path: root/src
Commit message (Collapse)AuthorAgeFilesLines
* Preparations for v0.6.8 releasehostap_0_6_8Jouni Malinen2009-02-151-1/+1
* Do not try session resumption after EAP failureJouni Malinen2009-02-152-1/+7
| | | | | | | | | If session resumption fails for any reason, do not try it again because that is just likely to fail. Instead, drop back to using full authentication which may work. This is a workaround for servers that do not like session resumption, but do not know how to fall back to full authentication properly. (cherry picked from commit f2d8fc3d9670ae90a04f38d4344d8dfc0f0929ab)
* Improved 'make install' (use BINDIR/LIBDIR, install shared objects)Daniel Mierswa2009-02-1515-0/+48
| | | | (cherry picked from commit d94d4bafbb43699d323d6f6e3e404000b3f0a7b4)
* Allow the privsep driver to pass the set_country to the real driverDaniel Mierswa2009-02-152-1/+11
| | | | (cherry picked from commit 6301cc5d385ae4e3b4aa74ca863e034b8d91c326)
* Check EAP-AKA' AT_KDF duplication only if KDF was negotiatedJouni Malinen2009-02-151-1/+4
| | | | | | | This fixes an issue where two AKA'/Challenge messages are received when resynchronizing SEQ#. Previously, this used to trigger an authentication failure since the second Challenge message did not duplicate AT_KDF. (cherry picked from commit 2cfcd014f4e2c9886af2e7433c40119091ff1535)
* Add debug prints for couple of new EAP-AKA' attributesJouni Malinen2009-02-151-0/+4
| | | | (cherry picked from commit 3fe430b5d5822bb2b6180bb06967777ae79223f3)
* nl80211: Remove one second sleep after iface upJouni Malinen2009-02-151-11/+0
| | | | | | | This workaround was needed with some drivers that used WEXT, but there is no known nl80211-enabled driver that would need this, so lets get rid of the extra delay. (cherry picked from commit 7d315b7b429d6847de91524150a9ddc2fa6e21e4)
* nl80211: Replace WEXT scan event with nl80211Jouni Malinen2009-02-151-15/+155
| | | | | | Use the new nl80211 scan event mechanism instead of the WEXT event. This completes the move from WEXT scanning into nl80211 scanning. (cherry picked from commit 97865538ba250730841727a42b7beccd9f7af414)
* nl80211: Replace SIOCGIWSCAN with NL80211_CMD_GET_SCANJouni Malinen2009-02-151-401/+77
| | | | | | This replaces the WEXT mechanism for fetching scan results with the new nl80211 mechanism. (cherry picked from commit b3db1e1cd3ca86aa1ea58bacabec9680bdc96309)
* nl80211: Replace SIOCSIWSCAN with NL80211_CMD_TRIGGER_SCANJouni Malinen2009-02-151-23/+30
| | | | | | This is the first step in replacing WEXT-based scan with the new nl80211-based mechanism. (cherry picked from commit 0e75527f7e040d8bc0b182597b90ff2b4e74c428)
* Sync nl80211.h with the current wireless-testing versionJouni Malinen2009-02-151-0/+69
| | | | (cherry picked from commit b938903e4100d76d9ed4b9277bd41a68414991a8)
* Add another Milenage test set that is suitable for EAP-AKA'Jouni Malinen2009-02-151-0/+4
| | | | | | The Test Set 19 from TS 35.208 has an AMF with the separation bit set and as such, it is suitable for EAP-AKA' testing. (cherry picked from commit 265ca78917df4d71bd2425f2cd7c18d4a90ef298)
* EAP-AKA': Verify that AMF separation bit is setJouni Malinen2009-02-151-1/+7
| | | | (cherry picked from commit 35f30422ecfe1163b6a70c89e1b7b6637b77133f)
* Use signal quality if level is not available for comparing max ratesHelmut Schaa2009-02-151-4/+7
| | | | | | | | | | | | | | | | | | | | | | Some drivers (for example ipw2100) do not report signal level but only signal quality. wpa_supplicant already uses the signal quality if no level is reported and all other comparision parameters are equal to sort the scan results. However, if two APs have different max rates and the signal level does not differ much wpa_supplicant chooses the AP with the higher max rate. In case of ipw2100 no signal level is reported and thus wpa_supplicant always takes the AP with higher max rate even if its signal quality is really low. For example if AP1 (max rate 11Mb/s, 80% signal quality) and AP2 (max rate 54 Mb/s, 20% signal quality) are found by a scan wpa_supplicant would choose AP2. Hence, if no signal level is reported depend on the signal quality if max rate should be compared. A quality difference of 10% is considered acceptable in favor of the higher max rate. Signed-off-by: Helmut Schaa <helmut.schaa@googlemail.com> (cherry picked from commit e1b525c3560614cc56c85b7d060f540900c4da34)
* wext: Force disconnect on deauthenticate()Jouni Malinen2009-02-151-13/+26
| | | | | | Use the same zero-BSSID, random-SSID trick for both disassociate() and deauthenticate(). (cherry picked from commit 4853d5ac847efbfe54b80eeefabc2932696414c9)
* wext: really disassociate (set random SSID)Dan Williams2009-02-151-2/+14
| | | | | | | | | | | | Really disassociate when tearing stuff down; drivers may sometimes (legally) keep trying to reassociate unless the BSSID is unlocked. If the SSID is unlocked too, under WEXT drivers are able to pick an SSID to associate, so kill that behavior by setting a bogus SSID. Unfortunately WEXT doesn't provide an easy method to say "stop whatever doing and just idle". Signed-off-by: Dan Williams <dcbw@redhat.com> (cherry picked from commit b965fa729404b6ac602c716968179bcb510204ae)
* Use larger buffer for TLS encryption to avoid issues with GnuTLSJouni Malinen2009-02-152-1/+9
| | | | | | | | | | | | | It looks like GnuTLS (at least newer versions) is using random padding on the application data and the previously used 100 byte extra buffer for tls_connection_encrypt() calls was not enough to handle all cases. This resulted in semi-random authentication failures with EAP-PEAP and EAP-TTLS during Phase 2. Increase the extra space for encryption from 100 to 300 bytes and add an error message into tls_gnutls.c to make it easier to notice this issue should it ever show up again even with the larger buffer. (cherry picked from commit edd757e8a3d165cbfc4d1721f30a8aa276f9329b)
* WPS: Set correct Selected Registrar Config Methods attributeMasashi Honma2009-02-151-0/+1
| | | | | | | | I tried PBC with the hostapd registrar. I pushed the button with "hostap_cli WPS_PBC". But hostapd registrar always sends Selected Registrar Config Methods attribute=0x0000 in beacon/probe response. (cherry picked from commit 363a9e2434c00e06b76d1ec1add434a4a8fd970f)
* Create os_daemon for OS X, as it's now deprecated (Leopard)Alan T. DeKok2009-02-151-1/+36
| | | | | Using it results in an error at build time. So we replace it. (cherry picked from commit 02a89365abba33fb462f739c325dc9cc3e847dae)
* Allow driver_bsd.c to be built for NetBSDJeremy C. Reed2009-02-151-0/+11
| | | | (cherry picked from commit 898d6921b4cfe8b0696d85d756204379f1116182)
* Use os_strlcpy instead of os_strncpy when copying ifnameJouni Malinen2009-02-151-2/+2
| | | | | | In theory, the ifname could be IFNAMSIZ characters long and there would not be room for null termination. (cherry picked from commit a3bfd14de1b9e7a89c0b610b0368d2dd7568d315)
* Avoid memory leak on error path in crypto_cipher_init()Jouni Malinen2009-02-081-0/+2
| | | | (cherry picked from commit 7818ad2c8fc544016987cf770f1ef99affd08cb6)
* Add crypto_cipher_{init,encrypt,decrypt,deinit} for GnuTLSJouni Malinen2009-02-081-1/+114
| | | | (cherry picked from commit 23a139246de48ab7cf4bf623563fda7de3a33d76)
* Fix privsep build with CONFIG_CLIENT_MLME=yJouni Malinen2009-02-082-2/+24
| | | | | | Add wpa_supplicant_sta_free_hw_features() and wpa_supplicant_sta_rx() for driver wrappers in wpa_priv. (cherry picked from commit 96c7c3072de6699dfbafa81c94af511abb49186a)
* Removed printf size_t format warning on 64-bitJouni Malinen2009-02-081-2/+2
| | | | (cherry picked from commit 745cb54e86920827e9abfe4fac56f7ae099eb456)
* Fix building dynamic EAP peer modulesPavel Roskin2009-02-081-1/+1
| | | | | | Strip directory name from the target in the pattern rule for dynamic modules. Remove dynamic modules on "make clean". (cherry picked from commit 4c2660c2b0a04ebd2eee968f356188ec31f9b635)
* UPnP: Renamed PutWLANResponse callback function to match actionJouni Malinen2009-02-082-5/+5
| | | | | No point in adding extra "event_" to the name. (cherry picked from commit d0184cb25c30a123bb73492f894840f879764164)
* WPS UPnP: Added support for multiple external RegistrarsJouni Malinen2009-02-087-21/+102
| | | | | | | Allow more than one pending PutWLANMessage data to be stored (M2/M2D from multiple external Registrars) and drop pending M2/M2D messages when the Enrollee replies with M3. (cherry picked from commit 915c1ba3c575c32b9d31453b1a55b1a966f622bd)
* WPS UPnP: Add IP address and port details into debug messagesJouni Malinen2009-02-083-16/+28
| | | | | | This makes it much easier to debug operations with multiple external Registrars. (cherry picked from commit 745f8b664d96cbe27539668a3655bd416e3c964f)
* WPS: Allow minor version differences in Version attribute checkJouni Malinen2009-02-081-1/+2
| | | | | | | | Version attribute processing details are not described in the WPS spec, but it is safer to allow minor version to change and only refuse to process the message if major version is different from ours. This matches with the behavior used in the Intel reference implementation. (cherry picked from commit b93b6004e43931c189ce867613ba4237fb7ade2c)
* WPS: Moved Version attribute validation into a shared functionJouni Malinen2009-02-083-11/+19
| | | | (cherry picked from commit f65cbff3a337888cd11a6fc1748709172c98b744)
* UPnP: Removed shadowed variableJouni Malinen2009-02-081-2/+2
| | | | (cherry picked from commit fda90ab4b73b19d4638e8b7cd4c90458e51f9e3e)
* WPS: Set correct Device Password ID in M2Andriy Tkachuk2009-02-081-1/+1
| | | | | | | It looks like we don't set correspondent Device Password ID attribute in M2 message during PBC registration. Without it TG185n STA was not able to connect to our AP in PBC mode. Attached patch fixes this. (cherry picked from commit 25e31cccbe55c2b87d7496326f834e0d0cc0b23d)
* Setting probe request ie with madwifi driverMasashi Honma2009-02-081-2/+28
| | | | | | | The madwifi driver has interface to set probe request ie. Attached patch will enable the functionality. I could see probe request includes WSC IE with this patch. (cherry picked from commit 1e2688be3e1066829d9aa8a9def58a64ba1d0cdf)
* Add crypto_mod_exp() for GnuTLS (libgcrypt)Jouni Malinen2009-02-081-0/+35
| | | | | This allows WPS to be linked with GnuTLS. (cherry picked from commit 3a19555445ea909ea1d26dcd394f365a4990355c)
* Cleaned up printf format warnings on 64-bit buildJouni Malinen2009-02-081-8/+11
| | | | (cherry picked from commit 5f1f352e6cd138a27b094d58527c343316b4796c)
* Fixed scan buffer increasing with WEXTJouni Malinen2009-02-082-2/+6
| | | | | | | | | | | | | | | We can now handle up to 65535 byte result buffer which is the maximum due to WEXT using 16-bit length field. Previously, this was limited to 32768 bytes in practice even through we tried with 65536 and 131072 buffers which we just truncated into 0 in the 16-bit variable. This more or less doubles the number of BSSes we can received from scan results. (cherry picked from commit 42f1ee7d1fae8a67a2a48adfda19f9aafc3fef32) Conflicts: hostapd/driver_nl80211.c
* Better support in RoboSwitch driverJouke Witteveen2009-02-081-6/+11
| | | | | | | | | | | | | I am terribly sorry, but because of a lack of testing equipment the patch was submitted not properly tested. Because the chipset documentation is not publicly available all behaviour has to be found out by experimentation. The other day, I made some incorrect assumptions based on my findings. I do believe the attached patch does support the whole RoboSwitch line (5325, 5350, 5352, 5365 and others). It is a drop-in substitution for my previous submission. (cherry picked from commit 94abc2f11bb13001c0b688af3abda04a57e1fdd4)
* UPnP: Minor coding style cleanupJouni Malinen2009-02-084-11/+10
| | | | (cherry picked from commit e80e5163f8b53f20f816f0d06d618f54ce3d79aa)
* Better support in RoboSwitch driverJouke Witteveen2009-02-081-21/+39
| | | | | | | | | | | The RoboSwitch driver of wpa_supplicant had one shortcoming: not supporting the 5365 series. I believe the patch attached fixes this problem. Furthermore it contains a small readability rewrite. It basically is an explicit loop-rollout so that the wpa_driver_roboswitch_leave style matches that of wpa_driver_roboswitch_join. (cherry picked from commit c0a0c97aa946d11f152eb3e75950d2f3012cc646)
* Remove orphaned wpa_cli control socket on EADDRINUSEJouni Malinen2009-02-081-1/+15
| | | | | | | | | | If the bind() on /tmp/wpa_ctrl_<pid>_<in-proc-counter> fails with EADDRINUSE, there is an existing socket file with the name we are trying to create. Since getpid() is unique, there cannot be another process using that socket and we can just unlink the file and try again. This can speed up client connection if wpa_cli is killed without allowing it to clean up the socket file. [Bug 288] (cherry picked from commit 6e488ff03c5af513f7768364f3cdd890ef98b0bd)
* Add comments on the new Broadcom driver not using driver_broadcom.cJouni Malinen2009-02-081-1/+5
| | | | | | | The newer Broadcom driver ("hybrid Linux driver") supports Linux wireless extensions and does not need (or even work) with the old driver wrapper. (cherry picked from commit 1c5aeef0c28c113a3643f6a50d0508f6f65c431a)
* WPS: Add support for external Registrars using UPnP transportJouni Malinen2009-02-0816-7/+5942
| | | | | | | | | | | | | | This adds mostly feature complete external Registrar support with the main missing part being proper support for multiple external Registrars working at the same time and processing of concurrent registrations when using an external Registrar. This code is based on Sony/Saice implementation (https://www.saice-wpsnfc.bz/) and the changes made by Ted Merrill (Atheros) to make it more suitable for hostapd design and embedded systems. Some of the UPnP code is based on Intel's libupnp. Copyrights and licensing are explained in src/wps/wps_upnp.c in more detail. (cherry picked from commit f620268f13dd26c3a3f4ef5509d7d17c0f322a7d)
* Fixed WPS Authenticator attribute processing after M2DJouni Malinen2009-02-081-1/+8
| | | | | | | | We must not replace M1 with M2D as the last_msg since we need M1 to validate a possible M2 after M2D. Since M2D and ACK/NACK replies do not include Authenticator attribute, we can just ignore M2D as far as updating last_msg is concerned. (cherry picked from commit 39034ce80f45110f0311aa80ca9dd62d2083ed76)
* WPS: Add a workaround for incorrect passphrase encoding in Network KeyJouni Malinen2009-02-081-0/+21
| | | | | | | External Registrar in Vista may include NULL termination in the Network Key when encoding an ASCII passphrase for WPA/WPA2-PSK. As a workaround, remove this extra octet if present. (cherry picked from commit 1a5a04c3de054dab90d0604256e540778ddbf099)
* WPS: Lock AP Setup on multiple AP PIN validation failuresJouni Malinen2009-02-086-1/+38
| | | | | | | If a Registrar tries to configure the AP, but fails to validate the device password (AP PIN), lock the AP setup after four failures. This protects the AP PIN against brute force guessing attacks. (cherry picked from commit 3b2cf800afaaf4eec53a237541ec08bebc4c1a0c)
* Added ap_settings option for overriding WPS AP Settings in M7Jouni Malinen2009-02-082-8/+33
| | | | | | | This optional configuration parameter can be used to override AP Settings attributes in M7 similarly to extra_cred option for Credential attribute(s) in M8. (cherry picked from commit 4c29cae9320ccc6675b59f41dddf652b997fdc71)
* Add an EAPOL payload length workaround for a WPS implementationJouni Malinen2009-02-081-0/+26
| | | | | | | | | | Buffalo WHR-G125 Ver.1.47 seems to send EAP-WPS packets with too short EAPOL header length field (14 octets regardless of EAP frame length). This is fixed in firmware Ver.1.49, but the broken version is included in many deployed APs. As a workaround, fix the EAPOL header based on the correct length in the EAP packet. This workaround can be disabled with eap_workaround=0 option in the network configuration. (cherry picked from commit b385188de3c360ee9690abcea09204ab777a123e)
* Allow WPS APs for PIN enrollment even without Selected RegistrarJouni Malinen2009-02-081-0/+2
| | | | | | | | | | | | | | Some WPS APs do not set Selected Registrar attribute to 1 properly when using an external Registrar. Allow such an AP to be selected for PIN registration after couple of scan runs that do not find APs marked with Selected Registrar = 1. This allows wpa_supplicant to iterate through all APs that advertise WPS support without delaying connection with implementations that set Selected Registrar = 1 properly. (cherry picked from commit a609915233c75f6dc8b942292fd8dcd79bb871bf) Conflicts: wpa_supplicant/wpa_supplicant_i.h
* WPS: Pad DH Public Key and Shared Key to 192 octetsJouni Malinen2009-02-084-0/+38
| | | | | | | | | | | WPS spec is not very specific on the presentation used for the DH values. The Public Key attribute is described to be 192 octets long, so that could be interpreted to imply that other places use fixed length presentation for the DH keys. Change the DH derivation to use fixed length bufferd by zero padding them from beginning if needed. This can resolve infrequent (about 1/256 chance for both Public Key and Shared Key being shorter) interop issues. (cherry picked from commit b3ddab21223455c147bb18334745eddc5773b487)