wnm_deallocate_memory() left wnm_num_neighbor_report set while freeing
the allocated buffer of neighbor reports. If this function was called
twice in a row without having went through new neighbor report parsing,
invalid pointers could have been freed resulted in segfault.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The newer NFC_REPORT_HANDOVER command is more general version that
handles the cases where NFC_RX_HANDOVER_SEL could potentially have been
used. In addition, with the new WPS NFC design, it is important to
receive the handover request message that was used in the handover in
addition to the select message, so the NFC_RX_HANDOVER_SEL command on
its own would not be sufficient for this.
Signed-off-by: Jouni Malinen <j@w1.fi>
Now that WPS 2.0 support is enabled unconditionally, WEP and Shared auth
type are not allowed. This made some of the older code unused and that
can now be removed to clean up the implementation. There is still one
place where WEP is allowed for testing purposes: wpa_supplicant as
Registrar trying to configure an AP to use WEP. That is now only allowed
in CONFIG_TESTING_OPTIONS=y builds, though.
Signed-off-by: Jouni Malinen <j@w1.fi>
Commit dbfb8e82ff changed the Action frame
RX payload pointer design to point to a different field. WNM Sleep Mode
Response handler updated one of the uses to accommodate this change, but
that commit missed another use for key data length. This resulted in GTK
and IGTK being ignored in many cases when waking up from WNM Sleep Mode
with PMF enabled.
Signed-off-by: Jouni Malinen <j@w1.fi>
This allows a subset of channels to be specified for the scan used to
find the network when the SELECT_NETWORK ctrl_iface command is issued.
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
req_conn_capab and required_roaming_consortium parameters were not
written into the cred block when requesting wpa_supplicant to write the
configuration file.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
"GET_CRED <id> <field>" can now be used to fetch credential parameters
over the control interface. This does not allow passwords etc. private
material to be retrieved ("*" is returned for those if the value is set
regardless of the value). FAIL is returned if the requested parameter
has not been set. For cred parameters that can have multiple values,
newline separated list of values is returned.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Following events are now sent to ctrl_iface monitors to indicate if
credential blocks have been added, modified, or removed:
CRED-ADDED <id>
CRED-MODIFIED <id> <field>
CRED-REMOVE <id>
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
It is required to read IMSI from SIM if it has not already been done
when comparing HS 2.0 AP 3GPP information with the local credentials.
Signed-off-by: Jean Trivelly <jean.trivelly@intel.com>
When an ANQP fetch is triggered and ANQP_3GPP_CELLULAR_NETWORK info is
required, initialize scard to be ready when comparing ANQP and
credentials.
Signed-off-by: Jean Trivelly <jean.trivelly@intel.com>
If a separate P2P group interface is used, PBC overlap during group
formation causes the group interface to be removed, which ends up with
the interface context becoming invalid. Fix this by scheduling a timeout
to process the PBC overlap and interface removal instead of removing the
interface directly before the connection operation has returned.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
This was forgotten from the per-network ocsp parameter addition. The new
parameter needs to be stored to the configuration file similarly to the
other EAP parameters.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
If a new connection is attempted while there is a pending sme-connection
radio work, cancel the pending radio work and continue with the new
connection attempt. This is preferable over rejecting the new work and
continuing with the pending one, as it is possible that the previous
work is no longer valid.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
According to the standard, if the max A-MPDU VHT cap is <= 3, we
have to adjust the max A-MPDU HT cap to the same value. Otherwise
it should be set to 3.
Take care of it when the max VHT A-MPDU value is overridden.
Signed-off-by: Eliad Peller <eliadx.peller@intel.com>
While framing the TDLS Setup Confirmation frame, the driver needs to
know if the TDLS peer is VHT/HT/WMM capable and thus shall construct the
VHT/HT operation / WMM parameter elements accordingly. Supplicant
determines if the TDLS peer is VHT/HT/WMM capable based on the presence
of the respective IEs in the received TDLS Setup Response frame.
The host driver should not need to parse the received TDLS Response
frame and thus, should be able to rely on the supplicant to indicate
the capability of the peer through additional flags while transmitting
the TDLS Setup Confirmation frame through tdls_mgmt operations.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This allows a single ANQP query to be used to fetch both IEEE 802.11
defined ANQP elements and Hotspot 2.0 vendor specific elements.
ANQP_GET <addr> <info id>[,<info id>]...
[,hs20:<subtype>][...,hs20:<subtype>]
For example:
ANQP_GET 00:11:22:33:44:55:66 258,268,hs20:3,hs20:4
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
This allows drivers that build the WPA/RSN IEs internally to use similar
design for building the OSEN IE.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
There is not much point in building devices with WPS 1.0 only supported
nowadays. As such, there is not sufficient justification for maintaining
extra complexity for the CONFIG_WPS2 build option either. Remove this by
enabling WSC 2.0 support unconditionally.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Use P2P group formation timeout to wait for the 4-way handshake to
complete on a persistent reinvocation on a P2P Client.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Scan for GO on the negotiated operating channel for few iterations
before searching on all the supported channels during persistent group
reinvocation. In addition, use the already known SSID of the group in
the scans. These optimizations reduce group formation time.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This makes it easier to debug wpa_supplicant behavior when reporting
20/40 MHz co-ex information based on OBSS scans.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The 40 MHz intolerant bit needs to be checked before skipping the BSS
based on the channel already being in the lost (which could have
happened due to another BSS that does not indicate 40 MHz intolerant).
This fixed the 20/40 MHz co-ex report to indicate 20 MHz request
properly if there are both 40 MHz tolerant and intolerant BSSes on the
same channel.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
It does return something: the reference of the request, as an integer,
which can be used then with ServiceDiscoveryCancelRequest to get
canceled.
Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
p2p_sd_cancel_request returns -1 in case of error, so does
wpas_p2p_sd_cancel_request.
Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
Whenever an ongoing GO Neg has failed, due to interface init, the P2P
Device should cancel timeouts and issue wpas_p2p_group_formation_failed,
so the other peer detects faster group formation has failed.
Signed-off-by: Eduardo Abinader <eduardo.abinader@openbossa.org>
Some old device need to set p2p_no_group_iface=1 to set up a P2P
connection, so add a D-Bus interface to configure it.
Signed-off-by: Guoqiang Liu <guoqiang.liu@archermind.com>
"SET blob <name> <hexdump>" can now be used to set a configuration blob
through the wpa_supplicant control interface.
Signed-off-by: Jouni Malinen <j@w1.fi>
The radio_work type was stored within the dynamically allocated
wpa_radio_work buffer and that buffer ended up getting freed before the
final use of the type string within radio_work_done(). This resulted in
freed memory being used for a debug print. Avoid this by freeing the
wpa_external_work instance after having completed radio_work_done() for
the related work.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This allows hostapd to set a different management group cipher than the
previously hardcoded default BIP (AES-128-CMAC). The new configuration
file parameter group_mgmt_cipher can be set to BIP-GMAC-128,
BIP-GMAC-256, or BIP-CMAC-256 to select one of the ciphers defined in
IEEE Std 802.11ac-2013.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
If a group interface is present and the command was issued on the group
interface, enable the token for that interface instead of creating a new
one.
Signed-off-by: Manish <manish.bansal@broadcom.com>
A previous patch "Support VHT capability overrides" missed one
place where HT overrides were being applied and where it would
also be useful to apply VHT overrides.
Signed-hostap: Paul Stewart <pstew@chromium.org>
The ieee80211w parameter was not previously copied to the hostapd BSS
structure from wpa_supplicant configuration, so PMF was practically
disabled. Allow it to be configured through the wpa_supplicant network
configuration block.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Add "reattach" command to perform single-channel single-ssid scan
instead of full scan when trying to reconnect to the currently
"connected" network (assuming old scan results are not current enough to
skip the scan completely). This allows the scan result to come back in
much faster time. In ath9k, the scan took around 12 seconds with full
background scan, and only 0.1 second with the single-channel single-ssid
scan. Thus, take much less time for the client to re-establish
connection with the currently "connected" network.
Signed-hostap: Peter Qiu <zqiu@chromium.org>
This makes stations associate much faster when using lots of stations.
In addition, this avoids delaying the initial scan continuously for
dynamic interface removal/addition cases.
Signed-hostap: Ben Greear <greearb@candelatech.com>
When a sched_scan_stopped event is received and there is a pending PNO,
it used regular scheduled scan parameters instead of PNO specific
parameters. Change it by calling wpas_start_pno().
Signed-off-by: Alexander Bondar <alexander.bondar@intel.com>
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Move pno_start() and pno_stop() to scan.c as a more relevant location
and rename them to wpas_start_pno()/wpas_stop_pno().
Signed-off-by: Alexander Bondar <alexander.bondar@intel.com>
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Previously, EAP-SIM/AKA/AKA' did not work with number of crypto
libraries (GnuTLS, CryptoAPI, NSS) since the required FIPS 186-2 PRF
function was not implemented. This resulted in somewhat confusing error
messages since the placeholder functions were silently returning an
error. Fix this by using the internal implementation of FIP 186-2 PRF
(including internal SHA-1 implementation) with crypto libraries that do
not implement this in case EAP-SIM/AKA/AKA' is included in the build.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>