aboutsummaryrefslogtreecommitdiffstats
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
...
* TLS: Add functions for managing cached session stateJouni Malinen2015-08-235-0/+102
| | | | | | | | | | | The new tls_connection_set_success_data(), tls_connection_set_success_data_resumed(), tls_connection_get_success_data(), and tls_connection_remove_session() functions can be used to mark cached sessions valid and to remove invalid cached sessions. This commit is only adding empty functions. The actual functionality will be implemented in followup commits. Signed-off-by: Jouni Malinen <j@w1.fi>
* EAP server: Add tls_session_lifetime configurationJouni Malinen2015-08-2311-1/+20
| | | | | | | | | | This new hostapd configuration parameter can be used to enable TLS session resumption. This commit adds the configuration parameter through the configuration system and RADIUS/EAPOL/EAP server components. The actual changes to enable session caching will be addressed in followup commits. Signed-off-by: Jouni Malinen <j@w1.fi>
* EAP server: Disable TLS session ticket with EAP-TLS/TTLS/PEAPJouni Malinen2015-08-236-8/+11
| | | | | | | | | The EAP server is not yet capable of using TLS session ticket to resume a session. Explicitly disable use of TLS session ticket with EAP-TLS/TTLS/PEAP to avoid wasting resources on generating a session ticket that cannot be used for anything. Signed-off-by: Jouni Malinen <j@w1.fi>
* OpenSSL: Allow server connection parameters to be configuredJouni Malinen2015-08-231-27/+36
| | | | | | | This extends OpenSSL version of tls_connection_set_verify() to support the new flags argument. Signed-off-by: Jouni Malinen <j@w1.fi>
* TLS: Add new arguments to tls_connection_set_verify()Jouni Malinen2015-08-236-6/+19
| | | | | | | The new flags and session_ctx arguments will be used in followup commits. Signed-off-by: Jouni Malinen <j@w1.fi>
* OpenSSL: Add wrapper struct for tls_init() resultJouni Malinen2015-08-231-50/+76
| | | | | | | This new struct tls_data is needed to store per-tls_init() information in the followup commits. Signed-off-by: Jouni Malinen <j@w1.fi>
* tests: Allow AES-WRAP-192 test cases to be commented out with BoringSSLJouni Malinen2015-08-181-0/+8
| | | | | | | BoringSSL does not support 192-bit AES, so these parts of the wpa_supplicant module tests would fail. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* OpenSSL: Reject OCSP-required configuration if no OCSP supportJouni Malinen2015-08-171-0/+10
| | | | | | | This is needed at least with BoringSSL to avoid accepting OCSP-required configuration with a TLS library that does not support OCSP stapling. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* BoringSSL: Fix PKCS12_parse() segfault when used without passwordJouni Malinen2015-08-171-0/+2
| | | | | | | | | Unlike OpenSSL PKCS12_parse(), the BoringSSL version seems to require the password pointer to be non-NULL even if no password is present. Map passwrd == NULL to passwd = "" to avoid a NULL pointer dereference within BoringSSL. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* OpenSSL: Handshake completion and resumption state into debug logJouni Malinen2015-08-171-2/+8
| | | | | | | This new debug log entry makes it more convenient to check how TLS handshake was completed. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* BoringSSL: Fix session resumptionJouni Malinen2015-08-171-1/+1
| | | | | | | | | | | | | | | BoringSSL commit 533ef7304d9b48aad38805f1997031a0a034d7fe ('Remove SSL_clear calls in handshake functions.') triggered a regression for EAP-TLS/TTLS/PEAP session resumption in wpa_supplicant due to the removed SSL_clear() call in ssl3_connect() going away and wpa_supplicant not calling SSL_clear() after SSL_shutdown(). Fix this by adding the SSL_clear() call into wpa_supplicant after SSL_shutdown() when preparing the ssl instance for another connection. While OpenSSL is still call SSL_clear() in ssl3_connect(), it looks to be safe to add this call to wpa_supplicant unconditionally. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* BoringSSL: Make SSL_set_ssl_method() conditional on EAP-FASTJouni Malinen2015-08-171-0/+2
| | | | | | | | | This function does not seem to be available in BoringSSL. Since it is needed for EAP-FAST (which is not currently working with BoringSSL), address this by commenting out the EAP-FAST specific step from builds that do not include EAP-FAST support. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* BoringSSL: Comment out SSL_build_cert_chain() callJouni Malinen2015-08-171-0/+2
| | | | | | | | It looks like BoringSSL does include that function even though it claims support for OPENSSL_VERSION_NUMBER where this is available (1.0.2). For now, comment out that call to fix build. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* BoringSSL: Allow internal AES key wrap to be used with "OpenSSL" buildJouni Malinen2015-08-171-0/+2
| | | | | | | | | | | | It looks like BoringSSL has removed the AES_wrap_key(), AES_unwrap_key() API. This broke wpa_supplicant/hostapd build since those functions from OpenSSL were used to replace the internal AES key wrap implementation. Add a new build configuration option (CONFIG_OPENSSL_INTERNAL_AES_WRAP=y) to allow the internal implementation to be used with CONFIG_OPENSSL=y build to allow build against the latest BoringSSL version. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Remove duplicated sta_authorized_cb callJouni Malinen2015-08-161-4/+0
| | | | | | | | | | | | Commit 6959145b86318710d0186b618d54bce2991a6e6f ('FST: Integration into hostapd') introduced this duplicated call due to an incorrect merge conflict resolution in ap_sta_set_authorized(). An earlier commit 61fc90483fec17b69a26b16e42723474daccec24 ('P2P: Handle improper WPS termination on GO during group formation') had moved this call to an earlier location in the function and there is no point in re-introducing another copy of the call at the end of the function. Signed-off-by: Jouni Malinen <j@w1.fi>
* WPS: Fix multi-interface WPS operations in hostapdJouni Malinen2015-08-161-11/+45
| | | | | | | | | | Couple of the for-each-interface loops used incorrect return value when skipping over non-WPS interfaces. This could result in skipping some WPS interfaces in the loop and returning error. Setting AP PIN did not check for WPS being enabled at all and trigger a NULL pointer dereference if non-WPS interface was enabled. Signed-off-by: Jouni Malinen <j@w1.fi>
* WPS ER: Fix SSDP CACHE-CONTROL line parserJouni Malinen2015-08-151-3/+1
| | | | | | | | | | Incorrect number of bytes was skipped from the beginning of the line which resulted in the loop skipping spaces doing nothing. However, the following operation was simply looking for the max-age parameter with os_strstr(), so this did not have any effect on functionality. Fix the number of bytes to skip and remove the unneeded loop to skip spaces. Signed-off-by: Jouni Malinen <j@w1.fi>
* Android: Use more flexible userid when launching browser popupKanchanapally, Vidyullatha2015-08-131-2/+4
| | | | | | | | | | | It was possible for the Hotspot 2.0 case of OSU user interaction to fail with wpadebug browser due to permission denial in the "start" command ("java.lang.SecurityException: Permission Denial: startActivity asks to run as user -2 but is calling from user 0; this requires android.permission.INTERACT_ACROSS_USERS_FULL"). Avoid this by using more flexible USER_CURRENT_OR_SELF (-3) value with the --user argument. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* nl80211: Use beacon TSF if it is newer than Probe Response TSFSrinivas Dasari2015-08-131-0/+5
| | | | | | | | | | | | cfg80211 sends TSF information with the attribute NL80211_BSS_BEACON_TSF if the scan results include information from Beacon frame. Probe Response frame information is included in NL80211_BSS_TSF. If the device receives only Beacon frames, NL80211_BSS_TSF might not carry updated TSF, which results an older TSF being used in wpa_supplicant. Fetch both possible TSF values (if available) and choose the latest TSF for the BSS entry. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* tests: ap_scan=2 AP mode operation and scan failureJouni Malinen2015-08-111-0/+3
| | | | Signed-off-by: Jouni Malinen <j@w1.fi>
* P2P: Support driver preferred freq list for invitation caseAhmad Kholaif2015-08-113-3/+20
| | | | | | | | When using P2P invitation to re-invoke a persistent P2P group without specifying the operating channel, query the driver for the preferred frequency list, and use it to select the operating channel of the group. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* OpenSSL: Use connection certificate chain with PKCS#12 extra certsJouni Malinen2015-08-101-0/+30
| | | | | | | | | | | When using OpenSSL 1.0.2 or newer, this replaces the older SSL_CTX_add_extra_chain_cert() design with SSL_add1_chain_cert() to keep the extra chain certificates out from SSL_CTX and specific to each connection. In addition, build and rearrange extra certificates with SSL_build_cert_chain() to avoid incorrect certificates and incorrect order of certificates in the TLS handshake. Signed-off-by: Jouni Malinen <j@w1.fi>
* OpenSSL: Fix PKCS#12 extra certificate handlingJouni Malinen2015-08-101-0/+3
| | | | | | | | | | | Previously, the possible extra certificate(s) from a PKCS#12 file was added once for each authentication attempt. This resulted in OpenSSL concatenating the certificates multiple time (add one copy for each try during the wpa_supplicant process lifetime). Fix this by clearing the extra chain certificates before adding new ones when using OpenSSL 1.0.1 or newer that include the needed function. Signed-off-by: Jouni Malinen <j@w1.fi>
* Fix a typo in enum wpa_states commentAmit Khatri2015-08-081-1/+1
| | | | | Signed-off-by: Amit Khatri <amit.khatri@samsung.com> Signed-off-by: Rahul Jain <rahul.jain@samsung.com>
* Fix PMKID addition to RSN element when RSN Capabilities are not presentJouni Malinen2015-08-081-2/+5
| | | | | | | | | | This code path could not be hit with the RSNE generated by hostapd or wpa_supplicant, but it is now possible to reach when using own_ie_override test functionality. The RSNE and IE buffer length were not updated correct in case wpa_insert_pmkid() had to add the RSN Capabilities field. Signed-off-by: Jouni Malinen <j@w1.fi>
* hostapd: Add testing option to override own WPA/RSN IE(s)Jouni Malinen2015-08-085-2/+35
| | | | | | | | This allows the new own_ie_override=<hexdump> configuration parameter to be used to replace the normally generated WPA/RSN IE(s) for testing purposes in CONFIG_TESTING_OPTIONS=y builds. Signed-off-by: Jouni Malinen <j@w1.fi>
* FT: Remove optional fields from RSNE when using PMFJouni Malinen2015-08-061-1/+2
| | | | | | | | | | | | | | | | | | | The PMKIDCount, PMKID List, and Group Management Cipher Suite fields are optional to include in the RSNE in cases where these would not have values that are different from the default values. In practice, PMKIDCount is always 0 in Beacon and Probe Response frames, so the only field of these that could have a non-default value is Group Management Cipher Suite. When BIP is used, that field is not needed either due to BIP being the default cipher when PMF is enabled. Remove these fields from RSNE when BIP is used to save six octets in Beacon and Probe Response frames. In addition to reduced frame length, this is a workaround for interoperability issues with iOS 8.4 in cases where FT and PMF are enabled. iOS seems to be rejecting EAPOL-Key msg 3/4 during FT initial mobility domain association if the RSNE includes the PMKIDCount field. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* WPS: Reject AP settings with invalid network key (PSK/passphrase)Jouni Malinen2015-08-062-2/+8
| | | | | | | | | | | This is similar to the earlier commit b363121a208e3d18fe80682430a5f50cefaa3595 ('WPS: Reject invalid credential more cleanly'), but for the AP cases where AP settings are being replaced. Previously, the new settings were taken into use even if the invalid PSK/passphrase had to be removed. Now, the settings are rejected with such an invalid configuration. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* P2PS: Clean up intended interface address passing to p2ps_prov_completeJouni Malinen2015-08-061-10/+4
| | | | | | | | Use NULL to indicate if the address is not available instead of fixed 00:00:00:00:00:00. wpas_p2ps_prov_complete() already had code for converting NULL to that all zeros address for event messages. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* P2PS: Fix PD PIN event notificationsMax Stepanov2015-08-062-26/+83
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Change P2PS P2P-PROV-SHOW-PIN/P2P-PROV-ENTER-PIN event notifications on PD Request/Response handling to meet required P2PS behavior. The new implemented scheme: 1. For a legacy P2P provision discovery the event behavior remains without changes 2. P2PS PD, advertiser method: DISPLAY, autoaccept: TRUE: Advertiser: SHOW-PIN on PD request replied with a status SUCCESS Seeker: ENTER-PIN on PD response received with a status SUCCESS 3. P2PS PD, advertiser method: DISPLAY, autoaccept: FALSE: Advertiser: SHOW-PIN on PD request replied with a status INFO_CURRENTLY_UNAVAILABLE Seeker: ENTER-PIN on Follow-on PD request with a status SUCCESS_DEFERRED 4. P2PS PD, advertiser method: KEYPAD, autoaccept: TRUE/FALSE: Advertiser: ENTER-PIN on PD request replied with a status INFO_CURRENTLY_UNAVAILABLE Seeker: SHOW-PIN on PD response received with a status INFO_CURRENTLY_UNAVAILABLE This change in behavior breaks the existing test cases p2ps_connect_keypad_method_nonautoaccept and p2ps_connect_display_method_nonautoaccept. Those will be fixed in a followup commit. Signed-off-by: Max Stepanov <Max.Stepanov@intel.com> Reviewed-by: Ilan Peer <ilan.peer@intel.com>
* P2P: Add a function to compute the group common freqsIlan Peer2015-08-032-0/+50
| | | | | | | | Add a function to compute the group common frequencies, and use it to update the group_common_frequencies as part of the channel switch flows. Signed-off-by: Ilan Peer <ilan.peer@intel.com>
* Share freq-to-channel conversion functionAndrei Otcheretianski2015-08-033-63/+132
| | | | | | | | | Add ieee80211_freq_to_channel_ext() conversion function into ieee802_11_common.c. This function converts freq to channel and additionally computes operating class, based on provided HT and VHT parameters. Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
* Move debug level string conversion functions to wpa_debug.cJouni Malinen2015-08-032-0/+42
| | | | | | | This makes it possible to use these helper functions from hostapd as well as the current use in wpa_supplicant. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* FST: Mark fst_ies buffer constJouni Malinen2015-08-034-5/+5
| | | | | | | | This buffer is owned by the FST module, so mark it const in the set_ies() callback to make it clearer which component is responsible for modifying and freeing this. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* FST: Fix MB IE clearing on detachAnton Nayshtut2015-08-031-0/+1
| | | | | | | | | | This fixes an issue where freed MB IEs buffer memory could potentially have been accessed after an interface is detached from FST group. Without this fix, if an interface is detached from FST group, it can use MB IEs buffer previously set by fst_iface_set_ies(), although the buffer was released by fst_iface_delete(). Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* mesh: Fix mesh SAE auth on low spec devicesMasashi Honma2015-08-022-4/+6
| | | | | | | | | | | | | | | | | | | | | | | | | The mesh SAE auth often fails with master branch. By bisect I found commit eb5fee0bf50444419ac12d3c7f38f27a47523a47 ('SAE: Add side-channel protection to PWE derivation with ECC') causes this issue. This does not mean the commit has a bug. This is just a CPU resource issue. After the commit, sae_derive_pwe_ecc() spends 101(msec) on my PC (Intel Atom N270 1.6GHz). But dot11RSNASAERetransPeriod is 40(msec). So auth_sae_retransmit_timer() is always called and it can causes continuous frame exchanges. Before the commit, it was 23(msec). On the IEEE 802.11 spec, the default value of dot11RSNASAERetransPeriod is defined as 40(msec). But it looks short because generally mesh functionality will be used on low spec devices. Indeed Raspberry Pi B+ (ARM ARM1176JZF-S 700MHz) requires 287(msec) for new sae_derive_pwe_ecc(). So this patch makes the default to 1000(msec) and makes it configurable. This issue does not occur on infrastructure SAE because the dot11RSNASAERetransPeriod is not used on it. Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
* Add build option to remove all internal RC4 usesJouni Malinen2015-08-028-0/+56
| | | | | | | | | | | | The new CONFIG_NO_RC4=y build option can be used to remove all internal hostapd and wpa_supplicant uses of RC4. It should be noted that external uses (e.g., within a TLS library) do not get disabled when doing this. This removes capability of supporting WPA/TKIP, dynamic WEP keys with IEEE 802.1X, WEP shared key authentication, and MSCHAPv2 password changes. Signed-off-by: Jouni Malinen <j@w1.fi>
* OpenSSL: Fix FIPS mode enabling in dynamic interface caseJouni Malinen2015-08-021-2/+6
| | | | | | | | | FIPS_mode_set(1) cannot be called multiple times which could happen in some dynamic interface cases. Avoid this by enabling FIPS mode only once. There is no code in wpa_supplicant to disable FIPS mode, so once it is enabled, it will remain enabled. Signed-off-by: Jouni Malinen <j@w1.fi>
* OpenSSL: Remove md4_vector() from CONFIG_FIPS=y buildsJouni Malinen2015-08-021-0/+2
| | | | | | | | | | MD4 is not allowed in such builds, so comment out md4_vector() from the build to force compile time failures for cases that cannot be supported instead of failing the MD¤ operations at runtime. This makes it easier to detect and fix accidental cases where MD4 could still be used in some older protocols. Signed-off-by: Jouni Malinen <j@w1.fi>
* EAP-pwd peer: Comment out MS password hash if CONFIG_FIPS=yJouni Malinen2015-08-021-0/+7
| | | | | | The needed hash functions are not available in FIPS mode. Signed-off-by: Jouni Malinen <j@w1.fi>
* tests: Skip ms_funcs module tests in CONFIG_FIPS=y buildsJouni Malinen2015-08-021-0/+5
| | | | Signed-off-by: Jouni Malinen <j@w1.fi>
* Rename tls_connection_get_keys() to tls_connection_get_random()Jouni Malinen2015-08-0211-35/+32
| | | | | | | | | | Commit 94f1fe6f6384a2ef379ef5b8cdc32a2fa01f8d13 ('Remove master key extraction from tls_connection_get_keys()') left only fetching of server/client random, but did not rename the function and structure to minimize code changes. The only name is quite confusing, so rename this through the repository to match the new purpose. Signed-off-by: Jouni Malinen <j@w1.fi>
* OpenSSL: Allow server/client random to be fetched in FIPS modeJouni Malinen2015-08-021-6/+0
| | | | | | | | | | tls_connection_get_keys() used to return TLS master secret, but that part was removed in commit 94f1fe6f6384a2ef379ef5b8cdc32a2fa01f8d13 ('Remove master key extraction from tls_connection_get_keys()'). Since then, there is no real need for preventing this function from being used in FIPS mode. Signed-off-by: Jouni Malinen <j@w1.fi>
* random: Fix random_get_bytes() with CONFIG_FIPS=yJouni Malinen2015-08-011-0/+1
| | | | | | | | | The bytes pointer was not reset back to the beginning of the buffer when mixing in additional entropy from the crypto module. This resulted in writing beyond the return buffer and not getting the required mixing of the extra entropy for the actual return buffer. Signed-off-by: Jouni Malinen <j@w1.fi>
* P2P: Silence bogus compiler warningsJouni Malinen2015-08-011-2/+2
| | | | | | | | | | | It looks like the compiler version used in Android 5.0 warns about potentially uninitialized oper_freq variable in these debug messages. That is not really valid since this code path can be reached only if found != 0 and in such a case, oper_freq is set. Anyway, it seems better to avoid compiler warnings, so add an unnecessary initialization for oper_freq for now. Signed-off-by: Jouni Malinen <j@w1.fi>
* OpenSSL: Remove md5_vector() from CONFIG_FIPS=y buildsJouni Malinen2015-08-011-0/+2
| | | | | | | | | | MD5 is not allowed in such builds, so comment out md5_vector() from the build to force compile time failures for cases that cannot be supported instead of failing the MD5 operations at runtime. This makes it easier to detect and fix accidental cases where MD5 could still be used in some older protocols. Signed-off-by: Jouni Malinen <j@w1.fi>
* EAP-TTLS: Disable CHAP, MSCHAP, and MSCHAPV2 in CONFIG_FIPS=y buildsJouni Malinen2015-08-011-0/+17
| | | | | | | FIPS builds do not include support for MD4/MD5, so disable EAP-TTLS/CHAP, MSCHAP, and MSCHAPV2 when CONFIG_FIPS=y is used. Signed-off-by: Jouni Malinen <j@w1.fi>
* EAP peer: Replace MD5 with SHA1 in duplicate message workaroundJouni Malinen2015-08-012-7/+7
| | | | | | | | MD5 is not available in CONFIG_FIPS=y builds, so use SHA1 for the EAP peer workaround that tries to detect more robustly whether a duplicate message was sent. Signed-off-by: Jouni Malinen <j@w1.fi>
* tests: Skip MD5 module tests in CONFIG_FIPS=y buildsJouni Malinen2015-08-011-0/+5
| | | | Signed-off-by: Jouni Malinen <j@w1.fi>
* OpenSSL: Implement aes_wrap/aes_unwrap through EVP for CONFIG_FIPS=yJouni Malinen2015-08-011-0/+4
| | | | | | | | | | | | | | | | The OpenSSL internal AES_wrap_key() and AES_unwrap_key() functions are unfortunately not available in FIPS mode. Trying to use them results in "aes_misc.c(83): OpenSSL internal error, assertion failed: Low level API call to cipher AES forbidden in FIPS mode!" and process termination. Work around this by reverting commit f19c907822ad0dec3480b1435b615ae22c5533a1 ('OpenSSL: Implement aes_wrap() and aes_unwrap()') changes for CONFIG_FIPS=y case. In practice, this ends up using the internal AES key wrap/unwrap implementation through the OpenSSL EVP API which is available in FIPS mode. When CONFIG_FIPS=y is not used, the OpenSSL AES_wrap_key()/AES_unwrap_key() API continues to be used to minimize code size. Signed-off-by: Jouni Malinen <j@w1.fi>