| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
| |
This is a patch for OpenBSD wired IEEE 802.1X. This is only for wired,
not wireless, because OpenBSD uses wpa_supplicant only on wired now.
http://www.openbsd.org/cgi-bin/cvsweb/ports/security/wpa_supplicant/
I have tested with these.
OS : OpenBSD 4.5
EAP : EAP-TLS
Switch : CentreCOM 8724SL
|
| |
|
|
|
|
|
|
|
|
|
| |
If base64_encode() were to be used with a huge data array, the
previous version could have resulted in overwriting the allocated
buffer due to an integer overflow as pointed out in
http://www.freebsd.org/cgi/query-pr.cgi?pr=137484. However, there
are no know use cases in hostapd or wpa_supplicant that would do that.
Anyway, the recommended change looks reasonable and provides additional
protection should the base64_encode() function be used for something
else in the future.
|
| |
|
|
|
| |
Instead of using a define and conditional building of md5.c parts,
move the internal-MD5 into a separate file.
|
| |
|
|
|
| |
In addition, rename md4.c to md4-internal.c to match in style with
SHA-1 conditionally built internal implementation.
|
| |
|
|
|
| |
Instead of using a define and conditional building of sha256.c parts,
move the internal-SHA256 into a separate file.
|
| |
|
|
|
| |
In addition, rename aes.c to aes-internal.c to match in style with
SHA-1 conditionally built internal implementation.
|
| |
|
|
|
| |
In addition, rename des.c to des-internal.c to match in style with
SHA-1 conditionally built internal implementation.
|
| |
|
|
|
| |
Instead of using a define and conditional building of sha1.c parts,
move the internal-SHA-1 into a separate file.
|
| |
|
|
|
|
| |
This removes need for local configuration to ignore *.o and *~
and allows the src/*/.gitignore files to be removed (subdirectories
will inherit the rules from the root .gitignore).
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This adds first part of FT resource request as part of Reassocition
Request frame (i.e., FT Protocol, not FT Resource Request Protocol).
wpa_supplicant can generate a test resource request when driver_test.c
is used with internal MLME code and hostapd can verify the FTIE MIC
properly with the included RIC Request.
The actual RIC Request IEs are not processed yet and hostapd does not
yet reply with RIC Response (nor would wpa_supplicant be able to
validate the FTIE MIC for a frame with RIC Response).
|
| |
|
|
|
| |
Enable for build: CFLAGS += -DCONFIG_DEBUG_SYSLOG in .config
Enable at runtime: -s on command line
|
| | |
|
| |
|
|
| |
Using it results in an error at build time. So we replace it.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This adds mostly feature complete external Registrar support with the
main missing part being proper support for multiple external Registrars
working at the same time and processing of concurrent registrations when
using an external Registrar.
This code is based on Sony/Saice implementation
(https://www.saice-wpsnfc.bz/) and the changes made by Ted Merrill
(Atheros) to make it more suitable for hostapd design and embedded
systems. Some of the UPnP code is based on Intel's libupnp. Copyrights
and licensing are explained in src/wps/wps_upnp.c in more detail.
|
| |
|
|
|
|
|
|
|
|
| |
WPS spec is not very specific on the presentation used for the DH
values. The Public Key attribute is described to be 192 octets long, so
that could be interpreted to imply that other places use fixed length
presentation for the DH keys. Change the DH derivation to use fixed
length bufferd by zero padding them from beginning if needed. This can
resolve infrequent (about 1/256 chance for both Public Key and Shared
Key being shorter) interop issues.
|
| | |
|
| |
|
|
| |
The code contains a bogus #ifdef for uClinux building. [Bug 286]
|
| | |
|
| |
|
|
|
|
|
| |
The configuration parsing functions seemed to have worked fine before,
but these were real bugs even if they did not show up in practice.
hostapd_ip_diff() was broken for IPv6 addresses (overwrote address and
always returned 1.
|
| | |
|
| |
|
|
|
|
| |
Generate a SHA1 hash -based UUID from the local MAC address if the UUID
was not configured. This makes it easier to prepare for WPS since there
is no need to generate an UUID.
|
| | |
|
| | |
|
| |
|
|
|
| |
These were starting to trigger compiler warning with recent glibc header
files and gcc.
|
| |
|
|
|
| |
Use this inline function to replace os_memcmp(addr,
"\x00\x00\x00\x00\x00\x00", ETH_ALEN) == 0.
|
| |
|
|
|
|
|
|
|
|
|
| |
In situations where the driver does background scanning and sends a
steady stream of scan results, wpa_supplicant would continually
reschedule the scan. This resulted in specific SSID scans never
happening for a hidden AP, and the supplicant never connecting to the AP
because it never got found. Instead, if there's an already scheduled
scan, and a request comes in to reschedule it, and there are enabled
scan_ssid=1 network blocks, let the scan happen anyway so the hidden
SSID has a chance to be found.
|
| |
|
|
|
|
|
|
| |
Number of TLVs were processed in groups and these cases were now separated
into more flexible processing of one TLV at the time. wpabuf_concat()
function was added to make it easier to concatenate TLVs. EAP Sequences are
now supported in both server and peer code, but the server side is not
enabled by default.
|
| |
|
|
| |
registering an eloop timeout.
|
| | |
|
| |
|
