Cumulative patch from commit 21cb63fffd1e766c8b989125394ed0bfb05e5a4b
21cb63f OpenSSL: Fix client certificate chain building after PKCS#12 use
12a81b6 ACS: Remove unreachable case from a debug print
896607d Remove a pointer check that can never be true
a95cc47 ACS: Be more consistent with iface->current_mode checks
6014e59 P2P: Print find_start in debug log when ignoring old scan results
64845c1 l2_packet: Extend bridge workaround RX processing to cover two frames
4a539ab l2_packet: Improve bridge workaround RX processing
7a36f11 EAP-PAX: Check hmac_sha1_vector() return value
1d20c66 P2P: Clear groups first on FLUSH command
27446e4 mesh: Do not force another peering exchange on driver event
cc64fe7 mesh: Do not clear link state on driver event if exchange was started
b5f5c32 mesh: Add some more details to MPM debug messages
7d41907 nl80211: Add a missing space to a debug message
6174de6 mesh: Connection and group started/removed events into debug log
2da4a56 Add more hostapd.conf documentation for hw_mode with HT/VHT
acc3943 EAP-PEAP peer: Cryptobinding in fast-reconnect case with inner EAP
cba9ebf P2P: Try SD Query with each non-ACK peer only once per search iteration
e9ccfc3 Clear wpa_supplicant state to DISCONNECTED on FLUSH command
aeb408f HS 2.0: Add some documentation for OSEN and network block use
4f6cd3f Fix wpa_supplicant AP mode P2P IE handling if P2P is disabled
92acb40 Fix wpa_supplicant build with CONFIG_L2_PACKET=pcap
15c5606 Update copyright notices for the new year 2016
6e379c6 WPS: Testing mechanism to force auth/encr type flags
ea31912 WPS: Add a workaround for WPA2PSK missing from Enrollee auth flags
db671e0 WPS: Do not build Credential with unsupported encr combination on AP
d7c3347 HS 2.0: Postpone WNM-Notification sending by 100 ms
750f5d9 EAP-FAST: Enable AES256-based TLS cipher suites with OpenSSL
1ebb24b OpenSSL: Share a single openssl_tls_prf() implementation
dea2051 OpenSSL: Clean up function to fetch client/server random
9a42d85 OpenSSL: Drop support for OpenSSL 1.0.0
de213e8 OpenSSL: Drop support for OpenSSL 0.9.8
e79eb0c P2P: Fix P2P_FIND while waiting for listen ROC to start in the driver
944f693 P2P: Stop offchannel TX wait on P2P_STOP_FIND/P2P_LISTEN
8edd9f1 P2P: Add an option to specify group SSID in P2P_CONNECT join case
70e0cb3 P2P: Provide group SSID, if specified, to P2P Client join step
438be60 P2P: Do not accept any GO BSS entry if SSID is specified for join
35510d5 P2P: Use join SSID in the skip-PD cases
8b8d4f4 P2P: Do not accept any BSS entry for join if SSID is already known
b875276 P2P: Use group SSID, if known, for join operation even if no BSS entry
aa256cb P2PS: Add group SSID, if known, to the P2PS-PROV-DONE event
071e3bf FST: Fix handling of Rx FST Setup Request when session already exists
Change-Id: Ia48764e8663232291160fb24153fa367b9ed3015
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
diff --git a/CONTRIBUTIONS b/CONTRIBUTIONS
index caef362..76600bc 100644
--- a/CONTRIBUTIONS
+++ b/CONTRIBUTIONS
@@ -140,7 +140,7 @@
Modified BSD license (no advertisement clause):
-Copyright (c) 2002-2015, Jouni Malinen <j@w1.fi> and contributors
+Copyright (c) 2002-2016, Jouni Malinen <j@w1.fi> and contributors
All Rights Reserved.
Redistribution and use in source and binary forms, with or without
diff --git a/COPYING b/COPYING
index 5962e2f..7efce0d 100644
--- a/COPYING
+++ b/COPYING
@@ -1,7 +1,7 @@
wpa_supplicant and hostapd
--------------------------
-Copyright (c) 2002-2015, Jouni Malinen <j@w1.fi> and contributors
+Copyright (c) 2002-2016, Jouni Malinen <j@w1.fi> and contributors
All Rights Reserved.
diff --git a/README b/README
index 07d1d25..9685f58 100644
--- a/README
+++ b/README
@@ -1,7 +1,7 @@
wpa_supplicant and hostapd
--------------------------
-Copyright (c) 2002-2015, Jouni Malinen <j@w1.fi> and contributors
+Copyright (c) 2002-2016, Jouni Malinen <j@w1.fi> and contributors
All Rights Reserved.
These programs are licensed under the BSD license (the one with
diff --git a/hostapd/README b/hostapd/README
index 366b199..5d5fd36 100644
--- a/hostapd/README
+++ b/hostapd/README
@@ -2,7 +2,7 @@
Authenticator and RADIUS authentication server
================================================================
-Copyright (c) 2002-2015, Jouni Malinen <j@w1.fi> and contributors
+Copyright (c) 2002-2016, Jouni Malinen <j@w1.fi> and contributors
All Rights Reserved.
This program is licensed under the BSD license (the one with
diff --git a/hostapd/hlr_auc_gw.c b/hostapd/hlr_auc_gw.c
index d88cc56..2117d34 100644
--- a/hostapd/hlr_auc_gw.c
+++ b/hostapd/hlr_auc_gw.c
@@ -1,6 +1,6 @@
/*
* HLR/AuC testing gateway for hostapd EAP-SIM/AKA database/authenticator
- * Copyright (c) 2005-2007, 2012-2015, Jouni Malinen <j@w1.fi>
+ * Copyright (c) 2005-2007, 2012-2016, Jouni Malinen <j@w1.fi>
*
* This software may be distributed under the terms of the BSD license.
* See README for more details.
@@ -973,7 +973,7 @@
{
printf("HLR/AuC testing gateway for hostapd EAP-SIM/AKA "
"database/authenticator\n"
- "Copyright (c) 2005-2007, 2012-2015, Jouni Malinen <j@w1.fi>\n"
+ "Copyright (c) 2005-2016, Jouni Malinen <j@w1.fi>\n"
"\n"
"usage:\n"
"hlr_auc_gw [-hu] [-s<socket path>] [-g<triplet file>] "
diff --git a/hostapd/hostapd.conf b/hostapd/hostapd.conf
index ecd4328..2c083f5 100644
--- a/hostapd/hostapd.conf
+++ b/hostapd/hostapd.conf
@@ -125,11 +125,13 @@
# ieee80211d=1 and local_pwr_constraint configured.
#spectrum_mgmt_required=1
-# Operation mode (a = IEEE 802.11a, b = IEEE 802.11b, g = IEEE 802.11g,
-# ad = IEEE 802.11ad (60 GHz); a/g options are used with IEEE 802.11n, too, to
-# specify band). When using ACS (see channel parameter), a special value "any"
-# can be used to indicate that any support band can be used. This special case
-# is currently supported only with drivers with which offloaded ACS is used.
+# Operation mode (a = IEEE 802.11a (5 GHz), b = IEEE 802.11b (2.4 GHz),
+# g = IEEE 802.11g (2.4 GHz), ad = IEEE 802.11ad (60 GHz); a/g options are used
+# with IEEE 802.11n (HT), too, to specify band). For IEEE 802.11ac (VHT), this
+# needs to be set to hw_mode=a. When using ACS (see channel parameter), a
+# special value "any" can be used to indicate that any support band can be used.
+# This special case is currently supported only with drivers with which
+# offloaded ACS is used.
# Default: IEEE 802.11b
hw_mode=g
@@ -477,6 +479,7 @@
# 0 = disabled (default)
# 1 = enabled
# Note: You will also need to enable WMM for full HT functionality.
+# Note: hw_mode=g (2.4 GHz) and hw_mode=a (5 GHz) is used to specify the band.
#ieee80211n=1
# ht_capab: HT capabilities (list of flags)
@@ -530,6 +533,7 @@
# 0 = disabled (default)
# 1 = enabled
# Note: You will also need to enable WMM for full VHT functionality.
+# Note: hw_mode=a is used to specify that 5 GHz band is used with VHT.
#ieee80211ac=1
# vht_capab: VHT capabilities (list of flags)
diff --git a/hostapd/hostapd_cli.c b/hostapd/hostapd_cli.c
index 46c2f37..52dfc9f 100644
--- a/hostapd/hostapd_cli.c
+++ b/hostapd/hostapd_cli.c
@@ -1,6 +1,6 @@
/*
* hostapd - command line interface for hostapd daemon
- * Copyright (c) 2004-2015, Jouni Malinen <j@w1.fi>
+ * Copyright (c) 2004-2016, Jouni Malinen <j@w1.fi>
*
* This software may be distributed under the terms of the BSD license.
* See README for more details.
@@ -19,7 +19,7 @@
static const char *const hostapd_cli_version =
"hostapd_cli v" VERSION_STR "\n"
-"Copyright (c) 2004-2015, Jouni Malinen <j@w1.fi> and contributors";
+"Copyright (c) 2004-2016, Jouni Malinen <j@w1.fi> and contributors";
static const char *const hostapd_cli_license =
diff --git a/hostapd/main.c b/hostapd/main.c
index 72b1d91..4913cbd 100644
--- a/hostapd/main.c
+++ b/hostapd/main.c
@@ -1,6 +1,6 @@
/*
* hostapd / main()
- * Copyright (c) 2002-2015, Jouni Malinen <j@w1.fi>
+ * Copyright (c) 2002-2016, Jouni Malinen <j@w1.fi>
*
* This software may be distributed under the terms of the BSD license.
* See README for more details.
@@ -425,7 +425,7 @@
"hostapd v" VERSION_STR "\n"
"User space daemon for IEEE 802.11 AP management,\n"
"IEEE 802.1X/WPA/WPA2/EAP/RADIUS Authenticator\n"
- "Copyright (c) 2002-2015, Jouni Malinen <j@w1.fi> "
+ "Copyright (c) 2002-2016, Jouni Malinen <j@w1.fi> "
"and contributors\n");
}
diff --git a/src/ap/acs.c b/src/ap/acs.c
index 03d797f..5e83805 100644
--- a/src/ap/acs.c
+++ b/src/ap/acs.c
@@ -599,8 +599,7 @@
wpa_printf(MSG_DEBUG, "ACS: Survey analysis for selected bandwidth %d MHz",
n_chans == 1 ? 20 :
n_chans == 2 ? 40 :
- n_chans == 4 ? 80 :
- -1);
+ 80);
for (i = 0; i < iface->current_mode->num_channels; i++) {
double total_weight;
@@ -933,6 +932,9 @@
return HOSTAPD_CHAN_ACS;
}
+ if (!iface->current_mode)
+ return HOSTAPD_CHAN_INVALID;
+
acs_cleanup(iface);
err = acs_request_scan(iface);
diff --git a/src/ap/beacon.c b/src/ap/beacon.c
index 9490e21..3276d12 100644
--- a/src/ap/beacon.c
+++ b/src/ap/beacon.c
@@ -731,7 +731,7 @@
}
#ifdef CONFIG_P2P
- if (hapd->p2p && elems.wps_ie) {
+ if (hapd->p2p && hapd->p2p_group && elems.wps_ie) {
struct wpabuf *wps;
wps = ieee802_11_vendor_ie_concat(ie, ie_len, WPS_DEV_OUI_WFA);
if (wps && !p2p_group_match_dev_type(hapd->p2p_group, wps)) {
@@ -744,7 +744,7 @@
wpabuf_free(wps);
}
- if (hapd->p2p && elems.p2p) {
+ if (hapd->p2p && hapd->p2p_group && elems.p2p) {
struct wpabuf *p2p;
p2p = ieee802_11_vendor_ie_concat(ie, ie_len, P2P_IE_VENDOR_TYPE);
if (p2p && !p2p_group_match_dev_id(hapd->p2p_group, p2p)) {
diff --git a/src/ap/drv_callbacks.c b/src/ap/drv_callbacks.c
index aad0d81..9f53660 100644
--- a/src/ap/drv_callbacks.c
+++ b/src/ap/drv_callbacks.c
@@ -956,8 +956,6 @@
for (i = 0; i < iface->current_mode->num_channels; i++) {
chan = &iface->current_mode->channels[i];
- if (!chan)
- return NULL;
if ((unsigned int) chan->freq == freq)
return chan;
}
diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c
index 01b514e..ec6f8a7 100644
--- a/src/ap/ieee802_11.c
+++ b/src/ap/ieee802_11.c
@@ -1737,7 +1737,7 @@
#endif /* CONFIG_WPS */
#ifdef CONFIG_P2P
- if (sta->p2p_ie) {
+ if (sta->p2p_ie && hapd->p2p_group) {
struct wpabuf *p2p_resp_ie;
enum p2p_status_code status;
switch (status_code) {
@@ -2010,7 +2010,7 @@
/* Stop Accounting and IEEE 802.1X sessions, but leave the STA
* authenticated. */
accounting_sta_stop(hapd, sta);
- ieee802_1x_free_station(sta);
+ ieee802_1x_free_station(hapd, sta);
if (sta->ipaddr)
hostapd_drv_br_delete_ip_neigh(hapd, 4, (u8 *) &sta->ipaddr);
ap_sta_ip6addr_del(hapd, sta);
diff --git a/src/ap/ieee802_1x.c b/src/ap/ieee802_1x.c
index e3b3d94..607f941 100644
--- a/src/ap/ieee802_1x.c
+++ b/src/ap/ieee802_1x.c
@@ -34,6 +34,9 @@
#include "ieee802_1x.h"
+#ifdef CONFIG_HS20
+static void ieee802_1x_wnm_notif_send(void *eloop_ctx, void *timeout_ctx);
+#endif /* CONFIG_HS20 */
static void ieee802_1x_finished(struct hostapd_data *hapd,
struct sta_info *sta, int success,
int remediation);
@@ -1048,7 +1051,7 @@
* Clear any possible EAPOL authenticator state to support
* reassociation change from WPS to PSK.
*/
- ieee802_1x_free_station(sta);
+ ieee802_1x_free_station(hapd, sta);
return;
}
@@ -1059,7 +1062,7 @@
* Clear any possible EAPOL authenticator state to support
* reassociation change from WPA-EAP to PSK.
*/
- ieee802_1x_free_station(sta);
+ ieee802_1x_free_station(hapd, sta);
return;
}
@@ -1146,10 +1149,14 @@
}
-void ieee802_1x_free_station(struct sta_info *sta)
+void ieee802_1x_free_station(struct hostapd_data *hapd, struct sta_info *sta)
{
struct eapol_state_machine *sm = sta->eapol_sm;
+#ifdef CONFIG_HS20
+ eloop_cancel_timeout(ieee802_1x_wnm_notif_send, hapd, sta);
+#endif /* CONFIG_HS20 */
+
if (sm == NULL)
return;
@@ -2528,6 +2535,34 @@
}
+#ifdef CONFIG_HS20
+static void ieee802_1x_wnm_notif_send(void *eloop_ctx, void *timeout_ctx)
+{
+ struct hostapd_data *hapd = eloop_ctx;
+ struct sta_info *sta = timeout_ctx;
+
+ if (sta->remediation) {
+ wpa_printf(MSG_DEBUG, "HS 2.0: Send WNM-Notification to "
+ MACSTR " to indicate Subscription Remediation",
+ MAC2STR(sta->addr));
+ hs20_send_wnm_notification(hapd, sta->addr,
+ sta->remediation_method,
+ sta->remediation_url);
+ os_free(sta->remediation_url);
+ sta->remediation_url = NULL;
+ }
+
+ if (sta->hs20_deauth_req) {
+ wpa_printf(MSG_DEBUG, "HS 2.0: Send WNM-Notification to "
+ MACSTR " to indicate imminent deauthentication",
+ MAC2STR(sta->addr));
+ hs20_send_wnm_notification_deauth_req(hapd, sta->addr,
+ sta->hs20_deauth_req);
+ }
+}
+#endif /* CONFIG_HS20 */
+
+
static void ieee802_1x_finished(struct hostapd_data *hapd,
struct sta_info *sta, int success,
int remediation)
@@ -2547,26 +2582,12 @@
sta->remediation_method = 1; /* SOAP-XML SPP */
}
- if (success) {
- if (sta->remediation) {
- wpa_printf(MSG_DEBUG, "HS 2.0: Send WNM-Notification "
- "to " MACSTR " to indicate Subscription "
- "Remediation",
- MAC2STR(sta->addr));
- hs20_send_wnm_notification(hapd, sta->addr,
- sta->remediation_method,
- sta->remediation_url);
- os_free(sta->remediation_url);
- sta->remediation_url = NULL;
- }
-
- if (sta->hs20_deauth_req) {
- wpa_printf(MSG_DEBUG, "HS 2.0: Send WNM-Notification "
- "to " MACSTR " to indicate imminent "
- "deauthentication", MAC2STR(sta->addr));
- hs20_send_wnm_notification_deauth_req(
- hapd, sta->addr, sta->hs20_deauth_req);
- }
+ if (success && (sta->remediation || sta->hs20_deauth_req)) {
+ wpa_printf(MSG_DEBUG, "HS 2.0: Schedule WNM-Notification to "
+ MACSTR " in 100 ms", MAC2STR(sta->addr));
+ eloop_cancel_timeout(ieee802_1x_wnm_notif_send, hapd, sta);
+ eloop_register_timeout(0, 100000, ieee802_1x_wnm_notif_send,
+ hapd, sta);
}
#endif /* CONFIG_HS20 */
diff --git a/src/ap/ieee802_1x.h b/src/ap/ieee802_1x.h
index 14d6955..ec80199 100644
--- a/src/ap/ieee802_1x.h
+++ b/src/ap/ieee802_1x.h
@@ -21,7 +21,7 @@
void ieee802_1x_receive(struct hostapd_data *hapd, const u8 *sa, const u8 *buf,
size_t len);
void ieee802_1x_new_station(struct hostapd_data *hapd, struct sta_info *sta);
-void ieee802_1x_free_station(struct sta_info *sta);
+void ieee802_1x_free_station(struct hostapd_data *hapd, struct sta_info *sta);
void ieee802_1x_abort_auth(struct hostapd_data *hapd, struct sta_info *sta);
void ieee802_1x_set_sta_authorized(struct hostapd_data *hapd,
diff --git a/src/ap/sta_info.c b/src/ap/sta_info.c
index 500beff..68fff4c 100644
--- a/src/ap/sta_info.c
+++ b/src/ap/sta_info.c
@@ -253,7 +253,7 @@
eloop_cancel_timeout(ap_sta_disassoc_cb_timeout, hapd, sta);
sae_clear_retransmit_timer(hapd, sta);
- ieee802_1x_free_station(sta);
+ ieee802_1x_free_station(hapd, sta);
wpa_auth_sta_deinit(sta->wpa_sm);
rsn_preauth_free_station(hapd, sta);
#ifndef CONFIG_NO_RADIUS
@@ -487,7 +487,7 @@
sta->acct_terminate_cause =
RADIUS_ACCT_TERMINATE_CAUSE_IDLE_TIMEOUT;
accounting_sta_stop(hapd, sta);
- ieee802_1x_free_station(sta);
+ ieee802_1x_free_station(hapd, sta);
hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
HOSTAPD_LEVEL_INFO, "disassociated due to "
"inactivity");
@@ -722,7 +722,7 @@
eloop_register_timeout(AP_MAX_INACTIVITY_AFTER_DISASSOC, 0,
ap_handle_timer, hapd, sta);
accounting_sta_stop(hapd, sta);
- ieee802_1x_free_station(sta);
+ ieee802_1x_free_station(hapd, sta);
sta->disassoc_reason = reason;
sta->flags |= WLAN_STA_PENDING_DISASSOC_CB;
@@ -761,7 +761,7 @@
eloop_register_timeout(AP_MAX_INACTIVITY_AFTER_DEAUTH, 0,
ap_handle_timer, hapd, sta);
accounting_sta_stop(hapd, sta);
- ieee802_1x_free_station(sta);
+ ieee802_1x_free_station(hapd, sta);
sta->deauth_reason = reason;
sta->flags |= WLAN_STA_PENDING_DEAUTH_CB;
diff --git a/src/ap/wps_hostapd.c b/src/ap/wps_hostapd.c
index 66a43eb..ba58f3e 100644
--- a/src/ap/wps_hostapd.c
+++ b/src/ap/wps_hostapd.c
@@ -1,6 +1,6 @@
/*
* hostapd / WPS integration
- * Copyright (c) 2008-2012, Jouni Malinen <j@w1.fi>
+ * Copyright (c) 2008-2016, Jouni Malinen <j@w1.fi>
*
* This software may be distributed under the terms of the BSD license.
* See README for more details.
@@ -445,6 +445,8 @@
os_memcpy(hapd->wps->ssid, cred->ssid, cred->ssid_len);
hapd->wps->ssid_len = cred->ssid_len;
hapd->wps->encr_types = cred->encr_type;
+ hapd->wps->encr_types_rsn = cred->encr_type;
+ hapd->wps->encr_types_wpa = cred->encr_type;
hapd->wps->auth_types = cred->auth_type;
hapd->wps->ap_encr_type = cred->encr_type;
hapd->wps->ap_auth_type = cred->auth_type;
@@ -1068,10 +1070,14 @@
if (conf->wpa_key_mgmt & WPA_KEY_MGMT_IEEE8021X)
wps->auth_types |= WPS_AUTH_WPA2;
- if (conf->rsn_pairwise & (WPA_CIPHER_CCMP | WPA_CIPHER_GCMP))
+ if (conf->rsn_pairwise & (WPA_CIPHER_CCMP | WPA_CIPHER_GCMP)) {
wps->encr_types |= WPS_ENCR_AES;
- if (conf->rsn_pairwise & WPA_CIPHER_TKIP)
+ wps->encr_types_rsn |= WPS_ENCR_AES;
+ }
+ if (conf->rsn_pairwise & WPA_CIPHER_TKIP) {
wps->encr_types |= WPS_ENCR_TKIP;
+ wps->encr_types_rsn |= WPS_ENCR_TKIP;
+ }
}
if (conf->wpa & WPA_PROTO_WPA) {
@@ -1080,10 +1086,14 @@
if (conf->wpa_key_mgmt & WPA_KEY_MGMT_IEEE8021X)
wps->auth_types |= WPS_AUTH_WPA;
- if (conf->wpa_pairwise & WPA_CIPHER_CCMP)
+ if (conf->wpa_pairwise & WPA_CIPHER_CCMP) {
wps->encr_types |= WPS_ENCR_AES;
- if (conf->wpa_pairwise & WPA_CIPHER_TKIP)
+ wps->encr_types_wpa |= WPS_ENCR_AES;
+ }
+ if (conf->wpa_pairwise & WPA_CIPHER_TKIP) {
wps->encr_types |= WPS_ENCR_TKIP;
+ wps->encr_types_wpa |= WPS_ENCR_TKIP;
+ }
}
if (conf->ssid.security_policy == SECURITY_PLAINTEXT) {
@@ -1123,6 +1133,8 @@
/* Override parameters to enable security by default */
wps->auth_types = WPS_AUTH_WPA2PSK | WPS_AUTH_WPAPSK;
wps->encr_types = WPS_ENCR_AES | WPS_ENCR_TKIP;
+ wps->encr_types_rsn = WPS_ENCR_AES | WPS_ENCR_TKIP;
+ wps->encr_types_wpa = WPS_ENCR_AES | WPS_ENCR_TKIP;
}
wps->ap_settings = conf->ap_settings;
diff --git a/src/crypto/crypto_openssl.c b/src/crypto/crypto_openssl.c
index b53bc4a..73b547d 100644
--- a/src/crypto/crypto_openssl.c
+++ b/src/crypto/crypto_openssl.c
@@ -772,14 +772,10 @@
#else
HMAC_CTX_init(&ctx->ctx);
-#if OPENSSL_VERSION_NUMBER < 0x00909000
- HMAC_Init_ex(&ctx->ctx, key, key_len, md, NULL);
-#else /* openssl < 0.9.9 */
if (HMAC_Init_ex(&ctx->ctx, key, key_len, md, NULL) != 1) {
bin_clear_free(ctx, sizeof(*ctx));
return NULL;
}
-#endif /* openssl < 0.9.9 */
#endif
return ctx;
@@ -819,12 +815,7 @@
res = HMAC_Final(ctx->ctx, mac, &mdlen);
HMAC_CTX_free(ctx->ctx);
#else
-#if OPENSSL_VERSION_NUMBER < 0x00909000
- HMAC_Final(&ctx->ctx, mac, &mdlen);
- res = 1;
-#else /* openssl < 0.9.9 */
res = HMAC_Final(&ctx->ctx, mac, &mdlen);
-#endif /* openssl < 0.9.9 */
HMAC_CTX_cleanup(&ctx->ctx);
#endif
bin_clear_free(ctx, sizeof(*ctx));
@@ -875,22 +866,13 @@
return -1;
HMAC_CTX_init(&ctx);
-#if OPENSSL_VERSION_NUMBER < 0x00909000
- HMAC_Init_ex(&ctx, key, key_len, type, NULL);
-#else /* openssl < 0.9.9 */
if (HMAC_Init_ex(&ctx, key, key_len, type, NULL) != 1)
return -1;
-#endif /* openssl < 0.9.9 */
for (i = 0; i < num_elem; i++)
HMAC_Update(&ctx, addr[i], len[i]);
-#if OPENSSL_VERSION_NUMBER < 0x00909000
- HMAC_Final(&ctx, mac, &mdlen);
- res = 1;
-#else /* openssl < 0.9.9 */
res = HMAC_Final(&ctx, mac, &mdlen);
-#endif /* openssl < 0.9.9 */
HMAC_CTX_cleanup(&ctx);
return res == 1 ? 0 : -1;
diff --git a/src/crypto/tls.h b/src/crypto/tls.h
index 453b4de..15a3bcf 100644
--- a/src/crypto/tls.h
+++ b/src/crypto/tls.h
@@ -461,7 +461,9 @@
TLS_CIPHER_RC4_SHA /* 0x0005 */,
TLS_CIPHER_AES128_SHA /* 0x002f */,
TLS_CIPHER_RSA_DHE_AES128_SHA /* 0x0031 */,
- TLS_CIPHER_ANON_DH_AES128_SHA /* 0x0034 */
+ TLS_CIPHER_ANON_DH_AES128_SHA /* 0x0034 */,
+ TLS_CIPHER_RSA_DHE_AES256_SHA /* 0x0039 */,
+ TLS_CIPHER_AES256_SHA /* 0x0035 */,
};
/**
diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
index 62277c4..22d6dc4 100644
--- a/src/crypto/tls_openssl.c
+++ b/src/crypto/tls_openssl.c
@@ -37,13 +37,6 @@
#include "tls.h"
#include "tls_openssl.h"
-#if OPENSSL_VERSION_NUMBER < 0x10000000L
-/* ERR_remove_thread_state replaces ERR_remove_state and the latter is
- * deprecated. However, OpenSSL 0.9.8 doesn't include
- * ERR_remove_thread_state. */
-#define ERR_remove_thread_state(tid) ERR_remove_state(0)
-#endif
-
#if defined(OPENSSL_IS_BORINGSSL)
/* stack_index_t is the return type of OpenSSL's sk_XXX_num() functions. */
typedef size_t stack_index_t;
@@ -58,6 +51,46 @@
#endif /* OPENSSL_NO_TLSEXT */
#endif /* SSL_set_tlsext_status_type */
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+/*
+ * SSL_get_client_random() and SSL_get_server_random() were added in OpenSSL
+ * 1.1.0. Provide compatibility wrappers for older versions.
+ */
+
+static size_t SSL_get_client_random(const SSL *ssl, unsigned char *out,
+ size_t outlen)
+{
+ if (!ssl->s3 || outlen < SSL3_RANDOM_SIZE)
+ return 0;
+ os_memcpy(out, ssl->s3->client_random, SSL3_RANDOM_SIZE);
+ return SSL3_RANDOM_SIZE;
+}
+
+
+static size_t SSL_get_server_random(const SSL *ssl, unsigned char *out,
+ size_t outlen)
+{
+ if (!ssl->s3 || outlen < SSL3_RANDOM_SIZE)
+ return 0;
+ os_memcpy(out, ssl->s3->server_random, SSL3_RANDOM_SIZE);
+ return SSL3_RANDOM_SIZE;
+}
+
+
+static size_t SSL_SESSION_get_master_key(const SSL_SESSION *session,
+ unsigned char *out, size_t outlen)
+{
+ if (!session || session->master_key_length < 0 ||
+ (size_t) session->master_key_length > outlen)
+ return 0;
+ if ((size_t) session->master_key_length < outlen)
+ outlen = session->master_key_length;
+ os_memcpy(out, session->master_key, outlen);
+ return outlen;
+}
+
+#endif
+
#ifdef ANDROID
#include <openssl/pem.h>
#include <keystore/keystore_get.h>
@@ -126,10 +159,8 @@
X509 *peer_issuer;
X509 *peer_issuer_issuer;
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
unsigned char client_random[SSL3_RANDOM_SIZE];
unsigned char server_random[SSL3_RANDOM_SIZE];
-#endif
};
@@ -2203,6 +2234,17 @@
if (client_cert == NULL && client_cert_blob == NULL)
return 0;
+#ifdef PKCS12_FUNCS
+#if OPENSSL_VERSION_NUMBER < 0x10002000L
+ /*
+ * Clear previously set extra chain certificates, if any, from PKCS#12
+ * processing in tls_parse_pkcs12() to allow OpenSSL to build a new
+ * chain properly.
+ */
+ SSL_CTX_clear_extra_chain_certs(conn->ssl_ctx);
+#endif /* OPENSSL_VERSION_NUMBER < 0x10002000L */
+#endif /* PKCS12_FUNCS */
+
if (client_cert_blob &&
SSL_use_certificate_ASN1(conn->ssl, (u8 *) client_cert_blob,
client_cert_blob_len) == 1) {
@@ -2386,9 +2428,7 @@
*/
res = 0;
#else /* OPENSSL_VERSION_NUMBER >= 0x10002000L */
-#if OPENSSL_VERSION_NUMBER >= 0x10001000L
SSL_CTX_clear_extra_chain_certs(data->ssl);
-#endif /* OPENSSL_VERSION_NUMBER >= 0x10001000L */
while ((cert = sk_X509_pop(certs)) != NULL) {
X509_NAME_oneline(X509_get_subject_name(cert), buf,
sizeof(buf));
@@ -2933,16 +2973,6 @@
if (conn == NULL || keys == NULL)
return -1;
ssl = conn->ssl;
-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
- if (ssl == NULL || ssl->s3 == NULL || ssl->session == NULL)
- return -1;
-
- os_memset(keys, 0, sizeof(*keys));
- keys->client_random = ssl->s3->client_random;
- keys->client_random_len = SSL3_RANDOM_SIZE;
- keys->server_random = ssl->s3->server_random;
- keys->server_random_len = SSL3_RANDOM_SIZE;
-#else
if (ssl == NULL)
return -1;
@@ -2953,7 +2983,6 @@
keys->server_random = conn->server_random;
keys->server_random_len = SSL_get_server_random(
ssl, conn->server_random, sizeof(conn->server_random));
-#endif
return 0;
}
@@ -2972,17 +3001,11 @@
return -1;
c = ssl->enc_read_ctx->cipher;
-#if OPENSSL_VERSION_NUMBER >= 0x00909000L
h = EVP_MD_CTX_md(ssl->read_hash);
-#else
- h = ssl->read_hash;
-#endif
if (h)
md_size = EVP_MD_size(h);
-#if OPENSSL_VERSION_NUMBER >= 0x10000000L
else if (ssl->s3)
md_size = ssl->s3->tmp.new_mac_secret_size;
-#endif
else
return -1;
@@ -3032,74 +3055,6 @@
"mode");
return -1;
#else /* CONFIG_FIPS */
-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
- SSL *ssl;
- u8 *rnd;
- int ret = -1;
- int skip = 0;
- u8 *tmp_out = NULL;
- u8 *_out = out;
- const char *ver;
-
- /*
- * TLS library did not support key generation, so get the needed TLS
- * session parameters and use an internal implementation of TLS PRF to
- * derive the key.
- */
-
- if (conn == NULL)
- return -1;
- ssl = conn->ssl;
- if (ssl == NULL || ssl->s3 == NULL || ssl->session == NULL ||
- ssl->session->master_key_length <= 0)
- return -1;
- ver = SSL_get_version(ssl);
-
- if (skip_keyblock) {
- skip = openssl_get_keyblock_size(ssl);
- if (skip < 0)
- return -1;
- tmp_out = os_malloc(skip + out_len);
- if (!tmp_out)
- return -1;
- _out = tmp_out;
- }
-
- rnd = os_malloc(2 * SSL3_RANDOM_SIZE);
- if (!rnd) {
- os_free(tmp_out);
- return -1;
- }
-
- if (server_random_first) {
- os_memcpy(rnd, ssl->s3->server_random, SSL3_RANDOM_SIZE);
- os_memcpy(rnd + SSL3_RANDOM_SIZE, ssl->s3->client_random,
- SSL3_RANDOM_SIZE);
- } else {
- os_memcpy(rnd, ssl->s3->client_random, SSL3_RANDOM_SIZE);
- os_memcpy(rnd + SSL3_RANDOM_SIZE, ssl->s3->server_random,
- SSL3_RANDOM_SIZE);
- }
-
- if (os_strcmp(ver, "TLSv1.2") == 0) {
- tls_prf_sha256(ssl->session->master_key,
- ssl->session->master_key_length,
- label, rnd, 2 * SSL3_RANDOM_SIZE,
- _out, skip + out_len);
- ret = 0;
- } else if (tls_prf_sha1_md5(ssl->session->master_key,
- ssl->session->master_key_length,
- label, rnd, 2 * SSL3_RANDOM_SIZE,
- _out, skip + out_len) == 0) {
- ret = 0;
- }
- os_free(rnd);
- if (ret == 0 && skip_keyblock)
- os_memcpy(out, _out + skip, out_len);
- bin_clear_free(tmp_out, skip);
-
- return ret;
-#else
SSL *ssl;
SSL_SESSION *sess;
u8 *rnd;
@@ -3177,7 +3132,6 @@
bin_clear_free(tmp_out, skip);
return ret;
-#endif
#endif /* CONFIG_FIPS */
}
@@ -3186,21 +3140,17 @@
const char *label, int server_random_first,
int skip_keyblock, u8 *out, size_t out_len)
{
-#if OPENSSL_VERSION_NUMBER >= 0x10001000L
- SSL *ssl;
if (conn == NULL)
return -1;
if (server_random_first || skip_keyblock)
return openssl_tls_prf(conn, label,
server_random_first, skip_keyblock,
out, out_len);
- ssl = conn->ssl;
- if (SSL_export_keying_material(ssl, out, out_len, label,
+ if (SSL_export_keying_material(conn->ssl, out, out_len, label,
os_strlen(label), NULL, 0, 0) == 1) {
wpa_printf(MSG_DEBUG, "OpenSSL: Using internal PRF");
return 0;
}
-#endif
return openssl_tls_prf(conn, label, server_random_first,
skip_keyblock, out, out_len);
}
@@ -3461,18 +3411,14 @@
int tls_connection_resumed(void *ssl_ctx, struct tls_connection *conn)
{
-#if OPENSSL_VERSION_NUMBER >= 0x10001000L
return conn ? SSL_cache_hit(conn->ssl) : 0;
-#else
- return conn ? conn->ssl->hit : 0;
-#endif
}
int tls_connection_set_cipher_list(void *tls_ctx, struct tls_connection *conn,
u8 *ciphers)
{
- char buf[100], *pos, *end;
+ char buf[500], *pos, *end;
u8 *c;
int ret;
@@ -3500,6 +3446,12 @@
case TLS_CIPHER_ANON_DH_AES128_SHA:
suite = "ADH-AES128-SHA";
break;
+ case TLS_CIPHER_RSA_DHE_AES256_SHA:
+ suite = "DHE-RSA-AES256-SHA";
+ break;
+ case TLS_CIPHER_AES256_SHA:
+ suite = "AES256-SHA";
+ break;
default:
wpa_printf(MSG_DEBUG, "TLS: Unsupported "
"cipher selection: %d", *c);
diff --git a/src/drivers/driver_nl80211_event.c b/src/drivers/driver_nl80211_event.c
index 4d7ac47..d5b5a87 100644
--- a/src/drivers/driver_nl80211_event.c
+++ b/src/drivers/driver_nl80211_event.c
@@ -1136,7 +1136,7 @@
return;
addr = nla_data(tb[NL80211_ATTR_MAC]);
- wpa_printf(MSG_DEBUG, "nl80211: New peer candidate" MACSTR,
+ wpa_printf(MSG_DEBUG, "nl80211: New peer candidate " MACSTR,
MAC2STR(addr));
os_memset(&data, 0, sizeof(data));
diff --git a/src/eap_common/eap_pax_common.c b/src/eap_common/eap_pax_common.c
index 0e80ef5..a11bce8 100644
--- a/src/eap_common/eap_pax_common.c
+++ b/src/eap_common/eap_pax_common.c
@@ -57,7 +57,8 @@
left = output_len;
for (counter = 1; counter <= (u8) num_blocks; counter++) {
size_t clen = left > EAP_PAX_MAC_LEN ? EAP_PAX_MAC_LEN : left;
- hmac_sha1_vector(key, key_len, 3, addr, len, mac);
+ if (hmac_sha1_vector(key, key_len, 3, addr, len, mac) < 0)
+ return -1;
os_memcpy(pos, mac, clen);
pos += clen;
left -= clen;
@@ -106,7 +107,8 @@
len[2] = data3_len;
count = (data1 ? 1 : 0) + (data2 ? 1 : 0) + (data3 ? 1 : 0);
- hmac_sha1_vector(key, key_len, count, addr, len, hash);
+ if (hmac_sha1_vector(key, key_len, count, addr, len, hash) < 0)
+ return -1;
os_memcpy(mac, hash, EAP_PAX_MAC_LEN);
return 0;
diff --git a/src/eap_peer/eap_fast.c b/src/eap_peer/eap_fast.c
index a7f6bef..57390ae 100644
--- a/src/eap_peer/eap_fast.c
+++ b/src/eap_peer/eap_fast.c
@@ -1446,7 +1446,7 @@
static int eap_fast_set_provisioning_ciphers(struct eap_sm *sm,
struct eap_fast_data *data)
{
- u8 ciphers[5];
+ u8 ciphers[7];
int count = 0;
if (data->provisioning_allowed & EAP_FAST_PROV_UNAUTH) {
@@ -1458,7 +1458,9 @@
if (data->provisioning_allowed & EAP_FAST_PROV_AUTH) {
wpa_printf(MSG_DEBUG, "EAP-FAST: Enabling authenticated "
"provisioning TLS cipher suites");
+ ciphers[count++] = TLS_CIPHER_RSA_DHE_AES256_SHA;
ciphers[count++] = TLS_CIPHER_RSA_DHE_AES128_SHA;
+ ciphers[count++] = TLS_CIPHER_AES256_SHA;
ciphers[count++] = TLS_CIPHER_AES128_SHA;
ciphers[count++] = TLS_CIPHER_RC4_SHA;
}
diff --git a/src/eap_peer/eap_pax.c b/src/eap_peer/eap_pax.c
index c920bcd..2b87a64 100644
--- a/src/eap_peer/eap_pax.c
+++ b/src/eap_peer/eap_pax.c
@@ -276,10 +276,10 @@
left -= 2;
wpa_hexdump(MSG_MSGDUMP, "EAP-PAX: MAC_CK(B, CID)",
pos, EAP_PAX_MAC_LEN);
- eap_pax_mac(data->mac_id, data->ck, EAP_PAX_CK_LEN,
- data->rand.r.y, EAP_PAX_RAND_LEN,
- (u8 *) data->cid, data->cid_len, NULL, 0, mac);
- if (os_memcmp_const(pos, mac, EAP_PAX_MAC_LEN) != 0) {
+ if (eap_pax_mac(data->mac_id, data->ck, EAP_PAX_CK_LEN,
+ data->rand.r.y, EAP_PAX_RAND_LEN,
+ (u8 *) data->cid, data->cid_len, NULL, 0, mac) < 0 ||
+ os_memcmp_const(pos, mac, EAP_PAX_MAC_LEN) != 0) {
wpa_printf(MSG_INFO, "EAP-PAX: Invalid MAC_CK(B, CID) "
"received");
wpa_hexdump(MSG_MSGDUMP, "EAP-PAX: expected MAC_CK(B, CID)",
@@ -306,9 +306,12 @@
/* Optional ADE could be added here, if needed */
rpos = wpabuf_put(resp, EAP_PAX_ICV_LEN);
- eap_pax_mac(data->mac_id, data->ick, EAP_PAX_ICK_LEN,
- wpabuf_head(resp), wpabuf_len(resp) - EAP_PAX_ICV_LEN,
- NULL, 0, NULL, 0, rpos);
+ if (eap_pax_mac(data->mac_id, data->ick, EAP_PAX_ICK_LEN,
+ wpabuf_head(resp), wpabuf_len(resp) - EAP_PAX_ICV_LEN,
+ NULL, 0, NULL, 0, rpos) < 0) {
+ wpabuf_free(resp);
+ return NULL;
+ }
wpa_hexdump(MSG_MSGDUMP, "EAP-PAX: ICV", rpos, EAP_PAX_ICV_LEN);
data->state = PAX_DONE;
@@ -472,9 +475,13 @@
return NULL;
*len = EAP_MSK_LEN;
- eap_pax_kdf(data->mac_id, data->mk, EAP_PAX_MK_LEN,
- "Master Session Key", data->rand.e, 2 * EAP_PAX_RAND_LEN,
- EAP_MSK_LEN, key);
+ if (eap_pax_kdf(data->mac_id, data->mk, EAP_PAX_MK_LEN,
+ "Master Session Key",
+ data->rand.e, 2 * EAP_PAX_RAND_LEN,
+ EAP_MSK_LEN, key) < 0) {
+ os_free(key);
+ return NULL;
+ }
return key;
}
@@ -493,10 +500,13 @@
return NULL;
*len = EAP_EMSK_LEN;
- eap_pax_kdf(data->mac_id, data->mk, EAP_PAX_MK_LEN,
- "Extended Master Session Key",
- data->rand.e, 2 * EAP_PAX_RAND_LEN,
- EAP_EMSK_LEN, key);
+ if (eap_pax_kdf(data->mac_id, data->mk, EAP_PAX_MK_LEN,
+ "Extended Master Session Key",
+ data->rand.e, 2 * EAP_PAX_RAND_LEN,
+ EAP_EMSK_LEN, key) < 0) {
+ os_free(key);
+ return NULL;
+ }
return key;
}
diff --git a/src/eap_peer/eap_peap.c b/src/eap_peer/eap_peap.c
index 503d4b0..bf420cc 100644
--- a/src/eap_peer/eap_peap.c
+++ b/src/eap_peer/eap_peap.c
@@ -253,6 +253,7 @@
{
u8 *tk;
u8 isk[32], imck[60];
+ int resumed;
/*
* Tunnel key (TK) is the first 60 octets of the key generated by
@@ -263,8 +264,12 @@
return -1;
wpa_hexdump_key(MSG_DEBUG, "EAP-PEAP: TK", tk, 60);
- if (data->reauth &&
- tls_connection_resumed(sm->ssl_ctx, data->ssl.conn)) {
+ resumed = tls_connection_resumed(sm->ssl_ctx, data->ssl.conn);
+ wpa_printf(MSG_DEBUG,
+ "EAP-PEAP: CMK derivation - reauth=%d resumed=%d phase2_eap_started=%d phase2_success=%d",
+ data->reauth, resumed, data->phase2_eap_started,
+ data->phase2_success);
+ if (data->reauth && !data->phase2_eap_started && resumed) {
/* Fast-connect: IPMK|CMK = TK */
os_memcpy(data->ipmk, tk, 40);
wpa_hexdump_key(MSG_DEBUG, "EAP-PEAP: IPMK from TK",
diff --git a/src/eap_server/eap_server_fast.c b/src/eap_server/eap_server_fast.c
index e348eb3..2e03f88 100644
--- a/src/eap_server/eap_server_fast.c
+++ b/src/eap_server/eap_server_fast.c
@@ -412,11 +412,13 @@
static void * eap_fast_init(struct eap_sm *sm)
{
struct eap_fast_data *data;
- u8 ciphers[5] = {
+ u8 ciphers[7] = {
TLS_CIPHER_ANON_DH_AES128_SHA,
TLS_CIPHER_AES128_SHA,
TLS_CIPHER_RSA_DHE_AES128_SHA,
TLS_CIPHER_RC4_SHA,
+ TLS_CIPHER_RSA_DHE_AES256_SHA,
+ TLS_CIPHER_AES256_SHA,
TLS_CIPHER_NONE
};
diff --git a/src/fst/fst_session.c b/src/fst/fst_session.c
index f804b12..9e4dada 100644
--- a/src/fst/fst_session.c
+++ b/src/fst/fst_session.c
@@ -447,7 +447,9 @@
* the initiator’s MAC address, in which case, the responder
* shall delete the received FST Setup Request.
*/
- if (os_memcmp(mgmt->da, mgmt->sa, ETH_ALEN) > 0) {
+ if (fst_session_is_ready_pending(s) &&
+ /* waiting for Setup Response */
+ os_memcmp(mgmt->da, mgmt->sa, ETH_ALEN) > 0) {
fst_printf_session(s, MSG_WARNING,
"FST Request dropped due to MAC comparison (our MAC is "
MACSTR ")",
@@ -455,23 +457,26 @@
return;
}
- if (!fst_session_is_ready_pending(s)) {
- fst_printf_session(s, MSG_WARNING,
- "FST Request from " MACSTR
- " dropped due to inappropriate state %s",
- MAC2STR(mgmt->da),
- fst_session_state_name(s->state));
- return;
- }
+ /*
+ * State is SETUP_COMPLETION (either in transition or not) or
+ * TRANSITION_DONE (in transition).
+ * Setup Request arriving in this state could mean:
+ * 1. peer sent it before receiving our Setup Request (race
+ * condition)
+ * 2. peer didn't receive our Setup Response. Peer is retrying
+ * after STT timeout
+ * 3. peer's FST state machines are out of sync due to some
+ * other reason
+ *
+ * We will reset our session and create a new one instead.
+ */
+ fst_printf_session(s, MSG_WARNING,
+ "resetting due to FST request");
/*
* If FST Setup Request arrived with the same FSTS ID as one we
- * initialized before, it means the other side either didn't
- * receive our FST Request or skipped it for some reason (for
- * example, due to numerical MAC comparison).
- *
- * In this case, there's no need to tear down the session.
+ * initialized before, there's no need to tear down the session.
* Moreover, as FSTS ID is the same, the other side will
* associate this tear down with the session it initiated that
* will break the sync.
@@ -483,7 +488,6 @@
"Skipping TearDown as the FST request has the same FSTS ID as initiated");
fst_session_set_state(s, FST_SESSION_STATE_INITIAL, &evext);
fst_session_stt_disarm(s);
- fst_printf_session(s, MSG_WARNING, "reset due to FST request");
}
s = fst_session_create(g);
diff --git a/src/l2_packet/l2_packet_linux.c b/src/l2_packet/l2_packet_linux.c
index f52f7a2..a7a300e 100644
--- a/src/l2_packet/l2_packet_linux.c
+++ b/src/l2_packet/l2_packet_linux.c
@@ -33,8 +33,9 @@
#ifndef CONFIG_NO_LINUX_PACKET_SOCKET_WAR
/* For working around Linux packet socket behavior and regression. */
int fd_br_rx;
- int last_from_br;
+ int last_from_br, last_from_br_prev;
u8 last_hash[SHA1_MAC_LEN];
+ u8 last_hash_prev[SHA1_MAC_LEN];
unsigned int num_rx_br;
#endif /* CONFIG_NO_LINUX_PACKET_SOCKET_WAR */
};
@@ -171,6 +172,14 @@
__func__);
return;
}
+ if (l2->last_from_br_prev &&
+ os_memcmp(hash, l2->last_hash_prev, SHA1_MAC_LEN) == 0) {
+ wpa_printf(MSG_DEBUG, "%s: Drop duplicate RX(prev)",
+ __func__);
+ return;
+ }
+ os_memcpy(l2->last_hash_prev, l2->last_hash, SHA1_MAC_LEN);
+ l2->last_from_br_prev = l2->last_from_br;
os_memcpy(l2->last_hash, hash, SHA1_MAC_LEN);
}
@@ -206,6 +215,11 @@
wpa_printf(MSG_DEBUG, "%s: src=" MACSTR " len=%d",
__func__, MAC2STR(ll.sll_addr), (int) res);
+ if (os_memcmp(ll.sll_addr, l2->own_addr, ETH_ALEN) == 0) {
+ wpa_printf(MSG_DEBUG, "%s: Drop RX of own frame", __func__);
+ return;
+ }
+
addr[0] = buf;
len[0] = res;
sha1_vector(1, addr, len, hash);
@@ -214,6 +228,13 @@
wpa_printf(MSG_DEBUG, "%s: Drop duplicate RX", __func__);
return;
}
+ if (!l2->last_from_br_prev &&
+ os_memcmp(hash, l2->last_hash_prev, SHA1_MAC_LEN) == 0) {
+ wpa_printf(MSG_DEBUG, "%s: Drop duplicate RX(prev)", __func__);
+ return;
+ }
+ os_memcpy(l2->last_hash_prev, l2->last_hash, SHA1_MAC_LEN);
+ l2->last_from_br_prev = l2->last_from_br;
l2->last_from_br = 1;
os_memcpy(l2->last_hash, hash, SHA1_MAC_LEN);
l2->rx_callback(l2->rx_callback_ctx, ll.sll_addr, buf, res);
diff --git a/src/l2_packet/l2_packet_pcap.c b/src/l2_packet/l2_packet_pcap.c
index bb4f4a3..423c099 100644
--- a/src/l2_packet/l2_packet_pcap.c
+++ b/src/l2_packet/l2_packet_pcap.c
@@ -312,6 +312,18 @@
}
+struct l2_packet_data * l2_packet_init_bridge(
+ const char *br_ifname, const char *ifname, const u8 *own_addr,
+ unsigned short protocol,
+ void (*rx_callback)(void *ctx, const u8 *src_addr,
+ const u8 *buf, size_t len),
+ void *rx_callback_ctx, int l2_hdr)
+{
+ return l2_packet_init(br_ifname, own_addr, protocol, rx_callback,
+ rx_callback_ctx, l2_hdr);
+}
+
+
void l2_packet_deinit(struct l2_packet_data *l2)
{
if (l2 == NULL)
diff --git a/src/p2p/p2p.c b/src/p2p/p2p.c
index d901169..d28b4cd 100644
--- a/src/p2p/p2p.c
+++ b/src/p2p/p2p.c
@@ -1221,9 +1221,14 @@
p2p->start_after_scan = P2P_AFTER_SCAN_NOTHING;
p2p_clear_timeout(p2p);
+ if (p2p->pending_listen_freq) {
+ p2p_dbg(p2p, "Clear pending_listen_freq for p2p_find");
+ p2p->pending_listen_freq = 0;
+ }
p2p->cfg->stop_listen(p2p->cfg->cb_ctx);
p2p->find_type = type;
p2p_device_clear_reported(p2p);
+ os_memset(p2p->sd_query_no_ack, 0, ETH_ALEN);
p2p_set_state(p2p, P2P_SEARCH);
p2p->search_delay = search_delay;
p2p->in_search_delay = 0;
@@ -3159,13 +3164,18 @@
static int p2p_pre_find_operation(struct p2p_data *p2p, struct p2p_device *dev)
{
+ int res;
+
if (dev->sd_pending_bcast_queries == 0) {
/* Initialize with total number of registered broadcast
* SD queries. */
dev->sd_pending_bcast_queries = p2p->num_p2p_sd_queries;
}
- if (p2p_start_sd(p2p, dev) == 0)
+ res = p2p_start_sd(p2p, dev);
+ if (res == -2)
+ return -2;
+ if (res == 0)
return 1;
if (dev->req_config_methods &&
@@ -3185,7 +3195,7 @@
void p2p_continue_find(struct p2p_data *p2p)
{
struct p2p_device *dev;
- int found;
+ int found, res;
p2p_set_state(p2p, P2P_SEARCH);
@@ -3198,10 +3208,13 @@
}
if (!found)
continue;
- if (p2p_pre_find_operation(p2p, dev) > 0) {
+ res = p2p_pre_find_operation(p2p, dev);
+ if (res > 0) {
p2p->last_p2p_find_oper = dev;
return;
}
+ if (res == -2)
+ goto skip_sd;
}
/*
@@ -3209,14 +3222,19 @@
* iteration device.
*/
dl_list_for_each(dev, &p2p->devices, struct p2p_device, list) {
- if (p2p_pre_find_operation(p2p, dev) > 0) {
+ res = p2p_pre_find_operation(p2p, dev);
+ if (res > 0) {
p2p->last_p2p_find_oper = dev;
return;
}
+ if (res == -2)
+ goto skip_sd;
if (dev == p2p->last_p2p_find_oper)
break;
}
+skip_sd:
+ os_memset(p2p->sd_query_no_ack, 0, ETH_ALEN);
p2p_listen_in_find(p2p, 1);
}
@@ -3228,8 +3246,17 @@
p2p->pending_action_state = P2P_NO_PENDING_ACTION;
if (!success) {
- if (p2p->sd_peer)
+ if (p2p->sd_peer) {
+ if (is_zero_ether_addr(p2p->sd_query_no_ack)) {
+ os_memcpy(p2p->sd_query_no_ack,
+ p2p->sd_peer->info.p2p_device_addr,
+ ETH_ALEN);
+ p2p_dbg(p2p,
+ "First SD Query no-ACK in this search iteration: "
+ MACSTR, MAC2STR(p2p->sd_query_no_ack));
+ }
p2p->cfg->send_action_done(p2p->cfg->cb_ctx);
+ }
p2p->sd_peer = NULL;
if (p2p->state != P2P_IDLE)
p2p_continue_find(p2p);
@@ -3354,7 +3381,7 @@
NULL, p2p->p2ps_prov->adv_id,
p2p->p2ps_prov->session_id,
0, 0, NULL, 0, 0, 0,
- NULL, NULL, 0, 0);
+ NULL, NULL, 0, 0, NULL, 0);
}
if (p2p->user_initiated_pd)
@@ -3438,9 +3465,11 @@
* operation was started.
*/
p2p_dbg(p2p, "Ignore old scan result for " MACSTR
- " (rx_time=%u.%06u)",
+ " (rx_time=%u.%06u find_start=%u.%06u)",
MAC2STR(bssid), (unsigned int) rx_time->sec,
- (unsigned int) rx_time->usec);
+ (unsigned int) rx_time->usec,
+ (unsigned int) p2p->find_start.sec,
+ (unsigned int) p2p->find_start.usec);
return 0;
}
diff --git a/src/p2p/p2p.h b/src/p2p/p2p.h
index bfdb2c9..244fca4 100644
--- a/src/p2p/p2p.h
+++ b/src/p2p/p2p.h
@@ -1074,7 +1074,8 @@
size_t persist_ssid_size, int response_done,
int prov_start, const char *session_info,
const u8 *feat_cap, size_t feat_cap_len,
- unsigned int freq);
+ unsigned int freq, const u8 *group_ssid,
+ size_t group_ssid_len);
/**
* prov_disc_resp_cb - Callback for indicating completion of PD Response
diff --git a/src/p2p/p2p_i.h b/src/p2p/p2p_i.h
index 7f65ace..47524d4 100644
--- a/src/p2p/p2p_i.h
+++ b/src/p2p/p2p_i.h
@@ -308,6 +308,18 @@
*/
int num_p2p_sd_queries;
+ /**
+ * sd_query_no_ack - The first peer (Dev Addr) that did not ACK SD Query
+ *
+ * This is used to track the first peer that did not ACK an SD Query
+ * within a single P2P Search iteration. All zeros address means no such
+ * peer was yet seen. This information is used to allow a new Listen and
+ * Search phases to be once every pending SD Query has been sent once to
+ * each peer instead of looping all pending attempts continuously until
+ * running out of retry maximums.
+ */
+ u8 sd_query_no_ack[ETH_ALEN];
+
/* GO Negotiation data */
/**
diff --git a/src/p2p/p2p_pd.c b/src/p2p/p2p_pd.c
index c416ab6..d70a43c 100644
--- a/src/p2p/p2p_pd.c
+++ b/src/p2p/p2p_pd.c
@@ -1028,7 +1028,8 @@
NULL, adv_id, session_id,
0, 0, msg.persistent_ssid,
msg.persistent_ssid_len,
- 0, 0, NULL, NULL, 0, freq);
+ 0, 0, NULL, NULL, 0, freq,
+ NULL, 0);
} else if (msg.status && *msg.status == P2P_SC_SUCCESS_DEFERRED &&
p2p->p2ps_prov) {
p2p->p2ps_prov->status = reject;
@@ -1041,7 +1042,8 @@
session_id, conncap, 0,
msg.persistent_ssid,
msg.persistent_ssid_len, 0,
- 0, NULL, NULL, 0, freq);
+ 0, NULL, NULL, 0, freq,
+ NULL, 0);
else
p2p->cfg->p2ps_prov_complete(p2p->cfg->cb_ctx,
*msg.status,
@@ -1053,7 +1055,8 @@
msg.persistent_ssid_len, 0,
0, NULL,
(const u8 *) &resp_fcap,
- sizeof(resp_fcap), freq);
+ sizeof(resp_fcap), freq,
+ NULL, 0);
} else if (msg.status && p2p->p2ps_prov) {
p2p->p2ps_prov->status = P2P_SC_SUCCESS;
p2p->cfg->p2ps_prov_complete(p2p->cfg->cb_ctx, *msg.status, sa,
@@ -1064,7 +1067,7 @@
msg.persistent_ssid_len,
0, 0, NULL,
(const u8 *) &resp_fcap,
- sizeof(resp_fcap), freq);
+ sizeof(resp_fcap), freq, NULL, 0);
} else if (msg.status) {
} else if (auto_accept && reject == P2P_SC_SUCCESS) {
p2p->cfg->p2ps_prov_complete(p2p->cfg->cb_ctx, P2P_SC_SUCCESS,
@@ -1075,7 +1078,11 @@
msg.persistent_ssid_len,
0, 0, NULL,
(const u8 *) &resp_fcap,
- sizeof(resp_fcap), freq);
+ sizeof(resp_fcap), freq,
+ msg.group_id ?
+ msg.group_id + ETH_ALEN : NULL,
+ msg.group_id ?
+ msg.group_id_len - ETH_ALEN : 0);
} else if (reject == P2P_SC_FAIL_INFO_CURRENTLY_UNAVAILABLE &&
(!msg.session_info || !msg.session_info_len)) {
p2p->p2ps_prov->method = msg.wps_config_methods;
@@ -1088,7 +1095,7 @@
msg.persistent_ssid_len,
0, 1, NULL,
(const u8 *) &resp_fcap,
- sizeof(resp_fcap), freq);
+ sizeof(resp_fcap), freq, NULL, 0);
} else if (reject == P2P_SC_FAIL_INFO_CURRENTLY_UNAVAILABLE) {
size_t buf_len = msg.session_info_len;
char *buf = os_malloc(2 * buf_len + 1);
@@ -1106,7 +1113,7 @@
msg.persistent_ssid, msg.persistent_ssid_len,
0, 1, buf,
(const u8 *) &resp_fcap, sizeof(resp_fcap),
- freq);
+ freq, NULL, 0);
os_free(buf);
}
@@ -1468,7 +1475,9 @@
group_mac, adv_id, p2p->p2ps_prov->session_id,
conncap, passwd_id, msg.persistent_ssid,
msg.persistent_ssid_len, 1, 0, NULL,
- msg.feature_cap, msg.feature_cap_len, freq);
+ msg.feature_cap, msg.feature_cap_len, freq,
+ msg.group_id ? msg.group_id + ETH_ALEN : NULL,
+ msg.group_id ? msg.group_id_len - ETH_ALEN : 0);
}
p2ps_prov_free(p2p);
} else if (status != P2P_SC_SUCCESS &&
@@ -1479,7 +1488,7 @@
p2p->cfg->cb_ctx, status, sa, adv_mac,
p2p->p2ps_prov->session_mac,
group_mac, adv_id, p2p->p2ps_prov->session_id,
- 0, 0, NULL, 0, 1, 0, NULL, NULL, 0, 0);
+ 0, 0, NULL, 0, 1, 0, NULL, NULL, 0, 0, NULL, 0);
p2ps_prov_free(p2p);
}
diff --git a/src/p2p/p2p_sd.c b/src/p2p/p2p_sd.c
index 559af9d..2ef4c51 100644
--- a/src/p2p/p2p_sd.c
+++ b/src/p2p/p2p_sd.c
@@ -288,6 +288,14 @@
query = p2p_pending_sd_req(p2p, dev);
if (query == NULL)
return -1;
+ if (p2p->state == P2P_SEARCH &&
+ os_memcmp(p2p->sd_query_no_ack, dev->info.p2p_device_addr,
+ ETH_ALEN) == 0) {
+ p2p_dbg(p2p, "Do not start Service Discovery with " MACSTR
+ " due to it being the first no-ACK peer in this search iteration",
+ MAC2STR(dev->info.p2p_device_addr));
+ return -2;
+ }
p2p_dbg(p2p, "Start Service Discovery with " MACSTR,
MAC2STR(dev->info.p2p_device_addr));
diff --git a/src/wps/wps.c b/src/wps/wps.c
index fbaf85a..7c6dcb2 100644
--- a/src/wps/wps.c
+++ b/src/wps/wps.c
@@ -19,6 +19,10 @@
int wps_version_number = 0x20;
int wps_testing_dummy_cred = 0;
int wps_corrupt_pkhash = 0;
+int wps_force_auth_types_in_use = 0;
+u16 wps_force_auth_types = 0;
+int wps_force_encr_types_in_use = 0;
+u16 wps_force_encr_types = 0;
#endif /* CONFIG_WPS_TESTING */
diff --git a/src/wps/wps.h b/src/wps/wps.h
index 2c91d16..ff4dd10 100644
--- a/src/wps/wps.h
+++ b/src/wps/wps.h
@@ -1,6 +1,6 @@
/*
* Wi-Fi Protected Setup
- * Copyright (c) 2007-2013, Jouni Malinen <j@w1.fi>
+ * Copyright (c) 2007-2016, Jouni Malinen <j@w1.fi>
*
* This software may be distributed under the terms of the BSD license.
* See README for more details.
@@ -664,6 +664,16 @@
u16 encr_types;
/**
+ * encr_types_rsn - Enabled encryption types for RSN (WPS_ENCR_*)
+ */
+ u16 encr_types_rsn;
+
+ /**
+ * encr_types_wpa - Enabled encryption types for WPA (WPS_ENCR_*)
+ */
+ u16 encr_types_wpa;
+
+ /**
* auth_types - Authentication types (bit field of WPS_AUTH_*)
*/
u16 auth_types;
diff --git a/src/wps/wps_attr_build.c b/src/wps/wps_attr_build.c
index b689357..748620f 100644
--- a/src/wps/wps_attr_build.c
+++ b/src/wps/wps_attr_build.c
@@ -1,6 +1,6 @@
/*
* Wi-Fi Protected Setup - attribute building
- * Copyright (c) 2008, Jouni Malinen <j@w1.fi>
+ * Copyright (c) 2008-2016, Jouni Malinen <j@w1.fi>
*
* This software may be distributed under the terms of the BSD license.
* See README for more details.
@@ -298,7 +298,16 @@
auth_types &= ~WPS_AUTH_WPA;
auth_types &= ~WPS_AUTH_WPA2;
auth_types &= ~WPS_AUTH_SHARED;
- wpa_printf(MSG_DEBUG, "WPS: * Authentication Type Flags");
+#ifdef CONFIG_WPS_TESTING
+ if (wps_force_auth_types_in_use) {
+ wpa_printf(MSG_DEBUG,
+ "WPS: Testing - replace auth type 0x%x with 0x%x",
+ auth_types, wps_force_auth_types);
+ auth_types = wps_force_auth_types;
+ }
+#endif /* CONFIG_WPS_TESTING */
+ wpa_printf(MSG_DEBUG, "WPS: * Authentication Type Flags (0x%x)",
+ auth_types);
wpabuf_put_be16(msg, ATTR_AUTH_TYPE_FLAGS);
wpabuf_put_be16(msg, 2);
wpabuf_put_be16(msg, auth_types);
@@ -310,7 +319,16 @@
{
u16 encr_types = WPS_ENCR_TYPES;
encr_types &= ~WPS_ENCR_WEP;
- wpa_printf(MSG_DEBUG, "WPS: * Encryption Type Flags");
+#ifdef CONFIG_WPS_TESTING
+ if (wps_force_encr_types_in_use) {
+ wpa_printf(MSG_DEBUG,
+ "WPS: Testing - replace encr type 0x%x with 0x%x",
+ encr_types, wps_force_encr_types);
+ encr_types = wps_force_encr_types;
+ }
+#endif /* CONFIG_WPS_TESTING */
+ wpa_printf(MSG_DEBUG, "WPS: * Encryption Type Flags (0x%x)",
+ encr_types);
wpabuf_put_be16(msg, ATTR_ENCR_TYPE_FLAGS);
wpabuf_put_be16(msg, 2);
wpabuf_put_be16(msg, encr_types);
diff --git a/src/wps/wps_defs.h b/src/wps/wps_defs.h
index a23b979..301864d 100644
--- a/src/wps/wps_defs.h
+++ b/src/wps/wps_defs.h
@@ -14,6 +14,10 @@
extern int wps_version_number;
extern int wps_testing_dummy_cred;
extern int wps_corrupt_pkhash;
+extern int wps_force_auth_types_in_use;
+extern u16 wps_force_auth_types;
+extern int wps_force_encr_types_in_use;
+extern u16 wps_force_encr_types;
#define WPS_VERSION wps_version_number
#else /* CONFIG_WPS_TESTING */
diff --git a/src/wps/wps_registrar.c b/src/wps/wps_registrar.c
index 4ca3a42..25e88d5 100644
--- a/src/wps/wps_registrar.c
+++ b/src/wps/wps_registrar.c
@@ -1,6 +1,6 @@
/*
* Wi-Fi Protected Setup - Registrar
- * Copyright (c) 2008-2013, Jouni Malinen <j@w1.fi>
+ * Copyright (c) 2008-2016, Jouni Malinen <j@w1.fi>
*
* This software may be distributed under the terms of the BSD license.
* See README for more details.
@@ -1606,6 +1606,9 @@
wps->cred.ssid_len = wps->wps->ssid_len;
/* Select the best authentication and encryption type */
+ wpa_printf(MSG_DEBUG,
+ "WPS: Own auth types 0x%x - masked Enrollee auth types 0x%x",
+ wps->wps->auth_types, wps->auth_type);
if (wps->auth_type & WPS_AUTH_WPA2PSK)
wps->auth_type = WPS_AUTH_WPA2PSK;
else if (wps->auth_type & WPS_AUTH_WPAPSK)
@@ -1619,6 +1622,14 @@
}
wps->cred.auth_type = wps->auth_type;
+ wpa_printf(MSG_DEBUG,
+ "WPS: Own encr types 0x%x (rsn: 0x%x, wpa: 0x%x) - masked Enrollee encr types 0x%x",
+ wps->wps->encr_types, wps->wps->encr_types_rsn,
+ wps->wps->encr_types_wpa, wps->encr_type);
+ if (wps->wps->ap && wps->auth_type == WPS_AUTH_WPA2PSK)
+ wps->encr_type &= wps->wps->encr_types_rsn;
+ else if (wps->wps->ap && wps->auth_type == WPS_AUTH_WPAPSK)
+ wps->encr_type &= wps->wps->encr_types_wpa;
if (wps->auth_type == WPS_AUTH_WPA2PSK ||
wps->auth_type == WPS_AUTH_WPAPSK) {
if (wps->encr_type & WPS_ENCR_AES)
@@ -2343,6 +2354,23 @@
wpa_printf(MSG_DEBUG, "WPS: Enrollee Authentication Type flags 0x%x",
auth_types);
+#ifdef WPS_WORKAROUNDS
+ /*
+ * Some deployed implementations seem to advertise incorrect information
+ * in this attribute. A value of 0x1b (WPA2 + WPA + WPAPSK + OPEN, but
+ * no WPA2PSK) has been reported to be used. Add WPA2PSK to the list to
+ * avoid issues with building Credentials that do not use the strongest
+ * actually supported authentication option (that device does support
+ * WPA2PSK even when it does not claim it here).
+ */
+ if ((auth_types &
+ (WPS_AUTH_WPA2 | WPS_AUTH_WPA2PSK | WPS_AUTH_WPAPSK)) ==
+ (WPS_AUTH_WPA2 | WPS_AUTH_WPAPSK)) {
+ wpa_printf(MSG_DEBUG,
+ "WPS: Workaround - assume Enrollee supports WPA2PSK based on claimed WPA2 support");
+ auth_types |= WPS_AUTH_WPA2PSK;
+ }
+#endif /* WPS_WORKAROUNDS */
wps->auth_type = wps->wps->auth_types & auth_types;
if (wps->auth_type == 0) {
wpa_printf(MSG_DEBUG, "WPS: No match in supported "
diff --git a/wpa_supplicant/README b/wpa_supplicant/README
index f9c65d2..61be543 100644
--- a/wpa_supplicant/README
+++ b/wpa_supplicant/README
@@ -1,7 +1,7 @@
WPA Supplicant
==============
-Copyright (c) 2003-2015, Jouni Malinen <j@w1.fi> and contributors
+Copyright (c) 2003-2016, Jouni Malinen <j@w1.fi> and contributors
All Rights Reserved.
This program is licensed under the BSD license (the one with
diff --git a/wpa_supplicant/README-HS20 b/wpa_supplicant/README-HS20
index 161dc06..e523b58 100644
--- a/wpa_supplicant/README-HS20
+++ b/wpa_supplicant/README-HS20
@@ -564,3 +564,68 @@
<3>RX-ANQP 02:00:00:00:01:00 Roaming Consortium list
<3>RX-HS20-ANQP 02:00:00:00:01:00 HS Capability List
<3>ANQP fetch completed
+
+
+Hotspot 2.0 Rel 2 online signup and OSEN
+----------------------------------------
+
+Following parameters can be used to create a network profile for
+link-layer protected Hotspot 2.0 online signup connection with
+OSEN. Note that ssid and identify (NAI) values need to be set based on
+the information for the selected provider in the OSU Providers list
+ANQP-element.
+
+network={
+ ssid="HS 2.0 OSU"
+ proto=OSEN
+ key_mgmt=OSEN
+ pairwise=CCMP
+ group=GTK_NOT_USED
+ eap=WFA-UNAUTH-TLS
+ identity="anonymous@example.com"
+ ca_cert="osu-ca.pem"
+ ocsp=2
+}
+
+
+Hotspot 2.0 connection with external network selection
+------------------------------------------------------
+
+When an component controlling wpa_supplicant takes care of Interworking
+network selection, following configuration and network profile
+parameters can be used to configure a temporary network profile for a
+Hotspot 2.0 connection (e.g., with SET, ADD_NETWORK, SET_NETWORK, and
+SELECT_NETWORK control interface commands):
+
+interworking=1
+hs20=1
+auto_interworking=0
+
+network={
+ ssid="test-hs20"
+ proto=RSN
+ key_mgmt=WPA-EAP
+ pairwise=CCMP
+ anonymous_identity="anonymous@example.com"
+ identity="hs20-test@example.com"
+ password="password"
+ ca_cert="ca.pem"
+ eap=TTLS
+ phase2="auth=MSCHAPV2"
+ update_identifier=54321
+ #ocsp=2
+}
+
+
+These parameters are set based on the PPS MO credential and/or NAI Realm
+list ANQP-element:
+
+anonymous_identity: Credential/UsernamePassword/Username with username part
+ replaced with "anonymous"
+identity: Credential/UsernamePassword/Username
+password: Credential/UsernamePassword/Password
+update_identifier: PPS/UpdateIdentifier
+ca_cert: from the downloaded trust root based on PPS information
+eap: Credential/UsernamePassword/EAPMethod or NAI Realm list
+phase2: Credential/UsernamePassword/EAPMethod or NAI Realm list
+ocsp: Credential/CheckAAAServerCertStatus
diff --git a/wpa_supplicant/README-P2P b/wpa_supplicant/README-P2P
index 6a5b032..19cf155 100644
--- a/wpa_supplicant/README-P2P
+++ b/wpa_supplicant/README-P2P
@@ -151,6 +151,7 @@
p2p_connect <peer device address> <pbc|pin|PIN#|p2ps> [display|keypad|p2ps]
[persistent|persistent=<network id>] [join|auth]
[go_intent=<0..15>] [freq=<in MHz>] [ht40] [vht] [provdisc] [auto]
+ [ssid=<hexdump>]
Start P2P group formation with a discovered P2P peer. This includes
optional group owner negotiation, group interface setup, provisioning,
@@ -195,6 +196,12 @@
out whether the peer device is operating as a GO and if so, use
join-a-group operation rather than GO Negotiation.
+"ssid=<hexdump>" can be used to specify the Group SSID for join
+operations. This allows the P2P Client interface to filter scan results
+based on SSID to avoid selecting an incorrect BSS entry in case the same
+P2P Device or Interface address have been used in multiple groups
+recently.
+
P2PS attribute changes to p2p_connect command:
P2PS supports two WPS provisioning methods namely PIN method and P2PS default.
diff --git a/wpa_supplicant/ctrl_iface.c b/wpa_supplicant/ctrl_iface.c
index ecf8d2d..b3d6246 100644
--- a/wpa_supplicant/ctrl_iface.c
+++ b/wpa_supplicant/ctrl_iface.c
@@ -371,6 +371,20 @@
wps_corrupt_pkhash = atoi(value);
wpa_printf(MSG_DEBUG, "WPS: Testing - wps_corrupt_pkhash=%d",
wps_corrupt_pkhash);
+ } else if (os_strcasecmp(cmd, "wps_force_auth_types") == 0) {
+ if (value[0] == '\0') {
+ wps_force_auth_types_in_use = 0;
+ } else {
+ wps_force_auth_types = strtol(value, NULL, 0);
+ wps_force_auth_types_in_use = 1;
+ }
+ } else if (os_strcasecmp(cmd, "wps_force_encr_types") == 0) {
+ if (value[0] == '\0') {
+ wps_force_encr_types_in_use = 0;
+ } else {
+ wps_force_encr_types = strtol(value, NULL, 0);
+ wps_force_encr_types_in_use = 1;
+ }
#endif /* CONFIG_WPS_TESTING */
} else if (os_strcasecmp(cmd, "ampdu") == 0) {
if (wpa_drv_ampdu(wpa_s, atoi(value)) < 0)
@@ -4911,6 +4925,8 @@
int freq = 0;
int pd;
int ht40, vht, max_oper_chwidth, chwidth = 0, freq2 = 0;
+ u8 _group_ssid[SSID_MAX_LEN], *group_ssid = NULL;
+ size_t group_ssid_len = 0;
if (!wpa_s->global->p2p_init_wpa_s)
return -1;
@@ -4923,7 +4939,7 @@
/* <addr> <"pbc" | "pin" | PIN> [label|display|keypad|p2ps]
* [persistent|persistent=<network id>]
* [join] [auth] [go_intent=<0..15>] [freq=<in MHz>] [provdisc]
- * [ht40] [vht] [auto] */
+ * [ht40] [vht] [auto] [ssid=<hexdump>] */
if (hwaddr_aton(cmd, addr))
return -1;
@@ -4983,6 +4999,22 @@
if (max_oper_chwidth < 0)
return -1;
+ pos2 = os_strstr(pos, " ssid=");
+ if (pos2) {
+ char *end;
+
+ pos2 += 6;
+ end = os_strchr(pos2, ' ');
+ if (!end)
+ group_ssid_len = os_strlen(pos2) / 2;
+ else
+ group_ssid_len = (end - pos2) / 2;
+ if (group_ssid_len == 0 || group_ssid_len > SSID_MAX_LEN ||
+ hexstr2bin(pos2, _group_ssid, group_ssid_len) < 0)
+ return -1;
+ group_ssid = _group_ssid;
+ }
+
if (os_strncmp(pos, "pin", 3) == 0) {
/* Request random PIN (to be displayed) and enable the PIN */
wps_method = WPS_PIN_DISPLAY;
@@ -5008,7 +5040,8 @@
new_pin = wpas_p2p_connect(wpa_s, addr, pin, wps_method,
persistent_group, automatic, join,
auth, go_intent, freq, freq2, persistent_id,
- pd, ht40, vht, max_oper_chwidth);
+ pd, ht40, vht, max_oper_chwidth,
+ group_ssid, group_ssid_len);
if (new_pin == -2) {
os_memcpy(buf, "FAIL-CHANNEL-UNAVAILABLE\n", 25);
return 25;
@@ -6940,10 +6973,18 @@
wpas_abort_ongoing_scan(wpa_s);
+ if (wpa_s->wpa_state >= WPA_AUTHENTICATING) {
+ /*
+ * Avoid possible auto connect re-connection on getting
+ * disconnected due to state flush.
+ */
+ wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED);
+ }
+
#ifdef CONFIG_P2P
+ wpas_p2p_group_remove(p2p_wpa_s, "*");
wpas_p2p_cancel(p2p_wpa_s);
p2p_ctrl_flush(p2p_wpa_s);
- wpas_p2p_group_remove(p2p_wpa_s, "*");
wpas_p2p_service_flush(p2p_wpa_s);
p2p_wpa_s->global->p2p_disabled = 0;
p2p_wpa_s->global->p2p_per_sta_psk = 0;
@@ -6960,6 +7001,8 @@
wps_version_number = 0x20;
wps_testing_dummy_cred = 0;
wps_corrupt_pkhash = 0;
+ wps_force_auth_types_in_use = 0;
+ wps_force_encr_types_in_use = 0;
#endif /* CONFIG_WPS_TESTING */
#ifdef CONFIG_WPS
wpa_s->wps_fragment_size = 0;
diff --git a/wpa_supplicant/dbus/dbus_new_handlers_p2p.c b/wpa_supplicant/dbus/dbus_new_handlers_p2p.c
index a0c5ff7..e2f0afc 100644
--- a/wpa_supplicant/dbus/dbus_new_handlers_p2p.c
+++ b/wpa_supplicant/dbus/dbus_new_handlers_p2p.c
@@ -583,7 +583,7 @@
new_pin = wpas_p2p_connect(wpa_s, addr, pin, wps_method,
persistent_group, 0, join, authorize_only,
- go_intent, freq, 0, -1, 0, 0, 0, 0);
+ go_intent, freq, 0, -1, 0, 0, 0, 0, NULL, 0);
if (new_pin >= 0) {
char npin[9];
diff --git a/wpa_supplicant/doc/docbook/eapol_test.sgml b/wpa_supplicant/doc/docbook/eapol_test.sgml
index e9af6d9..3f22413 100644
--- a/wpa_supplicant/doc/docbook/eapol_test.sgml
+++ b/wpa_supplicant/doc/docbook/eapol_test.sgml
@@ -194,7 +194,7 @@
</refsect1>
<refsect1>
<title>Legal</title>
- <para>wpa_supplicant is copyright (c) 2003-2015,
+ <para>wpa_supplicant is copyright (c) 2003-2016,
Jouni Malinen <email>j@w1.fi</email> and
contributors.
All Rights Reserved.</para>
diff --git a/wpa_supplicant/doc/docbook/wpa_background.sgml b/wpa_supplicant/doc/docbook/wpa_background.sgml
index afb8c3b..13c9f45 100644
--- a/wpa_supplicant/doc/docbook/wpa_background.sgml
+++ b/wpa_supplicant/doc/docbook/wpa_background.sgml
@@ -90,7 +90,7 @@
<refsect1>
<title>Legal</title>
- <para>wpa_supplicant is copyright (c) 2003-2015,
+ <para>wpa_supplicant is copyright (c) 2003-2016,
Jouni Malinen <email>j@w1.fi</email> and
contributors.
All Rights Reserved.</para>
diff --git a/wpa_supplicant/doc/docbook/wpa_cli.sgml b/wpa_supplicant/doc/docbook/wpa_cli.sgml
index 47947c1..15400f0 100644
--- a/wpa_supplicant/doc/docbook/wpa_cli.sgml
+++ b/wpa_supplicant/doc/docbook/wpa_cli.sgml
@@ -345,7 +345,7 @@
</refsect1>
<refsect1>
<title>Legal</title>
- <para>wpa_supplicant is copyright (c) 2003-2015,
+ <para>wpa_supplicant is copyright (c) 2003-2016,
Jouni Malinen <email>j@w1.fi</email> and
contributors.
All Rights Reserved.</para>
diff --git a/wpa_supplicant/doc/docbook/wpa_gui.sgml b/wpa_supplicant/doc/docbook/wpa_gui.sgml
index 5f7b49d..352d3d2 100644
--- a/wpa_supplicant/doc/docbook/wpa_gui.sgml
+++ b/wpa_supplicant/doc/docbook/wpa_gui.sgml
@@ -91,7 +91,7 @@
</refsect1>
<refsect1>
<title>Legal</title>
- <para>wpa_supplicant is copyright (c) 2003-2015,
+ <para>wpa_supplicant is copyright (c) 2003-2016,
Jouni Malinen <email>j@w1.fi</email> and
contributors.
All Rights Reserved.</para>
diff --git a/wpa_supplicant/doc/docbook/wpa_passphrase.sgml b/wpa_supplicant/doc/docbook/wpa_passphrase.sgml
index b381e40..faf1f27 100644
--- a/wpa_supplicant/doc/docbook/wpa_passphrase.sgml
+++ b/wpa_supplicant/doc/docbook/wpa_passphrase.sgml
@@ -62,7 +62,7 @@
</refsect1>
<refsect1>
<title>Legal</title>
- <para>wpa_supplicant is copyright (c) 2003-2015,
+ <para>wpa_supplicant is copyright (c) 2003-2016,
Jouni Malinen <email>j@w1.fi</email> and
contributors.
All Rights Reserved.</para>
diff --git a/wpa_supplicant/doc/docbook/wpa_priv.sgml b/wpa_supplicant/doc/docbook/wpa_priv.sgml
index d13a5db..403c9b2 100644
--- a/wpa_supplicant/doc/docbook/wpa_priv.sgml
+++ b/wpa_supplicant/doc/docbook/wpa_priv.sgml
@@ -137,7 +137,7 @@
</refsect1>
<refsect1>
<title>Legal</title>
- <para>wpa_supplicant is copyright (c) 2003-2015,
+ <para>wpa_supplicant is copyright (c) 2003-2016,
Jouni Malinen <email>j@w1.fi</email> and
contributors.
All Rights Reserved.</para>
diff --git a/wpa_supplicant/doc/docbook/wpa_supplicant.sgml b/wpa_supplicant/doc/docbook/wpa_supplicant.sgml
index 46c21b5..c8c1ac4 100644
--- a/wpa_supplicant/doc/docbook/wpa_supplicant.sgml
+++ b/wpa_supplicant/doc/docbook/wpa_supplicant.sgml
@@ -736,7 +736,7 @@
</refsect1>
<refsect1>
<title>Legal</title>
- <para>wpa_supplicant is copyright (c) 2003-2015,
+ <para>wpa_supplicant is copyright (c) 2003-2016,
Jouni Malinen <email>j@w1.fi</email> and
contributors.
All Rights Reserved.</para>
diff --git a/wpa_supplicant/mesh_mpm.c b/wpa_supplicant/mesh_mpm.c
index 4caa55c..d509d7d 100644
--- a/wpa_supplicant/mesh_mpm.c
+++ b/wpa_supplicant/mesh_mpm.c
@@ -43,6 +43,7 @@
};
static const char * const mplstate[] = {
+ [0] = "UNINITIALIZED",
[PLINK_LISTEN] = "LISTEN",
[PLINK_OPEN_SENT] = "OPEN_SENT",
[PLINK_OPEN_RCVD] = "OPEN_RCVD",
@@ -360,6 +361,9 @@
goto fail;
}
+ wpa_msg(wpa_s, MSG_DEBUG, "Mesh MPM: Sending peering frame type %d to "
+ MACSTR " (my_lid=0x%x peer_lid=0x%x)",
+ type, MAC2STR(sta->addr), sta->my_lid, sta->peer_lid);
ret = wpa_drv_send_action(wpa_s, wpa_s->assoc_freq, 0,
sta->addr, wpa_s->own_addr, wpa_s->own_addr,
wpabuf_head(buf), wpabuf_len(buf), 0);
@@ -380,6 +384,9 @@
struct hostapd_sta_add_params params;
int ret;
+ wpa_msg(wpa_s, MSG_DEBUG, "MPM set " MACSTR " from %s into %s",
+ MAC2STR(sta->addr), mplstate[sta->plink_state],
+ mplstate[state]);
sta->plink_state = state;
os_memset(¶ms, 0, sizeof(params));
@@ -387,8 +394,6 @@
params.plink_state = state;
params.set = 1;
- wpa_msg(wpa_s, MSG_DEBUG, "MPM set " MACSTR " into %s",
- MAC2STR(sta->addr), mplstate[state]);
ret = wpa_drv_sta_add(wpa_s, ¶ms);
if (ret) {
wpa_msg(wpa_s, MSG_ERROR, "Driver failed to set " MACSTR
@@ -571,7 +576,8 @@
return NULL;
}
- mesh_mpm_init_link(wpa_s, sta);
+ if (!sta->my_lid)
+ mesh_mpm_init_link(wpa_s, sta);
#ifdef CONFIG_IEEE80211N
copy_sta_ht_capab(data, sta, elems->ht_capabilities);
@@ -663,10 +669,13 @@
return;
}
- if (conf->security == MESH_CONF_SEC_NONE)
- mesh_mpm_plink_open(wpa_s, sta, PLINK_OPEN_SENT);
- else
+ if (conf->security == MESH_CONF_SEC_NONE) {
+ if (sta->plink_state < PLINK_OPEN_SENT ||
+ sta->plink_state > PLINK_ESTAB)
+ mesh_mpm_plink_open(wpa_s, sta, PLINK_OPEN_SENT);
+ } else {
mesh_rsn_auth_sae_sta(wpa_s, sta);
+ }
}
@@ -715,8 +724,8 @@
eloop_cancel_timeout(plink_timer, wpa_s, sta);
/* Send ctrl event */
- wpa_msg_ctrl(wpa_s, MSG_INFO, MESH_PEER_CONNECTED MACSTR,
- MAC2STR(sta->addr));
+ wpa_msg(wpa_s, MSG_INFO, MESH_PEER_CONNECTED MACSTR,
+ MAC2STR(sta->addr));
}
@@ -854,9 +863,8 @@
" closed with reason %d",
MAC2STR(sta->addr), reason);
- wpa_msg_ctrl(wpa_s, MSG_INFO,
- MESH_PEER_DISCONNECTED MACSTR,
- MAC2STR(sta->addr));
+ wpa_msg(wpa_s, MSG_INFO, MESH_PEER_DISCONNECTED MACSTR,
+ MAC2STR(sta->addr));
hapd->num_plinks--;
diff --git a/wpa_supplicant/p2p_supplicant.c b/wpa_supplicant/p2p_supplicant.c
index d6acbd0..9b36b63 100644
--- a/wpa_supplicant/p2p_supplicant.c
+++ b/wpa_supplicant/p2p_supplicant.c
@@ -3950,7 +3950,8 @@
size_t persist_ssid_size, int response_done,
int prov_start, const char *session_info,
const u8 *feat_cap, size_t feat_cap_len,
- unsigned int freq)
+ unsigned int freq,
+ const u8 *group_ssid, size_t group_ssid_len)
{
struct wpa_supplicant *wpa_s = ctx;
u8 mac[ETH_ALEN];
@@ -4124,7 +4125,8 @@
wpa_s, P2P_SC_FAIL_UNKNOWN_GROUP,
dev, adv_mac, ses_mac,
grp_mac, adv_id, ses_id, 0, 0,
- NULL, 0, 0, 0, NULL, NULL, 0, 0);
+ NULL, 0, 0, 0, NULL, NULL, 0, 0,
+ NULL, 0);
return;
}
@@ -4191,16 +4193,24 @@
}
if (conncap == P2PS_SETUP_CLIENT) {
+ char ssid_hex[32 * 2 + 1];
+
+ if (group_ssid)
+ wpa_snprintf_hex(ssid_hex, sizeof(ssid_hex),
+ group_ssid, group_ssid_len);
+ else
+ ssid_hex[0] = '\0';
wpa_msg_global(wpa_s, MSG_INFO,
P2P_EVENT_P2PS_PROVISION_DONE MACSTR
" status=%d conncap=%x"
" adv_id=%x adv_mac=" MACSTR
" session=%x mac=" MACSTR
- " dev_passwd_id=%d join=" MACSTR "%s",
+ " dev_passwd_id=%d join=" MACSTR "%s%s%s",
MAC2STR(dev), status, conncap,
adv_id, MAC2STR(adv_mac),
ses_id, MAC2STR(ses_mac),
- passwd_id, MAC2STR(grp_mac), feat_cap_str);
+ passwd_id, MAC2STR(grp_mac), feat_cap_str,
+ group_ssid ? " group_ssid=" : "", ssid_hex);
} else {
wpa_msg_global(wpa_s, MSG_INFO,
P2P_EVENT_P2PS_PROVISION_DONE MACSTR
@@ -4769,7 +4779,8 @@
wpa_s->p2p_pd_before_go_neg,
wpa_s->p2p_go_ht40,
wpa_s->p2p_go_vht,
- wpa_s->p2p_go_max_oper_chwidth);
+ wpa_s->p2p_go_max_oper_chwidth,
+ NULL, 0);
return;
}
@@ -4815,8 +4826,7 @@
bss = wpa_bss_get(wpa_s, wpa_s->pending_join_iface_addr,
wpa_s->p2p_join_ssid,
wpa_s->p2p_join_ssid_len);
- }
- if (!bss) {
+ } else if (!bss) {
wpa_printf(MSG_DEBUG, "P2P: Trying to find target GO BSS entry based on BSSID "
MACSTR, MAC2STR(wpa_s->pending_join_iface_addr));
bss = wpa_bss_get_bssid_latest(wpa_s,
@@ -4915,7 +4925,8 @@
start:
/* Start join operation immediately */
- wpas_p2p_join_start(wpa_s, 0, NULL, 0);
+ wpas_p2p_join_start(wpa_s, 0, wpa_s->p2p_join_ssid,
+ wpa_s->p2p_join_ssid_len);
}
@@ -5081,8 +5092,13 @@
res.ssid_len = ssid_len;
os_memcpy(res.ssid, ssid, ssid_len);
} else {
- bss = wpa_bss_get_bssid_latest(wpa_s,
- wpa_s->pending_join_iface_addr);
+ if (ssid && ssid_len) {
+ bss = wpa_bss_get(wpa_s, wpa_s->pending_join_iface_addr,
+ ssid, ssid_len);
+ } else {
+ bss = wpa_bss_get_bssid_latest(
+ wpa_s, wpa_s->pending_join_iface_addr);
+ }
if (bss) {
res.freq = bss->freq;
res.ssid_len = bss->ssid_len;
@@ -5090,6 +5106,11 @@
wpa_printf(MSG_DEBUG, "P2P: Join target GO operating frequency from BSS table: %d MHz (SSID %s)",
bss->freq,
wpa_ssid_txt(bss->ssid, bss->ssid_len));
+ } else if (ssid && ssid_len) {
+ res.ssid_len = ssid_len;
+ os_memcpy(res.ssid, ssid, ssid_len);
+ wpa_printf(MSG_DEBUG, "P2P: Join target GO (SSID %s)",
+ wpa_ssid_txt(ssid, ssid_len));
}
}
@@ -5283,6 +5304,8 @@
* @vht: Start GO with VHT support
* @vht_chwidth: Channel width supported by GO operating with VHT support
* (VHT_CHANWIDTH_*).
+ * @group_ssid: Specific Group SSID for join or %NULL if not set
+ * @group_ssid_len: Length of @group_ssid in octets
* Returns: 0 or new PIN (if pin was %NULL) on success, -1 on unspecified
* failure, -2 on failure due to channel not currently available,
* -3 if forced channel is not supported
@@ -5292,7 +5315,8 @@
int persistent_group, int auto_join, int join, int auth,
int go_intent, int freq, unsigned int vht_center_freq2,
int persistent_id, int pd, int ht40, int vht,
- unsigned int vht_chwidth)
+ unsigned int vht_chwidth, const u8 *group_ssid,
+ size_t group_ssid_len)
{
int force_freq = 0, pref_freq = 0;
int ret = 0, res;
@@ -5375,7 +5399,8 @@
}
wpa_s->user_initiated_pd = 1;
if (wpas_p2p_join(wpa_s, iface_addr, dev_addr, wps_method,
- auto_join, freq, NULL, 0) < 0)
+ auto_join, freq,
+ group_ssid, group_ssid_len) < 0)
return -1;
return ret;
}
@@ -6480,8 +6505,12 @@
if (!offchannel_pending_action_tx(wpa_s))
return;
- if (wpa_s->p2p_send_action_work)
+ if (wpa_s->p2p_send_action_work) {
wpas_p2p_free_send_action_work(wpa_s);
+ eloop_cancel_timeout(wpas_p2p_send_action_work_timeout,
+ wpa_s, NULL);
+ offchannel_send_action_done(wpa_s);
+ }
wpa_printf(MSG_DEBUG, "P2P: Drop pending Action TX due to new "
"operation request");
@@ -7753,7 +7782,7 @@
wpa_s->p2p_pd_before_go_neg,
wpa_s->p2p_go_ht40,
wpa_s->p2p_go_vht,
- wpa_s->p2p_go_max_oper_chwidth);
+ wpa_s->p2p_go_max_oper_chwidth, NULL, 0);
return ret;
}
@@ -8288,7 +8317,9 @@
return wpas_p2p_connect(wpa_s, params->peer->p2p_device_addr, NULL,
WPS_NFC, 0, 0, 1, 0, wpa_s->conf->p2p_go_intent,
params->go_freq, wpa_s->p2p_go_vht_center_freq2,
- -1, 0, 1, 1, wpa_s->p2p_go_max_oper_chwidth);
+ -1, 0, 1, 1, wpa_s->p2p_go_max_oper_chwidth,
+ params->go_ssid_len ? params->go_ssid : NULL,
+ params->go_ssid_len);
}
@@ -8365,7 +8396,8 @@
return wpas_p2p_connect(wpa_s, params->peer->p2p_device_addr, NULL,
WPS_NFC, 0, 0, 0, 0, wpa_s->conf->p2p_go_intent,
forced_freq, wpa_s->p2p_go_vht_center_freq2,
- -1, 0, 1, 1, wpa_s->p2p_go_max_oper_chwidth);
+ -1, 0, 1, 1, wpa_s->p2p_go_max_oper_chwidth,
+ NULL, 0);
}
@@ -8380,7 +8412,8 @@
res = wpas_p2p_connect(wpa_s, params->peer->p2p_device_addr, NULL,
WPS_NFC, 0, 0, 0, 1, wpa_s->conf->p2p_go_intent,
forced_freq, wpa_s->p2p_go_vht_center_freq2,
- -1, 0, 1, 1, wpa_s->p2p_go_max_oper_chwidth);
+ -1, 0, 1, 1, wpa_s->p2p_go_max_oper_chwidth,
+ NULL, 0);
if (res)
return res;
diff --git a/wpa_supplicant/p2p_supplicant.h b/wpa_supplicant/p2p_supplicant.h
index 21ee41f..6a770d2 100644
--- a/wpa_supplicant/p2p_supplicant.h
+++ b/wpa_supplicant/p2p_supplicant.h
@@ -34,10 +34,11 @@
const u8 *peer_dev_addr);
int wpas_p2p_connect(struct wpa_supplicant *wpa_s, const u8 *peer_addr,
const char *pin, enum p2p_wps_method wps_method,
- int persistent_group, int auto_join, int join,
- int auth, int go_intent, int freq,
- unsigned int vht_center_freq2, int persistent_id,
- int pd, int ht40, int vht, unsigned int max_oper_chwidth);
+ int persistent_group, int auto_join, int join, int auth,
+ int go_intent, int freq, unsigned int vht_center_freq2,
+ int persistent_id, int pd, int ht40, int vht,
+ unsigned int vht_chwidth, const u8 *group_ssid,
+ size_t group_ssid_len);
int wpas_p2p_handle_frequency_conflicts(struct wpa_supplicant *wpa_s,
int freq, struct wpa_ssid *ssid);
int wpas_p2p_group_add(struct wpa_supplicant *wpa_s, int persistent_group,
diff --git a/wpa_supplicant/wpa_cli.c b/wpa_supplicant/wpa_cli.c
index aedd61a..1aea0a6 100644
--- a/wpa_supplicant/wpa_cli.c
+++ b/wpa_supplicant/wpa_cli.c
@@ -1,6 +1,6 @@
/*
* WPA Supplicant - command line interface for wpa_supplicant daemon
- * Copyright (c) 2004-2015, Jouni Malinen <j@w1.fi>
+ * Copyright (c) 2004-2016, Jouni Malinen <j@w1.fi>
*
* This software may be distributed under the terms of the BSD license.
* See README for more details.
@@ -28,7 +28,7 @@
static const char *const wpa_cli_version =
"wpa_cli v" VERSION_STR "\n"
-"Copyright (c) 2004-2015, Jouni Malinen <j@w1.fi> and contributors";
+"Copyright (c) 2004-2016, Jouni Malinen <j@w1.fi> and contributors";
static const char *const wpa_cli_license =
diff --git a/wpa_supplicant/wpa_priv.c b/wpa_supplicant/wpa_priv.c
index 850ec40..fa5a6de 100644
--- a/wpa_supplicant/wpa_priv.c
+++ b/wpa_supplicant/wpa_priv.c
@@ -1060,7 +1060,7 @@
static void usage(void)
{
printf("wpa_priv v" VERSION_STR "\n"
- "Copyright (c) 2007-2009, Jouni Malinen <j@w1.fi> and "
+ "Copyright (c) 2007-2016, Jouni Malinen <j@w1.fi> and "
"contributors\n"
"\n"
"usage:\n"
diff --git a/wpa_supplicant/wpa_supplicant.c b/wpa_supplicant/wpa_supplicant.c
index e588992..03b1353 100644
--- a/wpa_supplicant/wpa_supplicant.c
+++ b/wpa_supplicant/wpa_supplicant.c
@@ -1,6 +1,6 @@
/*
* WPA Supplicant
- * Copyright (c) 2003-2015, Jouni Malinen <j@w1.fi>
+ * Copyright (c) 2003-2016, Jouni Malinen <j@w1.fi>
*
* This software may be distributed under the terms of the BSD license.
* See README for more details.
@@ -58,7 +58,7 @@
const char *const wpa_supplicant_version =
"wpa_supplicant v" VERSION_STR "\n"
-"Copyright (c) 2003-2015, Jouni Malinen <j@w1.fi> and contributors";
+"Copyright (c) 2003-2016, Jouni Malinen <j@w1.fi> and contributors";
const char *const wpa_supplicant_license =
"This software may be distributed under the terms of the BSD license.\n"
@@ -1684,10 +1684,9 @@
return;
}
wpa_s->current_bss = bss;
- wpa_msg_ctrl(wpa_s, MSG_INFO, MESH_GROUP_STARTED
- "ssid=\"%s\" id=%d",
- wpa_ssid_txt(ssid->ssid, ssid->ssid_len),
- ssid->id);
+ wpa_msg(wpa_s, MSG_INFO, MESH_GROUP_STARTED "ssid=\"%s\" id=%d",
+ wpa_ssid_txt(ssid->ssid, ssid->ssid_len),
+ ssid->id);
#else /* CONFIG_MESH */
wpa_msg(wpa_s, MSG_ERROR,
"mesh mode support not included in the build");
@@ -2610,8 +2609,8 @@
#ifdef CONFIG_MESH
if (wpa_s->ifmsh) {
- wpa_msg_ctrl(wpa_s, MSG_INFO, MESH_GROUP_REMOVED "%s",
- wpa_s->ifname);
+ wpa_msg(wpa_s, MSG_INFO, MESH_GROUP_REMOVED "%s",
+ wpa_s->ifname);
wpa_supplicant_leave_mesh(wpa_s);
}
#endif /* CONFIG_MESH */
diff --git a/wpa_supplicant/wpa_supplicant.conf b/wpa_supplicant/wpa_supplicant.conf
index e204061..f3e913a 100644
--- a/wpa_supplicant/wpa_supplicant.conf
+++ b/wpa_supplicant/wpa_supplicant.conf
@@ -762,6 +762,7 @@
# FT-SAE = SAE with FT
# WPA-EAP-SUITE-B = Suite B 128-bit level
# WPA-EAP-SUITE-B-192 = Suite B 192-bit level
+# OSEN = Hotspot 2.0 Rel 2 online signup connection
# If not set, this defaults to: WPA-PSK WPA-EAP
#
# ieee80211w: whether management frame protection is enabled
@@ -1121,6 +1122,9 @@
# number of authentication servers. Strict EAP conformance mode can be
# configured by disabling workarounds with eap_workaround=0.
+# update_identifier: PPS MO ID
+# (Hotspot 2.0 PerProviderSubscription/UpdateIdentifier)
+
# Station inactivity limit
#
# If a station does not send anything in ap_max_inactivity seconds, an