Cumulative patch from commit 01a025937c67f0eca6021d94b8ec3b144f8b1730
01a0259 WPS: Add support for 60 GHz band
0ef1e29 WPS: Fix shorter authentication timeout during no-SelReg iteration
3465176 nl80211: Verify that cipher suite conversion succeeds
a250722 Try to set PMK only with key mgmt offload support in the driver
4a7ce98 Make IPv6 NA multicast-to-unicast conversion configurable
9f390f4 Interworking: Fix network selection warning without SIM/USIM support
a0ad9e8 Remove WPA per-VLAN groups when no more stations remain
87b5b53 Make VLAN ID available in STA info over control interface
5678a2d P2P: Allow wpa_supplicant to start if social channels are not supported
209214b vlan: Move CONFIG_FULL_DYNAMIC_VLAN includes to proper places
a6da824 Do not use C++ reserved words as variable names
eaa3728 wpa_gui: Themed icon loader
9a3cb41 Fix wpa_priv (CONFIG_PRIVSEP=y) build
8b423ed Declare all read only data structures as const
fd4fb28 OpenSSL: Try to ensure we don't throw away the PIN unnecessarily
fabc6dd mesh: Retransmit the last Commit Message in the Committed state
068669f vlan: Verify RADIUS returned VLAN-ID and dynamic_vlan=required
5add410 WPS: Use shorter authentication timeout during no-SelReg iteration
e7d2034 WPS: Enforce five second minimum time before AP iteration
bd143cc Remove trailing whitespace from Makefile
74802c0 P2P: Do not create a P2P Device interface if P2P is disabled
579674e Document p2p_disabled option in wpa_supplicant.conf
8ea8a89 nl80211: Extend unique MAC address assignment for station iftype
Change-Id: I8bc8a63f37c0892b83376b9d5a5859827ae50554
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
diff --git a/hostapd/config_file.c b/hostapd/config_file.c
index 1186644..0c1f401 100644
--- a/hostapd/config_file.c
+++ b/hostapd/config_file.c
@@ -2545,7 +2545,9 @@
return 1;
}
} else if (os_strcmp(buf, "wps_rf_bands") == 0) {
- if (os_strcmp(pos, "a") == 0)
+ if (os_strcmp(pos, "ad") == 0)
+ bss->wps_rf_bands = WPS_RF_60GHZ;
+ else if (os_strcmp(pos, "a") == 0)
bss->wps_rf_bands = WPS_RF_50GHZ;
else if (os_strcmp(pos, "g") == 0 ||
os_strcmp(pos, "b") == 0)
@@ -3138,6 +3140,8 @@
bss->disable_dgaf = atoi(pos);
} else if (os_strcmp(buf, "proxy_arp") == 0) {
bss->proxy_arp = atoi(pos);
+ } else if (os_strcmp(buf, "na_mcast_to_ucast") == 0) {
+ bss->na_mcast_to_ucast = atoi(pos);
} else if (os_strcmp(buf, "osen") == 0) {
bss->osen = atoi(pos);
} else if (os_strcmp(buf, "anqp_domain_id") == 0) {
diff --git a/hostapd/hostapd.conf b/hostapd/hostapd.conf
index 90d1523..5c6b28d 100644
--- a/hostapd/hostapd.conf
+++ b/hostapd/hostapd.conf
@@ -1433,7 +1433,7 @@
# 12-digit, all-numeric code that identifies the consumer package.
#upc=123456789012
-# WPS RF Bands (a = 5G, b = 2.4G, g = 2.4G, ag = dual band)
+# WPS RF Bands (a = 5G, b = 2.4G, g = 2.4G, ag = dual band, ad = 60 GHz)
# This value should be set according to RF band(s) supported by the AP if
# hw_mode is not set. For dual band dual concurrent devices, this needs to be
# set to ag to allow both RF bands to be advertized.
@@ -1493,6 +1493,13 @@
# 1 = enabled
#proxy_arp=1
+# IPv6 Neighbor Advertisement multicast-to-unicast conversion
+# This can be used with Proxy ARP to allow multicast NAs to be forwarded to
+# associated STAs using link layer unicast delivery.
+# 0 = disabled (default)
+# 1 = enabled
+#na_mcast_to_ucast=0
+
##### IEEE 802.11u-2011 #######################################################
# Enable Interworking service
diff --git a/hostapd/hostapd_cli.c b/hostapd/hostapd_cli.c
index 719d021..e299183 100644
--- a/hostapd/hostapd_cli.c
+++ b/hostapd/hostapd_cli.c
@@ -17,16 +17,16 @@
#include "common/version.h"
-static const char *hostapd_cli_version =
+static const char *const hostapd_cli_version =
"hostapd_cli v" VERSION_STR "\n"
"Copyright (c) 2004-2015, Jouni Malinen <j@w1.fi> and contributors";
-static const char *hostapd_cli_license =
+static const char *const hostapd_cli_license =
"This software may be distributed under the terms of the BSD license.\n"
"See README for more details.\n";
-static const char *hostapd_cli_full_license =
+static const char *const hostapd_cli_full_license =
"This software may be distributed under the terms of the BSD license.\n"
"\n"
"Redistribution and use in source and binary forms, with or without\n"
@@ -57,7 +57,7 @@
"OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n"
"\n";
-static const char *commands_help =
+static const char *const commands_help =
"Commands:\n"
" mib get MIB variables (dot1x, dot11, radius)\n"
" sta <addr> get MIB variables for one station\n"
@@ -1015,7 +1015,7 @@
int (*handler)(struct wpa_ctrl *ctrl, int argc, char *argv[]);
};
-static struct hostapd_cli_cmd hostapd_cli_commands[] = {
+static const struct hostapd_cli_cmd hostapd_cli_commands[] = {
{ "ping", hostapd_cli_cmd_ping },
{ "mib", hostapd_cli_cmd_mib },
{ "relog", hostapd_cli_cmd_relog },
@@ -1070,7 +1070,7 @@
static void wpa_request(struct wpa_ctrl *ctrl, int argc, char *argv[])
{
- struct hostapd_cli_cmd *cmd, *match = NULL;
+ const struct hostapd_cli_cmd *cmd, *match = NULL;
int count;
count = 0;
diff --git a/src/ap/ap_config.c b/src/ap/ap_config.c
index cccbfab..c44f70d 100644
--- a/src/ap/ap_config.c
+++ b/src/ap/ap_config.c
@@ -819,9 +819,9 @@
if (full_config && bss->wps_state && bss->wpa &&
(!(bss->wpa & 2) ||
- !(bss->rsn_pairwise & WPA_CIPHER_CCMP))) {
+ !(bss->rsn_pairwise & (WPA_CIPHER_CCMP | WPA_CIPHER_GCMP)))) {
wpa_printf(MSG_INFO, "WPS: WPA/TKIP configuration without "
- "WPA2/CCMP forced WPS to be disabled");
+ "WPA2/CCMP/GCMP forced WPS to be disabled");
bss->wps_state = 0;
}
#endif /* CONFIG_WPS */
diff --git a/src/ap/ap_config.h b/src/ap/ap_config.h
index 7b4a7ea..c3573a4 100644
--- a/src/ap/ap_config.h
+++ b/src/ap/ap_config.h
@@ -490,6 +490,7 @@
int osen;
int proxy_arp;
+ int na_mcast_to_ucast;
#ifdef CONFIG_HS20
int hs20;
int disable_dgaf;
diff --git a/src/ap/ctrl_iface_ap.c b/src/ap/ctrl_iface_ap.c
index 41ab988..60afcb0 100644
--- a/src/ap/ctrl_iface_ap.c
+++ b/src/ap/ctrl_iface_ap.c
@@ -153,6 +153,13 @@
}
#endif /* CONFIG_SAE */
+ if (sta->vlan_id > 0) {
+ res = os_snprintf(buf + len, buflen - len, "vlan_id=%d\n",
+ sta->vlan_id);
+ if (!os_snprintf_error(buflen - len, res))
+ len += res;
+ }
+
return len;
}
diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c
index 5b26558..9e7d70d 100644
--- a/src/ap/ieee802_11.c
+++ b/src/ap/ieee802_11.c
@@ -609,7 +609,7 @@
return WLAN_STATUS_SUCCESS;
sta->sae->sync++;
- ret = auth_sae_send_commit(hapd, sta, bssid, 1);
+ ret = auth_sae_send_commit(hapd, sta, bssid, 0);
if (ret)
return ret;
diff --git a/src/ap/ieee802_11_auth.c b/src/ap/ieee802_11_auth.c
index 56c3ce0..0238257 100644
--- a/src/ap/ieee802_11_auth.c
+++ b/src/ap/ieee802_11_auth.c
@@ -561,6 +561,19 @@
if (hapd->conf->wpa_psk_radius == PSK_RADIUS_REQUIRED &&
!cache->psk)
cache->accepted = HOSTAPD_ACL_REJECT;
+
+ if (cache->vlan_id &&
+ !hostapd_vlan_id_valid(hapd->conf->vlan, cache->vlan_id)) {
+ hostapd_logger(hapd, query->addr,
+ HOSTAPD_MODULE_RADIUS,
+ HOSTAPD_LEVEL_INFO,
+ "Invalid VLAN ID %d received from RADIUS server",
+ cache->vlan_id);
+ cache->vlan_id = 0;
+ }
+ if (hapd->conf->ssid.dynamic_vlan == DYNAMIC_VLAN_REQUIRED &&
+ !cache->vlan_id)
+ cache->accepted = HOSTAPD_ACL_REJECT;
} else
cache->accepted = HOSTAPD_ACL_REJECT;
cache->next = hapd->acl_cache;
diff --git a/src/ap/ieee802_1x.c b/src/ap/ieee802_1x.c
index 863a539..ef26834 100644
--- a/src/ap/ieee802_1x.c
+++ b/src/ap/ieee802_1x.c
@@ -1285,7 +1285,7 @@
struct sta_info *sta,
struct radius_msg *msg)
{
- u8 *class;
+ u8 *attr_class;
size_t class_len;
struct eapol_state_machine *sm = sta->eapol_sm;
int count, i;
@@ -1307,12 +1307,12 @@
nclass_count = 0;
- class = NULL;
+ attr_class = NULL;
for (i = 0; i < count; i++) {
do {
if (radius_msg_get_attr_ptr(msg, RADIUS_ATTR_CLASS,
- &class, &class_len,
- class) < 0) {
+ &attr_class, &class_len,
+ attr_class) < 0) {
i = count;
break;
}
@@ -1322,7 +1322,7 @@
if (nclass[nclass_count].data == NULL)
break;
- os_memcpy(nclass[nclass_count].data, class, class_len);
+ os_memcpy(nclass[nclass_count].data, attr_class, class_len);
nclass[nclass_count].len = class_len;
nclass_count++;
}
@@ -2342,9 +2342,9 @@
}
-static const char * bool_txt(Boolean bool)
+static const char * bool_txt(Boolean val)
{
- return bool ? "TRUE" : "FALSE";
+ return val ? "TRUE" : "FALSE";
}
diff --git a/src/ap/ndisc_snoop.c b/src/ap/ndisc_snoop.c
index b0d42dc..0adcc97 100644
--- a/src/ap/ndisc_snoop.c
+++ b/src/ap/ndisc_snoop.c
@@ -81,6 +81,18 @@
}
+static void ucast_to_stas(struct hostapd_data *hapd, const u8 *buf, size_t len)
+{
+ struct sta_info *sta;
+
+ for (sta = hapd->sta_list; sta; sta = sta->next) {
+ if (!(sta->flags & WLAN_STA_AUTHORIZED))
+ continue;
+ x_snoop_mcast_to_ucast_convert_send(hapd, sta, (u8 *) buf, len);
+ }
+}
+
+
static void handle_ndisc(void *ctx, const u8 *src_addr, const u8 *buf,
size_t len)
{
@@ -133,16 +145,12 @@
}
break;
case ROUTER_ADVERTISEMENT:
- if (!hapd->conf->disable_dgaf)
- return;
- /* fall through */
+ if (hapd->conf->disable_dgaf)
+ ucast_to_stas(hapd, buf, len);
+ break;
case NEIGHBOR_ADVERTISEMENT:
- for (sta = hapd->sta_list; sta; sta = sta->next) {
- if (!(sta->flags & WLAN_STA_AUTHORIZED))
- continue;
- x_snoop_mcast_to_ucast_convert_send(hapd, sta,
- (u8 *) buf, len);
- }
+ if (hapd->conf->na_mcast_to_ucast)
+ ucast_to_stas(hapd, buf, len);
break;
default:
break;
diff --git a/src/ap/vlan_init.c b/src/ap/vlan_init.c
index baabbe3..b89a1f4 100644
--- a/src/ap/vlan_init.c
+++ b/src/ap/vlan_init.c
@@ -9,6 +9,13 @@
*/
#include "utils/includes.h"
+#ifdef CONFIG_FULL_DYNAMIC_VLAN
+#include <net/if.h>
+#include <sys/ioctl.h>
+#include <linux/sockios.h>
+#include <linux/if_vlan.h>
+#include <linux/if_bridge.h>
+#endif /* CONFIG_FULL_DYNAMIC_VLAN */
#include "utils/common.h"
#include "hostapd.h"
@@ -20,12 +27,6 @@
#ifdef CONFIG_FULL_DYNAMIC_VLAN
-#include <net/if.h>
-#include <sys/ioctl.h>
-#include <linux/sockios.h>
-#include <linux/if_vlan.h>
-#include <linux/if_bridge.h>
-
#include "drivers/priv_netlink.h"
#include "utils/eloop.h"
diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c
index b83b460..f23a57a 100644
--- a/src/ap/wpa_auth.c
+++ b/src/ap/wpa_auth.c
@@ -45,6 +45,12 @@
struct wpa_group *group);
static int wpa_derive_ptk(struct wpa_state_machine *sm, const u8 *snonce,
const u8 *pmk, struct wpa_ptk *ptk);
+static void wpa_group_free(struct wpa_authenticator *wpa_auth,
+ struct wpa_group *group);
+static void wpa_group_get(struct wpa_authenticator *wpa_auth,
+ struct wpa_group *group);
+static void wpa_group_put(struct wpa_authenticator *wpa_auth,
+ struct wpa_group *group);
static const u32 dot11RSNAConfigGroupUpdateCount = 4;
static const u32 dot11RSNAConfigPairwiseUpdateCount = 4;
@@ -262,15 +268,22 @@
static void wpa_rekey_gtk(void *eloop_ctx, void *timeout_ctx)
{
struct wpa_authenticator *wpa_auth = eloop_ctx;
- struct wpa_group *group;
+ struct wpa_group *group, *next;
wpa_auth_logger(wpa_auth, NULL, LOGGER_DEBUG, "rekeying GTK");
- for (group = wpa_auth->group; group; group = group->next) {
+ group = wpa_auth->group;
+ while (group) {
+ wpa_group_get(wpa_auth, group);
+
group->GTKReKey = TRUE;
do {
group->changed = FALSE;
wpa_group_sm_step(wpa_auth, group);
} while (group->changed);
+
+ next = group->next;
+ wpa_group_put(wpa_auth, group);
+ group = next;
}
if (wpa_auth->conf.wpa_group_rekey) {
@@ -573,6 +586,7 @@
sm->wpa_auth = wpa_auth;
sm->group = wpa_auth->group;
+ wpa_group_get(sm->wpa_auth, sm->group);
return sm;
}
@@ -651,6 +665,7 @@
#endif /* CONFIG_IEEE80211R */
os_free(sm->last_rx_eapol_key);
os_free(sm->wpa_ie);
+ wpa_group_put(sm->wpa_auth, sm->group);
os_free(sm);
}
@@ -2994,9 +3009,9 @@
}
-static const char * wpa_bool_txt(int bool)
+static const char * wpa_bool_txt(int val)
{
- return bool ? "TRUE" : "FALSE";
+ return val ? "TRUE" : "FALSE";
}
@@ -3281,6 +3296,63 @@
}
+/*
+ * Remove and free the group from wpa_authenticator. This is triggered by a
+ * callback to make sure nobody is currently iterating the group list while it
+ * gets modified.
+ */
+static void wpa_group_free(struct wpa_authenticator *wpa_auth,
+ struct wpa_group *group)
+{
+ struct wpa_group *prev = wpa_auth->group;
+
+ wpa_printf(MSG_DEBUG, "WPA: Remove group state machine for VLAN-ID %d",
+ group->vlan_id);
+
+ while (prev) {
+ if (prev->next == group) {
+ /* This never frees the special first group as needed */
+ prev->next = group->next;
+ os_free(group);
+ break;
+ }
+ prev = prev->next;
+ }
+
+}
+
+
+/* Increase the reference counter for group */
+static void wpa_group_get(struct wpa_authenticator *wpa_auth,
+ struct wpa_group *group)
+{
+ /* Skip the special first group */
+ if (wpa_auth->group == group)
+ return;
+
+ group->references++;
+}
+
+
+/* Decrease the reference counter and maybe free the group */
+static void wpa_group_put(struct wpa_authenticator *wpa_auth,
+ struct wpa_group *group)
+{
+ /* Skip the special first group */
+ if (wpa_auth->group == group)
+ return;
+
+ group->references--;
+ if (group->references)
+ return;
+ wpa_group_free(wpa_auth, group);
+}
+
+
+/*
+ * Add a group that has its references counter set to zero. Caller needs to
+ * call wpa_group_get() on the return value to mark the entry in use.
+ */
static struct wpa_group *
wpa_auth_add_group(struct wpa_authenticator *wpa_auth, int vlan_id)
{
@@ -3331,7 +3403,10 @@
wpa_printf(MSG_DEBUG, "WPA: Moving STA " MACSTR " to use group state "
"machine for VLAN ID %d", MAC2STR(sm->addr), vlan_id);
+ wpa_group_get(sm->wpa_auth, group);
+ wpa_group_put(sm->wpa_auth, sm->group);
sm->group = group;
+
return 0;
}
diff --git a/src/ap/wpa_auth_i.h b/src/ap/wpa_auth_i.h
index 7b2cd3e..57b098f 100644
--- a/src/ap/wpa_auth_i.h
+++ b/src/ap/wpa_auth_i.h
@@ -169,6 +169,8 @@
u8 IGTK[2][WPA_IGTK_MAX_LEN];
int GN_igtk, GM_igtk;
#endif /* CONFIG_IEEE80211W */
+ /* Number of references except those in struct wpa_group->next */
+ unsigned int references;
};
diff --git a/src/ap/wps_hostapd.c b/src/ap/wps_hostapd.c
index 68eaeca..caed01e 100644
--- a/src/ap/wps_hostapd.c
+++ b/src/ap/wps_hostapd.c
@@ -347,8 +347,12 @@
bss->wpa_key_mgmt = WPA_KEY_MGMT_PSK;
bss->wpa_pairwise = 0;
- if (cred->encr_type & WPS_ENCR_AES)
- bss->wpa_pairwise |= WPA_CIPHER_CCMP;
+ if (cred->encr_type & WPS_ENCR_AES) {
+ if (hapd->iconf->hw_mode == HOSTAPD_MODE_IEEE80211AD)
+ bss->wpa_pairwise |= WPA_CIPHER_GCMP;
+ else
+ bss->wpa_pairwise |= WPA_CIPHER_CCMP;
+ }
if (cred->encr_type & WPS_ENCR_TKIP)
bss->wpa_pairwise |= WPA_CIPHER_TKIP;
bss->rsn_pairwise = bss->wpa_pairwise;
@@ -530,7 +534,11 @@
fprintf(nconf, "wpa_pairwise=");
prefix = "";
if (cred->encr_type & WPS_ENCR_AES) {
- fprintf(nconf, "CCMP");
+ if (hapd->iconf->hw_mode == HOSTAPD_MODE_IEEE80211AD)
+ fprintf(nconf, "GCMP");
+ else
+ fprintf(nconf, "CCMP");
+
prefix = " ";
}
if (cred->encr_type & WPS_ENCR_TKIP) {
@@ -844,7 +852,9 @@
struct hostapd_data *hapd = ctx;
return hapd->iconf->hw_mode == HOSTAPD_MODE_IEEE80211A ?
- WPS_RF_50GHZ : WPS_RF_24GHZ; /* FIX: dualband AP */
+ WPS_RF_50GHZ :
+ hapd->iconf->hw_mode == HOSTAPD_MODE_IEEE80211AD ?
+ WPS_RF_60GHZ : WPS_RF_24GHZ; /* FIX: dualband AP */
}
@@ -1041,7 +1051,9 @@
} else {
wps->dev.rf_bands =
hapd->iconf->hw_mode == HOSTAPD_MODE_IEEE80211A ?
- WPS_RF_50GHZ : WPS_RF_24GHZ; /* FIX: dualband AP */
+ WPS_RF_50GHZ :
+ hapd->iconf->hw_mode == HOSTAPD_MODE_IEEE80211AD ?
+ WPS_RF_60GHZ : WPS_RF_24GHZ; /* FIX: dualband AP */
}
if (conf->wpa & WPA_PROTO_RSN) {
diff --git a/src/common/ieee802_11_common.c b/src/common/ieee802_11_common.c
index 7843e6f..e23007a 100644
--- a/src/common/ieee802_11_common.c
+++ b/src/common/ieee802_11_common.c
@@ -564,27 +564,27 @@
}
-static const char *us_op_class_cc[] = {
+static const char *const us_op_class_cc[] = {
"US", "CA", NULL
};
-static const char *eu_op_class_cc[] = {
+static const char *const eu_op_class_cc[] = {
"AL", "AM", "AT", "AZ", "BA", "BE", "BG", "BY", "CH", "CY", "CZ", "DE",
"DK", "EE", "EL", "ES", "FI", "FR", "GE", "HR", "HU", "IE", "IS", "IT",
"LI", "LT", "LU", "LV", "MD", "ME", "MK", "MT", "NL", "NO", "PL", "PT",
"RO", "RS", "RU", "SE", "SI", "SK", "TR", "UA", "UK", NULL
};
-static const char *jp_op_class_cc[] = {
+static const char *const jp_op_class_cc[] = {
"JP", NULL
};
-static const char *cn_op_class_cc[] = {
+static const char *const cn_op_class_cc[] = {
"CN", "CA", NULL
};
-static int country_match(const char *cc[], const char *country)
+static int country_match(const char *const cc[], const char *const country)
{
int i;
diff --git a/src/crypto/crypto_module_tests.c b/src/crypto/crypto_module_tests.c
index 7137c27..1d613c9 100644
--- a/src/crypto/crypto_module_tests.c
+++ b/src/crypto/crypto_module_tests.c
@@ -161,7 +161,7 @@
u8 tag[16];
};
-static struct omac1_test_vector omac1_test_vectors[] =
+static const struct omac1_test_vector omac1_test_vectors[] =
{
{
{ 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
@@ -210,7 +210,8 @@
};
-static int test_omac1_vector(struct omac1_test_vector *tv, unsigned int i)
+static int test_omac1_vector(const struct omac1_test_vector *tv,
+ unsigned int i)
{
u8 key[] = {
0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
@@ -983,14 +984,14 @@
}
-static u8 key0[] =
+static const u8 key0[] =
{
0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
0x0b, 0x0b, 0x0b, 0x0b
};
-static u8 data0[] = "Hi There";
-static u8 prf0[] =
+static const u8 data0[] = "Hi There";
+static const u8 prf0[] =
{
0xbc, 0xd4, 0xc6, 0x50, 0xb3, 0x0b, 0x96, 0x84,
0x95, 0x18, 0x29, 0xe0, 0xd7, 0x5f, 0x9d, 0x54,
@@ -1002,9 +1003,9 @@
0xdb, 0x83, 0x73, 0x69, 0x83, 0x56, 0xcf, 0x5a
};
-static u8 key1[] = "Jefe";
-static u8 data1[] = "what do ya want for nothing?";
-static u8 prf1[] =
+static const u8 key1[] = "Jefe";
+static const u8 data1[] = "what do ya want for nothing?";
+static const u8 prf1[] =
{
0x51, 0xf4, 0xde, 0x5b, 0x33, 0xf2, 0x49, 0xad,
0xf8, 0x1a, 0xeb, 0x71, 0x3a, 0x3c, 0x20, 0xf4,
@@ -1017,13 +1018,13 @@
};
-static u8 key2[] =
+static const u8 key2[] =
{
0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
0xaa, 0xaa, 0xaa, 0xaa
};
-static u8 data2[] =
+static const u8 data2[] =
{
0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
@@ -1033,7 +1034,7 @@
0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
0xdd, 0xdd
};
-static u8 prf2[] =
+static const u8 prf2[] =
{
0xe1, 0xac, 0x54, 0x6e, 0xc4, 0xcb, 0x63, 0x6f,
0x99, 0x76, 0x48, 0x7b, 0xe5, 0xc8, 0x6b, 0xe1,
@@ -1052,7 +1053,7 @@
char psk[32];
};
-static struct passphrase_test passphrase_tests[] =
+static const struct passphrase_test passphrase_tests[] =
{
{
"password",
@@ -1097,7 +1098,7 @@
size_t dk_len;
};
-static struct rfc6070_test rfc6070_tests[] =
+static const struct rfc6070_test rfc6070_tests[] =
{
{
"password",
@@ -1214,7 +1215,7 @@
wpa_printf(MSG_INFO, "PBKDF2-SHA1 Passphrase test cases:");
for (i = 0; i < NUM_PASSPHRASE_TESTS; i++) {
u8 psk[32];
- struct passphrase_test *test = &passphrase_tests[i];
+ const struct passphrase_test *test = &passphrase_tests[i];
if (pbkdf2_sha1(test->passphrase,
(const u8 *) test->ssid, strlen(test->ssid),
@@ -1230,7 +1231,7 @@
wpa_printf(MSG_INFO, "PBKDF2-SHA1 test cases (RFC 6070):");
for (i = 0; i < NUM_RFC6070_TESTS; i++) {
u8 dk[25];
- struct rfc6070_test *test = &rfc6070_tests[i];
+ const struct rfc6070_test *test = &rfc6070_tests[i];
if (pbkdf2_sha1(test->p, (const u8 *) test->s, strlen(test->s),
test->c, dk, test->dk_len) == 0 &&
@@ -1248,7 +1249,7 @@
}
-struct {
+const struct {
char *data;
u8 hash[32];
} tests[] = {
@@ -1272,7 +1273,7 @@
}
};
-struct hmac_test {
+const struct hmac_test {
u8 key[80];
size_t key_len;
u8 data[128];
@@ -1513,7 +1514,7 @@
}
for (i = 0; i < ARRAY_SIZE(hmac_tests); i++) {
- struct hmac_test *t = &hmac_tests[i];
+ const struct hmac_test *t = &hmac_tests[i];
wpa_printf(MSG_INFO, "HMAC-SHA256 test case %d:", i + 1);
diff --git a/src/crypto/dh_groups.c b/src/crypto/dh_groups.c
index d3b2631..3aeb2bb 100644
--- a/src/crypto/dh_groups.c
+++ b/src/crypto/dh_groups.c
@@ -1153,7 +1153,7 @@
dh_group ## id ## _order, sizeof(dh_group ## id ## _order), safe }
-static struct dh_group dh_groups[] = {
+static const struct dh_group dh_groups[] = {
DH_GROUP(5, 1),
#ifdef ALL_DH_GROUPS
DH_GROUP(1, 1),
diff --git a/src/crypto/tls.h b/src/crypto/tls.h
index f9e2e10..d13657e 100644
--- a/src/crypto/tls.h
+++ b/src/crypto/tls.h
@@ -253,6 +253,7 @@
int tls_connection_shutdown(void *tls_ctx, struct tls_connection *conn);
enum {
+ TLS_SET_PARAMS_ENGINE_PRV_BAD_PIN = -4,
TLS_SET_PARAMS_ENGINE_PRV_VERIFY_FAILED = -3,
TLS_SET_PARAMS_ENGINE_PRV_INIT_FAILED = -2
};
@@ -263,10 +264,12 @@
* @conn: Connection context data from tls_connection_init()
* @params: Connection parameters
* Returns: 0 on success, -1 on failure,
- * TLS_SET_PARAMS_ENGINE_PRV_INIT_FAILED (-2) on possible PIN error causing
- * PKCS#11 engine failure, or
+ * TLS_SET_PARAMS_ENGINE_PRV_INIT_FAILED (-2) on error causing PKCS#11 engine
+ * failure, or
* TLS_SET_PARAMS_ENGINE_PRV_VERIFY_FAILED (-3) on failure to verify the
- * PKCS#11 engine private key.
+ * PKCS#11 engine private key, or
+ * TLS_SET_PARAMS_ENGINE_PRV_BAD_PIN (-4) on PIN error causing PKCS#11 engine
+ * failure.
*/
int __must_check
tls_connection_set_params(void *tls_ctx, struct tls_connection *conn,
@@ -277,10 +280,12 @@
* @tls_ctx: TLS context data from tls_init()
* @params: Global TLS parameters
* Returns: 0 on success, -1 on failure,
- * TLS_SET_PARAMS_ENGINE_PRV_INIT_FAILED (-2) on possible PIN error causing
- * PKCS#11 engine failure, or
+ * TLS_SET_PARAMS_ENGINE_PRV_INIT_FAILED (-2) on error causing PKCS#11 engine
+ * failure, or
* TLS_SET_PARAMS_ENGINE_PRV_VERIFY_FAILED (-3) on failure to verify the
- * PKCS#11 engine private key.
+ * PKCS#11 engine private key, or
+ * TLS_SET_PARAMS_ENGINE_PRV_BAD_PIN (-4) on PIN error causing PKCS#11 engine
+ * failure.
*/
int __must_check tls_global_set_params(
void *tls_ctx, const struct tls_connection_params *params);
diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
index cbd35c4..ffcf83a 100644
--- a/src/crypto/tls_openssl.c
+++ b/src/crypto/tls_openssl.c
@@ -890,6 +890,27 @@
EVP_PKEY* EVP_PKEY_from_keystore(const char* key_id);
#endif
+#ifndef OPENSSL_NO_ENGINE
+
+/* Cryptoki return values */
+#define CKR_PIN_INCORRECT 0x000000a0
+#define CKR_PIN_INVALID 0x000000a1
+#define CKR_PIN_LEN_RANGE 0x000000a2
+
+/* libp11 */
+#define ERR_LIB_PKCS11 ERR_LIB_USER
+
+static int tls_is_pin_error(unsigned int err)
+{
+ return ERR_GET_LIB(err) == ERR_LIB_PKCS11 &&
+ (ERR_GET_REASON(err) == CKR_PIN_INCORRECT ||
+ ERR_GET_REASON(err) == CKR_PIN_INVALID ||
+ ERR_GET_REASON(err) == CKR_PIN_LEN_RANGE);
+}
+
+#endif /* OPENSSL_NO_ENGINE */
+
+
static int tls_engine_init(struct tls_connection *conn, const char *engine_id,
const char *pin, const char *key_id,
const char *cert_id, const char *ca_cert_id)
@@ -957,11 +978,16 @@
key_id, NULL,
&key_cb);
if (!conn->private_key) {
+ unsigned long err = ERR_get_error();
+
wpa_printf(MSG_ERROR,
"ENGINE: cannot load private key with id '%s' [%s]",
key_id,
- ERR_error_string(ERR_get_error(), NULL));
- ret = TLS_SET_PARAMS_ENGINE_PRV_INIT_FAILED;
+ ERR_error_string(err, NULL));
+ if (tls_is_pin_error(err))
+ ret = TLS_SET_PARAMS_ENGINE_PRV_BAD_PIN;
+ else
+ ret = TLS_SET_PARAMS_ENGINE_PRV_INIT_FAILED;
goto err;
}
}
@@ -2207,9 +2233,13 @@
if (!ENGINE_ctrl_cmd(conn->engine, "LOAD_CERT_CTRL",
0, ¶ms, NULL, 1)) {
+ unsigned long err = ERR_get_error();
+
wpa_printf(MSG_ERROR, "ENGINE: cannot load client cert with id"
" '%s' [%s]", cert_id,
- ERR_error_string(ERR_get_error(), NULL));
+ ERR_error_string(err, NULL));
+ if (tls_is_pin_error(err))
+ return TLS_SET_PARAMS_ENGINE_PRV_BAD_PIN;
return TLS_SET_PARAMS_ENGINE_PRV_INIT_FAILED;
}
if (!params.cert) {
diff --git a/src/drivers/driver.h b/src/drivers/driver.h
index e4d0412..f7da636 100644
--- a/src/drivers/driver.h
+++ b/src/drivers/driver.h
@@ -4640,6 +4640,6 @@
const struct wpa_driver_capa *capa);
/* NULL terminated array of linked in driver wrappers */
-extern struct wpa_driver_ops *wpa_drivers[];
+extern const struct wpa_driver_ops *const wpa_drivers[];
#endif /* DRIVER_H */
diff --git a/src/drivers/driver_nl80211.c b/src/drivers/driver_nl80211.c
index be0e7c5..26e4984 100644
--- a/src/drivers/driver_nl80211.c
+++ b/src/drivers/driver_nl80211.c
@@ -2501,7 +2501,7 @@
{
struct wpa_driver_nl80211_data *drv = bss->drv;
int ifindex;
- struct nl_msg *msg;
+ struct nl_msg *msg = NULL;
int ret;
int tdls = 0;
@@ -2534,11 +2534,15 @@
if (!msg)
return -ENOBUFS;
} else {
+ u32 suite;
+
+ suite = wpa_alg_to_cipher_suite(alg, key_len);
+ if (!suite)
+ goto fail;
msg = nl80211_ifindex_msg(drv, ifindex, 0, NL80211_CMD_NEW_KEY);
if (!msg ||
nla_put(msg, NL80211_ATTR_KEY_DATA, key_len, key) ||
- nla_put_u32(msg, NL80211_ATTR_KEY_CIPHER,
- wpa_alg_to_cipher_suite(alg, key_len)))
+ nla_put_u32(msg, NL80211_ATTR_KEY_CIPHER, suite))
goto fail;
wpa_hexdump_key(MSG_DEBUG, "nl80211: KEY_DATA", key, key_len);
}
@@ -2640,9 +2644,15 @@
const u8 *key, size_t key_len)
{
struct nlattr *key_attr = nla_nest_start(msg, NL80211_ATTR_KEY);
+ u32 suite;
+
if (!key_attr)
return -1;
+ suite = wpa_alg_to_cipher_suite(alg, key_len);
+ if (!suite)
+ return -1;
+
if (defkey && alg == WPA_ALG_IGTK) {
if (nla_put_flag(msg, NL80211_KEY_DEFAULT_MGMT))
return -1;
@@ -2652,8 +2662,7 @@
}
if (nla_put_u8(msg, NL80211_KEY_IDX, key_idx) ||
- nla_put_u32(msg, NL80211_KEY_CIPHER,
- wpa_alg_to_cipher_suite(alg, key_len)) ||
+ nla_put_u32(msg, NL80211_KEY_CIPHER, suite) ||
(seq && seq_len &&
nla_put(msg, NL80211_KEY_SEQ, seq_len, seq)) ||
nla_put(msg, NL80211_KEY_DATA, key_len, key))
@@ -5789,8 +5798,6 @@
}
-#if defined(CONFIG_P2P) || defined(CONFIG_MESH)
-
static int nl80211_addr_in_use(struct nl80211_global *global, const u8 *addr)
{
struct wpa_driver_nl80211_data *drv;
@@ -5826,8 +5833,6 @@
return 0;
}
-#endif /* CONFIG_P2P || CONFIG_MESH */
-
struct wdev_info {
u64 wdev_id;
@@ -5903,21 +5908,21 @@
}
if (!addr) {
- if (drv->nlmode == NL80211_IFTYPE_P2P_DEVICE)
+ if (nlmode == NL80211_IFTYPE_P2P_DEVICE)
os_memcpy(if_addr, bss->addr, ETH_ALEN);
else if (linux_get_ifhwaddr(drv->global->ioctl_sock,
- bss->ifname, if_addr) < 0) {
+ ifname, if_addr) < 0) {
if (added)
nl80211_remove_iface(drv, ifidx);
return -1;
}
}
-#if defined(CONFIG_P2P) || defined(CONFIG_MESH)
if (!addr &&
(type == WPA_IF_P2P_CLIENT || type == WPA_IF_P2P_GROUP ||
- type == WPA_IF_P2P_GO || type == WPA_IF_MESH)) {
- /* Enforce unique P2P Interface Address */
+ type == WPA_IF_P2P_GO || type == WPA_IF_MESH ||
+ type == WPA_IF_STATION)) {
+ /* Enforce unique address */
u8 new_addr[ETH_ALEN];
if (linux_get_ifhwaddr(drv->global->ioctl_sock, ifname,
@@ -5928,8 +5933,7 @@
}
if (nl80211_addr_in_use(drv->global, new_addr)) {
wpa_printf(MSG_DEBUG, "nl80211: Allocate new address "
- "for %s interface", type == WPA_IF_MESH ?
- "mesh" : "P2P group");
+ "for interface %s type %d", ifname, type);
if (nl80211_vif_addr(drv, new_addr) < 0) {
if (added)
nl80211_remove_iface(drv, ifidx);
@@ -5944,7 +5948,6 @@
}
os_memcpy(if_addr, new_addr, ETH_ALEN);
}
-#endif /* CONFIG_P2P || CONFIG_MESH */
if (type == WPA_IF_AP_BSS) {
struct i802_bss *new_bss = os_zalloc(sizeof(*new_bss));
diff --git a/src/drivers/driver_privsep.c b/src/drivers/driver_privsep.c
index 26d2bab..1cfc15d 100644
--- a/src/drivers/driver_privsep.c
+++ b/src/drivers/driver_privsep.c
@@ -743,7 +743,7 @@
};
-struct wpa_driver_ops *wpa_drivers[] =
+const struct wpa_driver_ops *const wpa_drivers[] =
{
&wpa_driver_privsep_ops,
NULL
diff --git a/src/drivers/drivers.c b/src/drivers/drivers.c
index f0c3bb3..a98af9a 100644
--- a/src/drivers/drivers.c
+++ b/src/drivers/drivers.c
@@ -47,7 +47,7 @@
#endif /* CONFIG_DRIVER_NONE */
-struct wpa_driver_ops *wpa_drivers[] =
+const struct wpa_driver_ops *const wpa_drivers[] =
{
#ifdef CONFIG_DRIVER_NL80211
&wpa_driver_nl80211_ops,
diff --git a/src/eap_common/ikev2_common.c b/src/eap_common/ikev2_common.c
index 4f9e64e..d60358c 100644
--- a/src/eap_common/ikev2_common.c
+++ b/src/eap_common/ikev2_common.c
@@ -16,7 +16,7 @@
#include "ikev2_common.h"
-static struct ikev2_integ_alg ikev2_integ_algs[] = {
+static const struct ikev2_integ_alg ikev2_integ_algs[] = {
{ AUTH_HMAC_SHA1_96, 20, 12 },
{ AUTH_HMAC_MD5_96, 16, 12 }
};
@@ -24,7 +24,7 @@
#define NUM_INTEG_ALGS ARRAY_SIZE(ikev2_integ_algs)
-static struct ikev2_prf_alg ikev2_prf_algs[] = {
+static const struct ikev2_prf_alg ikev2_prf_algs[] = {
{ PRF_HMAC_SHA1, 20, 20 },
{ PRF_HMAC_MD5, 16, 16 }
};
@@ -32,7 +32,7 @@
#define NUM_PRF_ALGS ARRAY_SIZE(ikev2_prf_algs)
-static struct ikev2_encr_alg ikev2_encr_algs[] = {
+static const struct ikev2_encr_alg ikev2_encr_algs[] = {
{ ENCR_AES_CBC, 16, 16 }, /* only 128-bit keys supported for now */
{ ENCR_3DES, 24, 8 }
};
diff --git a/src/eap_peer/eap.c b/src/eap_peer/eap.c
index fc4af95..1dbe003 100644
--- a/src/eap_peer/eap.c
+++ b/src/eap_peer/eap.c
@@ -1911,7 +1911,7 @@
* structure remains alive while the EAP state machine is active.
*/
struct eap_sm * eap_peer_sm_init(void *eapol_ctx,
- struct eapol_callbacks *eapol_cb,
+ const struct eapol_callbacks *eapol_cb,
void *msg_ctx, struct eap_config *conf)
{
struct eap_sm *sm;
diff --git a/src/eap_peer/eap.h b/src/eap_peer/eap.h
index 702463b..1a645af 100644
--- a/src/eap_peer/eap.h
+++ b/src/eap_peer/eap.h
@@ -307,7 +307,7 @@
};
struct eap_sm * eap_peer_sm_init(void *eapol_ctx,
- struct eapol_callbacks *eapol_cb,
+ const struct eapol_callbacks *eapol_cb,
void *msg_ctx, struct eap_config *conf);
void eap_peer_sm_deinit(struct eap_sm *sm);
int eap_peer_sm_step(struct eap_sm *sm);
diff --git a/src/eap_peer/eap_i.h b/src/eap_peer/eap_i.h
index 2d7fdea..5f8b5fa 100644
--- a/src/eap_peer/eap_i.h
+++ b/src/eap_peer/eap_i.h
@@ -328,7 +328,7 @@
/* not defined in RFC 4137 */
Boolean changed;
void *eapol_ctx;
- struct eapol_callbacks *eapol_cb;
+ const struct eapol_callbacks *eapol_cb;
void *eap_method_priv;
int init_phase2;
int fast_reauth;
diff --git a/src/eap_peer/eap_tls_common.c b/src/eap_peer/eap_tls_common.c
index 15c1bac..b4a5b1f 100644
--- a/src/eap_peer/eap_tls_common.c
+++ b/src/eap_peer/eap_tls_common.c
@@ -196,28 +196,25 @@
}
res = tls_connection_set_params(data->ssl_ctx, data->conn, params);
- if (res == TLS_SET_PARAMS_ENGINE_PRV_INIT_FAILED) {
+ if (res == TLS_SET_PARAMS_ENGINE_PRV_BAD_PIN) {
/*
- * At this point with the pkcs11 engine the PIN might be wrong.
- * We reset the PIN in the configuration to be sure to not use
- * it again and the calling function must request a new one.
+ * At this point with the pkcs11 engine the PIN is wrong. We
+ * reset the PIN in the configuration to be sure to not use it
+ * again and the calling function must request a new one.
*/
- os_free(config->pin);
- config->pin = NULL;
- } else if (res == TLS_SET_PARAMS_ENGINE_PRV_VERIFY_FAILED) {
- wpa_printf(MSG_INFO, "TLS: Failed to load private key");
- /*
- * We do not know exactly but maybe the PIN was wrong,
- * so ask for a new one.
- */
+ wpa_printf(MSG_INFO,
+ "TLS: Bad PIN provided, requesting a new one");
os_free(config->pin);
config->pin = NULL;
eap_sm_request_pin(sm);
sm->ignore = TRUE;
- tls_connection_deinit(data->ssl_ctx, data->conn);
- data->conn = NULL;
- return -1;
- } else if (res) {
+ } else if (res == TLS_SET_PARAMS_ENGINE_PRV_INIT_FAILED) {
+ wpa_printf(MSG_INFO, "TLS: Failed to initialize engine");
+ } else if (res == TLS_SET_PARAMS_ENGINE_PRV_VERIFY_FAILED) {
+ wpa_printf(MSG_INFO, "TLS: Failed to load private key");
+ sm->ignore = TRUE;
+ }
+ if (res) {
wpa_printf(MSG_INFO, "TLS: Failed to set TLS connection "
"parameters");
tls_connection_deinit(data->ssl_ctx, data->conn);
diff --git a/src/eap_server/eap.h b/src/eap_server/eap.h
index b825e18..09be581 100644
--- a/src/eap_server/eap.h
+++ b/src/eap_server/eap.h
@@ -139,7 +139,7 @@
struct eap_sm * eap_server_sm_init(void *eapol_ctx,
- struct eapol_callbacks *eapol_cb,
+ const struct eapol_callbacks *eapol_cb,
struct eap_config *eap_conf);
void eap_server_sm_deinit(struct eap_sm *sm);
int eap_server_sm_step(struct eap_sm *sm);
diff --git a/src/eap_server/eap_i.h b/src/eap_server/eap_i.h
index 7d72309..978c879 100644
--- a/src/eap_server/eap_i.h
+++ b/src/eap_server/eap_i.h
@@ -155,7 +155,7 @@
/* not defined in RFC 4137 */
Boolean changed;
void *eapol_ctx, *msg_ctx;
- struct eapol_callbacks *eapol_cb;
+ const struct eapol_callbacks *eapol_cb;
void *eap_method_priv;
u8 *identity;
size_t identity_len;
diff --git a/src/eap_server/eap_server.c b/src/eap_server/eap_server.c
index 693debe..1f38d78 100644
--- a/src/eap_server/eap_server.c
+++ b/src/eap_server/eap_server.c
@@ -1802,7 +1802,7 @@
* This function allocates and initializes an EAP state machine.
*/
struct eap_sm * eap_server_sm_init(void *eapol_ctx,
- struct eapol_callbacks *eapol_cb,
+ const struct eapol_callbacks *eapol_cb,
struct eap_config *conf)
{
struct eap_sm *sm;
diff --git a/src/eapol_auth/eapol_auth_sm.c b/src/eapol_auth/eapol_auth_sm.c
index 0df6eb5..3b0c2e4 100644
--- a/src/eapol_auth/eapol_auth_sm.c
+++ b/src/eapol_auth/eapol_auth_sm.c
@@ -22,7 +22,7 @@
#define STATE_MACHINE_DEBUG_PREFIX "IEEE 802.1X"
#define STATE_MACHINE_ADDR sm->addr
-static struct eapol_callbacks eapol_cb;
+static const struct eapol_callbacks eapol_cb;
/* EAPOL state machines are described in IEEE Std 802.1X-2004, Chap. 8.2 */
@@ -1056,7 +1056,7 @@
}
-static struct eapol_callbacks eapol_cb =
+static const struct eapol_callbacks eapol_cb =
{
eapol_sm_get_eap_user,
eapol_sm_get_eap_req_id_text,
diff --git a/src/eapol_supp/eapol_supp_sm.c b/src/eapol_supp/eapol_supp_sm.c
index 9cc234a..eb8c5bb 100644
--- a/src/eapol_supp/eapol_supp_sm.c
+++ b/src/eapol_supp/eapol_supp_sm.c
@@ -1997,7 +1997,7 @@
}
-static struct eapol_callbacks eapol_cb =
+static const struct eapol_callbacks eapol_cb =
{
eapol_sm_get_config,
eapol_sm_get_bool,
diff --git a/src/radius/radius.c b/src/radius/radius.c
index 2c01b3f..906d8c8 100644
--- a/src/radius/radius.c
+++ b/src/radius/radius.c
@@ -167,7 +167,7 @@
} data_type;
};
-static struct radius_attr_type radius_attrs[] =
+static const struct radius_attr_type radius_attrs[] =
{
{ RADIUS_ATTR_USER_NAME, "User-Name", RADIUS_ATTR_TEXT },
{ RADIUS_ATTR_USER_PASSWORD, "User-Password", RADIUS_ATTR_UNDIST },
@@ -259,7 +259,7 @@
#define RADIUS_ATTRS ARRAY_SIZE(radius_attrs)
-static struct radius_attr_type *radius_get_attr_type(u8 type)
+static const struct radius_attr_type *radius_get_attr_type(u8 type)
{
size_t i;
@@ -274,7 +274,7 @@
static void radius_msg_dump_attr(struct radius_attr_hdr *hdr)
{
- struct radius_attr_type *attr;
+ const struct radius_attr_type *attr;
int len;
unsigned char *pos;
char buf[1000];
diff --git a/src/radius/radius_server.c b/src/radius/radius_server.c
index 3f881cf..1c69955 100644
--- a/src/radius/radius_server.c
+++ b/src/radius/radius_server.c
@@ -35,7 +35,7 @@
*/
#define RADIUS_MAX_MSG_LEN 3000
-static struct eapol_callbacks radius_server_eapol_cb;
+static const struct eapol_callbacks radius_server_eapol_cb;
struct radius_client;
struct radius_server_data;
@@ -2101,7 +2101,7 @@
#endif /* CONFIG_ERP */
-static struct eapol_callbacks radius_server_eapol_cb =
+static const struct eapol_callbacks radius_server_eapol_cb =
{
.get_eap_user = radius_server_get_eap_user,
.get_eap_req_id_text = radius_server_get_eap_req_id_text,
diff --git a/src/wps/ndef.c b/src/wps/ndef.c
index d45dfc8..8d1ce1e 100644
--- a/src/wps/ndef.c
+++ b/src/wps/ndef.c
@@ -29,8 +29,8 @@
u32 total_length;
};
-static char wifi_handover_type[] = "application/vnd.wfa.wsc";
-static char p2p_handover_type[] = "application/vnd.wfa.p2p";
+static const char wifi_handover_type[] = "application/vnd.wfa.wsc";
+static const char p2p_handover_type[] = "application/vnd.wfa.p2p";
static int ndef_parse_record(const u8 *data, u32 size,
struct ndef_record *record)
@@ -97,7 +97,7 @@
}
-static struct wpabuf * ndef_build_record(u8 flags, void *type,
+static struct wpabuf * ndef_build_record(u8 flags, const void *type,
u8 type_length, void *id,
u8 id_length,
const struct wpabuf *payload)
diff --git a/src/wps/wps.h b/src/wps/wps.h
index c88aaa4..2c91d16 100644
--- a/src/wps/wps.h
+++ b/src/wps/wps.h
@@ -79,7 +79,7 @@
* @sec_dev_type: Array of secondary device types
* @num_sec_dev_type: Number of secondary device types
* @os_version: OS Version
- * @rf_bands: RF bands (WPS_RF_24GHZ, WPS_RF_50GHZ flags)
+ * @rf_bands: RF bands (WPS_RF_24GHZ, WPS_RF_50GHZ, WPS_RF_60GHZ flags)
* @p2p: Whether the device is a P2P device
*/
struct wps_device_data {
diff --git a/src/wps/wps_common.c b/src/wps/wps_common.c
index c1ede6a..16d466e 100644
--- a/src/wps/wps_common.c
+++ b/src/wps/wps_common.c
@@ -764,6 +764,8 @@
rf_band = WPS_RF_24GHZ;
else if (mode == HOSTAPD_MODE_IEEE80211A)
rf_band = WPS_RF_50GHZ;
+ else if (mode == HOSTAPD_MODE_IEEE80211AD)
+ rf_band = WPS_RF_60GHZ;
else
return 0; /* Unknown band */
ap_channel = channel;
diff --git a/src/wps/wps_defs.h b/src/wps/wps_defs.h
index 4334155..a23b979 100644
--- a/src/wps/wps_defs.h
+++ b/src/wps/wps_defs.h
@@ -237,6 +237,7 @@
/* RF Bands */
#define WPS_RF_24GHZ 0x01
#define WPS_RF_50GHZ 0x02
+#define WPS_RF_60GHZ 0x04
/* Config Methods */
#define WPS_CONFIG_USBA 0x0001
diff --git a/src/wps/wps_module_tests.c b/src/wps/wps_module_tests.c
index 6800e86..3506307 100644
--- a/src/wps/wps_module_tests.c
+++ b/src/wps/wps_module_tests.c
@@ -17,7 +17,7 @@
int extra;
};
-struct wps_attr_parse_test wps_attr_parse_test_cases[] = {
+const struct wps_attr_parse_test wps_attr_parse_test_cases[] = {
/* Empty message */
{ "", 0, 0 },
/* Truncated attribute header */
@@ -271,7 +271,7 @@
for (i = 0; i < ARRAY_SIZE(wps_attr_parse_test_cases); i++) {
struct wpabuf *buf;
size_t len;
- struct wps_attr_parse_test *test =
+ const struct wps_attr_parse_test *test =
&wps_attr_parse_test_cases[i];
len = os_strlen(test->data) / 2;
diff --git a/src/wps/wps_registrar.c b/src/wps/wps_registrar.c
index 48b7e12..8bcf2b3 100644
--- a/src/wps/wps_registrar.c
+++ b/src/wps/wps_registrar.c
@@ -3226,8 +3226,13 @@
os_memset(&cred, 0, sizeof(cred));
os_memcpy(cred.ssid, wps->wps->ssid, wps->wps->ssid_len);
cred.ssid_len = wps->wps->ssid_len;
- cred.auth_type = WPS_AUTH_WPAPSK | WPS_AUTH_WPA2PSK;
- cred.encr_type = WPS_ENCR_TKIP | WPS_ENCR_AES;
+ if (wps->wps->rf_band_cb(wps->wps->cb_ctx) == WPS_RF_60GHZ) {
+ cred.auth_type = WPS_AUTH_WPA2PSK;
+ cred.encr_type = WPS_ENCR_AES;
+ } else {
+ cred.auth_type = WPS_AUTH_WPAPSK | WPS_AUTH_WPA2PSK;
+ cred.encr_type = WPS_ENCR_TKIP | WPS_ENCR_AES;
+ }
os_memcpy(cred.key, wps->new_psk, wps->new_psk_len);
cred.key_len = wps->new_psk_len;
diff --git a/src/wps/wps_validate.c b/src/wps/wps_validate.c
index 1c6a14b..267b565 100644
--- a/src/wps/wps_validate.c
+++ b/src/wps/wps_validate.c
@@ -224,6 +224,8 @@
return 0;
}
if (*rf_bands != WPS_RF_24GHZ && *rf_bands != WPS_RF_50GHZ &&
+ *rf_bands != WPS_RF_60GHZ &&
+ *rf_bands != (WPS_RF_24GHZ | WPS_RF_50GHZ | WPS_RF_60GHZ) &&
*rf_bands != (WPS_RF_24GHZ | WPS_RF_50GHZ)) {
wpa_printf(MSG_INFO, "WPS-STRICT: Invalid Rf Bands "
"attribute value 0x%x", *rf_bands);
diff --git a/wpa_supplicant/Makefile b/wpa_supplicant/Makefile
index af2d924..39d3d28 100644
--- a/wpa_supplicant/Makefile
+++ b/wpa_supplicant/Makefile
@@ -988,6 +988,7 @@
endif
OBJS += ../src/crypto/crypto_openssl.o
OBJS_p += ../src/crypto/crypto_openssl.o
+OBJS_priv += ../src/crypto/crypto_openssl.o
ifdef NEED_FIPS186_2_PRF
OBJS += ../src/crypto/fips_prf_openssl.o
endif
@@ -1006,6 +1007,7 @@
endif
OBJS += ../src/crypto/crypto_gnutls.o
OBJS_p += ../src/crypto/crypto_gnutls.o
+OBJS_priv += ../src/crypto/crypto_gnutls.o
ifdef NEED_FIPS186_2_PRF
OBJS += ../src/crypto/fips_prf_internal.o
SHA1OBJS += ../src/crypto/sha1-internal.o
@@ -1216,6 +1218,7 @@
endif
OBJS += $(MD5OBJS)
OBJS_p += $(MD5OBJS)
+OBJS_priv += $(MD5OBJS)
endif
ifdef NEED_MD4
@@ -1452,6 +1455,7 @@
OBJS_p += $(SHA1OBJS)
OBJS_p += $(SHA256OBJS)
+OBJS_priv += $(SHA1OBJS)
ifdef CONFIG_BGSCAN_SIMPLE
CFLAGS += -DCONFIG_BGSCAN_SIMPLE
@@ -1720,7 +1724,7 @@
@echo "wpa_gui has been removed - see wpa_gui-qt4 for replacement"
wpa_gui-qt4/Makefile:
- qmake -o wpa_gui-qt4/Makefile wpa_gui-qt4/wpa_gui.pro
+ qmake -o wpa_gui-qt4/Makefile wpa_gui-qt4/wpa_gui.pro
wpa_gui-qt4/lang/wpa_gui_de.qm: wpa_gui-qt4/lang/wpa_gui_de.ts
lrelease wpa_gui-qt4/wpa_gui.pro
diff --git a/wpa_supplicant/bss.c b/wpa_supplicant/bss.c
index 46ed5aa..8134562 100644
--- a/wpa_supplicant/bss.c
+++ b/wpa_supplicant/bss.c
@@ -398,7 +398,7 @@
static int are_ies_equal(const struct wpa_bss *old,
- const struct wpa_scan_res *new, u32 ie)
+ const struct wpa_scan_res *new_res, u32 ie)
{
const u8 *old_ie, *new_ie;
struct wpabuf *old_ie_buff = NULL;
@@ -408,19 +408,19 @@
switch (ie) {
case WPA_IE_VENDOR_TYPE:
old_ie = wpa_bss_get_vendor_ie(old, ie);
- new_ie = wpa_scan_get_vendor_ie(new, ie);
+ new_ie = wpa_scan_get_vendor_ie(new_res, ie);
is_multi = 0;
break;
case WPS_IE_VENDOR_TYPE:
old_ie_buff = wpa_bss_get_vendor_ie_multi(old, ie);
- new_ie_buff = wpa_scan_get_vendor_ie_multi(new, ie);
+ new_ie_buff = wpa_scan_get_vendor_ie_multi(new_res, ie);
is_multi = 1;
break;
case WLAN_EID_RSN:
case WLAN_EID_SUPP_RATES:
case WLAN_EID_EXT_SUPP_RATES:
old_ie = wpa_bss_get_ie(old, ie);
- new_ie = wpa_scan_get_ie(new, ie);
+ new_ie = wpa_scan_get_ie(new_res, ie);
is_multi = 0;
break;
default:
@@ -454,15 +454,15 @@
static u32 wpa_bss_compare_res(const struct wpa_bss *old,
- const struct wpa_scan_res *new)
+ const struct wpa_scan_res *new_res)
{
u32 changes = 0;
- int caps_diff = old->caps ^ new->caps;
+ int caps_diff = old->caps ^ new_res->caps;
- if (old->freq != new->freq)
+ if (old->freq != new_res->freq)
changes |= WPA_BSS_FREQ_CHANGED_FLAG;
- if (old->level != new->level)
+ if (old->level != new_res->level)
changes |= WPA_BSS_SIGNAL_CHANGED_FLAG;
if (caps_diff & IEEE80211_CAP_PRIVACY)
@@ -471,22 +471,22 @@
if (caps_diff & IEEE80211_CAP_IBSS)
changes |= WPA_BSS_MODE_CHANGED_FLAG;
- if (old->ie_len == new->ie_len &&
- os_memcmp(old + 1, new + 1, old->ie_len) == 0)
+ if (old->ie_len == new_res->ie_len &&
+ os_memcmp(old + 1, new_res + 1, old->ie_len) == 0)
return changes;
changes |= WPA_BSS_IES_CHANGED_FLAG;
- if (!are_ies_equal(old, new, WPA_IE_VENDOR_TYPE))
+ if (!are_ies_equal(old, new_res, WPA_IE_VENDOR_TYPE))
changes |= WPA_BSS_WPAIE_CHANGED_FLAG;
- if (!are_ies_equal(old, new, WLAN_EID_RSN))
+ if (!are_ies_equal(old, new_res, WLAN_EID_RSN))
changes |= WPA_BSS_RSNIE_CHANGED_FLAG;
- if (!are_ies_equal(old, new, WPS_IE_VENDOR_TYPE))
+ if (!are_ies_equal(old, new_res, WPS_IE_VENDOR_TYPE))
changes |= WPA_BSS_WPS_CHANGED_FLAG;
- if (!are_ies_equal(old, new, WLAN_EID_SUPP_RATES) ||
- !are_ies_equal(old, new, WLAN_EID_EXT_SUPP_RATES))
+ if (!are_ies_equal(old, new_res, WLAN_EID_SUPP_RATES) ||
+ !are_ies_equal(old, new_res, WLAN_EID_EXT_SUPP_RATES))
changes |= WPA_BSS_RATES_CHANGED_FLAG;
return changes;
diff --git a/wpa_supplicant/ctrl_iface.c b/wpa_supplicant/ctrl_iface.c
index a6aafee..91617fb 100644
--- a/wpa_supplicant/ctrl_iface.c
+++ b/wpa_supplicant/ctrl_iface.c
@@ -8686,7 +8686,7 @@
char *pos, *end;
for (i = 0; wpa_drivers[i]; i++) {
- struct wpa_driver_ops *drv = wpa_drivers[i];
+ const struct wpa_driver_ops *drv = wpa_drivers[i];
if (drv->get_interfaces == NULL)
continue;
tmp = drv->get_interfaces(global->drv_priv[i]);
diff --git a/wpa_supplicant/eapol_test.c b/wpa_supplicant/eapol_test.c
index 9b7af30..983bbcd 100644
--- a/wpa_supplicant/eapol_test.c
+++ b/wpa_supplicant/eapol_test.c
@@ -30,7 +30,7 @@
#include "wpas_glue.h"
-struct wpa_driver_ops *wpa_drivers[] = { NULL };
+const struct wpa_driver_ops *const wpa_drivers[] = { NULL };
struct extra_radius_attr {
diff --git a/wpa_supplicant/interworking.c b/wpa_supplicant/interworking.c
index 4a39665..35885ee 100644
--- a/wpa_supplicant/interworking.c
+++ b/wpa_supplicant/interworking.c
@@ -2058,7 +2058,7 @@
int *excluded)
{
struct wpa_cred *cred, *cred2;
- int excluded1, excluded2;
+ int excluded1, excluded2 = 0;
if (disallowed_bssid(wpa_s, bss->bssid) ||
disallowed_ssid(wpa_s, bss->ssid, bss->ssid_len)) {
diff --git a/wpa_supplicant/p2p_supplicant.c b/wpa_supplicant/p2p_supplicant.c
index 4c71ef4..def959f 100644
--- a/wpa_supplicant/p2p_supplicant.c
+++ b/wpa_supplicant/p2p_supplicant.c
@@ -3099,7 +3099,7 @@
enum { BW20, BW40PLUS, BW40MINUS, BW80, BW2160 } bw;
};
-static struct p2p_oper_class_map op_class[] = {
+static const struct p2p_oper_class_map op_class[] = {
{ HOSTAPD_MODE_IEEE80211G, 81, 1, 13, 1, BW20 },
#if 0 /* Do not enable HT40 on 2 GHz for now */
{ HOSTAPD_MODE_IEEE80211G, 83, 1, 9, 1, BW40PLUS },
@@ -3232,7 +3232,7 @@
cla = cli_cla = 0;
for (op = 0; op_class[op].op_class; op++) {
- struct p2p_oper_class_map *o = &op_class[op];
+ const struct p2p_oper_class_map *o = &op_class[op];
u8 ch;
struct p2p_reg_class *reg = NULL, *cli_reg = NULL;
@@ -3291,7 +3291,7 @@
enum chan_allowed ret;
for (op = 0; op_class[op].op_class; op++) {
- struct p2p_oper_class_map *o = &op_class[op];
+ const struct p2p_oper_class_map *o = &op_class[op];
u8 ch;
for (ch = o->min_chan; ch <= o->max_chan; ch += o->inc) {
@@ -3931,9 +3931,9 @@
*/
if (p2p_config_get_random_social(&p2p, &p2p.reg_class,
&p2p.channel) != 0) {
- wpa_printf(MSG_ERROR,
- "P2P: Failed to select random social channel as listen channel");
- return -1;
+ wpa_printf(MSG_INFO,
+ "P2P: No social channels supported by the driver - do not enable P2P");
+ return 0;
}
p2p.channel_forced = 0;
}
diff --git a/wpa_supplicant/preauth_test.c b/wpa_supplicant/preauth_test.c
index ed57085..f4bba98 100644
--- a/wpa_supplicant/preauth_test.c
+++ b/wpa_supplicant/preauth_test.c
@@ -27,7 +27,7 @@
#include "drivers/driver.h"
-struct wpa_driver_ops *wpa_drivers[] = { NULL };
+const struct wpa_driver_ops *const wpa_drivers[] = { NULL };
struct preauth_test_data {
diff --git a/wpa_supplicant/wpa_cli.c b/wpa_supplicant/wpa_cli.c
index 9fbc532..bf0a03f 100644
--- a/wpa_supplicant/wpa_cli.c
+++ b/wpa_supplicant/wpa_cli.c
@@ -26,16 +26,16 @@
#endif /* ANDROID */
-static const char *wpa_cli_version =
+static const char *const wpa_cli_version =
"wpa_cli v" VERSION_STR "\n"
"Copyright (c) 2004-2015, Jouni Malinen <j@w1.fi> and contributors";
-static const char *wpa_cli_license =
+static const char *const wpa_cli_license =
"This software may be distributed under the terms of the BSD license.\n"
"See README for more details.\n";
-static const char *wpa_cli_full_license =
+static const char *const wpa_cli_full_license =
"This software may be distributed under the terms of the BSD license.\n"
"\n"
"Redistribution and use in source and binary forms, with or without\n"
@@ -2805,7 +2805,7 @@
const char *usage;
};
-static struct wpa_cli_cmd wpa_cli_commands[] = {
+static const struct wpa_cli_cmd wpa_cli_commands[] = {
{ "status", wpa_cli_cmd_status, NULL,
cli_cmd_flag_none,
"[verbose] = get current WPA/EAPOL/EAP status" },
@@ -3350,7 +3350,7 @@
/*
* Prints command usage, lines are padded with the specified string.
*/
-static void print_cmd_help(struct wpa_cli_cmd *cmd, const char *pad)
+static void print_cmd_help(const struct wpa_cli_cmd *cmd, const char *pad)
{
char c;
size_t n;
@@ -3488,7 +3488,7 @@
static int wpa_request(struct wpa_ctrl *ctrl, int argc, char *argv[])
{
- struct wpa_cli_cmd *cmd, *match = NULL;
+ const struct wpa_cli_cmd *cmd, *match = NULL;
int count;
int ret = 0;
diff --git a/wpa_supplicant/wpa_gui-qt4/wpagui.cpp b/wpa_supplicant/wpa_gui-qt4/wpagui.cpp
index 408e387..d2d76f1 100644
--- a/wpa_supplicant/wpa_gui-qt4/wpagui.cpp
+++ b/wpa_supplicant/wpa_gui-qt4/wpagui.cpp
@@ -1503,8 +1503,8 @@
if (!tray_icon || currentIconType == type)
return;
- QIcon icon;
QIcon fallback_icon;
+ QStringList names;
if (QImageReader::supportedImageFormats().contains(QByteArray("svg")))
fallback_icon = QIcon(":/icons/wpa_gui.svg");
@@ -1513,41 +1513,59 @@
switch (type) {
case TrayIconOffline:
- icon = QIcon::fromTheme("network-wireless-offline",
- fallback_icon);
+ names << "network-wireless-offline-symbolic"
+ << "network-wireless-offline"
+ << "network-wireless-signal-none-symbolic"
+ << "network-wireless-signal-none";
break;
case TrayIconAcquiring:
- icon = QIcon::fromTheme("network-wireless-acquiring",
- fallback_icon);
+ names << "network-wireless-acquiring-symbolic"
+ << "network-wireless-acquiring";
break;
case TrayIconConnected:
- icon = QIcon::fromTheme("network-wireless-connected",
- fallback_icon);
+ names << "network-wireless-connected-symbolic"
+ << "network-wireless-connected";
break;
case TrayIconSignalNone:
- icon = QIcon::fromTheme("network-wireless-signal-none",
- fallback_icon);
+ names << "network-wireless-signal-none-symbolic"
+ << "network-wireless-signal-none";
break;
case TrayIconSignalWeak:
- icon = QIcon::fromTheme("network-wireless-signal-weak",
- fallback_icon);
+ names << "network-wireless-signal-weak-symbolic"
+ << "network-wireless-signal-weak";
break;
case TrayIconSignalOk:
- icon = QIcon::fromTheme("network-wireless-signal-ok",
- fallback_icon);
+ names << "network-wireless-signal-ok-symbolic"
+ << "network-wireless-signal-ok";
break;
case TrayIconSignalGood:
- icon = QIcon::fromTheme("network-wireless-signal-good",
- fallback_icon);
+ names << "network-wireless-signal-good-symbolic"
+ << "network-wireless-signal-good";
break;
case TrayIconSignalExcellent:
- icon = QIcon::fromTheme("network-wireless-signal-excellent",
- fallback_icon);
+ names << "network-wireless-signal-excellent-symbolic"
+ << "network-wireless-signal-excellent";
break;
}
currentIconType = type;
- tray_icon->setIcon(icon);
+ tray_icon->setIcon(loadThemedIcon(names, fallback_icon));
+}
+
+
+QIcon WpaGui::loadThemedIcon(const QStringList &names,
+ const QIcon &fallback)
+{
+ QIcon icon;
+
+ for (QStringList::ConstIterator it = names.begin();
+ it != names.end(); it++) {
+ icon = QIcon::fromTheme(*it);
+ if (!icon.isNull())
+ return icon;
+ }
+
+ return fallback;
}
diff --git a/wpa_supplicant/wpa_gui-qt4/wpagui.h b/wpa_supplicant/wpa_gui-qt4/wpagui.h
index c0de67b..58c655d 100644
--- a/wpa_supplicant/wpa_gui-qt4/wpagui.h
+++ b/wpa_supplicant/wpa_gui-qt4/wpagui.h
@@ -85,6 +85,8 @@
virtual void showTrayStatus();
virtual void updateTrayIcon(TrayIconType type);
virtual void updateTrayToolTip(const QString &msg);
+ virtual QIcon loadThemedIcon(const QStringList &names,
+ const QIcon &fallback);
virtual void wpsDialog();
virtual void peersDialog();
virtual void tabChanged(int index);
diff --git a/wpa_supplicant/wpa_priv.c b/wpa_supplicant/wpa_priv.c
index 6bd60b9..4611a1d 100644
--- a/wpa_supplicant/wpa_priv.c
+++ b/wpa_supplicant/wpa_priv.c
@@ -29,7 +29,7 @@
char *sock_name;
int fd;
- struct wpa_driver_ops *driver;
+ const struct wpa_driver_ops *driver;
void *drv_priv;
struct sockaddr_un drv_addr;
int wpas_registered;
diff --git a/wpa_supplicant/wpa_supplicant.c b/wpa_supplicant/wpa_supplicant.c
index b96fd8e..06a1696 100644
--- a/wpa_supplicant/wpa_supplicant.c
+++ b/wpa_supplicant/wpa_supplicant.c
@@ -55,11 +55,11 @@
#include "wpas_kay.h"
#include "mesh.h"
-const char *wpa_supplicant_version =
+const char *const wpa_supplicant_version =
"wpa_supplicant v" VERSION_STR "\n"
"Copyright (c) 2003-2015, Jouni Malinen <j@w1.fi> and contributors";
-const char *wpa_supplicant_license =
+const char *const wpa_supplicant_license =
"This software may be distributed under the terms of the BSD license.\n"
"See README for more details.\n"
#ifdef EAP_TLS_OPENSSL
@@ -70,16 +70,16 @@
#ifndef CONFIG_NO_STDOUT_DEBUG
/* Long text divided into parts in order to fit in C89 strings size limits. */
-const char *wpa_supplicant_full_license1 =
+const char *const wpa_supplicant_full_license1 =
"";
-const char *wpa_supplicant_full_license2 =
+const char *const wpa_supplicant_full_license2 =
"This software may be distributed under the terms of the BSD license.\n"
"\n"
"Redistribution and use in source and binary forms, with or without\n"
"modification, are permitted provided that the following conditions are\n"
"met:\n"
"\n";
-const char *wpa_supplicant_full_license3 =
+const char *const wpa_supplicant_full_license3 =
"1. Redistributions of source code must retain the above copyright\n"
" notice, this list of conditions and the following disclaimer.\n"
"\n"
@@ -87,7 +87,7 @@
" notice, this list of conditions and the following disclaimer in the\n"
" documentation and/or other materials provided with the distribution.\n"
"\n";
-const char *wpa_supplicant_full_license4 =
+const char *const wpa_supplicant_full_license4 =
"3. Neither the name(s) of the above-listed copyright holder(s) nor the\n"
" names of its contributors may be used to endorse or promote products\n"
" derived from this software without specific prior written permission.\n"
@@ -96,7 +96,7 @@
"\"AS IS\" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT\n"
"LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR\n"
"A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT\n";
-const char *wpa_supplicant_full_license5 =
+const char *const wpa_supplicant_full_license5 =
"OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,\n"
"SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT\n"
"LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,\n"
@@ -3077,12 +3077,34 @@
(wpa_s->current_ssid == NULL ||
wpa_s->current_ssid->mode != IEEE80211_MODE_IBSS)) {
/* Timeout for completing IEEE 802.1X and WPA authentication */
- wpa_supplicant_req_auth_timeout(
- wpa_s,
- (wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt) ||
- wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA ||
- wpa_s->key_mgmt == WPA_KEY_MGMT_WPS) ?
- 70 : 10, 0);
+ int timeout = 10;
+
+ if (wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt) ||
+ wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA ||
+ wpa_s->key_mgmt == WPA_KEY_MGMT_WPS) {
+ /* Use longer timeout for IEEE 802.1X/EAP */
+ timeout = 70;
+ }
+
+ if (wpa_s->current_ssid && wpa_s->current_bss &&
+ (wpa_s->current_ssid->key_mgmt & WPA_KEY_MGMT_WPS) &&
+ eap_is_wps_pin_enrollee(&wpa_s->current_ssid->eap)) {
+ /*
+ * Use shorter timeout if going through WPS AP iteration
+ * for PIN config method with an AP that does not
+ * advertise Selected Registrar.
+ */
+ struct wpabuf *wps_ie;
+
+ wps_ie = wpa_bss_get_vendor_ie_multi(
+ wpa_s->current_bss, WPS_IE_VENDOR_TYPE);
+ if (wps_ie &&
+ !wps_is_addr_authorized(wps_ie, wpa_s->own_addr, 1))
+ timeout = 10;
+ wpabuf_free(wps_ie);
+ }
+
+ wpa_supplicant_req_auth_timeout(wpa_s, timeout, 0);
}
wpa_s->eapol_received++;
@@ -4386,6 +4408,7 @@
#ifdef CONFIG_P2P
if (wpa_s->global->p2p == NULL &&
+ !wpa_s->global->p2p_disabled && !wpa_s->conf->p2p_disabled &&
(wpa_s->drv_flags & WPA_DRIVER_FLAGS_DEDICATED_P2P_DEVICE) &&
wpas_p2p_add_p2pdev_interface(wpa_s, iface->conf_p2p_dev) < 0) {
wpa_printf(MSG_INFO,
diff --git a/wpa_supplicant/wpa_supplicant.conf b/wpa_supplicant/wpa_supplicant.conf
index eb7434a..c1bcbd4 100644
--- a/wpa_supplicant/wpa_supplicant.conf
+++ b/wpa_supplicant/wpa_supplicant.conf
@@ -297,6 +297,10 @@
# format: <backend name>[:<optional backend parameters>]
#ext_password_backend=test:pw1=password|pw2=testing
+
+# Disable P2P functionality
+# p2p_disabled=1
+
# Timeout in seconds to detect STA inactivity (default: 300 seconds)
#
# This timeout value is used in P2P GO mode to clean up
diff --git a/wpa_supplicant/wpa_supplicant_i.h b/wpa_supplicant/wpa_supplicant_i.h
index 1b9753c..8ed8b72 100644
--- a/wpa_supplicant/wpa_supplicant_i.h
+++ b/wpa_supplicant/wpa_supplicant_i.h
@@ -17,14 +17,14 @@
#include "config_ssid.h"
#include "wmm_ac.h"
-extern const char *wpa_supplicant_version;
-extern const char *wpa_supplicant_license;
+extern const char *const wpa_supplicant_version;
+extern const char *const wpa_supplicant_license;
#ifndef CONFIG_NO_STDOUT_DEBUG
-extern const char *wpa_supplicant_full_license1;
-extern const char *wpa_supplicant_full_license2;
-extern const char *wpa_supplicant_full_license3;
-extern const char *wpa_supplicant_full_license4;
-extern const char *wpa_supplicant_full_license5;
+extern const char *const wpa_supplicant_full_license1;
+extern const char *const wpa_supplicant_full_license2;
+extern const char *const wpa_supplicant_full_license3;
+extern const char *const wpa_supplicant_full_license4;
+extern const char *const wpa_supplicant_full_license5;
#endif /* CONFIG_NO_STDOUT_DEBUG */
struct wpa_sm;
@@ -518,7 +518,7 @@
unsigned int last_scan_res_size;
struct os_reltime last_scan;
- struct wpa_driver_ops *driver;
+ const struct wpa_driver_ops *driver;
int interface_removed; /* whether the network interface has been
* removed */
struct wpa_sm *wpa;
@@ -639,6 +639,7 @@
int wps_success; /* WPS success event received */
struct wps_er *wps_er;
unsigned int wps_run;
+ struct os_reltime wps_pin_start_time;
int blacklist_cleared;
struct wpabuf *pending_eapol_rx;
diff --git a/wpa_supplicant/wpas_glue.c b/wpa_supplicant/wpas_glue.c
index 48a5d69..29c22ba 100644
--- a/wpa_supplicant/wpas_glue.c
+++ b/wpa_supplicant/wpas_glue.c
@@ -1021,7 +1021,8 @@
{
struct wpa_supplicant *wpa_s = ctx;
- if (wpa_s->conf->key_mgmt_offload)
+ if (wpa_s->conf->key_mgmt_offload &&
+ (wpa_s->drv_flags & WPA_DRIVER_FLAGS_KEY_MGMT_OFFLOAD))
return wpa_drv_set_key(wpa_s, WPA_ALG_PMK, NULL, 0, 0,
NULL, 0, pmk, pmk_len);
else
diff --git a/wpa_supplicant/wps_supplicant.c b/wpa_supplicant/wps_supplicant.c
index 52594a1..8a5cb8e 100644
--- a/wpa_supplicant/wps_supplicant.c
+++ b/wpa_supplicant/wps_supplicant.c
@@ -39,6 +39,14 @@
#define WPS_PIN_SCAN_IGNORE_SEL_REG 3
#endif /* WPS_PIN_SCAN_IGNORE_SEL_REG */
+/*
+ * The minimum time in seconds before trying to associate to a WPS PIN AP that
+ * does not have Selected Registrar TRUE.
+ */
+#ifndef WPS_PIN_TIME_IGNORE_SEL_REG
+#define WPS_PIN_TIME_IGNORE_SEL_REG 5
+#endif /* WPS_PIN_TIME_IGNORE_SEL_REG */
+
static void wpas_wps_timeout(void *eloop_ctx, void *timeout_ctx);
static void wpas_clear_wps(struct wpa_supplicant *wpa_s);
@@ -880,7 +888,8 @@
if (!wpa_s->current_ssid || !wpa_s->assoc_freq)
return 0;
- return (wpa_s->assoc_freq > 2484) ? WPS_RF_50GHZ : WPS_RF_24GHZ;
+ return (wpa_s->assoc_freq > 50000) ? WPS_RF_60GHZ :
+ (wpa_s->assoc_freq > 2484) ? WPS_RF_50GHZ : WPS_RF_24GHZ;
}
@@ -1216,6 +1225,7 @@
int wpas_wps_start_pin(struct wpa_supplicant *wpa_s, const u8 *bssid,
const char *pin, int p2p_group, u16 dev_pw_id)
{
+ os_get_reltime(&wpa_s->wps_pin_start_time);
return wpas_wps_start_dev_pw(wpa_s, NULL, bssid, pin, p2p_group,
dev_pw_id, NULL, NULL, 0, 0);
}
@@ -1487,6 +1497,8 @@
wps->dev.rf_bands |= WPS_RF_24GHZ;
else if (modes[m].mode == HOSTAPD_MODE_IEEE80211A)
wps->dev.rf_bands |= WPS_RF_50GHZ;
+ else if (modes[m].mode == HOSTAPD_MODE_IEEE80211AD)
+ wps->dev.rf_bands |= WPS_RF_60GHZ;
}
}
if (wps->dev.rf_bands == 0) {
@@ -1609,9 +1621,15 @@
* external Registrar.
*/
if (!wps_is_addr_authorized(wps_ie, wpa_s->own_addr, 1)) {
- if (wpa_s->scan_runs < WPS_PIN_SCAN_IGNORE_SEL_REG) {
- wpa_printf(MSG_DEBUG, " skip - WPS AP "
- "without active PIN Registrar");
+ struct os_reltime age;
+
+ os_reltime_age(&wpa_s->wps_pin_start_time, &age);
+
+ if (wpa_s->scan_runs < WPS_PIN_SCAN_IGNORE_SEL_REG ||
+ age.sec < WPS_PIN_TIME_IGNORE_SEL_REG) {
+ wpa_printf(MSG_DEBUG,
+ " skip - WPS AP without active PIN Registrar (scan_runs=%d age=%d)",
+ wpa_s->scan_runs, (int) age.sec);
wpabuf_free(wps_ie);
return 0;
}
@@ -2582,6 +2600,10 @@
(attr.rf_bands == NULL ||
*attr.rf_bands & WPS_RF_50GHZ))
freq = 5000 + 5 * chan;
+ else if (chan >= 1 && chan <= 4 &&
+ (attr.rf_bands == NULL ||
+ *attr.rf_bands & WPS_RF_60GHZ))
+ freq = 56160 + 2160 * chan;
if (freq) {
wpa_printf(MSG_DEBUG,