test-tls-4: Short 511-bit RSA-DHE prime
test-tls-5: Short 767-bit RSA-DHE prime
test-tls-6: Bogus RSA-DHE "prime" 15
test-tls-7: Very short 58-bit RSA-DHE prime in a long container
test-tls-8: Non-prime as RSA-DHE prime
Signed-off-by: Jouni Malinen <j@w1.fi>
"SET blob <name> <hexdump>" can now be used to set a configuration blob
through the wpa_supplicant control interface.
Signed-off-by: Jouni Malinen <j@w1.fi>
The center segment0 calculation for VHT20 ACS was incorrect. This caused
ACS to fail with: "Could not set channel for kernel driver".
Signed-off-by: Michal Kazior <michal.kazior@tieto.com>
Secondary channel was compared incorrectly (-4/4 vs. actual channel
number) which broke matching neighboring 40 MHz BSSes and only the
no-beacons-on-secondary-channel rule was applied in practice. Once
sec_chan was fixed, this triggered another issue in this function where
both rules to switch pri/sec channels could end up getting applied in a
way that effectively canceled the switch.
Signed-off-by: Jouni Malinen <j@w1.fi>
Previusly, the responding device was left in p2p_find state as a
consequence of using discover_peer() if the peer was not already known.
This was not the sequence that was supposed to be used here. Go to
listen-only state when waiting for the peer to initiate a previously
authorized GO Negotiation.
Signed-off-by: Jouni Malinen <j@w1.fi>
previous_ap and last_assoc_req were not really used for anything
meaninful, so get rid of them to reduce the size of per-STA memory
allocation.
Signed-off-by: Jouni Malinen <j@w1.fi>
It was possible for the control interface and some of the BSS setup to
be left partially initialized in failure cases while the BSS structures
were still freed. Fix this by properly cleaning up anything that may
have passed initialization successfully before freeing memory.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The radio_work type was stored within the dynamically allocated
wpa_radio_work buffer and that buffer ended up getting freed before the
final use of the type string within radio_work_done(). This resulted in
freed memory being used for a debug print. Avoid this by freeing the
wpa_external_work instance after having completed radio_work_done() for
the related work.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This allows hostapd to set a different management group cipher than the
previously hardcoded default BIP (AES-128-CMAC). The new configuration
file parameter group_mgmt_cipher can be set to BIP-GMAC-128,
BIP-GMAC-256, or BIP-CMAC-256 to select one of the ciphers defined in
IEEE Std 802.11ac-2013.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
If a group interface is present and the command was issued on the group
interface, enable the token for that interface instead of creating a new
one.
Signed-off-by: Manish <manish.bansal@broadcom.com>
A previous patch "Support VHT capability overrides" missed one
place where HT overrides were being applied and where it would
also be useful to apply VHT overrides.
Signed-hostap: Paul Stewart <pstew@chromium.org>
For some client OBSS implementations that are performed in
firmware, all OBSS parameters need to be set to valid values.
Do this, as well as supplying the "20/40 Coex Mgmt Support"
flag in the extended capabilities IE.
Signed-hostap: Paul Stewart <pstew@chromium.org>
This was found through a mac80211 bug which didn't correctly accept a
center segment 0 value of zero, so the test will fail until the mac80211
bug is fixed.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
The 802.11ac amendment specifies that that the center segment 0 field
is reserved, so it should be zero. Hostapd previously required it to
be set, which is likely a good idea for interoperability, but allow it
to be unset. However, don't allow it to be set to a random value, only
allow zero and the correct channel.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Some of the remote ANQP server concepts were introduces into gas_serv.c,
but these were not completed. Remote the unused implementation for now.
It can be added back if support for remote ANQP server is added at some
point.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
When wpa_psk_file is used instead of wpa_psk/wpa_passphrase, each WPS
Enrollee was given a unique PSK. This did not work for the
station-as-Registrar case where ER would learn the current AP settings
instead of enrolling itself (i.e., when using the AP PIN instead of
station PIN). That case can be covered with a similar design, so
generate a per-device PSK when building M7 as an AP in wpa_psk_file
configuration.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The ieee80211w parameter was not previously copied to the hostapd BSS
structure from wpa_supplicant configuration, so PMF was practically
disabled. Allow it to be configured through the wpa_supplicant network
configuration block.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
hostapd DEAUTHENTICATE and DISASSOCIATE control interface commands
accepted both a test=<0/1> and reason=<val> parameters, but these were
not supported in the same command as a combination. Move the code around
a bit to allow that as well since it can be helpful for automated test
scripts.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
TDLS Setup Request/Response frames from the peers include the WMM IE,
hence parse the same and consider the QoS Info from the WMM IE. The
qos_info obtained in the WMM IE overwrites the one obtained through
WLAN_EID_QOS attribute.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
p2p_find removes P2P_DEV_REPORTED flag from every existing P2P peer
entry. Thus, if a GO Negotiation Request frame is received before the
peer is re-discovered based on Probe Response frame, report
P2P-DEVICE-FOUND indication prior to the P2P-GO-NEG-REQUEST similarly to
how this is done the first time the peer is found.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>