Make sae_status_success() more explicit by rejecting SAE-PK status code
when the AP is not configured with PK.
Fixes: 20ccf97b3d ("SAE-PK: AP functionality")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
If SAE_CONFIG_PK is not defined and sae->pk isn't zero (which is
possible as it is controlled by the commit message status code),
sae_derive_keys() may end up deriving PMK and KCK from an
uninitialized array. Fix that.
Fixes: 6b9e99e571 ("SAE-PK: Extend SAE functionality for AP validation")
Fixes: 20ccf97b3d ("SAE-PK: AP functionality")
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
pos can't be NULL in wpa_global_config_parse_str(), so there is no point
checking this, especially when pos was already dereferenced earlier.
Remove the redundant conditions.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Don't print potentially uninitialized variables in wpa_ctrl_command_bss().
Some compilers and analyzers may warn about it.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
SSL_CTX_get0_certificate() returns NULL if no certificate is installed.
While this should not be the case here due to the loop in
openssl_debug_dump_certificate_chains() proceeding only if the
SSL_CTX_set_current_cert() returns success, it is safer to make
openssl_debug_dump_certificate() explicitly check against NULL before
trying to dump details about the certificate.
Signed-off-by: Pooventhiran G <pooventh@codeaurora.org>
During the build reshuffling, I missed this, so doing
'make clean' in a certain src/lib folder doesn't clean
up everything anymore. Fix that.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Fix compilation without CONFIG_P2P and only set secondary channel seg
idx if we use a mode supporting a sec channel for VHT/HE.
Signed-off-by: Markus Theil <markus.theil@tu-ilmenau.de>
If wpa_supplicant is built with dynamic EAP methods,
the *.so files land here. Add them to .gitignore.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
P2P goes to Listen state while waiting for the peer to become ready for
GO Negotiation. If old listen radio work has not been completed, P2P
fails to go to listen state. This could happen in cases where P2P Action
frame transmission reused ongoing p2p-listen radio work.
p2p0: Add radio work 'p2p-listen'@0x
P2P-FIND-STOPPED
p2p0: Starting radio work 'p2p-listen'@0x after 0.010644 second wait
P2P: Use ongoing radio work for Action frame TX
P2P: Use ongoing radio work for Action frame TX
P2P: State CONNECT -> CONNECT
P2P: State CONNECT -> WAIT_PEER_IDLE
P2P: State WAIT_PEER_IDLE -> WAIT_PEER_CONNECT
P2P: Reject start_listen since p2p_listen_work already exists
P2P: Failed to start listen mode
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Fix pointer sent for decapsulating subelements from MSCS descriptor
IE while processing (re)association response frames.
Fixes: af8ab3208d ("MSCS: Parse result of MSCS setup in (Re)Association Response frames")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
The connection process fails for several reasons and the status codes
defined in IEEE Std 802.11 do not cover the locally generated reason
codes. Add an attribute to QCA_NL80211_VENDOR_SUBCMD_GET_STA_INFO vendor
sub command which can be used by the driver/firmware to report various
additional reason codes for connection failures.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
The install target at the beginning of src/eap_peer/Makefile was
confusing make about the build rules for libeap_peer.a and overriding of
the install target between src/eap_peer/Makefile and src/lib.rules was
breaking installation of dynamic EAP peer *.so files.
Fix this by lib.rules defining a default for the install target so that
src/*/Makefile can override that and by moving the install target for
eap_peer to the end of the Makefile.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This is needed to cover the HE-specific conf->he_oper_chwidth value in
addition to conf->vht_oper_chwidth.
Signed-off-by: Markus Theil <markus.theil@tu-ilmenau.de>
Enable VHT and HE as default config parameters in order for
wpa_supplicant AP mode to use it, if hw support is given.
Signed-off-by: Markus Theil <markus.theil@tu-ilmenau.de>
Add some missing pieces to the interface configuration of AP/mesh mode
in wpa_supplicant.
- check for secondary channel and HT40 capability
- try to downgrade to IEEE 802.11b if 802.11g is not available
Especially with the HT40 check, this code now performs all settings,
which the deleted/duplicated mesh code did.
Signed-off-by: Markus Theil <markus.theil@tu-ilmenau.de>
wpa_supplicant_conf_ap_ht() has to happen before
hostapd_setup_interface() in order for its configuration settings to
have effect on interface configuration.
Disable primary and secondary channel switch because of missing tie
breaking rule/frames in mesh networks. A rather long comment about
this issue is placed in mesh.c in the corresponding place.
I was not able to reproduce the memory corruption during
mesh_secure_ocv_mix_legacy, which lead to a revert of a similar patch in
the past.
Signed-off-by: Markus Theil <markus.theil@tu-ilmenau.de>
This is in preparation for an implementation change that ends up
contradicting the operations enforced in this test case for mesh coex.
Signed-off-by: Markus Theil <markus.theil@tu-ilmenau.de>
Some places in the code base were not using the wrappers like
hostapd_set_oper_centr_freq_seg0_idx and friends. This could lead to
errors, for example when joining 80 MHz mesh networks. Fix this, by
enforcing usage of these wrappers.
wpa_supplicant_conf_ap_ht() now checks for HE capability before dealing
with VHT in order for these wrappers to work, as they first check HE
support in the config.
While doing these changes, I've noticed that the extra channel setup
code for mesh networks in wpa_supplicant/mesh.c should not be necessary
anymore and dropped it. wpa_supplicant_conf_ap_ht() should handle this
setup already.
Acked-by: John Crispin <john@phrozen.org>
Signed-off-by: Markus Theil <markus.theil@tu-ilmenau.de>
This allows the privacyProtectionKey to be transferred to a new
Configurator similarly to the way c-sign-key is transferred.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Use ppKey instead of C-sign-key to encrypted E-id to E'-id into Reconfig
Announcement frame on the Enrollee side.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Store the received privacy protection key from Connector into
wpa_supplicant network profile and indicate it through the control
interface similarly to C-sign-key.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This provides the new privacy protection key to the Enrollee so that
this can be used to protect E-id in Reconfig Announcement frames.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Generate a new key for Configurator. This is either generated
automatically for the specified curve or provided from external source
with the new ppkey=<val> argument similarly to the way c-sign-key was
previously generated.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Use typecasting to match the base64_{encode,decode}() function prototype
for signed/unsigned char buffer.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Even though these are not part of run-tests, it is simpler to just build
them like all other tests/test-* tools.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
tests/fuzzing/tls-{client,server} replaced this more than a year ago, so
get rid of the now obsolete version.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
tests/fuzzing/eapol-key-{auth,supp} replaced this more than a year ago,
so get rid of the now obsolete version.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
tests/fuzzing/eapol-supp replaced this more than a year ago, so get rid
of the now obsolete version.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
We don't really need to duplicate more of this, so just
move the lib.rules include to the end and do more of the
stuff that's common anyway there.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Derive the library name from the directory name, and let each
library Makefile only declare the objects that are needed.
This reduces duplicate code for the ar call. While at it, also
pretty-print that call.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
When files change that go into a static library such as libutils.a, then
libutils.a doesn't get rebuilt from, e.g., wlantest because the
top-level Makefile just calls the library make if the library doesn't
exist yet.
Change that by making the library depend on a phony target (cannot make
it itself phony due to the pattern) so that the build will always
recurse into the library build, and check there if the library needs to
be rebuilt.
While at it, remove the (actually unnecessary) mkdir so it doesn't get
done each and every time you do 'make'.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
mesh_open_vht_160 might fail with this message:
---------------
wlan0: Country code not reset back to 00: is ZA
wlan0: Country code cleared back to 00
---------------
This patch fixes the issue.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
wpas_mesh_open_vht_80p80 might fail with this message:
---------------
wlan0: Country code not reset back to 00: is US
wlan0: Country code cleared back to 00
---------------
This patch fixes the issue.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
wpas_mesh_open_vht20 might fails with this message:
---------------
wlan0: Country code not reset back to 00: is US
wlan0: Country code cleared back to 00
---------------
This patch fixes the issue.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>