diff options
| author | Dmitry Shmidt <dimitrysh@google.com> | 2015-03-10 11:21:43 -0700 |
|---|---|---|
| committer | Dmitry Shmidt <dimitrysh@google.com> | 2015-03-10 11:23:54 -0700 |
| commit | 4dd28dc25895165566a1c8a9cac7bcd755ff8fe3 (patch) | |
| tree | d7a99dcc7114a2848063c9bef6b5c94dd97babb4 /src | |
| parent | 203eadb9eda41a1dde4a583edb4684319e3f399e (diff) | |
| download | android_external_wpa_supplicant_8-4dd28dc25895165566a1c8a9cac7bcd755ff8fe3.tar.gz android_external_wpa_supplicant_8-4dd28dc25895165566a1c8a9cac7bcd755ff8fe3.tar.bz2 android_external_wpa_supplicant_8-4dd28dc25895165566a1c8a9cac7bcd755ff8fe3.zip | |
Cumulative patch from commit 00033a0903f69b2f0e0c048840bff059f5a3eab9
00033a0 OpenSSL: Always accept pinned certificates
b2329e4 Add QCA vendor subcmd for Data Offload
1d246a1 Make rate-not-supported debug print more useful
761396e Reject Group Key message 1/2 prior to completion of 4-way handshake
3f0e6ec nl80211: Extend NL80211_CMD_TDLS_OPER to support discovery
c10ca2a TDLS: Allow driver to request TDLS Discovery Request initiation
41312fc mesh: Leave mesh in driver setup if initialization fails
ac8e074 Clear RSN timers for preauth and PTK rekeying on disassociation
f2f65dd Reserve QCA vendor specific nl80211 commands 61..90
088a210 HS 2.0: Add NULL check before dereferencing in hs20-osu-client
bea8d9a nl80211: Use the new bridge port option proxyarp_wifi
Change-Id: I1ef819ab4efa554f059787e02570f48be39819a6
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
Diffstat (limited to 'src')
| -rw-r--r-- | src/common/qca-vendor.h | 23 | ||||
| -rw-r--r-- | src/crypto/tls_openssl.c | 14 | ||||
| -rw-r--r-- | src/drivers/driver.h | 3 | ||||
| -rw-r--r-- | src/drivers/driver_nl80211.c | 2 | ||||
| -rw-r--r-- | src/drivers/driver_nl80211_event.c | 6 | ||||
| -rw-r--r-- | src/rsn_supp/wpa.c | 11 | ||||
| -rw-r--r-- | src/rsn_supp/wpa_i.h | 1 |
7 files changed, 57 insertions, 3 deletions
diff --git a/src/common/qca-vendor.h b/src/common/qca-vendor.h index cf041938..2117ee70 100644 --- a/src/common/qca-vendor.h +++ b/src/common/qca-vendor.h @@ -140,6 +140,8 @@ enum qca_nl80211_vendor_subcmds { QCA_NL80211_VENDOR_SUBCMD_DFS_OFFLOAD_CAC_ABORTED = 58, QCA_NL80211_VENDOR_SUBCMD_DFS_OFFLOAD_CAC_NOP_FINISHED = 59, QCA_NL80211_VENDOR_SUBCMD_DFS_OFFLOAD_RADAR_DETECTED = 60, + /* 61-90 - reserved for QCA */ + QCA_NL80211_VENDOR_SUBCMD_DATA_OFFLOAD = 91, }; @@ -220,4 +222,25 @@ enum qca_wlan_vendor_features { NUM_QCA_WLAN_VENDOR_FEATURES /* keep last */ }; +/** + * enum qca_wlan_vendor_attr_data_offload_ind - Vendor Data Offload Indication + * + * @QCA_WLAN_VENDOR_ATTR_DATA_OFFLOAD_IND_SESSION: Session corresponding to + * the offloaded data. + * @QCA_WLAN_VENDOR_ATTR_DATA_OFFLOAD_IND_PROTOCOL: Protocol of the offloaded + * data. + * @QCA_WLAN_VENDOR_ATTR_DATA_OFFLOAD_IND_EVENT: Event type for the data offload + * indication. + */ +enum qca_wlan_vendor_attr_data_offload_ind { + QCA_WLAN_VENDOR_ATTR_DATA_OFFLOAD_IND_INVALID = 0, + QCA_WLAN_VENDOR_ATTR_DATA_OFFLOAD_IND_SESSION, + QCA_WLAN_VENDOR_ATTR_DATA_OFFLOAD_IND_PROTOCOL, + QCA_WLAN_VENDOR_ATTR_DATA_OFFLOAD_IND_EVENT, + + /* keep last */ + QCA_WLAN_VENDOR_ATTR_DATA_OFFLOAD_IND_AFTER_LAST, + QCA_WLAN_VENDOR_ATTR_DATA_OFFLOAD_IND_MAX = + QCA_WLAN_VENDOR_ATTR_DATA_OFFLOAD_IND_AFTER_LAST - 1 +}; #endif /* QCA_VENDOR_H */ diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c index 46c4a461..52db8fc0 100644 --- a/src/crypto/tls_openssl.c +++ b/src/crypto/tls_openssl.c @@ -1516,7 +1516,11 @@ static int tls_verify_cb(int preverify_ok, X509_STORE_CTX *x509_ctx) err_str = X509_verify_cert_error_string(err); #ifdef CONFIG_SHA256 - if (preverify_ok && depth == 0 && conn->server_cert_only) { + /* + * Do not require preverify_ok so we can explicity allow otherwise + * invalid pinned server certificates. + */ + if (depth == 0 && conn->server_cert_only) { struct wpabuf *cert; cert = get_x509_cert(err_cert); if (!cert) { @@ -1534,6 +1538,14 @@ static int tls_verify_cb(int preverify_ok, X509_STORE_CTX *x509_ctx) err_str = "Server certificate mismatch"; err = X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN; preverify_ok = 0; + } else if (!preverify_ok) { + /* + * Certificate matches pinned certificate, allow + * regardless of other problems. + */ + wpa_printf(MSG_DEBUG, + "OpenSSL: Ignore validation issues for a pinned server certificate"); + preverify_ok = 1; } wpabuf_free(cert); } diff --git a/src/drivers/driver.h b/src/drivers/driver.h index d35309af..03bd1a79 100644 --- a/src/drivers/driver.h +++ b/src/drivers/driver.h @@ -4148,7 +4148,8 @@ union wpa_event_data { u8 peer[ETH_ALEN]; enum { TDLS_REQUEST_SETUP, - TDLS_REQUEST_TEARDOWN + TDLS_REQUEST_TEARDOWN, + TDLS_REQUEST_DISCOVER, } oper; u16 reason_code; /* for teardown */ } tdls; diff --git a/src/drivers/driver_nl80211.c b/src/drivers/driver_nl80211.c index 2a2ef6f1..d7438683 100644 --- a/src/drivers/driver_nl80211.c +++ b/src/drivers/driver_nl80211.c @@ -8305,7 +8305,7 @@ static const char * drv_br_port_attr_str(enum drv_br_port_attr attr) { switch (attr) { case DRV_BR_PORT_ATTR_PROXYARP: - return "proxyarp"; + return "proxyarp_wifi"; case DRV_BR_PORT_ATTR_HAIRPIN_MODE: return "hairpin_mode"; } diff --git a/src/drivers/driver_nl80211_event.c b/src/drivers/driver_nl80211_event.c index b59d1390..87e412dc 100644 --- a/src/drivers/driver_nl80211_event.c +++ b/src/drivers/driver_nl80211_event.c @@ -1282,6 +1282,12 @@ static void nl80211_tdls_oper_event(struct wpa_driver_nl80211_data *drv, MACSTR, MAC2STR(data.tdls.peer)); data.tdls.oper = TDLS_REQUEST_TEARDOWN; break; + case NL80211_TDLS_DISCOVERY_REQ: + wpa_printf(MSG_DEBUG, + "nl80211: TDLS discovery request for peer " MACSTR, + MAC2STR(data.tdls.peer)); + data.tdls.oper = TDLS_REQUEST_DISCOVER; + break; default: wpa_printf(MSG_DEBUG, "nl80211: Unsupported TDLS operatione " "event"); diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c index b892a66d..8adeef4a 100644 --- a/src/rsn_supp/wpa.c +++ b/src/rsn_supp/wpa.c @@ -1244,6 +1244,7 @@ static void wpa_supplicant_process_3_of_4(struct wpa_sm *sm, sm->cur_pmksa = sa; } + sm->msg_3_of_4_ok = 1; return; failed: @@ -1436,6 +1437,12 @@ static void wpa_supplicant_process_1_of_2(struct wpa_sm *sm, int rekey, ret; struct wpa_gtk_data gd; + if (!sm->msg_3_of_4_ok) { + wpa_msg(sm->ctx->msg_ctx, MSG_INFO, + "WPA: Group Key Handshake started prior to completion of 4-way handshake"); + goto failed; + } + os_memset(&gd, 0, sizeof(gd)); rekey = wpa_sm_get_state(sm) == WPA_COMPLETED; @@ -2282,6 +2289,8 @@ void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid) */ void wpa_sm_notify_disassoc(struct wpa_sm *sm) { + eloop_cancel_timeout(wpa_sm_start_preauth, sm, NULL); + eloop_cancel_timeout(wpa_sm_rekey_ptk, sm, NULL); peerkey_deinit(sm); rsn_preauth_deinit(sm); pmksa_cache_clear_current(sm); @@ -2293,6 +2302,8 @@ void wpa_sm_notify_disassoc(struct wpa_sm *sm) /* Keys are not needed in the WPA state machine anymore */ wpa_sm_drop_sa(sm); + + sm->msg_3_of_4_ok = 0; } diff --git a/src/rsn_supp/wpa_i.h b/src/rsn_supp/wpa_i.h index 431bb207..965a9c1d 100644 --- a/src/rsn_supp/wpa_i.h +++ b/src/rsn_supp/wpa_i.h @@ -23,6 +23,7 @@ struct wpa_sm { size_t pmk_len; struct wpa_ptk ptk, tptk; int ptk_set, tptk_set; + unsigned int msg_3_of_4_ok:1; u8 snonce[WPA_NONCE_LEN]; u8 anonce[WPA_NONCE_LEN]; /* ANonce from the last 1/4 msg */ int renew_snonce; |