Commit graph

4839 commits

Author SHA1 Message Date
Markus Theil
a79ed06871 Add no_encrypt flag for control port TX
In order to correctly encrypt rekeying frames, wpa_supplicant now checks
if a PTK is currently installed and sets the corresponding encrypt
option for tx_control_port().

Signed-off-by: Markus Theil <markus.theil@tu-ilmenau.de>
2020-01-05 20:34:50 +02:00
Brendan Jackman
144314eaa7 wpa_supplicant: Send EAPOL frames over nl80211 where available
Linux kernel v4.17 added the ability to request sending control port
frames via nl80211 instead of a normal network socket. Doing this
provides the device driver with ordering information between the
control port frames and the installation of keys. This empowers it to
avoid race conditions between, for example, PTK replacement and the
sending of frame 4 of the 4-way rekeying handshake in an RSNA. The
key difference between a TX_CONTROL_PORT and normal socket send is
that the device driver will certainly get any EAPOL frames comprising
a 4-way handshake before it gets the key installation call
for the derived key. By flushing its TX buffers it can then ensure
that no pending EAPOL frames are inadvertently encrypted with a key
that the peer will not yet have installed.

Update the RSN supplicant system to use this new operation for sending
EAPOL-Key frames when the driver reports that this capability is
available; otherwise, fall back to a normal Ethernet TX.

I have tested this on DMG (11ad/ay) devices with an out-of-tree Linux
driver that does not use mac80211. Without this patch I consistently see
PTK rekeying fail if message 4/4 shares a stream with other in-flight
traffic. With this patch, and the driver updated to flush the relevant TX
queue before overwriting a PTK (knowing, now, that if there was a message
4/4 related to the key installation, it has already entered the driver
queue), rekeying is reliable.

There is still data loss surrounding key installation - this problem is
alluded to in IEEE Std 802.11-2016, 12.6.21, where extended Key ID
support is described as the eventual solution. This patch aims to at
least prevent rekeying from totally breaking the association, in a way
that works on kernels as far back as 4.17 (as per Alexander Wetzel
extended Key ID support should be possible on 5.2).

See http://lists.infradead.org/pipermail/hostap/2019-May/040089.html for
a little more context.

Signed-off-by: Brendan Jackman <brendan.jackman@bluwireless.co.uk>
2020-01-05 20:34:15 +02:00
Brendan Jackman
8759e9116a nl80211: Control port over nl80211 helpers
Linux kernel v4.17 added the ability to request sending controlled port
frames (e.g., IEEE 802.1X controlled port EAPOL frames) via nl80211
instead of a normal network socket. Doing this provides the device
driver with ordering information between the control port frames and the
installation of keys. This empowers it to avoid race conditions between,
for example, PTK replacement and the sending of frame 4 of the 4-way
rekeying handshake in an RSNA. The key difference between the specific
control port and normal socket send is that the device driver will
certainly get any EAPOL frames comprising a 4-way handshake before it
gets the key installation call for the derived key. By flushing its TX
buffers it can then ensure that no pending EAPOL frames are
inadvertently encrypted with a key that the peer will not yet have
installed.

Add a CONTROL_PORT flag to the hostap driver API to report driver
capability for using a separate control port for EAPOL frames. This
operation is exactly like an Ethernet send except for the extra ordering
information it provides for device drivers. The nl80211 driver is
updated to support this operation when the device reports support for
NL80211_EXT_FEATURE_CONTROL_PORT_OVER_NL80211. Also add a driver op
tx_control_port() for request a frame to be sent over the controlled
port.

Signed-off-by: Brendan Jackman <brendan.jackman@bluwireless.co.uk>
2020-01-05 19:43:52 +02:00
Jouni Malinen
b7bb2c0204 P2P: Move p2p_long_listen into struct wpa_global
This variable is not specific to any P2P group interface and since it
was already used through global->p2p_init_wpa_s, it is cleaner to simply
move this to the global structure so that there is a single variable
instead of per-interface variables and need to pick the correct
interface.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-01-04 23:11:28 +02:00
Benjamin Berg
9ad3c12dd1 P2P: Always use global p2p_long_listen
The p2p_long_listen value was set on the control wpa_s struct while in a
lot of cases it operated on the p2p struct. Explicitly use the global
p2p_init_wpa_s struct in cases where we might not be operating on it
already.

Without this, simply starting a p2p_listen operation (e.g., using
wpa_cli) will not work properly. As the p2p_long_listen is set on the
controlling interface and wpas_p2p_cancel_remain_on_channel_cb() uses
p2p_init_wpa_s, it would not actually work. This results in
wpa_supplicant stopping listening after the maximum remain-on-channel
time passes when using a separate P2P Device interface.

Signed-off-by: Benjamin Berg <bberg@redhat.com>
2020-01-04 23:07:31 +02:00
Jouni Malinen
af670cb418 SME: Postpone current BSSID clearing until IEs are prepared
sme_send_authentication() could fail before actually requesting the
driver to authenticate with a new AP. This could happen after
wpa_s->bssid got cleared even though in such a case, the old association
is maintained and still valid. This can result in unexpected behavior
since wpa_s->bssid would not match the current BSSID anymore.

Fix this by postponing clearing of wpa_s->bssid until the IE preparation
has been completed successfully.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-01-03 18:06:01 +02:00
Jouni Malinen
665a3007fb driver: Add no_encrypt argument to send_mlme()
This is in preparation of being able to remove the separate send_frame()
callback.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-01-03 13:53:32 +02:00
Jouni Malinen
9474654752 IBSS RSN: Use send_mlme() instead of send_frame() for Authentication frames
send_frame() is documented to be used for "testing use only" and as
such, it should not have used here for a normal production
functionality. Replace this with use of send_mlme() which is already
used for sending Authentication frames in number of other cases.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-01-03 12:21:36 +02:00
Jouni Malinen
6c57019376 Test functionality to override driver reported signal levels
"SET driver_signal_override <BSSID> [<si_signal< <si_avg_signal>
<si_avg_beacon_signal> <si_noise> <scan_level>]" command can now be used
to request wpa_supplicant to override driver reported signal levels for
signal_poll and scan results. This can be used to test roaming behavior.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-01-02 20:34:39 +02:00
Jouni Malinen
c8eb7fe66c Fix signal_poll based roaming skip
Fix a rebasing issue in the signal difference calculation. The older
patch was not updated to use the new cur_level local variable to get the
possibly updated signal level for the current BSS.

Fixes: a2c1bebd43 ("Improve roaming logic")
Signed-off-by: Jouni Malinen <j@w1.fi>
2020-01-02 20:34:39 +02:00
Roy Marples
a8b00423ea BSD: Use struct ip rather than struct iphdr
As we define __FAVOR_BSD use the BSD IP header.
Compile tested on NetBSD, DragonFlyBSD, and Linux.

Signed-off-by: Roy Marples <roy@marples.name>
2020-01-02 19:17:10 +02:00
Jouni Malinen
ad2f096609 Maintain BSS entries for 5 seconds after interface is disabled
This is targeting the case of MAC address change for an association
which may require the interface to be set down for a short moment.
Previously, this ended up flushing the BSS table that wpa_supplicant
maintained and that resulted in having to scan again if the MAC address
was changed between the previous scan and the connection attempt. This
is unnecessary extra latency, so maintain the BSS entries for 5 seconds
(i.e., the same time that the old scan results are consider valid for a
new connection attempt) after an interface goes down.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-01-02 12:58:58 +02:00
Jouni Malinen
988f14448a Indicated if the selected BSS is the current BSS
This makes scan result processing a bit more readable in debug log.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-01-01 17:55:26 +02:00
Jouni Malinen
a8ad9c31db Make min_diff determination from cur_level more readable
This handles both the dBm and unspecified unit cases.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-01-01 17:46:03 +02:00
Jouni Malinen
41f72d7356 Use sel_est consistently with cur_sel in wpa_supplicant_need_to_roam()
This makes the code a bit easier to read.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-01-01 17:37:58 +02:00
Matthew Wang
a2c1bebd43 Improve roaming logic
Currently, wpa_supplicant may roam too aggressively; the need_to_roam()
function will return early with a roaming decision if the difference in
signal level or throughput between the current and selected APs is
"sufficiently large." In particular, if the selected AP's estimated
throughput is more than 5k greater than the current AP's estimated
throughput, wpa_supplicant will decide to roam. Otherwise, if the
selected AP's signal level is less than the current AP's signal level,
or the selected AP's estimated throughput is at least 5k less than the
current AP's estimated throughput, wpa_supplicant will skip the roam.
These decisions are based only on one factor and can lead to poor
roaming choices (e.g., a roam should not happen if the selected AP's
estimated throughput meets the threshold but the current signal and
throughput are already good, whereas a roam should happen if the signal
is slightly worse but the estimated throughput is significantly better).

This change standardizes the roaming heuristic for signal strength
difference requirements and will hopefully improve user experience. The
change can be summarized as follows: based on the current signal level,
a certain roaming difficulty is assigned. Based on the selected AP's
estimated throughput relative to the current AP's estimated throughput,
the difficulty is adjusted up or down. If the difference in signal level
meets the threshold, a roam happens.

The hard-coded values were selected purely based on the previous version
of this function. They may eventually need to be fine-tuned for optimal
performance.

Signed-off-by: Matthew Wang <matthewmwang@chromium.org>
2020-01-01 17:33:51 +02:00
Jouni Malinen
9c8d550b77 Allow roam to lower signal level if throughput benefit is significant
Do not prevent roam to a different BSS based only on the signal level
with the current BSS being higher than with the selected BSS. If the
estimated throughput is significantly higher (> 20%), allow roaming if
the following conditions are met.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-01-01 17:09:18 +02:00
Jouni Malinen
9fafefb9e5 Skip roaming based on signal level difference if current SNR is good
If the current SNR with the associated BSS is sufficiently good (better
than GREAT_SNR = 25), there is limited benefit from moving to another
BSS even if that BSS were to have a higher signal level. As such, skip
roaming based on the signal level difference between the selected BSS
from scan results and the current BSS for such cases.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-01-01 16:56:40 +02:00
Jouni Malinen
f4f7600adf Use signal_poll noise information for roaming, if available
Using average signal strength from the driver and hardcoded noise floor
does not look like an ideal design since there can be significant
differences in the driver-reported noise floor values. Furthermore, even
though the current noise floor is a snapshot from the driver, it is
common for drivers to use a noise floor value from a longer calibration
step and that should not prevent the driver provided value from being
used. This makes the comparisons of the signal strengths between the
current AP (signal_poll) and other APs (scan) more accurate.

As an example, test runs in home environment showed 5 dB difference
between the driver reported noise floor and the hardcoded value and this
could result in significant differences in estimated throughput
calculation.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-01-01 13:38:11 +02:00
Jouni Malinen
f97baef254 Clear SME auth_alg on FLUSH
This avoids a testing failure in the following test case sequence:
ap_ft_r1_key_expiration ap_open_external_assoc

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-01-01 12:33:57 +02:00
Jouni Malinen
0d1d1f0d21 Clear last Michael MIC error timer on FLUSH
TKIP countermeasures were already terminated on FLUSH, but the timer for
detecting two Michael MIC errors within 60 seconds was left behind. This
resulted in test case failures with following test sequence:
ap_cipher_tkip_countermeasures_sta ap_cipher_tkip_countermeasures_sta2

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-01-01 12:23:25 +02:00
Matthew Wang
69ccc557d8 wpa_supplicant: Fall back to avg_signal in roaming decision
Some drivers (e.g. Marvell WiFi) don't report avg_beacon_signal, but
it's still useful to poll for the signal again when a roaming decision
needs to be made. Use si.avg_signal when si.avg_beacon_signal is not
available.

Signed-off-by: Matthew Wang <matthewmwang@chromium.org>
2019-12-31 00:23:42 +02:00
Emmanuel Grumbach
7e7b23e229 Update throughput estimate for the current BSS based on signal poll
We saw that on certain platforms in certain places we keep switching
between two APs and eventually get the same RSSI. Debugging showed that
we have a very big difference between the two antennas.

Ant A can hear AP A very well (-60) but AP B very bad (-80)
Ant B can hear AP B very well (-60) but AP A very bad (-80)

When the device associates to AP A, it'll learn to use Ant A. If the
device uses one single antenna to receive the scan results, it may hear
the AP it is currently associated to on the second antenna and get bad
results. Because of that, the wpa_supplicant will roam to the other AP
and the same scenario will repeat itself:

Association to AP A (Ant A reports -60).
Scan on Ant A: AP A: -60, AP B: -80
Scan on Ant B: AP A: -80, AP A: -60 ==> ROAM.

Association to AP B (Ant B reports -60)
Scan on Ant A: AP A: -60, AP B: -80 ==> ROAM

Etc...

Improve this by querying the signal level of the current AP using
drv_signal_poll() instead of relying on the signal level that we get
from the scan results. Also update the throughput estimate based on the
likely more accurate values for the current association.

Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
2019-12-31 00:21:37 +02:00
Emmanuel Grumbach
ad06ac0b04 Move throughput estimation into a helper function
This is a step towards allowing this functionality to update the scan
result -based values with the values from a signal poll for the current
BSS.

Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
2019-12-31 00:17:04 +02:00
Emmanuel Grumbach
ef1a45f28a Move scan/roaming related defines to a header file
This is a step towards allowing these values to be used in both scan.c
and events.c.

Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
2019-12-31 00:04:33 +02:00
Emmanuel Grumbach
98ea9d5d51 Use local variables for current BSS signal strength in roaming
This is a step towards allowing these values to be determined based on
signal poll instead of scan results.

Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
2019-12-30 23:57:47 +02:00
Alfonso Sánchez-Beato
02c21c02d0 wpa_supplicant: Do not disconnect on deinit if WoWLAN is enabled
Do not disconnect on interface deinit when WoWLAN is enabled, so we can
boot the system with WoWLAN after S5 (poweroff).

Signed-off-by: Alfonso Sanchez-Beato <alfonso.sanchez-beato@canonical.com>
2019-12-30 18:51:06 +02:00
Bilal Hatipoglu
59536a33d8 wpa_cli: WPS-PIN-ACTIVE and WPS-CANCEL events for action scripts
These events were added in commit b1b62a1364 ("WPS: Add WPS-PIN-ACTIVE
and WPS-CANCEL events").

Signed-off-by: Bekir Celik <bekir.celik@airties.com>
Signed-off-by: Bilal Hatipoglu <bilal.hatipoglu@airties.com>
2019-12-30 18:36:57 +02:00
Andrei Otcheretianski
522450b7b1 AP: Determine Short SSID value for the BSS
This can be used in the future to implement support for RNR and scanning
extensions using a shorter field for the SSID.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2019-12-28 22:32:14 +02:00
Felix Fietkau
41b06b065e mesh: Fix race condition in mesh mpm new peer handling
When wpa_supplicant receives another new peer event before the first one
has been processed, it tries to add a station to the driver a second
time (which fails) and then tears down the station entry until another
event comes in.

Fix this by only adding a station to the driver if it didn't exist
already.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-12-28 20:56:03 +02:00
Lubomir Rintel
a383db0646 defconfig: Enable MACsec
Debian and Fedora enable it, NetworkManager uses it.

Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
2019-12-28 18:28:10 +02:00
Jouni Malinen
53661e3a9a Allow debug log to be written to both syslog and file
If hostapd or wpa_supplicant is started with both -s and -f command line
arguments, debug log ended up being written only into syslog and the log
file was left empty. Change this so that the log entries will be written
to both places. Either -s or -f (or both) results in debug log to stdout
being disabled which was already the case.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-12-28 18:28:10 +02:00
Jouni Malinen
68f9f480ef wpa_gui: Silence a compiler warning
Signed-off-by: Jouni Malinen <j@w1.fi>
2019-12-28 00:17:55 +02:00
Victor Ananyev
eadfeb0e93 wpa_gui: Show entire list of networks
Use LAST_ID of LIST_NETWORKS to load all the network entries iteratively
if there is large enough number of networks to not fit in a single
response.

Signed-off-by: Victor Ananyev <vindex10@gmail.com>
2019-12-28 00:16:38 +02:00
Victor Ananyev
a3b59fa111 wpa_cli: Let LAST_ID argument to be used for LIST_NETWORKS
This allows starting point of the network list to be specified so that
the potentially long response can be fragmented into multiple fetch
operations.

Signed-off-by: Victor Ananyev <vindex10@gmail.com>
2019-12-27 23:56:02 +02:00
Sergey Matyukevich
078217a2d7 STA OBSS: Update secondary channel info after CSA
Field wpa_s->sme.ht_sec_chan keeps secondary channel for the 40 MHz
band. This field is used to prepare a list of channels for the STA OBSS
scan. Initially, the secondary channel is set to HT_SEC_CHAN_UNKNOWN.
Later on, in function wpa_obss_scan_freq_list() it is obtained from the
current BSS HT operation IE. However, the secondary channel information
is not updated after channel switch, which may lead to an incorrect list
of channels prepared for the STA OBSS scan.

Update ht_sec_chan according to the channel switch event data to fix
this.

Signed-off-by: Sergey Matyukevich <sergey.matyukevich.os@quantenna.com>
2019-12-27 21:04:57 +02:00
Sergey Matyukevich
3204795d7a STA OBSS: Add check for overlapping BSSs
In the previous implementation connected STA performs OBSS scan
according to requests from its 20/40 MHz AP. However STA checks only 40
MHz intolerance subfield from HT Capabilities element in scan results.
Meanwhile, as per IEEE Std 802.11-2016, 11.16.12, STA should check
overlapping BSSs as well.

Note that all the required code to check overlapping BSSs did already
exist for AP mode since AP does those checks properly before operating
as 20/40 MHz BSS in the 2.4 GHz band. Use that existing code by replace
existing 40 MHz intolerance check in sme_proc_obss_scan() with the new
shared helper function check_bss_coex_40mhz().

Signed-off-by: Sergey Matyukevich <sergey.matyukevich.os@quantenna.com>
2019-12-26 11:41:01 +02:00
Ben Greear
bf3ab50f4f Change some RRM debug messages from wpa_printf() to wpa_dbg()
This gives us the network device name in logging messages, which can be
helpful when having one wpa_supplicant process handle multiple devices.

Signed-off-by: Ben Greear <greearb@candelatech.com>
2019-12-26 09:41:58 +02:00
Jouni Malinen
9b391715cb mesh: Allow group management cipher to be configured
This allows BIP-GMAC-128, BIP-GMAC-256, or BIP-CMAC-256 to be used
instead of the previously hardcoded AES-128-CMAC as the group management
cipher when using mesh with PMF. For now, this can be configured by
setting a single group_mgmt value in the network block and doing that
consistently through all the STAs in the mesh.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-12-25 23:43:35 +02:00
Jouni Malinen
65d0b67c22 mesh: Increase plink action frame AMPY buffer length for max GTK/IGTK
The previous calculation of the buffer length did not take into account
the possibility of 32-octet GTK and IGTK values and it was also missing
something to cover the 16 octet keys that are supported now. Other
buffer elements were likely sufficient to cover all these cases, but
anyway, it is better to allocate sufficient size specifically for AMPE
to avoid issues in the future.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-12-25 23:35:40 +02:00
Bilal Hatipoglu
b1b62a1364 WPS: Add WPS-PIN-ACTIVE and WPS-CANCEL events
WPS_EVENT_CANCEL is added to indicate cancellation of a WPS operation
for any reason in hostapd/wpa_supplicant.

WPS_EVENT_PIN_ACTIVE is added to indicate when a PIN operation is
triggered in wpa_supplicant.

Signed-off-by: Veli Demirel <veli.demirel@airties.com>
Signed-off-by: Bilal Hatipoglu <bilal.hatipoglu@airties.com>
2019-12-25 20:58:52 +02:00
Bilal Hatipoglu
0b1839405e Add "reconnect" cmdline argument to hostapd_cli/wpa_cli
When the newly added "-r" parameter is used, both clis will try to
reconnect forever on connection lost until signalled (ctrl+c) or
terminated. This is useful only when used with -a to take action to
retrieve events or get status and the cli process stays even if
hostapd/wpa_supplicant daemons restart for some reason (e.g.,
configuration change).

Signed-off-by: Veli Demirel <veli.demirel@airties.com>
Signed-off-by: Bilal Hatipoglu <bilal.hatipoglu@airties.com>
2019-12-25 20:54:44 +02:00
Jouni Malinen
4318a635a9 DBus: Update dont_quote[] with new network profile parameters
This array had not been updated for years (since it was initially added)
and it was missing new network profile parameters that were not quoted
strings (but also not integers that could be set as integer types). Add
those missing non-quoted-strings to allow them to be set through the
DBus interface.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-12-25 12:45:44 +02:00
Jouni Malinen
26a00ba8bd DBus: Remove not existing network profile params from dont_quote[]
These parameters are global parameters, not network profile parameters,
and as such, do not below in dont_quote[] which is used to determine
whether a network profile parameter needs to be quoted.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-12-25 12:26:33 +02:00
Matthew Wang
23d87687c2 dbus: Move roam metrics to the correct interface
These properties were in the wpas_dbus_bss_properties array when they
should have been in the wpas_dbus_interface_properties array. Move them
to the right place. This is the logical location for these properties
and it matches both the other parts of the implementation (e.g., being
in enum wpas_dbus_prop, not in enum wpas_dbus_bss_prop) and what
was originally documented for the interface in dbus.doxygen.

Fixes: 2bbad1c7c9 ("dbus: Export roam time, roam complete, and session length")
Fixes: 80d06d0ca9 ("dbus: Export BSS Transition Management status")
Signed-off-by: Matthew Wang <matthewmwang@chromium.org>
2019-12-24 21:16:23 +02:00
Sam Tygier
32289112c4 wpa_passphrase: Output errors to stderr
The stdout of wpa_passphrase is often piped directly into the
wpa_supplicant config file. In case of errors these will be written to
the file and possibly not noticed by the user.

Use fprintf to print errors to stderr.

Signed-off-by: Sam Tygier <samtygier@yahoo.co.uk>
2019-12-24 11:14:27 +02:00
Jouni Malinen
efaa6256e2 More detailed documentation on ieee80211w configuration parameter
Signed-off-by: Jouni Malinen <j@w1.fi>
2019-12-23 10:48:09 +02:00
Alexander Wetzel
84877f253d wpa_supplicant: Do not try to detect PSK mismatch during PTK rekeying
When a PTK rekey fails it can't be caused by a PSK mismatch. Report a
possible PSK mismatch only during the initial 4-way handshake to avoid
incorrect reports.

Signed-off-by: Alexander Wetzel <alexander@wetzel-home.de>
2019-12-21 17:10:17 +02:00
Jouni Malinen
9be30ffc13 DPP: Abort ongoing scan if connection status needs to be sent
Ongoing scan could prevent the station Enrollee from sending out DPP
connection status after the 15 second timeout and that would result in
the Configurator timing out on the wait for the status report. Abort any
ongoing scan, if needed, to avoid this.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-12-20 16:51:59 +02:00
Vamsi Krishna
3f3876344e SAE: Enable NEED_DH_GROUPS_ALL for CONFIG_TESTING_OPTIONS=y builds
Enable all DH FFC groups for SAE in wpa_supplicant testing builds. These
are needed to allow more testing coverage for AP functionality.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-12-20 16:27:19 +02:00