CVS commit: src/external/bsd/wpa/dist/src/common
Module Name:src
Committed By: rillig
Date: Sat May 15 19:19:55 UTC 2021
Modified Files:
src/external/bsd/wpa/dist/src/common: dpp.c
Log Message:
wpa: fix Clang build
src/external/bsd/wpa/bin/hostapd/../../dist/src/common/dpp.c:5377:7:
error: format specifies type 'unsigned long' but the argument has type
'os_time_t' (aka 'long long') [-Werror,-Wformat]
To generate a diff of this commit:
cvs rdiff -u -r1.1.1.2 -r1.2 src/external/bsd/wpa/dist/src/common/dpp.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/external/bsd/wpa/dist/src/common/dpp.c
diff -u src/external/bsd/wpa/dist/src/common/dpp.c:1.1.1.2 src/external/bsd/wpa/dist/src/common/dpp.c:1.2
--- src/external/bsd/wpa/dist/src/common/dpp.c:1.1.1.2 Mon Mar 1 01:37:55 2021
+++ src/external/bsd/wpa/dist/src/common/dpp.c Sat May 15 19:19:55 2021
@@ -5373,8 +5373,9 @@ int dpp_key_expired(const char *timestam
}
if (now.sec > utime) {
- wpa_printf(MSG_DEBUG, "DPP: Key has expired (%lu < %lu)",
- utime, now.sec);
+ wpa_printf(MSG_DEBUG, "DPP: Key has expired (%llu < %llu)",
+ (unsigned long long)utime,
+ (unsigned long long)now.sec);
return 1;
}
CVS commit: src/external/bsd/wpa/dist/src/drivers
Module Name:src
Committed By: roy
Date: Fri Jan 1 14:57:14 UTC 2021
Modified Files:
src/external/bsd/wpa/dist/src/drivers: driver_bsd.c
Log Message:
wpa: If route socket overflows, sync drivers to system interfaces
Messages such as RTM_IFNFO or RTM_IFANNOUNCE could have been lost.
As such, sync the state of our internal driver to the state of the
system interfaces as reported by getifaddrs(2).
This change requires the routing socket be placed in non-blocking
mode. While here, set the routing and inet sockets to close on exec.
To generate a diff of this commit:
cvs rdiff -u -r1.37 -r1.38 src/external/bsd/wpa/dist/src/drivers/driver_bsd.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/external/bsd/wpa/dist/src/drivers/driver_bsd.c
diff -u src/external/bsd/wpa/dist/src/drivers/driver_bsd.c:1.37 src/external/bsd/wpa/dist/src/drivers/driver_bsd.c:1.38
--- src/external/bsd/wpa/dist/src/drivers/driver_bsd.c:1.37 Tue Jul 21 10:34:16 2020
+++ src/external/bsd/wpa/dist/src/drivers/driver_bsd.c Fri Jan 1 14:57:14 2021
@@ -16,7 +16,9 @@
#include "common/ieee802_11_defs.h"
#include "common/wpa_common.h"
+#include
#include
+#include
#include
#ifdef __NetBSD__
@@ -615,6 +617,108 @@ bsd_set_opt_ie(void *priv, const u8 *ie,
return 0;
}
+#ifdef SO_RERROR
+static void
+bsd_route_overflow(int sock, void *ctx, struct bsd_driver_global *global)
+{
+ char event_buf[2048]; /* max size of a single route(4) msg */
+ int n;
+ struct ifaddrs *ifaddrs, *ifa;
+ struct bsd_driver_data *drv;
+ struct sockaddr_dl *sdl;
+ union wpa_event_data event;
+
+ /* We need to match the system state, so drain the route
+ * socket to avoid stale messages. */
+ do {
+ n = read(sock, event_buf, sizeof(event_buf));
+ } while (n != -1 || errno == ENOBUFS);
+
+ if (getifaddrs() == -1) {
+ wpa_printf(MSG_ERROR, "%s getifaddrs() failed: %s",
+ __func__, strerror(errno));
+ return;
+ }
+
+ /* add or update existing interfaces */
+ for (ifa = ifaddrs; ifa != NULL; ifa = ifa->ifa_next) {
+ if (ifa->ifa_addr == NULL ||
+ ifa->ifa_addr->sa_family != AF_LINK)
+ continue;
+ sdl = (struct sockaddr_dl *)(void *)ifa->ifa_addr;
+ drv = bsd_get_drvname(global, ifa->ifa_name);
+ if (drv != NULL &&
+ (drv->ifindex != sdl->sdl_index || drv->if_removed)) {
+ wpa_printf(MSG_DEBUG,
+ "RTM_IFANNOUNCE: Interface '%s' added",
+ drv->ifname);
+ drv->ifindex = sdl->sdl_index;
+ drv->if_removed = 0;
+ event.interface_status.ievent = EVENT_INTERFACE_ADDED;
+ os_strlcpy(event.interface_status.ifname, ifa->ifa_name,
+ sizeof(event.interface_status.ifname));
+ wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_STATUS,
+ );
+ }
+ if (drv == NULL &&
+ (drv = bsd_get_drvindex(global, sdl->sdl_index)) != NULL) {
+ /* Driver name is invalid */
+ wpa_printf(MSG_DEBUG,
+ "RTM_IFANNOUNCE: Interface '%s' removed",
+ drv->ifname);
+ drv->if_removed = 1;
+ event.interface_status.ievent = EVENT_INTERFACE_REMOVED;
+ os_strlcpy(event.interface_status.ifname, drv->ifname,
+ sizeof(event.interface_status.ifname));
+ wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_STATUS,
+ );
+ }
+ }
+
+ /* punt missing interfaces and update flags */
+ dl_list_for_each(drv, >ifaces, struct bsd_driver_data, list) {
+ for (ifa = ifaddrs; ifa != NULL; ifa = ifa->ifa_next) {
+ if (ifa->ifa_addr == NULL ||
+ ifa->ifa_addr->sa_family != AF_LINK)
+continue;
+ sdl = (struct sockaddr_dl *)(void *)ifa->ifa_addr;
+ if (os_strcmp(drv->ifname, ifa->ifa_name) == 0)
+break;
+ }
+ if (ifa == NULL && !drv->if_removed) {
+ wpa_printf(MSG_DEBUG,
+ "RTM_IFANNOUNCE: Interface '%s' removed",
+ drv->ifname);
+ drv->if_removed = 1;
+ event.interface_status.ievent = EVENT_INTERFACE_REMOVED;
+ os_strlcpy(event.interface_status.ifname, drv->ifname,
+ sizeof(event.interface_status.ifname));
+ wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_STATUS,
+ );
+ }
+ if (ifa == NULL)
+ continue;
+
+ if ((ifa->ifa_flags & IFF_UP) == 0 &&
+ (drv->flags & IFF_UP) != 0) {
+ wpa_printf(MSG_DEBUG, "RTM_IFINFO: Interface '%s' DOWN",
+ drv->ifname);
+ wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_DISABLED,
+ NULL);
+ } else if ((ifa->ifa_flags & IFF_UP) != 0 &&
+ (drv->flags & IFF_UP) == 0) {
+ wpa_printf(MSG_DEBUG, "RTM_IFINFO: Interface '%s' UP",
+ drv->ifname);
+ wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_ENABLED,
+ NULL);
+ }
+ drv->flags = ifa->ifa_flags;
+ }
+
+ freeifaddrs(ifaddrs);
+}
+#endif
+
static void
bsd_wireless_event_receive(int sock, void *ctx, void *sock_ctx)
{
@@ -635,6 +739,10 @@ bsd_wireless_event_receive(int sock, voi
if (errno != EINTR && errno != EAGAIN)
wpa_printf(MSG_ERROR, "%s read() failed: %s",
__func__, strerror(errno));
+#ifdef SO_RERROR
+ if
CVS commit: src/external/bsd/wpa/dist/wpa_supplicant
Module Name:src
Committed By: roy
Date: Tue Jul 21 13:18:58 UTC 2020
Modified Files:
src/external/bsd/wpa/dist/wpa_supplicant: events.c wpa_supplicant.c
wpa_supplicant_i.h
Log Message:
wpa_supplicant: Matching unspecified interfaces should not log driver fails
If there is no matching interface given, but interface matching is enabled
then all interfaces on the system will try to be initialized.
Non wireless interfaces will fail and the loopback device will be one
of these, so just log a diagnostic rather than an error.
To generate a diff of this commit:
cvs rdiff -u -r1.7 -r1.8 src/external/bsd/wpa/dist/wpa_supplicant/events.c
cvs rdiff -u -r1.10 -r1.11 \
src/external/bsd/wpa/dist/wpa_supplicant/wpa_supplicant.c
cvs rdiff -u -r1.4 -r1.5 \
src/external/bsd/wpa/dist/wpa_supplicant/wpa_supplicant_i.h
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/external/bsd/wpa/dist/wpa_supplicant/events.c
diff -u src/external/bsd/wpa/dist/wpa_supplicant/events.c:1.7 src/external/bsd/wpa/dist/wpa_supplicant/events.c:1.8
--- src/external/bsd/wpa/dist/wpa_supplicant/events.c:1.7 Fri Jan 4 21:22:21 2019
+++ src/external/bsd/wpa/dist/wpa_supplicant/events.c Tue Jul 21 13:18:58 2020
@@ -4825,8 +4825,6 @@ void wpa_supplicant_event_global(void *c
return;
wpa_s = wpa_supplicant_add_iface(ctx, wpa_i, NULL);
os_free(wpa_i);
- if (wpa_s)
- wpa_s->matched = 1;
}
#endif /* CONFIG_MATCH_IFACE */
Index: src/external/bsd/wpa/dist/wpa_supplicant/wpa_supplicant.c
diff -u src/external/bsd/wpa/dist/wpa_supplicant/wpa_supplicant.c:1.10 src/external/bsd/wpa/dist/wpa_supplicant/wpa_supplicant.c:1.11
--- src/external/bsd/wpa/dist/wpa_supplicant/wpa_supplicant.c:1.10 Fri Jan 4 21:22:21 2019
+++ src/external/bsd/wpa/dist/wpa_supplicant/wpa_supplicant.c Tue Jul 21 13:18:58 2020
@@ -5298,6 +5298,8 @@ next_driver:
wpa_s->drv_priv = wpa_drv_init(wpa_s, wpa_s->ifname);
if (wpa_s->drv_priv == NULL) {
const char *pos;
+ int level;
+
pos = driver ? os_strchr(driver, ',') : NULL;
if (pos) {
wpa_dbg(wpa_s, MSG_DEBUG, "Failed to initialize "
@@ -5305,7 +5307,14 @@ next_driver:
driver = pos + 1;
goto next_driver;
}
- wpa_msg(wpa_s, MSG_ERROR, "Failed to initialize driver "
+
+#ifdef CONFIG_MATCH_IFACE
+ if (wpa_s->matched == WPA_IFACE_MATCHEDNULL)
+ level = MSG_DEBUG;
+ else
+#endif
+ level = MSG_ERROR;
+ wpa_msg(wpa_s, level, "Failed to initialize driver "
"interface");
return -1;
}
@@ -5451,6 +5460,9 @@ static int wpa_supplicant_init_iface(str
return -1;
}
os_strlcpy(wpa_s->ifname, iface->ifname, sizeof(wpa_s->ifname));
+#ifdef CONFIG_MATCH_IFACE
+ wpa_s->matched = iface->matched;
+#endif
if (iface->bridge_ifname) {
if (os_strlen(iface->bridge_ifname) >=
@@ -5829,6 +5841,10 @@ struct wpa_interface * wpa_supplicant_ma
if (!iface)
return NULL;
*iface = *miface;
+ if (!miface->ifname)
+iface->matched = WPA_IFACE_MATCHEDNULL;
+ else
+iface->matched = WPA_IFACE_MATCHED;
iface->ifname = ifname;
return iface;
}
@@ -5863,8 +5879,6 @@ static int wpa_supplicant_match_existing
if (iface) {
wpa_s = wpa_supplicant_add_iface(global, iface, NULL);
os_free(iface);
- if (wpa_s)
-wpa_s->matched = 1;
}
}
Index: src/external/bsd/wpa/dist/wpa_supplicant/wpa_supplicant_i.h
diff -u src/external/bsd/wpa/dist/wpa_supplicant/wpa_supplicant_i.h:1.4 src/external/bsd/wpa/dist/wpa_supplicant/wpa_supplicant_i.h:1.5
--- src/external/bsd/wpa/dist/wpa_supplicant/wpa_supplicant_i.h:1.4 Fri Jan 4 21:22:21 2019
+++ src/external/bsd/wpa/dist/wpa_supplicant/wpa_supplicant_i.h Tue Jul 21 13:18:58 2020
@@ -118,6 +118,17 @@ struct wpa_interface {
* interface that is not a network interface.
*/
int p2p_mgmt;
+
+#ifdef CONFIG_MATCH_IFACE
+ /**
+ * matched - Interface was matched rather than specified
+ *
+ */
+ int matched;
+#define WPA_IFACE_NOTMATCHED 0
+#define WPA_IFACE_MATCHEDNULL 1
+#define WPA_IFACE_MATCHED 2
+#endif /* CONFIG_MATCH_IFACE */
};
/**
CVS commit: src/external/bsd/wpa/dist/wpa_supplicant
Module Name:src
Committed By: roy
Date: Tue Jul 21 12:19:52 UTC 2020
Modified Files:
src/external/bsd/wpa/dist/wpa_supplicant: op_classes.c
Log Message:
wpa_supplicant: Don't report an error when there are no op classes to add
Instead, log a diagnostic so that noise to the user is reduced.
To generate a diff of this commit:
cvs rdiff -u -r1.1.1.1 -r1.2 \
src/external/bsd/wpa/dist/wpa_supplicant/op_classes.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/external/bsd/wpa/dist/wpa_supplicant/op_classes.c
diff -u src/external/bsd/wpa/dist/wpa_supplicant/op_classes.c:1.1.1.1 src/external/bsd/wpa/dist/wpa_supplicant/op_classes.c:1.2
--- src/external/bsd/wpa/dist/wpa_supplicant/op_classes.c:1.1.1.1 Fri Jan 4 19:29:15 2019
+++ src/external/bsd/wpa/dist/wpa_supplicant/op_classes.c Tue Jul 21 12:19:52 2020
@@ -309,9 +309,13 @@ size_t wpas_supp_op_class_ie(struct wpa_
}
*ie_len = wpabuf_len(buf) - 2;
- if (*ie_len < 2 || wpabuf_len(buf) > len) {
+ if (*ie_len < 2) {
+ wpa_printf(MSG_DEBUG,
+ "No supported operating classes IE to add");
+ res = 0;
+ } else if (wpabuf_len(buf) > len) {
wpa_printf(MSG_ERROR,
- "Failed to add supported operating classes IE");
+ "Supported operating classes IE exceed length");
res = 0;
} else {
os_memcpy(pos, wpabuf_head(buf), wpabuf_len(buf));
CVS commit: src/external/bsd/wpa/dist/src/drivers
Module Name:src
Committed By: roy
Date: Tue Jul 21 10:34:16 UTC 2020
Modified Files:
src/external/bsd/wpa/dist/src/drivers: driver_bsd.c
Log Message:
wpa_supplicant: don't log SIOCG80211 errors during interface setup
Unless debugging.
wpa_supplicant will log it failed to initialized the driver for the
interface anyway so this just silences some noise for users.
To generate a diff of this commit:
cvs rdiff -u -r1.36 -r1.37 src/external/bsd/wpa/dist/src/drivers/driver_bsd.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/external/bsd/wpa/dist/src/drivers/driver_bsd.c
diff -u src/external/bsd/wpa/dist/src/drivers/driver_bsd.c:1.36 src/external/bsd/wpa/dist/src/drivers/driver_bsd.c:1.37
--- src/external/bsd/wpa/dist/src/drivers/driver_bsd.c:1.36 Wed Jan 29 12:05:08 2020
+++ src/external/bsd/wpa/dist/src/drivers/driver_bsd.c Tue Jul 21 10:34:16 2020
@@ -137,7 +137,9 @@ bsd_get80211(void *priv, struct ieee8021
ireq->i_data = arg;
if (ioctl(drv->global->sock, SIOCG80211, ireq) < 0) {
- wpa_printf(MSG_ERROR, "ioctl[SIOCG80211, op=%u, "
+ int level = drv->if_removed ? MSG_DEBUG : MSG_ERROR;
+
+ wpa_printf(level, "ioctl[SIOCG80211, op=%u, "
"arg_len=%u]: %s", op, arg_len, strerror(errno));
return -1;
}
@@ -1467,6 +1469,9 @@ wpa_driver_bsd_init(void *ctx, const cha
drv->global = priv;
os_strlcpy(drv->ifname, ifname, sizeof(drv->ifname));
+ /* Set the interface as removed until proven to work. */
+ drv->if_removed = 1;
+
if (!GETPARAM(drv, IEEE80211_IOC_ROAMING, drv->prev_roaming)) {
wpa_printf(MSG_DEBUG, "%s: failed to get roaming state: %s",
__func__, strerror(errno));
@@ -1490,6 +1495,9 @@ wpa_driver_bsd_init(void *ctx, const cha
if (bsd_get_iface_flags(drv) < 0)
goto fail;
+ /* Proven to work, lets go! */
+ drv->if_removed = 0;
+
drv->opmode = get80211opmode(drv);
dl_list_add(>global->ifaces, >list);
CVS commit: src/external/bsd/wpa/dist/src/drivers
Module Name:src
Committed By: roy
Date: Wed Jan 29 12:05:08 UTC 2020
Modified Files:
src/external/bsd/wpa/dist/src/drivers: driver_bsd.c
Log Message:
wpa: reduce diff with upstream
To generate a diff of this commit:
cvs rdiff -u -r1.35 -r1.36 src/external/bsd/wpa/dist/src/drivers/driver_bsd.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/external/bsd/wpa/dist/src/drivers/driver_bsd.c
diff -u src/external/bsd/wpa/dist/src/drivers/driver_bsd.c:1.35 src/external/bsd/wpa/dist/src/drivers/driver_bsd.c:1.36
--- src/external/bsd/wpa/dist/src/drivers/driver_bsd.c:1.35 Wed Jan 29 11:57:36 2020
+++ src/external/bsd/wpa/dist/src/drivers/driver_bsd.c Wed Jan 29 12:05:08 2020
@@ -9,11 +9,12 @@
#include "includes.h"
#include
-#include
#include "common.h"
#include "driver.h"
#include "eloop.h"
+#include "common/ieee802_11_defs.h"
+#include "common/wpa_common.h"
#include
#include
@@ -43,8 +44,6 @@
#include
#endif
-#include "common/ieee802_11_defs.h"
-#include "common/wpa_common.h"
#include "l2_packet/l2_packet.h"
struct bsd_driver_global {
@@ -138,7 +137,7 @@ bsd_get80211(void *priv, struct ieee8021
ireq->i_data = arg;
if (ioctl(drv->global->sock, SIOCG80211, ireq) < 0) {
- wpa_printf(MSG_ERROR, "ioctl[SIOCS80211, op=%u, "
+ wpa_printf(MSG_ERROR, "ioctl[SIOCG80211, op=%u, "
"arg_len=%u]: %s", op, arg_len, strerror(errno));
return -1;
}
@@ -1570,7 +1569,7 @@ bsd_global_init(void *ctx)
#ifdef RO_MSGFILTER
if (setsockopt(global->route, PF_ROUTE, RO_MSGFILTER,
, sizeof(msgfilter)) < 0)
- wpa_printf(MSG_ERROR, "setsockopt[PF_ROUTE,RO_MSGFILTER]: %s",
+ wpa_printf(MSG_ERROR, "socket[PF_ROUTE,RO_MSGFILTER]: %s",
strerror(errno));
#endif
CVS commit: src/external/bsd/wpa/dist/src/drivers
Module Name:src
Committed By: roy
Date: Wed Jan 29 11:57:36 UTC 2020
Modified Files:
src/external/bsd/wpa/dist/src/drivers: driver_bsd.c
Log Message:
wpa: Fix the maximum size of a route(4) msg to 2048
This mirrors other programs which parse route(4) messages and will
match upstream.
To generate a diff of this commit:
cvs rdiff -u -r1.34 -r1.35 src/external/bsd/wpa/dist/src/drivers/driver_bsd.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/external/bsd/wpa/dist/src/drivers/driver_bsd.c
diff -u src/external/bsd/wpa/dist/src/drivers/driver_bsd.c:1.34 src/external/bsd/wpa/dist/src/drivers/driver_bsd.c:1.35
--- src/external/bsd/wpa/dist/src/drivers/driver_bsd.c:1.34 Wed Jan 29 11:46:47 2020
+++ src/external/bsd/wpa/dist/src/drivers/driver_bsd.c Wed Jan 29 11:57:36 2020
@@ -51,7 +51,6 @@ struct bsd_driver_global {
void *ctx;
int sock; /* socket for 802.11 ioctls */
int route; /* routing socket for events */
- struct iovec event_iov[1];
struct dl_list ifaces; /* list of interfaces */
};
@@ -75,50 +74,6 @@ struct bsd_driver_data {
/* Generic functions for hostapd and wpa_supplicant */
-#define IOVEC_BUFSIZ 256
-ssize_t
-recvmsg_realloc(int fd, struct msghdr *msg, int flags)
-{
- struct iovec *iov;
- ssize_t slen;
- size_t len;
- void *n;
-
- /* Assume we are reallocing the last iovec. */
- iov = >msg_iov[msg->msg_iovlen - 1];
-
- for (;;) {
- /* Passing MSG_TRUNC should return the actual size needed. */
- slen = recvmsg(fd, msg, flags | MSG_PEEK | MSG_TRUNC);
- if (slen == -1)
- return -1;
- if (!(msg->msg_flags & MSG_TRUNC))
- break;
-
- len = (size_t)slen;
-
- /* Some kernels return the size of the receive buffer
- * on truncation, not the actual size needed.
- * So grow the buffer and try again. */
- if (iov->iov_len == len)
- len = roundup(len + 1, IOVEC_BUFSIZ);
- else if (iov->iov_len > len)
- break;
- if ((n = realloc(iov->iov_base, len)) == NULL)
- return -1;
- iov->iov_base = n;
- iov->iov_len = len;
- }
-
- slen = recvmsg(fd, msg, flags);
- if (slen != -1 && msg->msg_flags & MSG_TRUNC) {
- /* This should not be possible ... */
- errno = ENOBUFS;
- return -1;
- }
- return slen;
-}
-
static struct bsd_driver_data *
bsd_get_drvindex(void *priv, unsigned int ifindex)
{
@@ -662,6 +617,7 @@ bsd_set_opt_ie(void *priv, const u8 *ie,
static void
bsd_wireless_event_receive(int sock, void *ctx, void *sock_ctx)
{
+ char event_buf[2048]; /* max size of a single route(4) msg */
struct bsd_driver_global *global = sock_ctx;
struct bsd_driver_data *drv;
struct if_announcemsghdr *ifan;
@@ -672,9 +628,8 @@ bsd_wireless_event_receive(int sock, voi
struct ieee80211_leave_event *leave;
struct ieee80211_join_event *join;
int n;
- struct msghdr msg = { .msg_iov = global->event_iov, .msg_iovlen = 1};
- n = recvmsg_realloc(sock, , 0);
+ n = read(sock, event_buf, sizeof(event_buf));
if (n < 0) {
if (errno != EINTR && errno != EAGAIN)
wpa_printf(MSG_ERROR, "%s read() failed: %s",
@@ -682,7 +637,7 @@ bsd_wireless_event_receive(int sock, voi
return;
}
- rtm = (struct rt_msghdr *) global->event_iov[0].iov_base;
+ rtm = (struct rt_msghdr *) event_buf;
if (rtm->rtm_version != RTM_VERSION) {
wpa_printf(MSG_DEBUG, "Invalid routing message version=%d",
rtm->rtm_version);
@@ -1639,7 +1594,6 @@ bsd_global_deinit(void *priv)
eloop_unregister_read_sock(global->route);
(void) close(global->route);
(void) close(global->sock);
- free(global->event_iov[0].iov_base);
os_free(global);
}
CVS commit: src/external/bsd/wpa/dist/src/drivers
Module Name:src
Committed By: roy
Date: Wed Jan 29 11:45:54 UTC 2020
Modified Files:
src/external/bsd/wpa/dist/src/drivers: driver_bsd.c
Log Message:
wpa: Don't set or remove IFF_UP
Now that both hostapd and wpa_supplicant react to interface flag
changes, there is no need to set or remove IFF_UP.
It should be an administrative flag only.
To generate a diff of this commit:
cvs rdiff -u -r1.32 -r1.33 src/external/bsd/wpa/dist/src/drivers/driver_bsd.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/external/bsd/wpa/dist/src/drivers/driver_bsd.c
diff -u src/external/bsd/wpa/dist/src/drivers/driver_bsd.c:1.32 src/external/bsd/wpa/dist/src/drivers/driver_bsd.c:1.33
--- src/external/bsd/wpa/dist/src/drivers/driver_bsd.c:1.32 Wed Jan 29 11:44:43 2020
+++ src/external/bsd/wpa/dist/src/drivers/driver_bsd.c Wed Jan 29 11:45:54 2020
@@ -337,9 +337,8 @@ bsd_send_mlme_param(void *priv, const u8
}
static int
-bsd_ctrl_iface(void *priv, int enable)
+bsd_get_iface_flags(struct bsd_driver_data *drv)
{
- struct bsd_driver_data *drv = priv;
struct ifreq ifr;
os_memset(, 0, sizeof(ifr));
@@ -351,24 +350,6 @@ bsd_ctrl_iface(void *priv, int enable)
return -1;
}
drv->flags = ifr.ifr_flags;
-
- if (enable) {
- if (ifr.ifr_flags & IFF_UP)
- return 0;
- ifr.ifr_flags |= IFF_UP;
- } else {
- if (!(ifr.ifr_flags & IFF_UP))
- return 0;
- ifr.ifr_flags &= ~IFF_UP;
- }
-
- if (ioctl(drv->global->sock, SIOCSIFFLAGS, ) < 0) {
- wpa_printf(MSG_ERROR, "ioctl[SIOCSIFFLAGS]: %s",
- strerror(errno));
- return -1;
- }
-
- drv->flags = ifr.ifr_flags;
return 0;
}
@@ -582,7 +563,7 @@ bsd_set_ieee8021x(void *priv, struct wpa
__func__);
return -1;
}
- return bsd_ctrl_iface(priv, 1);
+ return 0;
}
static void
@@ -980,8 +961,7 @@ bsd_init(struct hostapd_data *hapd, stru
if (l2_packet_get_own_addr(drv->sock_xmit, params->own_addr))
goto bad;
- /* mark down during setup */
- if (bsd_ctrl_iface(drv, 0) < 0)
+ if (bsd_get_iface_flags(drv) < 0)
goto bad;
if (bsd_set_mediaopt(drv, IFM_OMASK, IFM_IEEE80211_HOSTAP) < 0) {
@@ -1006,8 +986,6 @@ bsd_deinit(void *priv)
{
struct bsd_driver_data *drv = priv;
- if (drv->ifindex != 0)
- bsd_ctrl_iface(drv, 0);
if (drv->sock_xmit != NULL)
l2_packet_deinit(drv->sock_xmit);
os_free(drv);
@@ -1015,13 +993,6 @@ bsd_deinit(void *priv)
static int
-bsd_commit(void *priv)
-{
- return bsd_ctrl_iface(priv, 1);
-}
-
-
-static int
bsd_set_sta_authorized(void *priv, const u8 *addr,
unsigned int total_flags, unsigned int flags_or,
unsigned int flags_and)
@@ -1274,8 +1245,11 @@ wpa_driver_bsd_scan(void *priv, struct w
}
/* NB: interface must be marked UP to do a scan */
- if (bsd_ctrl_iface(drv, 1) < 0)
+ if (!(drv->flags & IFF_UP)) {
+ wpa_printf(MSG_DEBUG, "%s: interface is not up, cannot scan",
+ __func__);
return -1;
+ }
#ifdef IEEE80211_IOC_SCAN_MAX_SSID
os_memset(, 0, sizeof(sr));
@@ -1565,7 +1539,7 @@ wpa_driver_bsd_init(void *ctx, const cha
goto fail;
/* Down interface during setup. */
- if (bsd_ctrl_iface(drv, 0) < 0)
+ if (bsd_get_iface_flags(drv) < 0)
goto fail;
drv->opmode = get80211opmode(drv);
@@ -1586,9 +1560,6 @@ wpa_driver_bsd_deinit(void *priv)
if (drv->ifindex != 0 && !drv->if_removed) {
wpa_driver_bsd_set_wpa(drv, 0);
- /* NB: mark interface down */
- bsd_ctrl_iface(drv, 0);
-
wpa_driver_bsd_set_wpa_internal(drv, drv->prev_wpa,
drv->prev_privacy);
@@ -1694,7 +1665,6 @@ const struct wpa_driver_ops wpa_driver_b
.sta_disassoc = bsd_sta_disassoc,
.sta_deauth = bsd_sta_deauth,
.sta_set_flags = bsd_set_sta_authorized,
- .commit = bsd_commit,
#else /* HOSTAPD */
.init2 = wpa_driver_bsd_init,
.deinit = wpa_driver_bsd_deinit,
CVS commit: src/external/bsd/wpa/dist/src/drivers
Module Name:src
Committed By: roy
Date: Wed Jan 29 11:46:47 UTC 2020
Modified Files:
src/external/bsd/wpa/dist/src/drivers: driver_bsd.c
Log Message:
wpa: Remove an outdated comment
With interface matching support, wpa_supplicant can wait for an
interface to appear.
To generate a diff of this commit:
cvs rdiff -u -r1.33 -r1.34 src/external/bsd/wpa/dist/src/drivers/driver_bsd.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/external/bsd/wpa/dist/src/drivers/driver_bsd.c
diff -u src/external/bsd/wpa/dist/src/drivers/driver_bsd.c:1.33 src/external/bsd/wpa/dist/src/drivers/driver_bsd.c:1.34
--- src/external/bsd/wpa/dist/src/drivers/driver_bsd.c:1.33 Wed Jan 29 11:45:54 2020
+++ src/external/bsd/wpa/dist/src/drivers/driver_bsd.c Wed Jan 29 11:46:47 2020
@@ -1502,12 +1502,6 @@ wpa_driver_bsd_init(void *ctx, const cha
if (drv == NULL)
return NULL;
- /*
- * NB: We require the interface name be mappable to an index.
- * This implies we do not support having wpa_supplicant
- * wait for an interface to appear. This seems ok; that
- * doesn't belong here; it's really the job of devd.
- */
drv->ifindex = if_nametoindex(ifname);
if (drv->ifindex == 0) {
wpa_printf(MSG_DEBUG, "%s: interface %s does not exist",
CVS commit: src/external/bsd/wpa/dist/src/drivers
Module Name:src
Committed By: roy
Date: Wed Jan 29 11:44:43 UTC 2020
Modified Files:
src/external/bsd/wpa/dist/src/drivers: driver_bsd.c
Log Message:
wpa: Share route(4) processing with hostapd and wpa_supplicant.
There is little point in having both and it brings interface
addition/removal and IFF_UP notifications to hostapd.
To generate a diff of this commit:
cvs rdiff -u -r1.31 -r1.32 src/external/bsd/wpa/dist/src/drivers/driver_bsd.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/external/bsd/wpa/dist/src/drivers/driver_bsd.c
diff -u src/external/bsd/wpa/dist/src/drivers/driver_bsd.c:1.31 src/external/bsd/wpa/dist/src/drivers/driver_bsd.c:1.32
--- src/external/bsd/wpa/dist/src/drivers/driver_bsd.c:1.31 Wed Jan 29 11:31:40 2020
+++ src/external/bsd/wpa/dist/src/drivers/driver_bsd.c Wed Jan 29 11:44:43 2020
@@ -132,7 +132,6 @@ bsd_get_drvindex(void *priv, unsigned in
return NULL;
}
-#ifndef HOSTAPD
static struct bsd_driver_data *
bsd_get_drvname(void *priv, const char *ifname)
{
@@ -145,7 +144,6 @@ bsd_get_drvname(void *priv, const char *
}
return NULL;
}
-#endif /* HOSTAPD */
static int
bsd_set80211(void *priv, int op, int val, const void *arg, int arg_len)
@@ -680,6 +678,154 @@ bsd_set_opt_ie(void *priv, const u8 *ie,
return 0;
}
+static void
+bsd_wireless_event_receive(int sock, void *ctx, void *sock_ctx)
+{
+ struct bsd_driver_global *global = sock_ctx;
+ struct bsd_driver_data *drv;
+ struct if_announcemsghdr *ifan;
+ struct if_msghdr *ifm;
+ struct rt_msghdr *rtm;
+ union wpa_event_data event;
+ struct ieee80211_michael_event *mic;
+ struct ieee80211_leave_event *leave;
+ struct ieee80211_join_event *join;
+ int n;
+ struct msghdr msg = { .msg_iov = global->event_iov, .msg_iovlen = 1};
+
+ n = recvmsg_realloc(sock, , 0);
+ if (n < 0) {
+ if (errno != EINTR && errno != EAGAIN)
+ wpa_printf(MSG_ERROR, "%s read() failed: %s",
+ __func__, strerror(errno));
+ return;
+ }
+
+ rtm = (struct rt_msghdr *) global->event_iov[0].iov_base;
+ if (rtm->rtm_version != RTM_VERSION) {
+ wpa_printf(MSG_DEBUG, "Invalid routing message version=%d",
+ rtm->rtm_version);
+ return;
+ }
+ os_memset(, 0, sizeof(event));
+ switch (rtm->rtm_type) {
+ case RTM_IEEE80211:
+ ifan = (struct if_announcemsghdr *) rtm;
+ drv = bsd_get_drvindex(global, ifan->ifan_index);
+ if (drv == NULL)
+ return;
+ switch (ifan->ifan_what) {
+ case RTM_IEEE80211_ASSOC:
+ case RTM_IEEE80211_REASSOC:
+ if (drv->is_ap)
+break;
+ wpa_supplicant_event(drv->ctx, EVENT_ASSOC, NULL);
+ break;
+ case RTM_IEEE80211_DISASSOC:
+ if (drv->is_ap)
+break;
+ wpa_supplicant_event(drv->ctx, EVENT_DISASSOC, NULL);
+ break;
+ case RTM_IEEE80211_SCAN:
+ if (drv->is_ap)
+break;
+ wpa_supplicant_event(drv->ctx, EVENT_SCAN_RESULTS,
+ NULL);
+ break;
+ case RTM_IEEE80211_LEAVE:
+ leave = (struct ieee80211_leave_event *) [1];
+ drv_event_disassoc(drv->ctx, leave->iev_addr);
+ break;
+ case RTM_IEEE80211_JOIN:
+#ifdef RTM_IEEE80211_REJOIN
+ case RTM_IEEE80211_REJOIN:
+#endif
+ join = (struct ieee80211_join_event *) [1];
+ bsd_new_sta(drv, drv->ctx, join->iev_addr);
+ break;
+ case RTM_IEEE80211_REPLAY:
+ /* ignore */
+ break;
+ case RTM_IEEE80211_MICHAEL:
+ mic = (struct ieee80211_michael_event *) [1];
+ wpa_printf(MSG_DEBUG,
+"Michael MIC failure wireless event: "
+"keyix=%u src_addr=" MACSTR, mic->iev_keyix,
+MAC2STR(mic->iev_src));
+ os_memset(, 0, sizeof(event));
+ event.michael_mic_failure.unicast =
+!IEEE80211_IS_MULTICAST(mic->iev_dst);
+ event.michael_mic_failure.src = mic->iev_src;
+ wpa_supplicant_event(drv->ctx,
+ EVENT_MICHAEL_MIC_FAILURE, );
+ break;
+ }
+ break;
+ case RTM_IFANNOUNCE:
+ ifan = (struct if_announcemsghdr *) rtm;
+ switch (ifan->ifan_what) {
+ case IFAN_DEPARTURE:
+ drv = bsd_get_drvindex(global, ifan->ifan_index);
+ if (drv)
+drv->if_removed = 1;
+ event.interface_status.ievent = EVENT_INTERFACE_REMOVED;
+ break;
+ case IFAN_ARRIVAL:
+ drv = bsd_get_drvname(global, ifan->ifan_name);
+ if (drv) {
+drv->ifindex = ifan->ifan_index;
+drv->if_removed = 0;
+ }
+ event.interface_status.ievent = EVENT_INTERFACE_ADDED;
+ break;
+ default:
+ wpa_printf(MSG_DEBUG, "RTM_IFANNOUNCE: unknown action");
+ return;
+ }
+ wpa_printf(MSG_DEBUG, "RTM_IFANNOUNCE: Interface '%s' %s",
+ ifan->ifan_name,
+ ifan->ifan_what == IFAN_DEPARTURE ?
+"removed" : "added");
+ os_strlcpy(event.interface_status.ifname, ifan->ifan_name,
+ sizeof(event.interface_status.ifname));
+ if (drv) {
+ wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_STATUS,
+ );
+ /*
+ * Set ifindex to zero after sending the event as the
+ * event might query the driver to ensure a match.
+ */
+ if (ifan->ifan_what == IFAN_DEPARTURE)
+drv->ifindex = 0;
CVS commit: src/external/bsd/wpa/dist/src/drivers
Module Name:src
Committed By: roy
Date: Wed Jan 29 11:31:40 UTC 2020
Modified Files:
src/external/bsd/wpa/dist/src/drivers: driver_bsd.c
Log Message:
wpa: Driver does not need to know about both wpa and hostap contexts
It will either be one or the other.
Fold hapd into ctx to match other drivers.
To generate a diff of this commit:
cvs rdiff -u -r1.30 -r1.31 src/external/bsd/wpa/dist/src/drivers/driver_bsd.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/external/bsd/wpa/dist/src/drivers/driver_bsd.c
diff -u src/external/bsd/wpa/dist/src/drivers/driver_bsd.c:1.30 src/external/bsd/wpa/dist/src/drivers/driver_bsd.c:1.31
--- src/external/bsd/wpa/dist/src/drivers/driver_bsd.c:1.30 Wed Apr 10 17:48:07 2019
+++ src/external/bsd/wpa/dist/src/drivers/driver_bsd.c Wed Jan 29 11:31:40 2020
@@ -58,14 +58,13 @@ struct bsd_driver_global {
struct bsd_driver_data {
struct dl_list list;
struct bsd_driver_global *global;
- struct hostapd_data *hapd; /* back pointer */
+ void *ctx;
struct l2_packet_data *sock_xmit;/* raw packet xmit socket */
char ifname[IFNAMSIZ+1]; /* interface name */
int flags;
unsigned int ifindex; /* interface index */
int if_removed; /* has the interface been removed? */
- void *ctx;
struct wpa_driver_capa capa; /* driver capability */
int is_ap; /* Access point mode */
int prev_roaming; /* roaming state to restore on deinit */
@@ -843,14 +842,14 @@ bsd_wireless_event_receive(int sock, voi
break;
case RTM_IEEE80211_LEAVE:
leave = (struct ieee80211_leave_event *) [1];
- drv_event_disassoc(drv->hapd, leave->iev_addr);
+ drv_event_disassoc(drv->ctx, leave->iev_addr);
break;
case RTM_IEEE80211_JOIN:
#ifdef RTM_IEEE80211_REJOIN
case RTM_IEEE80211_REJOIN:
#endif
join = (struct ieee80211_join_event *) [1];
- bsd_new_sta(drv, drv->hapd, join->iev_addr);
+ bsd_new_sta(drv, drv->ctx, join->iev_addr);
break;
case RTM_IEEE80211_REPLAY:
/* ignore */
@@ -864,7 +863,7 @@ bsd_wireless_event_receive(int sock, voi
os_memset(, 0, sizeof(data));
data.michael_mic_failure.unicast = 1;
data.michael_mic_failure.src = mic->iev_src;
- wpa_supplicant_event(drv->hapd,
+ wpa_supplicant_event(drv->ctx,
EVENT_MICHAEL_MIC_FAILURE, );
break;
}
@@ -876,7 +875,7 @@ static void
handle_read(void *ctx, const u8 *src_addr, const u8 *buf, size_t len)
{
struct bsd_driver_data *drv = ctx;
- drv_event_eapol_rx(drv->hapd, src_addr, buf, len);
+ drv_event_eapol_rx(drv->ctx, src_addr, buf, len);
}
static void *
@@ -897,7 +896,7 @@ bsd_init(struct hostapd_data *hapd, stru
goto bad;
}
- drv->hapd = hapd;
+ drv->ctx = hapd;
drv->global = params->global_priv;
os_strlcpy(drv->ifname, params->ifname, sizeof(drv->ifname));
CVS commit: src/external/bsd/wpa/dist/src/common
Module Name:src
Committed By: christos
Date: Wed Apr 10 18:01:08 UTC 2019
Modified Files:
src/external/bsd/wpa/dist/src/common: sae.c
Log Message:
Try to avoid showing externally visible timing or memory access
differences regardless of whether the derived pwd-value is smaller than
the group prime.
This is related to CVE-2019-9494.
To generate a diff of this commit:
cvs rdiff -u -r1.6 -r1.7 src/external/bsd/wpa/dist/src/common/sae.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/external/bsd/wpa/dist/src/common/sae.c
diff -u src/external/bsd/wpa/dist/src/common/sae.c:1.6 src/external/bsd/wpa/dist/src/common/sae.c:1.7
--- src/external/bsd/wpa/dist/src/common/sae.c:1.6 Wed Apr 10 14:00:45 2019
+++ src/external/bsd/wpa/dist/src/common/sae.c Wed Apr 10 14:01:08 2019
@@ -311,14 +311,17 @@ static int sae_test_pwd_seed_ecc(struct
}
+/* Returns -1 on fatal failure, 0 if PWE cannot be derived from the provided
+ * pwd-seed, or 1 if a valid PWE was derived from pwd-seed. */
static int sae_test_pwd_seed_ffc(struct sae_data *sae, const u8 *pwd_seed,
struct crypto_bignum *pwe)
{
u8 pwd_value[SAE_MAX_PRIME_LEN];
size_t bits = sae->tmp->prime_len * 8;
u8 exp[1];
- struct crypto_bignum *a, *b;
- int res;
+ struct crypto_bignum *a, *b = NULL;
+ int res, is_val;
+ u8 pwd_value_valid;
wpa_hexdump_key(MSG_DEBUG, "SAE: pwd-seed", pwd_seed, SHA256_MAC_LEN);
@@ -330,16 +333,29 @@ static int sae_test_pwd_seed_ffc(struct
wpa_hexdump_key(MSG_DEBUG, "SAE: pwd-value", pwd_value,
sae->tmp->prime_len);
- if (os_memcmp(pwd_value, sae->tmp->dh->prime, sae->tmp->prime_len) >= 0)
- {
- wpa_printf(MSG_DEBUG, "SAE: pwd-value >= p");
- return 0;
- }
+ /* Check whether pwd-value < p */
+ res = const_time_memcmp(pwd_value, sae->tmp->dh->prime,
+sae->tmp->prime_len);
+ /* pwd-value >= p is invalid, so res is < 0 for the valid cases and
+ * the negative sign can be used to fill the mask for constant time
+ * selection */
+ pwd_value_valid = const_time_fill_msb(res);
+
+ /* If pwd-value >= p, force pwd-value to be < p and perform the
+ * calculations anyway to hide timing difference. The derived PWE will
+ * be ignored in that case. */
+ pwd_value[0] = const_time_select_u8(pwd_value_valid, pwd_value[0], 0);
/* PWE = pwd-value^((p-1)/r) modulo p */
+ res = -1;
a = crypto_bignum_init_set(pwd_value, sae->tmp->prime_len);
+ if (!a)
+ goto fail;
+ /* This is an optimization based on the used group that does not depend
+ * on the password in any way, so it is fine to use separate branches
+ * for this step without constant time operations. */
if (sae->tmp->dh->safe_prime) {
/*
* r = (p-1)/2 for the group used here, so this becomes:
@@ -353,33 +369,34 @@ static int sae_test_pwd_seed_ffc(struct
b = crypto_bignum_init_set(exp, sizeof(exp));
if (b == NULL ||
crypto_bignum_sub(sae->tmp->prime, b, b) < 0 ||
- crypto_bignum_div(b, sae->tmp->order, b) < 0) {
- crypto_bignum_deinit(b, 0);
- b = NULL;
- }
+ crypto_bignum_div(b, sae->tmp->order, b) < 0)
+ goto fail;
}
- if (a == NULL || b == NULL)
- res = -1;
- else
- res = crypto_bignum_exptmod(a, b, sae->tmp->prime, pwe);
-
- crypto_bignum_deinit(a, 0);
- crypto_bignum_deinit(b, 0);
+ if (!b)
+ goto fail;
- if (res < 0) {
- wpa_printf(MSG_DEBUG, "SAE: Failed to calculate PWE");
- return -1;
- }
+ res = crypto_bignum_exptmod(a, b, sae->tmp->prime, pwe);
+ if (res < 0)
+ goto fail;
- /* if (PWE > 1) --> found */
- if (crypto_bignum_is_zero(pwe) || crypto_bignum_is_one(pwe)) {
- wpa_printf(MSG_DEBUG, "SAE: PWE <= 1");
- return 0;
- }
+ /* There were no fatal errors in calculations, so determine the return
+ * value using constant time operations. We get here for number of
+ * invalid cases which are cleared here after having performed all the
+ * computation. PWE is valid if pwd-value was less than prime and
+ * PWE > 1. Start with pwd-value check first and then use constant time
+ * operations to clear res to 0 if PWE is 0 or 1.
+ */
+ res = const_time_select_u8(pwd_value_valid, 1, 0);
+ is_val = crypto_bignum_is_zero(pwe);
+ res = const_time_select_u8(const_time_is_zero(is_val), res, 0);
+ is_val = crypto_bignum_is_one(pwe);
+ res = const_time_select_u8(const_time_is_zero(is_val), res, 0);
- wpa_printf(MSG_DEBUG, "SAE: PWE found");
- return 1;
+fail:
+ crypto_bignum_deinit(a, 1);
+ crypto_bignum_deinit(b, 1);
+ return res;
}
CVS commit: src/external/bsd/wpa/dist/src/common
Module Name:src
Committed By: christos
Date: Wed Apr 10 18:00:45 UTC 2019
Modified Files:
src/external/bsd/wpa/dist/src/common: sae.c
Log Message:
This is an initial step towards making the FFC case use strictly
constant time operations similarly to the ECC case.
sae_test_pwd_seed_ffc() does not yet have constant time behavior,
though.
To generate a diff of this commit:
cvs rdiff -u -r1.5 -r1.6 src/external/bsd/wpa/dist/src/common/sae.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/external/bsd/wpa/dist/src/common/sae.c
diff -u src/external/bsd/wpa/dist/src/common/sae.c:1.5 src/external/bsd/wpa/dist/src/common/sae.c:1.6
--- src/external/bsd/wpa/dist/src/common/sae.c:1.5 Wed Apr 10 14:00:21 2019
+++ src/external/bsd/wpa/dist/src/common/sae.c Wed Apr 10 14:00:45 2019
@@ -589,17 +589,28 @@ static int sae_derive_pwe_ffc(struct sae
const u8 *addr2, const u8 *password,
size_t password_len, const char *identifier)
{
- u8 counter, k;
+ u8 counter, k, sel_counter = 0;
u8 addrs[2 * ETH_ALEN];
const u8 *addr[3];
size_t len[3];
size_t num_elem;
- int found = 0;
- struct crypto_bignum *pwe = NULL;
+ u8 found = 0; /* 0 (false) or 0xff (true) to be used as const_time_*
+ * mask */
+ u8 mask;
+ struct crypto_bignum *pwe;
+ size_t prime_len = sae->tmp->prime_len * 8;
+ u8 *pwe_buf;
crypto_bignum_deinit(sae->tmp->pwe_ffc, 1);
sae->tmp->pwe_ffc = NULL;
+ /* Allocate a buffer to maintain selected and candidate PWE for constant
+ * time selection. */
+ pwe_buf = os_zalloc(prime_len * 2);
+ pwe = crypto_bignum_init();
+ if (!pwe_buf || !pwe)
+ goto fail;
+
wpa_hexdump_ascii_key(MSG_DEBUG, "SAE: password",
password, password_len);
@@ -638,27 +649,33 @@ static int sae_derive_pwe_ffc(struct sae
if (hmac_sha256_vector(addrs, sizeof(addrs), num_elem,
addr, len, pwd_seed) < 0)
break;
- if (!pwe) {
- pwe = crypto_bignum_init();
- if (!pwe)
-break;
- }
res = sae_test_pwd_seed_ffc(sae, pwd_seed, pwe);
+ /* res is -1 for fatal failure, 0 if a valid PWE was not found,
+ * or 1 if a valid PWE was found. */
if (res < 0)
break;
- if (res > 0) {
- found = 1;
- if (!sae->tmp->pwe_ffc) {
-wpa_printf(MSG_DEBUG, "SAE: Use this PWE");
-sae->tmp->pwe_ffc = pwe;
-pwe = NULL;
- }
- }
+ /* Store the candidate PWE into the second half of pwe_buf and
+ * the selected PWE in the beginning of pwe_buf using constant
+ * time selection. */
+ if (crypto_bignum_to_bin(pwe, pwe_buf + prime_len, prime_len,
+ prime_len) < 0)
+ break;
+ const_time_select_bin(found, pwe_buf, pwe_buf + prime_len,
+ prime_len, pwe_buf);
+ sel_counter = const_time_select_u8(found, sel_counter, counter);
+ mask = const_time_eq_u8(res, 1);
+ found = const_time_select_u8(found, found, mask);
}
- crypto_bignum_deinit(pwe, 1);
+ if (!found)
+ goto fail;
- return found ? 0 : -1;
+ wpa_printf(MSG_DEBUG, "SAE: Use PWE from counter = %02u", sel_counter);
+ sae->tmp->pwe_ffc = crypto_bignum_init_set(pwe_buf, prime_len);
+fail:
+ crypto_bignum_deinit(pwe, 1);
+ bin_clear_free(pwe_buf, prime_len * 2);
+ return sae->tmp->pwe_ffc ? 0 : -1;
}
CVS commit: src/external/bsd/wpa/dist/src/common
Module Name:src
Committed By: christos
Date: Wed Apr 10 18:00:21 UTC 2019
Modified Files:
src/external/bsd/wpa/dist/src/common: sae.c
Log Message:
These groups have significant probability of coming up with pwd-value
that is equal or greater than the prime and as such, need for going
through the PWE derivation loop multiple times. This can result in
sufficient timing different to allow an external observer to determine
how many rounds are needed and that can leak information about the used
password.
Force at least 40 loop rounds for these MODP groups similarly to the ECC
group design to mask timing. This behavior is not described in IEEE Std
802.11-2016 for SAE, but it does not result in different values (i.e.,
only different timing), so such implementation specific countermeasures
can be done without breaking interoperability with other implementation.
Note: These MODP groups 22, 23, and 24 are not considered sufficiently
strong to be used with SAE (or more or less anything else). As such,
they should never be enabled in runtime configuration for any production
use cases. These changes to introduce additional protection to mask
timing is only for completeness of implementation and not an indication
that these groups should be used.
This is related to CVE-2019-9494.
To generate a diff of this commit:
cvs rdiff -u -r1.4 -r1.5 src/external/bsd/wpa/dist/src/common/sae.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/external/bsd/wpa/dist/src/common/sae.c
diff -u src/external/bsd/wpa/dist/src/common/sae.c:1.4 src/external/bsd/wpa/dist/src/common/sae.c:1.5
--- src/external/bsd/wpa/dist/src/common/sae.c:1.4 Wed Apr 10 13:59:35 2019
+++ src/external/bsd/wpa/dist/src/common/sae.c Wed Apr 10 14:00:21 2019
@@ -578,22 +578,27 @@ fail:
}
+static int sae_modp_group_require_masking(int group)
+{
+ /* Groups for which pwd-value is likely to be >= p frequently */
+ return group == 22 || group == 23 || group == 24;
+}
+
+
static int sae_derive_pwe_ffc(struct sae_data *sae, const u8 *addr1,
const u8 *addr2, const u8 *password,
size_t password_len, const char *identifier)
{
- u8 counter;
+ u8 counter, k;
u8 addrs[2 * ETH_ALEN];
const u8 *addr[3];
size_t len[3];
size_t num_elem;
int found = 0;
+ struct crypto_bignum *pwe = NULL;
- if (sae->tmp->pwe_ffc == NULL) {
- sae->tmp->pwe_ffc = crypto_bignum_init();
- if (sae->tmp->pwe_ffc == NULL)
- return -1;
- }
+ crypto_bignum_deinit(sae->tmp->pwe_ffc, 1);
+ sae->tmp->pwe_ffc = NULL;
wpa_hexdump_ascii_key(MSG_DEBUG, "SAE: password",
password, password_len);
@@ -617,7 +622,9 @@ static int sae_derive_pwe_ffc(struct sae
len[num_elem] = sizeof(counter);
num_elem++;
- for (counter = 1; !found; counter++) {
+ k = sae_modp_group_require_masking(sae->group) ? 40 : 1;
+
+ for (counter = 1; counter <= k || !found; counter++) {
u8 pwd_seed[SHA256_MAC_LEN];
int res;
@@ -627,19 +634,30 @@ static int sae_derive_pwe_ffc(struct sae
break;
}
- wpa_printf(MSG_DEBUG, "SAE: counter = %u", counter);
+ wpa_printf(MSG_DEBUG, "SAE: counter = %02u", counter);
if (hmac_sha256_vector(addrs, sizeof(addrs), num_elem,
addr, len, pwd_seed) < 0)
break;
- res = sae_test_pwd_seed_ffc(sae, pwd_seed, sae->tmp->pwe_ffc);
+ if (!pwe) {
+ pwe = crypto_bignum_init();
+ if (!pwe)
+break;
+ }
+ res = sae_test_pwd_seed_ffc(sae, pwd_seed, pwe);
if (res < 0)
break;
if (res > 0) {
- wpa_printf(MSG_DEBUG, "SAE: Use this PWE");
found = 1;
+ if (!sae->tmp->pwe_ffc) {
+wpa_printf(MSG_DEBUG, "SAE: Use this PWE");
+sae->tmp->pwe_ffc = pwe;
+pwe = NULL;
+ }
}
}
+ crypto_bignum_deinit(pwe, 1);
+
return found ? 0 : -1;
}
CVS commit: src/external/bsd/wpa/dist/src/common
Module Name:src
Committed By: christos
Date: Wed Apr 10 17:59:35 UTC 2019
Modified Files:
src/external/bsd/wpa/dist/src/common: sae.c
Log Message:
Make the non-failure path in the function proceed without branches based
on r_odd and in constant time to minimize risk of observable differences
in timing or cache use. (CVE-2019-9494)
To generate a diff of this commit:
cvs rdiff -u -r1.3 -r1.4 src/external/bsd/wpa/dist/src/common/sae.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/external/bsd/wpa/dist/src/common/sae.c
diff -u src/external/bsd/wpa/dist/src/common/sae.c:1.3 src/external/bsd/wpa/dist/src/common/sae.c:1.4
--- src/external/bsd/wpa/dist/src/common/sae.c:1.3 Wed Apr 10 13:59:07 2019
+++ src/external/bsd/wpa/dist/src/common/sae.c Wed Apr 10 13:59:35 2019
@@ -209,12 +209,14 @@ get_rand_1_to_p_1(const u8 *prime, size_
static int is_quadratic_residue_blind(struct sae_data *sae,
const u8 *prime, size_t bits,
- const struct crypto_bignum *qr,
- const struct crypto_bignum *qnr,
+ const u8 *qr, const u8 *qnr,
const struct crypto_bignum *y_sqr)
{
- struct crypto_bignum *r, *num;
+ struct crypto_bignum *r, *num, *qr_or_qnr = NULL;
int r_odd, check, res = -1;
+ u8 qr_or_qnr_bin[SAE_MAX_ECC_PRIME_LEN];
+ size_t prime_len = sae->tmp->prime_len;
+ unsigned int mask;
/*
* Use the blinding technique to mask y_sqr while determining
@@ -225,7 +227,7 @@ static int is_quadratic_residue_blind(st
* r = a random number between 1 and p-1, inclusive
* num = (v * r * r) modulo p
*/
- r = get_rand_1_to_p_1(prime, sae->tmp->prime_len, bits, _odd);
+ r = get_rand_1_to_p_1(prime, prime_len, bits, _odd);
if (!r)
return -1;
@@ -235,41 +237,45 @@ static int is_quadratic_residue_blind(st
crypto_bignum_mulmod(num, r, sae->tmp->prime, num) < 0)
goto fail;
- if (r_odd) {
- /*
- * num = (num * qr) module p
- * LGR(num, p) = 1 ==> quadratic residue
- */
- if (crypto_bignum_mulmod(num, qr, sae->tmp->prime, num) < 0)
- goto fail;
- check = 1;
- } else {
- /*
- * num = (num * qnr) module p
- * LGR(num, p) = -1 ==> quadratic residue
- */
- if (crypto_bignum_mulmod(num, qnr, sae->tmp->prime, num) < 0)
- goto fail;
- check = -1;
- }
+ /*
+ * Need to minimize differences in handling different cases, so try to
+ * avoid branches and timing differences.
+ *
+ * If r_odd:
+ * num = (num * qr) module p
+ * LGR(num, p) = 1 ==> quadratic residue
+ * else:
+ * num = (num * qnr) module p
+ * LGR(num, p) = -1 ==> quadratic residue
+ */
+ mask = const_time_is_zero(r_odd);
+ const_time_select_bin(mask, qnr, qr, prime_len, qr_or_qnr_bin);
+ qr_or_qnr = crypto_bignum_init_set(qr_or_qnr_bin, prime_len);
+ if (!qr_or_qnr ||
+ crypto_bignum_mulmod(num, qr_or_qnr, sae->tmp->prime, num) < 0)
+ goto fail;
+ /* r_odd is 0 or 1; branchless version of check = r_odd ? 1 : -1, */
+ check = const_time_select_int(mask, -1, 1);
res = crypto_bignum_legendre(num, sae->tmp->prime);
if (res == -2) {
res = -1;
goto fail;
}
- res = res == check;
+ /* branchless version of res = res == check
+ * (res is -1, 0, or 1; check is -1 or 1) */
+ mask = const_time_eq(res, check);
+ res = const_time_select_int(mask, 1, 0);
fail:
crypto_bignum_deinit(num, 1);
crypto_bignum_deinit(r, 1);
+ crypto_bignum_deinit(qr_or_qnr, 1);
return res;
}
static int sae_test_pwd_seed_ecc(struct sae_data *sae, const u8 *pwd_seed,
- const u8 *prime,
- const struct crypto_bignum *qr,
- const struct crypto_bignum *qnr,
+ const u8 *prime, const u8 *qr, const u8 *qnr,
u8 *pwd_value)
{
struct crypto_bignum *y_sqr, *x_cand;
@@ -429,6 +435,8 @@ static int sae_derive_pwe_ecc(struct sae
struct crypto_bignum *x = NULL, *qr = NULL, *qnr = NULL;
u8 x_bin[SAE_MAX_ECC_PRIME_LEN];
u8 x_cand_bin[SAE_MAX_ECC_PRIME_LEN];
+ u8 qr_bin[SAE_MAX_ECC_PRIME_LEN];
+ u8 qnr_bin[SAE_MAX_ECC_PRIME_LEN];
size_t bits;
int res = -1;
u8 found = 0; /* 0 (false) or 0xff (true) to be used as const_time_*
@@ -453,7 +461,9 @@ static int sae_derive_pwe_ecc(struct sae
* (qnr) modulo p for blinding purposes during the loop.
*/
if (get_random_qr_qnr(prime, prime_len, sae->tmp->prime, bits,
- , ) < 0)
+ , ) < 0 ||
+ crypto_bignum_to_bin(qr, qr_bin, sizeof(qr_bin), prime_len) < 0 ||
+ crypto_bignum_to_bin(qnr, qnr_bin, sizeof(qnr_bin), prime_len) < 0)
goto fail;
wpa_hexdump_ascii_key(MSG_DEBUG, "SAE: password",
@@ -504,7 +514,7 @@ static int sae_derive_pwe_ecc(struct sae
break;
res = sae_test_pwd_seed_ecc(sae, pwd_seed,
- prime, qr, qnr, x_cand_bin);
+ prime, qr_bin, qnr_bin, x_cand_bin);
const_time_select_bin(found, x_bin, x_cand_bin, prime_len,
x_bin);
pwd_seed_odd = const_time_select_u8(
CVS commit: src/external/bsd/wpa/dist/src/common
Module Name:src
Committed By: christos
Date: Wed Apr 10 17:59:07 UTC 2019
Modified Files:
src/external/bsd/wpa/dist/src/common: sae.c
Log Message:
The QR test result can provide information about the password to an
attacker, so try to minimize differences in how the
sae_test_pwd_seed_ecc() result is used. (CVE-2019-9494)
Use heap memory for the dummy password to allow the same password length
to be used even with long passwords.
Use constant time selection functions to track the real vs. dummy
variables so that the exact same operations can be performed for both QR
test results.
To generate a diff of this commit:
cvs rdiff -u -r1.2 -r1.3 src/external/bsd/wpa/dist/src/common/sae.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/external/bsd/wpa/dist/src/common/sae.c
diff -u src/external/bsd/wpa/dist/src/common/sae.c:1.2 src/external/bsd/wpa/dist/src/common/sae.c:1.3
--- src/external/bsd/wpa/dist/src/common/sae.c:1.2 Wed Apr 10 13:52:46 2019
+++ src/external/bsd/wpa/dist/src/common/sae.c Wed Apr 10 13:59:07 2019
@@ -9,6 +9,7 @@
#include "includes.h"
#include "common.h"
+#include "utils/const_time.h"
#include "crypto/crypto.h"
#include "crypto/sha256.h"
#include "crypto/random.h"
@@ -269,15 +270,12 @@ static int sae_test_pwd_seed_ecc(struct
const u8 *prime,
const struct crypto_bignum *qr,
const struct crypto_bignum *qnr,
- struct crypto_bignum **ret_x_cand)
+ u8 *pwd_value)
{
- u8 pwd_value[SAE_MAX_ECC_PRIME_LEN];
struct crypto_bignum *y_sqr, *x_cand;
int res;
size_t bits;
- *ret_x_cand = NULL;
-
wpa_hexdump_key(MSG_DEBUG, "SAE: pwd-seed", pwd_seed, SHA256_MAC_LEN);
/* pwd-value = KDF-z(pwd-seed, "SAE Hunting and Pecking", p) */
@@ -286,7 +284,7 @@ static int sae_test_pwd_seed_ecc(struct
prime, sae->tmp->prime_len, pwd_value, bits) < 0)
return -1;
if (bits % 8)
- buf_shift_right(pwd_value, sizeof(pwd_value), 8 - bits % 8);
+ buf_shift_right(pwd_value, sae->tmp->prime_len, 8 - bits % 8);
wpa_hexdump_key(MSG_DEBUG, "SAE: pwd-value",
pwd_value, sae->tmp->prime_len);
@@ -297,20 +295,13 @@ static int sae_test_pwd_seed_ecc(struct
if (!x_cand)
return -1;
y_sqr = crypto_ec_point_compute_y_sqr(sae->tmp->ec, x_cand);
- if (!y_sqr) {
- crypto_bignum_deinit(x_cand, 1);
+ crypto_bignum_deinit(x_cand, 1);
+ if (!y_sqr)
return -1;
- }
res = is_quadratic_residue_blind(sae, prime, bits, qr, qnr, y_sqr);
crypto_bignum_deinit(y_sqr, 1);
- if (res <= 0) {
- crypto_bignum_deinit(x_cand, 1);
- return res;
- }
-
- *ret_x_cand = x_cand;
- return 1;
+ return res;
}
@@ -431,25 +422,30 @@ static int sae_derive_pwe_ecc(struct sae
const u8 *addr[3];
size_t len[3];
size_t num_elem;
- u8 dummy_password[32];
- size_t dummy_password_len;
+ u8 *dummy_password, *tmp_password;
int pwd_seed_odd = 0;
u8 prime[SAE_MAX_ECC_PRIME_LEN];
size_t prime_len;
- struct crypto_bignum *x = NULL, *qr, *qnr;
+ struct crypto_bignum *x = NULL, *qr = NULL, *qnr = NULL;
+ u8 x_bin[SAE_MAX_ECC_PRIME_LEN];
+ u8 x_cand_bin[SAE_MAX_ECC_PRIME_LEN];
size_t bits;
- int res;
-
- dummy_password_len = password_len;
- if (dummy_password_len > sizeof(dummy_password))
- dummy_password_len = sizeof(dummy_password);
- if (random_get_bytes(dummy_password, dummy_password_len) < 0)
- return -1;
+ int res = -1;
+ u8 found = 0; /* 0 (false) or 0xff (true) to be used as const_time_*
+ * mask */
+
+ os_memset(x_bin, 0, sizeof(x_bin));
+
+ dummy_password = os_malloc(password_len);
+ tmp_password = os_malloc(password_len);
+ if (!dummy_password || !tmp_password ||
+ random_get_bytes(dummy_password, password_len) < 0)
+ goto fail;
prime_len = sae->tmp->prime_len;
if (crypto_bignum_to_bin(sae->tmp->prime, prime, sizeof(prime),
prime_len) < 0)
- return -1;
+ goto fail;
bits = crypto_ec_prime_len_bits(sae->tmp->ec);
/*
@@ -458,7 +454,7 @@ static int sae_derive_pwe_ecc(struct sae
*/
if (get_random_qr_qnr(prime, prime_len, sae->tmp->prime, bits,
, ) < 0)
- return -1;
+ goto fail;
wpa_hexdump_ascii_key(MSG_DEBUG, "SAE: password",
password, password_len);
@@ -474,7 +470,7 @@ static int sae_derive_pwe_ecc(struct sae
*/
sae_pwd_seed_key(addr1, addr2, addrs);
- addr[0] = password;
+ addr[0] = tmp_password;
len[0] = password_len;
num_elem = 1;
if (identifier) {
@@ -491,9 +487,8 @@ static int sae_derive_pwe_ecc(struct sae
* attacks that attempt to determine the number of iterations required
* in the loop.
*/
- for (counter = 1; counter <= k || !x; counter++) {
+ for (counter = 1; counter <= k || !found; counter++) {
u8 pwd_seed[SHA256_MAC_LEN];
- struct crypto_bignum *x_cand;
if (counter > 200) {
/* This should not happen in practice */
@@ -501,40 +496,49 @@ static int sae_derive_pwe_ecc(struct sae
break;
}
- wpa_printf(MSG_DEBUG, "SAE: counter = %u",
CVS commit: src/external/bsd/wpa/dist/src/eap_common
Module Name:src
Committed By: christos
Date: Wed Apr 10 17:57:15 UTC 2019
Modified Files:
src/external/bsd/wpa/dist/src/eap_common: eap_pwd_common.c
Log Message:
This algorithm could leak information to external observers in form of
timing differences or memory access patterns (cache use). While the
previous implementation had protection against the most visible timing
differences (looping 40 rounds and masking the legendre operation), it
did not protect against memory access patterns between the two possible
code paths in the masking operations. That might be sufficient to allow
an unprivileged process running on the same device to be able to
determine which path is being executed through a cache attack and based
on that, determine information about the used password.
Convert the PWE finding loop to use constant time functions and
identical memory access path without different branches for the QR/QNR
cases to minimize possible side-channel information similarly to the
changes done for SAE authentication. (CVE-2019-9495)
To generate a diff of this commit:
cvs rdiff -u -r1.2 -r1.3 \
src/external/bsd/wpa/dist/src/eap_common/eap_pwd_common.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/external/bsd/wpa/dist/src/eap_common/eap_pwd_common.c
diff -u src/external/bsd/wpa/dist/src/eap_common/eap_pwd_common.c:1.2 src/external/bsd/wpa/dist/src/eap_common/eap_pwd_common.c:1.3
--- src/external/bsd/wpa/dist/src/eap_common/eap_pwd_common.c:1.2 Wed Apr 10 13:50:27 2019
+++ src/external/bsd/wpa/dist/src/eap_common/eap_pwd_common.c Wed Apr 10 13:57:15 2019
@@ -8,11 +8,15 @@
#include "includes.h"
#include "common.h"
+#include "utils/const_time.h"
#include "crypto/sha256.h"
#include "crypto/crypto.h"
#include "eap_defs.h"
#include "eap_pwd_common.h"
+#define MAX_ECC_PRIME_LEN 66
+
+
/* The random function H(x) = HMAC-SHA256(0^32, x) */
struct crypto_hash * eap_pwd_h_init(void)
{
@@ -102,6 +106,15 @@ EAP_PWD_group * get_eap_pwd_group(u16 nu
}
+static void buf_shift_right(u8 *buf, size_t len, size_t bits)
+{
+ size_t i;
+ for (i = len - 1; i > 0; i--)
+ buf[i] = (buf[i - 1] << (8 - bits)) | (buf[i] >> bits);
+ buf[0] >>= bits;
+}
+
+
/*
* compute a "random" secret point on an elliptic curve based
* on the password and identities.
@@ -113,17 +126,27 @@ int compute_password_element(EAP_PWD_gro
const u8 *token)
{
struct crypto_bignum *qr = NULL, *qnr = NULL, *one = NULL;
+ struct crypto_bignum *qr_or_qnr = NULL;
+ u8 qr_bin[MAX_ECC_PRIME_LEN];
+ u8 qnr_bin[MAX_ECC_PRIME_LEN];
+ u8 qr_or_qnr_bin[MAX_ECC_PRIME_LEN];
+ u8 x_bin[MAX_ECC_PRIME_LEN];
struct crypto_bignum *tmp1 = NULL, *tmp2 = NULL, *pm1 = NULL;
struct crypto_hash *hash;
unsigned char pwe_digest[SHA256_MAC_LEN], *prfbuf = NULL, ctr;
- int is_odd, ret = 0, check, found = 0;
- size_t primebytelen, primebitlen;
- struct crypto_bignum *x_candidate = NULL, *rnd = NULL, *cofactor = NULL;
+ int ret = 0, check, res;
+ u8 found = 0; /* 0 (false) or 0xff (true) to be used as const_time_*
+ * mask */
+ size_t primebytelen = 0, primebitlen;
+ struct crypto_bignum *x_candidate = NULL, *cofactor = NULL;
const struct crypto_bignum *prime;
+ u8 mask, found_ctr = 0, is_odd = 0;
if (grp->pwe)
return -1;
+ os_memset(x_bin, 0, sizeof(x_bin));
+
prime = crypto_ec_get_prime(grp->group);
cofactor = crypto_bignum_init();
grp->pwe = crypto_ec_point_init(grp->group);
@@ -152,8 +175,6 @@ int compute_password_element(EAP_PWD_gro
/* get a random quadratic residue and nonresidue */
while (!qr || !qnr) {
- int res;
-
if (crypto_bignum_rand(tmp1, prime) < 0)
goto fail;
res = crypto_bignum_legendre(tmp1, prime);
@@ -167,6 +188,11 @@ int compute_password_element(EAP_PWD_gro
if (!tmp1)
goto fail;
}
+ if (crypto_bignum_to_bin(qr, qr_bin, sizeof(qr_bin),
+ primebytelen) < 0 ||
+ crypto_bignum_to_bin(qnr, qnr_bin, sizeof(qnr_bin),
+ primebytelen) < 0)
+ goto fail;
os_memset(prfbuf, 0, primebytelen);
ctr = 0;
@@ -194,17 +220,16 @@ int compute_password_element(EAP_PWD_gro
eap_pwd_h_update(hash, , sizeof(ctr));
eap_pwd_h_final(hash, pwe_digest);
- crypto_bignum_deinit(rnd, 1);
- rnd = crypto_bignum_init_set(pwe_digest, SHA256_MAC_LEN);
- if (!rnd) {
- wpa_printf(MSG_INFO, "EAP-pwd: unable to create rnd");
- goto fail;
- }
+ is_odd = const_time_select_u8(
+ found, is_odd, pwe_digest[SHA256_MAC_LEN - 1] & 0x01);
if (eap_pwd_kdf(pwe_digest, SHA256_MAC_LEN,
(u8 *) "EAP-pwd Hunting And Pecking",
os_strlen("EAP-pwd Hunting And Pecking"),
prfbuf, primebitlen) < 0)
goto fail;
+ if (primebitlen % 8)
+ buf_shift_right(prfbuf, primebytelen,
+ 8 - primebitlen % 8);
crypto_bignum_deinit(x_candidate, 1);
x_candidate = crypto_bignum_init_set(prfbuf, primebytelen);
@@ -214,24 +239,13 @@ int compute_password_element(EAP_PWD_gro
CVS commit: src/external/bsd/wpa/dist/src/crypto
Module Name:src
Committed By: christos
Date: Wed Apr 10 17:56:43 UTC 2019
Modified Files:
src/external/bsd/wpa/dist/src/crypto: crypto_openssl.c
Log Message:
Get rid of the branches that depend on the result of the Legendre
operation. This is needed to avoid leaking information about different
temporary results in blinding mechanisms.
This is related to CVE-2019-9494 and CVE-2019-9495.
To generate a diff of this commit:
cvs rdiff -u -r1.2 -r1.3 \
src/external/bsd/wpa/dist/src/crypto/crypto_openssl.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/external/bsd/wpa/dist/src/crypto/crypto_openssl.c
diff -u src/external/bsd/wpa/dist/src/crypto/crypto_openssl.c:1.2 src/external/bsd/wpa/dist/src/crypto/crypto_openssl.c:1.3
--- src/external/bsd/wpa/dist/src/crypto/crypto_openssl.c:1.2 Wed Apr 10 13:55:31 2019
+++ src/external/bsd/wpa/dist/src/crypto/crypto_openssl.c Wed Apr 10 13:56:43 2019
@@ -24,6 +24,7 @@
#endif /* CONFIG_ECC */
#include "common.h"
+#include "utils/const_time.h"
#include "wpabuf.h"
#include "dh_group5.h"
#include "sha1.h"
@@ -1435,6 +1436,7 @@ int crypto_bignum_legendre(const struct
BN_CTX *bnctx;
BIGNUM *exp = NULL, *tmp = NULL;
int res = -2;
+ unsigned int mask;
if (TEST_FAIL())
return -2;
@@ -1453,12 +1455,13 @@ int crypto_bignum_legendre(const struct
(const BIGNUM *) p, bnctx, NULL))
goto fail;
- if (BN_is_word(tmp, 1))
- res = 1;
- else if (BN_is_zero(tmp))
- res = 0;
- else
- res = -1;
+ /* Return 1 if tmp == 1, 0 if tmp == 0, or -1 otherwise. Need to use
+ * constant time selection to avoid branches here. */
+ res = -1;
+ mask = const_time_eq(BN_is_word(tmp, 1), 1);
+ res = const_time_select_int(mask, 1, res);
+ mask = const_time_eq(BN_is_zero(tmp), 1);
+ res = const_time_select_int(mask, 0, res);
fail:
BN_clear_free(tmp);
CVS commit: src/external/bsd/wpa/dist/src/utils
Module Name:src
Committed By: christos
Date: Wed Apr 10 17:56:13 UTC 2019
Added Files:
src/external/bsd/wpa/dist/src/utils: const_time.h
Log Message:
These functions can be used to help implement constant time operations
for various cryptographic operations that must minimize externally
observable differences in processing (both in timing and also in
internal cache use, etc.).
This is related to CVE-2019-9494 and CVE-2019-9495.
To generate a diff of this commit:
cvs rdiff -u -r0 -r1.1 src/external/bsd/wpa/dist/src/utils/const_time.h
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Added files:
Index: src/external/bsd/wpa/dist/src/utils/const_time.h
diff -u /dev/null src/external/bsd/wpa/dist/src/utils/const_time.h:1.1
--- /dev/null Wed Apr 10 13:56:13 2019
+++ src/external/bsd/wpa/dist/src/utils/const_time.h Wed Apr 10 13:56:13 2019
@@ -0,0 +1,191 @@
+/*
+ * Helper functions for constant time operations
+ * Copyright (c) 2019, The Linux Foundation
+ *
+ * This software may be distributed under the terms of the BSD license.
+ * See README for more details.
+ *
+ * These helper functions can be used to implement logic that needs to minimize
+ * externally visible differences in execution path by avoiding use of branches,
+ * avoiding early termination or other time differences, and forcing same memory
+ * access pattern regardless of values.
+ */
+
+#ifndef CONST_TIME_H
+#define CONST_TIME_H
+
+
+#if defined(__clang__)
+#define NO_UBSAN_UINT_OVERFLOW \
+ __attribute__((no_sanitize("unsigned-integer-overflow")))
+#else
+#define NO_UBSAN_UINT_OVERFLOW
+#endif
+
+
+/**
+ * const_time_fill_msb - Fill all bits with MSB value
+ * @val: Input value
+ * Returns: Value with all the bits set to the MSB of the input val
+ */
+static inline unsigned int const_time_fill_msb(unsigned int val)
+{
+ /* Move the MSB to LSB and multiple by -1 to fill in all bits. */
+ return (val >> (sizeof(val) * 8 - 1)) * ~0U;
+}
+
+
+/* Returns: -1 if val is zero; 0 if val is not zero */
+static inline unsigned int const_time_is_zero(unsigned int val)
+ NO_UBSAN_UINT_OVERFLOW
+{
+ /* Set MSB to 1 for 0 and fill rest of bits with the MSB value */
+ return const_time_fill_msb(~val & (val - 1));
+}
+
+
+/* Returns: -1 if a == b; 0 if a != b */
+static inline unsigned int const_time_eq(unsigned int a, unsigned int b)
+{
+ return const_time_is_zero(a ^ b);
+}
+
+
+/* Returns: -1 if a == b; 0 if a != b */
+static inline u8 const_time_eq_u8(unsigned int a, unsigned int b)
+{
+ return (u8) const_time_eq(a, b);
+}
+
+
+/**
+ * const_time_eq_bin - Constant time memory comparison
+ * @a: First buffer to compare
+ * @b: Second buffer to compare
+ * @len: Number of octets to compare
+ * Returns: -1 if buffers are equal, 0 if not
+ *
+ * This function is meant for comparing passwords or hash values where
+ * difference in execution time or memory access pattern could provide external
+ * observer information about the location of the difference in the memory
+ * buffers. The return value does not behave like memcmp(), i.e.,
+ * const_time_eq_bin() cannot be used to sort items into a defined order. Unlike
+ * memcmp(), the execution time of const_time_eq_bin() does not depend on the
+ * contents of the compared memory buffers, but only on the total compared
+ * length.
+ */
+static inline unsigned int const_time_eq_bin(const void *a, const void *b,
+ size_t len)
+{
+ const u8 *aa = a;
+ const u8 *bb = b;
+ size_t i;
+ u8 res = 0;
+
+ for (i = 0; i < len; i++)
+ res |= aa[i] ^ bb[i];
+
+ return const_time_is_zero(res);
+}
+
+
+/**
+ * const_time_select - Constant time unsigned int selection
+ * @mask: 0 (false) or -1 (true) to identify which value to select
+ * @true_val: Value to select for the true case
+ * @false_val: Value to select for the false case
+ * Returns: true_val if mask == -1, false_val if mask == 0
+ */
+static inline unsigned int const_time_select(unsigned int mask,
+ unsigned int true_val,
+ unsigned int false_val)
+{
+ return (mask & true_val) | (~mask & false_val);
+}
+
+
+/**
+ * const_time_select_int - Constant time int selection
+ * @mask: 0 (false) or -1 (true) to identify which value to select
+ * @true_val: Value to select for the true case
+ * @false_val: Value to select for the false case
+ * Returns: true_val if mask == -1, false_val if mask == 0
+ */
+static inline int const_time_select_int(unsigned int mask, int true_val,
+ int false_val)
+{
+ return (int) const_time_select(mask, (unsigned int) true_val,
+ (unsigned int) false_val);
+}
+
+
+/**
+ * const_time_select_u8 - Constant time u8 selection
+ * @mask: 0 (false) or -1 (true) to identify which value to select
+ * @true_val: Value to select for the true case
+ * @false_val: Value to select for the false case
+ * Returns: true_val if mask == -1, false_val if mask == 0
+ */
+static inline u8 const_time_select_u8(u8 mask, u8 true_val, u8
CVS commit: src/external/bsd/wpa/dist/src/crypto
Module Name:src Committed By: christos Date: Wed Apr 10 17:55:31 UTC 2019 Modified Files: src/external/bsd/wpa/dist/src/crypto: crypto_openssl.c Log Message: This helps in reducing measurable timing differences in operations involving private information. BoringSSL has removed BN_FLG_CONSTTIME and expects specific constant time functions to be called instead, so a bit different approach is needed depending on which library is used. The main operation that needs protection against side channel attacks is BN_mod_exp() that depends on private keys (the public key validation step in crypto_dh_derive_secret() is an exception that can use the faster version since it does not depend on private keys). crypto_bignum_div() is currently used only in SAE FFC case with not safe-prime groups and only with values that do not depend on private keys, so it is not critical to protect it. crypto_bignum_inverse() is currently used only in SAE FFC PWE derivation. The additional protection here is targeting only OpenSSL. BoringSSL may need conversion to using BN_mod_inverse_blinded(). This is related to CVE-2019-9494 and CVE-2019-9495. To generate a diff of this commit: cvs rdiff -u -r1.1.1.7 -r1.2 \ src/external/bsd/wpa/dist/src/crypto/crypto_openssl.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/external/bsd/wpa/dist/src/crypto/crypto_openssl.c diff -u src/external/bsd/wpa/dist/src/crypto/crypto_openssl.c:1.1.1.7 src/external/bsd/wpa/dist/src/crypto/crypto_openssl.c:1.2 --- src/external/bsd/wpa/dist/src/crypto/crypto_openssl.c:1.1.1.7 Fri Jan 4 14:29:19 2019 +++ src/external/bsd/wpa/dist/src/crypto/crypto_openssl.c Wed Apr 10 13:55:31 2019 @@ -549,7 +549,8 @@ int crypto_mod_exp(const u8 *base, size_ bn_result == NULL) goto error; - if (BN_mod_exp(bn_result, bn_base, bn_exp, bn_modulus, ctx) != 1) + if (BN_mod_exp_mont_consttime(bn_result, bn_base, bn_exp, bn_modulus, + ctx, NULL) != 1) goto error; *result_len = BN_bn2bin(bn_result, result); @@ -1295,8 +1296,9 @@ int crypto_bignum_exptmod(const struct c bnctx = BN_CTX_new(); if (bnctx == NULL) return -1; - res = BN_mod_exp((BIGNUM *) d, (const BIGNUM *) a, (const BIGNUM *) b, - (const BIGNUM *) c, bnctx); + res = BN_mod_exp_mont_consttime((BIGNUM *) d, (const BIGNUM *) a, + (const BIGNUM *) b, (const BIGNUM *) c, + bnctx, NULL); BN_CTX_free(bnctx); return res ? 0 : -1; @@ -1315,6 +1317,11 @@ int crypto_bignum_inverse(const struct c bnctx = BN_CTX_new(); if (bnctx == NULL) return -1; +#ifdef OPENSSL_IS_BORINGSSL + /* TODO: use BN_mod_inverse_blinded() ? */ +#else /* OPENSSL_IS_BORINGSSL */ + BN_set_flags((BIGNUM *) a, BN_FLG_CONSTTIME); +#endif /* OPENSSL_IS_BORINGSSL */ res = BN_mod_inverse((BIGNUM *) c, (const BIGNUM *) a, (const BIGNUM *) b, bnctx); BN_CTX_free(bnctx); @@ -1348,6 +1355,9 @@ int crypto_bignum_div(const struct crypt bnctx = BN_CTX_new(); if (bnctx == NULL) return -1; +#ifndef OPENSSL_IS_BORINGSSL + BN_set_flags((BIGNUM *) a, BN_FLG_CONSTTIME); +#endif /* OPENSSL_IS_BORINGSSL */ res = BN_div((BIGNUM *) c, NULL, (const BIGNUM *) a, (const BIGNUM *) b, bnctx); BN_CTX_free(bnctx); @@ -1439,8 +1449,8 @@ int crypto_bignum_legendre(const struct /* exp = (p-1) / 2 */ !BN_sub(exp, (const BIGNUM *) p, BN_value_one()) || !BN_rshift1(exp, exp) || - !BN_mod_exp(tmp, (const BIGNUM *) a, exp, (const BIGNUM *) p, - bnctx)) + !BN_mod_exp_mont_consttime(tmp, (const BIGNUM *) a, exp, + (const BIGNUM *) p, bnctx, NULL)) goto fail; if (BN_is_word(tmp, 1))
CVS commit: src/external/bsd/wpa/dist/src/common
Module Name:src
Committed By: christos
Date: Wed Apr 10 17:52:46 UTC 2019
Modified Files:
src/external/bsd/wpa/dist/src/common: sae.c
Log Message:
Explicitly verify that own and peer commit scalar/element are available
when trying to check SAE confirm message. It could have been possible to
hit a NULL pointer dereference if the peer element could not have been
parsed. (CVE-2019-9496)
To generate a diff of this commit:
cvs rdiff -u -r1.1.1.4 -r1.2 src/external/bsd/wpa/dist/src/common/sae.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/external/bsd/wpa/dist/src/common/sae.c
diff -u src/external/bsd/wpa/dist/src/common/sae.c:1.1.1.4 src/external/bsd/wpa/dist/src/common/sae.c:1.2
--- src/external/bsd/wpa/dist/src/common/sae.c:1.1.1.4 Fri Jan 4 14:29:17 2019
+++ src/external/bsd/wpa/dist/src/common/sae.c Wed Apr 10 13:52:46 2019
@@ -1394,23 +1394,31 @@ int sae_check_confirm(struct sae_data *s
wpa_printf(MSG_DEBUG, "SAE: peer-send-confirm %u", WPA_GET_LE16(data));
- if (sae->tmp == NULL) {
+ if (!sae->tmp || !sae->peer_commit_scalar ||
+ !sae->tmp->own_commit_scalar) {
wpa_printf(MSG_DEBUG, "SAE: Temporary data not yet available");
return -1;
}
- if (sae->tmp->ec)
+ if (sae->tmp->ec) {
+ if (!sae->tmp->peer_commit_element_ecc ||
+ !sae->tmp->own_commit_element_ecc)
+ return -1;
sae_cn_confirm_ecc(sae, data, sae->peer_commit_scalar,
sae->tmp->peer_commit_element_ecc,
sae->tmp->own_commit_scalar,
sae->tmp->own_commit_element_ecc,
verifier);
- else
+ } else {
+ if (!sae->tmp->peer_commit_element_ffc ||
+ !sae->tmp->own_commit_element_ffc)
+ return -1;
sae_cn_confirm_ffc(sae, data, sae->peer_commit_scalar,
sae->tmp->peer_commit_element_ffc,
sae->tmp->own_commit_scalar,
sae->tmp->own_commit_element_ffc,
verifier);
+ }
if (os_memcmp_const(verifier, data + 2, SHA256_MAC_LEN) != 0) {
wpa_printf(MSG_DEBUG, "SAE: Confirm mismatch");
CVS commit: src/external/bsd/wpa/dist/src
Module Name:src
Committed By: christos
Date: Wed Apr 10 17:50:28 UTC 2019
Modified Files:
src/external/bsd/wpa/dist/src/eap_common: eap_pwd_common.c
eap_pwd_common.h
src/external/bsd/wpa/dist/src/eap_peer: eap_pwd.c
src/external/bsd/wpa/dist/src/eap_server: eap_server_pwd.c
Log Message:
This adds an explicit check for 0 < x,y < prime based on RFC 5931,
2.8.5.2.2 requirement. The earlier checks might have covered this
implicitly, but it is safer to avoid any dependency on implicit checks
and specific crypto library behavior. (CVE-2019-9498 and CVE-2019-9499)
Furthermore, this moves the EAP-pwd element and scalar parsing and
validation steps into shared helper functions so that there is no need
to maintain two separate copies of this common functionality between the
server and peer implementations.
To generate a diff of this commit:
cvs rdiff -u -r1.1.1.6 -r1.2 \
src/external/bsd/wpa/dist/src/eap_common/eap_pwd_common.c
cvs rdiff -u -r1.1.1.5 -r1.2 \
src/external/bsd/wpa/dist/src/eap_common/eap_pwd_common.h
cvs rdiff -u -r1.7 -r1.8 src/external/bsd/wpa/dist/src/eap_peer/eap_pwd.c
cvs rdiff -u -r1.7 -r1.8 \
src/external/bsd/wpa/dist/src/eap_server/eap_server_pwd.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/external/bsd/wpa/dist/src/eap_common/eap_pwd_common.c
diff -u src/external/bsd/wpa/dist/src/eap_common/eap_pwd_common.c:1.1.1.6 src/external/bsd/wpa/dist/src/eap_common/eap_pwd_common.c:1.2
--- src/external/bsd/wpa/dist/src/eap_common/eap_pwd_common.c:1.1.1.6 Fri Jan 4 14:29:19 2019
+++ src/external/bsd/wpa/dist/src/eap_common/eap_pwd_common.c Wed Apr 10 13:50:27 2019
@@ -416,3 +416,109 @@ int compute_keys(EAP_PWD_group *grp, con
return 1;
}
+
+
+static int eap_pwd_element_coord_ok(const struct crypto_bignum *prime,
+const u8 *buf, size_t len)
+{
+ struct crypto_bignum *val;
+ int ok = 1;
+
+ val = crypto_bignum_init_set(buf, len);
+ if (!val || crypto_bignum_is_zero(val) ||
+ crypto_bignum_cmp(val, prime) >= 0)
+ ok = 0;
+ crypto_bignum_deinit(val, 0);
+ return ok;
+}
+
+
+struct crypto_ec_point * eap_pwd_get_element(EAP_PWD_group *group,
+ const u8 *buf)
+{
+ struct crypto_ec_point *element;
+ const struct crypto_bignum *prime;
+ size_t prime_len;
+ struct crypto_bignum *cofactor = NULL;
+
+ prime = crypto_ec_get_prime(group->group);
+ prime_len = crypto_ec_prime_len(group->group);
+
+ /* RFC 5931, 2.8.5.2.2: 0 < x,y < p */
+ if (!eap_pwd_element_coord_ok(prime, buf, prime_len) ||
+ !eap_pwd_element_coord_ok(prime, buf + prime_len, prime_len)) {
+ wpa_printf(MSG_INFO, "EAP-pwd: Invalid coordinate in element");
+ return NULL;
+ }
+
+ element = crypto_ec_point_from_bin(group->group, buf);
+ if (!element) {
+ wpa_printf(MSG_INFO, "EAP-pwd: EC point from element failed");
+ return NULL;
+ }
+
+ /* RFC 5931, 2.8.5.2.2: on curve and not the point at infinity */
+ if (!crypto_ec_point_is_on_curve(group->group, element) ||
+ crypto_ec_point_is_at_infinity(group->group, element)) {
+ wpa_printf(MSG_INFO, "EAP-pwd: Invalid element");
+ goto fail;
+ }
+
+ cofactor = crypto_bignum_init();
+ if (!cofactor || crypto_ec_cofactor(group->group, cofactor) < 0) {
+ wpa_printf(MSG_INFO,
+ "EAP-pwd: Unable to get cofactor for curve");
+ goto fail;
+ }
+
+ if (!crypto_bignum_is_one(cofactor)) {
+ struct crypto_ec_point *point;
+ int ok = 1;
+
+ /* check to ensure peer's element is not in a small sub-group */
+ point = crypto_ec_point_init(group->group);
+ if (!point ||
+ crypto_ec_point_mul(group->group, element,
+ cofactor, point) != 0 ||
+ crypto_ec_point_is_at_infinity(group->group, point))
+ ok = 0;
+ crypto_ec_point_deinit(point, 0);
+
+ if (!ok) {
+ wpa_printf(MSG_INFO,
+ "EAP-pwd: Small sub-group check on peer element failed");
+ goto fail;
+ }
+ }
+
+out:
+ crypto_bignum_deinit(cofactor, 0);
+ return element;
+fail:
+ crypto_ec_point_deinit(element, 0);
+ element = NULL;
+ goto out;
+}
+
+
+struct crypto_bignum * eap_pwd_get_scalar(EAP_PWD_group *group, const u8 *buf)
+{
+ struct crypto_bignum *scalar;
+ const struct crypto_bignum *order;
+ size_t order_len;
+
+ order = crypto_ec_get_order(group->group);
+ order_len = crypto_ec_order_len(group->group);
+
+ /* RFC 5931, 2.8.5.2: 1 < scalar < r */
+ scalar = crypto_bignum_init_set(buf, order_len);
+ if (!scalar || crypto_bignum_is_zero(scalar) ||
+ crypto_bignum_is_one(scalar) ||
+ crypto_bignum_cmp(scalar, order) >= 0) {
+ wpa_printf(MSG_INFO, "EAP-pwd: received scalar is invalid");
+ crypto_bignum_deinit(scalar, 0);
+ scalar = NULL;
+ }
+
+ return scalar;
+}
Index: src/external/bsd/wpa/dist/src/eap_common/eap_pwd_common.h
diff -u src/external/bsd/wpa/dist/src/eap_common/eap_pwd_common.h:1.1.1.5 src/external/bsd/wpa/dist/src/eap_common/eap_pwd_common.h:1.2
---
CVS commit: src/external/bsd/wpa/dist/src/eap_peer
Module Name:src
Committed By: christos
Date: Wed Apr 10 17:49:59 UTC 2019
Modified Files:
src/external/bsd/wpa/dist/src/eap_peer: eap_pwd.c
Log Message:
When processing an EAP-pwd Commit frame, the server's scalar and element
(elliptic curve point) were not validated. This allowed an adversary to
bypass authentication, and act as a rogue Access Point (AP) if the
crypto implementation did not verify the validity of the EC point.
Fix this vulnerability by assuring the received scalar lies within the
valid range, and by checking that the received element is not the point
at infinity and lies on the elliptic curve being used. (CVE-2019-9499)
The vulnerability is only exploitable if OpenSSL version 1.0.2 or lower
is used, or if LibreSSL or wolfssl is used. Newer versions of OpenSSL
(and also BoringSSL) implicitly validate the elliptic curve point in
EC_POINT_set_affine_coordinates_GFp(), preventing the attack.
To generate a diff of this commit:
cvs rdiff -u -r1.6 -r1.7 src/external/bsd/wpa/dist/src/eap_peer/eap_pwd.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/external/bsd/wpa/dist/src/eap_peer/eap_pwd.c
diff -u src/external/bsd/wpa/dist/src/eap_peer/eap_pwd.c:1.6 src/external/bsd/wpa/dist/src/eap_peer/eap_pwd.c:1.7
--- src/external/bsd/wpa/dist/src/eap_peer/eap_pwd.c:1.6 Fri Jan 4 16:22:20 2019
+++ src/external/bsd/wpa/dist/src/eap_peer/eap_pwd.c Wed Apr 10 13:49:59 2019
@@ -594,6 +594,26 @@ eap_pwd_perform_commit_exchange(struct e
goto fin;
}
+ /* verify received scalar */
+ if (crypto_bignum_is_zero(data->server_scalar) ||
+ crypto_bignum_is_one(data->server_scalar) ||
+ crypto_bignum_cmp(data->server_scalar,
+ crypto_ec_get_order(data->grp->group)) >= 0) {
+ wpa_printf(MSG_INFO,
+ "EAP-PWD (peer): received scalar is invalid");
+ goto fin;
+ }
+
+ /* verify received element */
+ if (!crypto_ec_point_is_on_curve(data->grp->group,
+ data->server_element) ||
+ crypto_ec_point_is_at_infinity(data->grp->group,
+ data->server_element)) {
+ wpa_printf(MSG_INFO,
+ "EAP-PWD (peer): received element is invalid");
+ goto fin;
+ }
+
/* check to ensure server's element is not in a small sub-group */
if (!crypto_bignum_is_one(cofactor)) {
if (crypto_ec_point_mul(data->grp->group, data->server_element,
CVS commit: src/external/bsd/wpa/dist/src/eap_server
Module Name:src
Committed By: christos
Date: Wed Apr 10 17:49:26 UTC 2019
Modified Files:
src/external/bsd/wpa/dist/src/eap_server: eap_server_pwd.c
Log Message:
When processing an EAP-pwd Commit frame, verify that the peer's scalar
and elliptic curve element differ from the one sent by the server. This
prevents reflection attacks where the adversary reflects the scalar and
element sent by the server. (CVE-2019-9497)
The vulnerability allows an adversary to complete the EAP-pwd handshake
as any user. However, the adversary does not learn the negotiated
session key, meaning the subsequent 4-way handshake would fail. As a
result, this cannot be abused to bypass authentication unless EAP-pwd is
used in non-WLAN cases without any following key exchange that would
require the attacker to learn the MSK.
To generate a diff of this commit:
cvs rdiff -u -r1.6 -r1.7 \
src/external/bsd/wpa/dist/src/eap_server/eap_server_pwd.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/external/bsd/wpa/dist/src/eap_server/eap_server_pwd.c
diff -u src/external/bsd/wpa/dist/src/eap_server/eap_server_pwd.c:1.6 src/external/bsd/wpa/dist/src/eap_server/eap_server_pwd.c:1.7
--- src/external/bsd/wpa/dist/src/eap_server/eap_server_pwd.c:1.6 Wed Apr 10 13:48:07 2019
+++ src/external/bsd/wpa/dist/src/eap_server/eap_server_pwd.c Wed Apr 10 13:49:26 2019
@@ -753,6 +753,15 @@ eap_pwd_process_commit_resp(struct eap_s
}
}
+ /* detect reflection attacks */
+ if (crypto_bignum_cmp(data->my_scalar, data->peer_scalar) == 0 ||
+ crypto_ec_point_cmp(data->grp->group, data->my_element,
+data->peer_element) == 0) {
+ wpa_printf(MSG_INFO,
+ "EAP-PWD (server): detected reflection attack!");
+ goto fin;
+ }
+
/* compute the shared key, k */
if ((crypto_ec_point_mul(data->grp->group, data->grp->pwe,
data->peer_scalar, K) < 0) ||
CVS commit: src/external/bsd/wpa/dist/src
Module Name:src
Committed By: christos
Date: Wed Apr 10 17:48:08 UTC 2019
Modified Files:
src/external/bsd/wpa/dist/src/drivers: driver_bsd.c
src/external/bsd/wpa/dist/src/eap_server: eap_server_pwd.c
Log Message:
CVE-2019-9498 (EAP-pwd server missing commit validation for scalar/element)
When processing an EAP-pwd Commit frame, the peer's scalar and element
(elliptic curve point) were not validated. This allowed an adversary to
bypass authentication, and impersonate any user if the crypto
implementation did not verify the validity of the EC point.
Fix this vulnerability by assuring the received scalar lies within the
valid range, and by checking that the received element is not the point
at infinity and lies on the elliptic curve being used. (CVE-2019-9498)
The vulnerability is only exploitable if OpenSSL version 1.0.2 or lower
is used, or if LibreSSL or wolfssl is used. Newer versions of OpenSSL
(and also BoringSSL) implicitly validate the elliptic curve point in
EC_POINT_set_affine_coordinates_GFp(), preventing the attack.
To generate a diff of this commit:
cvs rdiff -u -r1.29 -r1.30 src/external/bsd/wpa/dist/src/drivers/driver_bsd.c
cvs rdiff -u -r1.5 -r1.6 \
src/external/bsd/wpa/dist/src/eap_server/eap_server_pwd.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/external/bsd/wpa/dist/src/drivers/driver_bsd.c
diff -u src/external/bsd/wpa/dist/src/drivers/driver_bsd.c:1.29 src/external/bsd/wpa/dist/src/drivers/driver_bsd.c:1.30
--- src/external/bsd/wpa/dist/src/drivers/driver_bsd.c:1.29 Tue Apr 11 10:15:08 2017
+++ src/external/bsd/wpa/dist/src/drivers/driver_bsd.c Wed Apr 10 13:48:07 2019
@@ -334,6 +334,8 @@ bsd_send_mlme_param(void *priv, const u8
mlme.im_op = op;
mlme.im_reason = reason;
os_memcpy(mlme.im_macaddr, addr, IEEE80211_ADDR_LEN);
+ wpa_printf(MSG_DEBUG, "%s: op=%d reason=%d addr=" MACSTR, __func__,
+ op, reason, MAC2STR(addr));
return set80211var(priv, IEEE80211_IOC_MLME, , sizeof(mlme));
}
Index: src/external/bsd/wpa/dist/src/eap_server/eap_server_pwd.c
diff -u src/external/bsd/wpa/dist/src/eap_server/eap_server_pwd.c:1.5 src/external/bsd/wpa/dist/src/eap_server/eap_server_pwd.c:1.6
--- src/external/bsd/wpa/dist/src/eap_server/eap_server_pwd.c:1.5 Fri Jan 4 16:22:20 2019
+++ src/external/bsd/wpa/dist/src/eap_server/eap_server_pwd.c Wed Apr 10 13:48:07 2019
@@ -718,6 +718,26 @@ eap_pwd_process_commit_resp(struct eap_s
goto fin;
}
+ /* verify received scalar */
+ if (crypto_bignum_is_zero(data->peer_scalar) ||
+ crypto_bignum_is_one(data->peer_scalar) ||
+ crypto_bignum_cmp(data->peer_scalar,
+ crypto_ec_get_order(data->grp->group)) >= 0) {
+ wpa_printf(MSG_INFO,
+ "EAP-PWD (server): received scalar is invalid");
+ goto fin;
+ }
+
+ /* verify received element */
+ if (!crypto_ec_point_is_on_curve(data->grp->group,
+ data->peer_element) ||
+ crypto_ec_point_is_at_infinity(data->grp->group,
+ data->peer_element)) {
+ wpa_printf(MSG_INFO,
+ "EAP-PWD (server): received element is invalid");
+ goto fin;
+ }
+
/* check to ensure peer's element is not in a small sub-group */
if (!crypto_bignum_is_one(cofactor)) {
if (crypto_ec_point_mul(data->grp->group, data->peer_element,
CVS commit: src/external/bsd/wpa/dist/src/rsn_supp
Module Name:src
Committed By: christos
Date: Thu Aug 16 11:34:41 UTC 2018
Modified Files:
src/external/bsd/wpa/dist/src/rsn_supp: wpa.c
Log Message:
>From FreeBSD:
When using WPA2, EAPOL-Key frames with the Encrypted flag and without the MIC
flag set, the data field was decrypted first without verifying the MIC. When
the dta field was encrypted using RC4, for example, when negotiating TKIP as
a pairwise cipher, the unauthenticated but decrypted data was subsequently
processed. This opened wpa_supplicant(8) to abuse by decryption and recovery
of sensitive information contained in EAPOL-Key messages.
See https://w1.fi/security/2018-1/unauthenticated-eapol-key-decryption.txt
for a detailed description of the bug.
XXX: pullup-8
To generate a diff of this commit:
cvs rdiff -u -r1.2 -r1.3 src/external/bsd/wpa/dist/src/rsn_supp/wpa.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/external/bsd/wpa/dist/src/rsn_supp/wpa.c
diff -u src/external/bsd/wpa/dist/src/rsn_supp/wpa.c:1.2 src/external/bsd/wpa/dist/src/rsn_supp/wpa.c:1.3
--- src/external/bsd/wpa/dist/src/rsn_supp/wpa.c:1.2 Mon Oct 16 13:36:16 2017
+++ src/external/bsd/wpa/dist/src/rsn_supp/wpa.c Thu Aug 16 07:34:41 2018
@@ -2072,6 +2072,17 @@ int wpa_sm_rx_eapol(struct wpa_sm *sm, c
if ((sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN) &&
(key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) {
+ /*
+ * Only decrypt the Key Data field if the frame's authenticity
+ * was verified. When using AES-SIV (FILS), the MIC flag is not
+ * set, so this check should only be performed if mic_len != 0
+ * which is the case in this code branch.
+ */
+ if (!(key_info & WPA_KEY_INFO_MIC)) {
+ wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
+"WPA: Ignore EAPOL-Key with encrypted but unauthenticated data");
+ goto out;
+ }
if (wpa_supplicant_decrypt_key_data(sm, key, ver, key_data,
_data_len))
goto out;
CVS commit: src/external/bsd/wpa/dist
Module Name:src
Committed By: spz
Date: Mon Oct 16 17:36:16 UTC 2017
Modified Files:
src/external/bsd/wpa/dist/src/ap: ieee802_11.c wpa_auth.c wpa_auth.h
wpa_auth_ft.c wpa_auth_i.h
src/external/bsd/wpa/dist/src/common: wpa_common.h
src/external/bsd/wpa/dist/src/rsn_supp: tdls.c wpa.c wpa_ft.c wpa_i.h
src/external/bsd/wpa/dist/wpa_supplicant: wnm_sta.c
Log Message:
apply patches from upstream, namely from https://w1.fi/security/2017-1/ :
rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch
02-Oct-2017 16:19 6.1K
rebased-v2.6-0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch
02-Oct-2017 16:19 7.7K
rebased-v2.6-0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch
02-Oct-2017 16:19 6.7K
rebased-v2.6-0004-Prevent-installation-of-an-all-zero-TK.patch
02-Oct-2017 16:19 2.5K
rebased-v2.6-0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch
02-Oct-2017 16:19 1.9K
rebased-v2.6-0006-TDLS-Reject-TPK-TK-reconfiguration.patch
02-Oct-2017 16:19 4.2K
rebased-v2.6-0007-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch
02-Oct-2017 16:19 1.6K
rebased-v2.6-0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch
02-Oct-2017 16:19 2.7K
for CVE-2017-13077 CVE-2017-13078 CVE-2017-13079 CVE-2017-13080
CVE-2017-13081 CVE-2017-13082 CVE-2017-13086 CVE-2017-13087 CVE-2017-13088
(see
https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt
for details)
To generate a diff of this commit:
cvs rdiff -u -r1.1.1.7 -r1.2 src/external/bsd/wpa/dist/src/ap/ieee802_11.c \
src/external/bsd/wpa/dist/src/ap/wpa_auth_ft.c
cvs rdiff -u -r1.9 -r1.10 src/external/bsd/wpa/dist/src/ap/wpa_auth.c
cvs rdiff -u -r1.1.1.6 -r1.2 src/external/bsd/wpa/dist/src/ap/wpa_auth.h \
src/external/bsd/wpa/dist/src/ap/wpa_auth_i.h
cvs rdiff -u -r1.2 -r1.3 src/external/bsd/wpa/dist/src/common/wpa_common.h
cvs rdiff -u -r1.1.1.5 -r1.2 src/external/bsd/wpa/dist/src/rsn_supp/tdls.c
cvs rdiff -u -r1.1.1.8 -r1.2 src/external/bsd/wpa/dist/src/rsn_supp/wpa.c
cvs rdiff -u -r1.1.1.6 -r1.2 src/external/bsd/wpa/dist/src/rsn_supp/wpa_ft.c \
src/external/bsd/wpa/dist/src/rsn_supp/wpa_i.h
cvs rdiff -u -r1.3 -r1.4 src/external/bsd/wpa/dist/wpa_supplicant/wnm_sta.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/external/bsd/wpa/dist/src/ap/ieee802_11.c
diff -u src/external/bsd/wpa/dist/src/ap/ieee802_11.c:1.1.1.7 src/external/bsd/wpa/dist/src/ap/ieee802_11.c:1.2
--- src/external/bsd/wpa/dist/src/ap/ieee802_11.c:1.1.1.7 Mon Nov 21 16:42:50 2016
+++ src/external/bsd/wpa/dist/src/ap/ieee802_11.c Mon Oct 16 17:36:16 2017
@@ -1841,6 +1841,7 @@ static int add_associated_sta(struct hos
{
struct ieee80211_ht_capabilities ht_cap;
struct ieee80211_vht_capabilities vht_cap;
+ int set = 1;
/*
* Remove the STA entry to ensure the STA PS state gets cleared and
@@ -1848,9 +1849,18 @@ static int add_associated_sta(struct hos
* FT-over-the-DS, where a station re-associates back to the same AP but
* skips the authentication flow, or if working with a driver that
* does not support full AP client state.
+ *
+ * Skip this if the STA has already completed FT reassociation and the
+ * TK has been configured since the TX/RX PN must not be reset to 0 for
+ * the same key.
*/
- if (!sta->added_unassoc)
+ if (!sta->added_unassoc &&
+ (!(sta->flags & WLAN_STA_AUTHORIZED) ||
+ !wpa_auth_sta_ft_tk_already_set(sta->wpa_sm))) {
hostapd_drv_sta_remove(hapd, sta->addr);
+ wpa_auth_sm_event(sta->wpa_sm, WPA_DRV_STA_REMOVED);
+ set = 0;
+ }
#ifdef CONFIG_IEEE80211N
if (sta->flags & WLAN_STA_HT)
@@ -1873,11 +1883,11 @@ static int add_associated_sta(struct hos
sta->flags & WLAN_STA_VHT ? _cap : NULL,
sta->flags | WLAN_STA_ASSOC, sta->qosinfo,
sta->vht_opmode, sta->p2p_ie ? 1 : 0,
- sta->added_unassoc)) {
+ set)) {
hostapd_logger(hapd, sta->addr,
HOSTAPD_MODULE_IEEE80211, HOSTAPD_LEVEL_NOTICE,
"Could not %s STA to kernel driver",
- sta->added_unassoc ? "set" : "add");
+ set ? "set" : "add");
if (sta->added_unassoc) {
hostapd_drv_sta_remove(hapd, sta->addr);
Index: src/external/bsd/wpa/dist/src/ap/wpa_auth_ft.c
diff -u src/external/bsd/wpa/dist/src/ap/wpa_auth_ft.c:1.1.1.7 src/external/bsd/wpa/dist/src/ap/wpa_auth_ft.c:1.2
--- src/external/bsd/wpa/dist/src/ap/wpa_auth_ft.c:1.1.1.7 Mon Nov 21 16:42:50 2016
+++ src/external/bsd/wpa/dist/src/ap/wpa_auth_ft.c Mon Oct 16 17:36:16 2017
@@ -780,6 +780,14 @@ void wpa_ft_install_ptk(struct wpa_state
return;
}
+ if (sm->tk_already_set) {
+ /* Must avoid TK reconfiguration to prevent clearing of TX/RX
+ * PN in the driver */
+ wpa_printf(MSG_DEBUG,
+ "FT: Do not re-install same PTK to the driver");
+ return;
+
CVS commit: src/external/bsd/wpa/dist/src/drivers
Module Name:src
Committed By: roy
Date: Tue Apr 11 14:15:08 UTC 2017
Modified Files:
src/external/bsd/wpa/dist/src/drivers: driver_bsd.c
Log Message:
Use RO_MSGFILTER.
To generate a diff of this commit:
cvs rdiff -u -r1.28 -r1.29 src/external/bsd/wpa/dist/src/drivers/driver_bsd.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/external/bsd/wpa/dist/src/drivers/driver_bsd.c
diff -u src/external/bsd/wpa/dist/src/drivers/driver_bsd.c:1.28 src/external/bsd/wpa/dist/src/drivers/driver_bsd.c:1.29
--- src/external/bsd/wpa/dist/src/drivers/driver_bsd.c:1.28 Tue Apr 11 14:13:01 2017
+++ src/external/bsd/wpa/dist/src/drivers/driver_bsd.c Tue Apr 11 14:15:08 2017
@@ -1696,6 +1696,14 @@ static void *
bsd_global_init(void *ctx)
{
struct bsd_driver_global *global;
+#ifdef RO_MSGFILTER
+ unsigned char msgfilter[] = {
+ RTM_IEEE80211,
+#ifndef HOSTAPD
+ RTM_IFINFO, RTM_IFANNOUNCE,
+#endif
+ };
+#endif
global = os_zalloc(sizeof(*global));
if (global == NULL)
@@ -1718,6 +1726,13 @@ bsd_global_init(void *ctx)
goto fail;
}
+#ifdef RO_MSGFILTER
+ if (setsockopt(global->route, PF_ROUTE, RO_MSGFILTER,
+ , sizeof(msgfilter)) < 0)
+ wpa_printf(MSG_ERROR, "setsockopt[PF_ROUTE,RO_MSGFILTER]: %s",
+ strerror(errno));
+#endif
+
#ifdef HOSTAPD
eloop_register_read_sock(global->route, bsd_wireless_event_receive,
NULL, global);
CVS commit: src/external/bsd/wpa/dist/src/drivers
Module Name:src
Committed By: roy
Date: Tue Apr 11 14:13:01 UTC 2017
Modified Files:
src/external/bsd/wpa/dist/src/drivers: driver_bsd.c
Log Message:
Use recvmsg(2) to read route(4) messages.
Use a shim function for this which can grow it's buffer when needed.
To generate a diff of this commit:
cvs rdiff -u -r1.27 -r1.28 src/external/bsd/wpa/dist/src/drivers/driver_bsd.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/external/bsd/wpa/dist/src/drivers/driver_bsd.c
diff -u src/external/bsd/wpa/dist/src/drivers/driver_bsd.c:1.27 src/external/bsd/wpa/dist/src/drivers/driver_bsd.c:1.28
--- src/external/bsd/wpa/dist/src/drivers/driver_bsd.c:1.27 Thu Jan 12 19:15:10 2017
+++ src/external/bsd/wpa/dist/src/drivers/driver_bsd.c Tue Apr 11 14:13:01 2017
@@ -9,7 +9,7 @@
#include "includes.h"
#include
-#include
+#include
#include "common.h"
#include "driver.h"
@@ -45,15 +45,13 @@
#include "common/ieee802_11_defs.h"
#include "common/wpa_common.h"
-
#include "l2_packet/l2_packet.h"
struct bsd_driver_global {
void *ctx;
int sock; /* socket for 802.11 ioctls */
int route; /* routing socket for events */
- char *event_buf;
- size_t event_buf_len;
+ struct iovec event_iov[1];
struct dl_list ifaces; /* list of interfaces */
};
@@ -78,6 +76,50 @@ struct bsd_driver_data {
/* Generic functions for hostapd and wpa_supplicant */
+#define IOVEC_BUFSIZ 256
+ssize_t
+recvmsg_realloc(int fd, struct msghdr *msg, int flags)
+{
+ struct iovec *iov;
+ ssize_t slen;
+ size_t len;
+ void *n;
+
+ /* Assume we are reallocing the last iovec. */
+ iov = >msg_iov[msg->msg_iovlen - 1];
+
+ for (;;) {
+ /* Passing MSG_TRUNC should return the actual size needed. */
+ slen = recvmsg(fd, msg, flags | MSG_PEEK | MSG_TRUNC);
+ if (slen == -1)
+ return -1;
+ if (!(msg->msg_flags & MSG_TRUNC))
+ break;
+
+ len = (size_t)slen;
+
+ /* Some kernels return the size of the receive buffer
+ * on truncation, not the actual size needed.
+ * So grow the buffer and try again. */
+ if (iov->iov_len == len)
+ len = roundup(len + 1, IOVEC_BUFSIZ);
+ else if (iov->iov_len > len)
+ break;
+ if ((n = realloc(iov->iov_base, len)) == NULL)
+ return -1;
+ iov->iov_base = n;
+ iov->iov_len = len;
+ }
+
+ slen = recvmsg(fd, msg, flags);
+ if (slen != -1 && msg->msg_flags & MSG_TRUNC) {
+ /* This should not be possible ... */
+ errno = ENOBUFS;
+ return -1;
+ }
+ return slen;
+}
+
static struct bsd_driver_data *
bsd_get_drvindex(void *priv, unsigned int ifindex)
{
@@ -637,22 +679,6 @@ bsd_set_opt_ie(void *priv, const u8 *ie,
return 0;
}
-static size_t
-rtbuf_len(void)
-{
- size_t len;
-
- int mib[6] = {CTL_NET, AF_ROUTE, 0, AF_INET, NET_RT_DUMP, 0};
-
- if (sysctl(mib, 6, NULL, , NULL, 0) < 0) {
- wpa_printf(MSG_WARNING, "%s failed: %s", __func__,
- strerror(errno));
- len = 2048;
- }
-
- return len;
-}
-
#ifdef HOSTAPD
/*
@@ -727,7 +753,7 @@ bsd_get_seqnum(const char *ifname, void
}
-static int
+static int
bsd_flush(void *priv)
{
u8 allsta[IEEE80211_ADDR_LEN];
@@ -775,15 +801,19 @@ bsd_wireless_event_receive(int sock, voi
{
struct bsd_driver_global *global = sock_ctx;
struct bsd_driver_data *drv;
+ struct msghdr msg;
struct if_announcemsghdr *ifan;
struct rt_msghdr *rtm;
struct ieee80211_michael_event *mic;
struct ieee80211_join_event *join;
struct ieee80211_leave_event *leave;
- int n;
+ ssize_t n;
union wpa_event_data data;
- n = read(sock, global->event_buf, global->event_buf_len);
+ memset(, 0, sizeof(msg));
+ msg.msg_iov = global->event_iov;
+ msg.msg_iovlen = 1;
+ n = recvmsg_realloc(sock, , 0);
if (n < 0) {
if (errno != EINTR && errno != EAGAIN)
wpa_printf(MSG_ERROR, "%s read() failed: %s",
@@ -791,7 +821,7 @@ bsd_wireless_event_receive(int sock, voi
return;
}
- rtm = (struct rt_msghdr *) global->event_buf;
+ rtm = (struct rt_msghdr *) global->event_iov[0].iov_base;
if (rtm->rtm_version != RTM_VERSION) {
wpa_printf(MSG_DEBUG, "Invalid routing message version=%d",
rtm->rtm_version);
@@ -1213,6 +1243,7 @@ wpa_driver_bsd_event_receive(int sock, v
{
struct bsd_driver_global *global = sock_ctx;
struct bsd_driver_data *drv;
+ struct msghdr msg;
struct if_announcemsghdr *ifan;
struct if_msghdr *ifm;
struct rt_msghdr *rtm;
@@ -1220,9 +1251,12 @@ wpa_driver_bsd_event_receive(int sock, v
struct ieee80211_michael_event *mic;
struct ieee80211_leave_event *leave;
struct ieee80211_join_event *join;
- int n;
+ ssize_t n;
- n = read(sock, global->event_buf, global->event_buf_len);
+ memset(, 0, sizeof(msg));
+ msg.msg_iov = global->event_iov;
+ msg.msg_iovlen = 1;
+ n = recvmsg_realloc(sock, , 0);
if (n < 0) {
if (errno != EINTR && errno != EAGAIN)
wpa_printf(MSG_ERROR, "%s read() failed: %s",
@@ -1230,7 +1264,7 @@ wpa_driver_bsd_event_receive(int sock, v
return;
}
- rtm =
CVS commit: src/external/bsd/wpa/dist/src
Module Name:src
Committed By: christos
Date: Thu Jan 12 19:15:10 UTC 2017
Modified Files:
src/external/bsd/wpa/dist/src/common: wpa_common.h
src/external/bsd/wpa/dist/src/drivers: driver_bsd.c driver_wired.c
src/external/bsd/wpa/dist/src/utils: common.h
Log Message:
fix redefinitions
To generate a diff of this commit:
cvs rdiff -u -r1.1.1.6 -r1.2 \
src/external/bsd/wpa/dist/src/common/wpa_common.h
cvs rdiff -u -r1.26 -r1.27 src/external/bsd/wpa/dist/src/drivers/driver_bsd.c
cvs rdiff -u -r1.1.1.6 -r1.2 \
src/external/bsd/wpa/dist/src/drivers/driver_wired.c
cvs rdiff -u -r1.4 -r1.5 src/external/bsd/wpa/dist/src/utils/common.h
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/external/bsd/wpa/dist/src/common/wpa_common.h
diff -u src/external/bsd/wpa/dist/src/common/wpa_common.h:1.1.1.6 src/external/bsd/wpa/dist/src/common/wpa_common.h:1.2
--- src/external/bsd/wpa/dist/src/common/wpa_common.h:1.1.1.6 Mon Nov 21 11:42:50 2016
+++ src/external/bsd/wpa/dist/src/common/wpa_common.h Thu Jan 12 14:15:10 2017
@@ -9,6 +9,7 @@
#ifndef WPA_COMMON_H
#define WPA_COMMON_H
+
/* IEEE 802.11i */
#define PMKID_LEN 16
#define PMK_LEN 32
@@ -104,7 +105,9 @@ RSN_SELECTOR(0x00, 0x0f, 0xac, 13)
#define WFA_KEY_DATA_IP_ADDR_REQ RSN_SELECTOR(0x50, 0x6f, 0x9a, 4)
#define WFA_KEY_DATA_IP_ADDR_ALLOC RSN_SELECTOR(0x50, 0x6f, 0x9a, 5)
+#ifndef WPA_OUI_TYPE
#define WPA_OUI_TYPE RSN_SELECTOR(0x00, 0x50, 0xf2, 1)
+#endif
#define RSN_SELECTOR_PUT(a, val) WPA_PUT_BE32((u8 *) (a), (val))
#define RSN_SELECTOR_GET(a) WPA_GET_BE32((const u8 *) (a))
Index: src/external/bsd/wpa/dist/src/drivers/driver_bsd.c
diff -u src/external/bsd/wpa/dist/src/drivers/driver_bsd.c:1.26 src/external/bsd/wpa/dist/src/drivers/driver_bsd.c:1.27
--- src/external/bsd/wpa/dist/src/drivers/driver_bsd.c:1.26 Mon Nov 21 15:15:17 2016
+++ src/external/bsd/wpa/dist/src/drivers/driver_bsd.c Thu Jan 12 14:15:10 2017
@@ -14,8 +14,6 @@
#include "common.h"
#include "driver.h"
#include "eloop.h"
-#include "common/ieee802_11_defs.h"
-#include "common/wpa_common.h"
#include
#include
@@ -45,6 +43,9 @@
#include
#endif
+#include "common/ieee802_11_defs.h"
+#include "common/wpa_common.h"
+
#include "l2_packet/l2_packet.h"
struct bsd_driver_global {
Index: src/external/bsd/wpa/dist/src/drivers/driver_wired.c
diff -u src/external/bsd/wpa/dist/src/drivers/driver_wired.c:1.1.1.6 src/external/bsd/wpa/dist/src/drivers/driver_wired.c:1.2
--- src/external/bsd/wpa/dist/src/drivers/driver_wired.c:1.1.1.6 Mon Nov 21 11:42:51 2016
+++ src/external/bsd/wpa/dist/src/drivers/driver_wired.c Thu Jan 12 14:15:10 2017
@@ -14,8 +14,6 @@
#include "driver.h"
#include
-#undef IFNAMSIZ
-#include
#ifdef __linux__
#include
#include
Index: src/external/bsd/wpa/dist/src/utils/common.h
diff -u src/external/bsd/wpa/dist/src/utils/common.h:1.4 src/external/bsd/wpa/dist/src/utils/common.h:1.5
--- src/external/bsd/wpa/dist/src/utils/common.h:1.4 Mon Nov 21 15:15:17 2016
+++ src/external/bsd/wpa/dist/src/utils/common.h Thu Jan 12 14:15:10 2017
@@ -53,6 +53,10 @@ static inline unsigned int bswap_32(unsi
}
#endif /* __APPLE__ */
+#ifdef __NetBSD__
+#include
+#endif
+
#ifdef CONFIG_NATIVE_WINDOWS
#include
CVS commit: src/external/bsd/wpa/dist/wpa_supplicant
Module Name:src Committed By: christos Date: Wed Nov 30 17:23:16 UTC 2016 Modified Files: src/external/bsd/wpa/dist/wpa_supplicant: wpa_supplicant.c Log Message: grr. usec is also os_time_t :-( To generate a diff of this commit: cvs rdiff -u -r1.8 -r1.9 \ src/external/bsd/wpa/dist/wpa_supplicant/wpa_supplicant.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/external/bsd/wpa/dist/wpa_supplicant/wpa_supplicant.c diff -u src/external/bsd/wpa/dist/wpa_supplicant/wpa_supplicant.c:1.8 src/external/bsd/wpa/dist/wpa_supplicant/wpa_supplicant.c:1.9 --- src/external/bsd/wpa/dist/wpa_supplicant/wpa_supplicant.c:1.8 Sun Nov 27 12:06:09 2016 +++ src/external/bsd/wpa/dist/wpa_supplicant/wpa_supplicant.c Wed Nov 30 12:23:16 2016 @@ -4422,8 +4422,8 @@ static void radio_start_next_work(void * os_get_reltime(); os_reltime_sub(, >time, ); wpa_dbg(wpa_s, MSG_DEBUG, - "Starting radio work '%s'@%p after %jd.%06ld second wait", - work->type, work, (intmax_t)diff.sec, diff.usec); + "Starting radio work '%s'@%p after %jd.%06jd second wait", + work->type, work, (intmax_t)diff.sec, (intmax_t)diff.usec); work->started = 1; work->time = now; radio->num_active_works++; @@ -6903,7 +6903,7 @@ int wpa_is_bss_tmp_disallowed(struct wpa os_reltime_sub(>disallowed_until, , ); wpa_printf(MSG_DEBUG, - "BSS " MACSTR " disabled for %jd.%0ld seconds", - MAC2STR(bss->bssid), (intmax_t)age.sec, age.usec); + "BSS " MACSTR " disabled for %jd.%0jd seconds", + MAC2STR(bss->bssid), (intmax_t)age.sec, (intmax_t)age.usec); return 1; }
CVS commit: src/external/bsd/wpa/dist/wpa_supplicant
Module Name:src Committed By: christos Date: Sun Nov 27 17:06:09 UTC 2016 Modified Files: src/external/bsd/wpa/dist/wpa_supplicant: wpa_supplicant.c Log Message: fix printf formats for time_t To generate a diff of this commit: cvs rdiff -u -r1.7 -r1.8 \ src/external/bsd/wpa/dist/wpa_supplicant/wpa_supplicant.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/external/bsd/wpa/dist/wpa_supplicant/wpa_supplicant.c diff -u src/external/bsd/wpa/dist/wpa_supplicant/wpa_supplicant.c:1.7 src/external/bsd/wpa/dist/wpa_supplicant/wpa_supplicant.c:1.8 --- src/external/bsd/wpa/dist/wpa_supplicant/wpa_supplicant.c:1.7 Mon Nov 21 15:15:17 2016 +++ src/external/bsd/wpa/dist/wpa_supplicant/wpa_supplicant.c Sun Nov 27 12:06:09 2016 @@ -4422,8 +4422,8 @@ static void radio_start_next_work(void * os_get_reltime(); os_reltime_sub(, >time, ); wpa_dbg(wpa_s, MSG_DEBUG, - "Starting radio work '%s'@%p after %ld.%06ld second wait", - work->type, work, diff.sec, diff.usec); + "Starting radio work '%s'@%p after %jd.%06ld second wait", + work->type, work, (intmax_t)diff.sec, diff.usec); work->started = 1; work->time = now; radio->num_active_works++; @@ -6903,7 +6903,7 @@ int wpa_is_bss_tmp_disallowed(struct wpa os_reltime_sub(>disallowed_until, , ); wpa_printf(MSG_DEBUG, - "BSS " MACSTR " disabled for %ld.%0ld seconds", - MAC2STR(bss->bssid), age.sec, age.usec); + "BSS " MACSTR " disabled for %jd.%0ld seconds", + MAC2STR(bss->bssid), (intmax_t)age.sec, age.usec); return 1; }
CVS commit: src/external/bsd/wpa/dist/wpa_supplicant
Module Name:src
Committed By: christos
Date: Tue May 3 18:22:28 UTC 2016
Modified Files:
src/external/bsd/wpa/dist/wpa_supplicant: config.c
Log Message:
http://w1.fi/security/2016-1/0004-Reject-SET_CRED-commands-with-newline-characters-in-.patch
Many of the global configuration parameters are written as strings
without filtering and if there is an embedded newline character in the
value, unexpected configuration file data might be written.
This fixes an issue where wpa_supplicant could have updated the
configuration file global parameter with arbitrary data from the control
interface or D-Bus interface. While those interfaces are supposed to be
accessible only for trusted users/applications, it may be possible that
an untrusted user has access to a management software component that
does not validate the value of a parameter before passing it to
wpa_supplicant.
This could allow such an untrusted user to inject almost arbitrary data
into the configuration file. Such configuration file could result in
wpa_supplicant trying to load a library (e.g., opensc_engine_path,
pkcs11_engine_path, pkcs11_module_path, load_dynamic_eap) from user
controlled location when starting again. This would allow code from that
library to be executed under the wpa_supplicant process privileges.
To generate a diff of this commit:
cvs rdiff -u -r1.4 -r1.5 src/external/bsd/wpa/dist/wpa_supplicant/config.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/external/bsd/wpa/dist/wpa_supplicant/config.c
diff -u src/external/bsd/wpa/dist/wpa_supplicant/config.c:1.4 src/external/bsd/wpa/dist/wpa_supplicant/config.c:1.5
--- src/external/bsd/wpa/dist/wpa_supplicant/config.c:1.4 Tue May 3 14:21:54 2016
+++ src/external/bsd/wpa/dist/wpa_supplicant/config.c Tue May 3 14:22:28 2016
@@ -3649,6 +3649,12 @@ static int wpa_global_config_parse_str(c
return -1;
}
+ if (has_newline(pos)) {
+ wpa_printf(MSG_ERROR, "Line %d: invalid %s value with newline",
+ line, data->name);
+ return -1;
+ }
+
tmp = os_strdup(pos);
if (tmp == NULL)
return -1;
CVS commit: src/external/bsd/wpa/dist/wpa_supplicant
Module Name:src
Committed By: christos
Date: Tue May 3 18:21:54 UTC 2016
Modified Files:
src/external/bsd/wpa/dist/wpa_supplicant: config.c
Log Message:
http://w1.fi/security/2016-1/0004-Reject-SET_CRED-commands-with-newline-characters-in-.patch
Most of the cred block parameters are written as strings without
filtering and if there is an embedded newline character in the value,
unexpected configuration file data might be written.
This fixes an issue where wpa_supplicant could have updated the
configuration file cred parameter with arbitrary data from the control
interface or D-Bus interface. While those interfaces are supposed to be
accessible only for trusted users/applications, it may be possible that
an untrusted user has access to a management software component that
does not validate the credential value before passing it to
wpa_supplicant.
This could allow such an untrusted user to inject almost arbitrary data
into the configuration file. Such configuration file could result in
wpa_supplicant trying to load a library (e.g., opensc_engine_path,
pkcs11_engine_path, pkcs11_module_path, load_dynamic_eap) from user
controlled location when starting again. This would allow code from that
library to be executed under the wpa_supplicant process privileges.
To generate a diff of this commit:
cvs rdiff -u -r1.3 -r1.4 src/external/bsd/wpa/dist/wpa_supplicant/config.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/external/bsd/wpa/dist/wpa_supplicant/config.c
diff -u src/external/bsd/wpa/dist/wpa_supplicant/config.c:1.3 src/external/bsd/wpa/dist/wpa_supplicant/config.c:1.4
--- src/external/bsd/wpa/dist/wpa_supplicant/config.c:1.3 Tue May 3 14:21:14 2016
+++ src/external/bsd/wpa/dist/wpa_supplicant/config.c Tue May 3 14:21:54 2016
@@ -2789,6 +2789,8 @@ int wpa_config_set_cred(struct wpa_cred
if (os_strcmp(var, "password") == 0 &&
os_strncmp(value, "ext:", 4) == 0) {
+ if (has_newline(value))
+ return -1;
str_clear_free(cred->password);
cred->password = os_strdup(value);
cred->ext_password = 1;
@@ -2839,9 +2841,14 @@ int wpa_config_set_cred(struct wpa_cred
}
val = wpa_config_parse_string(value, );
- if (val == NULL) {
+ if (val == NULL ||
+ (os_strcmp(var, "excluded_ssid") != 0 &&
+ os_strcmp(var, "roaming_consortium") != 0 &&
+ os_strcmp(var, "required_roaming_consortium") != 0 &&
+ has_newline(val))) {
wpa_printf(MSG_ERROR, "Line %d: invalid field '%s' string "
"value '%s'.", line, var, value);
+ os_free(val);
return -1;
}
CVS commit: src/external/bsd/wpa/dist
Module Name:src
Committed By: christos
Date: Tue May 3 18:21:15 UTC 2016
Modified Files:
src/external/bsd/wpa/dist/src/utils: common.c common.h
src/external/bsd/wpa/dist/wpa_supplicant: config.c
Log Message:
http://w1.fi/security/2016-1/0003-Remove-newlines-from-wpa_supplicant-config-network-o.patch
Spurious newlines output while writing the config file can corrupt the
wpa_supplicant configuration. Avoid writing these for the network block
parameters. This is a generic filter that cover cases that may not have
been explicitly addressed with a more specific commit to avoid control
characters in the psk parameter.
To generate a diff of this commit:
cvs rdiff -u -r1.2 -r1.3 src/external/bsd/wpa/dist/src/utils/common.c \
src/external/bsd/wpa/dist/src/utils/common.h
cvs rdiff -u -r1.2 -r1.3 src/external/bsd/wpa/dist/wpa_supplicant/config.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/external/bsd/wpa/dist/src/utils/common.c
diff -u src/external/bsd/wpa/dist/src/utils/common.c:1.2 src/external/bsd/wpa/dist/src/utils/common.c:1.3
--- src/external/bsd/wpa/dist/src/utils/common.c:1.2 Tue May 3 14:19:44 2016
+++ src/external/bsd/wpa/dist/src/utils/common.c Tue May 3 14:21:14 2016
@@ -683,6 +683,17 @@ int has_ctrl_char(const u8 *data, size_t
}
+int has_newline(const char *str)
+{
+ while (*str) {
+ if (*str == '\n' || *str == '\r')
+ return 1;
+ str++;
+ }
+ return 0;
+}
+
+
size_t merge_byte_arrays(u8 *res, size_t res_len,
const u8 *src1, size_t src1_len,
const u8 *src2, size_t src2_len)
Index: src/external/bsd/wpa/dist/src/utils/common.h
diff -u src/external/bsd/wpa/dist/src/utils/common.h:1.2 src/external/bsd/wpa/dist/src/utils/common.h:1.3
--- src/external/bsd/wpa/dist/src/utils/common.h:1.2 Tue May 3 14:19:44 2016
+++ src/external/bsd/wpa/dist/src/utils/common.h Tue May 3 14:21:14 2016
@@ -502,6 +502,7 @@ const char * wpa_ssid_txt(const u8 *ssid
char * wpa_config_parse_string(const char *value, size_t *len);
int is_hex(const u8 *data, size_t len);
int has_ctrl_char(const u8 *data, size_t len);
+int has_newline(const char *str);
size_t merge_byte_arrays(u8 *res, size_t res_len,
const u8 *src1, size_t src1_len,
const u8 *src2, size_t src2_len);
Index: src/external/bsd/wpa/dist/wpa_supplicant/config.c
diff -u src/external/bsd/wpa/dist/wpa_supplicant/config.c:1.2 src/external/bsd/wpa/dist/wpa_supplicant/config.c:1.3
--- src/external/bsd/wpa/dist/wpa_supplicant/config.c:1.2 Tue May 3 14:20:30 2016
+++ src/external/bsd/wpa/dist/wpa_supplicant/config.c Tue May 3 14:21:14 2016
@@ -2592,8 +2592,19 @@ char * wpa_config_get(struct wpa_ssid *s
for (i = 0; i < NUM_SSID_FIELDS; i++) {
const struct parse_data *field = _fields[i];
- if (os_strcmp(var, field->name) == 0)
- return field->writer(field, ssid);
+ if (os_strcmp(var, field->name) == 0) {
+ char *ret = field->writer(field, ssid);
+
+ if (ret && has_newline(ret)) {
+wpa_printf(MSG_ERROR,
+ "Found newline in value for %s; not returning it",
+ var);
+os_free(ret);
+ret = NULL;
+ }
+
+ return ret;
+ }
}
return NULL;
CVS commit: src/external/bsd/wpa/dist/wpa_supplicant
Module Name:src
Committed By: christos
Date: Tue May 3 18:20:30 UTC 2016
Modified Files:
src/external/bsd/wpa/dist/wpa_supplicant: config.c
Log Message:
http://w1.fi/security/2016-1/0002-Reject-psk-parameter-set-with-invalid-passphrase-cha.patch
WPA/WPA2-Personal passphrase is not allowed to include control
characters. Reject a passphrase configuration attempt if that passphrase
includes an invalid passphrase.
This fixes an issue where wpa_supplicant could have updated the
configuration file psk parameter with arbitrary data from the control
interface or D-Bus interface. While those interfaces are supposed to be
accessible only for trusted users/applications, it may be possible that
an untrusted user has access to a management software component that
does not validate the passphrase value before passing it to
wpa_supplicant.
This could allow such an untrusted user to inject up to 63 characters of
almost arbitrary data into the configuration file. Such configuration
file could result in wpa_supplicant trying to load a library (e.g.,
opensc_engine_path, pkcs11_engine_path, pkcs11_module_path,
load_dynamic_eap) from user controlled location when starting again.
This would allow code from that library to be executed under the
wpa_supplicant process privileges.
To generate a diff of this commit:
cvs rdiff -u -r1.1.1.6 -r1.2 \
src/external/bsd/wpa/dist/wpa_supplicant/config.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/external/bsd/wpa/dist/wpa_supplicant/config.c
diff -u src/external/bsd/wpa/dist/wpa_supplicant/config.c:1.1.1.6 src/external/bsd/wpa/dist/wpa_supplicant/config.c:1.2
--- src/external/bsd/wpa/dist/wpa_supplicant/config.c:1.1.1.6 Wed Apr 1 15:24:40 2015
+++ src/external/bsd/wpa/dist/wpa_supplicant/config.c Tue May 3 14:20:30 2016
@@ -455,6 +455,12 @@ static int wpa_config_parse_psk(const st
}
wpa_hexdump_ascii_key(MSG_MSGDUMP, "PSK (ASCII passphrase)",
(u8 *) value, len);
+ if (has_ctrl_char((u8 *) value, len)) {
+ wpa_printf(MSG_ERROR,
+ "Line %d: Invalid passphrase character",
+ line);
+ return -1;
+ }
if (ssid->passphrase && os_strlen(ssid->passphrase) == len &&
os_memcmp(ssid->passphrase, value, len) == 0)
return 0;
CVS commit: src/external/bsd/wpa/dist/src
Module Name:src
Committed By: christos
Date: Tue May 3 18:19:44 UTC 2016
Modified Files:
src/external/bsd/wpa/dist/src/utils: common.c common.h
src/external/bsd/wpa/dist/src/wps: wps_attr_process.c
Log Message:
http://w1.fi/security/2016-1/0001-WPS-Reject-a-Credential-with-invalid-passphrase.patch
WPA/WPA2-Personal passphrase is not allowed to include control
characters. Reject a Credential received from a WPS Registrar both as
STA (Credential) and AP (AP Settings) if the credential is for WPAPSK or
WPA2PSK authentication type and includes an invalid passphrase.
This fixes an issue where hostapd or wpa_supplicant could have updated
the configuration file PSK/passphrase parameter with arbitrary data from
an external device (Registrar) that may not be fully trusted. Should
such data include a newline character, the resulting configuration file
could become invalid and fail to be parsed.
To generate a diff of this commit:
cvs rdiff -u -r1.1.1.5 -r1.2 src/external/bsd/wpa/dist/src/utils/common.c \
src/external/bsd/wpa/dist/src/utils/common.h
cvs rdiff -u -r1.1.1.5 -r1.2 \
src/external/bsd/wpa/dist/src/wps/wps_attr_process.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/external/bsd/wpa/dist/src/utils/common.c
diff -u src/external/bsd/wpa/dist/src/utils/common.c:1.1.1.5 src/external/bsd/wpa/dist/src/utils/common.c:1.2
--- src/external/bsd/wpa/dist/src/utils/common.c:1.1.1.5 Wed Apr 1 15:24:45 2015
+++ src/external/bsd/wpa/dist/src/utils/common.c Tue May 3 14:19:44 2016
@@ -671,6 +671,18 @@ int is_hex(const u8 *data, size_t len)
}
+int has_ctrl_char(const u8 *data, size_t len)
+{
+ size_t i;
+
+ for (i = 0; i < len; i++) {
+ if (data[i] < 32 || data[i] == 127)
+ return 1;
+ }
+ return 0;
+}
+
+
size_t merge_byte_arrays(u8 *res, size_t res_len,
const u8 *src1, size_t src1_len,
const u8 *src2, size_t src2_len)
Index: src/external/bsd/wpa/dist/src/utils/common.h
diff -u src/external/bsd/wpa/dist/src/utils/common.h:1.1.1.5 src/external/bsd/wpa/dist/src/utils/common.h:1.2
--- src/external/bsd/wpa/dist/src/utils/common.h:1.1.1.5 Wed Apr 1 15:24:45 2015
+++ src/external/bsd/wpa/dist/src/utils/common.h Tue May 3 14:19:44 2016
@@ -501,6 +501,7 @@ const char * wpa_ssid_txt(const u8 *ssid
char * wpa_config_parse_string(const char *value, size_t *len);
int is_hex(const u8 *data, size_t len);
+int has_ctrl_char(const u8 *data, size_t len);
size_t merge_byte_arrays(u8 *res, size_t res_len,
const u8 *src1, size_t src1_len,
const u8 *src2, size_t src2_len);
Index: src/external/bsd/wpa/dist/src/wps/wps_attr_process.c
diff -u src/external/bsd/wpa/dist/src/wps/wps_attr_process.c:1.1.1.5 src/external/bsd/wpa/dist/src/wps/wps_attr_process.c:1.2
--- src/external/bsd/wpa/dist/src/wps/wps_attr_process.c:1.1.1.5 Thu Oct 16 15:16:09 2014
+++ src/external/bsd/wpa/dist/src/wps/wps_attr_process.c Tue May 3 14:19:44 2016
@@ -229,6 +229,16 @@ static int wps_workaround_cred_key(struc
cred->key_len--;
#endif /* CONFIG_WPS_STRICT */
}
+
+
+ if (cred->auth_type & (WPS_AUTH_WPAPSK | WPS_AUTH_WPA2PSK) &&
+ (cred->key_len < 8 || has_ctrl_char(cred->key, cred->key_len))) {
+ wpa_printf(MSG_INFO, "WPS: Reject credential with invalid WPA/WPA2-Personal passphrase");
+ wpa_hexdump_ascii_key(MSG_INFO, "WPS: Network Key",
+ cred->key, cred->key_len);
+ return -1;
+ }
+
return 0;
}
CVS commit: src/external/bsd/wpa/dist/src/drivers
Module Name:src Committed By: roy Date: Mon Apr 11 08:57:19 UTC 2016 Modified Files: src/external/bsd/wpa/dist/src/drivers: driver_bsd.c Log Message: Only FreeBSD treats rssi this way, so #ifdef it and just treat rssi as a number for other OS. To generate a diff of this commit: cvs rdiff -u -r1.24 -r1.25 src/external/bsd/wpa/dist/src/drivers/driver_bsd.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/external/bsd/wpa/dist/src/drivers/driver_bsd.c diff -u src/external/bsd/wpa/dist/src/drivers/driver_bsd.c:1.24 src/external/bsd/wpa/dist/src/drivers/driver_bsd.c:1.25 --- src/external/bsd/wpa/dist/src/drivers/driver_bsd.c:1.24 Wed Mar 23 08:51:02 2016 +++ src/external/bsd/wpa/dist/src/drivers/driver_bsd.c Mon Apr 11 08:57:19 2016 @@ -1374,11 +1374,16 @@ wpa_driver_bsd_add_scan_entry(struct wpa result->caps = sr->isr_capinfo; result->qual = sr->isr_rssi; result->noise = sr->isr_noise; + +#ifdef __FreeBSD__ /* * the rssi value reported by the kernel is in 0.5dB steps relative to * the reported noise floor. see ieee80211_node.h for details. */ result->level = sr->isr_rssi / 2 + sr->isr_noise; +#else + result->level = sr->isr_rssi; +#endif pos = (u8 *)(result + 1);
CVS commit: src/external/bsd/wpa/dist/wpa_supplicant
Module Name:src
Committed By: roy
Date: Wed Mar 23 09:31:58 UTC 2016
Modified Files:
src/external/bsd/wpa/dist/wpa_supplicant: Makefile README defconfig
events.c main.c wpa_supplicant.c wpa_supplicant_i.h
Log Message:
Add interface matching support with -M, guarded by CONFIG_MATCH_IFACE
The new wpa_supplicant command line argument -M can be used to describe
matching rules with a wildcard name (e.g., "wlan*").
This is very useful for systems without uev (Linux) or devd (FreeBSD).
To generate a diff of this commit:
cvs rdiff -u -r1.1.1.6 -r1.2 \
src/external/bsd/wpa/dist/wpa_supplicant/Makefile
cvs rdiff -u -r1.1.1.5 -r1.2 src/external/bsd/wpa/dist/wpa_supplicant/README \
src/external/bsd/wpa/dist/wpa_supplicant/defconfig
cvs rdiff -u -r1.4 -r1.5 src/external/bsd/wpa/dist/wpa_supplicant/events.c
cvs rdiff -u -r1.2 -r1.3 src/external/bsd/wpa/dist/wpa_supplicant/main.c
cvs rdiff -u -r1.5 -r1.6 \
src/external/bsd/wpa/dist/wpa_supplicant/wpa_supplicant.c
cvs rdiff -u -r1.1.1.7 -r1.2 \
src/external/bsd/wpa/dist/wpa_supplicant/wpa_supplicant_i.h
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/external/bsd/wpa/dist/wpa_supplicant/Makefile
diff -u src/external/bsd/wpa/dist/wpa_supplicant/Makefile:1.1.1.6 src/external/bsd/wpa/dist/wpa_supplicant/Makefile:1.2
--- src/external/bsd/wpa/dist/wpa_supplicant/Makefile:1.1.1.6 Wed Apr 1 19:24:39 2015
+++ src/external/bsd/wpa/dist/wpa_supplicant/Makefile Wed Mar 23 09:31:58 2016
@@ -274,6 +274,10 @@ CFLAGS += -DCONFIG_IBSS_RSN
OBJS += ibss_rsn.o
endif
+ifdef CONFIG_MATCH_IFACE
+CFLAGS += -DCONFIG_MATCH_IFACE
+endif
+
ifdef CONFIG_P2P
OBJS += p2p_supplicant.o
OBJS += ../src/p2p/p2p.o
Index: src/external/bsd/wpa/dist/wpa_supplicant/README
diff -u src/external/bsd/wpa/dist/wpa_supplicant/README:1.1.1.5 src/external/bsd/wpa/dist/wpa_supplicant/README:1.2
--- src/external/bsd/wpa/dist/wpa_supplicant/README:1.1.1.5 Wed Apr 1 19:24:40 2015
+++ src/external/bsd/wpa/dist/wpa_supplicant/README Wed Mar 23 09:31:58 2016
@@ -412,7 +412,7 @@ usage:
wpa_supplicant [-BddfhKLqqtuvwW] [-P] [-g] \
[-G] \
-i -c [-C] [-D] [-p] \
-[-b [-N -i -c [-C] [-D] \
+[-b [-MN -i -c [-C] [-D] \
[-p] [-b] [-m] ...
options:
@@ -437,6 +437,7 @@ options:
-v = show version
-w = wait for interface to be added, if needed
-W = wait for a control interface monitor before starting
+ -M = start describing matching interface
-N = start describing new interface
-m = Configuration file for the P2P Device
@@ -479,6 +480,22 @@ wpa_supplicant \
-c wpa2.conf -i wlan1 -D wext
+If the interfaces on which wpa_supplicant is to run are not known or do
+not exist, wpa_supplicant can match an interface when it arrives. Each
+matched interface is separated with -M argument and the -i argument now
+allows for pattern matching.
+
+As an example, the following command would start wpa_supplicant for a
+specific wired interface called lan0, any interface starting with wlan
+and lastly any other interface. Each match has its own configuration
+file, and for the wired interface a specific driver has also been given.
+
+wpa_supplicant \
+ -M -c wpa_wired.conf -ilan0 -D wired \
+ -M -c wpa1.conf -iwlan* \
+ -M -c wpa2.conf
+
+
If the interface is added in a Linux bridge (e.g., br0), the bridge
interface needs to be configured to wpa_supplicant in addition to the
main interface:
Index: src/external/bsd/wpa/dist/wpa_supplicant/defconfig
diff -u src/external/bsd/wpa/dist/wpa_supplicant/defconfig:1.1.1.5 src/external/bsd/wpa/dist/wpa_supplicant/defconfig:1.2
--- src/external/bsd/wpa/dist/wpa_supplicant/defconfig:1.1.1.5 Wed Apr 1 19:24:38 2015
+++ src/external/bsd/wpa/dist/wpa_supplicant/defconfig Wed Mar 23 09:31:58 2016
@@ -455,6 +455,9 @@ CONFIG_PEERKEY=y
# Hotspot 2.0
#CONFIG_HS20=y
+# Enable interface matching in wpa_supplicant
+#CONFIG_MATCH_IFACE=y
+
# Disable roaming in wpa_supplicant
#CONFIG_NO_ROAMING=y
Index: src/external/bsd/wpa/dist/wpa_supplicant/events.c
diff -u src/external/bsd/wpa/dist/wpa_supplicant/events.c:1.4 src/external/bsd/wpa/dist/wpa_supplicant/events.c:1.5
--- src/external/bsd/wpa/dist/wpa_supplicant/events.c:1.4 Wed Mar 23 08:48:43 2016
+++ src/external/bsd/wpa/dist/wpa_supplicant/events.c Wed Mar 23 09:31:58 2016
@@ -2451,6 +2451,14 @@ wpa_supplicant_event_interface_status(st
wpa_supplicant_set_state(wpa_s, WPA_INTERFACE_DISABLED);
l2_packet_deinit(wpa_s->l2);
wpa_s->l2 = NULL;
+
+#ifdef CONFIG_MATCH_IFACE
+ if (wpa_s->matched) {
+ wpa_supplicant_remove_iface(wpa_s->global, wpa_s, 0);
+ break;
+ }
+#endif /* CONFIG_MATCH_IFACE */
+
#ifdef CONFIG_TERMINATE_ONLASTIF
/* check if last interface */
if (!any_interfaces(wpa_s->global->ifaces))
@@ -3684,6 +3692,20 @@ void wpa_supplicant_event_global(void *c
return;
}
}
+#ifdef CONFIG_MATCH_IFACE
+ else
CVS commit: src/external/bsd/wpa/dist/src/drivers
Module Name:src
Committed By: roy
Date: Wed Mar 23 08:51:02 UTC 2016
Modified Files:
src/external/bsd/wpa/dist/src/drivers: driver_bsd.c
Log Message:
Only down the interface once we are sure we can work with it.
To generate a diff of this commit:
cvs rdiff -u -r1.23 -r1.24 src/external/bsd/wpa/dist/src/drivers/driver_bsd.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/external/bsd/wpa/dist/src/drivers/driver_bsd.c
diff -u src/external/bsd/wpa/dist/src/drivers/driver_bsd.c:1.23 src/external/bsd/wpa/dist/src/drivers/driver_bsd.c:1.24
--- src/external/bsd/wpa/dist/src/drivers/driver_bsd.c:1.23 Wed Mar 23 08:48:43 2016
+++ src/external/bsd/wpa/dist/src/drivers/driver_bsd.c Wed Mar 23 08:51:02 2016
@@ -1578,11 +1578,7 @@ wpa_driver_bsd_init(void *ctx, const cha
drv->ctx = ctx;
drv->global = priv;
-
os_strlcpy(drv->ifname, ifname, sizeof(drv->ifname));
- /* Down interface during setup. */
- if (bsd_ctrl_iface(drv, 0) < 0)
- goto fail;
if (!GETPARAM(drv, IEEE80211_IOC_ROAMING, drv->prev_roaming)) {
wpa_printf(MSG_DEBUG, "%s: failed to get roaming state: %s",
@@ -1603,6 +1599,10 @@ wpa_driver_bsd_init(void *ctx, const cha
if (wpa_driver_bsd_capa(drv))
goto fail;
+ /* Down interface during setup. */
+ if (bsd_ctrl_iface(drv, 0) < 0)
+ goto fail;
+
drv->opmode = get80211opmode(drv);
dl_list_add(>global->ifaces, >list);
CVS commit: src/external/bsd/wpa/dist
Module Name:src
Committed By: roy
Date: Wed Mar 23 08:48:43 UTC 2016
Modified Files:
src/external/bsd/wpa/dist/hostapd: main.c
src/external/bsd/wpa/dist/src/ap: drv_callbacks.c hostapd.c hostapd.h
src/external/bsd/wpa/dist/src/drivers: driver.h driver_bsd.c
src/external/bsd/wpa/dist/wpa_supplicant: events.c wpa_priv.c
wpa_supplicant.c
Log Message:
Interface additions/removals are not guaranteed to be for the driver
listening to kernel events. As such, send the events to
wpa_supplicant_event_global() which can then pick the correct interface
registered with wpa_supplicant to send the event to.
To generate a diff of this commit:
cvs rdiff -u -r1.2 -r1.3 src/external/bsd/wpa/dist/hostapd/main.c
cvs rdiff -u -r1.1.1.6 -r1.2 src/external/bsd/wpa/dist/src/ap/drv_callbacks.c \
src/external/bsd/wpa/dist/src/ap/hostapd.c \
src/external/bsd/wpa/dist/src/ap/hostapd.h
cvs rdiff -u -r1.1.1.5 -r1.2 src/external/bsd/wpa/dist/src/drivers/driver.h
cvs rdiff -u -r1.22 -r1.23 src/external/bsd/wpa/dist/src/drivers/driver_bsd.c
cvs rdiff -u -r1.3 -r1.4 src/external/bsd/wpa/dist/wpa_supplicant/events.c
cvs rdiff -u -r1.1.1.5 -r1.2 \
src/external/bsd/wpa/dist/wpa_supplicant/wpa_priv.c
cvs rdiff -u -r1.4 -r1.5 \
src/external/bsd/wpa/dist/wpa_supplicant/wpa_supplicant.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/external/bsd/wpa/dist/hostapd/main.c
diff -u src/external/bsd/wpa/dist/hostapd/main.c:1.2 src/external/bsd/wpa/dist/hostapd/main.c:1.3
--- src/external/bsd/wpa/dist/hostapd/main.c:1.2 Wed Jan 20 17:03:35 2016
+++ src/external/bsd/wpa/dist/hostapd/main.c Wed Mar 23 08:48:43 2016
@@ -170,7 +170,8 @@ static int hostapd_driver_init(struct ho
if (global.drv_priv[i] == NULL &&
wpa_drivers[i]->global_init) {
- global.drv_priv[i] = wpa_drivers[i]->global_init();
+ global.drv_priv[i] =
+wpa_drivers[i]->global_init(iface->interfaces);
if (global.drv_priv[i] == NULL) {
wpa_printf(MSG_ERROR, "Failed to initialize "
"driver '%s'",
Index: src/external/bsd/wpa/dist/src/ap/drv_callbacks.c
diff -u src/external/bsd/wpa/dist/src/ap/drv_callbacks.c:1.1.1.6 src/external/bsd/wpa/dist/src/ap/drv_callbacks.c:1.2
--- src/external/bsd/wpa/dist/src/ap/drv_callbacks.c:1.1.1.6 Wed Apr 1 19:24:43 2015
+++ src/external/bsd/wpa/dist/src/ap/drv_callbacks.c Wed Mar 23 08:48:43 2016
@@ -1259,4 +1259,31 @@ void wpa_supplicant_event(void *ctx, enu
}
}
+
+void wpa_supplicant_event_global(void *ctx, enum wpa_event_type event,
+ union wpa_event_data *data)
+{
+ struct hapd_interfaces *interfaces = ctx;
+ struct hostapd_data *hapd;
+
+ if (event != EVENT_INTERFACE_STATUS)
+ return;
+
+ hapd = hostapd_get_iface(interfaces, data->interface_status.ifname);
+ if (hapd && hapd->driver && hapd->driver->get_ifindex &&
+ hapd->drv_priv) {
+ unsigned int ifindex;
+
+ ifindex = hapd->driver->get_ifindex(hapd->drv_priv);
+ if (ifindex != data->interface_status.ifindex) {
+ wpa_dbg(hapd->msg_ctx, MSG_DEBUG,
+"interface status ifindex %d mismatch (%d)",
+ifindex, data->interface_status.ifindex);
+ return;
+ }
+ }
+ if (hapd)
+ wpa_supplicant_event(hapd, event, data);
+}
+
#endif /* HOSTAPD */
Index: src/external/bsd/wpa/dist/src/ap/hostapd.c
diff -u src/external/bsd/wpa/dist/src/ap/hostapd.c:1.1.1.6 src/external/bsd/wpa/dist/src/ap/hostapd.c:1.2
--- src/external/bsd/wpa/dist/src/ap/hostapd.c:1.1.1.6 Wed Apr 1 19:24:44 2015
+++ src/external/bsd/wpa/dist/src/ap/hostapd.c Wed Mar 23 08:48:43 2016
@@ -2723,3 +2723,23 @@ hostapd_switch_channel_fallback(struct h
}
#endif /* NEED_AP_MLME */
+
+
+struct hostapd_data * hostapd_get_iface(struct hapd_interfaces *interfaces,
+ const char *ifname)
+{
+ size_t i, j;
+
+ for (i = 0; i < interfaces->count; i++) {
+ struct hostapd_iface *iface = interfaces->iface[i];
+
+ for (j = 0; j < iface->num_bss; j++) {
+ struct hostapd_data *hapd = iface->bss[j];
+
+ if (os_strcmp(ifname, hapd->conf->iface) == 0)
+return hapd;
+ }
+ }
+
+ return NULL;
+}
Index: src/external/bsd/wpa/dist/src/ap/hostapd.h
diff -u src/external/bsd/wpa/dist/src/ap/hostapd.h:1.1.1.6 src/external/bsd/wpa/dist/src/ap/hostapd.h:1.2
--- src/external/bsd/wpa/dist/src/ap/hostapd.h:1.1.1.6 Wed Apr 1 19:24:43 2015
+++ src/external/bsd/wpa/dist/src/ap/hostapd.h Wed Mar 23 08:48:43 2016
@@ -464,4 +464,7 @@ const struct hostapd_eap_user *
hostapd_get_eap_user(struct hostapd_data *hapd, const u8 *identity,
size_t identity_len, int phase2);
+struct hostapd_data * hostapd_get_iface(struct hapd_interfaces *interfaces,
+ const char *ifname);
+
#endif /* HOSTAPD_H */
Index: src/external/bsd/wpa/dist/src/drivers/driver.h
diff -u src/external/bsd/wpa/dist/src/drivers/driver.h:1.1.1.5 src/external/bsd/wpa/dist/src/drivers/driver.h:1.2
--- src/external/bsd/wpa/dist/src/drivers/driver.h:1.1.1.5 Wed Apr 1
CVS commit: src/external/bsd/wpa/dist/src/drivers
Module Name:src
Committed By: roy
Date: Fri Feb 5 15:05:29 UTC 2016
Modified Files:
src/external/bsd/wpa/dist/src/drivers: driver_bsd.c
Log Message:
Fix is defined in wpa_common.h which the driver already pulls in.
To generate a diff of this commit:
cvs rdiff -u -r1.21 -r1.22 src/external/bsd/wpa/dist/src/drivers/driver_bsd.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/external/bsd/wpa/dist/src/drivers/driver_bsd.c
diff -u src/external/bsd/wpa/dist/src/drivers/driver_bsd.c:1.21 src/external/bsd/wpa/dist/src/drivers/driver_bsd.c:1.22
--- src/external/bsd/wpa/dist/src/drivers/driver_bsd.c:1.21 Wed Jan 20 14:43:40 2016
+++ src/external/bsd/wpa/dist/src/drivers/driver_bsd.c Fri Feb 5 15:05:29 2016
@@ -690,9 +690,6 @@ bsd_get_seqnum(const char *ifname, void
}
#ifdef WORDS_BIGENDIAN
-#ifndef WPA_KEY_RSC_LEN
-#define WPA_KEY_RSC_LEN 8
-#endif
{
/*
* wk.ik_keytsc is in host byte order (big endian), need to
CVS commit: src/external/bsd/wpa/dist/src/utils
Module Name:src
Committed By: christos
Date: Sun Jan 24 19:15:57 UTC 2016
Modified Files:
src/external/bsd/wpa/dist/src/utils: eloop.c
Log Message:
use 0 for udata for portability (FreeBSD has a pointer, we have uintptr_t)
To generate a diff of this commit:
cvs rdiff -u -r1.11 -r1.12 src/external/bsd/wpa/dist/src/utils/eloop.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/external/bsd/wpa/dist/src/utils/eloop.c
diff -u src/external/bsd/wpa/dist/src/utils/eloop.c:1.11 src/external/bsd/wpa/dist/src/utils/eloop.c:1.12
--- src/external/bsd/wpa/dist/src/utils/eloop.c:1.11 Fri Jan 22 15:21:04 2016
+++ src/external/bsd/wpa/dist/src/utils/eloop.c Sun Jan 24 14:15:56 2016
@@ -237,7 +237,7 @@ static int eloop_sock_queue(int sock, el
default:
filter = 0;
}
- EV_SET(, sock, filter, EV_ADD, 0, 0, NULL);
+ EV_SET(, sock, filter, EV_ADD, 0, 0, 0);
if (kevent(eloop.kqueuefd, , 1, NULL, 0, NULL) == -1) {
wpa_printf(MSG_ERROR, "%s: kevent(ADD) for fd=%d "
"failed. %s\n", __func__, sock, strerror(errno));
@@ -407,7 +407,7 @@ static void eloop_sock_table_remove_sock
os_memset(_table[sock], 0, sizeof(struct eloop_sock));
#endif /* CONFIG_ELOOP_EPOLL */
#ifdef CONFIG_ELOOP_KQUEUE
- EV_SET(, sock, 0, EV_DELETE, 0, 0, NULL);
+ EV_SET(, sock, 0, EV_DELETE, 0, 0, 0);
if (kevent(eloop.kqueuefd, , 1, NULL, 0, NULL) == -1) {
wpa_printf(MSG_ERROR, "%s: kevent(DEL) for fd=%d "
"failed. %s\n", __func__, sock, strerror(errno));
@@ -1328,7 +1328,7 @@ void eloop_wait_for_read_sock(int sock)
kfd = kqueue();
if (kfd == -1)
return;
- EV_SET(, sock, EVFILT_READ, EV_ADD | EV_ONESHOT, 0, 0, NULL);
+ EV_SET(, sock, EVFILT_READ, EV_ADD | EV_ONESHOT, 0, 0, 0);
kevent(kfd, , 1, , 1, NULL);
close(kfd);
#endif /* CONFIG_ELOOP_KQUEUE */
CVS commit: src/external/bsd/wpa/dist/src/utils
Module Name:src
Committed By: roy
Date: Fri Jan 22 18:01:05 UTC 2016
Modified Files:
src/external/bsd/wpa/dist/src/utils: eloop.c
Log Message:
Size the kevent receive buffer correctly.
To generate a diff of this commit:
cvs rdiff -u -r1.9 -r1.10 src/external/bsd/wpa/dist/src/utils/eloop.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/external/bsd/wpa/dist/src/utils/eloop.c
diff -u src/external/bsd/wpa/dist/src/utils/eloop.c:1.9 src/external/bsd/wpa/dist/src/utils/eloop.c:1.10
--- src/external/bsd/wpa/dist/src/utils/eloop.c:1.9 Wed Jan 20 17:03:35 2016
+++ src/external/bsd/wpa/dist/src/utils/eloop.c Fri Jan 22 18:01:05 2016
@@ -254,6 +254,9 @@ static int eloop_sock_table_add_sock(str
#ifdef CONFIG_ELOOP_EPOLL
struct epoll_event *temp_events;
#endif /* CONFIG_ELOOP_EPOLL */
+#ifdef CONFIG_ELOOP_KQUEUE
+ struct kevent *temp_events;
+#endif /* CONFIG_ELOOP_EPOLL */
#if defined(CONFIG_ELOOP_EPOLL) || defined(CONFIG_ELOOP_KQUEUE)
struct eloop_sock *temp_table;
int next;
@@ -325,15 +328,15 @@ static int eloop_sock_table_add_sock(str
#ifdef CONFIG_ELOOP_KQUEUE
if (eloop.count + 1 > eloop.kqueue_nevents) {
next = eloop.kqueue_nevents == 0 ? 8 : eloop.kqueue_nevents * 2;
- os_free(eloop.kqueue_events);
- eloop.kqueue_events = os_malloc(next *
- sizeof(eloop.kqueue_events));
- if (eloop.kqueue_events == NULL) {
+ temp_events = os_malloc(next * sizeof(*temp_events));
+ if (temp_events == NULL) {
wpa_printf(MSG_ERROR, "%s: malloc for kqueue failed. "
"%s\n", __func__, strerror(errno));
return -1;
}
+ os_free(eloop.kqueue_events);
+ eloop.kqueue_events = temp_events;
eloop.kqueue_nevents = next;
}
#endif /* CONFIG_ELOOP_KQUEUE */
CVS commit: src/external/bsd/wpa/dist/src/utils
Module Name:src
Committed By: roy
Date: Wed Jan 20 15:07:52 UTC 2016
Modified Files:
src/external/bsd/wpa/dist/src/utils: eloop.c
Log Message:
Add kqueue(2) support.
To generate a diff of this commit:
cvs rdiff -u -r1.6 -r1.7 src/external/bsd/wpa/dist/src/utils/eloop.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/external/bsd/wpa/dist/src/utils/eloop.c
diff -u src/external/bsd/wpa/dist/src/utils/eloop.c:1.6 src/external/bsd/wpa/dist/src/utils/eloop.c:1.7
--- src/external/bsd/wpa/dist/src/utils/eloop.c:1.6 Wed Apr 1 19:45:15 2015
+++ src/external/bsd/wpa/dist/src/utils/eloop.c Wed Jan 20 15:07:52 2016
@@ -18,7 +18,12 @@
#error Do not define both of poll and epoll
#endif
-#if !defined(CONFIG_ELOOP_POLL) && !defined(CONFIG_ELOOP_EPOLL)
+#if defined(CONFIG_ELOOP_POLL) && defined(CONFIG_ELOOP_KQUEUE)
+#error Do not define both of poll and kqueue
+#endif
+
+#if !defined(CONFIG_ELOOP_POLL) && !defined(CONFIG_ELOOP_EPOLL) && \
+!defined(CONFIG_ELOOP_KQUEUE)
#define CONFIG_ELOOP_SELECT
#endif
@@ -30,6 +35,10 @@
#include
#endif /* CONFIG_ELOOP_EPOLL */
+#ifdef CONFIG_ELOOP_KQUEUE
+#include
+#endif /* CONFIG_ELOOP_KQUEUE */
+
struct eloop_sock {
int sock;
void *eloop_data;
@@ -61,7 +70,7 @@ struct eloop_signal {
struct eloop_sock_table {
int count;
struct eloop_sock *table;
-#ifdef CONFIG_ELOOP_EPOLL
+#if defined(CONFIG_ELOOP_EPOLL) || defined(CONFIG_ELOOP_KQUEUE)
eloop_event_type type;
#else /* CONFIG_ELOOP_EPOLL */
int changed;
@@ -78,13 +87,20 @@ struct eloop_data {
struct pollfd *pollfds;
struct pollfd **pollfds_map;
#endif /* CONFIG_ELOOP_POLL */
+#if defined(CONFIG_ELOOP_EPOLL) || defined(CONFIG_ELOOP_KQUEUE)
+ int max_fd;
+ struct eloop_sock *fd_table;
+#endif
#ifdef CONFIG_ELOOP_EPOLL
int epollfd;
int epoll_max_event_num;
- int epoll_max_fd;
- struct eloop_sock *epoll_table;
struct epoll_event *epoll_events;
#endif /* CONFIG_ELOOP_EPOLL */
+#ifdef CONFIG_ELOOP_KQUEUE
+ int kqueuefd;
+ int kqueue_nevents;
+ struct kevent *kqueue_events;
+#endif /* CONFIG_ELOOP_KQUEUE */
struct eloop_sock_table readers;
struct eloop_sock_table writers;
struct eloop_sock_table exceptions;
@@ -160,6 +176,14 @@ int eloop_init(void)
eloop.writers.type = EVENT_TYPE_WRITE;
eloop.exceptions.type = EVENT_TYPE_EXCEPTION;
#endif /* CONFIG_ELOOP_EPOLL */
+#ifdef CONFIG_ELOOP_KQUEUE
+ eloop.kqueuefd = kqueue();
+ if (eloop.kqueuefd < 0) {
+ wpa_printf(MSG_ERROR, "%s: kqueue failed. %s\n",
+ __func__, strerror(errno));
+ return -1;
+ }
+#endif /* CONFIG_ELOOP_KQUEUE */
#ifdef WPA_TRACE
signal(SIGSEGV, eloop_sigsegv_handler);
#endif /* WPA_TRACE */
@@ -176,6 +200,11 @@ static int eloop_sock_table_add_sock(str
struct epoll_event ev, *temp_events;
int next;
#endif /* CONFIG_ELOOP_EPOLL */
+#ifdef CONFIG_ELOOP_KQUEUE
+ struct eloop_sock *temp_table;
+ int next, filter;
+ struct kevent ke;
+#endif
struct eloop_sock *tmp;
int new_max_sock;
@@ -211,18 +240,20 @@ static int eloop_sock_table_add_sock(str
eloop.pollfds = n;
}
#endif /* CONFIG_ELOOP_POLL */
-#ifdef CONFIG_ELOOP_EPOLL
- if (new_max_sock >= eloop.epoll_max_fd) {
- next = eloop.epoll_max_fd == 0 ? 16 : eloop.epoll_max_fd * 2;
- temp_table = os_realloc_array(eloop.epoll_table, next,
+#if defined(CONFIG_ELOOP_EPOLL) || defined(CONFIG_ELOOP_KQUEUE)
+ if (new_max_sock >= eloop.max_fd) {
+ next = eloop.max_fd == 0 ? 16 : eloop.max_fd * 2;
+ temp_table = os_realloc_array(eloop.fd_table, next,
sizeof(struct eloop_sock));
if (temp_table == NULL)
return -1;
- eloop.epoll_max_fd = next;
- eloop.epoll_table = temp_table;
+ eloop.max_fd = next;
+ eloop.fd_table = temp_table;
}
+#endif
+#ifdef CONFIG_ELOOP_EPOLL
if (eloop.count + 1 > eloop.epoll_max_event_num) {
next = eloop.epoll_max_event_num == 0 ? 8 :
eloop.epoll_max_event_num * 2;
@@ -238,6 +269,21 @@ static int eloop_sock_table_add_sock(str
eloop.epoll_events = temp_events;
}
#endif /* CONFIG_ELOOP_EPOLL */
+#ifdef CONFIG_ELOOP_KQUEUE
+ if (eloop.count + 1 > eloop.kqueue_nevents) {
+ next = eloop.kqueue_nevents == 0 ? 8 : eloop.kqueue_nevents * 2;
+ os_free(eloop.kqueue_events);
+ eloop.kqueue_events = os_malloc(next *
+ sizeof(eloop.kqueue_events));
+ if (eloop.kqueue_events == NULL) {
+ wpa_printf(MSG_ERROR, "%s: malloc for kqueue failed. "
+ "%s\n", __func__, strerror(errno));
+ return -1;
+ }
+
+ eloop.kqueue_nevents = next;
+ }
+#endif /* CONFIG_ELOOP_KQUEUE */
eloop_trace_sock_remove_ref(table);
tmp = os_realloc_array(table->table, table->count + 1,
@@ -256,7 +302,7 @@ static int eloop_sock_table_add_sock(str
table->table = tmp;
eloop.max_sock = new_max_sock;
eloop.count++;
-#ifndef CONFIG_ELOOP_EPOLL
+#if !defined(CONFIG_ELOOP_EPOLL) && !defined(CONFIG_ELOOP_KQUEUE)
table->changed = 1;
#endif /* CONFIG_ELOOP_EPOLL */
CVS commit: src/external/bsd/wpa/dist/src/utils
Module Name:src
Committed By: roy
Date: Wed Jan 20 15:26:14 UTC 2016
Modified Files:
src/external/bsd/wpa/dist/src/utils: eloop.c
Log Message:
Sync upstream changes for eloop
To generate a diff of this commit:
cvs rdiff -u -r1.7 -r1.8 src/external/bsd/wpa/dist/src/utils/eloop.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/external/bsd/wpa/dist/src/utils/eloop.c
diff -u src/external/bsd/wpa/dist/src/utils/eloop.c:1.7 src/external/bsd/wpa/dist/src/utils/eloop.c:1.8
--- src/external/bsd/wpa/dist/src/utils/eloop.c:1.7 Wed Jan 20 15:07:52 2016
+++ src/external/bsd/wpa/dist/src/utils/eloop.c Wed Jan 20 15:26:13 2016
@@ -44,8 +44,8 @@ struct eloop_sock {
void *eloop_data;
void *user_data;
eloop_sock_handler handler;
- WPA_TRACE_REF(eloop)
- WPA_TRACE_REF(user)
+ WPA_TRACE_REF(eloop);
+ WPA_TRACE_REF(user);
WPA_TRACE_INFO
};
@@ -55,8 +55,8 @@ struct eloop_timeout {
void *eloop_data;
void *user_data;
eloop_timeout_handler handler;
- WPA_TRACE_REF(eloop)
- WPA_TRACE_REF(user)
+ WPA_TRACE_REF(eloop);
+ WPA_TRACE_REF(user);
WPA_TRACE_INFO
};
@@ -70,11 +70,8 @@ struct eloop_signal {
struct eloop_sock_table {
int count;
struct eloop_sock *table;
-#if defined(CONFIG_ELOOP_EPOLL) || defined(CONFIG_ELOOP_KQUEUE)
eloop_event_type type;
-#else /* CONFIG_ELOOP_EPOLL */
int changed;
-#endif /* CONFIG_ELOOP_EPOLL */
};
struct eloop_data {
@@ -302,9 +299,7 @@ static int eloop_sock_table_add_sock(str
table->table = tmp;
eloop.max_sock = new_max_sock;
eloop.count++;
-#if !defined(CONFIG_ELOOP_EPOLL) && !defined(CONFIG_ELOOP_KQUEUE)
table->changed = 1;
-#endif /* CONFIG_ELOOP_EPOLL */
eloop_trace_sock_add_ref(table);
#ifdef CONFIG_ELOOP_EPOLL
@@ -383,9 +378,7 @@ static void eloop_sock_table_remove_sock
}
table->count--;
eloop.count--;
-#if !defined(CONFIG_ELOOP_EPOLL) && !defined(CONFIG_ELOOP_KQUEUE)
table->changed = 1;
-#endif /* CONFIG_ELOOP_EPOLL */
eloop_trace_sock_add_ref(table);
#ifdef CONFIG_ELOOP_EPOLL
if (epoll_ctl(eloop.epollfd, EPOLL_CTL_DEL, sock, NULL) < 0) {
@@ -601,6 +594,10 @@ static void eloop_sock_table_dispatch(st
continue;
table->handler(table->sock, table->eloop_data,
table->user_data);
+ if (eloop.readers.changed ||
+ eloop.writers.changed ||
+ eloop.exceptions.changed)
+ break;
}
}
#endif /* CONFIG_ELOOP_EPOLL */
@@ -618,6 +615,10 @@ static void eloop_sock_table_dispatch(st
continue;
table->handler(table->sock, table->eloop_data,
table->user_data);
+ if (eloop.readers.changed ||
+ eloop.writers.changed ||
+ eloop.exceptions.changed)
+ break;
}
}
#endif /* CONFIG_ELOOP_KQUEUE */
@@ -1020,6 +1021,20 @@ void eloop_run(void)
(!dl_list_empty() || eloop.readers.count > 0 ||
eloop.writers.count > 0 || eloop.exceptions.count > 0)) {
struct eloop_timeout *timeout;
+
+ if (eloop.pending_terminate) {
+ /*
+ * This may happen in some corner cases where a signal
+ * is received during a blocking operation. We need to
+ * process the pending signals and exit if requested to
+ * avoid hitting the SIGALRM limit if the blocking
+ * operation took more than two seconds.
+ */
+ eloop_process_pending_signals();
+ if (eloop.terminate)
+break;
+ }
+
timeout = dl_list_first(, struct eloop_timeout,
list);
if (timeout) {
@@ -1091,8 +1106,14 @@ void eloop_run(void)
, strerror(errno));
goto out;
}
+
+ eloop.readers.changed = 0;
+ eloop.writers.changed = 0;
+ eloop.exceptions.changed = 0;
+
eloop_process_pending_signals();
+
/* check if some registered timeouts have occurred */
timeout = dl_list_first(, struct eloop_timeout,
list);
@@ -1112,6 +1133,19 @@ void eloop_run(void)
if (res <= 0)
continue;
+ if (eloop.readers.changed ||
+ eloop.writers.changed ||
+ eloop.exceptions.changed) {
+ /*
+ * Sockets may have been closed and reopened with the
+ * same FD in the signal or timeout handlers, so we
+ * must skip the previous results and check again
+ * whether any of the currently registered sockets have
+ * events.
+ */
+ continue;
+ }
+
#ifdef CONFIG_ELOOP_POLL
eloop_sock_table_dispatch(, ,
, eloop.pollfds_map,
@@ -1196,7 +1230,7 @@ void eloop_destroy(void)
int eloop_terminated(void)
{
- return eloop.terminate;
+ return eloop.terminate || eloop.pending_terminate;
}
CVS commit: src/external/bsd/wpa/dist
Module Name:src
Committed By: roy
Date: Wed Jan 20 17:03:35 UTC 2016
Modified Files:
src/external/bsd/wpa/dist/hostapd: hostapd_cli.c main.c
src/external/bsd/wpa/dist/src/utils: eloop.c eloop.h
src/external/bsd/wpa/dist/wpa_supplicant: wpa_cli.c wpa_supplicant.c
Log Message:
Re-queue kqueue events after forking.
To generate a diff of this commit:
cvs rdiff -u -r1.7 -r1.8 src/external/bsd/wpa/dist/hostapd/hostapd_cli.c
cvs rdiff -u -r1.1.1.5 -r1.2 src/external/bsd/wpa/dist/hostapd/main.c
cvs rdiff -u -r1.8 -r1.9 src/external/bsd/wpa/dist/src/utils/eloop.c
cvs rdiff -u -r1.1.1.4 -r1.2 src/external/bsd/wpa/dist/src/utils/eloop.h
cvs rdiff -u -r1.7 -r1.8 src/external/bsd/wpa/dist/wpa_supplicant/wpa_cli.c
cvs rdiff -u -r1.3 -r1.4 \
src/external/bsd/wpa/dist/wpa_supplicant/wpa_supplicant.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/external/bsd/wpa/dist/hostapd/hostapd_cli.c
diff -u src/external/bsd/wpa/dist/hostapd/hostapd_cli.c:1.7 src/external/bsd/wpa/dist/hostapd/hostapd_cli.c:1.8
--- src/external/bsd/wpa/dist/hostapd/hostapd_cli.c:1.7 Wed Apr 1 19:45:14 2015
+++ src/external/bsd/wpa/dist/hostapd/hostapd_cli.c Wed Jan 20 17:03:35 2016
@@ -1375,7 +1375,7 @@ int main(int argc, char *argv[])
}
}
- if (daemonize && os_daemonize(pid_file))
+ if (daemonize && os_daemonize(pid_file) && eloop_sock_requeue())
return -1;
if (interactive)
Index: src/external/bsd/wpa/dist/hostapd/main.c
diff -u src/external/bsd/wpa/dist/hostapd/main.c:1.1.1.5 src/external/bsd/wpa/dist/hostapd/main.c:1.2
--- src/external/bsd/wpa/dist/hostapd/main.c:1.1.1.5 Wed Apr 1 19:24:48 2015
+++ src/external/bsd/wpa/dist/hostapd/main.c Wed Jan 20 17:03:35 2016
@@ -407,9 +407,16 @@ static int hostapd_global_run(struct hap
}
#endif /* EAP_SERVER_TNC */
- if (daemonize && os_daemonize(pid_file)) {
- wpa_printf(MSG_ERROR, "daemon: %s", strerror(errno));
- return -1;
+ if (daemonize) {
+ if (os_daemonize(pid_file)) {
+ wpa_printf(MSG_ERROR, "daemon: %s", strerror(errno));
+ return -1;
+ }
+ if (eloop_sock_requeue()) {
+ wpa_printf(MSG_ERROR, "eloop_sock_requeue: %s",
+ strerror(errno));
+ return -1;
+ }
}
eloop_run();
Index: src/external/bsd/wpa/dist/src/utils/eloop.c
diff -u src/external/bsd/wpa/dist/src/utils/eloop.c:1.8 src/external/bsd/wpa/dist/src/utils/eloop.c:1.9
--- src/external/bsd/wpa/dist/src/utils/eloop.c:1.8 Wed Jan 20 15:26:13 2016
+++ src/external/bsd/wpa/dist/src/utils/eloop.c Wed Jan 20 17:03:35 2016
@@ -169,9 +169,6 @@ int eloop_init(void)
__func__, strerror(errno));
return -1;
}
- eloop.readers.type = EVENT_TYPE_READ;
- eloop.writers.type = EVENT_TYPE_WRITE;
- eloop.exceptions.type = EVENT_TYPE_EXCEPTION;
#endif /* CONFIG_ELOOP_EPOLL */
#ifdef CONFIG_ELOOP_KQUEUE
eloop.kqueuefd = kqueue();
@@ -181,26 +178,85 @@ int eloop_init(void)
return -1;
}
#endif /* CONFIG_ELOOP_KQUEUE */
+#if defined(CONFIG_ELOOP_EPOLL) || defined(CONFIG_ELOOP_KQUEUE)
+ eloop.readers.type = EVENT_TYPE_READ;
+ eloop.writers.type = EVENT_TYPE_WRITE;
+ eloop.exceptions.type = EVENT_TYPE_EXCEPTION;
+#endif
#ifdef WPA_TRACE
signal(SIGSEGV, eloop_sigsegv_handler);
#endif /* WPA_TRACE */
return 0;
}
+#ifdef CONFIG_ELOOP_EPOLL
+static int eloop_sock_queue(int sock, eloop_event_type type)
+{
+ struct epoll_event ev;
+
+ os_memset(, 0, sizeof(ev));
+ switch (type) {
+ case EVENT_TYPE_READ:
+ ev.events = EPOLLIN;
+ break;
+ case EVENT_TYPE_WRITE:
+ ev.events = EPOLLOUT;
+ break;
+ /*
+ * Exceptions are always checked when using epoll, but I suppose it's
+ * possible that someone registered a socket *only* for exception
+ * handling.
+ */
+ case EVENT_TYPE_EXCEPTION:
+ ev.events = EPOLLERR | EPOLLHUP;
+ break;
+ }
+ ev.data.fd = sock;
+ if (epoll_ctl(eloop.epollfd, EPOLL_CTL_ADD, sock, ) < 0) {
+ wpa_printf(MSG_ERROR, "%s: epoll_ctl(ADD) for fd=%d "
+ "failed. %s\n", __func__, sock, strerror(errno));
+ return -1;
+ }
+ return 0;
+}
+#endif /* CONFIG_ELOOP_EPOLL */
+
+#ifdef CONFIG_ELOOP_KQUEUE
+static int eloop_sock_queue(int sock, eloop_event_type type)
+{
+ int filter;
+ struct kevent ke;
+
+ switch (type) {
+ case EVENT_TYPE_READ:
+ filter = EVFILT_READ;
+ break;
+ case EVENT_TYPE_WRITE:
+ filter = EVFILT_WRITE;
+ break;
+ default:
+ filter = 0;
+ }
+ EV_SET(, sock, filter, EV_ADD, 0, 0, NULL);
+ if (kevent(eloop.kqueuefd, , 1, NULL, 0, NULL) == -1) {
+ wpa_printf(MSG_ERROR, "%s: kevent(ADD) for fd=%d "
+ "failed. %s\n", __func__, sock, strerror(errno));
+ return -1;
+ }
+ return 0;
+}
+#endif /* CONFIG_ELOOP_KQUEUE */
static int eloop_sock_table_add_sock(struct eloop_sock_table *table,
int sock, eloop_sock_handler handler,
void *eloop_data, void *user_data)
{
#ifdef CONFIG_ELOOP_EPOLL
- struct eloop_sock *temp_table;
- struct epoll_event
CVS commit: src/external/bsd/wpa/dist/src/drivers
Module Name:src
Committed By: roy
Date: Wed Jan 20 14:43:40 UTC 2016
Modified Files:
src/external/bsd/wpa/dist/src/drivers: driver_bsd.c
Log Message:
If an interface is removed, zero the remembered ifindex.
Don't try to set properties on the interface when it is removed.
To generate a diff of this commit:
cvs rdiff -u -r1.20 -r1.21 src/external/bsd/wpa/dist/src/drivers/driver_bsd.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/external/bsd/wpa/dist/src/drivers/driver_bsd.c
diff -u src/external/bsd/wpa/dist/src/drivers/driver_bsd.c:1.20 src/external/bsd/wpa/dist/src/drivers/driver_bsd.c:1.21
--- src/external/bsd/wpa/dist/src/drivers/driver_bsd.c:1.20 Tue Jan 19 18:09:09 2016
+++ src/external/bsd/wpa/dist/src/drivers/driver_bsd.c Wed Jan 20 14:43:40 2016
@@ -94,6 +94,9 @@ bsd_set80211(void *priv, int op, int val
struct bsd_driver_data *drv = priv;
struct ieee80211req ireq;
+ if (drv->ifindex == 0)
+ return -1;
+
os_memset(, 0, sizeof(ireq));
os_strlcpy(ireq.i_name, drv->ifname, sizeof(ireq.i_name));
ireq.i_type = op;
@@ -884,7 +887,8 @@ bsd_deinit(void *priv)
{
struct bsd_driver_data *drv = priv;
- bsd_ctrl_iface(drv, 0);
+ if (drv->ifindex != 0)
+ bsd_ctrl_iface(drv, 0);
if (drv->sock_xmit != NULL)
l2_packet_deinit(drv->sock_xmit);
os_free(drv);
@@ -1228,6 +1232,7 @@ wpa_driver_bsd_event_receive(int sock, v
switch (ifan->ifan_what) {
case IFAN_DEPARTURE:
event.interface_status.ievent = EVENT_INTERFACE_REMOVED;
+ drv->ifindex = 0;
break;
default:
return;
@@ -1578,16 +1583,21 @@ wpa_driver_bsd_deinit(void *priv)
{
struct bsd_driver_data *drv = priv;
- wpa_driver_bsd_set_wpa(drv, 0);
+ if (drv->ifindex != 0) {
+ wpa_driver_bsd_set_wpa(drv, 0);
- /* NB: mark interface down */
- bsd_ctrl_iface(drv, 0);
+ /* NB: mark interface down */
+ bsd_ctrl_iface(drv, 0);
- wpa_driver_bsd_set_wpa_internal(drv, drv->prev_wpa, drv->prev_privacy);
+ wpa_driver_bsd_set_wpa_internal(drv, drv->prev_wpa,
+ drv->prev_privacy);
- if (set80211param(drv, IEEE80211_IOC_ROAMING, drv->prev_roaming) < 0)
- wpa_printf(MSG_DEBUG, "%s: failed to restore roaming state",
- __func__);
+ if (set80211param(drv, IEEE80211_IOC_ROAMING, drv->prev_roaming)
+ < 0)
+ wpa_printf(MSG_DEBUG,
+"%s: failed to restore roaming state",
+__func__);
+ }
if (drv->sock_xmit != NULL)
l2_packet_deinit(drv->sock_xmit);
CVS commit: src/external/bsd/wpa/dist/src/drivers
Module Name:src
Committed By: roy
Date: Tue Jan 19 18:09:09 UTC 2016
Modified Files:
src/external/bsd/wpa/dist/src/drivers: driver_bsd.c
Log Message:
wpa_supplicant dropped the -w option a long time ago, lets not pretend
it still works.
To generate a diff of this commit:
cvs rdiff -u -r1.19 -r1.20 src/external/bsd/wpa/dist/src/drivers/driver_bsd.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/external/bsd/wpa/dist/src/drivers/driver_bsd.c
diff -u src/external/bsd/wpa/dist/src/drivers/driver_bsd.c:1.19 src/external/bsd/wpa/dist/src/drivers/driver_bsd.c:1.20
--- src/external/bsd/wpa/dist/src/drivers/driver_bsd.c:1.19 Tue Jan 19 17:22:57 2016
+++ src/external/bsd/wpa/dist/src/drivers/driver_bsd.c Tue Jan 19 18:09:09 2016
@@ -1228,20 +1228,16 @@ wpa_driver_bsd_event_receive(int sock, v
switch (ifan->ifan_what) {
case IFAN_DEPARTURE:
event.interface_status.ievent = EVENT_INTERFACE_REMOVED;
- default:
-#if 1
- event.interface_status.ievent = EVENT_INTERFACE_ADDED;
break;
-#else
+ default:
return;
-#endif
}
wpa_printf(MSG_DEBUG, "RTM_IFANNOUNCE: Interface '%s' %s",
event.interface_status.ifname,
ifan->ifan_what == IFAN_DEPARTURE ?
"removed" : "added");
wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_STATUS, );
- return;
+ break;
case RTM_IEEE80211:
ifan = (struct if_announcemsghdr *) rtm;
drv = bsd_get_drvindex(global, ifan->ifan_index);
CVS commit: src/external/bsd/wpa/dist/src/drivers
Module Name:src Committed By: roy Date: Tue Jan 19 15:08:29 UTC 2016 Modified Files: src/external/bsd/wpa/dist/src/drivers: driver_bsd.c Log Message: Don't log RTM messages we aren't interested in at all. To generate a diff of this commit: cvs rdiff -u -r1.12 -r1.13 src/external/bsd/wpa/dist/src/drivers/driver_bsd.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/external/bsd/wpa/dist/src/drivers/driver_bsd.c diff -u src/external/bsd/wpa/dist/src/drivers/driver_bsd.c:1.12 src/external/bsd/wpa/dist/src/drivers/driver_bsd.c:1.13 --- src/external/bsd/wpa/dist/src/drivers/driver_bsd.c:1.12 Thu Jan 14 21:19:41 2016 +++ src/external/bsd/wpa/dist/src/drivers/driver_bsd.c Tue Jan 19 15:08:29 2016 @@ -1327,32 +1327,9 @@ wpa_driver_bsd_event_receive(int sock, v wpa_printf(MSG_DEBUG, "RTM_IFINFO: Interface '%s' " "if=%x drv=%x", event.interface_status.ifname, ifm->ifm_flags, drv->flags); - } + } drv->flags = ifm->ifm_flags; break; -#ifdef RTM_OIFINFO - case RTM_OIFINFO: - wpa_printf(MSG_DEBUG, "RTM_OIFINFO ignored"); - break; -#endif -#ifdef RTM_OOIFINFO - case RTM_OOIFINFO: - wpa_printf(MSG_DEBUG, "RTM_OOIFINFO ignored"); - break; -#endif -#ifdef RTM_LOSING - case RTM_LOSING: - wpa_printf(MSG_DEBUG, "RTM_LOSING ignored"); - break; -#endif -#ifdef RTM_MISS - case RTM_MISS: - wpa_printf(MSG_DEBUG, "RTM_MISS ignored"); - break; -#endif - default: - wpa_printf(MSG_DEBUG, "RTM_???: %d", rtm->rtm_type); - break; } }
CVS commit: src/external/bsd/wpa/dist/src/drivers
Module Name:src Committed By: roy Date: Tue Jan 19 15:18:20 UTC 2016 Modified Files: src/external/bsd/wpa/dist/src/drivers: driver_bsd.c Log Message: Remove added debug to sync more with upstream. To generate a diff of this commit: cvs rdiff -u -r1.13 -r1.14 src/external/bsd/wpa/dist/src/drivers/driver_bsd.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/external/bsd/wpa/dist/src/drivers/driver_bsd.c diff -u src/external/bsd/wpa/dist/src/drivers/driver_bsd.c:1.13 src/external/bsd/wpa/dist/src/drivers/driver_bsd.c:1.14 --- src/external/bsd/wpa/dist/src/drivers/driver_bsd.c:1.13 Tue Jan 19 15:08:29 2016 +++ src/external/bsd/wpa/dist/src/drivers/driver_bsd.c Tue Jan 19 15:18:20 2016 @@ -1237,10 +1237,10 @@ wpa_driver_bsd_event_receive(int sock, v return; #endif } - wpa_printf(MSG_DEBUG, "RTM_IFANNOUNCE: Interface '%s' %s (%d)", + wpa_printf(MSG_DEBUG, "RTM_IFANNOUNCE: Interface '%s' %s", event.interface_status.ifname, ifan->ifan_what == IFAN_DEPARTURE ? -"removed" : "added", ifan->ifan_what); +"removed" : "added"); wpa_supplicant_event(ctx, EVENT_INTERFACE_STATUS, ); return; case RTM_IEEE80211: @@ -1250,22 +1250,16 @@ wpa_driver_bsd_event_receive(int sock, v case RTM_IEEE80211_REASSOC: if (drv->is_ap) break; - wpa_printf(MSG_DEBUG, "RTM_IEEE80211: (re)assoc (%d)", - ifan->ifan_what); wpa_supplicant_event(ctx, EVENT_ASSOC, NULL); break; case RTM_IEEE80211_DISASSOC: if (drv->is_ap) break; - wpa_printf(MSG_DEBUG, "RTM_IEEE80211: disassoc (%d)", - ifan->ifan_what); wpa_supplicant_event(ctx, EVENT_DISASSOC, NULL); break; case RTM_IEEE80211_SCAN: if (drv->is_ap) break; - wpa_printf(MSG_DEBUG, "RTM_IEEE80211: scan result (%d)", - ifan->ifan_what); wpa_supplicant_event(ctx, EVENT_SCAN_RESULTS, NULL); break; case RTM_IEEE80211_LEAVE: @@ -1280,8 +1274,6 @@ wpa_driver_bsd_event_receive(int sock, v bsd_new_sta(drv, ctx, join->iev_addr); break; case RTM_IEEE80211_REPLAY: - wpa_printf(MSG_DEBUG, "RTM_IEEE80211: replay (%d)", - ifan->ifan_what); /* ignore */ break; case RTM_IEEE80211_MICHAEL: @@ -1297,10 +1289,6 @@ wpa_driver_bsd_event_receive(int sock, v wpa_supplicant_event(ctx, EVENT_MICHAEL_MIC_FAILURE, ); break; - default: - wpa_printf(MSG_DEBUG, "RTM_IEEE80211: ??? (%d)", - ifan->ifan_what); - break; } break; case RTM_IFINFO:
CVS commit: src/external/bsd/wpa/dist/src/drivers
Module Name:src
Committed By: roy
Date: Tue Jan 19 15:27:57 UTC 2016
Modified Files:
src/external/bsd/wpa/dist/src/drivers: driver_bsd.c
Log Message:
Remove pointless check
To generate a diff of this commit:
cvs rdiff -u -r1.14 -r1.15 src/external/bsd/wpa/dist/src/drivers/driver_bsd.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/external/bsd/wpa/dist/src/drivers/driver_bsd.c
diff -u src/external/bsd/wpa/dist/src/drivers/driver_bsd.c:1.14 src/external/bsd/wpa/dist/src/drivers/driver_bsd.c:1.15
--- src/external/bsd/wpa/dist/src/drivers/driver_bsd.c:1.14 Tue Jan 19 15:18:20 2016
+++ src/external/bsd/wpa/dist/src/drivers/driver_bsd.c Tue Jan 19 15:27:57 2016
@@ -870,11 +870,9 @@ bsd_init(struct hostapd_data *hapd, stru
return drv;
bad:
- if (drv != NULL) {
- if (drv->sock_xmit != NULL)
- l2_packet_deinit(drv->sock_xmit);
- os_free(drv);
- }
+ if (drv->sock_xmit != NULL)
+ l2_packet_deinit(drv->sock_xmit);
+ os_free(drv);
return NULL;
}
CVS commit: src/external/bsd/wpa/dist/src/drivers
Module Name:src
Committed By: roy
Date: Tue Jan 19 15:49:07 UTC 2016
Modified Files:
src/external/bsd/wpa/dist/src/drivers: driver_bsd.c
Log Message:
Syntax (no functional change)
To generate a diff of this commit:
cvs rdiff -u -r1.16 -r1.17 src/external/bsd/wpa/dist/src/drivers/driver_bsd.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/external/bsd/wpa/dist/src/drivers/driver_bsd.c
diff -u src/external/bsd/wpa/dist/src/drivers/driver_bsd.c:1.16 src/external/bsd/wpa/dist/src/drivers/driver_bsd.c:1.17
--- src/external/bsd/wpa/dist/src/drivers/driver_bsd.c:1.16 Tue Jan 19 15:45:00 2016
+++ src/external/bsd/wpa/dist/src/drivers/driver_bsd.c Tue Jan 19 15:49:07 2016
@@ -1613,7 +1613,7 @@ wpa_driver_bsd_get_capa(void *priv, stru
#endif /* HOSTAPD */
static void *
-bsd_global_init()
+bsd_global_init(void)
{
struct bsd_driver_global *global;
CVS commit: src/external/bsd/wpa/dist/src/drivers
Module Name:src
Committed By: roy
Date: Tue Jan 19 16:47:44 UTC 2016
Modified Files:
src/external/bsd/wpa/dist/src/drivers: driver_bsd.c
Log Message:
Use the interface index from the correc structure according to the message
to find the driver instead of assuming that rtm_index is corect.
To generate a diff of this commit:
cvs rdiff -u -r1.17 -r1.18 src/external/bsd/wpa/dist/src/drivers/driver_bsd.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/external/bsd/wpa/dist/src/drivers/driver_bsd.c
diff -u src/external/bsd/wpa/dist/src/drivers/driver_bsd.c:1.17 src/external/bsd/wpa/dist/src/drivers/driver_bsd.c:1.18
--- src/external/bsd/wpa/dist/src/drivers/driver_bsd.c:1.17 Tue Jan 19 15:49:07 2016
+++ src/external/bsd/wpa/dist/src/drivers/driver_bsd.c Tue Jan 19 16:47:44 2016
@@ -777,12 +777,12 @@ bsd_wireless_event_receive(int sock, voi
rtm->rtm_version);
return;
}
- drv = bsd_get_drvindex(global, rtm->rtm_index);
- if (drv == NULL)
- return;
switch (rtm->rtm_type) {
case RTM_IEEE80211:
ifan = (struct if_announcemsghdr *) rtm;
+ drv = bsd_get_drvindex(global, ifan->ifan_index);
+ if (drv == NULL)
+ return;
switch (ifan->ifan_what) {
case RTM_IEEE80211_ASSOC:
case RTM_IEEE80211_REASSOC:
@@ -1214,14 +1214,13 @@ wpa_driver_bsd_event_receive(int sock, v
rtm->rtm_version);
return;
}
- drv = bsd_get_drvindex(global, rtm->rtm_index);
- if (drv == NULL)
- return;
- ctx = drv->ctx;
os_memset(, 0, sizeof(event));
switch (rtm->rtm_type) {
case RTM_IFANNOUNCE:
ifan = (struct if_announcemsghdr *) rtm;
+ drv = bsd_get_drvindex(global, ifan->ifan_index);
+ if (drv == NULL)
+ return;
os_strlcpy(event.interface_status.ifname, drv->ifname,
sizeof(event.interface_status.ifname));
switch (ifan->ifan_what) {
@@ -1239,37 +1238,40 @@ wpa_driver_bsd_event_receive(int sock, v
event.interface_status.ifname,
ifan->ifan_what == IFAN_DEPARTURE ?
"removed" : "added");
- wpa_supplicant_event(ctx, EVENT_INTERFACE_STATUS, );
+ wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_STATUS, );
return;
case RTM_IEEE80211:
ifan = (struct if_announcemsghdr *) rtm;
+ drv = bsd_get_drvindex(global, ifan->ifan_index);
+ if (drv == NULL)
+ return;
switch (ifan->ifan_what) {
case RTM_IEEE80211_ASSOC:
case RTM_IEEE80211_REASSOC:
if (drv->is_ap)
break;
- wpa_supplicant_event(ctx, EVENT_ASSOC, NULL);
+ wpa_supplicant_event(drv->ctx, EVENT_ASSOC, NULL);
break;
case RTM_IEEE80211_DISASSOC:
if (drv->is_ap)
break;
- wpa_supplicant_event(ctx, EVENT_DISASSOC, NULL);
+ wpa_supplicant_event(drv->ctx, EVENT_DISASSOC, NULL);
break;
case RTM_IEEE80211_SCAN:
if (drv->is_ap)
break;
- wpa_supplicant_event(ctx, EVENT_SCAN_RESULTS, NULL);
+ wpa_supplicant_event(drv->ctx, EVENT_SCAN_RESULTS, NULL);
break;
case RTM_IEEE80211_LEAVE:
leave = (struct ieee80211_leave_event *) [1];
- drv_event_disassoc(ctx, leave->iev_addr);
+ drv_event_disassoc(drv->ctx, leave->iev_addr);
break;
case RTM_IEEE80211_JOIN:
#ifdef RTM_IEEE80211_REJOIN
case RTM_IEEE80211_REJOIN:
#endif
join = (struct ieee80211_join_event *) [1];
- bsd_new_sta(drv, ctx, join->iev_addr);
+ bsd_new_sta(drv, drv->ctx, join->iev_addr);
break;
case RTM_IEEE80211_REPLAY:
/* ignore */
@@ -1284,13 +1286,16 @@ wpa_driver_bsd_event_receive(int sock, v
os_memset(, 0, sizeof(event));
event.michael_mic_failure.unicast =
!IEEE80211_IS_MULTICAST(mic->iev_dst);
- wpa_supplicant_event(ctx, EVENT_MICHAEL_MIC_FAILURE,
-);
+ wpa_supplicant_event(drv->ctx,
+EVENT_MICHAEL_MIC_FAILURE, );
break;
}
break;
case RTM_IFINFO:
ifm = (struct if_msghdr *) rtm;
+ drv = bsd_get_drvindex(global, ifm->ifm_index);
+ if (drv == NULL)
+ return;
if ((ifm->ifm_flags & IFF_UP) == 0 &&
(drv->flags & IFF_UP) != 0) {
os_strlcpy(event.interface_status.ifname, drv->ifname,
@@ -1298,7 +1303,8 @@ wpa_driver_bsd_event_receive(int sock, v
event.interface_status.ievent = EVENT_INTERFACE_REMOVED;
wpa_printf(MSG_DEBUG, "RTM_IFINFO: Interface '%s' DOWN",
event.interface_status.ifname);
- wpa_supplicant_event(ctx, EVENT_INTERFACE_STATUS, );
+ wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_STATUS,
+ );
} else if ((ifm->ifm_flags & IFF_UP) != 0 &&
(drv->flags & IFF_UP) == 0) {
os_strlcpy(event.interface_status.ifname, drv->ifname,
@@ -1306,7 +1312,8 @@ wpa_driver_bsd_event_receive(int sock, v
event.interface_status.ievent = EVENT_INTERFACE_ADDED;
wpa_printf(MSG_DEBUG, "RTM_IFINFO: Interface '%s' UP",
event.interface_status.ifname);
- wpa_supplicant_event(ctx, EVENT_INTERFACE_STATUS, );
+ wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_STATUS,
+ );
} else {
os_strlcpy(event.interface_status.ifname, drv->ifname,
CVS commit: src/external/bsd/wpa/dist/src/drivers
Module Name:src
Committed By: roy
Date: Tue Jan 19 17:22:57 UTC 2016
Modified Files:
src/external/bsd/wpa/dist/src/drivers: driver_bsd.c
Log Message:
Downing the interface now disables it instead of removing it.
To generate a diff of this commit:
cvs rdiff -u -r1.18 -r1.19 src/external/bsd/wpa/dist/src/drivers/driver_bsd.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/external/bsd/wpa/dist/src/drivers/driver_bsd.c
diff -u src/external/bsd/wpa/dist/src/drivers/driver_bsd.c:1.18 src/external/bsd/wpa/dist/src/drivers/driver_bsd.c:1.19
--- src/external/bsd/wpa/dist/src/drivers/driver_bsd.c:1.18 Tue Jan 19 16:47:44 2016
+++ src/external/bsd/wpa/dist/src/drivers/driver_bsd.c Tue Jan 19 17:22:57 2016
@@ -288,6 +288,7 @@ bsd_ctrl_iface(void *priv, int enable)
strerror(errno));
return -1;
}
+ drv->flags = ifr.ifr_flags;
if (enable) {
if (ifr.ifr_flags & IFF_UP)
@@ -305,6 +306,7 @@ bsd_ctrl_iface(void *priv, int enable)
return -1;
}
+ drv->flags = ifr.ifr_flags;
return 0;
}
@@ -1298,28 +1300,16 @@ wpa_driver_bsd_event_receive(int sock, v
return;
if ((ifm->ifm_flags & IFF_UP) == 0 &&
(drv->flags & IFF_UP) != 0) {
- os_strlcpy(event.interface_status.ifname, drv->ifname,
- sizeof(event.interface_status.ifname));
- event.interface_status.ievent = EVENT_INTERFACE_REMOVED;
wpa_printf(MSG_DEBUG, "RTM_IFINFO: Interface '%s' DOWN",
- event.interface_status.ifname);
- wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_STATUS,
- );
+ drv->ifname);
+ wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_DISABLED,
+ NULL);
} else if ((ifm->ifm_flags & IFF_UP) != 0 &&
(drv->flags & IFF_UP) == 0) {
- os_strlcpy(event.interface_status.ifname, drv->ifname,
-sizeof(event.interface_status.ifname));
- event.interface_status.ievent = EVENT_INTERFACE_ADDED;
wpa_printf(MSG_DEBUG, "RTM_IFINFO: Interface '%s' UP",
- event.interface_status.ifname);
- wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_STATUS,
- );
- } else {
- os_strlcpy(event.interface_status.ifname, drv->ifname,
-sizeof(event.interface_status.ifname));
- wpa_printf(MSG_DEBUG, "RTM_IFINFO: Interface '%s' "
- "if=%x drv=%x", event.interface_status.ifname,
- ifm->ifm_flags, drv->flags);
+ drv->ifname);
+ wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_ENABLED,
+ NULL);
}
drv->flags = ifm->ifm_flags;
break;
CVS commit: src/external/bsd/wpa/dist/wpa_supplicant
Module Name:src
Committed By: roy
Date: Fri Jan 15 20:34:35 UTC 2016
Modified Files:
src/external/bsd/wpa/dist/wpa_supplicant: main.c
Log Message:
Sort options and reduce printf calls.
To generate a diff of this commit:
cvs rdiff -u -r1.1.1.5 -r1.2 src/external/bsd/wpa/dist/wpa_supplicant/main.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/external/bsd/wpa/dist/wpa_supplicant/main.c
diff -u src/external/bsd/wpa/dist/wpa_supplicant/main.c:1.1.1.5 src/external/bsd/wpa/dist/wpa_supplicant/main.c:1.2
--- src/external/bsd/wpa/dist/wpa_supplicant/main.c:1.1.1.5 Wed Apr 1 19:24:36 2015
+++ src/external/bsd/wpa/dist/wpa_supplicant/main.c Fri Jan 15 20:34:35 2016
@@ -64,41 +64,42 @@ static void usage(void)
" -B = run daemon in the background\n"
" -c = Configuration file\n"
" -C = ctrl_interface parameter (only used if -c is not)\n"
- " -i = interface name\n"
- " -I = additional configuration file\n"
" -d = increase debugging verbosity (-dd even more)\n"
" -D = driver name (can be multiple drivers: nl80211,wext)\n"
- " -e = entropy file\n");
+ " -e = entropy file\n"
#ifdef CONFIG_DEBUG_FILE
- printf(" -f = log output to debug file instead of stdout\n");
+ " -f = log output to debug file instead of stdout\n"
#endif /* CONFIG_DEBUG_FILE */
- printf(" -g = global ctrl_interface\n"
+ " -g = global ctrl_interface\n"
" -G = global ctrl_interface group\n"
- " -K = include keys (passwords, etc.) in debug output\n");
-#ifdef CONFIG_DEBUG_SYSLOG
- printf(" -s = log output to syslog instead of stdout\n");
-#endif /* CONFIG_DEBUG_SYSLOG */
-#ifdef CONFIG_DEBUG_LINUX_TRACING
- printf(" -T = record to Linux tracing in addition to logging\n");
- printf(" (records all messages regardless of debug verbosity)\n");
-#endif /* CONFIG_DEBUG_LINUX_TRACING */
- printf(" -t = include timestamp in debug messages\n"
" -h = show this help text\n"
+ " -i = interface name\n"
+ " -I = additional configuration file\n"
+ " -K = include keys (passwords, etc.) in debug output\n"
" -L = show license (BSD)\n"
+#ifdef CONFIG_P2P
+ " -m = Configuration file for the P2P Device interface\n"
+#endif /* CONFIG_P2P */
+ " -N = start describing new interface\n"
" -o = override driver parameter for new interfaces\n"
" -O = override ctrl_interface parameter for new interfaces\n"
" -p = driver parameters\n"
" -P = PID file\n"
- " -q = decrease debugging verbosity (-qq even less)\n");
+ " -q = decrease debugging verbosity (-qq even less)\n"
+#ifdef CONFIG_DEBUG_SYSLOG
+ " -s = log output to syslog instead of stdout\n"
+#endif /* CONFIG_DEBUG_SYSLOG */
+#ifdef CONFIG_DEBUG_LINUX_TRACING
+ " -T = record to Linux tracing in addition to logging\n"
+ " (records all messages regardless of debug verbosity)\n"
+#endif /* CONFIG_DEBUG_LINUX_TRACING */
+ " -t = include timestamp in debug messages\n"
#ifdef CONFIG_DBUS
- printf(" -u = enable DBus control interface\n");
+ " -u = enable DBus control interface\n"
#endif /* CONFIG_DBUS */
- printf(" -v = show version\n"
+ " -v = show version\n"
" -W = wait for a control interface monitor before starting\n"
-#ifdef CONFIG_P2P
- " -m = Configuration file for the P2P Device interface\n"
-#endif /* CONFIG_P2P */
- " -N = start describing new interface\n");
+ );
printf("example:\n"
" wpa_supplicant -D%s -iwlan0 -c/etc/wpa_supplicant.conf\n",
CVS commit: src/external/bsd/wpa/dist/src/drivers
Module Name:src
Committed By: roy
Date: Thu Jan 14 21:19:41 UTC 2016
Modified Files:
src/external/bsd/wpa/dist/src/drivers: driver_bsd.c
Log Message:
Create global init to handle socket calls and route messages.
Register each interface inside the global driver so that
routing messages can find the interface based on rtm_ifindex.
To generate a diff of this commit:
cvs rdiff -u -r1.11 -r1.12 src/external/bsd/wpa/dist/src/drivers/driver_bsd.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/external/bsd/wpa/dist/src/drivers/driver_bsd.c
diff -u src/external/bsd/wpa/dist/src/drivers/driver_bsd.c:1.11 src/external/bsd/wpa/dist/src/drivers/driver_bsd.c:1.12
--- src/external/bsd/wpa/dist/src/drivers/driver_bsd.c:1.11 Wed Apr 1 19:45:14 2015
+++ src/external/bsd/wpa/dist/src/drivers/driver_bsd.c Thu Jan 14 21:19:41 2016
@@ -47,12 +47,20 @@
#include "l2_packet/l2_packet.h"
+struct bsd_driver_global {
+ int sock; /* socket for 802.11 ioctls */
+ int route; /* routing socket for events */
+ char *event_buf;
+ size_t event_buf_len;
+ struct dl_list ifaces; /* list of interfaces */
+};
+
struct bsd_driver_data {
+ struct dl_list list;
+ struct bsd_driver_global *global;
struct hostapd_data *hapd; /* back pointer */
- int sock; /* open socket for 802.11 ioctls */
struct l2_packet_data *sock_xmit;/* raw packet xmit socket */
- int route; /* routing socket for events */
char ifname[IFNAMSIZ+1]; /* interface name */
int flags;
unsigned int ifindex; /* interface index */
@@ -63,12 +71,23 @@ struct bsd_driver_data {
int prev_privacy; /* privacy state to restore on deinit */
int prev_wpa; /* wpa state to restore on deinit */
enum ieee80211_opmode opmode; /* operation mode */
- char *event_buf;
- size_t event_buf_len;
};
/* Generic functions for hostapd and wpa_supplicant */
+static struct bsd_driver_data *
+bsd_get_drvindex(void *priv, unsigned int ifindex)
+{
+ struct bsd_driver_global *global = priv;
+ struct bsd_driver_data *drv;
+
+ dl_list_for_each(drv, >ifaces, struct bsd_driver_data, list) {
+ if (drv->ifindex == ifindex)
+ return drv;
+ }
+ return NULL;
+}
+
static int
bsd_set80211(void *priv, int op, int val, const void *arg, int arg_len)
{
@@ -82,7 +101,7 @@ bsd_set80211(void *priv, int op, int val
ireq.i_data = (void *) arg;
ireq.i_len = arg_len;
- if (ioctl(drv->sock, SIOCS80211, ) < 0) {
+ if (ioctl(drv->global->sock, SIOCS80211, ) < 0) {
wpa_printf(MSG_ERROR, "ioctl[SIOCS80211, op=%u, val=%u, "
"arg_len=%u]: %s", op, val, arg_len,
strerror(errno));
@@ -103,7 +122,7 @@ bsd_get80211(void *priv, struct ieee8021
ireq->i_len = arg_len;
ireq->i_data = arg;
- if (ioctl(drv->sock, SIOCG80211, ireq) < 0) {
+ if (ioctl(drv->global->sock, SIOCG80211, ireq) < 0) {
wpa_printf(MSG_ERROR, "ioctl[SIOCS80211, op=%u, "
"arg_len=%u]: %s", op, arg_len, strerror(errno));
return -1;
@@ -144,7 +163,7 @@ bsd_get_ssid(void *priv, u8 *ssid, int l
os_memset(, 0, sizeof(ifr));
os_strlcpy(ifr.ifr_name, drv->ifname, sizeof(ifr.ifr_name));
ifr.ifr_data = (void *)
- if (ioctl(drv->sock, SIOCG80211NWID, ) < 0 ||
+ if (ioctl(drv->global->sock, SIOCG80211NWID, ) < 0 ||
nwid.i_len > IEEE80211_NWID_LEN)
return -1;
os_memcpy(ssid, nwid.i_nwid, nwid.i_len);
@@ -167,7 +186,7 @@ bsd_set_ssid(void *priv, const u8 *ssid,
os_memset(, 0, sizeof(ifr));
os_strlcpy(ifr.ifr_name, drv->ifname, sizeof(ifr.ifr_name));
ifr.ifr_data = (void *)
- return ioctl(drv->sock, SIOCS80211NWID, );
+ return ioctl(drv->global->sock, SIOCS80211NWID, );
#else
return set80211var(drv, IEEE80211_IOC_SSID, ssid, ssid_len);
#endif
@@ -182,7 +201,7 @@ bsd_get_if_media(void *priv)
os_memset(, 0, sizeof(ifmr));
os_strlcpy(ifmr.ifm_name, drv->ifname, sizeof(ifmr.ifm_name));
- if (ioctl(drv->sock, SIOCGIFMEDIA, ) < 0) {
+ if (ioctl(drv->global->sock, SIOCGIFMEDIA, ) < 0) {
wpa_printf(MSG_ERROR, "%s: SIOCGIFMEDIA %s", __func__,
strerror(errno));
return -1;
@@ -201,7 +220,7 @@ bsd_set_if_media(void *priv, int media)
os_strlcpy(ifr.ifr_name, drv->ifname, sizeof(ifr.ifr_name));
ifr.ifr_media = media;
- if (ioctl(drv->sock, SIOCSIFMEDIA, ) < 0) {
+ if (ioctl(drv->global->sock, SIOCSIFMEDIA, ) < 0) {
wpa_printf(MSG_ERROR, "%s: SIOCSIFMEDIA %s", __func__,
strerror(errno));
return -1;
@@ -264,7 +283,7 @@ bsd_ctrl_iface(void *priv, int enable)
os_memset(, 0, sizeof(ifr));
os_strlcpy(ifr.ifr_name, drv->ifname, sizeof(ifr.ifr_name));
- if (ioctl(drv->sock, SIOCGIFFLAGS, ) < 0) {
+ if (ioctl(drv->global->sock, SIOCGIFFLAGS, ) < 0) {
wpa_printf(MSG_ERROR, "ioctl[SIOCGIFFLAGS]: %s",
strerror(errno));
return -1;
@@ -280,7 +299,7 @@ bsd_ctrl_iface(void *priv, int enable)
ifr.ifr_flags &= ~IFF_UP;
}
- if (ioctl(drv->sock, SIOCSIFFLAGS, ) < 0) {
+ if (ioctl(drv->global->sock, SIOCSIFFLAGS, ) < 0) {
CVS commit: src/external/bsd/wpa/dist/wpa_supplicant
Module Name:src
Committed By: christos
Date: Tue Nov 10 18:39:40 UTC 2015
Modified Files:
src/external/bsd/wpa/dist/wpa_supplicant: wnm_sta.c
Log Message:
Apply patch by Jouni Malinen. We don't have CONFIG_EAP_PWD enabled so we are
not affected:
EAP-pwd peer error path failure on unexpected Confirm message
Published: November 10, 2015
Identifier: CVE-2015-5316
Latest version available from: http://w1.fi/security/2015-8/
Vulnerability
A vulnerability was found in EAP-pwd peer implementation used in
wpa_supplicant. If an EAP-pwd Confirm message is received unexpectedly
before the Identity exchange, the error path processing ended up
dereferencing a NULL pointer and terminating the process.
For wpa_supplicant with EAP-pwd enabled in a network configuration
profile, this could allow a denial of service attack by an attacker
within radio range.
Vulnerable versions/configurations
wpa_supplicant v2.3-v2.5 with CONFIG_EAP_PWD=y in the build
configuration (wpa_supplicant/.config) and EAP-pwd enabled in a network
profile at runtime.
Possible mitigation steps
- Merge the following commits and rebuild wpa_supplicant:
EAP-pwd peer: Fix error path for unexpected Confirm message
This patch is available from http://w1.fi/security/2015-8/
- Update to wpa_supplicant v2.6 or newer, once available
- Remove CONFIG_EAP_PWD=y from build configuration
- Disable EAP-pwd in runtime configuration
To generate a diff of this commit:
cvs rdiff -u -r1.1.1.3 -r1.2 \
src/external/bsd/wpa/dist/wpa_supplicant/wnm_sta.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/external/bsd/wpa/dist/wpa_supplicant/wnm_sta.c
diff -u src/external/bsd/wpa/dist/wpa_supplicant/wnm_sta.c:1.1.1.3 src/external/bsd/wpa/dist/wpa_supplicant/wnm_sta.c:1.2
--- src/external/bsd/wpa/dist/wpa_supplicant/wnm_sta.c:1.1.1.3 Wed Apr 1 15:24:39 2015
+++ src/external/bsd/wpa/dist/wpa_supplicant/wnm_sta.c Tue Nov 10 13:39:40 2015
@@ -187,6 +187,12 @@ static void wnm_sleep_mode_exit_success(
end = ptr + key_len_total;
wpa_hexdump_key(MSG_DEBUG, "WNM: Key Data", ptr, key_len_total);
+ if (key_len_total && !wpa_sm_pmf_enabled(wpa_s->wpa)) {
+ wpa_msg(wpa_s, MSG_INFO,
+ "WNM: Ignore Key Data in WNM-Sleep Mode Response - PMF not enabled");
+ return;
+ }
+
while (ptr + 1 < end) {
if (ptr + 2 + ptr[1] > end) {
wpa_printf(MSG_DEBUG, "WNM: Invalid Key Data element "
CVS commit: src/external/bsd/wpa/dist/wpa_supplicant
Module Name:src
Committed By: joerg
Date: Fri Aug 28 13:05:13 UTC 2015
Modified Files:
src/external/bsd/wpa/dist/wpa_supplicant: wpa_cli.c
Log Message:
Simplify.
To generate a diff of this commit:
cvs rdiff -u -r1.6 -r1.7 src/external/bsd/wpa/dist/wpa_supplicant/wpa_cli.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/external/bsd/wpa/dist/wpa_supplicant/wpa_cli.c
diff -u src/external/bsd/wpa/dist/wpa_supplicant/wpa_cli.c:1.6 src/external/bsd/wpa/dist/wpa_supplicant/wpa_cli.c:1.7
--- src/external/bsd/wpa/dist/wpa_supplicant/wpa_cli.c:1.6 Wed Apr 1 19:45:15 2015
+++ src/external/bsd/wpa/dist/wpa_supplicant/wpa_cli.c Fri Aug 28 13:05:13 2015
@@ -3805,7 +3805,7 @@ static void try_connection(void *eloop_c
if (ctrl_ifname == NULL)
ctrl_ifname = wpa_cli_get_default_ifname();
- if (!wpa_cli_open_connection(ctrl_ifname, 1) == 0) {
+ if (wpa_cli_open_connection(ctrl_ifname, 1) != 0) {
if (!warning_displayed) {
printf(Could not connect to wpa_supplicant:
%s - re-trying\n,
CVS commit: src/external/bsd/wpa/dist/src/wps
Module Name:src
Committed By: christos
Date: Sat May 9 19:33:47 UTC 2015
Modified Files:
src/external/bsd/wpa/dist/src/wps: httpread.c
Log Message:
strtoul() return value may end up overflowing the int h-chunk_size and
resulting in a negative value to be stored as the chunk_size. This could
result in the following memcpy operation using a very large length
argument which would result in a buffer overflow and segmentation fault.
This could have been used to cause a denial service by any device that
has been authorized for network access (either wireless or wired). This
would affect both the WPS UPnP functionality in a WPS AP (hostapd with
upnp_iface parameter set in the configuration) and WPS ER
(wpa_supplicant with WPS_ER_START control interface command used).
Validate the parsed chunk length value to avoid this. In addition to
rejecting negative values, we can also reject chunk size that would be
larger than the maximum configured body length.
Thanks to Kostya Kortchinsky of Google security team for discovering and
reporting this issue.
XXX: pullup-7
To generate a diff of this commit:
cvs rdiff -u -r1.1.1.3 -r1.2 src/external/bsd/wpa/dist/src/wps/httpread.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/external/bsd/wpa/dist/src/wps/httpread.c
diff -u src/external/bsd/wpa/dist/src/wps/httpread.c:1.1.1.3 src/external/bsd/wpa/dist/src/wps/httpread.c:1.2
--- src/external/bsd/wpa/dist/src/wps/httpread.c:1.1.1.3 Thu Oct 16 15:16:09 2014
+++ src/external/bsd/wpa/dist/src/wps/httpread.c Sat May 9 15:33:47 2015
@@ -533,6 +533,13 @@ static void httpread_read_handler(int sd
if (!isxdigit(*cbp))
goto bad;
h-chunk_size = strtoul(cbp, NULL, 16);
+ if (h-chunk_size 0 ||
+ h-chunk_size h-max_bytes) {
+ wpa_printf(MSG_DEBUG,
+ httpread: Invalid chunk size %d,
+ h-chunk_size);
+ goto bad;
+ }
/* throw away chunk header
* so we have only real data
*/
CVS commit: src/external/bsd/wpa/dist/src/ap
Module Name:src
Committed By: christos
Date: Sat May 9 19:35:15 UTC 2015
Modified Files:
src/external/bsd/wpa/dist/src/ap: wmm.c
Log Message:
The length of the WMM Action frame was not properly validated and the
length of the information elements (int left) could end up being
negative. This would result in reading significantly past the stack
buffer while parsing the IEs in ieee802_11_parse_elems() and while doing
so, resulting in segmentation fault.
This can result in an invalid frame being used for a denial of service
attack (hostapd process killed) against an AP with a driver that uses
hostapd for management frame processing (e.g., all mac80211-based
drivers).
Thanks to Kostya Kortchinsky of Google security team for discovering and
reporting this issue.
XXX: pullup-7
To generate a diff of this commit:
cvs rdiff -u -r1.1.1.4 -r1.2 src/external/bsd/wpa/dist/src/ap/wmm.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/external/bsd/wpa/dist/src/ap/wmm.c
diff -u src/external/bsd/wpa/dist/src/ap/wmm.c:1.1.1.4 src/external/bsd/wpa/dist/src/ap/wmm.c:1.2
--- src/external/bsd/wpa/dist/src/ap/wmm.c:1.1.1.4 Thu Oct 16 15:16:06 2014
+++ src/external/bsd/wpa/dist/src/ap/wmm.c Sat May 9 15:35:15 2015
@@ -274,6 +274,9 @@ void hostapd_wmm_action(struct hostapd_d
return;
}
+ if (left 0)
+ return; /* not a valid WMM Action frame */
+
/* extract the tspec info element */
if (ieee802_11_parse_elems(pos, left, elems, 1) == ParseFailed) {
hostapd_logger(hapd, mgmt-sa, HOSTAPD_MODULE_IEEE80211,
CVS commit: src/external/bsd/wpa/dist/src/eap_peer
Module Name:src
Committed By: christos
Date: Sat May 9 19:46:01 UTC 2015
Modified Files:
src/external/bsd/wpa/dist/src/eap_peer: eap_pwd.c
Log Message:
The length of the received Commit and Confirm message payloads was not
checked before reading them. This could result in a buffer read
overflow when processing an invalid message.
Fix this by verifying that the payload is of expected length before
processing it. In addition, enforce correct state transition sequence to
make sure there is no unexpected behavior if receiving a Commit/Confirm
message before the previous exchanges have been completed.
Thanks to Kostya Kortchinsky of Google security team for discovering and
reporting this issue.
XXX: pullup-7
To generate a diff of this commit:
cvs rdiff -u -r1.1.1.4 -r1.2 src/external/bsd/wpa/dist/src/eap_peer/eap_pwd.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/external/bsd/wpa/dist/src/eap_peer/eap_pwd.c
diff -u src/external/bsd/wpa/dist/src/eap_peer/eap_pwd.c:1.1.1.4 src/external/bsd/wpa/dist/src/eap_peer/eap_pwd.c:1.2
--- src/external/bsd/wpa/dist/src/eap_peer/eap_pwd.c:1.1.1.4 Wed Apr 1 15:24:45 2015
+++ src/external/bsd/wpa/dist/src/eap_peer/eap_pwd.c Sat May 9 15:46:01 2015
@@ -301,6 +301,23 @@ eap_pwd_perform_commit_exchange(struct e
BIGNUM *mask = NULL, *x = NULL, *y = NULL, *cofactor = NULL;
u16 offset;
u8 *ptr, *scalar = NULL, *element = NULL;
+ size_t prime_len, order_len;
+
+ if (data-state != PWD_Commit_Req) {
+ ret-ignore = TRUE;
+ goto fin;
+ }
+
+ prime_len = BN_num_bytes(data-grp-prime);
+ order_len = BN_num_bytes(data-grp-order);
+
+ if (payload_len != 2 * prime_len + order_len) {
+ wpa_printf(MSG_INFO,
+ EAP-pwd: Unexpected Commit payload length %u (expected %u),
+ (unsigned int) payload_len,
+ (unsigned int) (2 * prime_len + order_len));
+ goto fin;
+ }
if (((data-private_value = BN_new()) == NULL) ||
((data-my_element = EC_POINT_new(data-grp-group)) == NULL) ||
CVS commit: src/external/bsd/wpa/dist/src/eap_server
Module Name:src
Committed By: christos
Date: Sat May 9 19:47:35 UTC 2015
Modified Files:
src/external/bsd/wpa/dist/src/eap_server: eap_server_pwd.c
Log Message:
The length of the received Commit and Confirm message payloads was not
checked before reading them. This could result in a buffer read
overflow when processing an invalid message.
Fix this by verifying that the payload is of expected length before
processing it. In addition, enforce correct state transition sequence to
make sure there is no unexpected behavior if receiving a Commit/Confirm
message before the previous exchanges have been completed.
Thanks to Kostya Kortchinsky of Google security team for discovering and
reporting this issue.
XXX: pullup-7
To generate a diff of this commit:
cvs rdiff -u -r1.1.1.4 -r1.2 \
src/external/bsd/wpa/dist/src/eap_server/eap_server_pwd.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/external/bsd/wpa/dist/src/eap_server/eap_server_pwd.c
diff -u src/external/bsd/wpa/dist/src/eap_server/eap_server_pwd.c:1.1.1.4 src/external/bsd/wpa/dist/src/eap_server/eap_server_pwd.c:1.2
--- src/external/bsd/wpa/dist/src/eap_server/eap_server_pwd.c:1.1.1.4 Wed Apr 1 15:24:46 2015
+++ src/external/bsd/wpa/dist/src/eap_server/eap_server_pwd.c Sat May 9 15:47:35 2015
@@ -634,9 +634,21 @@ eap_pwd_process_commit_resp(struct eap_s
BIGNUM *x = NULL, *y = NULL, *cofactor = NULL;
EC_POINT *K = NULL, *point = NULL;
int res = 0;
+ size_t prime_len, order_len;
wpa_printf(MSG_DEBUG, EAP-pwd: Received commit response);
+ prime_len = BN_num_bytes(data-grp-prime);
+ order_len = BN_num_bytes(data-grp-order);
+
+ if (payload_len != 2 * prime_len + order_len) {
+ wpa_printf(MSG_INFO,
+ EAP-pwd: Unexpected Commit payload length %u (expected %u),
+ (unsigned int) payload_len,
+ (unsigned int) (2 * prime_len + order_len));
+ goto fin;
+ }
+
if (((data-peer_scalar = BN_new()) == NULL) ||
((data-k = BN_new()) == NULL) ||
((cofactor = BN_new()) == NULL) ||
CVS commit: src/external/bsd/wpa/dist/src/eap_peer
Module Name:src
Committed By: christos
Date: Sat May 9 19:49:28 UTC 2015
Modified Files:
src/external/bsd/wpa/dist/src/eap_peer: eap_pwd.c
Log Message:
The remaining number of bytes in the message could be smaller than the
Total-Length field size, so the length needs to be explicitly checked
prior to reading the field and decrementing the len variable. This could
have resulted in the remaining length becoming negative and interpreted
as a huge positive integer.
In addition, check that there is no already started fragment in progress
before allocating a new buffer for reassembling fragments. This avoid a
potential memory leak when processing invalid message.
XXX: pullup-7
To generate a diff of this commit:
cvs rdiff -u -r1.2 -r1.3 src/external/bsd/wpa/dist/src/eap_peer/eap_pwd.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/external/bsd/wpa/dist/src/eap_peer/eap_pwd.c
diff -u src/external/bsd/wpa/dist/src/eap_peer/eap_pwd.c:1.2 src/external/bsd/wpa/dist/src/eap_peer/eap_pwd.c:1.3
--- src/external/bsd/wpa/dist/src/eap_peer/eap_pwd.c:1.2 Sat May 9 15:46:01 2015
+++ src/external/bsd/wpa/dist/src/eap_peer/eap_pwd.c Sat May 9 15:49:28 2015
@@ -800,11 +800,23 @@ eap_pwd_process(struct eap_sm *sm, void
* if it's the first fragment there'll be a length field
*/
if (EAP_PWD_GET_LENGTH_BIT(lm_exch)) {
+ if (len 2) {
+ wpa_printf(MSG_DEBUG,
+ EAP-pwd: Frame too short to contain Total-Length field);
+ ret-ignore = TRUE;
+ return NULL;
+ }
tot_len = WPA_GET_BE16(pos);
wpa_printf(MSG_DEBUG, EAP-pwd: Incoming fragments whose
total length = %d, tot_len);
if (tot_len 15000)
return NULL;
+ if (data-inbuf) {
+ wpa_printf(MSG_DEBUG,
+ EAP-pwd: Unexpected new fragment start when previous fragment is still in use);
+ ret-ignore = TRUE;
+ return NULL;
+ }
data-inbuf = wpabuf_alloc(tot_len);
if (data-inbuf == NULL) {
wpa_printf(MSG_INFO, Out of memory to buffer
CVS commit: src/external/bsd/wpa/dist/src/eap_server
Module Name:src
Committed By: christos
Date: Sat May 9 19:50:41 UTC 2015
Modified Files:
src/external/bsd/wpa/dist/src/eap_server: eap_server_pwd.c
Log Message:
The remaining number of bytes in the message could be smaller than the
Total-Length field size, so the length needs to be explicitly checked
prior to reading the field and decrementing the len variable. This could
have resulted in the remaining length becoming negative and interpreted
as a huge positive integer.
In addition, check that there is no already started fragment in progress
before allocating a new buffer for reassembling fragments. This avoid a
potential memory leak when processing invalid message.
XXX: pullup-7
To generate a diff of this commit:
cvs rdiff -u -r1.2 -r1.3 \
src/external/bsd/wpa/dist/src/eap_server/eap_server_pwd.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/external/bsd/wpa/dist/src/eap_server/eap_server_pwd.c
diff -u src/external/bsd/wpa/dist/src/eap_server/eap_server_pwd.c:1.2 src/external/bsd/wpa/dist/src/eap_server/eap_server_pwd.c:1.3
--- src/external/bsd/wpa/dist/src/eap_server/eap_server_pwd.c:1.2 Sat May 9 15:47:35 2015
+++ src/external/bsd/wpa/dist/src/eap_server/eap_server_pwd.c Sat May 9 15:50:41 2015
@@ -913,11 +913,21 @@ static void eap_pwd_process(struct eap_s
* the first fragment has a total length
*/
if (EAP_PWD_GET_LENGTH_BIT(lm_exch)) {
+ if (len 2) {
+ wpa_printf(MSG_DEBUG,
+ EAP-pwd: Frame too short to contain Total-Length field);
+ return;
+ }
tot_len = WPA_GET_BE16(pos);
wpa_printf(MSG_DEBUG, EAP-pwd: Incoming fragments, total
length = %d, tot_len);
if (tot_len 15000)
return;
+ if (data-inbuf) {
+ wpa_printf(MSG_DEBUG,
+ EAP-pwd: Unexpected new fragment start when previous fragment is still in use);
+ return;
+ }
data-inbuf = wpabuf_alloc(tot_len);
if (data-inbuf == NULL) {
wpa_printf(MSG_INFO, EAP-pwd: Out of memory to
CVS commit: src/external/bsd/wpa/dist/src/eap_peer
Module Name:src
Committed By: christos
Date: Sat May 9 19:51:43 UTC 2015
Modified Files:
src/external/bsd/wpa/dist/src/eap_peer: eap_pwd.c
Log Message:
The L (Length) and M (More) flags needs to be cleared before deciding
whether the locally generated response requires fragmentation. This
fixes an issue where these flags from the server could have been invalid
for the following message. In some cases, this could have resulted in
triggering the wpabuf security check that would terminate the process
due to invalid buffer allocation.
XXX: pullup-7
To generate a diff of this commit:
cvs rdiff -u -r1.3 -r1.4 src/external/bsd/wpa/dist/src/eap_peer/eap_pwd.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/external/bsd/wpa/dist/src/eap_peer/eap_pwd.c
diff -u src/external/bsd/wpa/dist/src/eap_peer/eap_pwd.c:1.3 src/external/bsd/wpa/dist/src/eap_peer/eap_pwd.c:1.4
--- src/external/bsd/wpa/dist/src/eap_peer/eap_pwd.c:1.3 Sat May 9 15:49:28 2015
+++ src/external/bsd/wpa/dist/src/eap_peer/eap_pwd.c Sat May 9 15:51:43 2015
@@ -903,6 +903,7 @@ eap_pwd_process(struct eap_sm *sm, void
* we have output! Do we need to fragment it?
*/
len = wpabuf_len(data-outbuf);
+ lm_exch = EAP_PWD_GET_EXCHANGE(lm_exch);
if ((len + EAP_PWD_HDR_SIZE) data-mtu) {
resp = eap_msg_alloc(EAP_VENDOR_IETF, EAP_TYPE_PWD, data-mtu,
EAP_CODE_RESPONSE, eap_get_id(reqData));
CVS commit: src/external/bsd/wpa/dist/src/p2p
Module Name:src
Committed By: christos
Date: Wed Apr 22 20:24:20 UTC 2015
Modified Files:
src/external/bsd/wpa/dist/src/p2p: p2p.c
Log Message:
Fix potential buffer overflow:
http://w1.fi/security/2015-1/0001-P2P-Validate-SSID-element-length-before-copying-it-C.patch
XXX: pullup-[67]
To generate a diff of this commit:
cvs rdiff -u -r1.1.1.5 -r1.2 src/external/bsd/wpa/dist/src/p2p/p2p.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/external/bsd/wpa/dist/src/p2p/p2p.c
diff -u src/external/bsd/wpa/dist/src/p2p/p2p.c:1.1.1.5 src/external/bsd/wpa/dist/src/p2p/p2p.c:1.2
--- src/external/bsd/wpa/dist/src/p2p/p2p.c:1.1.1.5 Wed Apr 1 15:24:46 2015
+++ src/external/bsd/wpa/dist/src/p2p/p2p.c Wed Apr 22 16:24:20 2015
@@ -778,6 +778,7 @@ int p2p_add_device(struct p2p_data *p2p,
if (os_memcmp(addr, p2p_dev_addr, ETH_ALEN) != 0)
os_memcpy(dev-interface_addr, addr, ETH_ALEN);
if (msg.ssid
+ msg.ssid[1] = sizeof(dev-oper_ssid)
(msg.ssid[1] != P2P_WILDCARD_SSID_LEN ||
os_memcmp(msg.ssid + 2, P2P_WILDCARD_SSID, P2P_WILDCARD_SSID_LEN)
!= 0)) {
CVS commit: src/external/bsd/wpa/dist/src/eap_server
Module Name:src Committed By: joerg Date: Sat Apr 11 21:14:13 UTC 2015 Modified Files: src/external/bsd/wpa/dist/src/eap_server: eap_server.c Log Message: Cast enum. To generate a diff of this commit: cvs rdiff -u -r1.1.1.5 -r1.2 \ src/external/bsd/wpa/dist/src/eap_server/eap_server.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/external/bsd/wpa/dist/src/eap_server/eap_server.c diff -u src/external/bsd/wpa/dist/src/eap_server/eap_server.c:1.1.1.5 src/external/bsd/wpa/dist/src/eap_server/eap_server.c:1.2 --- src/external/bsd/wpa/dist/src/eap_server/eap_server.c:1.1.1.5 Wed Apr 1 19:24:46 2015 +++ src/external/bsd/wpa/dist/src/eap_server/eap_server.c Sat Apr 11 21:14:13 2015 @@ -96,7 +96,7 @@ static struct wpabuf * eap_sm_buildIniti plen += 2 + domain_len; } - msg = eap_msg_alloc(EAP_VENDOR_IETF, EAP_ERP_TYPE_REAUTH_START, plen, + msg = eap_msg_alloc(EAP_VENDOR_IETF, (EapType)EAP_ERP_TYPE_REAUTH_START, plen, EAP_CODE_INITIATE, id); if (msg == NULL) return NULL;
CVS commit: src/external/bsd/wpa/dist/src/ap
Module Name:src
Committed By: christos
Date: Sat Mar 7 22:31:24 UTC 2015
Modified Files:
src/external/bsd/wpa/dist/src/ap: ap_drv_ops.c
Log Message:
prevent coredump from the distributed config file.
XXX: pullup-7
To generate a diff of this commit:
cvs rdiff -u -r1.1.1.4 -r1.2 src/external/bsd/wpa/dist/src/ap/ap_drv_ops.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/external/bsd/wpa/dist/src/ap/ap_drv_ops.c
diff -u src/external/bsd/wpa/dist/src/ap/ap_drv_ops.c:1.1.1.4 src/external/bsd/wpa/dist/src/ap/ap_drv_ops.c:1.2
--- src/external/bsd/wpa/dist/src/ap/ap_drv_ops.c:1.1.1.4 Thu Oct 16 15:16:05 2014
+++ src/external/bsd/wpa/dist/src/ap/ap_drv_ops.c Sat Mar 7 17:31:24 2015
@@ -569,7 +569,8 @@ int hostapd_set_freq(struct hostapd_data
{
struct hostapd_freq_params data;
- if (hostapd_set_freq_params(data, mode, freq, channel, ht_enabled,
+ if (hapd-iface-current_mode
+ hostapd_set_freq_params(data, mode, freq, channel, ht_enabled,
vht_enabled, sec_channel_offset,
vht_oper_chwidth,
center_segment0, center_segment1,
@@ -765,7 +766,8 @@ int hostapd_start_dfs_cac(struct hostapd
return -1;
}
- if (hostapd_set_freq_params(data, mode, freq, channel, ht_enabled,
+ if (iface-current_mode
+ hostapd_set_freq_params(data, mode, freq, channel, ht_enabled,
vht_enabled, sec_channel_offset,
vht_oper_chwidth, center_segment0,
center_segment1,
CVS commit: src/external/bsd/wpa/dist/wpa_supplicant
Module Name:src
Committed By: joerg
Date: Sun Oct 19 14:13:02 UTC 2014
Modified Files:
src/external/bsd/wpa/dist/wpa_supplicant: ctrl_iface.c events.c
wpa_supplicant.c
Log Message:
Fix format strings to match argument types.
To generate a diff of this commit:
cvs rdiff -u -r1.1.1.5 -r1.2 \
src/external/bsd/wpa/dist/wpa_supplicant/ctrl_iface.c
cvs rdiff -u -r1.1.1.6 -r1.2 \
src/external/bsd/wpa/dist/wpa_supplicant/events.c \
src/external/bsd/wpa/dist/wpa_supplicant/wpa_supplicant.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/external/bsd/wpa/dist/wpa_supplicant/ctrl_iface.c
diff -u src/external/bsd/wpa/dist/wpa_supplicant/ctrl_iface.c:1.1.1.5 src/external/bsd/wpa/dist/wpa_supplicant/ctrl_iface.c:1.2
--- src/external/bsd/wpa/dist/wpa_supplicant/ctrl_iface.c:1.1.1.5 Thu Oct 16 19:16:02 2014
+++ src/external/bsd/wpa/dist/wpa_supplicant/ctrl_iface.c Sun Oct 19 14:13:01 2014
@@ -5814,9 +5814,10 @@ static int wpas_ctrl_radio_work_show(str
int ret;
os_reltime_sub(now, work-time, diff);
- ret = os_snprintf(pos, end - pos, %s@%s:%u:%u:%ld.%06ld\n,
+ ret = os_snprintf(pos, end - pos, %s@%s:%u:%u:%jd.%06ld\n,
work-type, work-wpa_s-ifname, work-freq,
- work-started, diff.sec, diff.usec);
+ work-started, (intmax_t)diff.sec,
+ (long)diff.usec);
if (ret 0 || ret = end - pos)
break;
pos += ret;
Index: src/external/bsd/wpa/dist/wpa_supplicant/events.c
diff -u src/external/bsd/wpa/dist/wpa_supplicant/events.c:1.1.1.6 src/external/bsd/wpa/dist/wpa_supplicant/events.c:1.2
--- src/external/bsd/wpa/dist/wpa_supplicant/events.c:1.1.1.6 Thu Oct 16 19:16:03 2014
+++ src/external/bsd/wpa/dist/wpa_supplicant/events.c Sun Oct 19 14:13:01 2014
@@ -2990,8 +2990,8 @@ void wpa_supplicant_event(void *ctx, enu
os_reltime_sub(wpa_s-scan_start_time,
wpa_s-scan_trigger_time, diff);
- wpa_dbg(wpa_s, MSG_DEBUG, Own scan request started a scan in %ld.%06ld seconds,
-diff.sec, diff.usec);
+ wpa_dbg(wpa_s, MSG_DEBUG, Own scan request started a scan in %jd.%06ld seconds,
+(intmax_t)diff.sec, (long)diff.usec);
wpa_s-own_scan_requested = 0;
wpa_s-own_scan_running = 1;
if (wpa_s-last_scan_req == MANUAL_SCAN_REQ
@@ -3016,8 +3016,8 @@ void wpa_supplicant_event(void *ctx, enu
os_reltime_sub(now, wpa_s-scan_start_time, diff);
wpa_s-scan_start_time.sec = 0;
wpa_s-scan_start_time.usec = 0;
- wpa_dbg(wpa_s, MSG_DEBUG, Scan completed in %ld.%06ld seconds,
-diff.sec, diff.usec);
+ wpa_dbg(wpa_s, MSG_DEBUG, Scan completed in %jd.%06ld seconds,
+(intmax_t)diff.sec, (long)diff.usec);
}
wpa_supplicant_event_scan_results(wpa_s, data);
wpa_s-own_scan_running = 0;
Index: src/external/bsd/wpa/dist/wpa_supplicant/wpa_supplicant.c
diff -u src/external/bsd/wpa/dist/wpa_supplicant/wpa_supplicant.c:1.1.1.6 src/external/bsd/wpa/dist/wpa_supplicant/wpa_supplicant.c:1.2
--- src/external/bsd/wpa/dist/wpa_supplicant/wpa_supplicant.c:1.1.1.6 Thu Oct 16 19:16:02 2014
+++ src/external/bsd/wpa/dist/wpa_supplicant/wpa_supplicant.c Sun Oct 19 14:13:01 2014
@@ -3405,8 +3405,8 @@ static void radio_start_next_work(void *
os_get_reltime(now);
os_reltime_sub(now, work-time, diff);
- wpa_dbg(work-wpa_s, MSG_DEBUG, Starting radio work '%s'@%p after %ld.%06ld second wait,
- work-type, work, diff.sec, diff.usec);
+ wpa_dbg(work-wpa_s, MSG_DEBUG, Starting radio work '%s'@%p after %jd.%06ld second wait,
+ work-type, work, (intmax_t)diff.sec, (long)diff.usec);
work-started = 1;
work-time = now;
work-cb(work, 0);
@@ -3555,9 +3555,9 @@ void radio_work_done(struct wpa_radio_wo
os_get_reltime(now);
os_reltime_sub(now, work-time, diff);
- wpa_dbg(wpa_s, MSG_DEBUG, Radio work '%s'@%p %s in %ld.%06ld seconds,
+ wpa_dbg(wpa_s, MSG_DEBUG, Radio work '%s'@%p %s in %jd.%06ld seconds,
work-type, work, started ? done : canceled,
- diff.sec, diff.usec);
+ (intmax_t)diff.sec, (long)diff.usec);
radio_work_free(work);
if (started)
radio_work_check_next(wpa_s);
CVS commit: src/external/bsd/wpa/dist/src/utils
Module Name:src
Committed By: christos
Date: Fri Oct 17 02:57:42 UTC 2014
Modified Files:
src/external/bsd/wpa/dist/src/utils: os_unix.c
Log Message:
avoid variable array allocation that gcc can't figure out.
To generate a diff of this commit:
cvs rdiff -u -r1.1.1.5 -r1.2 src/external/bsd/wpa/dist/src/utils/os_unix.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/external/bsd/wpa/dist/src/utils/os_unix.c
diff -u src/external/bsd/wpa/dist/src/utils/os_unix.c:1.1.1.5 src/external/bsd/wpa/dist/src/utils/os_unix.c:1.2
--- src/external/bsd/wpa/dist/src/utils/os_unix.c:1.1.1.5 Thu Oct 16 15:16:08 2014
+++ src/external/bsd/wpa/dist/src/utils/os_unix.c Thu Oct 16 22:57:42 2014
@@ -570,7 +570,7 @@ int os_exec(const char *program, const c
if (pid == 0) {
/* run the external command in the child process */
- const int MAX_ARG = 30;
+#define MAX_ARG 30
char *_program, *_arg, *pos;
char *argv[MAX_ARG + 1];
int i;
CVS commit: src/external/bsd/wpa/dist/src/drivers
Module Name:src Committed By: jakllsch Date: Sun Jun 29 23:10:48 UTC 2014 Modified Files: src/external/bsd/wpa/dist/src/drivers: driver_bsd.c Log Message: Pass the scan result RSSI to the WPA code in a way that it understands. To generate a diff of this commit: cvs rdiff -u -r1.8 -r1.9 src/external/bsd/wpa/dist/src/drivers/driver_bsd.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/external/bsd/wpa/dist/src/drivers/driver_bsd.c diff -u src/external/bsd/wpa/dist/src/drivers/driver_bsd.c:1.8 src/external/bsd/wpa/dist/src/drivers/driver_bsd.c:1.9 --- src/external/bsd/wpa/dist/src/drivers/driver_bsd.c:1.8 Wed May 28 14:36:41 2014 +++ src/external/bsd/wpa/dist/src/drivers/driver_bsd.c Sun Jun 29 23:10:48 2014 @@ -1354,7 +1354,7 @@ wpa_driver_bsd_add_scan_entry(struct wpa result-freq = sr-isr_freq; result-beacon_int = sr-isr_intval; result-caps = sr-isr_capinfo; - result-qual = sr-isr_rssi; + result-level = sr-isr_rssi; result-noise = sr-isr_noise; pos = (u8 *)(result + 1);
CVS commit: src/external/bsd/wpa/dist/src/drivers
Module Name:src
Committed By: christos
Date: Wed May 28 14:36:41 UTC 2014
Modified Files:
src/external/bsd/wpa/dist/src/drivers: driver_bsd.c
Log Message:
CID 272959: NULL deref
To generate a diff of this commit:
cvs rdiff -u -r1.7 -r1.8 src/external/bsd/wpa/dist/src/drivers/driver_bsd.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/external/bsd/wpa/dist/src/drivers/driver_bsd.c
diff -u src/external/bsd/wpa/dist/src/drivers/driver_bsd.c:1.7 src/external/bsd/wpa/dist/src/drivers/driver_bsd.c:1.8
--- src/external/bsd/wpa/dist/src/drivers/driver_bsd.c:1.7 Thu Jan 2 21:08:17 2014
+++ src/external/bsd/wpa/dist/src/drivers/driver_bsd.c Wed May 28 10:36:41 2014
@@ -853,12 +853,13 @@ bsd_init(struct hostapd_data *hapd, stru
return drv;
bad:
- if (drv-sock_xmit != NULL)
- l2_packet_deinit(drv-sock_xmit);
- if (drv-sock = 0)
- close(drv-sock);
- if (drv != NULL)
+ if (drv != NULL) {
+ if (drv-sock_xmit != NULL)
+ l2_packet_deinit(drv-sock_xmit);
+ if (drv-sock = 0)
+ close(drv-sock);
os_free(drv);
+ }
return NULL;
}
CVS commit: src/external/bsd/wpa/dist/src/radius
Module Name:src
Committed By: joerg
Date: Thu Feb 27 17:42:23 UTC 2014
Modified Files:
src/external/bsd/wpa/dist/src/radius: radius_das.c
Log Message:
Timestamps can be quite large, so use llabs.
To generate a diff of this commit:
cvs rdiff -u -r1.1.1.1 -r1.2 \
src/external/bsd/wpa/dist/src/radius/radius_das.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/external/bsd/wpa/dist/src/radius/radius_das.c
diff -u src/external/bsd/wpa/dist/src/radius/radius_das.c:1.1.1.1 src/external/bsd/wpa/dist/src/radius/radius_das.c:1.2
--- src/external/bsd/wpa/dist/src/radius/radius_das.c:1.1.1.1 Fri Jan 3 02:04:58 2014
+++ src/external/bsd/wpa/dist/src/radius/radius_das.c Thu Feb 27 17:42:23 2014
@@ -200,7 +200,7 @@ static void radius_das_receive(int sock,
(u8 *) val, 4);
if (res == 4) {
u32 timestamp = ntohl(val);
- if (abs(now.sec - timestamp) das-time_window) {
+ if (llabs(now.sec - timestamp) das-time_window) {
wpa_printf(MSG_DEBUG, DAS: Unacceptable
Event-Timestamp (%u; local time %u) in
packet from %s:%d - drop,
CVS commit: src/external/bsd/wpa/dist/src
Module Name:src
Committed By: adam
Date: Wed Jul 17 21:47:50 UTC 2013
Modified Files:
src/external/bsd/wpa/dist/src/ap: wpa_auth.c
src/external/bsd/wpa/dist/src/eap_server: eap_server_tls_common.c
Log Message:
merge v1.1
To generate a diff of this commit:
cvs rdiff -u -r1.4 -r1.5 src/external/bsd/wpa/dist/src/ap/wpa_auth.c
cvs rdiff -u -r1.2 -r1.3 \
src/external/bsd/wpa/dist/src/eap_server/eap_server_tls_common.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/external/bsd/wpa/dist/src/ap/wpa_auth.c
diff -u src/external/bsd/wpa/dist/src/ap/wpa_auth.c:1.4 src/external/bsd/wpa/dist/src/ap/wpa_auth.c:1.5
--- src/external/bsd/wpa/dist/src/ap/wpa_auth.c:1.4 Mon Oct 8 00:03:20 2012
+++ src/external/bsd/wpa/dist/src/ap/wpa_auth.c Wed Jul 17 21:47:50 2013
@@ -2334,6 +2334,9 @@ static void wpa_group_gtk_init(struct wp
static int wpa_group_update_sta(struct wpa_state_machine *sm, void *ctx)
{
+ if (ctx != NULL ctx != sm-group)
+ return 0;
+
if (sm-wpa_ptk_state != WPA_PTK_PTKINITDONE) {
wpa_auth_logger(sm-wpa_auth, sm-addr, LOGGER_DEBUG,
Not in PTKINITDONE; skip Group Key update);
@@ -2388,7 +2391,7 @@ static void wpa_group_setkeys(struct wpa
group-GKeyDoneStations);
group-GKeyDoneStations = 0;
}
- wpa_auth_for_each_sta(wpa_auth, wpa_group_update_sta, NULL);
+ wpa_auth_for_each_sta(wpa_auth, wpa_group_update_sta, group);
wpa_printf(MSG_DEBUG, wpa_group_setkeys: GKeyDoneStations=%d,
group-GKeyDoneStations);
}
Index: src/external/bsd/wpa/dist/src/eap_server/eap_server_tls_common.c
diff -u src/external/bsd/wpa/dist/src/eap_server/eap_server_tls_common.c:1.2 src/external/bsd/wpa/dist/src/eap_server/eap_server_tls_common.c:1.3
--- src/external/bsd/wpa/dist/src/eap_server/eap_server_tls_common.c:1.2 Mon Oct 8 14:03:09 2012
+++ src/external/bsd/wpa/dist/src/eap_server/eap_server_tls_common.c Wed Jul 17 21:47:50 2013
@@ -230,6 +230,14 @@ static int eap_server_tls_process_fragme
return -1;
}
+ if (len message_length) {
+ wpa_printf(MSG_INFO, SSL: Too much data (%d bytes) in
+ first fragment of frame (TLS Message
+ Length %d bytes),
+ (int) len, (int) message_length);
+ return -1;
+ }
+
data-tls_in = wpabuf_alloc(message_length);
if (data-tls_in == NULL) {
wpa_printf(MSG_DEBUG, SSL: No memory for message);
CVS commit: src/external/bsd/wpa/dist/src/eap_server
Module Name:src
Committed By: christos
Date: Mon Oct 8 14:03:09 UTC 2012
Modified Files:
src/external/bsd/wpa/dist/src/eap_server: eap_server_tls_common.c
Log Message:
EXP-TLS server: Fix TLS Message Length validation:
http://w1.fi/gitweb/gitweb.cgi?p=hostap.git;a=commitdiff;\
h=586c446e0ff42ae00315b014924ec669023bd8de
http://www.pre-cert.de/advisories/PRE-SA-2012-07.txt
To generate a diff of this commit:
cvs rdiff -u -r1.1.1.2 -r1.2 \
src/external/bsd/wpa/dist/src/eap_server/eap_server_tls_common.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/external/bsd/wpa/dist/src/eap_server/eap_server_tls_common.c
diff -u src/external/bsd/wpa/dist/src/eap_server/eap_server_tls_common.c:1.1.1.2 src/external/bsd/wpa/dist/src/eap_server/eap_server_tls_common.c:1.2
--- src/external/bsd/wpa/dist/src/eap_server/eap_server_tls_common.c:1.1.1.2 Sun Oct 7 19:47:03 2012
+++ src/external/bsd/wpa/dist/src/eap_server/eap_server_tls_common.c Mon Oct 8 10:03:09 2012
@@ -223,6 +223,12 @@ static int eap_server_tls_process_fragme
over 64 kB));
return -1;
}
+ if (len message_length) {
+ wpa_printf(MSG_INFO, SSL: Too much data (%zu bytes)
+ in first fragment of frame (TLS Message
+ Length %u bytes), len, message_length);
+ return -1;
+ }
data-tls_in = wpabuf_alloc(message_length);
if (data-tls_in == NULL) {
CVS commit: src/external/bsd/wpa/dist
Module Name:src Committed By: christos Date: Sun Oct 7 23:48:31 UTC 2012 Update of /cvsroot/src/external/bsd/wpa/dist In directory ivanova.netbsd.org:/tmp/cvs-serv28692 Log Message: from hostap.epitest.fi Status: Vendor Tag: MALINEN Release Tags: v1_0 U src/external/bsd/wpa/dist/COPYING U src/external/bsd/wpa/dist/README U src/external/bsd/wpa/dist/hostapd/config_file.c N src/external/bsd/wpa/dist/hostapd/Android.mk U src/external/bsd/wpa/dist/hostapd/ChangeLog U src/external/bsd/wpa/dist/hostapd/Makefile U src/external/bsd/wpa/dist/hostapd/README U src/external/bsd/wpa/dist/hostapd/README-WPS U src/external/bsd/wpa/dist/hostapd/hlr_auc_gw.milenage_db U src/external/bsd/wpa/dist/hostapd/config_file.h U src/external/bsd/wpa/dist/hostapd/ctrl_iface.c U src/external/bsd/wpa/dist/hostapd/ctrl_iface.h U src/external/bsd/wpa/dist/hostapd/defconfig U src/external/bsd/wpa/dist/hostapd/dump_state.c U src/external/bsd/wpa/dist/hostapd/dump_state.h U src/external/bsd/wpa/dist/hostapd/eap_register.c U src/external/bsd/wpa/dist/hostapd/eap_register.h U src/external/bsd/wpa/dist/hostapd/eap_testing.txt U src/external/bsd/wpa/dist/hostapd/hlr_auc_gw.c U src/external/bsd/wpa/dist/hostapd/hostapd.accept U src/external/bsd/wpa/dist/hostapd/hostapd.8 U src/external/bsd/wpa/dist/hostapd/hostapd.eap_user U src/external/bsd/wpa/dist/hostapd/main.c U src/external/bsd/wpa/dist/hostapd/hostapd.conf U src/external/bsd/wpa/dist/hostapd/hostapd.deny U src/external/bsd/wpa/dist/hostapd/hostapd.radius_clients U src/external/bsd/wpa/dist/hostapd/hostapd.sim_db U src/external/bsd/wpa/dist/hostapd/hostapd.vlan U src/external/bsd/wpa/dist/hostapd/hostapd.wpa_psk U src/external/bsd/wpa/dist/hostapd/hostapd_cli.1 C src/external/bsd/wpa/dist/hostapd/hostapd_cli.c U src/external/bsd/wpa/dist/hostapd/nt_password_hash.c U src/external/bsd/wpa/dist/hostapd/wired.conf U src/external/bsd/wpa/dist/hostapd/logwatch/hostapd.conf U src/external/bsd/wpa/dist/hostapd/logwatch/README U src/external/bsd/wpa/dist/hostapd/logwatch/hostapd U src/external/bsd/wpa/dist/patches/openssl-0.9.8i-tls-extensions.patch U src/external/bsd/wpa/dist/patches/openssl-0.9.9-session-ticket.patch U src/external/bsd/wpa/dist/patches/openssl-0.9.8e-tls-extensions.patch U src/external/bsd/wpa/dist/patches/openssl-0.9.8g-tls-extensions.patch U src/external/bsd/wpa/dist/patches/openssl-0.9.8d-tls-extensions.patch U src/external/bsd/wpa/dist/patches/openssl-0.9.8-tls-extensions.patch U src/external/bsd/wpa/dist/patches/openssl-0.9.8h-tls-extensions.patch U src/external/bsd/wpa/dist/src/lib.rules U src/external/bsd/wpa/dist/src/Makefile U src/external/bsd/wpa/dist/src/eap_server/eap_methods.h U src/external/bsd/wpa/dist/src/eap_server/ikev2.c U src/external/bsd/wpa/dist/src/eap_server/eap_server_tls_common.c U src/external/bsd/wpa/dist/src/eap_server/eap_server_tnc.c U src/external/bsd/wpa/dist/src/eap_server/eap_server_sim.c U src/external/bsd/wpa/dist/src/eap_server/eap_server_md5.c U src/external/bsd/wpa/dist/src/eap_server/eap_server_vendor_test.c U src/external/bsd/wpa/dist/src/eap_server/tncs.h U src/external/bsd/wpa/dist/src/eap_server/eap_i.h U src/external/bsd/wpa/dist/src/eap_server/ikev2.h U src/external/bsd/wpa/dist/src/eap_server/eap_server_methods.c U src/external/bsd/wpa/dist/src/eap_server/eap_server_psk.c U src/external/bsd/wpa/dist/src/eap_server/eap_server_identity.c U src/external/bsd/wpa/dist/src/eap_server/eap_server_wsc.c U src/external/bsd/wpa/dist/src/eap_server/eap_tls_common.h U src/external/bsd/wpa/dist/src/eap_server/tncs.c U src/external/bsd/wpa/dist/src/eap_server/eap_sim_db.h U src/external/bsd/wpa/dist/src/eap_server/eap_server_peap.c U src/external/bsd/wpa/dist/src/eap_server/Makefile U src/external/bsd/wpa/dist/src/eap_server/eap_server.c U src/external/bsd/wpa/dist/src/eap_server/eap_server_ttls.c U src/external/bsd/wpa/dist/src/eap_server/eap_server_sake.c U src/external/bsd/wpa/dist/src/eap_server/eap_server_pax.c U src/external/bsd/wpa/dist/src/eap_server/eap_server_fast.c U src/external/bsd/wpa/dist/src/eap_server/eap_server_tls.c U src/external/bsd/wpa/dist/src/eap_server/eap_server_aka.c U src/external/bsd/wpa/dist/src/eap_server/eap_server_gtc.c U src/external/bsd/wpa/dist/src/eap_server/eap_sim_db.c U src/external/bsd/wpa/dist/src/eap_server/eap_server_mschapv2.c U src/external/bsd/wpa/dist/src/eap_server/eap_server_ikev2.c U src/external/bsd/wpa/dist/src/eap_server/eap_server_gpsk.c N src/external/bsd/wpa/dist/src/eap_server/eap_server_pwd.c U src/external/bsd/wpa/dist/src/eap_server/eap.h U src/external/bsd/wpa/dist/src/radius/radius_client.c U src/external/bsd/wpa/dist/src/radius/radius.h U src/external/bsd/wpa/dist/src/radius/.gitignore U src/external/bsd/wpa/dist/src/radius/radius_server.c U src/external/bsd/wpa/dist/src/radius/radius_server.h U src/external/bsd/wpa/dist/src/radius/Makefile U src/external/bsd/wpa/dist/src/radius/radius_client.h U
CVS commit: src/external/bsd/wpa/dist/src
Module Name:src
Committed By: plunky
Date: Sat Sep 15 18:37:28 UTC 2012
Modified Files:
src/external/bsd/wpa/dist/src/drivers: driver_test.c
src/external/bsd/wpa/dist/src/utils: eloop.c trace.h
Log Message:
WPA_TRACE_REF() provides optional content, potentially leaving an extra
semicolon within the struct declarator list. This is not permitted
according to C99 6.7.2.1 Structure and union specifiers, so instead
have the macro provide the semicolon as required.
To generate a diff of this commit:
cvs rdiff -u -r1.1.1.1 -r1.2 \
src/external/bsd/wpa/dist/src/drivers/driver_test.c
cvs rdiff -u -r1.1.1.2 -r1.2 src/external/bsd/wpa/dist/src/utils/eloop.c
cvs rdiff -u -r1.1.1.1 -r1.2 src/external/bsd/wpa/dist/src/utils/trace.h
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/external/bsd/wpa/dist/src/drivers/driver_test.c
diff -u src/external/bsd/wpa/dist/src/drivers/driver_test.c:1.1.1.1 src/external/bsd/wpa/dist/src/drivers/driver_test.c:1.2
--- src/external/bsd/wpa/dist/src/drivers/driver_test.c:1.1.1.1 Wed Aug 4 10:21:50 2010
+++ src/external/bsd/wpa/dist/src/drivers/driver_test.c Sat Sep 15 18:37:27 2012
@@ -70,7 +70,7 @@ struct wpa_driver_test_global {
struct wpa_driver_test_data {
struct wpa_driver_test_global *global;
void *ctx;
- WPA_TRACE_REF(ctx);
+ WPA_TRACE_REF(ctx)
u8 own_addr[ETH_ALEN];
int test_socket;
#ifdef DRIVER_TEST_UNIX
Index: src/external/bsd/wpa/dist/src/utils/eloop.c
diff -u src/external/bsd/wpa/dist/src/utils/eloop.c:1.1.1.2 src/external/bsd/wpa/dist/src/utils/eloop.c:1.2
--- src/external/bsd/wpa/dist/src/utils/eloop.c:1.1.1.2 Sat Sep 10 20:54:05 2011
+++ src/external/bsd/wpa/dist/src/utils/eloop.c Sat Sep 15 18:37:28 2012
@@ -25,8 +25,8 @@ struct eloop_sock {
void *eloop_data;
void *user_data;
eloop_sock_handler handler;
- WPA_TRACE_REF(eloop);
- WPA_TRACE_REF(user);
+ WPA_TRACE_REF(eloop)
+ WPA_TRACE_REF(user)
WPA_TRACE_INFO
};
@@ -36,8 +36,8 @@ struct eloop_timeout {
void *eloop_data;
void *user_data;
eloop_timeout_handler handler;
- WPA_TRACE_REF(eloop);
- WPA_TRACE_REF(user);
+ WPA_TRACE_REF(eloop)
+ WPA_TRACE_REF(user)
WPA_TRACE_INFO
};
Index: src/external/bsd/wpa/dist/src/utils/trace.h
diff -u src/external/bsd/wpa/dist/src/utils/trace.h:1.1.1.1 src/external/bsd/wpa/dist/src/utils/trace.h:1.2
--- src/external/bsd/wpa/dist/src/utils/trace.h:1.1.1.1 Wed Aug 4 10:18:41 2010
+++ src/external/bsd/wpa/dist/src/utils/trace.h Sat Sep 15 18:37:28 2012
@@ -29,7 +29,7 @@ struct wpa_trace_ref {
const void *addr;
WPA_TRACE_INFO
};
-#define WPA_TRACE_REF(name) struct wpa_trace_ref wpa_trace_ref_##name
+#define WPA_TRACE_REF(name) struct wpa_trace_ref wpa_trace_ref_##name;
#define wpa_trace_dump(title, ptr) \
wpa_trace_dump_func((title), (ptr)-btrace, (ptr)-btrace_num)
CVS commit: src/external/bsd/wpa/dist/src/drivers
Module Name:src
Committed By: nakayama
Date: Sun May 13 10:21:02 UTC 2012
Modified Files:
src/external/bsd/wpa/dist/src/drivers: driver_bsd.c
Log Message:
Make WPA works on big-endian machines.
Need byte swapping to copy seq to member ik_keyrsc. The code is
borrowed from driver_madwifi.c.
To generate a diff of this commit:
cvs rdiff -u -r1.4 -r1.5 src/external/bsd/wpa/dist/src/drivers/driver_bsd.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/external/bsd/wpa/dist/src/drivers/driver_bsd.c
diff -u src/external/bsd/wpa/dist/src/drivers/driver_bsd.c:1.4 src/external/bsd/wpa/dist/src/drivers/driver_bsd.c:1.5
--- src/external/bsd/wpa/dist/src/drivers/driver_bsd.c:1.4 Sat Dec 25 20:45:49 2010
+++ src/external/bsd/wpa/dist/src/drivers/driver_bsd.c Sun May 13 10:21:02 2012
@@ -347,7 +347,19 @@ bsd_set_key(const char *ifname, void *pr
if (wk.ik_keyix != IEEE80211_KEYIX_NONE set_tx)
wk.ik_flags |= IEEE80211_KEY_DEFAULT;
wk.ik_keylen = key_len;
+#ifdef WORDS_BIGENDIAN
+#define WPA_KEY_RSC_LEN 8
+ {
+ size_t i;
+ u8 tmp[WPA_KEY_RSC_LEN];
+ os_memset(tmp, 0, sizeof(tmp));
+ for (i = 0; i seq_len; i++)
+ tmp[WPA_KEY_RSC_LEN - i - 1] = seq[i];
+ os_memcpy(wk.ik_keyrsc, tmp, WPA_KEY_RSC_LEN);
+ }
+#else /* WORDS_BIGENDIAN */
os_memcpy(wk.ik_keyrsc, seq, seq_len);
+#endif /* WORDS_BIGENDIAN */
os_memcpy(wk.ik_keydata, key, key_len);
return set80211var(priv, IEEE80211_IOC_WPAKEY, wk, sizeof(wk));
CVS commit: src/external/bsd/wpa/dist
Module Name:src Committed By: christos Date: Sat Sep 10 20:56:00 UTC 2011 Update of /cvsroot/src/external/bsd/wpa/dist In directory ivanova.netbsd.org:/tmp/cvs-serv12221 Log Message: Import wpa_supplicant and hostapd Status: Vendor Tag: MALINEN Release Tags: v0_7_3 U src/external/bsd/wpa/dist/COPYING U src/external/bsd/wpa/dist/README U src/external/bsd/wpa/dist/patches/openssl-0.9.9-session-ticket.patch U src/external/bsd/wpa/dist/patches/openssl-0.9.8g-tls-extensions.patch U src/external/bsd/wpa/dist/patches/openssl-0.9.8-tls-extensions.patch U src/external/bsd/wpa/dist/patches/openssl-0.9.8h-tls-extensions.patch U src/external/bsd/wpa/dist/patches/openssl-0.9.8i-tls-extensions.patch U src/external/bsd/wpa/dist/patches/openssl-0.9.8e-tls-extensions.patch U src/external/bsd/wpa/dist/patches/openssl-0.9.8d-tls-extensions.patch U src/external/bsd/wpa/dist/hostapd/config_file.c U src/external/bsd/wpa/dist/hostapd/.gitignore U src/external/bsd/wpa/dist/hostapd/ChangeLog U src/external/bsd/wpa/dist/hostapd/Makefile U src/external/bsd/wpa/dist/hostapd/README U src/external/bsd/wpa/dist/hostapd/README-WPS U src/external/bsd/wpa/dist/hostapd/hlr_auc_gw.milenage_db U src/external/bsd/wpa/dist/hostapd/config_file.h U src/external/bsd/wpa/dist/hostapd/ctrl_iface.c U src/external/bsd/wpa/dist/hostapd/ctrl_iface.h U src/external/bsd/wpa/dist/hostapd/defconfig U src/external/bsd/wpa/dist/hostapd/dump_state.c U src/external/bsd/wpa/dist/hostapd/dump_state.h U src/external/bsd/wpa/dist/hostapd/eap_register.c U src/external/bsd/wpa/dist/hostapd/eap_register.h U src/external/bsd/wpa/dist/hostapd/eap_testing.txt U src/external/bsd/wpa/dist/hostapd/hlr_auc_gw.c U src/external/bsd/wpa/dist/hostapd/hostapd.accept U src/external/bsd/wpa/dist/hostapd/hostapd.8 U src/external/bsd/wpa/dist/hostapd/hostapd.eap_user U src/external/bsd/wpa/dist/hostapd/main.c U src/external/bsd/wpa/dist/hostapd/hostapd.conf U src/external/bsd/wpa/dist/hostapd/hostapd.deny U src/external/bsd/wpa/dist/hostapd/hostapd.radius_clients U src/external/bsd/wpa/dist/hostapd/hostapd.sim_db U src/external/bsd/wpa/dist/hostapd/hostapd.vlan U src/external/bsd/wpa/dist/hostapd/hostapd.wpa_psk U src/external/bsd/wpa/dist/hostapd/hostapd_cli.1 C src/external/bsd/wpa/dist/hostapd/hostapd_cli.c U src/external/bsd/wpa/dist/hostapd/nt_password_hash.c U src/external/bsd/wpa/dist/hostapd/wired.conf U src/external/bsd/wpa/dist/hostapd/logwatch/hostapd.conf U src/external/bsd/wpa/dist/hostapd/logwatch/README U src/external/bsd/wpa/dist/hostapd/logwatch/hostapd U src/external/bsd/wpa/dist/src/Makefile U src/external/bsd/wpa/dist/src/lib.rules U src/external/bsd/wpa/dist/src/ap/drv_callbacks.c C src/external/bsd/wpa/dist/src/ap/wpa_auth.c U src/external/bsd/wpa/dist/src/ap/hostapd.c U src/external/bsd/wpa/dist/src/ap/ieee802_1x.h U src/external/bsd/wpa/dist/src/ap/ieee802_11_auth.h U src/external/bsd/wpa/dist/src/ap/sta_info.c U src/external/bsd/wpa/dist/src/ap/Makefile U src/external/bsd/wpa/dist/src/ap/tkip_countermeasures.c U src/external/bsd/wpa/dist/src/ap/ieee802_11_auth.c U src/external/bsd/wpa/dist/src/ap/hw_features.c U src/external/bsd/wpa/dist/src/ap/wpa_auth_ie.c U src/external/bsd/wpa/dist/src/ap/preauth_auth.c U src/external/bsd/wpa/dist/src/ap/wpa_auth_ie.h U src/external/bsd/wpa/dist/src/ap/vlan_init.c U src/external/bsd/wpa/dist/src/ap/ap_config.c U src/external/bsd/wpa/dist/src/ap/hw_features.h U src/external/bsd/wpa/dist/src/ap/ieee802_1x.c U src/external/bsd/wpa/dist/src/ap/tkip_countermeasures.h U src/external/bsd/wpa/dist/src/ap/ap_config.h U src/external/bsd/wpa/dist/src/ap/sta_info.h U src/external/bsd/wpa/dist/src/ap/pmksa_cache_auth.h U src/external/bsd/wpa/dist/src/ap/ieee802_11_ht.c U src/external/bsd/wpa/dist/src/ap/wpa_auth_i.h U src/external/bsd/wpa/dist/src/ap/iapp.c U src/external/bsd/wpa/dist/src/ap/ieee802_11.c U src/external/bsd/wpa/dist/src/ap/beacon.c U src/external/bsd/wpa/dist/src/ap/wmm.c U src/external/bsd/wpa/dist/src/ap/wpa_auth_ft.c U src/external/bsd/wpa/dist/src/ap/wpa_auth_glue.c U src/external/bsd/wpa/dist/src/ap/ap_drv_ops.h U src/external/bsd/wpa/dist/src/ap/accounting.h U src/external/bsd/wpa/dist/src/ap/wpa_auth.h U src/external/bsd/wpa/dist/src/ap/wmm.h U src/external/bsd/wpa/dist/src/ap/ap_mlme.h U src/external/bsd/wpa/dist/src/ap/ap_mlme.c U src/external/bsd/wpa/dist/src/ap/utils.c U src/external/bsd/wpa/dist/src/ap/ctrl_iface_ap.h U src/external/bsd/wpa/dist/src/ap/ap_list.h U src/external/bsd/wpa/dist/src/ap/accounting.c U src/external/bsd/wpa/dist/src/ap/peerkey_auth.c U src/external/bsd/wpa/dist/src/ap/authsrv.h U src/external/bsd/wpa/dist/src/ap/wps_hostapd.h U src/external/bsd/wpa/dist/src/ap/iapp.h U src/external/bsd/wpa/dist/src/ap/vlan_init.h U src/external/bsd/wpa/dist/src/ap/ap_drv_ops.c U src/external/bsd/wpa/dist/src/ap/pmksa_cache_auth.c U src/external/bsd/wpa/dist/src/ap/wpa_auth_glue.h U src/external/bsd/wpa/dist/src/ap/ctrl_iface_ap.c U
CVS commit: src/external/bsd/wpa/dist
Module Name:src
Committed By: christos
Date: Sat Sep 10 20:59:03 UTC 2011
Modified Files:
src/external/bsd/wpa/dist/hostapd: hostapd_cli.c
src/external/bsd/wpa/dist/src/ap: wpa_auth.c
Log Message:
merge 0.7.3
To generate a diff of this commit:
cvs rdiff -u -r1.2 -r1.3 src/external/bsd/wpa/dist/hostapd/hostapd_cli.c
cvs rdiff -u -r1.2 -r1.3 src/external/bsd/wpa/dist/src/ap/wpa_auth.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/external/bsd/wpa/dist/hostapd/hostapd_cli.c
diff -u src/external/bsd/wpa/dist/hostapd/hostapd_cli.c:1.2 src/external/bsd/wpa/dist/hostapd/hostapd_cli.c:1.3
--- src/external/bsd/wpa/dist/hostapd/hostapd_cli.c:1.2 Wed Aug 4 13:12:34 2010
+++ src/external/bsd/wpa/dist/hostapd/hostapd_cli.c Sat Sep 10 16:59:03 2011
@@ -94,6 +94,7 @@
#ifdef CONFIG_WPS_OOB
wps_oob type path method use WPS with out-of-band (UFD)\n
#endif /* CONFIG_WPS_OOB */
+ wps_ap_pin cmd [params..] enable/disable AP PIN\n
#endif /* CONFIG_WPS */
help show this usage help\n
interface [ifname] show interfaces/select interface\n
@@ -405,6 +406,27 @@
return wpa_ctrl_command(ctrl, cmd);
}
#endif /* CONFIG_WPS_OOB */
+
+
+static int hostapd_cli_cmd_wps_ap_pin(struct wpa_ctrl *ctrl, int argc,
+ char *argv[])
+{
+ char buf[64];
+ if (argc 1) {
+ printf(Invalid 'wps_ap_pin' command - at least one argument
+ is required.\n);
+ return -1;
+ }
+ if (argc 2)
+ snprintf(buf, sizeof(buf), WPS_AP_PIN %s %s %s,
+ argv[0], argv[1], argv[2]);
+ else if (argc 1)
+ snprintf(buf, sizeof(buf), WPS_AP_PIN %s %s,
+ argv[0], argv[1]);
+ else
+ snprintf(buf, sizeof(buf), WPS_AP_PIN %s, argv[0]);
+ return wpa_ctrl_command(ctrl, buf);
+}
#endif /* CONFIG_WPS */
@@ -567,6 +589,7 @@
#ifdef CONFIG_WPS_OOB
{ wps_oob, hostapd_cli_cmd_wps_oob },
#endif /* CONFIG_WPS_OOB */
+ { wps_ap_pin, hostapd_cli_cmd_wps_ap_pin },
#endif /* CONFIG_WPS */
{ help, hostapd_cli_cmd_help },
{ interface, hostapd_cli_cmd_interface },
Index: src/external/bsd/wpa/dist/src/ap/wpa_auth.c
diff -u src/external/bsd/wpa/dist/src/ap/wpa_auth.c:1.2 src/external/bsd/wpa/dist/src/ap/wpa_auth.c:1.3
--- src/external/bsd/wpa/dist/src/ap/wpa_auth.c:1.2 Sun Feb 27 13:07:42 2011
+++ src/external/bsd/wpa/dist/src/ap/wpa_auth.c Sat Sep 10 16:59:03 2011
@@ -1274,6 +1274,24 @@
break;
case WPA_REAUTH:
case WPA_REAUTH_EAPOL:
+ if (!sm-started) {
+ /*
+ * When using WPS, we may end up here if the STA
+ * manages to re-associate without the previous STA
+ * entry getting removed. Consequently, we need to make
+ * sure that the WPA state machines gets initialized
+ * properly at this point.
+ */
+ wpa_printf(MSG_DEBUG, WPA state machine had not been
+ started - initialize now);
+ sm-started = 1;
+ sm-Init = TRUE;
+ if (wpa_sm_step(sm) == 1)
+return 1; /* should not really happen */
+ sm-Init = FALSE;
+ sm-AuthenticationRequest = TRUE;
+ break;
+ }
if (sm-GUpdateStationKeys) {
/*
* Reauthentication cancels the pending group key
CVS commit: src/external/bsd/wpa/dist/src/ap
Module Name:src
Committed By: plunky
Date: Sun Feb 27 18:07:43 UTC 2011
Modified Files:
src/external/bsd/wpa/dist/src/ap: wpa_auth.c
Log Message:
avoid preprocessor directives in macro arguments
has been committed upstream at
http://hostap.epitest.fi/gitweb/gitweb.cgi?p=hostap.git;a=blobdiff;f=src/ap/wpa_auth.c;h=7ad60a23d999082a00e9be672d4b55a19c46a4bb;hp=13e8ec43895a67d6d825b5c2a199499232dbafcb;hb=8ce58ceb250f101ee66682a4149cc652a30a74da;hpb=73304dbf65c3da859b1c51e6be32457e9ec9932d
To generate a diff of this commit:
cvs rdiff -u -r1.1.1.1 -r1.2 src/external/bsd/wpa/dist/src/ap/wpa_auth.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/external/bsd/wpa/dist/src/ap/wpa_auth.c
diff -u src/external/bsd/wpa/dist/src/ap/wpa_auth.c:1.1.1.1 src/external/bsd/wpa/dist/src/ap/wpa_auth.c:1.2
--- src/external/bsd/wpa/dist/src/ap/wpa_auth.c:1.1.1.1 Wed Aug 4 10:18:00 2010
+++ src/external/bsd/wpa/dist/src/ap/wpa_auth.c Sun Feb 27 18:07:42 2011
@@ -2327,19 +2327,21 @@
{
int len = 0, ret;
char pmkid_txt[PMKID_LEN * 2 + 1];
+#ifdef CONFIG_RSN_PREAUTH
+ const int preauth = 1;
+#else /* CONFIG_RSN_PREAUTH */
+ const int preauth = 0;
+#endif /* CONFIG_RSN_PREAUTH */
if (wpa_auth == NULL)
return len;
ret = os_snprintf(buf + len, buflen - len,
dot11RSNAOptionImplemented=TRUE\n
-#ifdef CONFIG_RSN_PREAUTH
- dot11RSNAPreauthenticationImplemented=TRUE\n
-#else /* CONFIG_RSN_PREAUTH */
- dot11RSNAPreauthenticationImplemented=FALSE\n
-#endif /* CONFIG_RSN_PREAUTH */
+ dot11RSNAPreauthenticationImplemented=%s\n
dot11RSNAEnabled=%s\n
dot11RSNAPreauthenticationEnabled=%s\n,
+ wpa_bool_txt(preauth),
wpa_bool_txt(wpa_auth-conf.wpa WPA_PROTO_RSN),
wpa_bool_txt(wpa_auth-conf.rsn_preauth));
if (ret 0 || (size_t) ret = buflen - len)
CVS commit: src/external/bsd/wpa/dist/src/drivers
Module Name:src
Committed By: christos
Date: Sat Dec 25 20:45:50 UTC 2010
Modified Files:
src/external/bsd/wpa/dist/src/drivers: driver_bsd.c
Log Message:
fix debugging:
- don't print junk for the interface name
- parse and print known rtm messages we get
To generate a diff of this commit:
cvs rdiff -u -r1.3 -r1.4 src/external/bsd/wpa/dist/src/drivers/driver_bsd.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/external/bsd/wpa/dist/src/drivers/driver_bsd.c
diff -u src/external/bsd/wpa/dist/src/drivers/driver_bsd.c:1.3 src/external/bsd/wpa/dist/src/drivers/driver_bsd.c:1.4
--- src/external/bsd/wpa/dist/src/drivers/driver_bsd.c:1.3 Thu Aug 5 10:03:17 2010
+++ src/external/bsd/wpa/dist/src/drivers/driver_bsd.c Sat Dec 25 15:45:49 2010
@@ -1258,22 +1258,41 @@
wpa_supplicant_event(ctx, EVENT_INTERFACE_STATUS, event);
} else if ((ifm-ifm_flags IFF_UP) != 0
(drv-flags IFF_UP) == 0) {
- strlcpy(event.interface_status.ifname, drv-ifname,
+ os_strlcpy(event.interface_status.ifname, drv-ifname,
sizeof(event.interface_status.ifname));
event.interface_status.ievent = EVENT_INTERFACE_ADDED;
wpa_printf(MSG_DEBUG, RTM_IFINFO: Interface '%s' UP,
event.interface_status.ifname);
wpa_supplicant_event(ctx, EVENT_INTERFACE_STATUS, event);
} else {
+ os_strlcpy(event.interface_status.ifname, drv-ifname,
+sizeof(event.interface_status.ifname));
wpa_printf(MSG_DEBUG, RTM_IFINFO: Interface '%s'
if=%x drv=%x, event.interface_status.ifname,
ifm-ifm_flags, drv-flags);
}
drv-flags = ifm-ifm_flags;
break;
+#ifdef RTM_OIFINFO
+ case RTM_OIFINFO:
+ wpa_printf(MSG_DEBUG, RTM_OIFINFO ignored);
+ break;
+#endif
+#ifdef RTM_OOIFINFO
+ case RTM_OOIFINFO:
+ wpa_printf(MSG_DEBUG, RTM_OOIFINFO ignored);
+ break;
+#endif
+#ifdef RTM_LOSING
case RTM_LOSING:
- wpa_printf(MSG_DEBUG, RTM_LOSING: %d, rtm-rtm_type);
+ wpa_printf(MSG_DEBUG, RTM_LOSING ignored);
+ break;
+#endif
+#ifdef RTM_MISS
+ case RTM_MISS:
+ wpa_printf(MSG_DEBUG, RTM_MISS ignored);
break;
+#endif
default:
wpa_printf(MSG_DEBUG, RTM_???: %d, rtm-rtm_type);
break;
CVS commit: src/external/bsd/wpa/dist/src/l2_packet
Module Name:src Committed By: mrg Date: Sun Dec 5 08:43:24 UTC 2010 Modified Files: src/external/bsd/wpa/dist/src/l2_packet: l2_packet_freebsd.c Log Message: netbsd needs net/bpf.h, too. To generate a diff of this commit: cvs rdiff -u -r1.1.1.1 -r1.2 \ src/external/bsd/wpa/dist/src/l2_packet/l2_packet_freebsd.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/external/bsd/wpa/dist/src/l2_packet/l2_packet_freebsd.c diff -u src/external/bsd/wpa/dist/src/l2_packet/l2_packet_freebsd.c:1.1.1.1 src/external/bsd/wpa/dist/src/l2_packet/l2_packet_freebsd.c:1.2 --- src/external/bsd/wpa/dist/src/l2_packet/l2_packet_freebsd.c:1.1.1.1 Wed Aug 4 10:20:22 2010 +++ src/external/bsd/wpa/dist/src/l2_packet/l2_packet_freebsd.c Sun Dec 5 08:43:23 2010 @@ -14,7 +14,7 @@ */ #include includes.h -#if defined(__APPLE__) || defined(__GLIBC__) +#if defined(__APPLE__) || defined(__GLIBC__) || defined(__NetBSD__) #include net/bpf.h #endif /* __APPLE__ */ #include pcap.h
CVS commit: src/external/bsd/wpa/dist/src/drivers
Module Name:src
Committed By: dogcow
Date: Thu Aug 5 14:03:17 UTC 2010
Modified Files:
src/external/bsd/wpa/dist/src/drivers: driver_bsd.c
Log Message:
Fix build on big-endian hosts.
To generate a diff of this commit:
cvs rdiff -u -r1.2 -r1.3 src/external/bsd/wpa/dist/src/drivers/driver_bsd.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/external/bsd/wpa/dist/src/drivers/driver_bsd.c
diff -u src/external/bsd/wpa/dist/src/drivers/driver_bsd.c:1.2 src/external/bsd/wpa/dist/src/drivers/driver_bsd.c:1.3
--- src/external/bsd/wpa/dist/src/drivers/driver_bsd.c:1.2 Wed Aug 4 17:12:34 2010
+++ src/external/bsd/wpa/dist/src/drivers/driver_bsd.c Thu Aug 5 14:03:17 2010
@@ -626,6 +626,9 @@
}
#ifdef WORDS_BIGENDIAN
+#ifndef WPA_KEY_RSC_LEN
+#define WPA_KEY_RSC_LEN 8
+#endif
{
/*
* wk.ik_keytsc is in host byte order (big endian), need to
CVS commit: src/external/bsd/wpa/dist
Module Name:src Committed By: christos Date: Wed Aug 4 10:24:46 UTC 2010 Update of /cvsroot/src/external/bsd/wpa/dist In directory ivanova.netbsd.org:/tmp/cvs-serv9405 Log Message: Import wpa_supplicant and hostapd Status: Vendor Tag: MALINEN Release Tags: v0_7_2 N src/external/bsd/wpa/dist/COPYING N src/external/bsd/wpa/dist/README N src/external/bsd/wpa/dist/patches/openssl-0.9.9-session-ticket.patch N src/external/bsd/wpa/dist/patches/openssl-0.9.8g-tls-extensions.patch N src/external/bsd/wpa/dist/patches/openssl-0.9.8-tls-extensions.patch N src/external/bsd/wpa/dist/patches/openssl-0.9.8h-tls-extensions.patch N src/external/bsd/wpa/dist/patches/openssl-0.9.8i-tls-extensions.patch N src/external/bsd/wpa/dist/patches/openssl-0.9.8e-tls-extensions.patch N src/external/bsd/wpa/dist/patches/openssl-0.9.8d-tls-extensions.patch N src/external/bsd/wpa/dist/src/Makefile N src/external/bsd/wpa/dist/src/lib.rules N src/external/bsd/wpa/dist/src/ap/drv_callbacks.c N src/external/bsd/wpa/dist/src/ap/wpa_auth.c N src/external/bsd/wpa/dist/src/ap/hostapd.c N src/external/bsd/wpa/dist/src/ap/ieee802_1x.h N src/external/bsd/wpa/dist/src/ap/ieee802_11_auth.h N src/external/bsd/wpa/dist/src/ap/sta_info.c N src/external/bsd/wpa/dist/src/ap/Makefile N src/external/bsd/wpa/dist/src/ap/tkip_countermeasures.c N src/external/bsd/wpa/dist/src/ap/ieee802_11_auth.c N src/external/bsd/wpa/dist/src/ap/hw_features.c N src/external/bsd/wpa/dist/src/ap/wpa_auth_ie.c N src/external/bsd/wpa/dist/src/ap/preauth_auth.c N src/external/bsd/wpa/dist/src/ap/wpa_auth_ie.h N src/external/bsd/wpa/dist/src/ap/vlan_init.c N src/external/bsd/wpa/dist/src/ap/ap_config.c N src/external/bsd/wpa/dist/src/ap/hw_features.h N src/external/bsd/wpa/dist/src/ap/ieee802_1x.c N src/external/bsd/wpa/dist/src/ap/tkip_countermeasures.h N src/external/bsd/wpa/dist/src/ap/ap_config.h N src/external/bsd/wpa/dist/src/ap/sta_info.h N src/external/bsd/wpa/dist/src/ap/pmksa_cache_auth.h N src/external/bsd/wpa/dist/src/ap/ieee802_11_ht.c N src/external/bsd/wpa/dist/src/ap/wpa_auth_i.h N src/external/bsd/wpa/dist/src/ap/iapp.c N src/external/bsd/wpa/dist/src/ap/ieee802_11.c N src/external/bsd/wpa/dist/src/ap/beacon.c N src/external/bsd/wpa/dist/src/ap/wmm.c N src/external/bsd/wpa/dist/src/ap/wpa_auth_ft.c N src/external/bsd/wpa/dist/src/ap/wpa_auth_glue.c N src/external/bsd/wpa/dist/src/ap/ap_drv_ops.h N src/external/bsd/wpa/dist/src/ap/accounting.h N src/external/bsd/wpa/dist/src/ap/wpa_auth.h N src/external/bsd/wpa/dist/src/ap/wmm.h N src/external/bsd/wpa/dist/src/ap/ap_mlme.h N src/external/bsd/wpa/dist/src/ap/ap_mlme.c N src/external/bsd/wpa/dist/src/ap/utils.c N src/external/bsd/wpa/dist/src/ap/ctrl_iface_ap.h N src/external/bsd/wpa/dist/src/ap/ap_list.h N src/external/bsd/wpa/dist/src/ap/accounting.c N src/external/bsd/wpa/dist/src/ap/peerkey_auth.c N src/external/bsd/wpa/dist/src/ap/authsrv.h N src/external/bsd/wpa/dist/src/ap/wps_hostapd.h N src/external/bsd/wpa/dist/src/ap/iapp.h N src/external/bsd/wpa/dist/src/ap/vlan_init.h N src/external/bsd/wpa/dist/src/ap/ap_drv_ops.c N src/external/bsd/wpa/dist/src/ap/pmksa_cache_auth.c N src/external/bsd/wpa/dist/src/ap/wpa_auth_glue.h N src/external/bsd/wpa/dist/src/ap/ctrl_iface_ap.c N src/external/bsd/wpa/dist/src/ap/beacon.h N src/external/bsd/wpa/dist/src/ap/wps_hostapd.c N src/external/bsd/wpa/dist/src/ap/ap_list.c N src/external/bsd/wpa/dist/src/ap/ieee802_11.h N src/external/bsd/wpa/dist/src/ap/preauth_auth.h N src/external/bsd/wpa/dist/src/ap/authsrv.c N src/external/bsd/wpa/dist/src/ap/hostapd.h N src/external/bsd/wpa/dist/src/common/eapol_common.h N src/external/bsd/wpa/dist/src/common/wpa_common.h N src/external/bsd/wpa/dist/src/common/wpa_ctrl.c N src/external/bsd/wpa/dist/src/common/Makefile N src/external/bsd/wpa/dist/src/common/ieee802_11_common.c N src/external/bsd/wpa/dist/src/common/wpa_common.c N src/external/bsd/wpa/dist/src/common/ieee802_11_common.h N src/external/bsd/wpa/dist/src/common/wpa_ctrl.h N src/external/bsd/wpa/dist/src/common/privsep_commands.h N src/external/bsd/wpa/dist/src/common/version.h N src/external/bsd/wpa/dist/src/common/defs.h N src/external/bsd/wpa/dist/src/common/ieee802_11_defs.h N src/external/bsd/wpa/dist/src/eapol_auth/eapol_auth_sm.c N src/external/bsd/wpa/dist/src/eapol_auth/Makefile N src/external/bsd/wpa/dist/src/eapol_auth/eapol_auth_dump.c N src/external/bsd/wpa/dist/src/eapol_auth/eapol_auth_sm_i.h N src/external/bsd/wpa/dist/src/eapol_auth/eapol_auth_sm.h N src/external/bsd/wpa/dist/src/utils/radiotap_iter.h N src/external/bsd/wpa/dist/src/utils/ip_addr.c N src/external/bsd/wpa/dist/src/utils/wpabuf.c N src/external/bsd/wpa/dist/src/utils/Makefile N src/external/bsd/wpa/dist/src/utils/eloop.c N src/external/bsd/wpa/dist/src/utils/os_none.c N src/external/bsd/wpa/dist/src/utils/common.c N src/external/bsd/wpa/dist/src/utils/os_win32.c N src/external/bsd/wpa/dist/src/utils/list.h N
