aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* defconfig: Enable Hotspot 2.0 (wpa_supplicant)Lubomir Rintel2019-02-251-2/+2
| | | | | | Generally useful, Debian enables this. Other distros should too. Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
* defconfig: Enable RSN on IBSS networks (wpa_supplicant)Lubomir Rintel2019-02-251-1/+1
| | | | | | | | Fedora and Debian enable this. NetworkManager actually rejects such configurations citing kernel bugs, but that actually might not be the right thing to do anymore. Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
* defconfig: Remove obsolete notes about OpenSSL requirements for EAP-FASTJouni Malinen2019-02-252-6/+0
| | | | | | | | OpenSSL 0.9.8 reached its end-of-life long time ago, so remove these old notes about need of a newer OpenSSL version for EAP-FAST since all current OpenSSL versions include the needed functionality. Signed-off-by: Jouni Malinen <j@w1.fi>
* defconfig: Enable a handful of EAP methods (wpa_supplicant)Lubomir Rintel2019-02-251-8/+8
| | | | | | | | | | | | Fedora uses AKA, FAST, GPSK_SHA256, GPSK, IKEV2, PAX, SAKE and TNC. I don't know why these in particular. AKA wouldn't work, because CONFIG_PCSC is off anyways; let's enable all the other ones, and also PWD (openSUSE enabled it because users demanded it). Debian enables all of the above uses, but also PWD, AKA_PRIME, SIM, PSK and EKE. Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
* defconfig: Enable logging to file and syslog (wpa_supplicant)Lubomir Rintel2019-02-251-2/+2
| | | | | | | Debian and Fedora enable both and log to syslog. openSUSE seems to log to a flat file instead. Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
* defconfig: Enable simple bgscan module (wpa_supplicant)Lubomir Rintel2019-02-251-1/+1
| | | | | | | | | | Generally useful. Linux distros enable this and also utilize it via NetworkManager. Debian also enables the learn module. I'm leaving it off as it's marked experimental. Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
* defconfig: Enable AP (wpa_supplicant)Lubomir Rintel2019-02-251-1/+1
| | | | | | | Generally useful. Debian and Fedora enable this and support creating access points via NetworkManager too. Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
* defconfig: Enable WPS (wpa_supplicant)Lubomir Rintel2019-02-251-1/+1
| | | | | | | | | | WPS is generally useful with consumer hardware, and exposed to desktop users via NetworkManager. The Linux distros, including Debian, Fedora, and openSUSE enable it. Debian also enables external registar support and NFC. Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
* defconfig: Fix typos in Wi-Fi Display descriptionJouni Malinen2019-02-252-4/+4
| | | | | | These were supposed to be talking about Wi-Fi Display, not Wi-Fi Direct. Signed-off-by: Jouni Malinen <j@w1.fi>
* defconfig: Enable P2P and Wi-Fi Display (wpa_supplicant)Lubomir Rintel2019-02-251-2/+2
| | | | | | | Generally useful. Debian and Fedora enable this, upcoming NetworkManager provide some level of support too. Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
* defconfig: Add SAE (wpa_supplicant)Lubomir Rintel2019-02-251-0/+3
| | | | | | | Generally useful and the distros (Debian, Fedora) enable this already to support WPA3-Personal and protected 802.11s mesh BSSs. Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
* defconfig: Add DPP (wpa_supplicant)Lubomir Rintel2019-02-251-0/+5
| | | | | | Generally useful, already enabled in Debian and Fedora. Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
* tests: Remove CONFIG_PEERKEYLubomir Rintel2019-02-255-5/+0
| | | | | | | The functionality has been removed in commit a0bf1b68c03 ('Remove all PeerKey functionality'). Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
* UBSan: Avoid a warning on unsigned integer overflowJouni Malinen2019-02-251-3/+3
| | | | | | | | | wpa_non_pref_chan_cmp() needs to use explicit typecasts to avoid UBSan warnings for unsigned integer overflows. mbo.c:298:26: runtime error: unsigned integer overflow: 1 - 2 cannot be represented in type 'unsigned int' Signed-off-by: Jouni Malinen <j@w1.fi>
* tests: libFuzzer integration for test-json and test-x509Jouni Malinen2019-02-254-16/+65
| | | | | | | Allow these test tools to be used with libFuzzer in addition to afl-fuzz. Signed-off-by: Jouni Malinen <j@w1.fi>
* Fix a regression from VLAN assignment using WPA/WPA2 passphrase/PSKJouni Malinen2019-02-251-2/+2
| | | | | | | | | | | This extension of VLAN assignment code had a bug in one of the code paths where vlan_id could have been left uninitialized. This could result in SAE authentication getting rejected in cases where VLAN assignment is not used if the uninitialized stack memory had nonzero value. Fixes: dbfa691df4dc ("VLAN assignment based on used WPA/WPA2 passphrase/PSK") Signed-off-by: Jouni Malinen <j@w1.fi>
* UBSan: Avoid a warning on signed left shiftJouni Malinen2019-02-251-2/+2
| | | | | | | | | Use unsigned 1 (1U) instead of signed (1) when doing left shift that could potentially need to use all bits of the 32-bit unsigned variable. radius_server.c:2254:14: runtime error: left shift of 1 by 31 places cannot be represented in type 'int' Signed-off-by: Jouni Malinen <j@w1.fi>
* UBSan: Split loop index decrementation into a separate stepJouni Malinen2019-02-251-1/+3
| | | | | | | | | Avoid an unnecessary unsigned integer overflow warning due to loop index j-- use. hostapd.c:661:10: runtime error: unsigned integer overflow: 0 - 1 cannot be represented in type 'unsigned int' Signed-off-by: Jouni Malinen <j@w1.fi>
* atheros: Avoid clang compiler warning on address of array checkJouni Malinen2019-02-251-2/+1
| | | | | | | | | | ie.wps_ie is an array, so there is no point in checking whether it is NULL. driver_atheros.c:1221:9: error: address of array 'ie.wps_ie' will always evaluate to 'true' [-Werror,-Wpointer-bool-conversion] Signed-off-by: Jouni Malinen <j@w1.fi>
* Avoid compiler warning about potentially unaligned pointer valueJouni Malinen2019-02-251-3/+3
| | | | | | | | | | | | (&mgmt->u.deauth.reason_code + 1) is not exactly clean and now that we have the u8 variable[] member in the struct after this field, use that directly to avoid clang compiler warning: ctrl_iface_ap.c:454:18: error: taking address of packed member 'reason_code' of class or structure 'ieee80211_mgmt::(anonymous union)::(anonymous)' may result in an unaligned pointer value [-Werror,-Waddress-of-packed-member] Signed-off-by: Jouni Malinen <j@w1.fi>
* UBSan: Define FST LLT macros without integer overflowJouni Malinen2019-02-251-4/+12
| | | | | | | | | | | FST_MAX_LLT_MS definition depended on undefined behavior with unsigned integer overflow. Avoid that and also optimize the FST_LLT_{MS_TO_VAL,VAL_TO_MS} macros to handle larger values without overflowing 32-bit unsigned integers. fst_session.c:1274:52: runtime error: unsigned integer overflow: 4294967295 * 32 cannot be represented in type 'unsigned int' Signed-off-by: Jouni Malinen <j@w1.fi>
* UBSan: Avoid integer overflow in a loop index counterJouni Malinen2019-02-251-2/+5
| | | | | | | | | Split the check and decrementation into separate steps to avoid an unnecessary UBSan warning. hostapd.c:1895:14: runtime error: unsigned integer overflow: 0 - 1 cannot be represented in type 'size_t' (aka 'unsigned long') Signed-off-by: Jouni Malinen <j@w1.fi>
* UBSan: Avoid NULL pointer dereferences on an error pathJouni Malinen2019-02-251-4/+4
| | | | | | | | | | | hapd->conf might be NULL in case initialized failed, so better be prepared for that when debug printing interface name in the deinit path. hostapd.c:312:54: runtime error: member access within null pointer of type 'struct hostapd_bss_config' hostapd.c:351:29: runtime error: member access within null pointer of type 'struct hostapd_bss_config' hostapd.c:2158:18: runtime error: member access within null pointer of type 'struct hostapd_bss_config' Signed-off-by: Jouni Malinen <j@w1.fi>
* UBSan: Avoid unsigned integer overflow in base64 encodingJouni Malinen2019-02-251-1/+4
| | | | | | | | | Add a constraint on the base64 encoded buffer length to avoid an integer overflow in the output length calculation. common.c:1087:16: runtime error: unsigned integer overflow: 0 - 1 cannot be represented in type 'size_t' (aka 'unsigned long') Signed-off-by: Jouni Malinen <j@w1.fi>
* UBSan: Avoid unsigned integer overflow in utf8_{,un}escape()Jouni Malinen2019-02-251-4/+7
| | | | | | | | | | | | Split the if/while loop condition into two independent steps so that in_size-- happens only in the case in_size is nonzero. This gets rid of unnecessary UBSan warnings. common.c:1087:16: runtime error: unsigned integer overflow: 0 - 1 cannot be represented in type 'size_t' (aka 'unsigned long') common.c:1076:16: runtime error: unsigned integer overflow: 0 - 1 cannot be represented in type 'size_t' (aka 'unsigned long') common.c:1119:16: runtime error: unsigned integer overflow: 0 - 1 cannot be represented in type 'size_t' (aka 'unsigned long') Signed-off-by: Jouni Malinen <j@w1.fi>
* UBSan: Avoid unnecessary warningJouni Malinen2019-02-251-1/+1
| | | | | | | | | | elems->mic might be NULL here, so do not try to decrement it by 2 even if the result is not used anywhere due to a latter check for elems->mic being NULL. mesh_rsn.c:646:20: runtime error: pointer index expression with base 0x000000000000 overflowed to 0xfffffffffffffffe Signed-off-by: Jouni Malinen <j@w1.fi>
* UBSan: Avoid memcpy(ptr, NULL, 0)Jouni Malinen2019-02-251-2/+2
| | | | | | | | This results in an UBSan warning that can be avoided easily. os_unix.c:524:3: runtime error: null pointer passed as argument 2, which is declared to never be null Signed-off-by: Jouni Malinen <j@w1.fi>
* UBSan: Avoid an unsigned integer overflow warningJouni Malinen2019-02-251-1/+1
| | | | | | | | | | ext_supp_rates_len would be 0 here, so decrementing it by 2 will result in unsigned integer overflow even if that result is not actually used anywhere. Avoid that to get rid of the UBSan warning. tdls.c:1597:27: runtime error: unsigned integer overflow: 0 - 2 cannot be represented in type 'unsigned long' Signed-off-by: Jouni Malinen <j@w1.fi>
* UBSan: Pack MACsec peer id structureJouni Malinen2019-02-251-1/+1
| | | | | | | | | | This is needed to avoid an UBSan warning and since this struct is used as part of a message construction, it needs to be packed anyway to guarantee correct functionality. ieee802_1x_kay.c:1021:3: runtime error: member access within misaligned address 0x0000031921e2 for type 'struct ieee802_1x_mka_peer_id', which requires 4 byte alignment Signed-off-by: Jouni Malinen <j@w1.fi>
* UBSan: Avoid memcmp(ptr, NULL, 0)Jouni Malinen2019-02-251-1/+3
| | | | | | | | | Skip the memcmp() call if ssid_len == 0 and entry->ssid might be NULL to avoid an UBSan warning. wpa_supplicant.c:3956:9: runtime error: null pointer passed as argument 2, which is declared to never be null Signed-off-by: Jouni Malinen <j@w1.fi>
* UBSan: Use typecast to avoid unsigned integer overflowJouni Malinen2019-02-251-2/+2
| | | | | | | | | | iface->num_bss is unsigned integer, so need to explicit typecast it to unsigned before decrementation by one even when the result is stored in an unsigned integer. ../src/ap/hostapd.c:2185:26: runtime error: unsigned integer overflow: 0 - 1 cannot be represented in type 'unsigned long' Signed-off-by: Jouni Malinen <j@w1.fi>
* UBSan: Fix RRM beacon processing attempt without scan_infoJouni Malinen2019-02-251-2/+2
| | | | | | | | | | | | | Some driver interfaces (e.g., wext) might not include the data->scan_info information and data could be NULL here. Do not try to call the RRM handler in this case since that would dereference the NULL pointer when determining where scan_info is located and could potentially result in trying to read from unexpected location if RRM is enabled with a driver interface that does not support it. events.c:1907:59: runtime error: member access within null pointer of type 'union wpa_event_data' Signed-off-by: Jouni Malinen <j@w1.fi>
* UBSan: Avoid size_t variable overflow in control interfaceJouni Malinen2019-02-251-1/+2
| | | | | | | | | | | The loop "if (i-- == 0) break" style construction works in practice fine since the check against 0 is done before decrementation. However, this hits an UBSan warning, so split that decrementation to happen as a separate step after the check and break from the loop. ctrl_iface.c:5086:9: runtime error: unsigned integer overflow: 0 - 1 cannot be represented in type 'size_t' (aka 'unsigned long') Signed-off-by: Jouni Malinen <j@w1.fi>
* UBSan: Avoid unsigned integer overflow is throughput estimationJouni Malinen2019-02-251-2/+3
| | | | | | | | | | | | wpa_scan_result_compar() would return wb->est_throughput - wa->est_throughput in case the comparison is done based on the throughput estimates. While the return value from this function is a signed integer, these est_throughput values are unsigned integers and need to be explicitly typecast to avoid an UBSan warning. scan.c:1996:30: runtime error: unsigned integer overflow: 54000 - 135000 cannot be represented in type 'unsigned int' Signed-off-by: Jouni Malinen <j@w1.fi>
* Modify dl_list_for_each() to not use unaligned access with WPA_TRACEJouni Malinen2019-02-251-3/+3
| | | | | | | | | | | | | | UBSan testing with WPA_TRACE=y ended up hitting an unaligned access for struct os_alloc_trace in os_program_deinit() because of the dl_list_for_each() design that looked like dereferencing the member element of the list head which is something that does not exist. Get the first entry from the list using dl_list_first() so that the empty list special case is covefred and compare item pointers instead of struct dl_list pointers to check whether the end of the loop has been reached. Signed-off-by: Jouni Malinen <j@w1.fi>
* Multi-AP: Avoid memcpy(ptr, NULL, 0) in WPS Registrar initializationJouni Malinen2019-02-231-3/+7
| | | | | | | This can result in compiler warnings due to the unexpected NULL pointer as a source memory even when the length of the copied data is 0. Signed-off-by: Jouni Malinen <j@w1.fi>
* Fix cipher suite selector default value in RSNE for DMGLior David2019-02-219-5/+43
| | | | | | | | | | | | | | | | | | | | According to IEEE Std 802.11-2016, 9.4.2.25 when fields of an RSNE are not included, the default values are used. The cipher suite defaults were hardcoded to CCMP in the previous implementation, but the default is actually different for DMG: GCMP (per 9.4.2.25.2). It is not possible to find out from the RSNE if the network is non-DMG or DMG, so callers of wpa_parse_wpa_ie_rsn() need to handle this case based on context, which can be different for each caller. In order to fix this issue, add flags to the wpa_ie_data indicating whether pairwise/group ciphers were included in the RSNE. Callers can check these flags and fill in the appropriate ciphers. The wpa_parse_wpa_ie_rsn() function still initializes the ciphers to CCMP by default so existing callers will not break. This change also fixes some callers which need to handle the DMG network case. Signed-off-by: Lior David <liord@codeaurora.org>
* Add new QCA vendor attributes for coex configurationJiani Liu2019-02-211-1/+97
| | | | Signed-off-by: Jiani Liu <jianil@codeaurora.org>
* Add a vendor attribute for specifying ethernet protocol typeArun Kumar Khandavalli2019-02-211-0/+4
| | | | | | | | This new QCA vendor attribute adds provision to specify the ethernet protocol id from userspace to the packets which are offloaded to the driver/firmware (e.g., IPv4, IPv6). Signed-off-by: Arun Kumar Khandavalli <akhandav@codeaurora.org>
* tests: Multi-AP WPS provisioningArnout Vandecappelle (Essensium/Mind)2019-02-181-0/+173
| | | | Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
* hostapd: Add README-MULTI-APArnout Vandecappelle (Essensium/Mind)2019-02-181-0/+160
| | | | | | | | | Document what hostapd and wpa_supplicant do for Multi-AP. This is only included in hostapd, since a Multi-AP device is always an access point so it should have hostapd. Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
* hostapd: Support Multi-AP backhaul STA onboarding with WPSDavina Lu2019-02-1811-0/+213
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The Wi-Fi Alliance Multi-AP Specification v1.0 allows onboarding of a backhaul STA through WPS. To enable this, the WPS Registrar offers a different set of credentials (backhaul credentials instead of fronthaul credentials) when the Multi-AP subelement is present in the WFA vendor extension element of the WSC M1 message. Add new configuration options to specify the backhaul credentials for the hostapd internal registrar: multi_ap_backhaul_ssid, multi_ap_backhaul_wpa_psk, multi_ap_backhaul_wpa_passphrase. These are only relevant for a fronthaul SSID, i.e., where multi_ap is set to 2 or 3. When these options are set, pass the backhaul credentials instead of the normal credentials when the Multi-AP subelement is present. Ignore the Multi-AP subelement if the backhaul config options are not set. Note that for an SSID which is fronthaul and backhaul at the same time (i.e., multi_ap == 3), this results in the correct credentials being sent anyway. The security to be used for the backaul BSS is fixed to WPA2PSK. The Multi-AP Specification only allows Open and WPA2PSK networks to be configured. Although not stated explicitly, the backhaul link is intended to be always encrypted, hence WPA2PSK. To build the credentials, the credential-building code is essentially copied and simplified. Indeed, the backhaul credentials are always WPA2PSK and never use per-device PSK. All the options set for the fronthaul BSS WPS are simply ignored. Signed-off-by: Davina Lu <ylu@quantenna.com> Signed-off-by: Igor Mitsyanko <igor.mitsyanko.os@quantenna.com> Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be> Cc: Marianna Carrera <marianna.carrera.so@quantenna.com>
* wpa_supplicant: Support Multi-AP backhaul STA onboarding with WPSDavina Lu2019-02-1812-11/+54
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The Wi-Fi Alliance Multi-AP Specification v1.0 allows onboarding of a backhaul STA through WPS. To enable this, the backhaul STA needs to add a Multi-AP IE to the WFA vendor extension element in the WSC M1 message that indicates it supports the Multi-AP backhaul STA role. The Registrar (if it support Multi-AP onboarding) will respond to that with a WSC M8 message that also contains the Multi-AP IE, and that contains the credentials for the backhaul SSID (which may be different from the SSID on which WPS is performed). Introduce a new parameter to wpas_wps_start_pbc() and allow it to be set via control interface's new multi_ap=1 parameter of WPS_PBC call. multi_ap_backhaul_sta is set to 1 in the automatically created SSID. Thus, if the AP does not support Multi-AP, association will fail and WPS will be terminated. Only wps_pbc is supported. This commit adds the multi_ap argument only to the control socket interface, not to the D-Bus interface. Since WPS associates with the fronthaul BSS instead of the backhaul BSS, we should not drop association if the AP announces fronthaul-only BSS. Still, we should only do that in the specific case of WPS. Therefore, add a check to multi_ap_process_assoc_resp() to allow association with a fronthaul-only BSS if and only if key_mgmt contains WPS. Signed-off-by: Davina Lu <ylu@quantenna.com> Signed-off-by: Igor Mitsyanko <igor.mitsyanko.os@quantenna.com> Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be> Signed-off-by: Daniel Golle <daniel@makrotopia.org> Cc: Marianna Carrera <marianna.carrera.so@quantenna.com>
* WPS: Add multi_ap_subelem to wps_build_wfa_ext()Arnout Vandecappelle (Essensium/Mind)2019-02-1810-30/+41
| | | | | | | | | | | | | | The Multi-AP specification adds a new subelement to the WFA extension element in the WPS exchange. Add an additional parameter to wps_build_wfa_ext() to add this subelement. The subelement is only added if the parameter is nonzero. Note that we don't reuse the existing MULTI_AP_SUB_ELEM_TYPE definition here, but rather define a new WFA_ELEM_MULTI_AP, to make sure the enum of WFA subelement types for WPS vendor extension remains complete. For now, all callers set the multi_ap_subelem parameter to 0. Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
* tests: Update multi_ap_fronthaul_on_ap to match implementationArnout Vandecappelle (Essensium/Mind)2019-02-181-4/+2
| | | | | | | | Now that the backhaul STA Multi-AP association is not rejected anymore by the AP, update the test case to expect disconnection to be triggered by the STA. Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
* Multi-AP: Don't reject backhaul STA on fronthaul BSSArnout Vandecappelle (Essensium/Mind)2019-02-181-18/+20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The Multi-AP specification only specifies that information elements have to be added to the Association Request and Association Response frame; it doesn't specify anything about what should be done in case they are missing. Previously, we rejected non-backhaul associations on a backhaul-only BSS, and non-fronthaul associations on a fronthaul-only BSS. However, this makes WPS fail when fronthaul and backhaul are separate SSIDs. Indeed, WPS for the backhaul link is performed on the *fronthaul* SSID. Thus, the Association Request frmae used for WPS *will* contain the Multi-AP IE indicating a backhaul STA. Rejecting that association makes WPS fail. Therefore, accept a multi-AP backhaul STA Association Request frame on a fronthaul-only BSS. Still issue a warning about it, but only at level DEBUG intead of INFO. Also change the condition checking to make it clearer. While we're at it, also fix the handling of unexpected bits in the Multi-AP IE. 4 bits are reserved in the specification, so these certainly have to be ignored. The specification also doesn't say that setting one of the other bits is not allowed. Therefore, only report unexpected values in the Multi-AP IE, don't reject because of it. Note that a malformed IE (containing more than one byte) still triggers a rejection. Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
* tests: Refactor test_multi_apArnout Vandecappelle (Essensium/Mind)2019-02-181-15/+7
| | | | | | | With just one additional argument, the run_multi_ap_association() function can be used for all tests. Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
* HS 2.0: Make hs20-osu-client SP and <FQDN> directories group writablePurushottam Kushwaha2019-02-181-2/+2
| | | | | | | | | | This updates SP/<FQDN> directory with following permissions on Android to allow moving certificate at runtime from Cert/ to SP/<FQDN> folder: - user:read/write/exec - group:read/write/exec (i.e., add group write permission) Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* mesh: More consistent checking of wpa_s->ifmsh in completion handlerJouni Malinen2019-02-181-8/+6
| | | | | | | | | It does not look like wpa_s->ifmsg could be NULL here, but better be more consistent anyway to keep static analyzers happier by avoiding dereference of wpa_s->ifmsh in the function before the NULL check for it. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* tests: Empty token in wpa_psk_fileJouni Malinen2019-02-181-0/+7
| | | | Signed-off-by: Jouni Malinen <jouni@codeaurora.org>