Commit message (Collapse)AuthorAgeFilesLines
* GnuTLS: Fix compilation with newer GnuTLS versionsJouni Malinen2009-11-221-0/+4
| | | | | Avoid duplicate defination of TLS_RANDOM_SIZE and TLS_MASTER_SIZE. (cherry picked from commit e3992c3381e6ca1eb59a6bd3adfaa30c02721300)
* Fix strict aliasing issue with the internal SHA-1 implementationJouni Malinen2009-11-221-2/+2
| | | | | | | | | | | | | | | | | | | | | | | Need to define the workspace buffer properly to allow compiler to handle strict aliasing between the incoming unsigned char[64] buffer as an u32 array. The previous version built with strict aliasing enabled can result in SHA-1 producing incorrect results and consequently, with 4-way handshake failing. This is based on a report and patch from Dan Williams <dcbw@redhat.com> but with a different type (the union) used as a fix to avoid needing extra type casting. Discovered as part of the investigation of: https://bugzilla.redhat.com/show_bug.cgi?id=494262#c32 if sha1 is built with gcc without turning off strict aliasing, it will fail to correctly generate the hashes and will fail its own testcases as well. Signed-off-by: Dan Williams <dcbw@redhat.com> (cherry picked from commit 6d798e8b7e748935e10262566dc9b6ff02ac7d31)
* WPS: Fix MAC Address inside Credential be that of Enrollee'sJouni Malinen2009-11-223-3/+35
| | | | | | | | | | | | | | | | The WPS 1.0h specification is quite unclear on what exactly should be used as the MAC Address value in the Credential and AP Settings. It looks like this should after all be the MAC Address of the Enrollee, so change Registrar implementation to use that address instead of the AP BSSID. In addition, add validation code to the Enrollee implementation to check the MAC Address value inside Credential (and also inside AP Settings) to make sure it matches with the Enrollee's own address. However, since there are deployed implementations that do not follow this interpretation of the spec, only show the mismatch in debug information to avoid breaking interoperability with existing devices. (cherry picked from commit 4bdd556886fea5790aa4d56e2f416cc82ebf15b5)
* wpa_supplicant: Fix ctrl_interface group permissions to allow read/executeAnders Aspegren Søndergaard2009-11-221-0/+8
| | | | | | | | | When using umask 0077, the control interface directory was left without group read/execute permissions even if the configuration file explicitly asked for the group to be allowed to access the control interface. Fix this by adding read/execute permissions for group if a specific group is defined in the configuration. [Bug 199] (cherry picked from commit 3fd2a226f9dfb1ff5016e4f2809174f4ae8f33eb)
* hostapd: Fix endian bugs in STA HT capability handlingFelix Fietkau2009-11-221-14/+6
| | | | (cherry picked from commit 9510f00ff896f2a407a30dd8420e3b5cef8d5128)
* wpa_gui-qt4: Fix build with Session Manager disabled in Qt4Christian Rüb2009-11-223-0/+10
| | | | | | | | | | | | | | When trying to build wpa_gui (Qt4 version) from openembedded it fails because Qt4 is compiled without session manager and thus wpa_gui fails to compile. I attached a patch, that enables compiling without Session Manager (via preprocessor) if it is not compiled into Qt4; otherwise, it behaves as it does right now. I checked to build on my host (Debian unstable, Session Manager enabled) and openembedded (Session Manager disabled). (cherry picked from commit 1545457e04cfd625c1c9439e62a6a3b5fb1cf15c)
* WPS: Determine the OpCode based on message type attribute (UPnP)Jouni Malinen2009-11-221-0/+11
| | | | | | This allows WSC_ACK and WSC_NACK to be processed correctly in the AP when operating as an Enrollee with an ER over UPnP transport. (cherry picked from commit 82b857ec0b78a28a080792a921cae785850dd470)
* WPS: Do not use ASCII-dump on binary PutWLANResponse NewMessageJouni Malinen2009-11-221-2/+2
| | | | (cherry picked from commit c94ec09ed39f5e5f40a967da80694ae501c7106b)
* WPS: Use a dummy WSC_ACK as WLANEvent as the initial event if neededJouni Malinen2009-11-221-3/+43
| | | | | | | | UPnP device architecture specification requires all evented variables to be included in the initial event message after subscription. Since this can happen before we have seen any events, generated a dummy event (WSC_ACK with all-zeros nonces) if needed. (cherry picked from commit fcac668faa5459c3f4ad1f9837f4b0f50edc4cba)
* WPS: Send SSDP byebye notifications when stopping UPnP advertisementsJouni Malinen2009-11-223-5/+36
| | | | | | | This will notify control points of the services going away and allows them to notice this without having to wait timeout on the initial advertisements. (cherry picked from commit 44577e4c2e37b1039ec8850c61e7a71f6c242c1f)
* WPS: Remove derivation of management keysJouni Malinen2009-11-223-59/+0
| | | | | | MgmtAuthKey and MgmtEncKey were not used for anything and are unlikely to ever be used, so better remove the code to reduce binary size. (cherry picked from commit d806a5588e8f6d8bb8141cdd3d890fdf8bff3cd1)
* WPS: Fix AP to proxy WSC_NACK to ERJouni Malinen2009-11-221-1/+2
| | | | (cherry picked from commit ed835e539b7c430241d842530de967c5de6427e0)
* WPS: Fix OpCode when proxying WSC_ACK or WSC_NACK from ERJouni Malinen2009-11-221-1/+11
| | | | | | | Previously, WSC_MSG was hardcoded for every message from ER, but this needs to be changed based on message type to send a valid message to the Enrollee via EAP transport. (cherry picked from commit 04f5d740772c53125bdf9251565d0e438b239430)
* Remove a note about other repositories of wpa_supplicantJouni Malinen2009-11-221-3/+3
| | | | (cherry picked from commit 4bb4ae0ae0433a8992ee33a801cfeb0c945cce6c)
* WPS: Fix credential processing for open network caseJouni Malinen2009-11-221-1/+1
| | | | | | | There is no point in comparing cred->key == NULL since cred->key is an array (never NULL). key_len == 0 should be used instead to indicate that no key was specified. (cherry picked from commit e542b40f9384beb8b19d0a8017bfae2487c6798d)
* Add wpa_msg_ctrl() for ctrl_interface-only messagesJouni Malinen2009-11-223-1/+41
| | | | | | | | | | | | This is like wpa_msg(), but the output is directed only to ctrl_interface listeners. In other words, the output will not be shown on stdout or in syslog. Change scan result reporting to use wpa_msg_ctrl() for CTRL-EVENT-SCAN-RESULTS message at info level and wpa_printf() at debug level to avoid showing scan result events in syslog in the common configuration used with NetworkManager. (cherry picked from commit 69856fadf77e680d01cac09da37e6bb3643ca427)
* Replace "git-archive" with "git archive" to fix release buildJouni Malinen2009-11-221-3/+3
| | | | (cherry picked from commit 6ae225726f7aa1b1c293622fd43eed24873762d8)
* WPS: Mark functions staticJouni Malinen2009-11-222-3/+2
| | | | | These functions are used only within wps_upnp_event.c. (cherry picked from commit b02ee4a2283a7850214c143811ed21bf1805cd4e)
* WPS: SelectedRegistrar expiration for internal PIN registrarAndriy Tkachuk2009-11-221-0/+14
| | | | | | | | | | | | | | Though we have such a timeout when handling SetSelectedRegistrar UPnP message from an external registrar, it looks like we don't have one when the internal registrar is activated for PIN connection. Thus we set the SelectedRegistrar flag when AP is activated for PIN connection but we never reset it - not by some timeout, nor when registration succeeds. This lead to situations where AP everlastingly declare that it is activated for WPS PIN connection when in reality it is not. Use the same timeout (and also success with PIN) to clear the selected registrar flag when using internal registrar, too. (cherry picked from commit 72ffc08242cc1b8200ceb4af7bf7b723e2a07012)
* WPS: Use Config Error 12 to indicate PBC overlap in M2DJouni Malinen2009-11-221-2/+4
| | | | | | | If PBC session overlap is detected between button press on the registrar and M1 is reception, report session overlap with the Config Error attribute in M2D to the Enrollee. (cherry picked from commit 7e3a67514f6afa45a90b0857921202d0384996e3)
* Fix dbus build without EAPJouni Malinen2009-11-221-0/+5
| | | | (cherry picked from commit e5fc45d7aec5270c0742e30956233ac28d50bedb)
* Stub out the dbus function w/o CONFIG_WPS to fix buildSam Leffler2009-11-221-0/+5
| | | | (cherry picked from commit 2d8fe38109e63532ff7b8a50396ceb458273ba55)
* Remove wpa_priv on 'make clean'Jouni Malinen2009-11-221-0/+1
| | | | (cherry picked from commit 385f16c6114500e9a2287058f99f6c3da3e949ad)
* Skip networks without known SSID when selecting the BSSJouni Malinen2009-11-221-0/+10
| | | | | | | | | | | | Previously, APs that were hiding SSID (zero-length SSID IE in Beacon frames) could have been selected when wildcard SSID matching was used. This would result in failed association attempt since the client does not know the correct SSID. This can slow down WPS which is often using wildcard SSID matching. Ignore BSSes without known SSID in the scan results when selecting which BSS to use. (cherry picked from commit e81634cd1802e14b061c6c3672529a862ba19189)
* MFP: Clear IGTKMasashi Honma2009-11-221-0/+4
| | | | | | | | The fourth and fifth keys are used as IGTK for management frame protection. This patch clears these keys. I have tested with linux kernel (cherry picked from commit 0e27f655f1275a98a0081f4d41f551af254ad38f)
* Include only the used DH groups in the buildJouni Malinen2009-11-223-1/+19
| | | | | | This reduces the binary size by 3 kB or so when WPS is included in the build, but IKEv2 is not. (cherry picked from commit dd01b1ff9d8a19c1e1b7e40d6df7d838d2ac34bb)
* nl80211: Recognize NL80211_CMD_TRIGGER_SCAN eventsJouni Malinen2009-11-221-0/+3
| | | | | | | | Replace "nl80211: Ignored unknown event (cmd=33)" with "nl80211: Scan trigger" to make debug output clearer. We do not currently do anything with this event apart from showing it in the debug log. (cherry picked from commit d942a79e6a9237b664e9973e11d109e2598340ab)
* Fix VLAN ID validation check to use the new VLAN IDBlaž Bačnik2009-11-221-1/+1
| | | | | | | When checking the validity of VLAN ID based on RADIUS-based ACL or accept_mac_file, the assigned vlan_id, not the old sta->vlan_id (likely zero) needs to be used. (cherry picked from commit 1066c1ee3c8a786f688a46f9d3be8ebfd27580de)
* DragonFly BSD: Fix wired IEEE 802.1XMasashi Honma2009-11-221-4/+4
| | | | | | | | | | | | | On DragonFly BSD, wired IEEE 802.1X fails with this message: ioctl[SIOC{ADD/DEL}MULTI]: Invalid argument This patch solves this issue. I have tested with these: OS : DragonFly BSD 2.4.0 EAP : EAP-TLS Switch : Cisco Catalyst 2950 (cherry picked from commit f335c69e148db2afcea6c22bcde73efd346d7812)
* Remove the STA entry on reassociation to clear STA PS stateJouni Malinen2009-11-221-0/+7
| | | | | | | | hostapd needs to remove the old STA entry if it exists when processing reassociation back to the same AP. This removes the potentially PS buffered frames and allows association parameters to be updated with mac80211. (cherry picked from commit c140a22858bb63222cd4f682e0b596b313ef0de9)
* Mac OS X: Fix wired IEEE 802.1XMasashi Honma2009-11-221-2/+2
| | | | (cherry picked from commit 40e107c1299deda181533d03eb8557580bc19ba0)
* WPS: Fix CONFIG_WPS=y compilation of wpa_supplicantMasashi Honma2009-11-221-0/+1
| | | | | | The wpa_supplicant compilation failed with CONFIG_WPS=y option if CONFIG_CLIENT_MLME and CONFIG_IEEE80211R are not used. (cherry picked from commit f1b0de09d96dafd229c615e8114ca83d1af3b380)
* Remove extra whitespaceWitold Sowa2009-11-223-4/+3
| | | | (cherry picked from commit 1bd3f426d3cc421e8cc635599fcc94cf070e1efb)
* WPS: Add parsing of AP Setup Locked attributeJouni Malinen2009-11-222-0/+9
| | | | (cherry picked from commit e9a2bca6f5e5dd7ef7aa62f6954b3877f41a1e34)
* radius_server: clean up completed sessions soonerAlex Badea2009-11-221-1/+5
| | | | | | | | | | | | | | | radius_server_encapsulate_eap() resets sess->eap->if->eap{Success,Fail} to FALSE, such that the completion condition is never true. The net effect is that completed sessions would linger for RADIUS_SESSION_TIMEOUT seconds. Signed-off-by: Alex Badea <vamposdecampos@gmail.com> Previously, the default settings allowed 100 sessions in 60 seconds. With this fix, the default limit is now 100 sessions per 10 seconds. [Bug 329] (cherry picked from commit 7598210b79ce6d0736892fc4a68caed8f6bc0e6f)
* Fix WPA reconfiguration to update GTKJouni Malinen2009-11-221-15/+35
| | | | | | | The group key state machine needs to be re-initialized with possible updated GTK length when restarting WPA (e.g., when WPS was used to reconfigure the AP). (cherry picked from commit e6965d4e5daf00f5d7910fbade1681e0e6ad85e2)
* Delay processing of EAPOL frames when not associatedJouni Malinen2009-11-223-0/+47
| | | | | | | | | | | | If an EAPOL frame is received while wpa_supplicant thinks the driver is not associated, queue the frame for processing at the moment when the association event is received. This is a workaround to a race condition in receiving data frames and management events from the kernel. The pending EAPOL frame will not be processed unless an association event is received within 100 msec for the same BSSID. (cherry picked from commit 1ff733383f3d5c73233ef452a738765667021609)
* OpenBSD: wired IEEE 802.1X for OpenBSDMasashi Honma2009-11-223-5/+13
| | | | | | | | | | | | | This is a patch for OpenBSD wired IEEE 802.1X. This is only for wired, not wireless, because OpenBSD uses wpa_supplicant only on wired now. http://www.openbsd.org/cgi-bin/cvsweb/ports/security/wpa_supplicant/ I have tested with these. OS : OpenBSD 4.5 EAP : EAP-TLS Switch : CentreCOM 8724SL (cherry picked from commit 80cc6bf6d0f9b86603e5181cdf11d984dded89cc)
* Disable PMTU discovery for RADIUS packets (sent them without DF)Jouni Malinen2009-11-221-0/+18
| | | | | | | | | | | | When Linux has Path MTU discovery enabled, it sets by default the DF bit on all outgoing datagrams, also UDP ones. If a RADIUS message is bigger than the smallest MTU size to the target, it will be discarded. This effectively limits RADIUS messages to ~ 1500 Bytes, while they can be up to 4k according to RFC2865. In practice, this can mean trouble when doing EAP-TLS with many RADIUS attributes besides the EAP-Message. [Bug 326] (cherry picked from commit 5cd89c26f952a6cd6fca4b55d52fe849e7483a62)
* Disable PMTU discovery for RADIUS packets (sent them without DF)Stefan Winter2009-11-221-2/+22
| | | | | | | | | | | | When Linux has Path MTU discovery enabled, it sets by default the DF bit on all outgoing datagrams, also UDP ones. If a RADIUS message is bigger than the smallest MTU size to the target, it will be discarded. This effectively limits RADIUS messages to ~ 1500 Bytes, while they can be up to 4k according to RFC2865. In practice, this can mean trouble when doing EAP-TLS with many RADIUS attributes besides the EAP-Message. [Bug 326] (cherry picked from commit a2fbf12524b78c323fd3e4793b042943834d9d2f)
* Remove rc4() wrapperJouni Malinen2009-11-226-23/+6
| | | | | | | This is not really of that much use since rc4_skip() can be used as easily. In addition, rc4 has caused some symbol conflicts in the past, so it is easier to live without that as an exported symbol. (cherry picked from commit 8ef168311557982dd6b88cfcf26453aeb4dad6ac)
* Enable SHA256 digest support in OpenSSLJouni Malinen2009-11-221-0/+3
| | | | | | This is needed to allow X.509 certificates with SHA256 digest to be used. [Bug 323] (cherry picked from commit e1ffdfc18be9027b5ff9ae254f92b6255930ac71)
* NetBSD: Fix wired IEEE 802.1X problemMasashi Honma2009-11-221-0/+9
| | | | | | | | | | | | | | | | On NetBSD 5.0, when I use wired 802.1X, "Invalid argument" occurs on SIOCADDMULTI ioctl and 802.1X fails. I tried FreeBSD code, but "Address family not supported by protocol family" occurs on SIOCADDMULTI ioctl and 802.1X fails, too. This patch solves this issue. I have tested with these: OS : NetBSD 5.0 EAP : EAP-MD5 Switch : CentreCOM 8724SL (cherry picked from commit d43430d43d3592daceced77206fea5eb54346b05)
* WPS: Workaround mixed-mode WPA+WPA2 auth type in credentialsJouni Malinen2009-11-221-7/+15
| | | | | | | | An SMC router was reported to use 0x22 (WPAPSK + WPA2PSK) in the authentication type of the provisioned credential and wpa_supplicant rejected this as invalid. Work around this by replacing WPAPSK + WPA2PSK with WPA2PSK. (cherry picked from commit 49eba5f82fcf05f90aad369744a6f8e669bd3311)
* Avoid a theoretical integer overflow in base64_encode()Jouni Malinen2009-11-221-0/+2
| | | | | | | | | | | | If base64_encode() were to be used with a huge data array, the previous version could have resulted in overwriting the allocated buffer due to an integer overflow as pointed out in http://www.freebsd.org/cgi/query-pr.cgi?pr=137484. However, there are no know use cases in hostapd or wpa_supplicant that would do that. Anyway, the recommended change looks reasonable and provides additional protection should the base64_encode() function be used for something else in the future. (cherry picked from commit 6b23b70445ee091722bc4a9d3933ae16a880d238)
* Ignore the generated libeap.a fileJouni Malinen2009-11-221-0/+1
| | | | (cherry picked from commit 94531aa05df91bc707d433f93ecb3e4c15b7abb7)
* CONFIG_WIRELESS_EXTENSION need not be in CFLAGSJohannes Berg2009-11-221-1/+0
| | | | (cherry picked from commit 602606091b62a64017f91b33b0527a4948a21a71)
* CONFIG_WIRELESS_EXTENSION is purely internal to the MakefileJohannes Berg2009-11-222-5/+1
| | | | (cherry picked from commit 91382de4d12c341183170bc98dcc991b6939c682)
* make the build process quieter to see warningsJohannes Berg2009-11-222-0/+21
| | | | (cherry picked from commit b2840aafaf4dd5c7dd476e2d03944782edb20541)
* Remove mac80211_hwsim codeJohannes Berg2009-11-223-561/+2
| | | | | | | The hwsim code here can only compile with a very specific kernel version, but is shipped with current kernels so you just need to enable it in your kernel instead. (cherry picked from commit 2c1df9bd90d992713222d41fa56b079716f7a2ed)