path: root/wpa_supplicant/Makefile
Commit message (Collapse)AuthorAgeFilesLines
* Link to, and adjust types for, the PCSC framework included with OSXArran Cudbard-Bell2016-08-071-0/+4
| | | | Signed-off-by: Arran Cudbard-Bell <a.cudbardb@freeradius.org>
* Move parts of wpa_cli to a new common fileMikael Kanstrup2016-08-061-0/+1
| | | | | | | | In preparation for adding further command completion support to hostapd_cli move some cli related utility functions out of wpa_cli into a new common cli file. Signed-off-by: Mikael Kanstrup <mikael.kanstrup@sonymobile.com>
* systemd: Update service files according to D-Bus interface versionMarcin Niestroj2016-04-181-2/+6
| | | | | | | | | | | | | | systemd service files were supplied with old D-Bus bus name. After service activation systemd was waiting for appearance of specified bus name to consider it started successfully. However, if wpa_supplicant was compiled only with the new D-Bus interface name, systemd didn't notice configured (old) D-Bus bus name appearance. In the end, service was considered malfunctioning and it was deactivated. Update systemd service BusName property according to supported D-Bus interface version. Signed-off-by: Marcin Niestroj <m.niestroj@grinn-global.com>
* hostapd: Handle Neighbor Report Request frameDavid Spinadel2016-04-171-0/+1
| | | | | | | Process Neighbor Report Request frame and send Neighbor Report Response frame based on the configured neighbor report data. Signed-off-by: David Spinadel <david.spinadel@intel.com>
* hostapd: Add a database of neighboring APsDavid Spinadel2016-04-161-0/+1
| | | | | | | | | | | | | | | | | Add a configurable neighbor database that includes the content of Nighbor Report element, LCI and Location Civic subelements and SSID. All parameters for a neighbor must be updated at once; Neighbor Report element and SSID are mandatory, LCI and civic are optional. The age of LCI is set to the time of neighbor update. The control interface API is: SET_NEIGHBOR <BSSID> <ssid=SSID> <nr=data> [lci=<data>] [civic=<data>] To delete a neighbor use: REMOVE_NEIGHBOR <BSSID> <SSID> Signed-off-by: David Spinadel <david.spinadel@intel.com>
* Add interface matching support with -M, guarded by CONFIG_MATCH_IFACERoy Marples2016-03-221-0/+4
| | | | | | | | | The new wpa_supplicant command line argument -M can be used to describe matching rules with a wildcard interface name (e.g., "wlan*"). This is very useful for systems without udev (Linux) or devd (FreeBSD). Signed-off-by: Roy Marples <roy@marples.name>
* wpa_supplicant: Fix CONFIG_IBSS_RSN=y build without CONFIG_AP=yJouni Malinen2016-03-211-0/+1
| | | | | | | | | | | | | | | | Commit 1889af2e0f89f9a98171761683eb1c244584daf8 ('VLAN: Separate station grouping and uplink configuration') added an ap_sta_set_vlan() function that gets called from pmksa_cache_auth.c. This broke CONFIG_IBSS_RSN=y build if src/ap/sta_info.c did not get included in the build, i.e., if CONFIG_AP=y was not set. Fix this by making the ap_sta_set_vlan() call conditional on CONFIG_NO_VLAN being undefined and define this for CONFIG_IBSS_RSN=y builds. This is fine for wpa_supplicant since CONFIG_AP=y case was already defining this. For hostapd, this function call is not needed for CONFIG_NO_VLAN case either. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Fix nfc_pw_token build with CONFIG_FST=yJouni Malinen2016-03-201-0/+1
| | | | Signed-off-by: Jouni Malinen <j@w1.fi>
* wpa_supplicant: Use common functions for ctrl_ifaceJanusz Dziedzic2016-03-051-0/+1
| | | | | | Use the common functions, structures when UNIX socket ctrl_iface used. Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
* MBO: Track STA cellular data capability from association requestJouni Malinen2016-02-221-0/+3
| | | | | | | | This makes hostapd parse the MBO attribute in (Re)Association Request frame and track the cellular data capability (mbo_cell_capa=<val> in STA control interface command). Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* MBO: Implement MBO non-preferred channel report in Association RequestDavid Spinadel2016-02-221-0/+1
| | | | | | | Add MBO IE with non-preferred channels to (Re)Association Request frames. Signed-off-by: David Spinadel <david.spinadel@intel.com>
* MBO: Add non-preferred channel configuration in wpa_supplicantDavid Spinadel2016-02-211-0/+4
| | | | | | Add non-preferred channel configuration to wpa_config for MBO. Signed-off-by: David Spinadel <david.spinadel@intel.com>
* Implement kqueue(2) support via CONFIG_ELOOP_KQUEUERoy Marples2016-02-071-0/+4
| | | | | | | | | | | NOTE: kqueue has to be closed and re-build after forking. epoll *should* do the same, but it seems that wpa_supplicant doesn't need it at least. I have re-worked a little bit of the epoll code (moved into a similar kqueue function) so it's trivial to requeue epoll if needed in the future. Signed-off-by: Roy Marples <roy@marples.name>
* Clone default LIBS value to LIBS_* for other toolsJouni Malinen2015-12-281-0/+11
| | | | | | | | If LIBS is set with some global build system defaults, clone those for LIBS_c, LIBS_h, LIBS_n, and LIBS_p to cover wpa_cli, wpa_passphrase, hostapd_cli, hlr_auc_gw, and nt_password_hash as well. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* wpa_supplicant: Enable Automatic Channel Selection support for AP modeTomasz Bursztyka2015-12-241-0/+6
| | | | | | | | | | Since hostapd supports ACS now, let's enable its support in wpa_supplicant as well when starting AP mode. Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com> [u.oelmann@pengutronix.de: rebased series from hostap_2_1~944 to master] [u.oelmann@pengutronix.de: adjusted added text in defconfig] Signed-off-by: Ulrich Ölmann <u.oelmann@pengutronix.de>
* TLS: Parse CertificateStatus messageJouni Malinen2015-12-141-0/+1
| | | | | | | | | | This allows the internal TLS client implementation to accept CertificateStatus message from the server when trying to use OCSP stapling. The actual OCSPResponse is not yet processed in this commit, but the CertificateStatus message is accepted to allow the TLS handshake to continue. Signed-off-by: Jouni Malinen <j@w1.fi>
* BoringSSL: Move OCSP implementation into a separate fileJouni Malinen2015-12-041-0/+1
| | | | | | | | This makes it easier to share the OCSP implementation needed for BoringSSL outside tls_openssl.c. For now, this is mainly for http_curl.c. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Add SHA384 and SHA512 implementations from LibTomCrypt libraryPali Rohár2015-11-291-0/+10
| | | | | | | These will be used with the internal TLS implementation to extend hash algorithm support for new certificates and TLS v1.2. Signed-off-by: Pali Rohár <pali.rohar@gmail.com>
* Remove wpa_supplicant/testsJouni Malinen2015-11-231-4/+4
| | | | | | | | | There was only a single file remaining in this directory. All the other old test functionality has been moved under the top level tests directory. Move the remaining file to the wpa_supplicant directory to get rid of the subdirectory. Signed-off-by: Jouni Malinen <j@w1.fi>
* tests: Move EAP-SIM PRF module test into the hwsim frameworkJouni Malinen2015-11-231-11/+0
| | | | | | | | The old wpa_supplicant/Makefile target test-eap_sim_common did not work anymore and anyway, this test is better placed in the newer hwsim framework to make sure the test case gets executed automatically. Signed-off-by: Jouni Malinen <j@w1.fi>
* Remove link_test and test_wpaJouni Malinen2015-11-231-68/+0
| | | | | | | | | These wpa_supplicant test programs have not been maintained for years and it would take significant effort to get these into working state. Since there does not seem to be any real need for these based on lack of maintenance, it is easier to just drop these tools for now. Signed-off-by: Jouni Malinen <j@w1.fi>
* Fix CONFIG_NO_WPA=y buildJouni Malinen2015-11-231-0/+4
| | | | | | | | Number of places were calling functions that are not included in CONFIG_NO_WPA=y build anymore. Comment out such calls. In addition, pull in SHA1 and MD5 for config_internal.c, if needed. Signed-off-by: Jouni Malinen <j@w1.fi>
* Add test programs for checking libwpa_client linkingJouni Malinen2015-10-311-0/+9
| | | | | | | libwpa_test1 and libwpa_test2 targets can now be used to check libwpa_client linking for static and shared library cases respectively. Signed-off-by: Jouni Malinen <j@w1.fi>
* wpa_supplicant/Makefile: Fix libwpa_client buildJörg Krause2015-10-311-0/+2
| | | | | | | | | Building libwpa_client requires src/utils/common.c for bin_clear_free() else loading the library fails with: Error relocating /usr/lib/libwpa_client.so: bin_clear_free: symbol not found Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
* tests: Fix build without CONFIG_ERP=yJouni Malinen2015-10-251-0/+1
| | | | | | | | hmac_sha256_kdf() got pulled in only if CONFIG_ERP=y is set. Fix test_sha256() by making the test case conditional on the function being present. Signed-off-by: Jouni Malinen <j@w1.fi>
* l2_packet: Add build option to disable Linux packet socket workaroundMohammed Shafi Shajakhan2015-10-251-0/+4
| | | | | | | | | | | | | | | | | | | | | | | Linux packet socket workaround(*) has an impact in performance when the workaround socket needs to be kept open to receive EAPOL frames. While this is normally avoided with a kernel that has the issue addressed by closing the workaround packet socket when detecting a frame through the main socket, it is possible for that mechanism to not be sufficient, e.g., when an open network connection (no EAPOL frames) is used. Add a build option (CONFIG_NO_LINUX_PACKET_SOCKET_WAR=y) to disable the workaround. This build option is disabled by default and can be enabled explicitly on distributions which have an older kernel or a fix for the kernel regression. Also remove the unused variable num_rx. (*) Linux kernel commit 576eb62598f10c8c7fd75703fe89010cdcfff596 ('bridge: respect RFC2863 operational state') from 2012 introduced a regression for using wpa_supplicant with EAPOL frames and a station interface in a bridge. Signed-off-by: Mohammed Shafi Shajakhan <mohammed@qti.qualcomm.com>
* Add "git describe" based version string postfixJouni Malinen2015-10-161-0/+10
| | | | | | | | | | | | | | If hostapd or wpa_supplicant is built from a git repository, add a VERSION_STR postfix from the current git branch state. This is from "git describe --dirty=+". VERSION_STR will thus look something like "2.6-devel-hostap_2_5-132-g4363c0d+" for development builds from a modified repository. This behavior is enabled automatically if a build within git repository is detected (based on ../.git existing). This can be disabled with CONFIG_NO_GITVER=y in wpa_supplicant/.config and hostapd/.config. Signed-off-by: Jouni Malinen <j@w1.fi>
* wpa_cli: Fix static linking with readlineDavid du Colombier2015-10-011-1/+1
| | | | | | | | | The readline library depends on ncurses, so it should be set before ncurses on the linker command line to be able to be statically linked successfully. Signed-off-by: David du Colombier <0intro@gmail.com> Signed-off-by: Baruch Siach <baruch@tkos.co.il>
* Fix EAP-EKE peer build rulesJouni Malinen2015-09-251-0/+1
| | | | | | NEED_AES_CBC is needed for EAP-EKE builds. Signed-off-by: Jouni Malinen <j@w1.fi>
* Linker changes for building eapol_test on OS XAlan T. DeKok2015-09-251-0/+3
| | | | Signed-off-by: Alan DeKok <aland@freeradius.org>
* Fix key derivation for Suite B 192-bit AKM to use SHA384Jouni Malinen2015-08-271-0/+1
| | | | | | | | | While the EAPOL-Key MIC derivation was already changed from SHA256 to SHA384 for the Suite B 192-bit AKM, KDF had not been updated similarly. Fix this by using HMAC-SHA384 instead of HMAC-SHA256 when deriving PTK from PMK when using the Suite B 192-bit AKM. Signed-off-by: Jouni Malinen <j@w1.fi>
* BoringSSL: Allow internal AES key wrap to be used with "OpenSSL" buildJouni Malinen2015-08-171-0/+5
| | | | | | | | | | | | It looks like BoringSSL has removed the AES_wrap_key(), AES_unwrap_key() API. This broke wpa_supplicant/hostapd build since those functions from OpenSSL were used to replace the internal AES key wrap implementation. Add a new build configuration option (CONFIG_OPENSSL_INTERNAL_AES_WRAP=y) to allow the internal implementation to be used with CONFIG_OPENSSL=y build to allow build against the latest BoringSSL version. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Add build option to remove all internal RC4 usesJouni Malinen2015-08-021-0/+6
| | | | | | | | | | | | The new CONFIG_NO_RC4=y build option can be used to remove all internal hostapd and wpa_supplicant uses of RC4. It should be noted that external uses (e.g., within a TLS library) do not get disabled when doing this. This removes capability of supporting WPA/TKIP, dynamic WEP keys with IEEE 802.1X, WEP shared key authentication, and MSCHAPv2 password changes. Signed-off-by: Jouni Malinen <j@w1.fi>
* EAP-TTLS: Disable CHAP, MSCHAP, and MSCHAPV2 in CONFIG_FIPS=y buildsJouni Malinen2015-08-011-1/+3
| | | | | | | FIPS builds do not include support for MD4/MD5, so disable EAP-TTLS/CHAP, MSCHAP, and MSCHAPV2 when CONFIG_FIPS=y is used. Signed-off-by: Jouni Malinen <j@w1.fi>
* OpenSSL: Implement aes_wrap/aes_unwrap through EVP for CONFIG_FIPS=yJouni Malinen2015-08-011-1/+10
| | | | | | | | | | | | | | | | The OpenSSL internal AES_wrap_key() and AES_unwrap_key() functions are unfortunately not available in FIPS mode. Trying to use them results in "aes_misc.c(83): OpenSSL internal error, assertion failed: Low level API call to cipher AES forbidden in FIPS mode!" and process termination. Work around this by reverting commit f19c907822ad0dec3480b1435b615ae22c5533a1 ('OpenSSL: Implement aes_wrap() and aes_unwrap()') changes for CONFIG_FIPS=y case. In practice, this ends up using the internal AES key wrap/unwrap implementation through the OpenSSL EVP API which is available in FIPS mode. When CONFIG_FIPS=y is not used, the OpenSSL AES_wrap_key()/AES_unwrap_key() API continues to be used to minimize code size. Signed-off-by: Jouni Malinen <j@w1.fi>
* OpenSSL: Add SHA256 support in openssl_tls_prf() for TLSv1.2Jouni Malinen2015-07-281-0/+2
| | | | | | | | This is needed when enabling TLSv1.2 support for EAP-FAST since the SSL_export_keying_material() call does not support the needed parameters for TLS PRF and the external-to-OpenSSL PRF needs to be used instead. Signed-off-by: Jouni Malinen <j@w1.fi>
* FST: Testing supportAnton Nayshtut2015-07-161-0/+3
| | | | | | This patch introduces infrastructure needed for FST module tests. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* FST: wpa_supplicant build rulesAnton Nayshtut2015-07-161-0/+15
| | | | Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Add libwpa_client build option to use a dynamic libraryKrishna Vamsi2015-05-291-2/+19
| | | | | | | | | Add support to compile libwpa_client.so. This can be used by external programs to interact with the wpa_supplicant control interface. Also rename the static version of this library to libwpa_client.a to be consistent with the name used previous in Android builds. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Fix wpa_priv (CONFIG_PRIVSEP=y) buildJouni Malinen2015-04-251-0/+4
| | | | Signed-off-by: Jouni Malinen <j@w1.fi>
* Remove trailing whitespace from MakefileJouni Malinen2015-04-231-1/+1
| | | | Signed-off-by: Jouni Malinen <j@w1.fi>
* Add support for CONFIG_NO_ROAMING to MakefileLauri Hintsala2015-03-291-0/+4
| | | | | | | | | | Commit e9af53ad39a19264bf5307a1b5923afc2b2f9b06 introduced new CONFIG_NO_ROAMING configuration parameter but unfortunately it was added only to Android.mk. Enabling this parameter didn't have any effect when Makefile was used to build wpa_supplicant. This commit fixes that problem and cleans "unused variable" compiler warning. Signed-off-by: Lauri Hintsala <lauri.hintsala@silabs.com>
* OpenSSL: Implement AES-128 CBC using EVP APIJouni Malinen2015-03-291-0/+2
| | | | | | | | This replaces the internal CBC mode implementation in aes_128_cbc_encrypt() and aes_128_cbc_decrypt() with the OpenSSL implementation for CONFIG_TLS=openssl builds. Signed-off-by: Jouni Malinen <j@w1.fi>
* Fix CONFIG_EAP_UNAUTH_TLS without CONFIG_EAP_TLS buildJouni Malinen2015-03-201-1/+1
| | | | Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Remove SChannel supportJouni Malinen2015-03-181-15/+0
| | | | | | | | | SChannel/CryptoAPI as a TLS/crypto library alternative was never completed. Critical functionality is missing and there are bugs in this implementation. Since there are no known plans of completing this support, it is better to remove this code. Signed-off-by: Jouni Malinen <j@w1.fi>
* P2P: Move upper layer SD interaction into a separate fileJouni Malinen2015-03-151-0/+1
| | | | | | | | wpa_supplicant/p2p_supplicant.c has reached almost 10000 lines in length and was getting a bit inconvenient to edit, so start splitting it into separate files. Signed-off-by: Jouni Malinen <j@w1.fi>
* Add wpa_supplicant Makefile target libwpa_ctrl.aJouni Malinen2015-02-211-0/+11
| | | | | | | | | | "make -C wpa_supplicant libwpa_ctrl.a" can now be used to build a static library that can be linked with external programs using wpa_ctrl.h. This makes it easier to create a separate library package that does not depend in any other hostap.git file other than src/common/wpa_ctrl.h and the libwpa_ctrl.a built with this new make target. Signed-off-by: Jouni Malinen <j@w1.fi>
* Add a variable to handle extra CFLAGS valuesRoger Zanoni2015-01-311-0/+1
| | | | | | | | | | | | | Some packages don't install its headers in the default directory (e.g.: In Arch Linux libiberty and libn13 includes are installed) in their own subdirectory under /usr/include) and the build fails trying to find the headers. This patch will allow passing extra CFLAGS values without discarding the assignments made in the Makefile. The CFLAGS values in the Makefile are ignored, if defined directly in the make command line. Signed-off-by: Roger Zanoni <roger.zanoni@openbossa.org>
* OpenSSL: Implement aes_wrap() and aes_unwrap()Jouni Malinen2015-01-281-0/+4
| | | | | | | | This replaces the implementation in aes-wrap.c and aes-unwrap.c with OpenSSL AES_wrap_key() and AES_unwrap_key() functions when building hostapd or wpa_supplicant with OpenSSL. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* OpenSSL: Replace internal HMAC-MD5 implementationJouni Malinen2015-01-281-0/+2
| | | | | | | Use OpenSSL HMAC_* functions to implement HMAC-MD5 instead of depending on the src/crypto/md5.c implementation. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>