Commit graph

10740 commits

Author SHA1 Message Date
Jouni Malinen
587b0457e0 LibreSSL: Fix build with LibreSSL
The changes needed for OpenSSL 1.1.0 had broken this since LibreSSL is
defining OPENSSL_VERSION_NUMBER in a manner that claims it to be newer
than the current OpenSSL version even though it does not support the
current OpenSSL API.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-01-15 14:06:46 +02:00
Jouni Malinen
0daa9f6a13 EAP-TTLS peer: Fix success after fragmented final Phase 2 message
If the final Phase 2 message needed fragmentation, EAP method decision
was cleared from UNCOND_SUCC or COND_SUCC to FAIL and that resulted in
the authentication failing when the EAP-Success message from the server
got rejected. Fix this by restoring the EAP method decision after
fragmentation.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-01-15 13:37:15 +02:00
Jouni Malinen
1a6f86593b tests: Clean up eap_proto_ikev2
Use helper variable to indicate end of the test case instead of having
to use a fixed length of the loop.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-01-15 10:37:04 +02:00
Jouni Malinen
35372f6cd6 tests: EAP-IKEv2 with default fragment_size
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-01-15 10:36:41 +02:00
Jouni Malinen
7843ae4456 tests: More EAP-SIM and EAP-AKA local error coverage
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-01-15 01:15:11 +02:00
Jouni Malinen
7cbc8e6719 tests: fail_test instead of alloc_fail for aes_{encrypt,decrypt}_init
This is needed to fix ap_wpa2_eap_psk_oom, ap_wpa2_eap_sim_oom,
eap_proto_psk_errors, and ap_ft_oom with the new OpenSSL dynamic memory
allocation design.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-01-14 20:10:16 +02:00
Jouni Malinen
465196ebd2 tests: aes_encrypt_init() and aes_decrypt_init() to use TEST_FAIL
Now the these functions cannot be made to fail by forcing the memory
allocation fail since the OpenSSL-internal version is used, add
TEST_FAIL check to allow OOM test cases to be converted to use the
TEST_FAIL mechanism without reducing coverage.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-01-14 19:44:47 +02:00
Jouni Malinen
1eb87ae48d OpenSSL: Use EVP_CIPHER_CTX_new() to work with OpenSSL 1.1.0
The EVP_CIPHER_CTX structure will be made opaque in OpenSSL 1.1.0, so
need to use EVP_CIPHER_CTX_new() with it instead of stack memory. The
design here moves the older OpenSSL versions to use that dynamic
allocation design as well to minimize maintenance effort.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-01-14 19:30:24 +02:00
Jouni Malinen
3fb3bea8e9 OpenSSL: Update session_secret callback to match OpenSSL 1.1.0 API
The SSL_CIPHER **cipher argument was marked const in OpenSSL 1.1.0
pre-release 2 similarly to how this is in BoringSSL. Fix build with that
in preparation for supporting OpenSSL 1.1.0.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-01-14 19:28:33 +02:00
Jouni Malinen
72a4c5ceb6 tests: Additional EAP-pwd error case coverage
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-01-14 12:12:14 +02:00
Jouni Malinen
814f43cff5 EAP server: Simplify EAP method registration call
Free the allocated structure in error cases to remove need for each EAP
method to handle the error cases separately. Each registration function
can simply do "return eap_server_method_register(eap);" in the end of
the function.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-01-13 23:35:53 +02:00
Jouni Malinen
49a26bb3e3 EAP peer: Simplify EAP method registration call
Free the allocated structure in error cases to remove need for each EAP
method to handle the error cases separately. Each registration function
can simply do "return eap_peer_method_register(eap);" in the end of the
function.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-01-13 23:30:25 +02:00
Jouni Malinen
7ce5603251 EAP-WSC peer: Remove unused state values
The FRAG_ACK and DONE state were not used at all, so remove them.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-01-13 22:09:08 +02:00
Jouni Malinen
d8e5a55f1e tests: WPS and EAP-WSC in network profile
This goes through some error paths that do not really show up in real
WPS use cases.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-01-13 22:08:04 +02:00
Jouni Malinen
992007c515 tests: Fix ERP anonymous_identity test cases
These need to be run without realm in the identity value to allow the
realm from the anonymous_identity to be used.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-01-13 22:03:23 +02:00
Jouni Malinen
6a95f5e2e4 tests: EAP-WSC protocol tests
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-01-13 22:03:23 +02:00
Jouni Malinen
4e34f56f3c tests: Renew the expired OCSP responder certificate
This certificate expired and that makes couple of test cases fail.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-01-13 00:38:29 +02:00
Jouni Malinen
dc441c0fc8 tests: EAP protocol tests for canned EAP-Success after identity
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-01-13 00:17:27 +02:00
Jouni Malinen
e70e16b5de tests: ERP and local error cases
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-01-13 00:17:27 +02:00
Jouni Malinen
1e22dc7428 tests: ERP and anonymous identity
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-01-13 00:17:27 +02:00
Roy Marples
449a31662d bsd: Optimize socket use
Create global init to handle socket calls and route messages.
Register each interface inside the global driver so that
routing messages can find the interface based on rtm_ifindex.

Signed-off-by: Roy Marples <roy@marples.name>
2016-01-13 00:17:27 +02:00
Rafał Miłecki
4653ceb750 nl80211: Report disassociated STA / lost peer for the correct BSS
We shouldn't use drv->ctx as it always points to the first BSS. When
using FullMAC driver with multi-BSS support it resulted in incorrect
treating nl80211 events. I noticed with with brcmfmac and BCM43602.

Before my change I was getting "disassociated" on a wrong interface:
wlan0-1: STA 78:d6:f0:00:11:22 IEEE 802.11: associated
wlan0-1: STA 78:d6:f0:00:11:22 WPA: pairwise key handshake completed (RSN)
wlan0: STA 78:d6:f0:00:11:22 IEEE 802.11: disassociated

With this patch it works as expected:
wlan0-1: STA 78:d6:f0:00:11:22 IEEE 802.11: associated
wlan0-1: STA 78:d6:f0:00:11:22 WPA: pairwise key handshake completed (RSN)
wlan0-1: STA 78:d6:f0:00:11:22 IEEE 802.11: disassociated

This doesn't apply to hostapd dealing with SoftMAC drivers when handling
AP SME & MLME is done it hostapd not the firmware.

Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
2016-01-13 00:17:27 +02:00
Jouni Malinen
38af0423cb Drop OpenSSL 0.9.8 patches to add EAP-FAST support
The OpenSSL project will not support version 0.9.8 anymore. As there
won't be even security fixes for this branch, it is not really safe to
continue using 0.9.8 and we might as well drop the EAP-FAST patches for
it.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-01-13 00:17:27 +02:00
Jouni Malinen
c397edf2bb tests: EAP-SIM/AKA with external GSM/UMTS auth failing
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-01-08 18:04:29 +02:00
Jouni Malinen
40c654cc1d tests: EAP-SIM with external GSM auth and replacing SIM
These test cases verify that EAP-SIM with external GSM auth supports the
use case of replacing the SIM. The first test case does this incorrectly
by not clearing the pseudonym identity (anonymous_identity in the
network profile) while the second one clears that and shows successful
connection.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-01-08 18:03:11 +02:00
Jouni Malinen
21cb63fffd OpenSSL: Fix client certificate chain building after PKCS#12 use
If wpa_supplicant was first configured with PKCS #12 -based client
certificate chain and then used with another network profile that used a
different certificate chain from a X.509 certificate PEM file instead of
PKCS#12, the extra certificate chain was not reconstructed properly with
older versions of OpenSSL that 1.0.2. This could result in the
authentication failing due to the client certificate chain not being
complete or including incorrect certificates.

Fix this by clearing the extra certificate chain when setting up a new
TLS connection with OpenSSL 1.0.1. This allows OpenSSL to build the
chain using the default mechanism in case the new TLS exchange does not
use PKCS#12.

The following hwsim test case sequence was able to find the issue:
ap_wpa2_eap_tls_pkcs12 ap_wpa2_eap_tls_intermediate_ca_ocsp

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-01-07 17:54:23 +02:00
Jouni Malinen
12a81b64e1 ACS: Remove unreachable case from a debug print
n_chans can have only values 1, 2, or 4 in this function, so the -1 case
could never be reached. Remove the unreachable case to get rid of static
analyzer warnings.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-01-07 16:50:53 +02:00
Jouni Malinen
896607d36b Remove a pointer check that can never be true
chan is set to the result of pointer arithmetic (pointer to an entry in
an array) that can never be NULL. As such, there is no need to check for
it to be non-NULL before deference. Remove this check to avoid
complaints from static analyzers.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-01-07 16:47:17 +02:00
Jouni Malinen
a95cc47a92 ACS: Be more consistent with iface->current_mode checks
Offloading of ACS to the driver changed the design a bit in a way that
iface->current_mode could actually be NULL when the offloaded ACS
mechanism supports band selection in addition to channel selection. This
resulted in a combination that is too complex for static analyzers to
notice. While acs_init() can be called with iface->current_mode == NULL
that is only in the case where WPA_DRIVER_FLAGS_ACS_OFFLOAD is in use.
In other words, the actual ACS functions like acs_cleanup() that would
dereference iface->current_mode are not used in such a case.

Get rid of static analyzer warnings by explicitly checking
iface->current_mode in acs_init() for the case where ACS offloading is
not used.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-01-07 16:39:10 +02:00
Jouni Malinen
6014e59c08 P2P: Print find_start in debug log when ignoring old scan results
This makes it easier to debug issues with old scan results being ignored
during P2P_FIND. A single rx_time would have been fine with
os_gettime(), but with os_get_reltime(), both rx_time and find_start
values are needed.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-01-07 13:41:15 +02:00
Jouni Malinen
64845c1f1a l2_packet: Extend bridge workaround RX processing to cover two frames
There was a race condition in how the l2_packet sockets got read that
could result in the same socket (e.g., non-bridge) to process both the
EAP-Success and the immediately following EAPOL-Key msg 1/4 instead of
each frame going in alternative order between the bridge and non-bridge
sockets. This could be hit, e.g., if the wpa_supplicant process did not
have enough CPU to process all the incoming frames without them getting
buffered and both sockets reporting frames simultaneously.

This resulted in the duplicated EAP-Success frame getting delivered
twice for processing and likely also the EAPOL-Key msg 1/4 getting
processed twice. While the latter does not do much harm, the former did
clear the EAP authentication state and could result in issues.

Fix this by extended the l2_packet Linux packet socket workaround for
bridge to check for duplicates against the last two received frames
instead of just the last one.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-01-07 13:30:59 +02:00
Jouni Malinen
447fb0b0da tests: Make eap_check_auth() error on missing selectedMethod clearer
It was possible to hit an error case in ap_wpa2_eap_in_bridge where the
selectedMethod STATUS field was not available. This resulted in not very
helpful "'selectedMethod'" message in the test log file. Make this
clearer by dumping all received STATUS fields and a clearer exception
message indicating that selectedMethod was missing.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-01-07 00:27:50 +02:00
Jouni Malinen
4a539abdbd l2_packet: Improve bridge workaround RX processing
It was possible for the packet socket on the bridge interface to receive
own transmitted frames between the bridge and non-bridge sockets
receiving the same incoming frame from a foreign host. This resulted in
the hash checksum validation step failing to notice a duplicate RX due
to the own frame updating the store hash value.

The own frame did get dropping in RX EAPOL processing, but that was too
late to address the issue with duplicate RX. Fix this by dropping own
frames already in l2_packet layer before checking and updating the last
RX hash value.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-01-07 00:24:10 +02:00
Jouni Malinen
2626666ad7 tests: EAP-PAX local error cases
Signed-off-by: Jouni Malinen <j@w1.fi>
2016-01-06 21:12:59 +02:00
Jouni Malinen
7a36f1184e EAP-PAX: Check hmac_sha1_vector() return value
This function can fail at least in theory, so check its return value
before proceeding. This is mainly helping automated test case coverage
to reach some more error paths.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-01-06 21:12:08 +02:00
Jouni Malinen
1e35aa15a4 tests: WPS and EAP-WSC error cases
Signed-off-by: Jouni Malinen <j@w1.fi>
2016-01-06 20:57:31 +02:00
Jouni Malinen
2386bb9776 tests: EAP-OTP local error cases
Signed-off-by: Jouni Malinen <j@w1.fi>
2016-01-06 20:21:29 +02:00
Jouni Malinen
ac713c0929 tests: WPA2-Enterprise connection using EAP-TTLS/EAP-GTC (OOM)
Signed-off-by: Jouni Malinen <j@w1.fi>
2016-01-06 20:11:15 +02:00
Jouni Malinen
491e2d260d tests: EAP-EKE peer OOM in building ID message
The previous attempt at testing this path ended up selecting a different
wpabuf_alloc() call.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-01-06 20:05:11 +02:00
Jouni Malinen
79a3973c95 tests: WPA2-Enterprise connection using EAP vendor test (OOM)
Signed-off-by: Jouni Malinen <j@w1.fi>
2016-01-06 20:01:59 +02:00
Jouni Malinen
8251be17be tests: Speed up discovery_group_client and nfc_p2p_client
There is no need for these to go through a full scan when the GO
operating channel is known.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-01-06 18:56:31 +02:00
Jouni Malinen
1d20c66e45 P2P: Clear groups first on FLUSH command
This is needed to get proper P2P group removal processing for some test
cases. discovery_group_client followed by nfc_p2p_client was able to hit
a case where the P2P group idle timeout survived to the next group
instance because of the FLUSH command not clearing the group and this
timeout properly.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-01-06 18:49:15 +02:00
Jouni Malinen
27446e471c mesh: Do not force another peering exchange on driver event
If the local driver indicated a peer candidate event when the peer had
already initiated peering exchange in open mesh case, we used to force a
new exchange to be started instead of allowing the previously started
exchange to complete. This is not desirable, so make this initiation of
the new exchange conditional on there not being an already started (or
successfully completed) exchange.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-01-06 17:50:15 +02:00
Jouni Malinen
cc64fe7b9e mesh: Do not clear link state on driver event if exchange was started
If the local driver event for a new peer candidate arrived only after
the peer had already initiated the peering exchange, we used to clear
the link state. This resulted in the already completed (or in progress)
exchange getting abandoned and a new exchange initiated. This is not
desirable since the already started (or even completed) exchange can be
used. Clear the link state only when adding the new STA entry for the
first time, i.e., use the same !sta->my_lid condition in handling the
driver event similarly to how the peer initiated cases were already
handled.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-01-06 17:50:15 +02:00
Jouni Malinen
b5f5c32412 mesh: Add some more details to MPM debug messages
This makes it easier to follow the debug log when trying to figure out
issues with mesh peering exchange.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-01-06 17:50:15 +02:00
Jouni Malinen
7d41907bd9 nl80211: Add a missing space to a debug message
The "nl80211: New peer candidate" debug message did not have a space
before the MAC address.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-01-06 13:20:31 +02:00
Jouni Malinen
6174de663c mesh: Connection and group started/removed events into debug log
The messages were sent out with wpa_msg_ctrl() so they were not visible
in the debug log. However, these would be quite helpful strings to
search for in the debug log, so change these messages to use wpa_msg().

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-01-06 13:13:13 +02:00
Jouni Malinen
2da4a56f22 Add more hostapd.conf documentation for hw_mode with HT/VHT
Try to make it more obvious that hw_mode=a needs to be used with HT and
VHT when using the 5 GHz band.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-01-06 12:50:56 +02:00
Jouni Malinen
acc39435ff EAP-PEAP peer: Cryptobinding in fast-reconnect case with inner EAP
This was reported to fail with Windows 2012r2 with "Invalid Compound_MAC
in cryptobinding TLV". It turns out that the server decided to go
through inner EAP method (EAP-MSCHAPv2 in the reported case) even when
using PEAP fast-reconnect. This seems to be against the [MS-PEAP]
specification which claims that inner EAP method is not used in such a
case. This resulted in a different CMK being derived by the server (used
the version that used ISK) and wpa_supplicant (used the version where
IPMK|CMK = TK without ISK when using fast-reconnect).

Fix this interop issue by making wpa_supplicant to use the
fast-reconnect version of CMK derivation only when using TLS session
resumption and the server having not initiated inner EAP method before
going through the cryptobinding exchange.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-01-05 23:50:50 +02:00
Jouni Malinen
cba9ebfdc2 P2P: Try SD Query with each non-ACK peer only once per search iteration
The previous behavior of bursting out all retry attempts of an SD Query
frame during a single search/listen iteration does not look very helpful
in the case where the peer does not ACK the query frame. Since the peer
was found in the search, but is not ACKing frames anymore, it is likely
that it left its listen state and we might as well do something more
useful to burst out a significant number of frames in hopes of seeing
the peer.

Modify the SD Query design during P2P Search to send out only a single
attempt (with likely multiple link-layer retries, if needed) per
search/listen iteration to each peer that has pending SD queries. Once
no more peers with pending queries remain, force another Listen and
Search phase to go through before continuing with the pending SD
queries.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-01-05 01:03:28 +02:00