The server certificate will be rejected if it includes any EKU and none
of the listed EKUs is either TLS Web Server Authentication or ANY.
Signed-off-by: Jouni Malinen <j@w1.fi>
Certificate expiration is checked both within GnuTLS and in the
tls_gnutls.c implementation. The former was configured to use the
request to ignore time checks while the latter was not. Complete support
for this parameter by ignoring the internal expiration checks if
requested.
Signed-off-by: Jouni Malinen <j@w1.fi>
This allows private key and client certificate to be configured using
wpa_supplicant blobs instead of external files.
Signed-off-by: Jouni Malinen <j@w1.fi>
It looks like GnuTLS may return success on
gnutls_certificate_set_x509_*() functions with GNUTLS_X509_FMT_PEM even
when trying to read DER encoded information. Reverse the order of
parsing attempts so that we start with DER and then move to PEM if
GnuTLS reports failure on DER parsing. This seems to be more reliable
way of getting errors reported and both cases can now be handled.
Signed-off-by: Jouni Malinen <j@w1.fi>
This new wpa_supplicant and hostapd control interface command can be
used to determine which TLS library is used in the build and what is the
version of that library.
Signed-off-by: Jouni Malinen <j@w1.fi>
This allows wpa_supplicant to provide more information about peer
certificate validation results to upper layers similarly to the
mechanism used with OpenSSL.
Signed-off-by: Jouni Malinen <j@w1.fi>
This implementation uses GnuTLS function
gnutls_x509_crt_check_hostname(). It has a bit different rules regarding
matching (allows wildcards in some cases, but does not use suffix
matching) compared to the internal implementation used with OpenSSL.
However, these rules are sufficiently close to each other to be of
reasonable use for most cases.
Signed-off-by: Jouni Malinen <j@w1.fi>
After having checked all known GNUTLS_CERT_* error cases that we care
about, check that no other errors have been indicated by
gnutls_certificate_verify_peers2() as a reason to reject negotiation.
Signed-off-by: Jouni Malinen <j@w1.fi>
Make the debug output more useful for determining whuch version of
GnuTLS was used and what was negotiated for the session.
Signed-off-by: Jouni Malinen <j@w1.fi>
GnuTLS 2.10.0 added gnutls_certificate_set_verify_function() that can be
used to move peer certificate validation to an earlier point in the
handshake. Use that to get similar validation behavior to what was done
with OpenSSL, i.e., reject the handshake immediately after receiving the
peer certificate rather than at the completion of handshake.
Signed-off-by: Jouni Malinen <j@w1.fi>
GnuTLS project has marked 2.12.x obsolete since January 2014. There is
not much need for maintaining support for obsolete versions of the
library, so drop all #if/#endif blocks targeting 2.x.y versions. In
practice, none of these were requiring 2.12.x version with x greater
than 0, so 2.12.x remains supported for now.
In addition, add newer version (GnuTLS 3.0.18 and newer) to fetch client
and server random from the session since the old method is not supported
by new GnuTLS versions and as such, gets removed with rest of the old
ifdef blocks.
Signed-off-by: Jouni Malinen <j@w1.fi>
No one should be using GnuTLS versions older than 1.3.2 from 2006
anymore, so remove these unnecessary #if/#endif checks.
Signed-off-by: Jouni Malinen <j@w1.fi>
This was needed with very old GnuTLS versions, but has not been needed,
or used, since GnuTLS 1.3.2 which was released in 2006. As such, there
is no need to maintain this code anymore and it is better to just clean
the source code by removing all the related code.
Signed-off-by: Jouni Malinen <j@w1.fi>
This allows GnuTLS to be used with trusted CA certificate from
wpa_supplicant blob rather than an external certificate file.
Signed-off-by: Jouni Malinen <j@w1.fi>
This TLS configuration parameter is explicitly for OpenSSL. Instead of
ignoring it silently, reject any configuration trying to use it in
builds that use other options for TLS implementation.
Signed-off-by: Jouni Malinen <j@w1.fi>
This define had been forgotten at some point in time and wpa_supplicant
compilation for Windows failed with some recently added code that
depended on this.
Signed-off-by: Jouni Malinen <j@w1.fi>
Addition of os_memcmp_const() in commit
afc3c8b07f had forgotten to include
common.h into os_win32.c to get u8 defined.
Signed-off-by: Jouni Malinen <j@w1.fi>
NSS as a TLS/crypto library alternative was never completed and this
barely functional code does not even build with the current NSS version.
Taken into account that there has not been much interest in working on
this crypto wrapper over the years, it is better to just remove this
code rather than try to get it into somewhat more functional state.
Signed-off-by: Jouni Malinen <j@w1.fi>
Validation of these parameters has not been implemented with schannel.
Instead of ignoring them silently, reject the configuration to avoid
giving incorrect impression of the parameters being used if
wpa_supplicant is built with schannel instead of the default OpenSSL.
Signed-off-by: Jouni Malinen <j@w1.fi>
Validation of these parameters has not been implemented in the internal
TLS implementation. Instead of ignoring them silently, reject the
configuration to avoid giving incorrect impression of the parameters
being used if wpa_supplicant is built with the internal TLS
implementation instead of the default OpenSSL.
Signed-off-by: Jouni Malinen <j@w1.fi>
Validation of these parameters has not been implemented with GnuTLS.
Instead of ignoring them silently, reject the configuration to avoid
giving incorrect impression of the parameters being used if
wpa_supplicant is built with GnuTLS instead of the default OpenSSL.
Signed-off-by: Jouni Malinen <j@w1.fi>
These were already covered in both README-HS20 for credentials and in
header files for developers' documentation, but the copy in
wpa_supplicant.conf did not include all the details. In addition, add a
clearer note pointing at subject_match not being suitable for suffix
matching domain names; domain_suffix_match must be used for that.
Signed-off-by: Jouni Malinen <j@w1.fi>
data.function needs to be set for the return value to be of any use and
strcmp won't work with NULL pointer either. (CID 99907)
Signed-off-by: Jouni Malinen <j@w1.fi>
In many applications it is useful not just to enumerate a group of well
known access points, but to use a address/mask notation to match an
entire set of addresses (ca:ff:ee:00:00:00/ff:ff:ff:00:00:00).
This change expands the data structures used by MAC lists to include a
mask indicating the significant (non-masked) portions of an address and
extends the list parser to recognize mask suffixes.
Signed-off-by: Stefan Tomanek <stefan.tomanek@wertarbyte.de>
There should not be a mesh-specific mechanism for setting up channel
parameters since that will just result in duplicated code. IBSS, mesh,
and AP mode can use the same data structures and parameters for setting
up such parameters.
Signed-off-by: Jouni Malinen <j@w1.fi>
Add WPA_DRIVER_FLAGS_HT_IBSS driver feature flag. Some drivers could not
set this feature and next could fail when we will enable HT support for
IBSS with error message: nl80211: Join IBSS failed: ret=-22 (Invalid
argument).
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
Add the t0 retransmission timer as specified by IEEE Std 802.11-2012,
11.3.8.4. This makes SAE much more likely to succeed in the case of lost
frames.
Signed-off-by: Bob Copeland <me@bobcopeland.com>
When performing SAE authentication in mesh, one station may
initiate authentication by sending a COMMIT as soon as a peer
candidate is discovered. Previously we did this in mesh_rsn.c,
but this left some of the state initialization in a different
part of the code from the rest of the state machine, and we may
need to add other initializations here in the future, so move
that to a more central function.
Signed-off-by: Bob Copeland <me@bobcopeland.com>
On FreeBSD and DragonFly BSD, we additionally need to skip the
isr_meshid_len bytes of the MESH ID, to get the correct address for
copying the IE data.
The isr_meshid_len field was added in the FreeBSD svn revision r195618
in 2009, so I don't think we need to check the FreeBSD version here.
Signed-off-by: Imre Vadász <imre@vdsz.com>
The local conf pointer needs to be cleared once it gets assigned to
hapd_iface to avoid double-free of the configuration data on error path.
Signed-off-by: Jouni Malinen <j@w1.fi>
The new control interface command TEST_ALLOC_FAIL and GET_ALLOC_FAIL can
now be used to trigger memory allocation failures for testing purposes.
TEST_ALLOC_FAIL sets a failure conditions with
<count>:func[;func][;func]... string and GET_ALLOC_FAIL returns the
current state using the same format. Whenever an allocation is made with
a matching backtrace of calling functions, the count is decremented by
one and once zero is reached, the allocation is forced to fail.
Function names can be prefixed with either '=' or '?' to get different
matching behavior. '=' requires this specific function to be the next
one in the backtrace (i.e., do not skip any other functions in the list
which is the default behavior). '?' allows the function to be optionally
present in the backtrace.
Signed-off-by: Jouni Malinen <j@w1.fi>
It is possible for wpa_tdls_teardown_peers() to be called with sm ==
NULL in case interface addition fails before the WPA state machine is
initialized.
Signed-off-by: Jouni Malinen <j@w1.fi>
With CONFIG_WPA_TRACE_BFD, the type cast from void* to integer was
generating a compiler warning due to the target integer being larger in
size in case of 32-bit builds. Type case to bfd_hostptr_t instead of
directly to bfd_vma to avoid this.
Signed-off-by: Jouni Malinen <j@w1.fi>
The socket reference tracking entries need to be restored in case
os_realloc_array() fails when adding a new eloop socket.
Signed-off-by: Jouni Malinen <j@w1.fi>
The per-BSS configuration information needs to be freed if hostapd fails
to add a new interface for a BSS added with "ADD bss_config=..."
command.
Signed-off-by: Jouni Malinen <j@w1.fi>
If hostapd_alloc_bss_data() failed to allocate the struct hostapd_data
instance, dynamic interface addition path ended up trying to dereference
freed memory due to incorrect cleanup steps. Fix this by decrementing
the interface count when the newly added interface is removed. In
addition, make the setup more robust by clearing all changes within
hostapd_data_alloc() if any of the allocations fails.
Signed-off-by: Jouni Malinen <j@w1.fi>
Unfortunately, libnl 3.0 has changed the API in a way that is not
backwards compatible by renaming nlmsg_len() to nlmsg_datalen() without
leaving the older nlmsg_len() defined. As such, there does not seem to
be any clean way of using this function without breaking the build with
some libnl versions. For now, replace this call with direct calculation
of the data length since it can be done with a simple one-liner that
compiles with all libnl versions.
Signed-off-by: Jouni Malinen <j@w1.fi>
This was supposed to use the iterations parameter from the caller
instead of the hardcoded 4096. In practice, this did not have problems
for normal uses since that 4096 value was used in all cases.
Signed-off-by: Jouni Malinen <j@w1.fi>
This moves the AES-SIV test case from tests/test-aes.c to be part of
wpa_supplicant module testing framework with a new
src/crypto/crypto_module_tests.c component. In addition, the second test
vector from RFC 5297 is also included for additional coverage.
Signed-off-by: Jouni Malinen <j@w1.fi>
This function is not used outside aes-siv.c. In addition, include the
aes_siv.h header to make sure that functions get declared consistently.
Signed-off-by: Jouni Malinen <j@w1.fi>
These are practically unreachable code since cfg80211 fills in the
required attributes or does not send the event. Keep the checks in
place, but minimize the extra code in wpa_supplicant/hostapd.
Signed-off-by: Jouni Malinen <j@w1.fi>
cfg80211 dropped support for tracking BSS authentication state and
setting NL80211_BSS_STATUS_AUTHENTICATED in 'cfg80211: stop tracking
authenticated state' three years ago (starting in Linux 3.4). As such,
this workaround code in wpa_supplicant cannot be reached anymore. There
is no real need for maintaining it for older kernels either, since there
are other ways of detecting and working around state mismatches with the
actual authentication operations failing.
Signed-off-by: Jouni Malinen <j@w1.fi>
While there is no explicit driver capability advertisement for this in
nl80211, the EOPNOTSUPP response can be interpreted as a clear
indication of NL80211_CMD_SET_REKEY_OFFLOAD not being supported. Check
for that and don't try to offload keys again if the driver has not use
for them.
Signed-off-by: Jouni Malinen <j@w1.fi>
1. Add parameters to the scan command to allow MAC address
randomization during scan and scheduled scan.
2. Add capability bits to publish MAC address randomization support
in scan and scheduled scan.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
The kernel-driver/firmware are responsible for performing periodic
switches to the target channel with the given peer. Propagate all TDLS
channel switching related information to kernel.
Signed-off-by: Arik Nemtsov <arikx.nemtsov@intel.com>
The supplicant code does not try to control the actual channel of the
radio at any point. It simply passes the target peer and channel
parameters to the driver. It's the driver's responsibility to
periodically initiate TDLS channel-switch operations when TDLS
channel-switching is enabled.
Allow enable/disable operations to be invoked via the control interface.
Signed-off-by: Arik Nemtsov <arikx.nemtsov@intel.com>
Mark an appropriate sm flag when TDLS switch is prohibited by the AP.
Populate the flag upon association with the AP.
Signed-off-by: Arik Nemtsov <arikx.nemtsov@intel.com>
If registering WMM-AC ADDTS response action frame or WMM-AC DELTS
action frame fails, the management frame handler is not being
registered. This results with a segmentation fault when trying to
unsubscribe the handler when the interface is removed.
Fix it by always registering the handler and just returning a negative
value to note that the action frame could not be registered.
This fixes an issue introduced in the commit
dfa8787833 ('nl80211: Implement
add_ts/del_ts ops').
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
This reduces the time possible keys could remain in heap memory. Couple
of the nl80211 messages include keys (TK for normal ciphers and
KCK/KEK/PMK for various offloading cases).
Signed-off-by: Jouni Malinen <j@w1.fi>
There was one final remaining linux_set_iface_flags() call that did not
check the result. This specific one does not really matter much, but
anyway, be more consistent by checking the result and log any error in
debug log. (CID 74146)
Signed-off-by: Jouni Malinen <j@w1.fi>
It was possible to add WPS vendor extensions through the D-Bus
WPSVendorExtensions setter, but these extensions were not freed when the
P2P GO was stopped or when replacing previously configured extensions.
Signed-off-by: Jouni Malinen <j@w1.fi>
There is no need to keep temporary keys in memory beyond the end of the
association, so explicitly clear any SAE buffers that can contain keys
as soon as such keys are not needed.
Signed-off-by: Jouni Malinen <j@w1.fi>
It was possible for the decrypted EAPOL-Key Key Data field to remain in
heap after the temporary buffer was freed. Explicitly clear that buffer
before freeing it to minimize the time GTK remains in memory.
Signed-off-by: Jouni Malinen <j@w1.fi>
There is no need for wpa_supplicant to maintain a copy of the TK part of
PTK after this has been configured to the driver, so clear that from
heap memory and only maintain KEK and KCK during association to allow
additional EAPOL-Key handshakes.
Signed-off-by: Jouni Malinen <j@w1.fi>
PMK and PTK are not needed in the supplicant state machine after
disassociation since core wpa_supplicant will reconfigure them for the
next association. As such, clear these from heap in
wpa_sm_notify_disassoc() to reduce time and number of places storing key
material in memory. In addition, clear FT keys in case of
CONFIG_IEEE80211R=y build (sm->xxkey stored a copy of PSK in case of
FT-PSK).
Signed-off-by: Jouni Malinen <j@w1.fi>
If hostapd will use stdout for debugging, set stdout to be line
buffered in case its output is redirected to a file. This allows
incremental output to be viewed immediately instead of at the file
buffering interval.
Signed-hostap: Paul Stewart <pstew@chromium.org>
It isn't mandatory. If we need one and it's not present, the ENGINE will
try asking for it. Make sure it doesn't actually let an OpenSSL UI loose,
since we don't currently capture those.
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
It needs to be available to ENGINE_by_id(), which in my case means it
needs to be /usr/lib64/openssl/engines/libpkcs11.so. But that's a system
packaging issue. If it isn't there, it will fail gracefully enough with:
ENGINE: engine pkcs11 not available [error:25066067:DSO support routines:DLFCN_LOAD:could not load the shared library]
TLS: Failed to set TLS connection parameters
EAP-TLS: Failed to initialize SSL.
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
This means that if the PKCS#11 engine is installed in the right place
in the system, it'll automatically be invoked by ENGINE_by_id("pkcs11")
later, and things work without explictly configuring pkcs11_engine_path.
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
If these start with "pkcs11:" then they are PKCS#11 URIs. These Just Work
in the normal private_key/ca_cert/client_cert configuration fields when
built with GnuTLS; make it work that way with OpenSSL too.
(Yes, you still need to explicitly set engine=1 and point to the engine,
but I'll work on that next...)
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
There's no reason I shouldn't be able to use PKCS#11 for just the CA cert,
or even the client cert, while the private key is still from a file.
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
New versions of engine_pkcs11 will automatically use the system's
p11-kit-proxy.so to make the globally-configured PKCS#11 tokens available
by default. So invoking the engine without an explicit module path is
not an error.
Older engines will fail but gracefully enough, so although it's still an
error in that case there's no need for us to catch it for ourselves.
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
This converts most of the remaining perror() and printf() calls from
hostapd and wpa_supplicant to use wpa_printf().
Signed-off-by: Jouni Malinen <j@w1.fi>