Commit message (Collapse)AuthorAgeFilesLines
* tests: wpa_supplicant mesh with dynamic interface addition failingJouni Malinen2016-05-291-0/+12
| | | | Signed-off-by: Jouni Malinen <j@w1.fi>
* mesh: Fix MESH_INTERFACE_ADD error path cleanupJouni Malinen2016-05-291-1/+1
| | | | | | | If wpa_supplicant_add_iface() fails, we need to remove the added netdev, not the existing wpa_s instance. Signed-off-by: Jouni Malinen <j@w1.fi>
* tests: Mesh network setup failing due to OOMJouni Malinen2016-05-291-3/+21
| | | | Signed-off-by: Jouni Malinen <j@w1.fi>
* mesh: Fix error path handling in init OOM casesJouni Malinen2016-05-291-4/+13
| | | | | | | | | hostapd deinit functions were not ready to handle a case where the data structures were not fully initialized. Make these more robust to allow wpa_supplicant mesh implementation to use the current deinit design in OOM error cases without causing NULL pointer dereferences. Signed-off-by: Jouni Malinen <j@w1.fi>
* tests: More coverage in ap_reassociation_to_same_bssJouni Malinen2016-05-281-0/+6
| | | | | | | The extra wait forces the special reattach-scan case to be reached in wpa_supplicant_scan(). Signed-off-by: Jouni Malinen <j@w1.fi>
* tests: More coverage in wpas_ctrl_sched_scan_plansJouni Malinen2016-05-281-0/+5
| | | | Signed-off-by: Jouni Malinen <j@w1.fi>
* Remove dead code from wpas_sched_scan_plans_set()Jouni Malinen2016-05-281-7/+0
| | | | | | | scan_plan->interval was checked against 0 twice; the latter case cannot happen. Signed-off-by: Jouni Malinen <j@w1.fi>
* tests: Scan with SET freq_list and scan_cur_freqJouni Malinen2016-05-281-0/+20
| | | | Signed-off-by: Jouni Malinen <j@w1.fi>
* Improve reattach scan OOM failure handlingJouni Malinen2016-05-281-5/+3
| | | | | | | | | | Instead of reporting the memory allocation failure and stopping, run the scan even if the frequency list cannot be created due to allocation failure. This allows the wpa_s->reattach flag to be cleared and the scan to be completed even if it takes a bit longer time due to all channels getting scanned. Signed-off-by: Jouni Malinen <j@w1.fi>
* tests: Duplicate SSID removal with scan_id listJouni Malinen2016-05-281-0/+3
| | | | Signed-off-by: Jouni Malinen <j@w1.fi>
* tests: Increase scan_fail coverageJouni Malinen2016-05-281-0/+28
| | | | Signed-off-by: Jouni Malinen <j@w1.fi>
* Indicate scan failure event on parameter cloning failureJouni Malinen2016-05-281-4/+2
| | | | | | This is more consistent with the radio_add_work() error case. Signed-off-by: Jouni Malinen <j@w1.fi>
* tests/remote: Fix a typo in a commentJouni Malinen2016-05-281-1/+1
| | | | Signed-off-by: Jouni Malinen <j@w1.fi>
* tests/remote: Fix execution of setup_hwJonathan Afek2016-05-283-39/+32
| | | | | | | | | | | The code contained some places that used an additional argument for setup_hw after -R and also contained places where setup_hw cmdline was passed as a string instead of an argument list. It also contained places where the ifname was only treated as a single interface and disregarded the possiblity of multiple interfaces. This commit fixes these issues and executes setup_hw from a single function for all cases. Signed-off-by: Jonathan Afek <jonathanx.afek@intel.com>
* tests: Add support for wlantest for remote hwsim testsJonathan Afek2016-05-2812-91/+217
| | | | | | | | | Use a monitor interface given in the command line that is not also a station or an AP as a monitor running wlantest on the channel used by the test. This makes all the tests that use wlantest available for execution on real hardware on remote hosts. Signed-off-by: Jonathan Afek <jonathanx.afek@intel.com>
* tests/remote: Fix usage of a non existing variableJonathan Afek2016-05-281-0/+1
| | | | | | | | | | In monitor.py in the remote tests code there is fucntion create() that creates standalone monitor interfaces. In this function there is an iteration of the ifaces of the host by using the ifaces variable but this variable is non-existing. This patch creates this variable before its usage. Signed-off-by: Jonathan Afek <jonathanx.afek@intel.com>
* wpaspy: Fix potentially referencing non existing attributeJonathan Afek2016-05-281-0/+1
| | | | | | | | | | | In wpaspy.py in the Ctrl object constructor there is a try/except. In the except part the code references the s attribute of the object. This attribute is only created later in the try part. If an exception occurs before the attribute creation then the except part references a non existing attribute. Fix that by assigning None to the s attribute at the beginning of the try part. Signed-off-by: Jonathan Afek <jonathanx.afek@intel.com>
* tests/remote: Fix style and typosJonathan Afek2016-05-283-4/+5
| | | | Signed-off-by: Jonathan Afek <jonathanx.afek@intel.com>
* tests/remote: Extend get_monitor_params() to support P2P interfacesJonathan Afek2016-05-281-7/+11
| | | | | | | | | This function is used for remote tests when a monitor interface is needed on the channel on which the AP operates. This change enables us to also query P2P interfaces for the channel information to use for monitor interfaces. Signed-off-by: Jonathan Afek <jonathanx.afek@intel.com>
* tests/remote: Use a function to add a log file to a remote hostJonathan Afek2016-05-284-7/+10
| | | | | | | | | | Instead of accessing the logs list member of the remote host directly, use a function to add logs to the remote host to be collected after the test. This enables us to later have different implementation of remote hosts or logs collection without requiring to have this list as the implementation. Signed-off-by: Jonathan Afek <jonathanx.afek@intel.com>
* tests: Use 10 retries for over-the-air broadcast connectivityJonathan Afek2016-05-282-24/+44
| | | | | | | | | | | | The regular hwsim tests use both unicast and broadcast frames to test the connectivity between 2 interfaces. For real hardware (remote hwsim tests) the broadcast frames will sometimes not be seen by all connected stations since they can be in low power mode during DTIM or because broadcast frames are not ACKed. Use 10 retries for broadcast connectivity tests for real hardware so that the test will pass if we successfully received at least one of them. Signed-off-by: Jonathan Afek <jonathanx.afek@intel.com>
* wpa_cli: Run action file in case of an AP eventJörg Krause2016-05-231-0/+4
| | | | | | | Run the action script in case of AP events "AP-ENABLED" and "AP-DISABLED". Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
* OpenSSL: Comment out tls_connection_get_eap_fast_key without EAP-FASTDavid Benjamin2016-05-231-8/+16
| | | | | | | | | This avoids internal access of structs and also removes the dependency on the reimplemented TLS PRF functions when EAP-FAST support is not enabled. Notably, BoringSSL doesn't support EAP-FAST, so there is no need to access its internals with openssl_get_keyblock_size(). Signed-Off-By: David Benjamin <davidben@google.com>
* tests: Fix ap_wpa2_eap_fast_prf_oom with the updated PRF implementationJouni Malinen2016-05-231-1/+1
| | | | | | | This is needed to work with the tls_openssl.c changes that renamed the function that is used for deriving the EAP-FAST keys. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* TLS: Split tls_connection_prf() into two functionsDavid Benjamin2016-05-2311-85/+98
| | | | | | | | | | | | | | | | | | | | | | Most protocols extracting keys from TLS use RFC 5705 exporters which is commonly implemented in TLS libraries. This is the mechanism used by EAP-TLS. (EAP-TLS actually predates RFC 5705, but RFC 5705 was defined to be compatible with it.) EAP-FAST, however, uses a legacy mechanism. It reuses the TLS internal key block derivation and derives key material after the key block. This is uncommon and a misuse of TLS internals, so not all TLS libraries support this. Instead, we reimplement the PRF for the OpenSSL backend and don't support it at all in the GnuTLS one. Since these two are very different operations, split tls_connection_prf() in two. tls_connection_export_key() implements the standard RFC 5705 mechanism that we expect most TLS libraries to support. tls_connection_get_eap_fast_key() implements the EAP-FAST-specific legacy mechanism which may not be implemented on all backends but is only used by EAP-FAST. Signed-Off-By: David Benjamin <davidben@google.com>
* OpenSSL: Remove two more accesses of ssl_ctx->cert_storeDavid Benjamin2016-05-231-3/+4
| | | | | | | | Commit 68ae4773a40b601126fc1f7cf5284e159c84ab3d ('OpenSSL: Use library wrapper functions to access cert store') fixed most of these, but missed a few. Signed-Off-By: David Benjamin <davidben@google.com>
* tests: Scan failuresJouni Malinen2016-05-231-1/+59
| | | | Signed-off-by: Jouni Malinen <j@w1.fi>
* scan: Fix a memory leak on an error pathJouni Malinen2016-05-231-0/+3
| | | | | | | | | If preassoc_mac_addr is used and updating the MAC address fails in wpas_trigger_scan_cb(), the cloned scan parameters were leaked. Fix that and also send a CTRL-EVENT-SCAN-FAILED event in this and another error case. Signed-off-by: Jouni Malinen <j@w1.fi>
* nl80211: Add TEST_FAIL() to nl80211_set_mac_addr()Jouni Malinen2016-05-221-0/+3
| | | | | | This makes it easier to test some error paths in wpa_supplicant. Signed-off-by: Jouni Malinen <j@w1.fi>
* scan: Clean up code a bit - phase1 is used in all WPS casesJouni Malinen2016-05-221-4/+1
| | | | | | | | There is no need to have a separate if statement to skip the cases where phase1 is not set. Just check it with the strstr comparison since this case is not really used in practice. Signed-off-by: Jouni Malinen <j@w1.fi>
* scan: Clean up code a bit - ssid cannot be NULL hereJouni Malinen2016-05-221-2/+1
| | | | | | | wpa_s->current_ssid is set to a non-NULL ssid pointer value here, so there is no need for the extra if statement. Signed-off-by: Jouni Malinen <j@w1.fi>
* Update ChangeLog files for v2.6Jouni Malinen2016-05-212-0/+180
| | | | | | This adds a summary of changes since the v2.5 release. Signed-off-by: Jouni Malinen <j@w1.fi>
* Fix sending non-Public Action frames over P2P Device interfaceLior David2016-05-202-5/+29
| | | | | | | | | | | | | | | | | | | | | | The P2P Device interface can only send Public Action frames. Non-Public Action frames must be sent over a group interface. The previous implementation sometimes tried to send non-Public Action frames such as GO Discoverability over the P2P Device interface, however, the source address of the frame was set to the group interface address so the code in offchannel.c knew to select the correct interface for the TX. The check breaks when the P2P Device and group interfaces have the same MAC address. In this case the frame will be sent over the P2P Device interface and the send will fail. Fix this problem in two places: 1. In offchannel, route non-Public Action frames to the GO interface when the above conditions are met. 2. When a TX_STATUS event arrives on such routed frame, it will arrive on the GO interface but it must be handled by the P2P Device interface since it has the relevant state logic. Signed-off-by: Lior David <qca_liord@qca.qualcomm.com>
* nl80211: Register for only for specific Action frames in AP modeKanchanapally, Vidyullatha2016-05-201-5/+47
| | | | | | | | | | This makes changes such that hostapd (and wpa_supplicant AP mode) registers to kernel for specific Action frames instead of generically registering for all Action frames. This makes it easier for other programs to register for some Action frames that hostapd does not handle today without having to somehow coordinate directly with hostapd. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* tests: P2P group formation using P2PS method without specifying PINJouni Malinen2016-05-202-1/+14
| | | | Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* P2PS: Allow P2P_CONNECT command for P2PS connection with/without PINPurushottam Kushwaha2016-05-192-2/+5
| | | | | | | | | | | | | This allows using P2PS config method with or without PIN for connection. wpa_supplicant should internally handle the default PIN "12345670" and shall also allow connection irrespective of PIN used in P2P_CONNECT. For example, 1. P2P_CONNECT 02:2a:fb:22:22:33 p2ps 2. P2P_CONNECT 02:2a:fb:22:22:33 xxxxxxxx p2ps Where the second one is maintained for backwards compatibility. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* P2PS: Correct config_methods for different P2P casesPurushottam Kushwaha2016-05-191-3/+3
| | | | | | | | | Add P2PS config flag only when config_methods are set. This restores the pre-P2PS behavioer for the cases where Display or Keypad config method is specified for a peer (i.e., do not add the new P2PS method in that case). Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* EAP-SAKE: Do not debug print result if eap_sake_compute_mic() failsJouni Malinen2016-05-161-5/+14
| | | | | | | | This gets rid of a valgrind warning on uninitialized memory read in the eap_proto_sake_errors test case where the result was used after the failed eap_sake_compute_mic() call. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* EAP-PAX: Do not debug print result if eap_pax_mac() failsJouni Malinen2016-05-161-2/+9
| | | | | | | | This gets rid of a valgrind warning on uninitialized memory read in the eap_proto_pax_errors test case where the result was used after the failed eap_pax_mac() call. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* EAP-FAST: Check sha1_t_prf() result in eap_fast_get_cmk()Jouni Malinen2016-05-161-3/+4
| | | | | | | | This gets rid of a valgrind warning on uninitialized memory read in the eap_proto_fast_errors test case where the result was used after the failed sha1_t_prf() call. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* WPS: Check sha256_vector() result in wps_build_oob_dev_pw()Jouni Malinen2016-05-161-1/+2
| | | | | | | | This gets rid of a valgrind warning on uninitialized memory read in the wpas_ctrl_error test case where the result was used after the failed sha256_vector() call. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Check md5_vector() result in decrypt_ms_key()Jouni Malinen2016-05-161-1/+4
| | | | | | | | This gets rid of a valgrind warning on uninitialized memory read in the hostapd_oom_wpa2_eap_connect test case where the result is used after failed md5_vector() call. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Check hmac_md5() result in radius_msg_verify_msg_auth()Jouni Malinen2016-05-161-2/+3
| | | | | | | | This gets rid of a valgrind warning on uninitialized memory read in the hostapd_oom_wpa2_eap_connect test case where memcmp is used after failed hmac_md5() call. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Check md5_vector() result in radius_msg_verify()Jouni Malinen2016-05-161-2/+2
| | | | | | | | This gets rid of a valgrind warning on uninitialized memory read in the hostapd_oom_wpa2_eap test case where memcmp is used after failed md5_vector() call. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* WPS: Fix debug prints in wps_derive_psk() error caseJouni Malinen2016-05-164-11/+16
| | | | | | | | Check for hmac_sha256() failures and exit from wps_derive_psk() without printing out the derived keys if anything fails. This removes a valgrind warning on uninitialized value when running the ap_wps_m3_oom test case. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Fix external radio work debug printing on removalJouni Malinen2016-05-161-0/+7
| | | | | | | | | | work->type was pointing to the allocated work->ctx buffer and the debug print in radio_work_free() ended up using freed memory if a started external radio work was removed as part of FLUSH command operations. Fix this by updating work->type to point to a constant string in case the dynamic version gets freed. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* tests: wpa_supplicant AP mode - WPS disabledJouni Malinen2016-05-141-0/+16
| | | | Signed-off-by: Jouni Malinen <j@w1.fi>
* wpa_supplicant: Add wps_disabled parameter to network blockLior David2016-05-146-1/+18
| | | | | | | Add a new parameter wps_disabled to network block (wpa_ssid). This parameter allows WPS functionality to be disabled in AP mode. Signed-off-by: Lior David <qca_liord@qca.qualcomm.com>
* Set wpa_psk_set in wpa_supplicant AP mode is PSK is availableJouni Malinen2016-05-141-0/+1
| | | | | | | While this is unlikely to make any practical difference, it is better to keep consistent with hostapd configuration parser. Signed-off-by: Jouni Malinen <j@w1.fi>
* Fix AP mode key_mgmt configuration in wpa_supplicant default caseJouni Malinen2016-05-141-1/+4
| | | | | | | | | If the network profile key_mgmt parameter was not set, wpa_supplicant defaulted to enabling both WPA-PSK and WPA-EAP. This is not correct for AP mode operations, so remove WPA-EAP in such a case to fix WPA-PSK without explicit key_mgmt parameter. Signed-off-by: Jouni Malinen <j@w1.fi>