diff options
| -rw-r--r-- | hs20/client/oma_dm_client.c | 5 | ||||
| -rw-r--r-- | src/common/qca-vendor.h | 23 | ||||
| -rw-r--r-- | src/crypto/tls_openssl.c | 14 | ||||
| -rw-r--r-- | src/drivers/driver.h | 3 | ||||
| -rw-r--r-- | src/drivers/driver_nl80211.c | 2 | ||||
| -rw-r--r-- | src/drivers/driver_nl80211_event.c | 6 | ||||
| -rw-r--r-- | src/rsn_supp/wpa.c | 11 | ||||
| -rw-r--r-- | src/rsn_supp/wpa_i.h | 1 | ||||
| -rw-r--r-- | wpa_supplicant/events.c | 11 | ||||
| -rw-r--r-- | wpa_supplicant/mesh.c | 1 |
10 files changed, 71 insertions, 6 deletions
diff --git a/hs20/client/oma_dm_client.c b/hs20/client/oma_dm_client.c index 6eaeeb47..5854b726 100644 --- a/hs20/client/oma_dm_client.c +++ b/hs20/client/oma_dm_client.c @@ -772,6 +772,11 @@ static int oma_dm_replace(struct hs20_osu_client *ctx, xml_node_t *replace, if (node) { char *type; type = xml_node_get_text(ctx->xml, node); + if (type == NULL) { + wpa_printf(MSG_INFO, "Could not find type text"); + os_free(locuri); + return DM_RESP_BAD_REQUEST; + } use_tnds = node && os_strstr(type, "application/vnd.syncml.dmtnds+xml"); } diff --git a/src/common/qca-vendor.h b/src/common/qca-vendor.h index cf041938..2117ee70 100644 --- a/src/common/qca-vendor.h +++ b/src/common/qca-vendor.h @@ -140,6 +140,8 @@ enum qca_nl80211_vendor_subcmds { QCA_NL80211_VENDOR_SUBCMD_DFS_OFFLOAD_CAC_ABORTED = 58, QCA_NL80211_VENDOR_SUBCMD_DFS_OFFLOAD_CAC_NOP_FINISHED = 59, QCA_NL80211_VENDOR_SUBCMD_DFS_OFFLOAD_RADAR_DETECTED = 60, + /* 61-90 - reserved for QCA */ + QCA_NL80211_VENDOR_SUBCMD_DATA_OFFLOAD = 91, }; @@ -220,4 +222,25 @@ enum qca_wlan_vendor_features { NUM_QCA_WLAN_VENDOR_FEATURES /* keep last */ }; +/** + * enum qca_wlan_vendor_attr_data_offload_ind - Vendor Data Offload Indication + * + * @QCA_WLAN_VENDOR_ATTR_DATA_OFFLOAD_IND_SESSION: Session corresponding to + * the offloaded data. + * @QCA_WLAN_VENDOR_ATTR_DATA_OFFLOAD_IND_PROTOCOL: Protocol of the offloaded + * data. + * @QCA_WLAN_VENDOR_ATTR_DATA_OFFLOAD_IND_EVENT: Event type for the data offload + * indication. + */ +enum qca_wlan_vendor_attr_data_offload_ind { + QCA_WLAN_VENDOR_ATTR_DATA_OFFLOAD_IND_INVALID = 0, + QCA_WLAN_VENDOR_ATTR_DATA_OFFLOAD_IND_SESSION, + QCA_WLAN_VENDOR_ATTR_DATA_OFFLOAD_IND_PROTOCOL, + QCA_WLAN_VENDOR_ATTR_DATA_OFFLOAD_IND_EVENT, + + /* keep last */ + QCA_WLAN_VENDOR_ATTR_DATA_OFFLOAD_IND_AFTER_LAST, + QCA_WLAN_VENDOR_ATTR_DATA_OFFLOAD_IND_MAX = + QCA_WLAN_VENDOR_ATTR_DATA_OFFLOAD_IND_AFTER_LAST - 1 +}; #endif /* QCA_VENDOR_H */ diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c index 46c4a461..52db8fc0 100644 --- a/src/crypto/tls_openssl.c +++ b/src/crypto/tls_openssl.c @@ -1516,7 +1516,11 @@ static int tls_verify_cb(int preverify_ok, X509_STORE_CTX *x509_ctx) err_str = X509_verify_cert_error_string(err); #ifdef CONFIG_SHA256 - if (preverify_ok && depth == 0 && conn->server_cert_only) { + /* + * Do not require preverify_ok so we can explicity allow otherwise + * invalid pinned server certificates. + */ + if (depth == 0 && conn->server_cert_only) { struct wpabuf *cert; cert = get_x509_cert(err_cert); if (!cert) { @@ -1534,6 +1538,14 @@ static int tls_verify_cb(int preverify_ok, X509_STORE_CTX *x509_ctx) err_str = "Server certificate mismatch"; err = X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN; preverify_ok = 0; + } else if (!preverify_ok) { + /* + * Certificate matches pinned certificate, allow + * regardless of other problems. + */ + wpa_printf(MSG_DEBUG, + "OpenSSL: Ignore validation issues for a pinned server certificate"); + preverify_ok = 1; } wpabuf_free(cert); } diff --git a/src/drivers/driver.h b/src/drivers/driver.h index d35309af..03bd1a79 100644 --- a/src/drivers/driver.h +++ b/src/drivers/driver.h @@ -4148,7 +4148,8 @@ union wpa_event_data { u8 peer[ETH_ALEN]; enum { TDLS_REQUEST_SETUP, - TDLS_REQUEST_TEARDOWN + TDLS_REQUEST_TEARDOWN, + TDLS_REQUEST_DISCOVER, } oper; u16 reason_code; /* for teardown */ } tdls; diff --git a/src/drivers/driver_nl80211.c b/src/drivers/driver_nl80211.c index 2a2ef6f1..d7438683 100644 --- a/src/drivers/driver_nl80211.c +++ b/src/drivers/driver_nl80211.c @@ -8305,7 +8305,7 @@ static const char * drv_br_port_attr_str(enum drv_br_port_attr attr) { switch (attr) { case DRV_BR_PORT_ATTR_PROXYARP: - return "proxyarp"; + return "proxyarp_wifi"; case DRV_BR_PORT_ATTR_HAIRPIN_MODE: return "hairpin_mode"; } diff --git a/src/drivers/driver_nl80211_event.c b/src/drivers/driver_nl80211_event.c index b59d1390..87e412dc 100644 --- a/src/drivers/driver_nl80211_event.c +++ b/src/drivers/driver_nl80211_event.c @@ -1282,6 +1282,12 @@ static void nl80211_tdls_oper_event(struct wpa_driver_nl80211_data *drv, MACSTR, MAC2STR(data.tdls.peer)); data.tdls.oper = TDLS_REQUEST_TEARDOWN; break; + case NL80211_TDLS_DISCOVERY_REQ: + wpa_printf(MSG_DEBUG, + "nl80211: TDLS discovery request for peer " MACSTR, + MAC2STR(data.tdls.peer)); + data.tdls.oper = TDLS_REQUEST_DISCOVER; + break; default: wpa_printf(MSG_DEBUG, "nl80211: Unsupported TDLS operatione " "event"); diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c index b892a66d..8adeef4a 100644 --- a/src/rsn_supp/wpa.c +++ b/src/rsn_supp/wpa.c @@ -1244,6 +1244,7 @@ static void wpa_supplicant_process_3_of_4(struct wpa_sm *sm, sm->cur_pmksa = sa; } + sm->msg_3_of_4_ok = 1; return; failed: @@ -1436,6 +1437,12 @@ static void wpa_supplicant_process_1_of_2(struct wpa_sm *sm, int rekey, ret; struct wpa_gtk_data gd; + if (!sm->msg_3_of_4_ok) { + wpa_msg(sm->ctx->msg_ctx, MSG_INFO, + "WPA: Group Key Handshake started prior to completion of 4-way handshake"); + goto failed; + } + os_memset(&gd, 0, sizeof(gd)); rekey = wpa_sm_get_state(sm) == WPA_COMPLETED; @@ -2282,6 +2289,8 @@ void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid) */ void wpa_sm_notify_disassoc(struct wpa_sm *sm) { + eloop_cancel_timeout(wpa_sm_start_preauth, sm, NULL); + eloop_cancel_timeout(wpa_sm_rekey_ptk, sm, NULL); peerkey_deinit(sm); rsn_preauth_deinit(sm); pmksa_cache_clear_current(sm); @@ -2293,6 +2302,8 @@ void wpa_sm_notify_disassoc(struct wpa_sm *sm) /* Keys are not needed in the WPA state machine anymore */ wpa_sm_drop_sa(sm); + + sm->msg_3_of_4_ok = 0; } diff --git a/src/rsn_supp/wpa_i.h b/src/rsn_supp/wpa_i.h index 431bb207..965a9c1d 100644 --- a/src/rsn_supp/wpa_i.h +++ b/src/rsn_supp/wpa_i.h @@ -23,6 +23,7 @@ struct wpa_sm { size_t pmk_len; struct wpa_ptk ptk, tptk; int ptk_set, tptk_set; + unsigned int msg_3_of_4_ok:1; u8 snonce[WPA_NONCE_LEN]; u8 anonce[WPA_NONCE_LEN]; /* ANonce from the last 1/4 msg */ int renew_snonce; diff --git a/wpa_supplicant/events.c b/wpa_supplicant/events.c index 94be68f3..1f55e0fd 100644 --- a/wpa_supplicant/events.c +++ b/wpa_supplicant/events.c @@ -678,9 +678,10 @@ static int rate_match(struct wpa_supplicant *wpa_s, struct wpa_bss *bss) * order to join a BSS all required rates * have to be supported by the hardware. */ - wpa_dbg(wpa_s, MSG_DEBUG, " hardware does " - "not support required rate %d.%d Mbps", - r / 10, r % 10); + wpa_dbg(wpa_s, MSG_DEBUG, + " hardware does not support required rate %d.%d Mbps (freq=%d mode==%d num_rates=%d)", + r / 10, r % 10, + bss->freq, mode->mode, mode->num_rates); return 0; } } @@ -2498,6 +2499,10 @@ static void wpa_supplicant_event_tdls(struct wpa_supplicant *wpa_s, wpa_drv_tdls_oper(wpa_s, TDLS_TEARDOWN, data->tdls.peer); break; + case TDLS_REQUEST_DISCOVER: + wpa_tdls_send_discovery_request(wpa_s->wpa, + data->tdls.peer); + break; } } #endif /* CONFIG_TDLS */ diff --git a/wpa_supplicant/mesh.c b/wpa_supplicant/mesh.c index cf3676c2..33b4af38 100644 --- a/wpa_supplicant/mesh.c +++ b/wpa_supplicant/mesh.c @@ -344,6 +344,7 @@ int wpa_supplicant_join_mesh(struct wpa_supplicant *wpa_s, if (wpa_supplicant_mesh_init(wpa_s, ssid)) { wpa_msg(wpa_s, MSG_ERROR, "Failed to init mesh"); + wpa_drv_leave_mesh(wpa_s); ret = -1; goto out; } |