History log of /external/wpa_supplicant_8/hostapd/src/crypto/tls_openssl.c
Revision Date Author Comments (<<< Hide modified files) (Show modified files >>>)
9ead16e203b81d44a2d84eadc2901ceeb7daf805 07-Oct-2014 Dmitry Shmidt <dimitrysh@google.com> Cumulative patch from commit d5fe4e6c18d94465e8fb4527d51df6e8539c4d6a

d5fe4e6 Reserve QCA vendor specific nl80211 commands 34..49
a256506 AES: Extend key wrap implementation to support longer data
eefec1e AES: Extend key wrap design to support longer AES keys
98a1571 OpenSSL: Clean up one part from the BoringSSL patch
a857296 Support building with BoringSSL
1236eda Android: Remove ctrl_interface=wlan0 from config template
9ffd512 Android: Set pmf=1 to default template
45d8501 Fix out of bounds memory access when removing vendor elements
a61fcc1 Clean up authenticator PMKSA cache implementation
cb129db Clear PMKSA cache entry data when freeing them
8c8d26a Remove unnecessary PMKSA cache freeing step
9c82990 Fix authenticator OKC fetch from PMKSA cache to avoid infinite loop
47ea24c Fix PMKSA cache timeout from Session-Timeout in WPA/WPA2 cases
dc152f3 wpa_supplicant: Enable HT for IBSS
4ec6837 wpa_supplicant: Use hostapd_freq_params in assoc_params
43f02e6 wpa_ctrl: Update wpa_ctrl_recv() documentation for non-block behavior
1274ec2 dbus: Add an interface configuration entry to set the WPS methods
3e0272c nl80211: Re-read MAC address on RTM_NEWLINK
5dfbd72 nl80211: Add get_bss_ifindex() helper
f1a6131 P2P: Use only the -m config for P2P management device
08d7665 TDLS: Use WMM IE for propagating peer WMM capability
17729b0 TDLS: Fix concurrent setup test for mac80211 drivers
984dadc TDLS: Set the initiator during tdls_mgmt operations
01cb5df Sync with wireless-testing.git include/uapi/linux/nl80211.h
ca3c6b4 nl80211: Fix compatibility with older version of libnl
d76426c TDLS: Filter AID value properly for VHT peers

Change-Id: Ia2156628a590c502d9111de2727da642ff435d9a
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
/external/wpa_supplicant_8/src/crypto/tls_openssl.c
717574375e969e8272c6d1a26137286eac158abb 02-Jun-2014 Dmitry Shmidt <dimitrysh@google.com> Cumulative patch from commit 801e117376e13d5b3c50f1627b93a949529fdf99

801e117 Fix validation of RSN EAPOL-Key version for GCMP with PMF
3d4d234 FT: Fix GTK rekeying after FT protocol
d3d0483 nl80211: Work around error case prints for nl_recvmsgs on Android
8a387a2 P2P NFC: Fix use of freed memory
df48efc Fix external radio work stopping to not read freed memory
13c3303 SAE: Fix memory leak in random number generation
d92bdf9 hostapd: Make sure hapd->drv_priv gets cleared on driver deinit
438e133 hostapd: Use helper function to avoid duplicate deinit calls
ac1a224 hostapd: Clean up if interface setup fails
81c4fca hostapd: Reset hapd->interface_add properly
3fbd036 hostapd: Prevent double interface disabling from segfaulting
ea39367 nl80211: Fix wpa_driver_nl80211_if_add() failure paths
b77aeae Interworking: Re-trigger scan if no connect attempt is done
b523973 RADIUS client: Trigger failover more quickly if socket is not valid
09844c0 RADIUS client: Do not flush pending messages if server did not change
5d67bf1 hostapd: Fix configuration of multiple RADIUS servers with SET
70d4084 RADIUS client: Fix socket close/re-open on server change
d045cc8 RADIUS client: Fix crash issue in radius_client_timer()
c1fb75a RADIUS client: Handle ENETUNREACH similarly to other failure cases
9ed4076 RADIUS client: Do not try to send message without socket
cc0b7cb hostapd_cli: Fix segmentation fault with interface command
114153b P2P: Debug print channel lists for invitation processing
4eb3b76 OpenSSL: Fix OCSP certificate debug print to use wpa_printf
f6fb192 HS 2.0R2: Fix subscr_remediation_method for RADIUS server
74879f3 Remove extra newline from a debug print

Change-Id: I82d4f00501fabb8b325e4461178b45e7b2c0178e
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
/external/wpa_supplicant_8/src/crypto/tls_openssl.c
26af48b2fcdee1b88e4092a9078cb7c9bf79da6e 09-Apr-2014 Jouni Malinen <jouni@qca.qualcomm.com> OpenSSL: Detect and prevent TLS heartbeat attack

Some OpenSSL versions have vulnerability in TLS heartbeat request
processing. Check the processed message to determine if the attack has
been used and if so, do not send the response to the peer. This does not
prevent the buffer read overflow within OpenSSL, but this prevents the
attacker from receiving the information.

This change is an additional layer of protection if some yet to be
identified paths were to expose this OpenSSL vulnerability. However, the
way OpenSSL is used for EAP-TLS/TTLS/PEAP/FAST in hostapd/wpa_supplicant
was already rejecting the messages before the response goes out and as
such, this additional change is unlikely to be needed to avoid the
issue.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
/external/wpa_supplicant_8/src/crypto/tls_openssl.c
7d5c8f257a74ac0d12828962a492e8b84ef83923 03-Mar-2014 Dmitry Shmidt <dimitrysh@google.com> Cumulative patch from commit 5f7e1c06cd428888a2ed4fa763c5da37a873e422

5f7e1c0 Redirect more frames with ext_mgmt_frame_handling=1
7738163 RADIUS server: Copy IPv4 address only when IPv6 is not used
508e24c dbus: Clean up error reporting for TDLS peer address parsing
3b6170b WPS: Remove duplicate variable setting
78789d9 Remove unnecessary variable initialization
a7c37d9 dbus: Remove duplicated variable assignment
e997bc7 Remove a static analyzer warning about unused variable write
ea3b8c1 Do not use a separate variable for tracking first entry in a list
8a4ce28 WPA: Clean up cipher suite counting in write routines
6ed626d Remove unused gid_str pointer update
749fa14 Debug print trailing WPA/RSN IE bytes, if any
a5802c0 OpenSSL: Avoid never-used analyzer warning
7b6e815 Clean up hostapd add_iface error path operations
67adcd2 WNM: Check wpa_s->current_bss more consistently
3ff8073 EAP-FAST: Use clear eap_get_config() result validation
a8716d1 roboswitch: Verify that register read succeeds before comparing res
3d91a04 DFS: Make sure center frequency is always initialized for VHT
fa0a9f5 trace: Fix memory use on no-function name path
bd27b13 Make code path easier for static analyzers
64abb72 nl80211: Allow old r-o-c offchannel TX to be tested
fa72a88 P2P: Fix validation on Invitation Request error path
ca412c7 Remove unreachable return statement
2af4d87 GAS: Fix additional comeback delay with status code 95
07d462c Interworking: Remove unused password setting for SIM credential
3141b82 Add OSEN to proto config field writer
b908c50 Clear hostapd bss entry to NULL on add-interface-failure
0052ce4 atheros: Add support for OSEN

Change-Id: Ifd78a8f8259e5b0f654d3dbadd24c9ab029d3afb
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
/external/wpa_supplicant_8/src/crypto/tls_openssl.c
745be3f298f4a0899238a99d96b7ed804edd3329 20-Feb-2014 Dmitry Shmidt <dimitrysh@google.com> Android: Remove explicit SSL_OP_NO_TLSv1_1 and SSL_OP_NO_TLSv1_2

Now wpa_supplicant allows to set these options dynamically per network
by adding to 'phase1' "tls_disable_tlsv1_1=1" or "tls_disable_tlsv1_2=1"

Change-Id: I954af5356833bed5b78c4ebf4a50c788ba984114
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
/external/wpa_supplicant_8/src/crypto/tls_openssl.c
13ca8d8ea51a1aa5e24c6c956473a11b0c7daed4 20-Feb-2014 Dmitry Shmidt <dimitrysh@google.com> Cumulative patch from commit 848905b12abf2df650c43cb821d36a13246baacb

848905b Avoid undefined references with CONFIG_WPA_TRACE_BFD=y
9e38836 wpa_debug: Remove 2048 byte message length limit
f667e03 P2P: Address few issues seen with P2P SD
e9a6f18 TLS: Add tls_disable_tlsv1_1 and tls_disable_tlsv1_2 phase1 params
cb10c7d RADIUS DAS: Add support for NAS identification attributes
0d7c5e1 RADIUS DAS: Remove PMKSA entry on Disconnect-Request
d87a6ac WPS: Fix STA state validation when processing PutWLANResponse

Change-Id: I4799cad2fe661db567eb3a92af2b3eefb7c96dab
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
/external/wpa_supplicant_8/src/crypto/tls_openssl.c
ec58b164a608cbc1d99e71bb3d86ef4b263377dc 19-Feb-2014 Dmitry Shmidt <dimitrysh@google.com> Cumulative patch from commit ac494fcce4270dbd076ab1d167dbffd6e0f7060b

ac494fc Android: Use external libnl 2.0 dynamic library
b7cac41 Fix hostapd and wpa_supplicant build with binutils >= 2.24.x
b62d5b5 Revert "OpenSSL: Do not accept SSL Client certificate for server"
94a3df5 P2P: Enable U-APSD support on GO automatically
a5527a4 P2P: Add more debug prints for Probe Request processing

Change-Id: Ic3354f72b7399b8de86c74018de7a8c1275d893a
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
/external/wpa_supplicant_8/src/crypto/tls_openssl.c
96be6222df414a7dde5c5b1b72df22e67b1a77fc 13-Feb-2014 Dmitry Shmidt <dimitrysh@google.com> Cumulative patch from commit 7ae7a84eefd43ed9385e2f8f520a918468f87178

7ae7a84 NFC: Workaround nfcpy message debug exception
6ceb95c Avoid NULL dereference in ieee802_1x_get_mib_sta() printf
97efe70 wpa_supplicant: Fix NULL dereference in tls_verify_cb()
c0c11af wpa_supplicant: Fix NULL dereference in eap_fast_parse_end()
93a1cae Remove unnecessary NULL check
1e2ffc6 Fix theoretical NULL dereference in debug printf
cbf21c7 P2P: Avoid compiler warning in p2p_supplicant.c
5479ff9 DFS: Avoid compiler warnings in src/ap/dfs.c
5e6aa04 wpa_supplicant: Fix memory leak in wfd_subelems error path
88853ae Fix CONFIG_WPS_NFC=y build without CONFIG_P2P=y
7ac7fd4 Add bssid/freq hint for driver-based BSS selection
92484e2 Start using unodified Developer Certificate of Origin v1.1
56ec49c Sync with wireless-testing.git include/uapi/linux/nl80211.h
b64afe2 Fix SAE state validation on AP
d6bfaaa NFC: Add summary and success file options for nfcpy scripts
25cfc6f P2P NFC: Add p2p-nfc.py --handover-only option
7bea076 P2P NFC: Clean up p2p-nfc.py error handling
b0d18bc WPS: Make UUID-from-MAC Address easily available
825fb6b P2P: Do not indicate P2P_FIND failure if p2p_scan is in progress
8c18fcc WPS: Add more debug information to M7 AP Settings
d7a15d5 WPS: Indicate current AP settings in M7 in unconfigurated state
d55fc03 P2P: Handle unexpected GO Neg Req reject message more cleanly
062a7c0 Fix persistent P2P connection failure in case channel list changes

Change-Id: I5c400a6503f9f00d259ff225999593958322a1ba
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
/external/wpa_supplicant_8/src/crypto/tls_openssl.c
fb79edc9df1f20461e90e478363d207348213d35 10-Jan-2014 Dmitry Shmidt <dimitrysh@google.com> Cumulative patch from commit 95fb2db2420d8fa291fd6423cc6dbcd042f4eb46

95fb2db P2P: Reject group formation on WPS provisioning failure
6fc61e1 Fix TX status processing during AP mode shutdown in wpa_supplicant
90a545c nl80211: Clean up netlink parsing and debug prints
b6a9590 Interworking: Keep up to two pending GAS_REQUEST responses
090b8e3 Update copyright notices for the new year 2014
991aa9c nl80211: Move CS supported flag to wpa_driver_capa
f0cbb98 Add DRIVER-STATUS command for hostapd
188ebcd EAP-IKEv2 peer: Fix a memory leak in notify round
a190189 Remove PEAPv2 support
16a19dd EAP-pwd peer: Allow fragmentation limit to be configured
60bf585 EAP-IKEv2 peer: Allow fragmentation limit to be configured
ea6fc58 WPS: Convert printf() debug print to use wpa_printf()
c4b8c71 EAP-GPSK: Report CSuite negotiation failure properly
5a0f596 EAP-GPSK: Allow forced algorithm selection to be configured
5f01c3c EAP peer: Improve failure reporting from METHOD with no eapRespData
7271ee8 Fix EAP-GPSK server compilation for SHA256 cipher suite
356d148 Interworking: Add optional freq argument to INTERWORKING_SELECT
a09ffd5 Fix req_scan-deplete-timeout and update eloop API for this
083916c P2P: Clear p2p_disabled and p2p_per_sta_psk on FLUSH command
3f45fc4 P2P: Clear services on FLUSH command
1f965e6 Allow external programs to request wpa_radio work items
6428d0a Do not start wpa_radio work during externally triggered scan
6470f47 Remove unneeded scan delay on connection-in-progress
4bb2321 Remove unneeded GAS query delay on connection-in-progress
6ac4b15 Use wpa_radio work for connection
b9e6d70 Use radio work for GAS requests
e05e130 P2P: Use radio work to protect offchannel Action frame exchanges
e1d1c8e Use radio work for P2P Listen requests
1b5d471 Use radio work for P2P scan requests
d12a51b Use radio work for scan requests
b1ae396 Add framework for exclusive radio operations
dd43aaa Add helper functions for cloning and freeing scan parameters
06f9acc Ignore externally triggered scan results with scan_res_handler
c9b5559 Clean up ctrl_iface debug prints for monitor events
d31b5ac Use cleaner debug print for ctrl_iface commands with private info
9595151 Remove duplicated RX ctrl_iface hexdump
9b85079 Fix scan-cache-clearing operation to avoid unnecessary cases
2f30cac Avoid unnecessary key clearing operations
466bcf9 Remove some unnecessary EAPOL port (un)authorized callbacks
949938a Ask driver to report only new scan results if requested
a1a31b6 Remove hostapd dump_file functionality
ea23df6 Make EAPOL dump data available through ctrl_iface STA command
96ea74b Convert EAPOL authenticator dump into easier to parse format
ca3b71c Remove hostapd dump_file data that is available through ctrl_iface
4c03a2b Make RADIUS server MIB available through control interface
f538be3 Add more STA information into the ctrl_iface STA command
101bdc2 Remove forgotten notes about already removed driver wrappers
7006753 Update EAP-FAST note regarding OpenSSL support
17b79e6 nl80211: Initial support for vendor commands and events
5890fa8 WPS: Fix clear-from-timeout handling to avoid race condition
c64e3a0 P2P: Send received Presence Response information to ctrl_iface monitors
f7fb676 ACS: Mark acs_fail() static
3cf06c9 OpenSSL: Include sha1/sha256 header files to verify declarations
5ace51a WNM: Clean up le16 variable use to avoid sparse warnings
c583868 Mark wpas_wps_er_nfc_handover_sel() static
8cf1e68 Move declaration of hostapd_acs_completed() into correct header file
0187c41 Declare wpa_debug_* variables in src/utils/wpa_debug.h
fcc6123 Declare wpa_drivers in src/drivers/driver.h
0d79b50 Clear EAPOL Logoff state on FLUSH command
327b01d nl80211: Add driver param for forcing monitor and connect APIs
6f06766 nl80211: Fix nl_mgmt handling in partial error case
4ea6a47 nl80211: Prefer newer scan result over older during duplicate removal
2eef517 nl80211: Report set_supp_port failures in debug log
a0bdd19 nl80211: Share a helper function for connect and associate commands
e00d546 Remove unnecessary build #ifdef from definitions
4848a38 Get rid of duplicated cipher suite and AKM definitions
de4ed4a nl80211: Use helper functions for cipher suite mapping
a565084 nl80211: Set control port for NL80211_CMD_COMMAND
ef93abd WPS: Clean up UUID debug print
35f3d3e nl80211: Clean up regulatory rule debug prints
880de88 nl80211: Print frame registration match on same debug line
03ed332 Interworking: Allow cred blocks not to be saved to a file
04f7ecc Reset WPA parameters to default values on FLUSH command
152cff6 P2P: Remove WPA_DRIVER_FLAGS_P2P_MGMT option
538d6f4 WPS: Use shorter scan interval during pre-provisioning search
3187fd9 WPS: Replace wpas_wps_in_progress with identical wpas_wps_searching
4414d9e SAE: Fix ECC element y coordinate validation step
069fb47 EAP-EKE: Allow forced algorithm selection to be configured
3a88914 Remove unused information element parsing data
dbfb8e8 Remove unnecessary EVENT_RX_ACTION
1450e1e Define __maybe_unused
912b34f Do not process Action frames twice in hostapd SME/MLME
006309b Fix whitespace style
6780713 WPS: Remove unused send_wpabuf()
e912986 tests: Verify concurrent WPS protocol run with assigned PIN
8aaafce Make local UUID available through ctrl_iface STATUS command
0e22b8d WPS: Make sure reconfiguration timeout is not left behind on deinit
75d1d0f WPS: Allow testing mode to disable 2.0 functionality
f7e2542 Remove unused wps_device_data_dup()
c89d9db Remove unnecessary extra tracking of eloop registration
c86bf16 Replace unnecessary hex_value() with hex2byte()
7b02375 Clear wps_fragment_size on FLUSH command
aa189ac Enable FT with SAE
2d2ecf5 nl80211: Fix protected Action frame reporting for AP mode
db76aa6 Fix PeerKey 4-way handshake
7732729 Fix PeerKey deinit behavior
8d321a7 WNM: Move disassociation imminent sending to wnm_ap.c
b76f4c2 hostapd: Make STA flags available through ctrl_iface STA command
aa03dbd Remove IEEE80211_REQUIRE_AUTH_ACK
121f2ab Remove unused STA flags
3578e66 WNM: Add STA flag to indicate the current WNM-Sleep-Mode state
4776897 WNM: Fix AP processing without wnm_oper driver callback
2025cad WNM: Move ESS Disassoc Imminent sending to a helper function
28ab64a WNM: Minimal processing of BSS Transition Management Query/Response
2cd0f6a WNM: Add Target BSSID into BSS Transition Management Response
a8a6a35 WNM: Use nonzero dialog token in BSS Transition Management Query
629edfe WNM: Fix Sleep Mode AP processing in open network
3c1060f WNM: Add debug logs to get the RSSI from the scan results
dff1e28 Initial handling of GTK-not-used cipher suite
51e3eaf OpenSSL: Do not accept SSL Client certificate for server
6bf61fb OpenSSL: Use certificates from TLS authentication in OCSP stapling
c962947 WPS ER: Fix deinit timeout handling with delayed/failing unsubscribe
7b75c30 WPS: Reschedule AP configuration reload on EAP completion
c511b32 WPS: Remove old duplicate network even if key is different
9d2cb3e Make CONFIG_TESTING_OPTIONS=y enable all testing options
662b40b WPS: Reduce scan wait time during WPS processing
015af91 Do not use results from externally requested scan for network selection
1cd93ff Reschedule own scan request if an externally started one is in progress
dc3906c Show timing information about scan requests in debug log
d81c73b Optional scan id for ctrl_iface SCAN requests
a5f40ef Track whether scan was started by us or an external program
18ae237 Fix comment format
88c2d48 Allow passive scan to be requested with SCAN passive=1
3ae3ec2 nl80211: Add scanned frequencies/SSIDs into debug log
69278f7 Remove unused last_scan_full
1f5d2dd Interworking: Allow EAP-FAST to be used
6ffa168 Add GAS-QUERY-START and GAS-QUERY-DONE event messages
93827f4 hostapd: Allow external management frame processing or testing
fee5234 Allow channel list to be specified for SCAN command
98eda9c Move int_array helpfer functions to utils/common.c
a4cfb48 Add make lcov-html to generate code coverage report
bee25cc nl80211: Fetch cipher capabilities from the driver
4daa011 Clean up cipher capability prints
35c2006 Convert wpa_hexdump functions to use void pointer instead of u8 *
5f9c134 Remove obsolete license notifications
bd1e328 Android: Remove old WEXT extensions
bad5cdf Verify that beacon setup succeeds before proceeding
7d7f7be Verify group key configuration for WPA group
30675c3 Add definitions for new cipher suites from IEEE Std 802.11ac-2013
13b24a7 VHT: Use status code 104 to indicate VHT required
ab41595 wpa_supplicant: Fix crash when terminating all interfaces
76aab03 Add secondary channel IE for CSA
8f4713c Store entire CS freq_params and not only freq
13daed5 Include driver.h in hostapd.h
a12d345 wpa_supplicant: Use monotonic time for last_scan check
51bffab WPS: Use monotonic time for AP connection attempt
6473e5c wpa_supplicant: Use relative time for TKIP Michael MIC failures
4e1eae1 wpa_supplicant: Use monotonic time for temp-disabled networks
151ab80 P2P: Use monotonic time for GO client waiting
3326f19 IBSS RSN: Use monotonic time for reinit detection
196a217 WPS_UPNP: Use monotonic time for event debouncing
864c9af wps_registrar: Use monotonic time for PBC workaround
61e98e9 wps_registrar: Use monotonic time for PBC session timeout
3647e5a wps_registrar: Use monotonic time for PIN timeout
3618618 rsn_supp: Use monotonic time for PMKSA cache expiry
c2be937 wpa_supplicant: Use monotonic time for EAPOL RX workaround
e72a001 bgscan: Use monotonic time
e05f060 rsn_supp: Do not track expiration time
5870717 RADIUS server: Use monotonic time
4012804 RADIUS client: Use monotonic time
acb69ce wpa_supplicant: Use monotonic time for RX/BSS times
46b8d4c wpa_supplicant: Use monotonic time for SA query timeout
f073fde EAP server: Remove SIM-DB pending timestamp
636e19a wpa_ctrl: Use monotonic time for request retry loop
7ffe7d2 AP: Use monotonic time for MMIC failure/TKIP countermeasures
dd4e32b AP: Use monotonic time for PMKSA cache
0fc545a AP: Use monotonic time for STA accounting
3e06180 bgscan_learn: Start scanning from the first freq
f4c73ae bgscan_learn: Fix initial interval
7dab119 bgscan_learn: Avoid redundant frequencies
3727123 bgscan: Stop bgscan only on disassociation
b2838ba Update IBSS documentation to include RSN option
429dd9a Advertise QoS Map support based on driver capability
049105b nl80211: Add support for QoS Map configuration
74ddd64 nl80211: Sync with mac80211-next.git
9fcd300 nl80211: Sync with wireless-testing.git

Change-Id: Iabdd88d9cabd478a41c3cb0a8d061b425cc1beca
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
/external/wpa_supplicant_8/src/crypto/tls_openssl.c
fa3fc4a1ac08ad14272301c7f6f01b362997c3e4 21-Nov-2013 Dmitry Shmidt <dimitrysh@google.com> Cumulative patch from commit 594516b4c28a94ca686b17f1e463dfd6712b75a7

594516b Use monotonic clock for relative time for eloop if available
461e3eb Fix and work around some MinGW compilation issues
81cbc04 Fix compiler warning for OpenSSL without HAVE_OCSP
68d628a hostapd: Fix interface enabling/disabling and DFS
1cba9be STA: Cancel sched_scan while initiating wps_reassoc
215a02f Add Wi-Fi Direct to the build configuration example
ca9c14f dbus_new: Add documentation for D-Bus TDLS methods
6fc4848 P2P: Short scan wait to speed up the group re-invocation
93a06fe Fix QoS Map Configure frame use

Change-Id: Id76002ca7fa742b6533e7e592ffd3867886dc50e
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
/external/wpa_supplicant_8/src/crypto/tls_openssl.c
ff07917b8921a2a178ed9188a63b166af144ae53 08-Nov-2013 Dmitry Shmidt <dimitrysh@google.com> Android: Minor sync with mainstream code

Change-Id: Ia7b165534577394e0117318e6655d14a3a1d9d2d
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
/external/wpa_supplicant_8/src/crypto/tls_openssl.c
68d0e3ed07847339aedfac8e02f50db68c702e52 29-Oct-2013 Dmitry Shmidt <dimitrysh@google.com> Cumulative patch from commit 32b62704fac6af74f60b2effb173474e11ff089d

32b6270 Android: Fix ARRAY_SIZE() compilation
7617388 Interworking: Report STATUS:sp_type even if domain is not configured
c20bc9d P2P: Remove compiler warning without CONFIG_IEEE80211N
ca9bc5b P2P: Add VHT support
20ea1ca P2P: Add VHT parameter to P2P operations
53cfad4 nl80211: Mark VHT 80 MHz channels
f2112b2 wpa_supplicant: Add CONFIG_IEEE80211AC
6b02335 hostapd: Mask out not-supported VHT capabilities
7f0303d hostapd: Verify VHT 160/80+80 MHz driver support
c781eb8 hostapd: Verify VHT capabilities are supported by driver
b29b012 Fix some VHT Capabilities definitions
7066a8e hostapd: Fix wrong VHT configuration capabilities flags
6651f1f nl80211: Use max tx power from regulatory domain
7ac3616 nl80211: Replace perror() and printf() calls with wpa_printf()
4d9fb08 WPS: Clear known_wps_freq in addition to after_wps
d20c340 Interworking: Clear known_wps_freq for network selection
f3be6ee tests: Allow test case descriptions to be written into database
1bd05d0 Interworking: Force normal scan for network selection
51e9f22 P2P: Add option to allow additional client channels
556b30d P2P: Add option to remove channels from GO use
e7ecab4 Use ARRAY_SIZE() macro
39044a7 Introduce ARRAY_SIZE() macro
2e94624 DFS: Handle radar event when CAC actived correctly
5eaf240 DFS: Fix overlapped() function to check only DFS channels
345276a DFS: Adjust center freq correctly for VHT20/VHT40
1dc17db DFS: Fix available channels list for VHT80
34068ac nl80211: Add debug prints on nl_recvmsgs() failure
10b8592 nl80211: Make eloop sockets non-blocking
5f65e9f nl80211: Abstract handling of sockets on eloop
e8d1168 nl80211: Register for IBSS auth frames before eloop
03610ad Clean up get_seqnum() use for IPN
29179b8 Stop ctrl_iface monitor send loop on reinit failure
a2a535f Remove unnecessary wpa_s->conf checks
3318376 Add explicit buffer length checks for p2p_build_wps_ie()
0f01201 Verify that readlink() did not truncate result
f5eb9da nl80211: Clean up if_add() for hostapd use
a288da6 OpenSSL: Fix memory leak on error path
6cb4f11 nl80211: Fix strerror() value in P2P Dev debug messages
35f8363 DFS: Add forgotten break statement
2f243b8 Remove os_strncpy()
24f051e Replace remainining strncpy() uses with strlcpy()
41c526f P2P: Fix snprintf buffer length for group ifname backup

Change-Id: I2e1506cb9219a5a37efbb2ae0dc180fb081c809f
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
/external/wpa_supplicant_8/src/crypto/tls_openssl.c
051af73b8f8014eff33330aead0f36944b3403e6 22-Oct-2013 Dmitry Shmidt <dimitrysh@google.com> Cumulative patch from commit 538922a628d4f5403b9a96b171a59235bcb3d921

538922a dbus: Add boolean AllowRoam option to Scan() method options dictionary
c6f5dec Don't start second scan when changing scan interval
cd3b070 nl80211: Fix DFS radar event parsing
2b72df6 nl80211: Free BSS structure even if netdev does not exists
41cc50d nl80211: Update send_action_cookie on AP-offchannel-TX path
313424d GAS: Add support for multiple pending queries for the same destination
cbc5484 GAS: Do not start new scan operation during an ongoing GAS query
c377514 GAS: Delay GAS query Tx while scanning/connecting
24c694b GAS: Delay GAS query Tx while another query is in progress
7255983 WPS: Clear after_wps from number of new locations
73b54d6 P2P: Fix Operating Channel in Invitation Request for operating group
dc46fd6 P2P: Cancel offchannel TX wait on Invitation Response RX
0c92963 D-Bus: Clean up debug print for P2P invitation result
8d82c21 P2P: Fix PD retry channel on join-a-group case
d285888 P2P: Add GO BSS entry details to debug log on join-a-group
512629a P2P: Accept Invitation Response non-success without Channel List
e241b1b eap_proxy: Fix IMSI fetch for home vs. visited network determination
db13605 EAP-AKA/AKA' peer: Allow external USIM processing to be used
569ccf7 EAP-SIM peer: Allow external SIM processing to be used
84dc137 hlr_auc_gw: Add GSM-AUTH-REQ command
a5d44ac EAP peer: Add framework for external SIM/USIM processing
7e8bc7d eapol_test: Initialize BSS lists
bceb843 Send CTRL-RSP command response before processing EAPOL update
b607796 eapol_test: Fix external EAP request mechanism
94de082 eapol_test: Initialize wpa_s->global to fix ctrl_iface
f07bba3 Android: Add dfs.c into build
0cf0af2 WNM: Set Disassoc Imminent flag in ESS Disassoc Imminent frame
f47c145 Interworking: Add required_roaming_consortium parameter for credentials
a83e574 GAS: Update timeout from TX status handler
e88060e HTTP server: Allow TCP socket to be reused
9bc3386 Add test option for specifying hardcoded BSS Load element
9c7e43a Define BSS Load element id
56f5af4 Interworking: Add support for QoS Mapping functionality for the STA
850e1c2 atheros: Add support for QoS Mapping configuration
c551700 Interworking: Add support for QoS Mapping functionality for the AP
ac1bc54 Interworking: Add domain_suffix_match for credentials
463c8ff Interworking: Add support for multiple home FQDNs
01f809c Add AAA server domain name suffix matching constraint
be7963b OpenSSL: Fix code indentation in OCSP processing
899cc14 hostapd: Add support for DFS with 160 MHz channel width
6de0e0c Mark DFS functions static and rename them
58b73e3 hostapd: DFS with 40/80 MHz channel width support
846de15 DFS: Add more parameters to radar events
04e8003 nl80211: Use struct hostapd_freq_params with start_dfs_cac
72c753d hostapd: Split hostapd_set_freq to helper function
e76da50 hostapd: Add AP DFS support

Change-Id: Ie9ed4662ba6d81e6d8b14bccb29ffa192becf0f2
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
/external/wpa_supplicant_8/src/crypto/tls_openssl.c
5605286c30e1701491bd3af974ae423727750edd 04-Oct-2013 Dmitry Shmidt <dimitrysh@google.com> Cumulative patch from commit 8b3b803ab9fe69650da7e3b2ee9e44f0f054ee0a

8b3b803 Include Extended Capabilities element based on scan results
6903ee6 P2P Extend postponing of concurrent scans for persistent GO
77e3094 hlr_auc_gw: Fix max_chal value validation
3e6547b hlr_auc_gw: Add support for processing command line operations
2b5b875 EAP-AKA server: Fix AUTS processing
9a50ee6 hlr_auc_gw: Update file comments to mention Milenage
5388dc9 Document use of Linux capabilities instead of privileged process
a771c07 Add driver status information to control interface
739faee nl80211: Add some more debug prints for mgmt frame TX
f78f278 nl80211: Fix off-channel Action frame TX from GO with use_monitor
298f518 Get rid of compiler warning in no-CONFIG_CTRL_IFACE builds
ea61aa1 Add no_ctrl_interface config param to clear ctrl_interface
25b65a1 Make sure updated BSS entry does not get added twice to the list
bbc6c72 P2P: Use group formation timeout on persistent group GO
41f8532 P2P: Extend group formation timeout on GO to first data connection
20625e9 P2P: Remove P2P groups on process termination
76fe79e Register wpa_msg callback even if only global ctrl_iface is used
af96448 nl80211: Add more debug prints for send_mlme operations
5d4c78f nl80211: Reset nlmode to station on leaving IBSS
0249c12 Avoid compiler warning with CONFIG_NO_STDOUT_DEBUG=y
ed1bf01 Allow hostapd config file for dynamically added interface
97bacf7 Do not clear hostapd configuration parameters on disable-iface
66f4dd1 hostapd: Fix couple of deinit path cases to clear pointers
f18b781 nl80211: Print more debug info on management frame RX information
89286e9 Re-open ctrl_iface socket on some failure cases as a workaround
3ca96df atheros: Compile fix for driver code not defining IEEE80211_APPIE_FRAME_WNM
762c92a OpenSSL: Split OCSP peer_cert/peer_issuer debug output into parts
f224cf0 HS 2.0: Allow printf format parsing with language:name strings
913c19c Fix wpa_config_parse_string() to null terminate printf decoded values
04e533e Fix language string length validation in parse_lang_string()
742e715 Simplify ctrl_iface sendto() use
6668efd Clear frequency list on empty value
1a9f247 Make scan_freq field to be saved by save_config
aa78cd3 Drop EAP packet with code 10 before EAPOL state machine processing
3cc247a Use configured sched_scan interval for the PNO scan
d047ae6 WPS: Ignore PBC-to-PIN change from M1 to M2 as a workaround
79986bf Print ctrl_iface sendto() failures into debug log
eab2b50 P2P: Cancel group formation timeout on client connection
00eb299 P2P: Fix operation channel configuration update

Change-Id: I9269e23bc8019b951c2a2d3c707562b2e006148b
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
/external/wpa_supplicant_8/src/crypto/tls_openssl.c
0d16a24facb038db649f4baeb6e6709880adfd98 12-Jul-2013 Dmitry Shmidt <dimitrysh@google.com> Merge "Accumulative patch from commit 1075b2957169d8f9d6dddd7679339c751dc9515b"
34af306c42b7ccf956508e7cd23f0ba90606e360 11-Jul-2013 Dmitry Shmidt <dimitrysh@google.com> Accumulative patch from commit 1075b2957169d8f9d6dddd7679339c751dc9515b

1075b29 P2P: Report group formation failure on error to start GO mode
b62b29e Do not block on ctrl_iface monitor events
eb7ddbf WPS: Stop SSDP service before freeing the pending entries
98cbc0a Remove forgotten Xcode defines
0b9d3b2 Interworking: Relax 3GPP info PLMN matching for MNC
c7a67a7 WPS: Disconnect when removing existing WPS network block
fe65847 EAP-EKE: Add server implementation
7e7610d EAP-EKE: Add peer implementation
489202d EAP-SAKE: Use configured server identity
a607b42 EAP-PSK: Use configured server identity
15b042b EAP-MSCHAPv2: Use configured server identity
162865b EAP-IKEv2 server: Use configured server identity
8f89d82 EAP-GPSK server: Use configured server identity
67fe933 Add server identity configuration for EAP server
06aeff5 dbus: Register the AutoScan method call at the right place
78f79fe P2P: Do not add ctrl interface for P2P_DEVICE (p2p-dev-*)
1c42b42 P2P: Fix TDLS and l2_packet init without P2P Device interface
9e6a321 Fix non-P2P build after the P2P_DEVICE changes
d53d259 Fix build with older OpenSSL versions
54d4ba4 nl80211: Silence a compiler warning with older gcc versions
2e5ba4b P2P: Derive group interface name bit more sensibly
c68f620 P2P: Create P2P Device interface if supported
851b0c5 nl80211: Do not indicate P2P_DEVICE support by default
bb4028f P2P: Ignore p2p_no_group_iface when driver advertizes P2P_DEVICE support
7940c79 nl80211: Use wdev id when cancelling wait for frame using P2P_DEVICE
f608081 nl80211: Verify P2P GO/client address with all interface addresses
5fbcb45 nl80211: Fix determining phy name for P2P Device
27ce1d6 nl80211: Fix nl80211_get_wiphy_index() for P2P Device
080585c Add support for OCSP stapling to validate server certificate
72950ed P2P: Remove a call to wpas_p2p_deinit_global()
ab7a1ad nl80211: Fix P2P group interface creating using P2P Device
fa93de4 nl80211: Use wdev_id in nl80211_create_iface_once()
fdc554b nl80211: Use wdev id to obtain P2P Device scan results
597b94f nl80211: Add .get_mac_addr() callback for P2P Device
8e12685 nl80211: Rework setting interface mode
91724d6 nl80211: Introduce i802_set_iface_flags()
eb4582f nl80211: Remove P2P Device interface upon .deinit()
f632e48 nl80211: Fix P2P Device interface initialization
e472e1b nl80211: Handle creation of P2P Device interface
01517c8 nl80211: Allow Android P2P functionality
6bae92e nl80211: Add support for P2P Device in add interface
d6dcfcd nl80211: Add a handler to create_interface
d3aaef8 nl80211: Hold wdev identification for P2P Device
7aad838 nl80211: Identify if nl80211 is capable of P2P Device abstraction
6a71413 nl80211: Rename is_p2p_interface
8393e1a nl80211: Print interface name on set_key()
80ebfd9 VLAN: Avoid access to non-existing interfaces
4345fe9 bridge: Track inter-BSS usage
459eee9 bridge: Use safe default bridge interface
2aaeedf bridge: Give bridge name in per-bss configuration
8a901d7 D-Bus: Emit signal when a station is authorized or deauthorized
9578329 Add AVG_RSSI report in signal_poll
2cc8d8f Add bandwidth and center freq info to signal_poll
1e0e943 Remove 802.11b rates only in case of P2P group operation
2090a0b nl80211: Add prints for kernel events
8743676 TDLS: Validate ext_supp_rates in copy_supp_rates
85b4eac P2P: Do not reply to 802.11b-only Probe Request frames as GO
ec7b97a Interworking: Add support for using eap_proxy offload
4331263 Fix session timeout after ANQP dummy STA entry with SME-in-driver
56cb4e1 wpadebug: Add option to ignore SSL errors
aa20e1a Remove CONFIG_NO_WPA2 build parameter
5d5c4ee Remove compiler warnings with CONFIG_NO_SCAN_PROCESSING
9aaa695 Remove compiler warnings if TDLS is enabled without WPA2
84ae1d4 Fix WNM build without WPA2
c33d5eb Fix build without WPA2 or EAP
1aef400 IBSS RSN: Implement disconnect() callback using sta_deauth()

Change-Id: I4593be5b1478f6532da917423b1d2afa95fb8020
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
/external/wpa_supplicant_8/src/crypto/tls_openssl.c
e6cf61356701e87728df492dee978eb08c994ca0 27-Jun-2013 Kenny Root <kroot@google.com> am 65699d14: am 499d6840: Merge "Remove obsolete keystore path"

* commit '65699d14fab37ab374ce46c6192d4e9b56ec26c1':
Remove obsolete keystore path
7f401806ed4775e4230dc3265d2c70b61c7c7e4e 26-Jun-2013 Kenny Root <kroot@google.com> Remove obsolete keystore path

It's not possible to get a raw private key from keystore anymore, so
this would fail every time anyway. Remove it so it doesn't confuse
anyone that looks at this code.

Change-Id: I021fc1707b16474d8698c85055a6fcc4095cd215
/external/wpa_supplicant_8/src/crypto/tls_openssl.c
ea69e84a6f4455c59348485895d3d5e3af77a65b 13-May-2013 Dmitry Shmidt <dimitrysh@google.com> Accumulative patch from commit 455299fb40d79bcbeaedcfbc04d00ac8330bbbdd

455299f nl80211: Fix foreign address filtering for MLME frame events
e679f14 Mark interface disconnected on removal request
3636b89 Do not try auto connect mechanism in disconnected state
0cdb93f Do not add BSS to blacklist on local disconnection request
36b9883 Defer scan if connection is in progress on any of the shared interfaces
7c0e1e2 tls_openssl: Store TLS context per-connection
732118e Rename hostapd_parse_rates() to a more generic int list parser
b113a17 DFS: Add ieee80211h hostapd configuration parameter
695c703 nl80211: Add driver_ops for stopping AP beaconing
f90e9c1 nl80211: Add driver_ops for starting radar detection
fc96522 nl80211: Add channel flags for DFS state information
f295d0c nl80211: Add driver capability flag for radar detection
04be54f nl80211: Add driver events for radar detection
a7505b1 eloop: Allow to run event loop multiple times in a row
6124e85 wpa_supplicant: Allow vifs to scan only current channel
893a0a5 systemd: Fix systemd interface alias

Change-Id: I0a39a6868562cd458202285fed8986ac81a0cef2
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
/external/wpa_supplicant_8/src/crypto/tls_openssl.c
3f3ca3bb849b192d41b99aae775f6fc52f67118d 13-Nov-2012 Kenny Root <kroot@google.com> Switch keystore to binder

Change-Id: Idfcff5f2799863075160cc6c2565f2fe774c2552
/external/wpa_supplicant_8/src/crypto/tls_openssl.c
61d9df3e62aaa0e87ad05452fcb95142159a17b6 30-Aug-2012 Dmitry Shmidt <dimitrysh@google.com> wpa_supplicant: Update to 29-Aug-2012 TOT

commit 6ffdc2f7bd496ace7a46e055f9714e7db4b1f722
Author: Jouni Malinen <jouni@qca.qualcomm.com>
Date: Fri Mar 2 22:31:04 2012 +0200

WFD: Add preliminary WSD request processing and response

This commit does not yet address support for different device roles,
i.e., the same set of subelements are returned regardless of which
role was indicated in the request.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>

Change-Id: I9d63acce719b982c02e589bb59602382e82988c8
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
/external/wpa_supplicant_8/src/crypto/tls_openssl.c
21a1e4c6e69742ba96f610b4b0db2e5a2d95528a 27-Jul-2012 Brian Carlstrom <bdc@google.com> am 27bf1073: Use SSL_OP_NO_TLSv1_1 SSL_OP_NO_TLSv1_2 SSL_OP_NO_TICKET for better wpa_supplicant_8 interoperability

* commit '27bf1073abe534644cc1146397082cc78873f516':
Use SSL_OP_NO_TLSv1_1 SSL_OP_NO_TLSv1_2 SSL_OP_NO_TICKET for better wpa_supplicant_8 interoperability
27bf1073abe534644cc1146397082cc78873f516 26-Jul-2012 Brian Carlstrom <bdc@google.com> Use SSL_OP_NO_TLSv1_1 SSL_OP_NO_TLSv1_2 SSL_OP_NO_TICKET for better wpa_supplicant_8 interoperability

Bug: https://bugs.launchpad.net/ubuntu/+source/wpasupplicant/+bug/969343/comments/72
Bug: http://w1.fi/bugz/show_bug.cgi?id=447#c7
Bug: http://code.google.com/p/android/issues/detail?id=34212
Bug: 6883259
Change-Id: Ib53326cc8cd40e800454b7b92586c052bc910ba8
/external/wpa_supplicant_8/src/crypto/tls_openssl.c
04949598a23f501be6eec21697465fd46a28840a 19-Jul-2012 Dmitry Shmidt <dimitrysh@google.com> wpa_supplicant: Update to 07-Jul-2012 TOT

commit a5ed45586c63ffd8f9d2b44e27c251d7bacbeaf4
Author: Jouni Malinen <j@w1.fi>
Date: Sat Jul 7 13:01:45 2012 +0300

WPS SSDP: Fix socket leaks on error paths

Change-Id: I0864aac7fc88fa2a60f5cca7d524b94363410c85
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
/external/wpa_supplicant_8/src/crypto/tls_openssl.c
db3c5a43353099fd4771f3b7a13efae905878ce9 21-Mar-2012 Kenny Root <kroot@google.com> Use keystore ENGINE for private key operations

The new keystore ENGINE is usable to perform private key operations when
we can't get the actual private key data. This is the case when hardware
crypto is enabled: the private key never leaves the hardware.

Subsequently, we need to be able to talk to OpenSSL ENGINEs that aren't
PKCS#11 or OpenSC. This just changes a few #define variables to allow us
to talk to our keystore engine without having one of those enabled and
without using a PIN.

Change-Id: Iabab5077c3d167a1e13bc8ef8745dc59ad4d62f7
/external/wpa_supplicant_8/src/crypto/tls_openssl.c
c5ec7f57ead87efa365800228aa0b09a12d9e6c4 07-Mar-2012 Dmitry Shmidt <dimitrysh@google.com> Update to new version 0.8.22 from BRCM

- Based on 0c01d65 : Ignore TX status for Data frames from not associated
STA

Change-Id: I2776ff8e292593f407bf5b9177640c512e06bf0d
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
/external/wpa_supplicant_8/src/crypto/tls_openssl.c
1f69aa52ea2e0a73ac502565df8c666ee49cab6a 25-Jan-2012 Dmitry Shmidt <dimitrysh@google.com> Update to new version 0.8.16 from BRCM

Sync with main tree commit b8349523e460493fa0b4de36c689595109e45e91
Author: Neeraj Kumar Garg <neerajkg@broadcom.com>
Date: Tue Dec 27 23:21:45 2011 +0200
P2P: Reject p2p_group_add if forced frequency is not acceptable

Change-Id: Icb4541a371b05c270e80440d7a7fdea7f33ff61e
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
/external/wpa_supplicant_8/src/crypto/tls_openssl.c
c55524ad84d13014e8019491c2b17e5dcf13545a 07-Jul-2011 Dmitry Shmidt <dimitrysh@google.com> Accumulative patch from commit 8fd0f0f323a922aa88ec720ee524f7105d3b0f64

Fix D-Bus build without CONFIG_P2P=y
nl80211: Allow AP mode to be started without monitor interface
nl80211: Process association/disassociation events in AP mode
DBus/P2P: Adding decl for PersistentGroupRemoved signal
DBus/P2P: Rectified type of SecondaryDeviceTypes in device property Get
P2P: Only call dev_lost() for devices that have been dev_found()
wpa_cli: Add missing parameter for P2P_GROUP_ADD command
wpa_supplicant: Respect PKG_CONFIG variable if set in the environment
TLS: Add support for tls_disable_time_checks=1 in client mode
hostapd: Clear keys configured when hostapd reloads configuration
Add dbus signal for information about server certification
Move peer certificate wpa_msg() calls to notify.c
wpa_supplicant AP: Disable AP mode on disassoc paths
wpa_s AP mode: Enable HT20 if driver supports it
Allow PMKSA caching to be disabled on Authenticator
FT: Disable PMKSA cache for FT-IEEE8021X
FT: Clear SME ft_used/ft_ies when disconnecting
8fd0f0f323a922aa88ec720ee524f7105d3b0f64

Change-Id: I6ae333196c36ffa7589662d5269fabfc3b994605
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
/external/wpa_supplicant_8/src/crypto/tls_openssl.c
8d520ff1dc2da35cdca849e982051b86468016d8 09-May-2011 Dmitry Shmidt <dimitrysh@google.com> wpa_supplicant: Initial Revision 0.8.X

Based on:
commit 0725cc7b7efc434910e89865c42eda7ce61bbf08
Author: Jouni Malinen <j@w1.fi>
Date: Thu Apr 21 20:41:01 2011 +0300

Enable CONFIG_DRIVER_NL80211=y in the default configuration

nl80211 should be preferred over WEXT with any recent Linux
kernel version.

Change-Id: I26aec5afbbd4f4a1f5fd900912545b6f5050de64
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
/external/wpa_supplicant_8/src/crypto/tls_openssl.c