The internal TLS implementation started rejecting number of unsupported
configuration parameters recently, but those new error paths did not
free the allocated tlsv1_credentials buffer.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This function exposes internal state of the TLS negotiated parameters
for the sole purpose of being able to implement PRF for EAP-FAST. Since
tls_connection_prf() is now taking care of all TLS-based key derivation
cases, it is cleaner to keep this detail internal to each tls_*.c
wrapper implementation.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This is not needed anymore with the tls_connection_prf() being used to
handle all key derivation needs. tls_connection_get_keys() is a bit
misnamed for now, but it is only used to fetch the client and server
random for Session-Id derivation.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
tls_openssl.c is the only remaining TLS/crypto wrapper that needs the
internal PRF implementation for EAP-FAST (since
SSL_export_keying_material() is not available in older versions and does
not support server-random-before-client case). As such, it is cleaner to
assume that TLS libraries support tls_connection_prf() and move the
additional support code for the otherwise unsupported cases into
tls_openssl.c.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
is_ht_allowed is a confusing name since this variable is used to track
whether 40 MHz channel bandwidth is allowed instead of whether HT is
allowed in general.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This adds hexdumps of MSCHAP/MSCHAPv2 Challenge and Response in format
used by asleap. This is only enabled for CONFIG_TESTING_OPTIONS=y
builds.
Signed-off-by: Jouni Malinen <j@w1.fi>
When starting a P2P client to re-join a persistent group
(P2P_GROUP_ADD persistent=<id>), it is possible that the P2P GO was
already found in previous scans. Try to get the P2P GO operating
frequency from the scan results list so wpa_supplicant will initially
scan only the P2P GO known operating frequency.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
If NEED_AP_MLME=y is not defined, compilation might
fail under some configurations:
src/ap/drv_callbacks.c:594:2: warning: implicit declaration of
function ‘hostapd_acs_completed’ [-Wimplicit-function-declaration]
src/ap/sta_info.c:253: undefined reference to `sae_clear_retransmit_timer'
Fix these errors by adding the missing hostapd_acs_completed() stub,
and defining NEED_AP_MLME in case of CONFIG_SAE.
Signed-off-by: Eliad Peller <eliad@wizery.com>
Commit e9af53ad39 introduced new
CONFIG_NO_ROAMING configuration parameter but unfortunately it was added
only to Android.mk. Enabling this parameter didn't have any effect when
Makefile was used to build wpa_supplicant. This commit fixes that problem
and cleans "unused variable" compiler warning.
Signed-off-by: Lauri Hintsala <lauri.hintsala@silabs.com>
This replaces the internal CBC mode implementation in
aes_128_cbc_encrypt() and aes_128_cbc_decrypt() with the OpenSSL
implementation for CONFIG_TLS=openssl builds.
Signed-off-by: Jouni Malinen <j@w1.fi>
The local buffers may contain information used to generate parts of the
derived key, so clear these explicitly to minimize amount of unnecessary
private key-related material in memory.
Signed-off-by: Jouni Malinen <j@w1.fi>
The local hash[] buffer may contain parts of the derived key, so clear
it explicitly to minimize number of unnecessary copies of key material
in memory.
Signed-off-by: Jouni Malinen <j@w1.fi>
The local T[] buffer may contain parts of the derived key, so clear it
explicitly to minimize number of unnecessary copies of key material in
memory.
Signed-off-by: Jouni Malinen <j@w1.fi>
Previous workaround for WEXT events from the Host AP driver required
wlan# and wifi# interfaces to have fixed names with the same number.
While that used to be the common case ten years ago, it is less common
nowadays. Extend this to use sysfs (if available) to figure out the
wifi# interface name if the specified interface is detected to be using
the Host AP driver.
Signed-off-by: Jouni Malinen <j@w1.fi>
Add SQLite error message and DB name to the DB related errors. Add
enough tracing so that users can know exactly where users are failing to
be found.
Signed-off-by: Ben Greear <greearb@candelatech.com>
This should make it more obvious to users that they have a fatal
configuration problem in hostapd authentication server.
Signed-off-by: Ben Greear <greearb@candelatech.com>
The command line option 'i' is not handled, so I assume it should
not be in the short-options list.
Fix missing word in error message as well.
Signed-off-by: Ben Greear <greearb@candelatech.com>
In case someone is compiling their own libcurl and wants to link it
statically, for instance, the new CUST_CURL_LINKAGE parameter can be
used to override the default -lcurl argument.
Signed-off-by: Ben Greear <greearb@candelatech.com>
The new network profile parameter mem_only_psk=1 can be used to specify
that the PSK/passphrase for that network is requested over the control
interface (ctrl_iface or D-Bus) similarly to the EAP network parameter
requests. The PSK/passphrase can then be configured temporarily in a way
that prevents it from getting stored to the configuration file.
For example:
Event:
CTRL-REQ-PSK_PASSPHRASE-0:PSK or passphrase needed for SSID test-wpa2-psk
Response:
CTRL-RSP-PSK_PASSPHRASE-0:"qwertyuiop"
Note: The response value uses the same encoding as the psk network
profile parameter, i.e., passphrase is within double quotation marks.
Signed-off-by: Jouni Malinen <j@w1.fi>
This extends EAP-pwd peer support to allow NtHash version of password
storage in addition to full plaintext password. In addition, this allows
the server to request hashed version even if the plaintext password is
available on the client. Furthermore, unsupported password preparation
requests are now rejected rather than allowing the authentication
attempt to continue.
Signed-off-by: Jouni Malinen <j@w1.fi>
This extends EAP-pwd server support to allow NtHash version of password
storage in addition to full plaintext password.
Signed-off-by: Jouni Malinen <j@w1.fi>
White space is a valid SSID character so completion routine for
networks should only use tab as word separator.
Signed-off-by: Mikael Kanstrup <mikael.kanstrup@sonymobile.com>
Add command completion routines for remove_network, select_network,
disable_network, and enable_network commands.
Signed-off-by: Mikael Kanstrup <mikael.kanstrup@sonymobile.com>
Add command completion routine for get_network and set_network that
guide user with both network id and network parameters.
Signed-off-by: Mikael Kanstrup <mikael.kanstrup@sonymobile.com>
To be able to reuse the add/del word utility functions for lines containing
tabs allow both space and tab as word separators.
Signed-off-by: Mikael Kanstrup <mikael.kanstrup@sonymobile.com>
It looks like it was possible to receive an incomplete FAIL line and
break out from test execution due to a parsing error. Handle this more
robustly and log the error.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Extend interface_add and interface_remove commands via an optional
argument to allow wpa_supplicant to create/delete a new virtual
interface.
Signed-off-by: Jithu Jance <jithu@broadcom.com>
wpa_cli already implements a command history file for easy accessing
commands previously used. Enable the functionality on Android, too.
Signed-off-by: Mikael Kanstrup <mikael.kanstrup@sonymobile.com>
Old code defaulted to WEP for an AP advertising OSEN. Show as OSEN
instead. Re-use most of the RSN parsing logic since all but the header
is the same.
Example output:
[root@ath9k-f lanforge]# ./local/bin/wpa_cli -i sta0 scan_results
bssid / frequency / signal level / flags / ssid
00:0e:8e:6f:40:49 2462 -23 [OSEN-OSEN-CCMP][ESS] ben-138
Signed-off-by: Ben Greear <greearb@candelatech.com>
System tray icon can be set to 5 different pictographs according to the
connection status. One for disconnected state (not associated with the
network, or not connected with the wpa_supplicant service), and four for
connected status (showing the signal strength on the receiver).
By default this functionality is disabled. The reason for this, is the
fact, that the underlaying approach of this functionality is poll based,
which might be considered as a non-efficient one. Update interval has to
be set explicitly by the user with '-m<seconds>' command line argument.
Status icon names are based on various Gnome icon packs (e.g., Faba).
When icon can not be found, default one is shown (wpa_gui logo).
Signed-off-by: Arkadiusz Bokowy <arkadiusz.bokowy@gmail.com>
HT requires QoS/WMM, so unset HT capabilities for a station
whose association request does not include a valid WMM IE.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
This extends NL80211_CMD_ROAM event processing to allow the driver to
roam to another ESS (different SSID) when using offloaded BSS selection.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Now that there is a kernel patch for IPv6 ProxyARP that is capable of
using the non-AP STAs MAC address as the link layer source address in
NA, validate that behavior rather than the temporary check for BSSID.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>