Add a new vendor attribute QCA_WLAN_VENDOR_ATTR_DISCONNECT_IES
to configure disconnect IEs to the driver. Driver shall fill
these IEs in disassoc/deauth frame.
These IEs are expected to be considered only for the next
immediate disconnection (disassoc/deauth frame) originated by
the DUT, irrespective of the entity (user space/driver/firmware)
triggering the disconnection.
The host drivers are not expected to use the IEs set through
this interface for further disconnections after the first immediate
disconnection initiated post the configuration.
If the IEs are also updated through cfg80211 interface (after the
enhancement to cfg80211_disconnect), host driver is expected to
take the union of IEs from both of these interfaces and send in
further disassoc/deauth frames.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Add a QCA vendor sub command QCA_NL80211_VENDOR_SUBCMD_OEM_DATA
with attributes qca_wlan_vendor_attr_oem_data_params to support
OEM data. It is used to send OEM data binary blobs from
application/service to firmware. The attributes defined in enum
qca_wlan_vendor_attr_oem_data_params are used to deliver the
parameters.
Signed-off-by: Paul Zhang <paulz@codeaurora.org>
The new certificate chain debug dumps used functions that are not
available with LibreSSL or BoringSSL.
Fixes: 857edf4bf4 ("OpenSSL: More debug prints of configured ciphers and certificates")
Signed-off-by: Jouni Malinen <j@w1.fi>
The OPENSSL_VERSION_NUMBER ifdef block left out the local variable that
is needed with all versions. In addition, SSL_set_security_level() is
not available with LibreSSL or BoringSSL.
Fixes: 3ec65a8e38 ("OpenSSL: Allow anon-DH cipher suites to be added for TEAP")
Signed-off-by: Jouni Malinen <j@w1.fi>
The tls_connection_get_cipher_suite() implementation used
SSL_CIPHER_get_protocol_id which was added in OpenSSL 1.1.1. Need to use
compatibility code with older versions.
Fixes: 94714ec341 ("OpenSSL: Add tls_connection_get_cipher_suite()")
Signed-off-by: Jouni Malinen <j@w1.fi>
This adds an encrypted version of a one octet application data payload
to the end of the handshake when TLS v1.3 is used to indicate explicit
termination of the handshake (either after Finished message or after the
optional NewSessionTicket message). The current
draft-ietf-emu-eap-tls13-05 defines this to be a zero length payload,
but since that is not allowed by OpenSSL, use a one octet payload
instead for now with hopes of getting the draft specification updated
instead of having to modify OpenSSL for this.
Signed-off-by: Jouni Malinen <j@w1.fi>
EAP-TLS with TLS 1.3 uses an empty application data record from the
server to indicate end of the exchange, so EAP-TLS peer will need to
check for this special case and finish the exchange with an empty
EAP-TLS (ACK) so that the server can send out EAP-Success.
Signed-off-by: Jouni Malinen <j@w1.fi>
This will hopefully not be needed for EAP-TLS use cases since there
should not really be a middlebox that looks at the TLS layer details in
case of EAP authentication.
Signed-off-by: Jouni Malinen <j@w1.fi>
hostapd EAP server can now be configured with two separate server
certificates/keys to enable parallel operations using both RSA and ECC
public keys. The server will pick which one to use based on the client
preferences for the cipher suite (in the TLS ClientHello message). It
should be noted that number of deployed EAP peer implementations do not
filter out the cipher suite list based on their local configuration and
as such, configuration of alternative types of certificates on the
server may result in interoperability issues.
Signed-off-by: Jouni Malinen <j@w1.fi>
This adds support for a new EAP method: EAP-TEAP (Tunnel Extensible
Authentication Protocol). This should be considered experimental since
RFC 7170 has number of conflicting statements and missing details to
allow unambiguous interpretation. As such, there may be interoperability
issues with other implementations and this version should not be
deployed for production purposes until those unclear areas are resolved.
This does not yet support use of NewSessionTicket message to deliver a
new PAC (either in the server or peer implementation). In other words,
only the in-tunnel distribution of PAC-Opaque is supported for now. Use
of the NewSessionTicket mechanism would require TLS library support to
allow arbitrary data to be specified as the contents of the message.
Signed-off-by: Jouni Malinen <j@w1.fi>
Add a new TLS_CONN_* flag to provide a higher level mechanism for adding
(instead of fully replacing) allowed list of TLS ciphersuites for TEAP
provisioning purposes.
Signed-off-by: Jouni Malinen <j@w1.fi>
This implements "tls-unique" derivation per RFC 5929, Section 3. This
will be needed for channel binding, e.g., with EAP-TEAP.
Signed-off-by: Jouni Malinen <j@w1.fi>
Test names can now use wildcard in the end (e.g., ap_wpa2_psk*) to match
all test cases with the specified prefix.
Signed-off-by: Jouni Malinen <j@w1.fi>
The buf[] array is initialized to zeros, so it was already null
terminated since the read() call did not allow the last character of the
buffer to be overwritten. Since that was apparently not enough to make
some static analyzers understand the design, use explicit null
termination after a successful read() call.
Signed-off-by: Jouni Malinen <j@w1.fi>
Now that the TLS peer_cert information is provided as a full struct to
handler functions, the altsubject pointer shows up as an array and
causes static analyzers to warn about unnecessary NULL comparison. Get
rid of that comparison now that it is clearly not needed anymore.
Signed-off-by: Jouni Malinen <j@w1.fi>
This reduces differences in timing and memory access within the
hunting-and-pecking loop for ECC groups that have a prime that is not
close to a power of two (e.g., Brainpool curves).
Signed-off-by: Jouni Malinen <j@w1.fi>
This reduces differences in timing and memory access within the
hunting-and-pecking loop for ECC groups that have a prime that is not
close to a power of two (e.g., Brainpool curves).
Signed-off-by: Jouni Malinen <j@w1.fi>
scan_dfs fails with this message.
---------------
wlan0: Country code not reset back to 00: is US
wlan0: Country code cleared back to 00
---------------
This patch fixes the issue.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
p2p_go_move_scm_peer_does_not_support fails with this message.
---------------
wlan0: Country code not reset back to 00: is US
wlan0: Country code cleared back to 00
---------------
This patch fixes the issue.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
p2p_channel_5ghz_165_169_us fails with this message.
---------------
wlan0: Country code not reset back to 00: is US
wlan0: Country code cleared back to 00
---------------
This patch fixes the issue.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
p2p_channel_5ghz_only fails with this message.
---------------
wlan0: Country code not reset back to 00: is US
wlan0: Country code cleared back to 00
---------------
This patch fixes the issue.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
autogo_ht_vht fails with this message.
---------------
wlan0: Country code not reset back to 00: is US
wlan0: Country code cleared back to 00
---------------
This patch fixes the issue.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
p2p_autogo_pref_chan_not_in_regulatory fails with this message.
---------------
wlan0: Country code not reset back to 00: is SE
wlan0: Country code cleared back to 00
---------------
This patch fixes the issue.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
ap_vht80_to_24g_ht fails with this message.
---------------
wlan0: Country code not reset back to 00: is FI
wlan0: Country code cleared back to 00
---------------
This patch fixes the issue.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
ap_vht_40_fallback_to_20 fails with this message.
---------------
wlan0: Country code not reset back to 00: is US
wlan0: Country code cleared back to 00
---------------
This patch fixes the issue.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
ap_vht_tkip fails with this message.
---------------
wlan0: Country code not reset back to 00: is FI
wlan0: Country code cleared back to 00
---------------
This patch fixes the issue.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
prefer_vht40 fails with this message.
---------------
wlan0: Country code not reset back to 00: is FI
wlan0: Country code cleared back to 00
---------------
This patch fixes the issue.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
ap_vht80_csa fails with this message.
---------------
wlan0: Country code not reset back to 00: is US
wlan0: Country code cleared back to 00
---------------
This patch fixes the issue.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
ap_vht80plus80_invalid fails with this message.
---------------
wlan0: Country code not reset back to 00: is US
wlan0: Country code cleared back to 00
---------------
This patch fixes the issue.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
ap_vht160_no_ht40 fails with this message.
---------------
wlan0: Country code not reset back to 00: is ZA
wlan0: Country code cleared back to 00
---------------
This patch fixes the issue.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
ap_vht_40 fails with this message.
---------------
wlan0: Country code not reset back to 00: is DE
wlan0: Country code cleared back to 00
---------------
This patch fixes the issue.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
ap_vht_20 fails with this message.
---------------
wlan0: Country code not reset back to 00: is DE
wlan0: Country code cleared back to 00
---------------
This patch fixes the issue.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
ap_vht80_invalid2 fails with this message.
---------------
wlan0: Country code not reset back to 00: is US
wlan0: Country code cleared back to 00
---------------
This patch fixes the issue.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
ap_vht80_invalid fails with this message.
---------------
wlan0: Country code not reset back to 00: is US
wlan0: Country code cleared back to 00
---------------
This patch fixes the issue.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
ap_vht_wifi_generation fails with this message.
---------------
wlan0: Country code not reset back to 00: is FI
wlan0: Country code cleared back to 00
---------------
This patch fixes the issue.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
ap_vht80 fails with this message.
---------------
wlan0: Country code not reset back to 00: is FI
wlan0: Country code cleared back to 00
---------------
This patch fixes the issue.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
ap_wps_conf_chan14 fails with this message.
---------------
wlan0: Country code not reset back to 00: is JP
wlan0: Country code cleared back to 00
---------------
This patch fixes the issue.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
ap_acs_vht160_scan_disable fails with this message.
---------------
wlan0: Country code not reset back to 00: is ZA
wlan0: Country code cleared back to 00
---------------
This patch fixes the issue.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
rrm_beacon_req_passive_scan_vht160 fails with this message.
---------------
wlan0: Country code not reset back to 00: is ZA
wlan0: Country code cleared back to 00
---------------
This patch fixes the issue.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>