / hostap.git / log
