Commit graph

17037 commits

Author SHA1 Message Date
Jouni Malinen
05962099c3 TDLS: Fix error path for TPK M1 send failure in testing functionality
The previous fix did not actually address this testing functionality
case correctly. Clear the peer pointer to avoid double freeing.

Fixes: a86078c876 ("TDLS: Fix error path handling for TPK M1 send failures")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-11-03 19:45:36 +02:00
Jouni Malinen
a9fed5f5b5 Avoid undefined behavior with memcpy PMK/PSK update
When SAE is used, the local pointer pmk may point to sm->PMK. Skip the
memcpy operation in such a case since it is not really needed and use of
overlapping memory buffers is undefined behavior for memcpy().

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-11-02 18:46:35 +02:00
Jouni Malinen
c643c39287 nl80211: Fix filtering of unsupported bands/modes
The loop for removing unsupported bands was assuming there is always
exactly one band/mode following the removed band. That was not at all
correct, so fix this by dynamically determining how many (if any) bands
need to be moved.

Fixes: 106d67a93c ("nl80211: Filter out unsupported bands")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-11-02 18:38:41 +02:00
Jouni Malinen
3b89dbaa7d tests: TDLS with SAE
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-11-02 17:40:18 +02:00
Jouni Malinen
a86078c876 TDLS: Fix error path handling for TPK M1 send failures
Local allocation error or failure to get a random number could have
resulted in the peer entry getting freed and couple of the error path
cases in callers could have tried to reference or delete the peer after
that. Fix this by tracking the errors where the peer is freed.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-11-02 17:26:04 +02:00
Jouni Malinen
3d490296bc DPP2: Fix error path handling in enterprise provisioning
The allocated memory pointed by the pem pointer was freed on an error
path without clearing the pointer to NULL before returning it from the
function. This could have resulted in use of freed memory in an error
case. Fix this by clearing the pointer so that the function returns NULL
properly in the case of this error.

Fixes: ace3723d98 ("DPP2: Enterprise provisioning (Enrollee)")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-11-02 16:52:01 +02:00
Jouni Malinen
f724dd1bfd Remove unused variable update
Commit e8b85c078e ("iface match: Unspecified matched interfaces should
not log driver fails") removed the only use of the added interface wpa_s
pointer, but left that pointer setting in place. Remove it to keep
static analyzers happy.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-11-02 16:36:14 +02:00
Jouni Malinen
589bf1f7a9 DPP2: Fix ppkey parsing
DPP_CONFIGURATOR_ADD processing of the new ppkey parameter had a
copy-paste error in determining the correct length of this parameter.
Fix that by referencing the correct pointer.

Fixes: 9c1fbff074 ("DPP2: Generate a privacy protection key for Configurator")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-11-02 16:31:02 +02:00
Veerendranath Jakkam
79e3f08d3c 6 GHz: Add support for missing 6 GHz operating classes
Add support for missing 6 GHz operating classes as defined in
IEEE P802.11ax/D7.0.

This is needed to avoid OCV failures on the 6 GHz band when the channel
width is larger than 20 MHz.

Signed-off-by: Veerendranath Jakkam <vjakkam@codeaurora.org>
2020-10-30 22:52:47 +02:00
Veerendranath Jakkam
66bed14b22 6 GHz: Fix opclasses mapping in ieee80211_freq_to_channel_ext()
Previously only primary channel number used to calculate 6GHz operating
class in ieee80211_freq_to_channel_ext() and it is always giving 131
operating class. Fix this by mapping operating class using chanwidth and
sec_channel also.

This is needed to avoid OCV failures on the 6 GHz band when the channel
width is larger than 20 MHz.

Signed-off-by: Veerendranath Jakkam <vjakkam@codeaurora.org>
2020-10-30 14:20:50 +02:00
Hai Shalom
5e779873ed EAP-SIM peer: Send AT_IDENTITY first
For EAP-SIM connections, reorder the order of the attributes in
EAP-Response/SIM/Start message: Send AT_IDENTITY first, then
AT_NONCE and AT_VERSION instead of AT_IDENTITY last. Even though there
is no order requirements in the RFC, some implementations expect the
order of the attributes to be exactly as described in the RFC figures.

Peer                                      Authenticator
|                                                 |
|                      +------------------------------+
|                      | Server does not have a       |
|                      | Subscriber identity available|
|                      | When starting EAP-SIM        |
|                      +------------------------------+
|                                                 |
|          EAP-Request/SIM/Start                  |
|          (AT_ANY_ID_REQ, AT_VERSION_LIST)       |
|<------------------------------------------------|
|                                                 |
|                                                 |
| EAP-Response/SIM/Start                          |
| (AT_IDENTITY, AT_NONCE_MT,                      |
|  AT_SELECTED_VERSION)                           |
|------------------------------------------------>|
|                                                 |

Signed-off-by: Hai Shalom <haishalom@google.com>
2020-10-30 13:59:49 +02:00
Pooventhiran G
0577e8e679 nl80211: Check for proper nlmsg allocation in send_and_recv_msgs_owner()
When nlmsg allocation fails, nl80211_drv_msg() returns NULL and the call
to send_and_recv_msgs_owner() from nl80211_leave_ibss() could have ended
up dereferencing a NULL pointer. Fix this by make
send_and_recv_msgs_owner() more consistent with other send_and_recv*()
cases that check msg == NULL internally.

Fixes: 12ea7dee31 ("nl80211: Use nl80211 control port for receiving EAPOL frames")
Signed-off-by: Pooventhiran G <pooventh@codeaurora.org>
2020-10-27 11:39:45 +02:00
Disha Das
02289ab537 DPP2: Explicitly check EC_KEY before dereferencing it
In theory, the EVP_PKEY_get0_EC_KEY() could fail, so verify that it
succeeds before using the pointer to get the group.

Fixes: 65e94351dc ("DPP2: Reconfig Authentication Request processing and Response generation")
Signed-off-by: Disha Das <dishad@codeaurora.org>
2020-10-27 11:33:15 +02:00
Sreeramya Soratkal
c575904761 P2P: Consider BSS entry pending for P2P joining as a known BSS
Consider the BSS entry that is pending for the P2P group join operation
also as a known network along with the existing configured networks.
This prevents removal of the BSS entry that is still in the process of
P2P join operation from the BSS table when the number of entries exceed
bss_max_count.

Signed-off-by: Sreeramya Soratkal <ssramya@codeaurora.org>
2020-10-26 22:39:42 +02:00
Jouni Malinen
106d67a93c nl80211: Filter out unsupported bands
If the driver indicates capability for a band that
hostapd/wpa_supplicant does not support, the struct hostapd_hw_modes
array of bands got an empty entry for that with NUM_HOSTAPD_MODES as the
mode. This resulted in various issues, e.g., with fst_hw_mode_to_band()
hitting a WPA_ASSERT(0).

Fix this by filtering out unsupported bands from the internal data
structures.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-10-26 22:34:07 +02:00
Sreeramya Soratkal
9c39c1a6d3 P2P: Include p2p_add_cli_chan parameter while cloning the configuration
The dynamically created P2P group interface did not consider the
channels that can be used by the P2P client during the P2P group
formation. Copy the p2p_add_cli_chan parameter while cloning the
configuration to the P2P group interface. This allows the dynamically
created group interface case to form the group in the specific
client-only channels when the device is a P2P client in the group.

Signed-off-by: Sreeramya Soratkal <ssramya@codeaurora.org>
2020-10-22 23:51:54 +03:00
Sunil Dutt
8f0ed71ffe Vendor specific feature capability for Adaptive 11r
Add feature capability indication for Adaptive 11r for the drivers
to advertize support for this.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-10-22 23:51:34 +03:00
Arun Kumar Khandavalli
45ae6ae8e1 Add additional vendor specific hang reason codes
Add additional hang reason codes in enum qca_wlan_vendor_hang_reason to
address potential internal failure cases.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-10-22 23:47:12 +03:00
Jouni Malinen
2d8a7cf3f5 tests: Update dpp_controller_rx_errors to use the assigned TCP port
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-10-21 00:31:01 +03:00
Jouni Malinen
d2190cdc65 DPP2: Update the default port number for DPP-over-TCP
IANA assigned the TCP port 8908 for DPP, so update the implementation to
match the formal assignment.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-10-21 00:29:38 +03:00
Jouni Malinen
5d988b4a5b Fix couple more typos
Couple of similar cases that were not included in the previous commit.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-10-20 00:37:01 +03:00
Yegor Yefremov
b439b21a2f wpa_supplicant: Fix typos
Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
2020-10-20 00:37:01 +03:00
Jouni Malinen
ac835ea092 tests: SAE status code handling
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-10-20 00:37:01 +03:00
Jouni Malinen
183e72ae13 SAE-PK: Do not accept SAE-PK status code when no PK is configured
Make sae_status_success() more explicit by rejecting SAE-PK status code
when the AP is not configured with PK.

Fixes: 20ccf97b3d ("SAE-PK: AP functionality")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-10-20 00:37:01 +03:00
Andrei Otcheretianski
80662accb5 SAE: Don't use potentially uninitialized keys
If SAE_CONFIG_PK is not defined and sae->pk isn't zero (which is
possible as it is controlled by the commit message status code),
sae_derive_keys() may end up deriving PMK and KCK from an
uninitialized array. Fix that.

Fixes: 6b9e99e571 ("SAE-PK: Extend SAE functionality for AP validation")
Fixes: 20ccf97b3d ("SAE-PK: AP functionality")
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2020-10-20 00:37:01 +03:00
Andrei Otcheretianski
b4c7114cf5 wpa_supplicant: Remove unfeasible conditions in config parsing
pos can't be NULL in wpa_global_config_parse_str(), so there is no point
checking this, especially when pos was already dereferenced earlier.
Remove the redundant conditions.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2020-10-19 23:05:33 +03:00
Andrei Otcheretianski
ff7e0c1cf7 wpa_cli: Don't access uninitialized variables
Don't print potentially uninitialized variables in wpa_ctrl_command_bss().
Some compilers and analyzers may warn about it.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2020-10-19 23:01:11 +03:00
Pooventhiran G
e364a34c69 OpenSSL: Make openssl_debug_dump_certificate() more robust
SSL_CTX_get0_certificate() returns NULL if no certificate is installed.
While this should not be the case here due to the loop in
openssl_debug_dump_certificate_chains() proceeding only if the
SSL_CTX_set_current_cert() returns success, it is safer to make
openssl_debug_dump_certificate() explicitly check against NULL before
trying to dump details about the certificate.

Signed-off-by: Pooventhiran G <pooventh@codeaurora.org>
2020-10-19 22:57:24 +03:00
Johannes Berg
d68c0dd4d4 build: lib.rules: Add common-clean
During the build reshuffling, I missed this, so doing
'make clean' in a certain src/lib folder doesn't clean
up everything anymore. Fix that.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2020-10-16 12:51:12 +03:00
Markus Theil
d34b33451c wpa_supplicant: Fix frequency config for VHT/HE cases
Fix compilation without CONFIG_P2P and only set secondary channel seg
idx if we use a mode supporting a sec channel for VHT/HE.

Signed-off-by: Markus Theil <markus.theil@tu-ilmenau.de>
2020-10-16 12:50:17 +03:00
Jouni Malinen
0747432efd Fix spelling of "unexpected" in messages
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-10-16 12:45:26 +03:00
Yegor Yefremov
d720de929f hostapd: Fix typos
Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
2020-10-16 12:45:24 +03:00
Johannes Berg
4c66894fab eap_peer: Add .gitignore with *.so
If wpa_supplicant is built with dynamic EAP methods,
the *.so files land here. Add them to .gitignore.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2020-10-16 12:34:16 +03:00
Hu Wang
13256b8cf3 P2P: Stop old listen radio work before go to WAIT_PEER_IDLE state
P2P goes to Listen state while waiting for the peer to become ready for
GO Negotiation. If old listen radio work has not been completed, P2P
fails to go to listen state. This could happen in cases where P2P Action
frame transmission reused ongoing p2p-listen radio work.

p2p0: Add radio work 'p2p-listen'@0x
P2P-FIND-STOPPED
p2p0: Starting radio work 'p2p-listen'@0x after 0.010644 second wait
P2P: Use ongoing radio work for Action frame TX
P2P: Use ongoing radio work for Action frame TX
P2P: State CONNECT -> CONNECT
P2P: State CONNECT -> WAIT_PEER_IDLE
P2P: State WAIT_PEER_IDLE -> WAIT_PEER_CONNECT
P2P: Reject start_listen since p2p_listen_work already exists
P2P: Failed to start listen mode

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-10-14 23:16:16 +03:00
Vamsi Krishna
0f7989d8af MSCS: Fix decapsulating subelements from MSCS descriptor
Fix pointer sent for decapsulating subelements from MSCS descriptor
IE while processing (re)association response frames.

Fixes: af8ab3208d ("MSCS: Parse result of MSCS setup in (Re)Association Response frames")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-10-14 23:09:13 +03:00
Vamsi Krishna
cc3d6efa8b Add QCA interface for driver to report various connect fail reason codes
The connection process fails for several reasons and the status codes
defined in IEEE Std 802.11 do not cover the locally generated reason
codes. Add an attribute to QCA_NL80211_VENDOR_SUBCMD_GET_STA_INFO vendor
sub command which can be used by the driver/firmware to report various
additional reason codes for connection failures.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-10-14 23:06:47 +03:00
Jouni Malinen
39748963d7 build: Fix libeap_peer.a build
The install target at the beginning of src/eap_peer/Makefile was
confusing make about the build rules for libeap_peer.a and overriding of
the install target between src/eap_peer/Makefile and src/lib.rules was
breaking installation of dynamic EAP peer *.so files.

Fix this by lib.rules defining a default for the install target so that
src/*/Makefile can override that and by moving the install target for
eap_peer to the end of the Makefile.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-10-14 22:57:04 +03:00
Markus Theil
c3f37c35f0 DFS: Use helper functions for VHT/HE parameters
This is needed to cover the HE-specific conf->he_oper_chwidth value in
addition to conf->vht_oper_chwidth.

Signed-off-by: Markus Theil <markus.theil@tu-ilmenau.de>
2020-10-14 13:05:11 +03:00
Markus Theil
a72599b319 hw_features: Better debug messages for some error cases
Signed-off-by: Markus Theil <markus.theil@tu-ilmenau.de>
2020-10-14 13:05:11 +03:00
Markus Theil
5965c7da5d wpa_supplicant: Enable VHT and HE in default config parameters
Enable VHT and HE as default config parameters in order for
wpa_supplicant AP mode to use it, if hw support is given.

Signed-off-by: Markus Theil <markus.theil@tu-ilmenau.de>
2020-10-14 13:05:11 +03:00
Markus Theil
df6745e8c8 wpa_supplicant: Handle HT40 and mode downgrade in AP mode
Add some missing pieces to the interface configuration of AP/mesh mode
in wpa_supplicant.
 - check for secondary channel and HT40 capability
 - try to downgrade to IEEE 802.11b if 802.11g is not available
Especially with the HT40 check, this code now performs all settings,
which the deleted/duplicated mesh code did.

Signed-off-by: Markus Theil <markus.theil@tu-ilmenau.de>
2020-10-14 12:49:28 +03:00
Markus Theil
93da12fd9f mesh: Fix channel init order, disable pri/sec channel switch
wpa_supplicant_conf_ap_ht() has to happen before
hostapd_setup_interface() in order for its configuration settings to
have effect on interface configuration.

Disable primary and secondary channel switch because of missing tie
breaking rule/frames in mesh networks. A rather long comment about
this issue is placed in mesh.c in the corresponding place.

I was not able to reproduce the memory corruption during
mesh_secure_ocv_mix_legacy, which lead to a revert of a similar patch in
the past.

Signed-off-by: Markus Theil <markus.theil@tu-ilmenau.de>
2020-10-14 12:44:15 +03:00
Markus Theil
0be9c232a3 tests: Remove wpas_mesh_open_5ghz_coex
This is in preparation for an implementation change that ends up
contradicting the operations enforced in this test case for mesh coex.

Signed-off-by: Markus Theil <markus.theil@tu-ilmenau.de>
2020-10-14 12:44:15 +03:00
Markus Theil
7f8ac02e85 HE/VHT: Fix frequency setup with HE enabled
Some places in the code base were not using the wrappers like
hostapd_set_oper_centr_freq_seg0_idx and friends. This could lead to
errors, for example when joining 80 MHz mesh networks. Fix this, by
enforcing usage of these wrappers.

wpa_supplicant_conf_ap_ht() now checks for HE capability before dealing
with VHT in order for these wrappers to work, as they first check HE
support in the config.

While doing these changes, I've noticed that the extra channel setup
code for mesh networks in wpa_supplicant/mesh.c should not be necessary
anymore and dropped it. wpa_supplicant_conf_ap_ht() should handle this
setup already.

Acked-by: John Crispin <john@phrozen.org>
Signed-off-by: Markus Theil <markus.theil@tu-ilmenau.de>
2020-10-14 12:44:09 +03:00
Jouni Malinen
0f07230eb9 DPP2: Add privacyProtectionKey into Configurator backup/restore
This allows the privacyProtectionKey to be transferred to a new
Configurator similarly to the way c-sign-key is transferred.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-10-13 23:38:47 +03:00
Jouni Malinen
a0ccc4017f DPP2: Use ppKey to decrypt E'-id on Configurator
Use the new privacy protection key to decrypt E'-id from Reconfig
Announcement frames.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-10-13 23:38:47 +03:00
Jouni Malinen
99d7bf2348 DPP2: Use the new privacy protection key to protect E-id on Enrollee
Use ppKey instead of C-sign-key to encrypted E-id to E'-id into Reconfig
Announcement frame on the Enrollee side.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-10-13 23:38:47 +03:00
Jouni Malinen
37df40845a DPP2: Copy received ppKey into wpa_supplicant network profile
Store the received privacy protection key from Connector into
wpa_supplicant network profile and indicate it through the control
interface similarly to C-sign-key.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-10-13 23:38:47 +03:00
Jouni Malinen
a8ee2292bd DPP2: Parse ppKey from Connector
This will be used to protect E-id in Reconfig Announcement frames.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-10-13 23:38:47 +03:00
Jouni Malinen
2a8c928871 DPP2: Add ppKey into Connector
This provides the new privacy protection key to the Enrollee so that
this can be used to protect E-id in Reconfig Announcement frames.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-10-13 23:38:47 +03:00