path: root/wpa_supplicant
AgeCommit message (Collapse)AuthorFilesLines
2020-03-09Fix segmentation fault for NULL confname in SAVE_CONFIGLE.UM.4.1.1.r1-00300-sa515mLE.UM.4.1.1.r1-00200-sa515mLE.UM.4.1.1.c3-01700-sa515mLE.UM.4.1.1.c3-01300-sa515mLE.UM.4.1.1.c3-00600-sa515mLE.UM.4.1.1.c1-05800-sa515mLE.UM.4.1.1.c1-01700-sa515mLE.UM.3.2.1.c1-02800-sa415mLE.UM.3.2.1.c1-02400-sa415mLE.UM.3.2.1.c1-00800-sa415mLE.UM.3.2.1-03010-sa415mCHSS.LNX_FSLS.1.0-00900-QCAAUTOHOSTHZCHSS.LNX_FSL.2.1-04510-QCA6574AUARMSDIOHZwlan-service.lnx.1.3.20.r1-relwlan-service.lnx.1.3.20.c4wlan-service.lnx.1.3.20.c1LE.UM.3.2.1_rb1.17CHSS.LNX_FSLS.1.0.r1.1CHSS.LNX_FSL.2.1_rb1.10Zhaoyang Liu1-2/+9
When wpa_supplicant interface is added without a configuration file, the SAVE_CONFIG command causes a segmentation fault due to referencing a NULL pointer if the update_config parameter is first explicitly enabled. Fix the issue by checking the confname for NULL before saving configuration. Git-repo : git:// Git-commit: 87775e32f684ece761d7c927ffeae1ab7295ce89 Signed-off-by: Jouni Malinen <> Change-Id: Ie13c3e7098933119d4557ae431ff3d634181d56e CRs-Fixed: 2634331
2019-06-18Merge remote-tracking branch 'origin/caf/upstream/master' into ↵LV.AU.0.0.1-15510-gen3meta.0LV.AU.0.0.1-15410-gen3meta.0LV.AU.0.0.1-13310-gen3meta.0LV.AU.0.0.1-13110-gen3meta.0LV.AU.0.0.1-13010-gen3meta.0LV.AU.0.0.1-11110-gen3meta.0LV.AU.0.0.1-11010-gen3meta.0LV.AU.0.0.1-02420-qtiquingvm.0LE.UM.4.1.1-02510-sa515mLE.UM.4.1.1-02410-sa515mLE.UM.4.1.1-01810-sa515mLE.UM.4.1.1-01310-sa515mLE.UM.4.1.1-01210-sa515mLE.UM.4.1.1-00610-SDX55LE.UM.3.2.1-01710-sa415mLE.UM.3.2.1-01610-sa415mLE.UM.3.2.1-01410-sa415mLE.UM.3.2.1-01210-sa415mLE.UM.3.2.1-00910-SDX24LE.UM.2.3.6-55500-9x07LE.UM.2.3.6-50900-9x07LE.UM.2.3.6-44500-9x07CHSS.LNX_FSLS.4.14-01510-QCA6574AUARMSDIOHZCHSS.LNX_FSLS.4.14-01310-QCA6574AUARMSDIOHZCHSS.LNX_FSL.2.1-03910-QCA6574AUARMSDIOHZCHSS.LNX_FSL.2.0-00500-QCA6584AUARMSDIOHZLV.AU.0.0.1_rb2.6LV.AU.0.0.1_rb1.12LV.AU.0.0.1_rb1.11LV.AU.0.0.1_rb1.10LE.UM.4.1.1_rb1.8LE.UM.4.1.1_rb1.7LE.UM.4.1.1_rb1.5LE.UM.4.1.1_rb1.4LE.UM.4.1.1_rb1.3LE.UM.3.2.1_rb1.7LE.UM.3.2.1_rb1.6LE.UM.3.2.1_rb1.4LE.UM.3.2.1_rb1.3CHSS.LNX_FSL.2.1_rb1.9Qun Zhang11-42/+73
wlan-service.lnx.1.3 This brings in changes from origin/caf/upstream/master to wlan-service.lnx.1.3 till commit 'ef60f0121ffcc1aed6aed3202a180705bb855221'. ef60f01 hostapd: Process OWE IE and update DH IE to the driver if needed d1836e2 nl80211: Introduce the interface to update new DH IE dcc31e7 HS 2.0: Skip credential without EAP method for roaming consortium match 4fc5c00 tests: Specify EAP type in ap_hs20_set_profile_failures 20eba39 tests: WNM BSS Transition Management disabled ef59f98 WNM: Provide option to disable/enable BTM support in STA 4068d68 tests: sigma_dut server certificate validation with UOSC/TOD 3539738 OpenSSL: Report peer certificate before stopping due to validation issue 1363fdb tests: EAP-TLS server certificate validation and TOD 21f1a1e Report TOD policy in peer certificate events bc0634d Pass full struct to peer certificate callbacks 82b9de9 tests: Add a server certificate with TOD policy 8a3368d tests: sigma_dut and DPPConfIndex,8 b3c43c3 wlantest: Allow duplicate frame processing after decryption failure a6ed414 TLS: Be more careful in X.509 Time parsing ... CRs-Fixed: 2471564 Change-Id: I29938861cd328fc7131b5d3e107cd380356b90d6 Signed-off-by: Qun Zhang <> [FR51700: WPA3 support: AP role]
2019-06-14HS 2.0: Skip credential without EAP method for roaming consortium matchPurushottam Kushwaha1-0/+3
EAP method is required for a credential that matches configured roaming_consortium with an Interworking AP. Hence skip credentials which do not have EAP method specified for this match. This fixes an issue where a credential that cannot work without EAP method from NAI Realms information is selected first based on roaming consortium. Signed-off-by: Jouni Malinen <>
2019-06-14WNM: Provide option to disable/enable BTM support in STAAnkita Bajaj6-1/+29
Add support to disable/enable BTM support using configuration and wpa_cli command. This is useful mainly for testing purposes. Signed-off-by: Jouni Malinen <>
2019-06-14Report TOD policy in peer certificate eventsJouni Malinen1-2/+3
Add tod=1 to CTRL-EVENT-EAP-PEER-CERT events if the peer certificate includes the TOD policy in the X.509v3 Certificate Policies extension. Signed-off-by: Jouni Malinen <>
2019-06-14Pass full struct to peer certificate callbacksJouni Malinen4-39/+38
This makes it easier to add new information to the callbacks without having to modify each callback function type in EAPOL and EAP code every time. Signed-off-by: Jouni Malinen <>
2019-06-10Merge remote-tracking branch 'origin/caf/upstream/master' into ↵LV.AU.0.0.1-10310-sa8155ivi.0LV.AU.0.0.1-10310-sa8155.0LV.AU.0.0.1_rb1.9Zhaoyang Liu74-4113/+1683
wlan-service.lnx.1.3 This brings in changes from origin/caf/upstream/master to wlan-service.lnx.1.3 till commit '9c7e4f94de6bc6af5a4a9a7b439515fa2bd21dc6', and conflicts are resolved. 9c7e4f9 Add a QCA vendor attr to disable auto resume beacon reporting 7deb045 Interworking: Print HESSID in debug messages ea27fcf tests: Skip mesh_link_probe if kernel support not present 41bca92 tests: MACsec with hostapd abe025d tests: Shorter TX/RX test frame support for hostapd 59fcb3f RADIUS server: Add EAP-Key-Name into Access-Accept b09670a macsec_linux: Hook QCA driver wrapper for hostapd MACsec 524dc5b macsec: Do not change eapol_version for non-MACsec cases in hostapd a93b369 macsec: Support IEEE 802.1X(EAP)/PSK MACsec Key Agreement in hostapd a872bfc macsec: Export eapSessionId 0ee6885 macsec: Store EAP-Key-Name as eapSessionId a90cc1c macsec: Note that MKA takes care of EAPOL-MKA processing 3e21a47 macsec_qca: Hook QCA driver wrapper for hostapd MACsec 29c832d macsec: Add configuration parameters for hostapd fe40c67 tests: Fix EAP-FAST protocol testing with older OpenSSL library versions 236f132 HS 2.0 client: Ignore generated/copied files in work directory 041aa44 tests: Fix ap-mgmt 'make clean' ... CRs-Fixed: 2400988 Change-Id: I6f8de87b24e2cee051e4bb112dcb8e7687937dca [FR51700: WPA3 support: AP role]
2019-06-05Interworking: Print HESSID in debug messagesJouni Malinen2-3/+10
This makes it easier to understand ANQP queries needed during Interworking network selection. Signed-off-by: Jouni Malinen <>
2019-06-03macsec: Support IEEE 802.1X(EAP)/PSK MACsec Key Agreement in hostapdleiwei1-0/+3
Signed-off-by: leiwei <>
2019-05-31SAE: Send external auth failure status to driverSrinivas Dasari1-16/+21
wpa_supplicant prepares auth commit request as part of the external authentication (first SAE authentication frame), but it fails to get prepared when wpa_supplicant is started without mentioning the SAE password in configuration. Send this failure status to the driver to make it aware that the external authentication has been aborted by wpa_supplicant. Signed-off-by: Srinivas Dasari <>
2019-05-31P2P: Force p2p-send-action as the next radio work to executeSunil Dutt1-1/+1
This increases the priority of the p2p-send-action radio work, i.e., the radio work used for transmitting potentially offchannel P2P Action frames by marking it as the next radio work to execute. This is to avoid the delay in transmissions due to already queued offchannel radio work items in the queue. In particular, this means not having to wait for a pending p2p-scan radio work to be executed before the new P2P Action frame can be transmitted. This helps in avoiding timeouts on the peer device when a P2P Action frames is received during other activity on the device. Signed-off-by: Jouni Malinen <>
2019-05-31P2P: Reject p2p-send-action work while other one is pendingSunil Dutt1-1/+1
The previous implementation rejects the p2p-send-action work while there is already one in progress (wpas_send_action_cb() has already been called for it to start operation). Enhance the same to also consider any p2p-send-action works pending in the radio work (i.e., waiting for that wpas_send_action_cb() call). This is considering the current behaviour of P2P to handle the state corresponding to respective Action frame transmission: pending_action_state. If a new P2P Action frame transmission is queued while there is another one already in the queue, the transmit status of the first frame is wrongly intepreted by the P2P state machine which has already scheduled/queued another frame for transmission. Signed-off-by: Jouni Malinen <>
2019-05-31OCE: Use RSSI of actual BSS which rejected associationAnkita Bajaj1-6/+13
If an AP rejects association due to low RSSI, then RSSI of the BSS from which association reject is received shall be used for calculating RSSI threshold at which STA can try connecting back to that BSS later. In case of SME offload, the current_bss might not have been set before receiving association completion, so fetch the BSS entry based on the BSSID provided in the driver event. Signed-off-by: Jouni Malinen <>
2019-05-28wpa_supplicant: Add support to probe mesh link to given peerPradeep Kumar Chitrapu3-1/+67
Inject an Ethernet frame to a given peer bypassing next_hop lookup in mpath table. Optional payload is expected to be hexdump without 0x. usage: wpa_cli -i <dev> mesh_link_probe <peer MAC> [payload=<hexdump of payload>] example: wpa_cli -i wlan0 mesh_link_probe aa:bb:cc:dd:ee:ff payload=aabb wpa_cli -i wlan0 mesh_link_probe aa:bb:cc:dd:ee:ff Signed-off-by: Pradeep Kumar chitrapu <>
2019-05-27HE: Pass in HE information into hostapd_set_freq_params()John Crispin1-2/+2
Signed-off-by: Shashidhar Lakkavalli <> Signed-off-by: John Crispin <>
2019-05-27HE: Remove VHT_ prefix from CHANWITDH_* defineJohn Crispin9-43/+43
The bandwidth values are shared between VHT and HE mode so remove the VHT specific prefix. Signed-off-by: Shashidhar Lakkavalli <> Signed-off-by: John Crispin <>
2019-05-25mesh: Fix RSN initialization failure handlingJouni Malinen1-0/+1
The driver was left in mesh mode (joined to the group) if RSN authenticator initialization failed. This could result in next operations failing due to unexpected driver state. This was found with the following hwsim test case sequence: mesh_wpa_auth_init_oom dpp_config_no_discovery Signed-off-by: Jouni Malinen <>
2019-05-25defconfig: Add config parameter for SIM simulator for EAP-SIMMohit Sethi1-0/+3
Allow compilation of internal GSM-Milenage implementation for EAP-SIM testing with eapol_test. Signed-off-by: Mohit Sethi <>
2019-05-25WNM: Fix BSS Termination Duration subelement length validationJouni Malinen1-0/+5
The length check for the BSS Termination Duration subelement was accidentally removed and this could result in reading up to 10 bytes beyond the end of a received frame. The actual read bytes would be stored locally, but they were not used for anything, so other than reading beyond the end of an allocated heap memory buffer, this did not result in any behavior difference or exposure of the bytes. Credit to OSS-Fuzz: Fixes: 093226783dc7 ("WNM: Simplify how candidate subelements are stored") Signed-off-by: Jouni Malinen <>
2019-05-08dbus: Fix some memory leaks on error pathsJouni Malinen1-0/+2
wpa_dbus_dict_close_write() was not called if fill_dict_with_properties() fails and that could result in leaking memory. Fix this in two cases. There might be other missing calls to on error paths, but those will need to be handled separately with more complex changes. Signed-off-by: Jouni Malinen <>
2019-04-28Fix a regression in storing of external_auth SSID/BSSIDJouni Malinen2-8/+15
An earlier change in drivers_ops API for struct external_auth broke the way SSID and BSSID for an external authentication request were stored. The implementation depended on the memory array being available in the API struct with a use of memcpy() to copy the full structure even though when only SSID and BSSID was needed. Fix this by replacing that easy-to-break storing mechanism with explicit arrays for the exact set of needed information. Fixes: dd1a8cef4c05 ("Remove unnecessary copying of SSID and BSSID for external_auth") Signed-off-by: Jouni Malinen <>
2019-04-28FT: Allow PMKSA caching to be enabled with FT-EAPJouni Malinen6-6/+29
The new wpa_supplicant network profile configuration parameter ft_eap_pmksa_caching=1 can be used to enable use of PMKSA caching with FT-EAP for FT initial mobility domain association. This is still disabled by default (i.e., maintaining previous behavior) to avoid likely interoperability issues. Signed-off-by: Jouni Malinen <>
2019-04-25Share common SAE and EAP-pwd functionality: suitable groupsJouni Malinen2-0/+12
Start sharing common SAE and EAP-pwd functionality by adding a new source code file that can be included into both. This first step is bringing in a shared function to check whether a group is suitable. Signed-off-by: Jouni Malinen <>
2019-04-22wpa_cli: Make CTRL-EVENT-CHANNEL-SWITCH available to action scriptsOmer Dagan1-0/+2
Signed-off-by: Omer Dagan <>
2019-04-22Make channel switch started event available over control interfaceOmer Dagan3-6/+13
This makes it easier to upper layer components to manage operating channels in cases where the same radio is shared for both station and AP mode virtual interfaces. Signed-off-by: Omer Dagan <>
2019-04-22Replace int status/reason_code with u16 variableJouni Malinen8-12/+12
These cases are for the IEEE 802.11 Status Code and Reason Code and those fields are unsigned 16 bit values, so use the more appropriate type consistently. This is mainly to document the uses and to make the source code easier to understand. Signed-off-by: Jouni Malinen <>
2019-04-22Add 802.11 reason code strings into wpa_supplicant messagesAlex Khouderchah2-7/+10
Logs involving IEEE 802.11 Reason Codes output the Reason Code value, but do not provide any explanation of what the value means. This change provides a terse explanation of each Reason Code using the latter part of the reason code #define names. Signed-off-by: Alex Khouderchah <>
2019-04-22DPP2: wpa_supplicant as TCP initiatorJouni Malinen1-12/+56
A DPP TCP connection can now be initiated directly from wpa_supplicant with the new new tcp_port and tcp_addr parameters to the DPP_AUTH_INIT control interface command. This initiates DPP Authentication exchange over TCP with the specified Controller instead of using DPP Public Action frames over WLAN. Signed-off-by: Jouni Malinen <>
2019-04-22DPP2: wpa_supplicant as Controller over TCPJouni Malinen3-0/+32
New wpa_supplicant control interface commands "DPP_CONTROLLER_START [tcp_port=<port>]" and "DPP_CONTROLLER_STOP" can be used to start and stop listening to DPP requests over TCP in the Responder role. The TCP connections are processed similarly to the ones that would have been received over DPP Public Action frames. Signed-off-by: Jouni Malinen <>
2019-04-21DPP: Add configuration structure to dpp_global_init()Jouni Malinen1-1/+5
This can be used to provide configurable parameter to the global DPP context. This initial commit introduces the msg_ctx context pointer for wpa_msg(). Signed-off-by: Jouni Malinen <>
2019-04-21Preparations for v2.8 releasehostap_2_8Jouni Malinen1-0/+69
Update the version number for the build and also add the ChangeLog entries for both hostapd and wpa_supplicant to describe main changes between v2.7 and v2.8. Signed-off-by: Jouni Malinen <>
2019-04-16autoscan: Disable when we move above WPA_SCANNING stateWiktor Drewniak1-1/+1
In case of drivers that don't use wpa_supplicant as SME, autoscan feature was never disabled. Signed-off-by: Wiktor Drewniak <>
2019-04-16SAE: Use open authentication to reassociate for PMKSA cachingSergey Matyukevich1-1/+16
For reassociation with the same AP wpa_supplicant attempts to use cached PMKSA. For this purpose PMKID is passed in RSNE in (Re)Association Request frame. In the case of SAE AP, open authentication shall be used during reassociation. Otherwise cached PMKID becomes invalid after full SAE authentication. The previous implementation correctly handles SME-in-wpa_supplicant cases. However SME-in-driver cases, complete SAE authentication is performed. As a result, first reassociation attempt fails. Fix SME-in-driver behavior by reseting authentication algorithm to WPA_AUTH_ALG_OPEN when reassociating with SAE AP with an existing PMKSA cache entry. Signed-off-by: Sergey Matyukevich <>
2019-04-16Fix FILS ERP association event with 4-way HS offload driversAvraham Stern1-11/+11
When FILS authentication is used with ERP, no EAPOL frames are expected after association. However, for drivers that set the WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_8021X capability flag, the EAP state machine was not configured correctly and was waiting for EAPOL frames, which leads to disconnection. Fix this by reordering the if branches to set the EAPOL/EAP state machines to success when FILS authentication was already completed. Signed-off-by: Avraham Stern <>
2019-04-16Do not clear FT IEs twice in sme_deinit()Andrei Otcheretianski1-3/+0
Remove FT IEs clearing from sme_deinit() as it is done twice. The sme_clear_on_disassoc() call to sme_update_ft_ies() takes care of this. Signed-off-by: Andrei Otcheretianski <>
2019-04-16Stop SA Query on disconnectionAndrei Otcheretianski1-3/+3
SA Query wasn't stopped after disconnection, which could potentially result in an unexpected SA timeout firing later when already connected to another AP. Fix that by stopping SA Query when an association is terminated. Signed-off-by: Andrei Otcheretianski <>
2019-04-16Add debug print on stopping SA Query procedureJouni Malinen1-0/+2
This makes it easier to debug SA Query behavior. Signed-off-by: Jouni Malinen <>
2019-04-16P2PS: Cleanup pending_p2ps_group flagAndrei Otcheretianski1-2/+7
pending_p2ps_group flag is not always cleaned, which may later result in an unexpected GO bring up, after PD response is transmitted in wpas_prov_disc_resp_cb(). This can be seen when running the following hwsim tests together: - p2ps_channel_sta_connected_disallow_freq_mcc - p2ps_channel_active_go_and_station_different_mcc Fix this by clearing pending_p2ps_group flag also when processing new PD requests. In addition, set this flag only when really needed. Signed-off-by: Andrei Otcheretianski <>
2019-04-15mesh: Fix random llid generation in an error caseJouni Malinen1-1/+1
If os_get_random() fails, llid must not be read/used since it could be uninitialized. Handle that special case by clearing llid explicitly to 0 to continue iteration. Fixes: 5f92659d88f1 ("mesh: Add mesh peering manager") Signed-off-by: Jouni Malinen <>
2019-04-15Fix debug print in GET_PREF_FREQ_LIST handlerJouni Malinen1-1/+1
Do not use the buf argument to wpas_ctrl_iface_get_pref_freq_list() in the debug print since it points to the response buffer ("OK\n" without null termination). This was supposed to print the cmd argument instead. The previous version ended up using uninitialized heap memory from the response buffer. Fixes: 983422088f00 ("nl80211: Add means to query preferred channels") Signed-off-by: Jouni Malinen <>
2019-04-15D-Bus: Fix P2P GroupStarted signal not to use uninitialized IP bufferJouni Malinen1-2/+3
wpas_p2p_completed() used wpa_sm_get_p2p_ip_addr() return value properly for filling in the ip_addr[] string only if the IP addresses got assigned, but the raw ip[] array was passed to wpas_dbus_signal_p2p_group_started() regardless of whether the IP addresses were assigned. This could result in using uninitialized stack memory for constructing the GroupStarted signal values. Fix this by filling those in only if the IP addressed are actually available. Signed-off-by: Jouni Malinen <>
2019-04-13RRM: Set last beacon report indication in the last element onlyAvraham Stern1-18/+18
The last beacon report indication was set in all the beacon report elements in the last frame of the beacon report, while it should be set only in the last beacon report element of the last frame. Fixes: ecef0687dc33 ("RRM: Support for Last Beacon Report Indication subelement") Signed-off-by: Avraham Stern <>
2019-04-13Document BSS expiration configurablesBen Greear1-0/+9
Help the user be aware of the options to configure when wpa_supplicant will remove a BSS due to expiration. Signed-off-by: Ben Greear <>
2019-04-12Remove unnecessary copying of SSID and BSSID for external_authJouni Malinen1-4/+3
The external authentication command and event does not need to copy the BSSID/SSID values into struct external_auth since those values are used before returning from the call. Simplify this by using const u8 * to external data instead of the array with a copy of the external data. Signed-off-by: Jouni Malinen <>
2019-04-09Extend domain_match and domain_suffix_match to allow list of valuesJouni Malinen1-0/+12
These wpa_supplicant network profile parameters could be used to specify a single match string that would be used against the dNSName items in subjectAltName or CN. There may be use cases where more than one alternative match string would be useful, so extend these to allow a semicolon delimited list of values to be used (e.g., ";"). If any of the specified values matches any of the dNSName/CN values in the server certificate, consider the certificate as meeting this requirement. Signed-off-by: Jouni Malinen <>
2019-04-06scan: Use normal scans after connection failureIlan Peer1-0/+3
In case of connection attempt failure, set 'normal_scans' to zero, as otherwise it is possible that scheduled scan would be used and not normal scan, which might delay the next connection attempt. Signed-off-by: Ilan Peer <>
2019-04-06OWE: Fix a possible memory leak on error pathIlan Peer1-1/+1
Properly handle the case where OWE IE is allocated, but there is no space left to add it in the WPA IE buffer. Signed-off-by: Ilan Peer <>
2019-04-05P2P: Enable HE for both 2G and 5G bandsPeng Xu1-1/+4
Previously HE was only enabled for a 2G P2P GO. This change enables HE for both 2G and 5G P2P GO. Signed-off-by: Jouni Malinen <>
2019-04-05MBO: Update connect params with new MBO attributes to driverAnkita Bajaj3-0/+31
MBO attributes Non-preferred channel list and Cellular capabilities are updated using WNM-Notification Request frame to the current connected BSS. These same attributes need to be added in the (Re)Association Request frame sent by the station when roaming, including the case where the driver/firmware takes care of SME/MLME operations during roaming, so we need to update the MBO IE to the driver. Signed-off-by: Jouni Malinen <>
2019-04-05MBO: Always include Non-preferred Channel Report attribute in AssocReqAnkita Bajaj1-3/+10
Include the Non-preferred Channel Report attribute in (Re)Association Request frames even when the MBO STA has no non-preferred channels in any operating classes. In case of no non-preferred channels the attribute length field shall be set to zero and the Operating Class, Channel List, Preference and Reason Code fields shall not be included. This indicates to the MBO AP that the MBO STA has no non-preferred channels access all supported operating classes. Signed-off-by: Jouni Malinen <>