Skip to content

GitLab

Switch branch/tag
  1. 28 Dec, 2015 1 commit
    • Dmitry Shmidt's avatar
      Cumulative patch from commit 324ade51e168f28430f4429849becd0f08d507c0 (DO NOT MERGE) · 014a3ff8
      Dmitry Shmidt authored 
      
324ade5 TLS: Make tls_cert_chain_failure_event() more robust
c6231b5 TLS: Remove storing of never-read value
15a6813 Remove unnecessary cleanup assignment in SHA1Final()
ef3866a nl80211: Don't call linux_iface_up() for a dedicated P2P Device
c2ed779 mesh: Document Mesh Peering Management element structure in more detail
b2817cd mesh: Check PMKID in AMPE Action frames
6c33eed mesh: Fix PMKID to match the standard
ede7770 wpa_supplicant: Do not wait for monitor on P2P Device interface
1c94570 Do not wait for monitor to attach if no control interface
f98674a Clone default LIBS value to LIBS_* for other tools
7d2f674 Add "GET_CAPABILITY acs" to allow ACS build option to be detected
d990971 wpa_supplicant: Enable Automatic Channel Selection support for AP mode
96bc508 Handle survey event properly in wpa_supplicant
d39f796 EAP-TNC peer: Remove dead code related to fragmentation
662512e P2PS: Remove dead code
abbbaa4 TNC: Print received IF-TNCCS message as debug ASCII hexdump
d745f02 EAP-TNC peer: Allow fragment_size to be configured
a67e7e5 RADIUS: Add EACCES to list of recognized send() errno values
5bd9be4 Fix RADIUS Called-Station-Id to not escape SSID
0764dd6 TLS client: Multi-OCSP check to cover intermediate CAs
d6b536f Add ocsp=3 configuration parameter for multi-OCSP
0268383 TLS: Move variable declaration to the beginning of the block
b567775 TLS client: OCSP stapling with ocsp_multi option (RFC 6961)
8ea6a27 TLS server: OCSP stapling with ocsp_multi option (RFC 6961)
5addb0d Server configuration for OCSP stapling with ocsp_multi (RFC 6961)
bca0872 TLS server: OCSP stapling
9532bd2 GnuTLS: OCSP stapling on the server side
6241766 Use wpa_msg() for the "RSN: PMKID mismatch" message
e161451 EAP-EKE: Merge identical error return paths
13cb0a6 EAP-EKE: Reject too long Prot() data when building a frame
0ab0de8 Document previously missing key_mgmt values

Change-Id: I9ac7d0da03d8baf4542e276ab20cb56e44bfa33c
Signed-off-by: default avatarDmitry Shmidt <dimitrysh@google.com>
      014a3ff8
  3. 22 Dec, 2015 1 commit
    • Dmitry Shmidt's avatar
      Cumulative patch from commit c24f8e8e75b46f0b191cca788b6f4c10bed81861 (DO NOT MERGE) · 7d56b757
      Dmitry Shmidt authored 
      
c24f8e8 GAS: Do not cancel initial offchannel wait with comeback delay 1
364282c GAS: Retry full GAS query if comeback response is not received
a587666 GAS server: Replenish temporary STA entry timeout on comeback request
8fb718a GAS: Shorten the duration of the wait for GAS comeback response
c012567 GAS: Clear offchannel_tx_started when ending remain-on-channel
cb73008 EAP-TTLS/PEAP/FAST: Reject unsupported Phase 2 method in configuration
18704f6 EAP-TLS: Merge common error paths
4f5c86e EAP-PEAP peer: Fix a memory leak on an error path
e7160bd Drop any pending EAPOL RX frame when starting a new connection
cd5895e WPA: Explicitly clear the buffer used for decrypting Key Data
4b90fcd EAP-PEAP peer: Check SHA1 result when deriving Compond_MAC
6ca5838 EAP-PEAP server: Add support for fast-connect crypto binding
6560caf EAP-PEAP peer: Remove unused return value and error path
61f25f8 HS 2.0: Remove duplicate icon entries
ca9968a HS 2.0: Convert icon storage to use dl_list
8dd5c1b HS 2.0: Add a command to retrieve icon with in-memory storage
0e92fb8 rfkill: Match only the correct expected wiphy rfkill
6da504a nl80211: Handle rfkill for P2P Device interface
96e8d83 wpa_supplicant: Add SIGNAL_MONITOR command
2c0d0ae GAS: End remain-on-channel due to delayed GAS comeback request
dabdef9 TDLS: Ignore incoming TDLS Setup Response retries
0fc5707 hlr_auc_gw: Simplify string parsers with str_token()
d67e63d hlr_auc_gw: Fix a typo in an error message
59e7120 hlr_auc_gw: Remove unnecessary assignment
685ea2f wpa_cli: Send ALL_STA command to the correct interface
0e6a2cf Disconnect before trying to switch to a different network
706e11a Avoid network selection from scan during connection
819ad5b utils: Fix NULL pointer dereference with unexpected kernel behavior
1b3dd69 P2P: Fix possible NULL pointer dereference
f24e488 EAP-TTLS peer: Fix parsing auth= and autheap= phase2 params
47c1de2 atheros: Unify memory processing functions
d06a350 mesh: Fix VHT Operation information in peering messages
8ba8c01 TLS: Report OCSP rejection cases when no valid response if found
f163ed8 TLS: Process OCSP SingleResponse(s)
8e3271d TLS: Store DER encoded version of Subject DN for X.509 certificates
32ce690 TLS: Share digest OID checkers from X.509
b72a367 TLS: Support longer X.509 serialNumber values
af4eba1 TLS: Parse and validate BasicOCSPResponse

Change-Id: I0fadef8993a548d64a4280372bc105fefa11e62a
Signed-off-by: default avatarDmitry Shmidt <dimitrysh@google.com>
      7d56b757
  5. 15 Dec, 2015 1 commit
    • Dmitry Shmidt's avatar
      Cumulative patch from commit 06f14421ea8644d12a7b0be6b583114869f9c451 (DO NOT MERGE) · 55840adb
      Dmitry Shmidt authored 
      
06f1442 TLS: Parse OCSPResponse to extract BasicOCSPResponse
d560288 TLS: Parse CertificateStatus message
eeba168 TLS: Add status_request ClientHello extension if OCSP is requested
4303d53 TLS: Parse ServerHello extensions
6b7bb42 TLS: Add minimal support for PKCS #12
5ce2941 TLS: Extend PKCS #5 to support PKCS #12 style key decryption
f6a62df TLS: Fix and complete ASN.1 tag list
3c108b7 EAP peer: External server certificate chain validation
b6e5e14 EAP-FAST peer: Fix PAC parser error messages
5b904b3 EAP-FAST: Check T-PRF result in MSK/EMSK derivation
b1d8c5c EAP-FAST peer: Fix error path handling for Session-Id
36478a1 OpenSSL: Support new API for HMAC/EVP_MD_CTX in OpenSSL 1.1.x-pre1
9257610 FT: Fix FTIE generation for EAPOL-Key msg 3/4
e44bd28 FT: Fix sm->assoc_resp_ftie storing on the AP side
59e78c2 FT: Fix FTIE generation for 4-way handshake after FT protocol run
b0ecbd3 AP: Use more readable version of management group cipher in error cases
651c6a8 Add TEST_ASSOC_IE for WPA/RSN IE testing on AP side
58059e6 FST: Print debug entry on MB IE update based on EVENT_AUTH
af041f9 dbus: Add support for vendor specific elements
5c8acf7 EAP-IKEv2: Check HMAC SHA1/MD5 result
7b991b4 Use proper build config for parsing proxy_arp
4db29e6 TLS: Add support for PKCS #5 v2.0 PBES2

Change-Id: I10b71e4d3573ef60a52ea6ff56afcd3a06a0b7b0
Signed-off-by: default avatarDmitry Shmidt <dimitrysh@google.com>
      55840adb
  7. 10 Dec, 2015 1 commit
  9. 04 Dec, 2015 1 commit
    • Dmitry Shmidt's avatar
      Cumulative patch from commit bf3214b59321f67375df1ee85722b2beb74e1f7a · d7ff03d4
      Dmitry Shmidt authored 
      
bf3214b P2P: Fix re-invoked client interface completion on data connection
63502c6 P2P: Fix P2P_CANCEL for p2p_in_invitation case
e007d53 EST: Comment out X509_REQ_print calls on Android with BoringSSL
e6f4832 EST: Add CSR generation support with BoringSSL
ed2566a EST: Implement pkcs7_to_cert() with BoringSSL
8d27efa HTTP (curl): OCSP with BoringSSL
213e158 BoringSSL: Move OCSP implementation into a separate file
f846211 BoringSSL: Support new SHA_CTX definition for EAP-SIM PRF
b34c623 OpenSSL: Fix build with current OpenSSL master branch snapshot
759a8a3 nl80211: Cancel all pending TX frame cookies
9ea91cd EAP-EKE peer: Fix memory leak on error path
328f49a P2P: Complete group formation on client data connection
0e559dc WPS: Support parallel UPnP WPS protocol runs
bea48f7 Allow sched_scan_plans to be updated at runtime
32c0226 Add support for configuring scheduled scan plans
09ea430 nl80211: Add support for multiple scan plans for scheduled scan
dd895e9 P2P: Make p2p_go_configured() more robust against unexpected calls
8811988 TLS client: Fix session_resumed status after TLS session ticket use
7fff91a Fix tls_connection_prf() regression with CONFIG_TLS=internal
1adf262 TLS: Add support for extKeyUsage X.509v3 extension
0755577 Add TEST_FAIL() support for internal hash functions
4104267 Fix memory leak on NFC DH generation error path
c5864dc TLS client: Add certificate chain validation failure callbacks
896a97d TLS client: Add support for disabling TLS versions
0cbc22b TLS client: Use TLS_CONN_* flags
20804fe TLS: Add support for tls_get_version()
f2a6ad0 TLS client: Add support for server certificate probing
b115eeb TLS: Add TLS v1.2 signature algorithm support for SHA384 and SHA512
c0acec3 crypto: Add CRYPTO_HASH_ALG_SHA384 and CRYPTO_HASH_ALG_SHA512
0aed915 TLS client: Add signature_algorithms extension into ClientHello
9e8809a TLS client: Validate certificates with SHA384 and SHA512 hashes
6bb6a9c Add SHA384 and SHA512 implementations from LibTomCrypt library
fdc1614 TLS client: Add support for validating server certificate hash
3665776 TLS client: Do not verify CA certificates when ca_cert is not specified
11c9ddb Add TEST_FAIL() condition to aes_128_cbc_encrypt/decrypt()
ea52a46 EAP-SIM peer: Fix memory leak on reauth error path
1a33c94 EAP-SAKE: Fix a typo in attribute parser debug print
53401e9 Abort ongoing scans on FLUSH command
e929eb3 wlantest: Add -N command line argument to remove write buffering
3c41749 hostapd: Add Transmit Power Envelope IE when VHT is enabled
2ea2166 Add control interface command for aborting an ongoing scan
4ead7cf Abort an ongoing scan before connect
4f30add nl80211: Add support for aborting an ongoing scan
5ef0b84 Sync with mac80211-next.git include/uapi/linux/nl80211.h
0530eb1 mesh: Clear wpa_s cipher selection on starting mesh
1d6955e nl80211: Fix SIGNAL_POLL in IBSS and mesh
0f29bc6 IBSS/mesh: Add support for VHT80P80 configuration
c27f4c9 P2P: Add support for VHT 80+80 MHz and 160 MHz
bee5d8e nl80211: Add VHT 160 MHz channel flags
5e1da9c P2P: Define operating classes for VHT 80+80 and 160
ea70811 FST: Improve parsing of Multiband IEs
b47d05a FST: Make FST peer connection check more permissive in hostapd
39c3c9b Remove wpa_supplicant/tests
9b635d0 Remove link_test and test_wpa
9e68742 Fix CONFIG_NO_WPA=y build
eb926f1 Comment out wpas_reenabled_network_time with CONFIG_NO_SCAN_PROCESSING
f231b3d FST: Fix STA MB IEs creation
ed7820b P2P: Add a testing option to force P2P GO CSA
6cbbae2 P2P: Set p2p_go_wait_client in invitation_result() cb
83702b6 Android: Give user the option for selecting browser for HS 2.0 OSU
cadffac wpa_cli: Add an option to set created interface type
0f039e3 Add an option to create interface of a certain type with INTERFACE_ADD
d8a3b66 driver: Make setting up AP optional when creating AP interface
36e8206 Check for LIBRESSL_VERSION_NUMBER in tls_openssl.c
2c51c0b P2P: Clear send action work without waiting on find/stop/listen
6bdc43c AP: Avoid 20/40 MHz co-ex scan if PRI/SEC switch is not allowed
757785d nl80211: Clear ignore_next_local_deauth flag
cb2a926 nl80211: Clear ignore_next_local_deauth and ignore_deauth_event
f32227e Add QCA vendor attribute and event to indicate subnet change status
d38c7be Skip SELECT_NETWORK steps only if already connected or connecting
25eb7fc Fix EAPOL reauth after FT protocol or offloaded PMKSA cache use
f68d491 FT auth: Fix EAPOL reauthentication after FT protocol run
a65efbf Add VHT support for Mesh
a73c984 Set WMM flag to Mesh STA by default
9a8d9f7 Assign QCA vendor command and attribute for Tx power reduction in dB
747ba10 nl80211: Do not return incomplete hw capability info
5e238cc WPS: Reconnect for a failed data connection when STA_AUTOCONNECT is 0
442cc8c dbus: Fix memory leak in sending InvitationReceived signal
0603bcb hostapd: Process MAC ACLs on a station association event (SME in driver)
89a11ad RSN: Remove check for proactive_key_caching while setting PMK offload
d381963 Extend QCA roam event with subnet change indication

Change-Id: I122220f59ef56e25ed2749a37370a40afafa177a
Signed-off-by: default avatarDmitry Shmidt <dimitrysh@google.com>
      d7ff03d4
  11. 16 Nov, 2015 1 commit
    • Dmitry Shmidt's avatar
      Cumulative patch from commit 07e3653922513f4309528e299b9ee569c0fe1d28 · b70d0bbd
      Dmitry Shmidt authored 
      
07e3653 dbus: Do not use pointer arithmetic with a void pointer
3b49719 Android: Use libdbus rather than dbus-1
5b75ece Document passive_scan option for wpa_supplicant.conf
68ac584 nl80211: Add debug message for passive scanning
2d0fe6b dbus: Add SaveConfig to update configuration file
a3dff7d P2P: Fix a typo in debug message
fb7e7da dbus: Fix a copy-paste error in debug print
9557788 EAP-pwd peer: Fix error path for unexpected Confirm message
bef802e EAP-pwd server: Fix last fragment length validation
8057821 EAP-pwd peer: Fix last fragment length validation
03ed0a52 WNM: Ignore WNM-Sleep Mode Response if WNM-Sleep Mode has not been used
2cb28a4 WNM: Ignore Key Data in WNM Sleep Mode Response frame if no PMF in use

Change-Id: Iaa3ec4905772219f13837a8c2e367fc0b3d862f2
Signed-off-by: default avatarDmitry Shmidt <dimitrysh@google.com>
      b70d0bbd
  13. 09 Nov, 2015 29 commits
  15. 06 Nov, 2015 4 commits
    • Jouni Malinen's avatar
      WNM: Ignore Key Data in WNM Sleep Mode Response frame if no PMF in use · 1e9857b5
      Jouni Malinen authored 
      
WNM Sleep Mode Response frame is used to update GTK/IGTK only if PMF is
enabled. Verify that PMF is in use before using this field on station
side to avoid accepting unauthenticated key updates.

Bug: 25266660

Change-Id: Ib4b80f9c9e4aa5ea0b827c5202809c9660ad9b39
Signed-off-by: default avatarJouni Malinen <j@w1.fi>
Signed-off-by: default avatarDmitry Shmidt <dimitrysh@google.com>
      1e9857b5
    • Jouni Malinen's avatar
      EAP-pwd server: Fix last fragment length validation · c61bad6b
      Jouni Malinen authored 
      
All but the last fragment had their length checked against the remaining
room in the reassembly buffer. This allowed a suitably constructed last
fragment frame to try to add extra data that would go beyond the buffer.
The length validation code in wpabuf_put_data() prevents an actual
buffer write overflow from occurring, but this results in process
termination. (CVE-2015-5314)

Bug: 25510821

Change-Id: I43a9e6270b4ae693fae15314c3ba1f4baef7c083
Signed-off-by: default avatarJouni Malinen <j@w1.fi>
Signed-off-by: default avatarDmitry Shmidt <dimitrysh@google.com>
      c61bad6b
    • Jouni Malinen's avatar
      EAP-pwd peer: Fix last fragment length validation · 3aa9ad54
      Jouni Malinen authored 
      
All but the last fragment had their length checked against the remaining
room in the reassembly buffer. This allowed a suitably constructed last
fragment frame to try to add extra data that would go beyond the buffer.
The length validation code in wpabuf_put_data() prevents an actual
buffer write overflow from occurring, but this results in process
termination. (CVE-2015-5315)

Bug: 25510821

Change-Id: Ic509a6efedc3da9ff40f2842fab5547d087f64de
Signed-off-by: default avatarJouni Malinen <j@w1.fi>
Signed-off-by: default avatarDmitry Shmidt <dimitrysh@google.com>
      3aa9ad54
    • Dmitry Shmidt's avatar
      Cumulative patch from commit f10ff62e4eda7917a8e28fe492fd98723a5e97c4 · d80a401a
      Dmitry Shmidt authored 
      
f10ff62 Describe preferred mechanism for submitting contributions
fcdb359 Use "STATUS-NO_EVENTS" instead of "STATUS" in get_wpa_status function
73ed03f wpa_supplicant: Add GTK RSC relaxation workaround
ea6030c Restore previous wpa_state in scan-only result handler
1e74ae4 WNM: Clear BSS TM data if already associated with preferred candidate
d129b02 EAP-pwd: Add support for Brainpool Elliptic Curves
a34eace dbus: Remove unused dict helper functions
cdcb2d0 wpa_cli: Add support for vendor_elem_* commands
17b7032 EAP peer: Clear ignore flag in INITIALIZE state
1f1e619 Add test programs for checking libwpa_client linking
736b7cb wpa_supplicant/Makefile: Fix libwpa_client build
2e38079 TLS: Fix memory leak with multiple TLS server instances
7b0f550 eap_sim_db: Implement eap_sim_db_expire_pending()
45c3e72 Add frequency to operating class determination for 5 GHz 100..140
e50c50d dbus: Expose interface globals via D-Bus properties
1aa0fb7 dbus: Pass property description to getters/setters
c93b7e1 RSN: Check result of EAPOL-Key frame send request
95be79f Allow -1 as value to disable frag_threshold
bc50bb0 Extend the range of values for the RTS threshold
053693d hostapd: Add feature to start all interfaces at the same time in sync
9578413 Reserve QCA vendor specific nl80211 commands 110..114
5d4c508 Assign QCA commands and attributes for Tx power scaling and OTA testing
5d1d69a P2P: Filter control chars in group client device name similarly to peer
f67d1a0 TDLS: Do not send error case of TPK M3 if TX fails
1248e58 wpa_supplicant: Reopen debug log file upon receipt of SIGHUP signal
d8fd633 Do not write ERROR level log entries if debug file is not used
67deaa5 l2_packet: Add build option to disable Linux packet socket workaround
fa46426 RSN: Do not try to connect if PMF disabled and AP requires it
8acbe7f WNM: Verify WNM Sleep Mode element length
dacd789 WNM: Mark set TFS buffer const
...
f24b979 OpenSSL: Merge error returns
84d6a17 TLS: Remove unused tls_capabilities()
7867227 ms_funcs: Merge similar return cases
3596361 hw_features: Merge similar return case in check_40mhz_2g4()
aac1efe Reject the initial 4-way handshake if initial GTK setup fails
2da5256 Add backtrace-based error path testing mechanism
55413ce P2P: Do not allow 40 MHz co-ex PRI/SEC switch to force MCC

Next patches were skipped due to explicit cherry-pick:
bddc51e RSN: Stop connection attempt on apparent PMK mismatch
3fdaaa8 Throttle control interface event message bursts
a530fe7 Add wpa_supplicant EVENT_TEST control interface command
ee1e3f5 hostapd: Global control interface notifications
2e95cfc Add debug prints for wpa_supplicant ctrl_iface socket send operations
ce7d0eb Update AP WPA/RSN IE on all associations if driver can select BSS
844dfeb QCA vendor command support to set band to driver

Change-Id: I909996c5afcd3b5d123ea1e23c0e1212021f7625
Signed-off-by: default avatarDmitry Shmidt <dimitrysh@google.com>
      d80a401a
  17. 03 Nov, 2015 1 commit