History log of /external/wpa_supplicant_8/hostapd/src/crypto/tls_openssl.c
Revision Date Author Comments (<<< Hide modified files) (Show modified files >>>)
57c2d39d85825f38c5fdac9b73bb0088406ffc85 23-Feb-2016 Dmitry Shmidt <dimitrysh@google.com> Cumulative patch from commit 077dcfb8c48d2509a6e116c0de3ad57d2fbfe4fe

077dcfb AP: Debug print management frame TX result
ca911d6 MBO: Parse non-preferred channel list on the AP
3f48274 WNM: Fix a memory leak on AP error path
f5ca176 VLAN: Fix vlan_compare() for tagged VLANs
1260564 hostapd_cli: Add support for RAW command
940491c MBO: Mandate use of PMF for WPA2+MBO association (STA)
4c57228 MBO: Mandate use of PMF for WPA2+MBO association (AP)
8dd49f0 MBO: Update STA cellular data capability based on WNM Notification
6332aaf MBO: Track STA cellular data capability from association request
f3cb7a6 WNM: Minimal processing for WNM Notification Request frames on AP
e578343 MBO: Indicate WNM-Notification support on AP when MBO is enabled
990b7b6 Simplify hostapd_build_ap_extra_ies() with helper functions
d010048 MBO: Expire non-matching bss_tmp_disallowed entries as part of check
f4c74e1 MBO: Parse MBO IE in ieee802_11_parse_elems()
016082e MBO: Send WNM-Notification when cellular capabilities change
c0e2a17 hostapd: Add MBO IE to BSS Transition Management Request frame
fb9a1c3 hostapd: Add MBO IE to Beacon, Probe Response, Association Response
c484b19 Move Hotspot 2.0 element in (Re)Association Request frames
a0c38e5 Re-order elements in (Re)Association Request frames
9a493fa WNM: Add candidate list to BSS transition query
84d1c0f WNM: Add candidate list to BSS transition response
cf11ab7 utils: Derive phy type by frequency and bandwidth
c8082d2 MBO: Add MBO IE to BSS Transition Management Response frame
dd59990 MBO: Parse MBO IE in BSS Transition Management Request frames
5e57ba2 MBO: Add Supported Operating Classes element to Association Request
7d46f58 MBO: Add global operating class definitions
cb06cf3 MBO: Prevent association to APs that explicitly disallow this
c5d193d MBO: Add cellular capability to MBO IE
2d5b861 MBO: Send MBO WNM-Notification Request frames to notify changes
92c6e2e MBO: Implement MBO non-preferred channel report in Association Request
facf2c7 MBO: Add non-preferred channel configuration in wpa_supplicant
425dd78 MBO: Add Multi Band Operation definitions
a159958 ndis: Use the new get_ie() helper to avoid duplicated code
231b04b utils: Share a single helper function to get IE by ID
ea69d97 wpa_supplicant: Share a single get_mode() implementation
75cc211 VLAN: Check vlan_desc validity in a failure debug print
43022ab Use 64-bit TX/RX byte counters for statistics
3f81ac0 AP: Set STA assoc flag in the driver before sending Assoc Resp frame
bb598c3 AP: Add support for full station state
dc55b6b nl80211: Add support for full station state operations
5558b99 EAP-FAST peer: Remove fixed return value from eap_fast_parse_phase1()
4b16c15 EAP-pwd server: Use os_get_random() for unpredictable token
239952b DFS: Remove the os_random() fallback
98a516e WPS: Use only os_get_random() for PIN generation
f441e5a Use os_get_random() for Shared Key authentication challenge
8c676b5 Add RADIUS Service-Type attribute with a value of Framed
09d96de mesh: Drop Authentication frames from BLOCKED STA
70c9396 SAE: Fix PMKID calculation for PMKSA cache
1492fbb Print Acct-Session-Id and Acct-Multi-Session-Id 64-bit values
e21ceca kqueue: Use 0 instead of NULL for udata
640b0b9 ctype functions require an unsigned char
a5a3efc Fix compile on NetBSD for vlan
a084c24 wired: Fix compile on NetBSD for wired driver
634e2e2 Add CONFIG_ELOOP_KQUEUE to defconfig
99a94f5 nl80211: Avoid wpa_printf %s call with NULL pointer in set_param()
ba91e92 wpa_supplicant: Parse ifname argument from DATA_TEST_CONFIG
8be640b VLAN: Add per-STA vif option
d0bdc96 VLAN: Actually add tagged VLANs to AP_VLAN
f9c0018 VLAN: Factor out per-vid code in newlink/dellink
8e44c19 radius: Add tagged VLAN parsing
1889af2 VLAN: Separate station grouping and uplink configuration
3a583e0 OpenSSL: Fix PKCS#12 parsing of extra certificates with OpenSSL 1.0.1
ddd0032 wpa_cli: Clean up logical operation
24c382a TDLS: Clean up os_memcmp use
6136d43 trace: Free symbols on program exit
8bcf8de OpenSSL: Fix memory leak in PKCS12 additional certificate parsing
03e3ddf OpenSSL: Fix memory leak in HMAC_CTX compatibility wrapper function
d9a0f69 OpenSSL: Fix memory leak in OCSP parsing
29bc76e OpenSSL: Do not use library init/deinit functions with 1.1.0
0f09637 OpenSSL: Fix memory leak in subjectAltName parsing
e60913b curl: Fix memory leak in subjectAltName parsing
6014890 OpenSSL: Fix memory leak with EVP_CIPHER_CTX_new()
99a1735 rfkill: Fix a memory leak
1f1e599 OpenSSL: Fix memory leak on error path
b907491 wpa_supplicant: Basic support for PBSS/PCP
86b5c40 nl80211: Basic support for PBSS/PCP
afa453a Sync with mac80211-next.git include/uapi/linux/nl80211.h
d1d8a2b EAP peer: Simplify buildNotify return
1314bc1 Clean up EAP peer PCSC identity functions

Change-Id: I9db475a2a4ebc88d2ee024319ed59a850636bb16
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
/external/wpa_supplicant_8/src/crypto/tls_openssl.c
b97e428f8acf1ecb93f38f8d0063d2f2fd0bc36e 08-Feb-2016 Dmitry Shmidt <dimitrysh@google.com> Cumulative patch from commit c06c9099f0d0827feae5622097bd8ac946eca5ea

c06c909 Use stronger PRNG for MS-MPPE-Send/Recv-Key salt
9e1f1bd eloop: Clean up coding style for eloop debug prints
f9982b3 Implement kqueue(2) support via CONFIG_ELOOP_KQUEUE
2e69bdd eloop: Add eloop_sock_requeue()
70f4f05 wpa_ctrl: Retry select() on EINTR
df9e2c2 D-Bus: Don't do <deny send_interface="..." /> in dbus service file
9684c75 mesh: Fix peer link counting when a mesh peer reconnects
83fe38b P2P: Fall back to no VHT when starting AP/P2P GO
360a9d5 P2P: Reduce off channel wait time for some P2P Action frames
1fc63fe RADIUS: Share a single function for generating session IDs
2cbc6ff RADIUS: Redesign Request Authenticator generation
b71a64a Send an Acct-Multi-Session-Id attribute in Access-Request packets
4260e1a Add Acct-Session-Id to Accounting-On/Off
d72a005 RADIUS: Use more likely unique accounting Acct-{,Multi-}Session-Id
d689317 EAPOL auth: Move radius_cui/identity freeing to eapol_auth_free()
0ae86f9 wpa_supplicant: Fix couple of C++ compiler errors with header files
9b6177a Add Event-Timestamp to all Accounting-Request packets
d179089 GAS: Calculate response buffer length of ANQP elements
dda091c OpenSSL: Fix server side PKCS#12 processing with extra certificates
443c8e1 OpenSSL: Fix possible null pointer dereference on an OCSP error path
a3cc64f Remove -w support from wpa_supplicant README
e265838 EAP-FAST: Fix an error path in PAC binary format parsing
f91e11f D-Bus: Fix p2p interface capability message
479f46c Do not send Acct-Authentic in Accounting-On/Off
696544e RADIUS: Do not include Acct-Terminate-Cause in Accounting-On/Off
236053e Make fallback from HT40 to HT20 work
cb22e3b BSD: Zero ifindex on interface removal
a8ef133 Android: Support multiple CA certs when connecting to EAP network
80ce804 WNM: Workaround for broken AP operating class behavior
af06093 BSD: Disable interface on down
dc0ad60 BSD: Use correct ifindex from route messages
5f17b2c BSD: __FUNCTION__ -> __func__
2088ecb OSU: Add debug printing of more LogotypeExtn fields
0b905c8 Add the selector suite into wpa_parse_wpa_ie_rsn() "invalid group cipher"
03a72ea VHT: Add an interoperability workaround for 80+80 and 160 MHz channels

Change-Id: Ief9174bdec380e81025e1467c47bf1656eb39cd9
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
/external/wpa_supplicant_8/src/crypto/tls_openssl.c
1d6bf427f4769edb60865a3999d01eeb8f8fcb19 20-Jan-2016 Dmitry Shmidt <dimitrysh@google.com> Cumulative patch from commit e15dcf6d1bc2725388555523effca75b1ffab735

e15dcf6 nl8021: Avoid potential memory leak on error path
17d32eb Allow re-write of ip_addr* configurations to conf file.
bcce934 dbus: Restrict DeviceName size to 32 characters in setter
7c70fe2 Sort options and reduce printf calls in wpa_supplicant usage text
6b418ce Fix wpa_supplicant build with IEEE8021X_EAPOL=y and CONFIG_NO_WPA=y
03269d5 AP: Print interface name in more STA events
9e8fde2 AP: Fix Deauth/Disassoc TX status timeout handling
269f9d5 EAP peer: Use ifdef PCSC_FUNCS to get rid of compiler warnings
c6e0b4b FST: Get rid of gcc extensions in structure/array initialization
2e3a41a hs20-osu-client: Fix check for osu_nai being available
ac2053b OpenSSL: Clean up openssl_digest_vector() to use a single implementation
5c9a337 OpenSSL: Clean up crypto_hash_*() to use a single implementation
587b045 LibreSSL: Fix build with LibreSSL
0daa9f6 EAP-TTLS peer: Fix success after fragmented final Phase 2 message
1eb87ae OpenSSL: Use EVP_CIPHER_CTX_new() to work with OpenSSL 1.1.0
3fb3bea OpenSSL: Update session_secret callback to match OpenSSL 1.1.0 API
814f43c EAP server: Simplify EAP method registration call
49a26bb EAP peer: Simplify EAP method registration call
7ce5603 EAP-WSC peer: Remove unused state values
449a316 bsd: Optimize socket use
4653ceb nl80211: Report disassociated STA / lost peer for the correct BSS
38af042 Drop OpenSSL 0.9.8 patches to add EAP-FAST support

Change-Id: Ib88c54b382c322d6151ed77e08f83329f918e3e8
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
/external/wpa_supplicant_8/src/crypto/tls_openssl.c
de47be75037bccd4a11b62eedb3d4aed1b36fa67 07-Jan-2016 Dmitry Shmidt <dimitrysh@google.com> Cumulative patch from commit 21cb63fffd1e766c8b989125394ed0bfb05e5a4b

21cb63f OpenSSL: Fix client certificate chain building after PKCS#12 use
12a81b6 ACS: Remove unreachable case from a debug print
896607d Remove a pointer check that can never be true
a95cc47 ACS: Be more consistent with iface->current_mode checks
6014e59 P2P: Print find_start in debug log when ignoring old scan results
64845c1 l2_packet: Extend bridge workaround RX processing to cover two frames
4a539ab l2_packet: Improve bridge workaround RX processing
7a36f11 EAP-PAX: Check hmac_sha1_vector() return value
1d20c66 P2P: Clear groups first on FLUSH command
27446e4 mesh: Do not force another peering exchange on driver event
cc64fe7 mesh: Do not clear link state on driver event if exchange was started
b5f5c32 mesh: Add some more details to MPM debug messages
7d41907 nl80211: Add a missing space to a debug message
6174de6 mesh: Connection and group started/removed events into debug log
2da4a56 Add more hostapd.conf documentation for hw_mode with HT/VHT
acc3943 EAP-PEAP peer: Cryptobinding in fast-reconnect case with inner EAP
cba9ebf P2P: Try SD Query with each non-ACK peer only once per search iteration
e9ccfc3 Clear wpa_supplicant state to DISCONNECTED on FLUSH command
aeb408f HS 2.0: Add some documentation for OSEN and network block use
4f6cd3f Fix wpa_supplicant AP mode P2P IE handling if P2P is disabled
92acb40 Fix wpa_supplicant build with CONFIG_L2_PACKET=pcap
15c5606 Update copyright notices for the new year 2016
6e379c6 WPS: Testing mechanism to force auth/encr type flags
ea31912 WPS: Add a workaround for WPA2PSK missing from Enrollee auth flags
db671e0 WPS: Do not build Credential with unsupported encr combination on AP
d7c3347 HS 2.0: Postpone WNM-Notification sending by 100 ms
750f5d9 EAP-FAST: Enable AES256-based TLS cipher suites with OpenSSL
1ebb24b OpenSSL: Share a single openssl_tls_prf() implementation
dea2051 OpenSSL: Clean up function to fetch client/server random
9a42d85 OpenSSL: Drop support for OpenSSL 1.0.0
de213e8 OpenSSL: Drop support for OpenSSL 0.9.8
e79eb0c P2P: Fix P2P_FIND while waiting for listen ROC to start in the driver
944f693 P2P: Stop offchannel TX wait on P2P_STOP_FIND/P2P_LISTEN
8edd9f1 P2P: Add an option to specify group SSID in P2P_CONNECT join case
70e0cb3 P2P: Provide group SSID, if specified, to P2P Client join step
438be60 P2P: Do not accept any GO BSS entry if SSID is specified for join
35510d5 P2P: Use join SSID in the skip-PD cases
8b8d4f4 P2P: Do not accept any BSS entry for join if SSID is already known
b875276 P2P: Use group SSID, if known, for join operation even if no BSS entry
aa256cb P2PS: Add group SSID, if known, to the P2PS-PROV-DONE event
071e3bf FST: Fix handling of Rx FST Setup Request when session already exists

Change-Id: Ia48764e8663232291160fb24153fa367b9ed3015
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
/external/wpa_supplicant_8/src/crypto/tls_openssl.c
014a3ff83915745d57480e99b47e281a82143c79 28-Dec-2015 Dmitry Shmidt <dimitrysh@google.com> Cumulative patch from commit 324ade51e168f28430f4429849becd0f08d507c0 (DO NOT MERGE)

324ade5 TLS: Make tls_cert_chain_failure_event() more robust
c6231b5 TLS: Remove storing of never-read value
15a6813 Remove unnecessary cleanup assignment in SHA1Final()
ef3866a nl80211: Don't call linux_iface_up() for a dedicated P2P Device
c2ed779 mesh: Document Mesh Peering Management element structure in more detail
b2817cd mesh: Check PMKID in AMPE Action frames
6c33eed mesh: Fix PMKID to match the standard
ede7770 wpa_supplicant: Do not wait for monitor on P2P Device interface
1c94570 Do not wait for monitor to attach if no control interface
f98674a Clone default LIBS value to LIBS_* for other tools
7d2f674 Add "GET_CAPABILITY acs" to allow ACS build option to be detected
d990971 wpa_supplicant: Enable Automatic Channel Selection support for AP mode
96bc508 Handle survey event properly in wpa_supplicant
d39f796 EAP-TNC peer: Remove dead code related to fragmentation
662512e P2PS: Remove dead code
abbbaa4 TNC: Print received IF-TNCCS message as debug ASCII hexdump
d745f02 EAP-TNC peer: Allow fragment_size to be configured
a67e7e5 RADIUS: Add EACCES to list of recognized send() errno values
5bd9be4 Fix RADIUS Called-Station-Id to not escape SSID
0764dd6 TLS client: Multi-OCSP check to cover intermediate CAs
d6b536f Add ocsp=3 configuration parameter for multi-OCSP
0268383 TLS: Move variable declaration to the beginning of the block
b567775 TLS client: OCSP stapling with ocsp_multi option (RFC 6961)
8ea6a27 TLS server: OCSP stapling with ocsp_multi option (RFC 6961)
5addb0d Server configuration for OCSP stapling with ocsp_multi (RFC 6961)
bca0872 TLS server: OCSP stapling
9532bd2 GnuTLS: OCSP stapling on the server side
6241766 Use wpa_msg() for the "RSN: PMKID mismatch" message
e161451 EAP-EKE: Merge identical error return paths
13cb0a6 EAP-EKE: Reject too long Prot() data when building a frame
0ab0de8 Document previously missing key_mgmt values

Change-Id: I9ac7d0da03d8baf4542e276ab20cb56e44bfa33c
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
/external/wpa_supplicant_8/src/crypto/tls_openssl.c
55840adb6cd32ca52064f327b72a40e769f70661 14-Dec-2015 Dmitry Shmidt <dimitrysh@google.com> Cumulative patch from commit 06f14421ea8644d12a7b0be6b583114869f9c451 (DO NOT MERGE)

06f1442 TLS: Parse OCSPResponse to extract BasicOCSPResponse
d560288 TLS: Parse CertificateStatus message
eeba168 TLS: Add status_request ClientHello extension if OCSP is requested
4303d53 TLS: Parse ServerHello extensions
6b7bb42 TLS: Add minimal support for PKCS #12
5ce2941 TLS: Extend PKCS #5 to support PKCS #12 style key decryption
f6a62df TLS: Fix and complete ASN.1 tag list
3c108b7 EAP peer: External server certificate chain validation
b6e5e14 EAP-FAST peer: Fix PAC parser error messages
5b904b3 EAP-FAST: Check T-PRF result in MSK/EMSK derivation
b1d8c5c EAP-FAST peer: Fix error path handling for Session-Id
36478a1 OpenSSL: Support new API for HMAC/EVP_MD_CTX in OpenSSL 1.1.x-pre1
9257610 FT: Fix FTIE generation for EAPOL-Key msg 3/4
e44bd28 FT: Fix sm->assoc_resp_ftie storing on the AP side
59e78c2 FT: Fix FTIE generation for 4-way handshake after FT protocol run
b0ecbd3 AP: Use more readable version of management group cipher in error cases
651c6a8 Add TEST_ASSOC_IE for WPA/RSN IE testing on AP side
58059e6 FST: Print debug entry on MB IE update based on EVENT_AUTH
af041f9 dbus: Add support for vendor specific elements
5c8acf7 EAP-IKEv2: Check HMAC SHA1/MD5 result
7b991b4 Use proper build config for parsing proxy_arp
4db29e6 TLS: Add support for PKCS #5 v2.0 PBES2

Change-Id: I10b71e4d3573ef60a52ea6ff56afcd3a06a0b7b0
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
/external/wpa_supplicant_8/src/crypto/tls_openssl.c
d7ff03d48f825360eec2a371e3361306f2fd721b 04-Dec-2015 Dmitry Shmidt <dimitrysh@google.com> Cumulative patch from commit bf3214b59321f67375df1ee85722b2beb74e1f7a

bf3214b P2P: Fix re-invoked client interface completion on data connection
63502c6 P2P: Fix P2P_CANCEL for p2p_in_invitation case
e007d53 EST: Comment out X509_REQ_print calls on Android with BoringSSL
e6f4832 EST: Add CSR generation support with BoringSSL
ed2566a EST: Implement pkcs7_to_cert() with BoringSSL
8d27efa HTTP (curl): OCSP with BoringSSL
213e158 BoringSSL: Move OCSP implementation into a separate file
f846211 BoringSSL: Support new SHA_CTX definition for EAP-SIM PRF
b34c623 OpenSSL: Fix build with current OpenSSL master branch snapshot
759a8a3 nl80211: Cancel all pending TX frame cookies
9ea91cd EAP-EKE peer: Fix memory leak on error path
328f49a P2P: Complete group formation on client data connection
0e559dc WPS: Support parallel UPnP WPS protocol runs
bea48f7 Allow sched_scan_plans to be updated at runtime
32c0226 Add support for configuring scheduled scan plans
09ea430 nl80211: Add support for multiple scan plans for scheduled scan
dd895e9 P2P: Make p2p_go_configured() more robust against unexpected calls
8811988 TLS client: Fix session_resumed status after TLS session ticket use
7fff91a Fix tls_connection_prf() regression with CONFIG_TLS=internal
1adf262 TLS: Add support for extKeyUsage X.509v3 extension
0755577 Add TEST_FAIL() support for internal hash functions
4104267 Fix memory leak on NFC DH generation error path
c5864dc TLS client: Add certificate chain validation failure callbacks
896a97d TLS client: Add support for disabling TLS versions
0cbc22b TLS client: Use TLS_CONN_* flags
20804fe TLS: Add support for tls_get_version()
f2a6ad0 TLS client: Add support for server certificate probing
b115eeb TLS: Add TLS v1.2 signature algorithm support for SHA384 and SHA512
c0acec3 crypto: Add CRYPTO_HASH_ALG_SHA384 and CRYPTO_HASH_ALG_SHA512
0aed915 TLS client: Add signature_algorithms extension into ClientHello
9e8809a TLS client: Validate certificates with SHA384 and SHA512 hashes
6bb6a9c Add SHA384 and SHA512 implementations from LibTomCrypt library
fdc1614 TLS client: Add support for validating server certificate hash
3665776 TLS client: Do not verify CA certificates when ca_cert is not specified
11c9ddb Add TEST_FAIL() condition to aes_128_cbc_encrypt/decrypt()
ea52a46 EAP-SIM peer: Fix memory leak on reauth error path
1a33c94 EAP-SAKE: Fix a typo in attribute parser debug print
53401e9 Abort ongoing scans on FLUSH command
e929eb3 wlantest: Add -N command line argument to remove write buffering
3c41749 hostapd: Add Transmit Power Envelope IE when VHT is enabled
2ea2166 Add control interface command for aborting an ongoing scan
4ead7cf Abort an ongoing scan before connect
4f30add nl80211: Add support for aborting an ongoing scan
5ef0b84 Sync with mac80211-next.git include/uapi/linux/nl80211.h
0530eb1 mesh: Clear wpa_s cipher selection on starting mesh
1d6955e nl80211: Fix SIGNAL_POLL in IBSS and mesh
0f29bc6 IBSS/mesh: Add support for VHT80P80 configuration
c27f4c9 P2P: Add support for VHT 80+80 MHz and 160 MHz
bee5d8e nl80211: Add VHT 160 MHz channel flags
5e1da9c P2P: Define operating classes for VHT 80+80 and 160
ea70811 FST: Improve parsing of Multiband IEs
b47d05a FST: Make FST peer connection check more permissive in hostapd
39c3c9b Remove wpa_supplicant/tests
9b635d0 Remove link_test and test_wpa
9e68742 Fix CONFIG_NO_WPA=y build
eb926f1 Comment out wpas_reenabled_network_time with CONFIG_NO_SCAN_PROCESSING
f231b3d FST: Fix STA MB IEs creation
ed7820b P2P: Add a testing option to force P2P GO CSA
6cbbae2 P2P: Set p2p_go_wait_client in invitation_result() cb
83702b6 Android: Give user the option for selecting browser for HS 2.0 OSU
cadffac wpa_cli: Add an option to set created interface type
0f039e3 Add an option to create interface of a certain type with INTERFACE_ADD
d8a3b66 driver: Make setting up AP optional when creating AP interface
36e8206 Check for LIBRESSL_VERSION_NUMBER in tls_openssl.c
2c51c0b P2P: Clear send action work without waiting on find/stop/listen
6bdc43c AP: Avoid 20/40 MHz co-ex scan if PRI/SEC switch is not allowed
757785d nl80211: Clear ignore_next_local_deauth flag
cb2a926 nl80211: Clear ignore_next_local_deauth and ignore_deauth_event
f32227e Add QCA vendor attribute and event to indicate subnet change status
d38c7be Skip SELECT_NETWORK steps only if already connected or connecting
25eb7fc Fix EAPOL reauth after FT protocol or offloaded PMKSA cache use
f68d491 FT auth: Fix EAPOL reauthentication after FT protocol run
a65efbf Add VHT support for Mesh
a73c984 Set WMM flag to Mesh STA by default
9a8d9f7 Assign QCA vendor command and attribute for Tx power reduction in dB
747ba10 nl80211: Do not return incomplete hw capability info
5e238cc WPS: Reconnect for a failed data connection when STA_AUTOCONNECT is 0
442cc8c dbus: Fix memory leak in sending InvitationReceived signal
0603bcb hostapd: Process MAC ACLs on a station association event (SME in driver)
89a11ad RSN: Remove check for proactive_key_caching while setting PMK offload
d381963 Extend QCA roam event with subnet change indication

Change-Id: I122220f59ef56e25ed2749a37370a40afafa177a
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
/external/wpa_supplicant_8/src/crypto/tls_openssl.c
d80a401aed31d06f261efd19223cf55d1a2a8228 06-Nov-2015 Dmitry Shmidt <dimitrysh@google.com> Cumulative patch from commit f10ff62e4eda7917a8e28fe492fd98723a5e97c4

f10ff62 Describe preferred mechanism for submitting contributions
fcdb359 Use "STATUS-NO_EVENTS" instead of "STATUS" in get_wpa_status function
73ed03f wpa_supplicant: Add GTK RSC relaxation workaround
ea6030c Restore previous wpa_state in scan-only result handler
1e74ae4 WNM: Clear BSS TM data if already associated with preferred candidate
d129b02 EAP-pwd: Add support for Brainpool Elliptic Curves
a34eace dbus: Remove unused dict helper functions
cdcb2d0 wpa_cli: Add support for vendor_elem_* commands
17b7032 EAP peer: Clear ignore flag in INITIALIZE state
1f1e619 Add test programs for checking libwpa_client linking
736b7cb wpa_supplicant/Makefile: Fix libwpa_client build
2e38079 TLS: Fix memory leak with multiple TLS server instances
7b0f550 eap_sim_db: Implement eap_sim_db_expire_pending()
45c3e72 Add frequency to operating class determination for 5 GHz 100..140
e50c50d dbus: Expose interface globals via D-Bus properties
1aa0fb7 dbus: Pass property description to getters/setters
c93b7e1 RSN: Check result of EAPOL-Key frame send request
95be79f Allow -1 as value to disable frag_threshold
bc50bb0 Extend the range of values for the RTS threshold
053693d hostapd: Add feature to start all interfaces at the same time in sync
9578413 Reserve QCA vendor specific nl80211 commands 110..114
5d4c508 Assign QCA commands and attributes for Tx power scaling and OTA testing
5d1d69a P2P: Filter control chars in group client device name similarly to peer
f67d1a0 TDLS: Do not send error case of TPK M3 if TX fails
1248e58 wpa_supplicant: Reopen debug log file upon receipt of SIGHUP signal
d8fd633 Do not write ERROR level log entries if debug file is not used
67deaa5 l2_packet: Add build option to disable Linux packet socket workaround
fa46426 RSN: Do not try to connect if PMF disabled and AP requires it
8acbe7f WNM: Verify WNM Sleep Mode element length
dacd789 WNM: Mark set TFS buffer const
...
f24b979 OpenSSL: Merge error returns
84d6a17 TLS: Remove unused tls_capabilities()
7867227 ms_funcs: Merge similar return cases
3596361 hw_features: Merge similar return case in check_40mhz_2g4()
aac1efe Reject the initial 4-way handshake if initial GTK setup fails
2da5256 Add backtrace-based error path testing mechanism
55413ce P2P: Do not allow 40 MHz co-ex PRI/SEC switch to force MCC

Next patches were skipped due to explicit cherry-pick:
bddc51e RSN: Stop connection attempt on apparent PMK mismatch
3fdaaa8 Throttle control interface event message bursts
a530fe7 Add wpa_supplicant EVENT_TEST control interface command
ee1e3f5 hostapd: Global control interface notifications
2e95cfc Add debug prints for wpa_supplicant ctrl_iface socket send operations
ce7d0eb Update AP WPA/RSN IE on all associations if driver can select BSS
844dfeb QCA vendor command support to set band to driver

Change-Id: I909996c5afcd3b5d123ea1e23c0e1212021f7625
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
/external/wpa_supplicant_8/src/crypto/tls_openssl.c
f291c682d490cef0b520b68e694a2bf97126b441 17-Aug-2015 Jouni Malinen <jouni@qca.qualcomm.com> BoringSSL: Fix session resumption

BoringSSL commit 533ef7304d9b48aad38805f1997031a0a034d7fe ('Remove
SSL_clear calls in handshake functions.') triggered a regression for
EAP-TLS/TTLS/PEAP session resumption in wpa_supplicant due to the
removed SSL_clear() call in ssl3_connect() going away and wpa_supplicant
not calling SSL_clear() after SSL_shutdown(). Fix this by adding the
SSL_clear() call into wpa_supplicant after SSL_shutdown() when preparing
the ssl instance for another connection.

While OpenSSL is still call SSL_clear() in ssl3_connect(), it looks to
be safe to add this call to wpa_supplicant unconditionally.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
/external/wpa_supplicant_8/src/crypto/tls_openssl.c
4171258d30a612645aa061cede62233b5c58ca2a 29-Jun-2015 Dmitry Shmidt <dimitrysh@google.com> Cumulative patch from commit 8c43ef8449bd4d2d0983db394770bd73f572b12d

8c43ef8 P2PS: Fix attribute addition in p2p_buf_add_service_instance()
a9ea609 P2PS: Fix p2p_find last parameter handling
6c73149 AP: Increase maximum value accepted for cwmin/cwmax
575e4f5 SAE: Reject FFC commit-element with value p-1
a406244 P2PS: Do not reply to ProbeReq on another channel when starting Listen
0c2b3f6 SAE: Reject commit-scalar value 1
4f39908 Send CTRL-EVENT-NETWORK-NOT-FOUND if no suitable network was found
123df27 D-Bus: Fix typos in debug print
ded14ce Android: Fix nl80211 build if BOARD_*_PRIVATE_LIB is unspecified
a140721 Android: Rename ANDROID_P2P_STUB to ANDROID_LIB_STUB
2ba4de3 D-Bus: Add documentation for wpas_dbus_signal_peer_groups_changed()
e48b5e2 D-Bus: Fix typo in dbus signal function documentation
09d5048 D-Bus: Add function documentation for wpas_dbus_unregister_interface()
adfbbd2 D-Bus: Add function documentation for wpas_dbus_register_interface()
c5967f0 D-Bus: Fix wpas_dbus_signal_p2p_invitation_result() documentation
4457f41 radius: Fix NULL dereference issue on allocation failure
f826fb1 OpenSSL: Handle EC_POINT_is_on_curve() error case
bbb5008 SAE: Use random "password" in extra hunting-and-pecking loops
eb5fee0 SAE: Add side-channel protection to PWE derivation with ECC
16841ab crypto: Add functions for computing the Legendre symbol and EC y^2
c4a13b4 OpenSSL: Add support for Brainpool Elliptic Curves
4584b66 SAE: Increase security parameter k to 40 based on Dragonfly recommendation
fdd731b SAE: Fix PWE generation to use minimum loop count (k) properly
8ec3332 SAE: Merge sae_derive_commit() error case return statements
d93abd4 SAE: Merge sae_get_rand() error case return statements
6a58444 SAE: Verify that own/peer commit-scalar and COMMIT-ELEMENT are different
4e7e688 Add crypto_ec_point_cmp()
8e2a3a4 dbus: Do not initialize variable twice
c1a14ef Do not check unsigned size is less than zero
fdc5608 OpenSSL: Remove SSL_CTX_{get,set}_app_data() compatibility wrapper
ba54933 libtommath: Fix mp_init_multi() stdarg use on error path
f6332b0 wpa_gui: Initialize WpaGuiApp::w in the constructor
f6df3f3 Use os_* wrapper more consistently
91b7a5e Use unsigned/signed printf format more consistently
59bae74 HS 2.0R2: Fix memory leak on error path in hs20-osu-client
c5ca73d P2P: Use offsetof() instead of local implementation
c3c5b5f ERP server: Make erp_send_finish_reauth() easier for static analyzers
6ce1bea bsd: Remove redundant NULL check in bsd_init()
c99df20 Remove redundant NULL check in ieee802_1x_encapsulate_radius()
2eb5967 AP: Add more 2.4 GHz channels for 20/40 MHz HT co-ex scan
5ed6519 hw_features: Merge similar return cases
4e37dd6 SAE: Simplify sae_prepare_commit() error path
04e6c4c Fix SAE group selection in an error case
3dce85c HS 2.0: Add WLAN RADIUS attributes in OSEN case
efd5d26 Remove unnecessary wpa_ie_len check from wpa_parse_wpa_ie_wpa()
ce8963f Remove WEP40/WEP104 cipher suite support for WPA/WPA2
ee140ef FT: Stop association attempt if Auth response processing fails (SME)
1887be4 Make check_20mhz_bss() static

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>

Bug: 22062116
Change-Id: Ie1d175f1faab24bf39ce81ead7a078e1e236badd
/external/wpa_supplicant_8/src/crypto/tls_openssl.c
a3dc30964aa24aea2b518246f6812663a1103490 23-Jun-2015 Dmitry Shmidt <dimitrysh@google.com> Cumulative patch from commit f43c1ae7989c38fe15756f12a9196a1cf798b4d7

f43c1ae P2P: Handle P2P Device dedicated interface parent removal
1ac977b nl8021: Allow sending wowlan configuration on any interface
4899702 nl80211: Remove android_genl_ctrl_resolve()
38dcc86 P2P: Consider ht/vht on P2P_GROUP_ADD command (with no params)
29292d5 ctrl_iface: Make p2p_ctrl_group_add() more robust
e4a80d8 P2P: Fix secondary channel selection for HT40
4e71758 dbus: Add RemoveClient method to remove a client from local GO
f0a79c9 D-Bus: Fix wpas_dbus_register_peer() documentation
95d62a6 D-Bus: Add missing params in WPS function documentation
790429b D-Bus: Fix function documentation for wpas_dbus_signal_p2p_go_neg_resp()
92fe746 D-Bus: Add function documentation for wpas_dbus_signal_p2p_go_neg_req()
e1dffa3 P2P: Fix PBC overlap detection
de7b02f P2P: Use the P2P Device interface in wpas_p2p_fallback_to_go_neg()
6b5147a P2P: Fix memory leak in p2p_process_nfc_connection_handover()
33ba27d EAP-FAST peer: Stop immediately on key derivation failure
144b6a0 OpenSSL: Fix memory leak on an openssl_tls_prf() error path
50a9efe P2PS: Fix Probe Response frame building in error cases
509f269 P2PS: Fix org.wi-fi.wfds matching when building the response
5fa5f84 P2PS: Add more debug prints for service info building
fdde3db P2PS: Remove unnecessary service hash filtering from p2p_reply_probe()
f2e0eec P2PS: Do not ignore other hashes if org.wi-fi.wfds hash is included
ebdc32f P2PS: Fix service hash matching for org.wi-fi.wfds
24533f7 P2PS: Fix p2p_find handling to allow "wildcard" with other hash values
f33a31b P2PS: Verify service name length in P2P_FIND command
129b621 P2PS: Fix P2P_FIND seek parameter parsing
83e520e P2PS: Add a wildcard with other advertised service info
c5d3cad P2PS: Re-factor p2p_buf_add_service_instance function
13f6f61 wpa_cli: Fix process termination in wpa_cli action mode case
b4c0f58 Clear allocated debug message buffers explicitly
14fd033 Clear control interface command explicitly from stack
d95c599 P2P: Fix group interface addition failure properly for concurrent case
e12c400 P2PS: Refactor p2p_data::query_hash and p2p_data::query_count use
4839da4 P2P: Add vendor elements into Invitation Response frames
886f583 P2PS: Delete p2ps_svc_found from struct p2p_data
3f048aa P2PS: Add a function to free a PD context
8f52409 P2P: Prefer direct Probe Response frames over GO's client list
4e8817f P2P: Use more precise device timestamping for group clients
0799b3f P2P: Specify frequency when sending Probe Response frame
5d180a7 drivers: Add freq parameter to send_mlme() function
5143e7e P2P: Fix return value of p2p_reply_probe() and p2p_probe_req_rx()
07c1e98 P2PS: Enable Probe Request frame processing by P2P Client
734ddf6 P2P: Add rx_freq parameter to Probe Request frame handler
e6012e8 P2P: Update target GO Device Address from BSS entry during join
a9a4841 Remove duplicated country code from operating class lists
132dfbe Fix removal of tagged interface and bridge when multiple BSS share them
e11776a Combine multiple function calls to a single statement
b649c0a dbus: Add Reconnect command to D-Bus Interface
f4a234a doc: Update D-Bus GONegotiationRequest Signal: add device_go_intent
0c9fb14 P2P: Add Operating class 125 for P2P supported channels

Change-Id: I782c1403985248ff994f484282efa6519fd369e9
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
/external/wpa_supplicant_8/src/crypto/tls_openssl.c
7a53dbb56693ee9f55c0cab1a8297436511e8613 11-Jun-2015 Dmitry Shmidt <dimitrysh@google.com> Cumulative patch from commit 57e832de37ea0a82e650d8230457e0868a01b72e

57e832d GAS: Remove all radio works before calling gas_query_deinit()
661888b P2P: Fix persistent group profile on manual disabled=2 change
1a2f7ca D-Bus: Add WPS pbc-overlap Event
4f36965 P2P: Add ModelNumber and SerialNumber info into D-Bus peer interface
2899cba P2P: Add ModelName info into D-Bus peer interface
8bb5cfe doc: Add missing ListenChannel to P2P information
995a3a0 Document the wpa_msg_cb "global" parameter
e66bced Do not set own_disconnect_req flag if not connected
8d2ed87 wpa_gui: Port to Qt5
e1ede80 eapol_test: Support IPv6 for authentication server
e19c1d2 Fix pairwise cipher suite bitfields to the driver in mixed mode
ee120ff Remove [MU-BEAMFORMEE] option from hostapd vht_capab parameter
c5ee4dd Fix spelling of initialize in a comment and an error message
aa2b125 P2P: Add GO Intent of connecting device in GO Negotiation Request event
cf60962 doc: Fix a typo in D-Bus API document
f13e815 Set Acct-Session-Id from os_get_random() instead of os_get_time()
92f190a OpenSSL: Fix build iwth OpenSSL 0.9.8
a80651d Add support to request a scan with specific SSIDs
94687a0 WPS: Allow the priority for the WPS networks to be configured
09d57ce wpa_supplicant: Remove trailing whitespace
0980c7f hostapd: Make sure band selection does not result in NULL dereference

Change-Id: I32154fcf606169fc1e3e3a653e80c99f058f8e95
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
/external/wpa_supplicant_8/src/crypto/tls_openssl.c
1d755d025b206e22b06aeb322e25a79f98ca7777 28-Apr-2015 Dmitry Shmidt <dimitrysh@google.com> Cumulative patch from commit 01a025937c67f0eca6021d94b8ec3b144f8b1730

01a0259 WPS: Add support for 60 GHz band
0ef1e29 WPS: Fix shorter authentication timeout during no-SelReg iteration
3465176 nl80211: Verify that cipher suite conversion succeeds
a250722 Try to set PMK only with key mgmt offload support in the driver
4a7ce98 Make IPv6 NA multicast-to-unicast conversion configurable
9f390f4 Interworking: Fix network selection warning without SIM/USIM support
a0ad9e8 Remove WPA per-VLAN groups when no more stations remain
87b5b53 Make VLAN ID available in STA info over control interface
5678a2d P2P: Allow wpa_supplicant to start if social channels are not supported
209214b vlan: Move CONFIG_FULL_DYNAMIC_VLAN includes to proper places
a6da824 Do not use C++ reserved words as variable names
eaa3728 wpa_gui: Themed icon loader
9a3cb41 Fix wpa_priv (CONFIG_PRIVSEP=y) build
8b423ed Declare all read only data structures as const
fd4fb28 OpenSSL: Try to ensure we don't throw away the PIN unnecessarily
fabc6dd mesh: Retransmit the last Commit Message in the Committed state
068669f vlan: Verify RADIUS returned VLAN-ID and dynamic_vlan=required
5add410 WPS: Use shorter authentication timeout during no-SelReg iteration
e7d2034 WPS: Enforce five second minimum time before AP iteration
bd143cc Remove trailing whitespace from Makefile
74802c0 P2P: Do not create a P2P Device interface if P2P is disabled
579674e Document p2p_disabled option in wpa_supplicant.conf
8ea8a89 nl80211: Extend unique MAC address assignment for station iftype

Change-Id: I8bc8a63f37c0892b83376b9d5a5859827ae50554
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
/external/wpa_supplicant_8/src/crypto/tls_openssl.c
1eb02edb319d462031f0c2f1f3548498558e95a5 22-Apr-2015 Adam Langley <agl@google.com> wpa_supplicant_8: fix keystore-backed keys

The switch to BoringSSL broke keystore backed keys because I didn't
realise that wpa_supplicant was using the dynamic ENGINE loading to load
the keystore module.

The ENGINE-like functionality in BoringSSL is much simplier and this
change should enable it. However, I don't have a suitable AP to test
against.

BUG=20460625

Change-Id: I798deb29264484788c6222385bcc104a34245e2b
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
/external/wpa_supplicant_8/src/crypto/tls_openssl.c
9d9e60286e05ae45025b672636490bd12586138d 23-Apr-2015 Dmitry Shmidt <dimitrysh@google.com> Cumulative security patch from commit ca68a8b561c48393c8ba25055ce294caaa3ac008

ca68a8b WPS: Explicitly reject Public Key attribute with unexpected length
6b94f71 WPS: Truncate variable length string attributes to maximum length
f4b64c6 Simplify VHT Operation element parsing
d6fefd6 Simplify HT Operation element parsing
40baac0 Simplify VHT Capabilities element parsing
baae4cb Simplify HT Capabilities element parsing
b39a059 Simplify Timeout Interval element parsing
e8997b9 Simplify ERP element parsing
f87c99c Simplify DSSS Parameter Set element parsing
ae7a42b FT: Check FT, MD, and Timeout Interval length in the parser
c9bf7b6 Fix a memory leak on mesh_attr_text() error path
2531036 FT: Fix WMM TSPEC validation in driver-based AP MLME case
632931c P2P: Use WPS_SEC_DEV_TYPE_MAX_LEN in P2P array definition
0f5acfb Use common is_ctrl_char() helper function
5a041ac WPS: Ignore too long SSID attribute
d6c3067 Replace SSID_LEN with SSID_MAX_LEN
eaa8eef Replace MAX_SSID_LEN with SSID_MAX_LEN
81847c2 Replace HOSTAPD_MAX_SSID_LEN with SSID_MAX_LEN
6fb761c Replace WPA_MAX_SSID_LEN with SSID_MAX_LEN
d9d1b95 Use SSID_MAX_LEN define instead of value 32 when comparing SSID length
65b1025 WPS: Ignore too long Device Name attribute
cc6f243 Add WPS_DEV_NAME_MAX_LEN define and use it when comparing length
dd3d857 P2PS: Check for maximum SSID length in Persistent Group Info
05e46a9 Ignore too long SSID element value in parser
90758f0 Mark QCA vendor command id 53 reserved, but not used anymore
f41ded6 Remove unused leftover from multi-SSID design
cb71a83 OpenSSL: Clean up TLS PRF implementation
7f90a23 Add QCA vendor subcmd for OCB
897418a eap_example: Fix configuration by added DH parameters

Change-Id: If688231edfce41163ef0c1f0ad75291a9bdfbe81
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
/external/wpa_supplicant_8/src/crypto/tls_openssl.c
af9da3180dc20f57df1fc1e1811f3df9fa9e6ab5 03-Apr-2015 Dmitry Shmidt <dimitrysh@google.com> Cumulative patch from commit 681278246232029c334117bd6dc7e74c6b179f96

6812782 hlr_auc_gw: Allow Milenage RES length to be reduced
4839f7c wpa_cli: Fix a typo in usage text
a20a361 wpa_supplicant: Clear blacklist on connect
0144ecb Android: wpa_ctrl missing include for sys/stat.h
0bb20ef HS 2.0R2: Allow user to specify spp.xsd file location
97c9991 HS 2.0R2: Add more debugging messages to hs20-osu-client
93c2e60 HS 2.0R2 CA: Improve setup.sh and .conf for more flexibility
02e122a Reschedule scan from wpas_stop_pno if it was postponed
80fd9c3 EAP-PEAP server: Add support for negotiating vendor for Phase 2
a867082 EAP peer: Use 32-bit EAP method type for Phase 2 processing
56dfc49 Fix a typo in configuration parameter documentation
c4b45c6 TLS: Fix memory leaks on tls_connection_set_params() error paths
af85191 Make tls_connection_get_keyblock_size() internal to tls_*.c
94f1fe6 Remove master key extraction from tls_connection_get_keys()
fa0e715 Use tls_connection_prf() for all EAP TLS-based key derivation
df8191d Rename HT 20/40 coex variable to be more descriptive
1d0f42a EAP server: Add debug prints to help asleap testing
2c1cf90 Add wpa_snprintf_hex_sep()
5955cfa ms_funcs: Make challenge_hash() non-static

Change-Id: I0f3e5e5170a61e458949a675641946d95598dc5d
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
/external/wpa_supplicant_8/src/crypto/tls_openssl.c
4dd28dc25895165566a1c8a9cac7bcd755ff8fe3 10-Mar-2015 Dmitry Shmidt <dimitrysh@google.com> Cumulative patch from commit 00033a0903f69b2f0e0c048840bff059f5a3eab9

00033a0 OpenSSL: Always accept pinned certificates
b2329e4 Add QCA vendor subcmd for Data Offload
1d246a1 Make rate-not-supported debug print more useful
761396e Reject Group Key message 1/2 prior to completion of 4-way handshake
3f0e6ec nl80211: Extend NL80211_CMD_TDLS_OPER to support discovery
c10ca2a TDLS: Allow driver to request TDLS Discovery Request initiation
41312fc mesh: Leave mesh in driver setup if initialization fails
ac8e074 Clear RSN timers for preauth and PTK rekeying on disassociation
f2f65dd Reserve QCA vendor specific nl80211 commands 61..90
088a210 HS 2.0: Add NULL check before dereferencing in hs20-osu-client
bea8d9a nl80211: Use the new bridge port option proxyarp_wifi

Change-Id: I1ef819ab4efa554f059787e02570f48be39819a6
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
/external/wpa_supplicant_8/src/crypto/tls_openssl.c
7f65602d49069f96a7bb44da8bd79ffe8d4c6a98 25-Feb-2015 Dmitry Shmidt <dimitrysh@google.com> Cumulative patch from commit f51f54a007e0de1d413dee3523472d3bbeed2ecc

f51f54a nl80211: Resubscribe to nl80211 events on global nl_event socket
48ec694 Fix Linux packet socket workaround to not close the socket too easily
0d2030e Use estimated throughput to improve roaming selection
1d747e2 Add snr and est_throughput to the BSS entries
a1b790e Select AP based on estimated maximum throughput
ab647ff Add wpa_supplicant Makefile target libwpa_ctrl.a
abae2d1 trace: Initialize alloc_list even without os_program_init() call
891dfb3 Add helper function to clear and free wpa_psk list
71d77ad Update current BSS level when signal change event occurs
f1609f1 wpa_supplicant: Cancel sched_scan when stopping countermeasures
abb8d08 nl80211: Add support for configuring P2P GO CTWindow
0b8bcaa P2P: Allow configuring CTWindow when working as GO
c77ffc6 TDLS: Ignore extra padding in all packets
5ce6ac1 Inteworking: Add support to update the ANQP Capability List into the BSS
185ada4 HS 2.0: Add support to update the HS20 Capability List into the BSS
7fe7a3a wpa_gui: Debug enhancement
2b892d4 Add forgotten network profile parameters to config file writing
563ee18 IBSS: Add support for VHT80 configuration
ada157f Make hostapd_set_freq_params() common
98479dc IBSS: Update operating frequency if joining an existing IBSS
4d9e6fb IBSS: Add fixed_freq network parameter
6f5e1b0 Use priority list instead of global for PNO
97fc2dc Allow libnl-3.0 include path be specified
f92446f P2PS: Add P2PS interface info
59b416c Add optional reassoc-to-same-BSS optimization
c4da67d Fix passive_scan config parameter writing
715d5c4 hs20-osu-client: Ensure NULL checks are done before dereferencing
58d405f Fix OCSP debug messages
710dfb4 OpenSSL: Fix OCSP error path
bd7bb43 HTTP: Fix OCSP error path
946572c Android: Remove commented out non-Android build parameters
15ada7f Android: Remove libxml2 config defines
ebe8d3f Android: Silence unused function parameter warnings
dbd10da Android: Fix hs20-osu-client build on Android 5.0
a926295 HS 2.0R2: Fix permissions for SP/<fqdn> directory on Android
480994d nl80211: Allocate QCA vendor subcmds for DFS radar detected and CAC events
c165cb4 Drop all hostapd STA entries on interface disabled event
106fa1e nl80211: Indicate interface-down event only for the main netdev
eeb1cb2 VLAN: Clean up RTM_NEW/DELLINK processing
47e5fbd hostapd: Avoid sending client probe on removed client
3478273 Re-configure WPA2 group keys on hostapd interface re-enable
f33c860 Re-enable beaconing on interface disable+enable
fc99fab nl80211: Print a debug log entry on NL80211_CMD_PROBE_CLIENT failures
0d2f324 P2P: Fix send_action_in_progress clearing in corner cases
9ff8dda Add hostapd UPDATE_BEACON ctrl_iface command
e0761c5 nl80211: Allocate QCA vendor subcmd for DFS CAC Start event
1db718b nl80211: Test vendor command and event
10263dc Add control interface commands for fetching wpa_config values
f91a512 Add INTERWORKING_ADD_NETWORK command
c612ae9 AP: Do not reply to Probe Request frames with DS Params mismatch
5b74e08 P2P: Document P2P_CONNECT-auto
99650ca Add STOP_AP control interface command
6b00512 P2P: Add event messages for P2P_CONNECT-fallback-to-GO-Neg
b0e669b P2P: Fix P2P_CONNECT-auto fallback to GO Neg with group interface
bf51f4f mesh: Fix remaining BLOCKED state after SAE auth failure
79ddb20 mesh: Add a monitor event on SAE authentication getting blocked
dd2cbaf mesh: Add a monitor event for SAE authentication failure
0cb5f8d mesh: Fix inactivity timer for 32 bit system
11e2ddb mesh: Remove duplicated no_auto_peer update
1e52983 D-Bus: Fix network block type change
4fada12 Fix HT40 co-ex scanning issue on hostapd error path
23ed011 Fix Linux packat socket regression work around
663ae2f Don't write to wpa_supplicant.conf directly
d9a9bc0 IBSS: Do not enable HT with WEP or TKIP
0d7eb43 ACS: Accept channel if any (rather than all) survey results are valid
68fa00c ACS: Allow specific channels to be preferred
6f41a25 ACS: Use weighted average for 2.4 GHz adjacent channel interference

Change-Id: Ie1cabd28dcfdefafa02e81477e34badae6f7e629
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
/external/wpa_supplicant_8/src/crypto/tls_openssl.c
216983bceec7c450951e2fbcd076b5c75d432e57 06-Feb-2015 Dmitry Shmidt <dimitrysh@google.com> Cumulative patch from commit 2c0efd9e49b15da163cee659409eee85390620c3

2c0efd9 P2P: Fix stopping on search after SD callback
db3168d OpenSSL: Use SSL_cache_hit() when available
68ae477 OpenSSL: Use library wrapper functions to access cert store
abe96d0 P2P: Clean up Listen channel optimization debug prints
d2ca6ba Fix hostapd obss_interval documentation
d027c7b Fix 20/40 MHz co-ex report processing with obss_interval=0
93eca61 P2PS: Do not remove pending interface on p2p_stop_find
ae2dd83 P2PS: Allow PD retry in SEARCH and LISTEN_ONLY also
87d5ef5 P2PS: Add commands to control interface redir list
0cf12b3 P2PS: Send P2P_FIND_STOPPED event during P2P SD also
306aaf4 P2PS: Start WPS registrar upon GO formation
9e96e46 P2PS: PD Response processing
ab8ee77 P2PS: Provision Discovery fail event
1300cc8 P2PS: PD Request processing and PD Response building
5fefce2 P2PS: Callback to send P2PS provisioning events
9a58e52 P2PS: Callback to create pending group after sending PD Response
895d94d P2PS: Callback to remove stale persistent groups
f309c18 P2PS: ASP provisioning commands to control interface
6d90851 P2PS: Process P2PS provisioning commands
369678a P2PS: Add P2PS attributes into PD Request if requested
59fec34 P2PS: Allow p2p_build_ssid() to use pre-set SSID
d4b43b5 P2PS: Add support to send ASP-RESP events
6df08d0 P2PS: Logic to parse GAS requests for ASP services
5a4102c P2PS: Add support to send ASP service requests
095b3c4 P2PS: Add Application Service Info to device found events
4660e73 P2PS: Add Advertised Service Info into Probe Response frames
9e7321e P2PS: Parse Probe Request frames for matching ASP hashes
ae9d45f P2PS: Extend add/del services logic to support ASP
ea8e033 P2P: Allow p2p_get_group_num_members() to be called with NULL
4f88fc0 P2PS: WPS changes needed for P2PS default PIN
1a94b0a P2PS: Add service hash to Probe Request frames
5177509 P2PS: Add option to specify seek strings into P2P_FIND
5f18501 P2PS: Helper functions to build new P2P attributes
60d1148 P2PS: Add parsing of new P2P attributes
b9348be P2PS: Add new P2P identifier assignments from P2P spec v1.5
c3d6c71 Add helper functions for escaping and unescaping UTF-8
66eaf8a Fix driver-offloaded offchannel TX done processing
c5e154c P2P: Add P2P state into p2p_send_action_cb() debug entry
f2dc06e P2P: Ignore remain-on-channel callback event if not waiting for one
6a6569b HS 2.0R2: Add password to DB in case of machine managed subscription
f0d0a5d Improve BSS selection with default noise floor values
7f7bfba Add an option allow canned EAP-Success for wired IEEE 802.1X
49fcc32 EAP-MSCHAPv2 peer: Add option to disable password retry query
66bc683 hostapd: Simplify vlan_add_dynamic error paths
99805a0 Interworking: Convert wpa_printf() to wpa_msg()
b42f539 Add a variable to handle extra CFLAGS values
e6dd819 Work around Linux packet socket regression
7650f9e Fix resource leaks on rsn_preauth_init() error paths
a565e03 dhcp_snoop: Make IPv4 addresses human readable in debug log
2dd4f3a Fix STA re-bind to another VLAN on reauthentication
4437f8f Free old eap_user_file data on configuration change
1180dd6 WPA auth: Disconnect STA if MSK cannot be fetched
40aaa64 WPA auth: Clear temporary MSK storage from stack explicitly
01b481a Convert couple of remaining printf to wpa_printf in ap_list
bfaefd5 EAP-PEAP server: Fix Phase 2 TLV length in error case
745d936 mesh: Create new station entry on popen frames
41bff86 mesh: Always free the station if peering failed
871ff0b mesh: Sync plink state with kernel
ba42261 Simplify eapol_sm_notify_pmkid_attempt()
993a865 Add eap_session_id to wpa_supplicant STATUS output
f19c907 OpenSSL: Implement aes_wrap() and aes_unwrap()
fee31f7 OpenSSL: Remove support for versions older than 0.9.8
8bf3030 OpenSSL: Use a common helper function for HMAC
983c6a6 OpenSSL: Replace internal HMAC-MD5 implementation

Change-Id: I5743003f14efae324537f7dc2c5e6ada892a33a7
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
/external/wpa_supplicant_8/src/crypto/tls_openssl.c
2f74e36e84064ffa32f82f3decf36b653c7e4fad 21-Jan-2015 Dmitry Shmidt <dimitrysh@google.com> Cumulative patch from commit fb09ed338919db09f3990196171fa73b37e7a17f (DO NOT MERGE)

fb09ed3 Interworking: Notify the ANQP parsing status
d10b01d HS20: Provide appropriate permission to the OSU related files
73f1ee0 HS20: Fix TrustRoot path for PolicyUpdate node in PPS MO
54a0ac0 HS20: Return result of cmd_sub_rem in hs20-osu-client
b62b0cb WNM: Fix possible memory leak by free buf
9bd0273 EAP: Fix possible memory leak in eap_ttls_process_decrypted()
b760e64 eap_server: Avoid NULL pointer dereference in eap_fast_encrypt_phase2()
948d3a8 hostapd: Remove unused variable from hostapd_get_hw_features
dd09e42 Fix memory leak in wpa_supplicant global bgscan configuration
30f459c wpa_cli: Fix NULL dereference on printf string argument
414f23d Avoid NULL string in printf on EAP method names in authenticator
b72b2ad P2P: Stop p2p_listen/find on wpas_p2p_invite
7b7b444 nl80211: Fix reading of the extended capabilities mask
7e608d1 P2P: Use the correct wpa_s interface to handle P2P state flush
fd83335 AP: Enable HT Tx STBC for AP/GO if supported by driver
d90bfa9 Move external_scan_running to wpa_radio
0c5f01f Clear reattach flag in fast associate flow
8ad8bc5 NFC: Redirect NFC commands on global control interface
57ae1f5 P2P: Fix P2P invitation with NFC
07565ab WNM: Fix the length of WNM_BSS_QUERY control interface command
2d9c99e Retry scan-for-connect if driver trigger fails
911942e Add a test framework for various wpa_supplicant failure cases
6b46bfa WPS: Re-fix an interoperability issue with mixed mode and AP Settings
1648cc6 ACS: Allow subset of channels to be configured
95ff306 nl80211: Allow HT/VHT to be disabled for IBSS
7451a21 mesh: Return negative value on join failed
5a2a6de mesh: Make inactivity timer configurable
b9749ba AP: Expire STA without entry in kernel
a114c72 AP: Remove redundant condition for STA expiration
0d787f0 Fix RADIUS client with out-of-memory and missing shared secret
0efcad2 Print in debug log whether attached monitor is for global interface
8266e6c HS 2.0: Try to use same BSS entry for storing GAS results
6c69991 Make wpa_supplicant FLUSH command more likely to clear all BSS entries
2dbe63a Write reason for scan only_new_results into debug log
242b83a eapol_test: Fix cert_cb() function arguments
a8826b1 Interworking: Avoid busy loop in scan result mismatch corner cases
edd5939 Interworking: Start ANQP fetch from eloop callback
cbc210d RADIUS DAS: Allow PMKSA cache entry to be removed without association
4e871ed RADIUS DAS: Support Acct-Multi-Session-Id as a session identifier
b52c0d4 Add authMultiSessionId into hostapd STA info
861beb7 RADIUS DAS: Check for single session match for Disconnect-Request
783b2a9 Interworking: Fix INTERWORKING_CONNECT with zero-length SSID BSS entry
1fef85c nl80211: Fix AP-scan-in-STA-mode error path behavior
cebee30 Add domain_match network profile parameter
d07d3fb Add peer certificate alt subject name information to EAP events
98a4cd4 D-Bus: Clear cached EAP data on network profile changes
483dd6a Include peer certificate always in EAP events
dd5f902 Get rid of a compiler warning
d29fa3a Extend VENDOR_ELEM parameters to cover non-P2P Association Request
e7d0e97 hostapd: Add vendor specific VHT extension for the 2.4 GHz band

Change-Id: I45436c49986cd6bddbd869db3f474871a29ce1dc
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
/external/wpa_supplicant_8/src/crypto/tls_openssl.c
ff787d557db719adea0fdf2679667500c65cf74d 12-Jan-2015 Dmitry Shmidt <dimitrysh@google.com> Cumulative patch from commit 3e7f1c7980c6e9fc7173f78aa72b2761fcd8924d (DO NOT MERGE)

3e7f1c7 GnuTLS: Add TLS event callbacks for chain success/failure and peer cert
0eb2ed0 GnuTLS: Add support for OCSP stapling as a client
cf08e9b Add MESH to modes capabilities
db5adfe Add SAE to auth_alg capabilities
0e1bb94 GnuTLS: Verify that server certificate EKU is valid for a server
d4d1f5c GnuTLS: Fix tls_disable_time_checks=1 processing
594d1fc GnuTLS: Add support for private_key and client_cert as blobs
79b1dd9 GnuTLS: Fix DER encoding certificate parsing
a165145 Add "GET tls_library" to provide information on TLS library and version
c3bb84b GnuTLS: Add event callbacks
8ddcd6b GnuTLS: Add support for domain_suffix_match
4bc13bf GnuTLS: Check for any unknown verification failure
e0d431a GnuTLS: Add more debug prints for version and session status
65ec7f4 GnuTLS: Move peer certificate validation into callback function
7c82457 GnuTLS: Remove support for versions older than 2.12.x
e1d63f6 GnuTLS: Remove old version number checks for 1.3.2
ae0a23a GnuTLS: Remove GNUTLS_INTERNAL_STRUCTURE_HACK
db4cf40 GnuTLS: Add support for ca_cert as a blob
224104d TLS: Reject openssl_ciphers parameter in non-OpenSSL cases
b09baf3 Work around Windows build issues
6dbbef9 Define host_to_le32() for Windows builds
7d28e46 Fix os_win32 build
0b40247 Remove Network Security Service (NSS) support
d166947 schannel: Reject subject_match, altsubject_match, suffix_match
59051f8 TLS: Reject subject_match, altsubject_match, suffix_match
f8717ac GnuTLS: Reject subject_match, altsubject_match, suffix_match
e24aef1 Fix a typo in domain_suffix_match documentation
394b547 Improve subject_match and domain_suffix_match documentation
8a42a07 trace: Fix out-of-memory testing logic
79cd993 Add address masks to BSSID lists
b83e455 Add network specific BSSID black and white lists
b3d6a0a Add generic parser for MAC address lists
21c74e8 nl80211: Use a helper function to put mesh_id
85e1fad nl80211: Use a helper function for putting beacon interval
6dfc557 Remove mesh_ht_mode network block parameter
54fe48b mesh: Use the shared function with IBSS to determine channel parameters
f7e889f mesh: Convert channel configuration to use common routines
6334330 mesh: Use a separate variable to track whether HT is enabled
1fc4ab2 nl80211: Move debug prints into nl80211_put_freq_params()
cae87ab nl80211: Add a helper function for putting basic rates
6b8b077 ibss/mesh: Enable HT40 if supported
a828f62 Make check_40mhz_2g4 common
fdd989d Make check_20mhz_bss common
0e550fe Make check_40mhz_5g common
6d5d098 Make get_pri_sec_chan() common
5144274 Introduce common allowed_ht40_channel_pair()
5f10b7f Use common hw_get_freq/hw_get_chan helpers in hostapd
269dfe2 Introduce common hw features
1830817 IBSS: Add WPA_DRIVER_FLAGS_HT_IBSS
f3b8ad4 SAE: Implement retransmission timer
a206e2a SAE: Centralize function for sending initial COMMIT
28c91ee bsd: Fix parsing of ieee80211req_scan_result on FreeBSD and DragonFly
96d1d97 Android: Remove hardcoded ICU include paths from hs20-osu-client
a354bcc D-Bus: Use NoMemory error message from CreateInterface
635874b Handle interface disabled/enabled more consistently
8f2cf37 P2P: Indicate reason=UNAVAILABLE for group netdev going down
86a7fbb Verify that eloop_register_read_sock() succeeds for ctrl_iface setup
27d9701 Fix a memory leak on WPA authenticator error path
c1c07dc Fix hostapd interface addition error path
a156ffd Add support for testing memory allocation failures
52b3943 D-Bus: Fix interface unregistration on error path
96dc9a6 D-Bus (old): Fix interface unregistration on error path
ef03557 Fix memory leak on wpa_supplicant_init_wpa() error path
52a8058 TDLS: Fix an interface addition error path
f2d5728 D-Bus: Fix string array dict entry parser in out-of-memory case
c61bc23 D-Bus: Fix byte array dict entry parser in out-of-memory case
dacf605 D-Bus: Fix Introspect() in case of os_strdup() failure
68a8669 D-Bus (old): Fix wpsReg error message
f0614bc D-Bus (old): Fix message handler error paths
a2af1c7 D-Bus (old): Fix memory leak on error path
3d2e2d5 trace: Fix compiler warning on 32-bit builds with bfd support
b9f6560 eloop: Fix WPA_TRACE tracking in case of realloc failure
e10422c Fix memory leak on hostapd BSS addition error path
2801659 Fix hostapd initialization error path on allocation failure
d58ade2 nl80211: Fix compilation with libnl 1.1 and 2.0
51f3427 crypto: Clear temporary stack buffers after use
77a2c39 crypto: Clear temporary heap allocations before freeing
a15a7fc DH: Clear memory explicitly on private key deinit
77c45e2 Add wpabuf_clear_free() to allow clearing of freed memory
a90c7d9 OpenSSL: Fix pbkdf2_sha1() wrapper
f6ebbcf AES-SIV: Make aes_s2v() static
dcf8fbc nl80211: Simplify event processing error paths
38751d8 nl80211: Remove cfg80211 state mismatch workaround for authentication
64ae244 nl80211: Check support for rekey offload on first use

Change-Id: Ice94c3cf8e39a6d2cac993aacd0f6d45b31c7c15
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
/external/wpa_supplicant_8/src/crypto/tls_openssl.c
6c0da2bb83f6915d8260912362692d1a742e057b 05-Jan-2015 Dmitry Shmidt <dimitrysh@google.com> Cumulative patch from commit 8b48e3200680f71ae083b84793e6bdc2099416d2 [DO NOT MERGE]

8b48e32 wpa_cli: Add MAC address randomization in scan
fb37588 ctrl_iface: Add MAC address randomization in scan processing
56c76fa scan: Add MAC address randomization in scan handling
86056fe nl80211: Handle MAC address randomization in scan/sched_scan
ff23ed2 driver: Add definitions for MAC address randomization in scan
7db53bb wpa_cli: Implement TDLS start/cancel channel switching commands
72b2605 nl80211: Pass TDLS channel-switch start/stop params to kernel
6b90dea TDLS: Propagate enable/disable channel-switch commands to driver
d9d3b78 TDLS: Track TDLS channel switch prohibition in BSS
4daa572 TDLS: Add channel-switch capability flag
ca16586 Sync with wireless-testing.git include/uapi/linux/nl80211.h
8c42b36 WMM AC: Reconfigure tspecs on reassociation to the same BSS
677e7a9 WMM AC: Do not fail on unknown IEs in Association Response
fecc2bb WMM AC: Delete tspecs on roaming
20fe745 WMM AC: Print user-priority in wmm_ac_status
730a0d1 nl80211: Always register management frames handler
...
209702d Add possibility to set the setband parameter
ee82e33 Do not trigger the scan during initialization on Android platforms
e69ae5f Reject new SCAN commands if there is a pending request
...
59d7148 nl80211: Provide subtype and reason code for AP SME drivers
9d4ff04 Add external EAPOL transmission option for testing purposes
61fc904 P2P: Handle improper WPS termination on GO during group formation
58b40fd P2P: Clear p2p_go_group_formation_completed on GO start
c155305 Complete sme-connect radio work when clearing connection state
debb2da P2P: Report group removal reason PSK_FAILURE in timeout case
51465a0 The master branch is now used for v2.4 development

Change-Id: I9b9cfa5c5cd4d26b2f3f5595f7c226ac60de6258
/external/wpa_supplicant_8/src/crypto/tls_openssl.c
9ead16e203b81d44a2d84eadc2901ceeb7daf805 07-Oct-2014 Dmitry Shmidt <dimitrysh@google.com> Cumulative patch from commit d5fe4e6c18d94465e8fb4527d51df6e8539c4d6a

d5fe4e6 Reserve QCA vendor specific nl80211 commands 34..49
a256506 AES: Extend key wrap implementation to support longer data
eefec1e AES: Extend key wrap design to support longer AES keys
98a1571 OpenSSL: Clean up one part from the BoringSSL patch
a857296 Support building with BoringSSL
1236eda Android: Remove ctrl_interface=wlan0 from config template
9ffd512 Android: Set pmf=1 to default template
45d8501 Fix out of bounds memory access when removing vendor elements
a61fcc1 Clean up authenticator PMKSA cache implementation
cb129db Clear PMKSA cache entry data when freeing them
8c8d26a Remove unnecessary PMKSA cache freeing step
9c82990 Fix authenticator OKC fetch from PMKSA cache to avoid infinite loop
47ea24c Fix PMKSA cache timeout from Session-Timeout in WPA/WPA2 cases
dc152f3 wpa_supplicant: Enable HT for IBSS
4ec6837 wpa_supplicant: Use hostapd_freq_params in assoc_params
43f02e6 wpa_ctrl: Update wpa_ctrl_recv() documentation for non-block behavior
1274ec2 dbus: Add an interface configuration entry to set the WPS methods
3e0272c nl80211: Re-read MAC address on RTM_NEWLINK
5dfbd72 nl80211: Add get_bss_ifindex() helper
f1a6131 P2P: Use only the -m config for P2P management device
08d7665 TDLS: Use WMM IE for propagating peer WMM capability
17729b0 TDLS: Fix concurrent setup test for mac80211 drivers
984dadc TDLS: Set the initiator during tdls_mgmt operations
01cb5df Sync with wireless-testing.git include/uapi/linux/nl80211.h
ca3c6b4 nl80211: Fix compatibility with older version of libnl
d76426c TDLS: Filter AID value properly for VHT peers

Change-Id: Ia2156628a590c502d9111de2727da642ff435d9a
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
/external/wpa_supplicant_8/src/crypto/tls_openssl.c
717574375e969e8272c6d1a26137286eac158abb 02-Jun-2014 Dmitry Shmidt <dimitrysh@google.com> Cumulative patch from commit 801e117376e13d5b3c50f1627b93a949529fdf99

801e117 Fix validation of RSN EAPOL-Key version for GCMP with PMF
3d4d234 FT: Fix GTK rekeying after FT protocol
d3d0483 nl80211: Work around error case prints for nl_recvmsgs on Android
8a387a2 P2P NFC: Fix use of freed memory
df48efc Fix external radio work stopping to not read freed memory
13c3303 SAE: Fix memory leak in random number generation
d92bdf9 hostapd: Make sure hapd->drv_priv gets cleared on driver deinit
438e133 hostapd: Use helper function to avoid duplicate deinit calls
ac1a224 hostapd: Clean up if interface setup fails
81c4fca hostapd: Reset hapd->interface_add properly
3fbd036 hostapd: Prevent double interface disabling from segfaulting
ea39367 nl80211: Fix wpa_driver_nl80211_if_add() failure paths
b77aeae Interworking: Re-trigger scan if no connect attempt is done
b523973 RADIUS client: Trigger failover more quickly if socket is not valid
09844c0 RADIUS client: Do not flush pending messages if server did not change
5d67bf1 hostapd: Fix configuration of multiple RADIUS servers with SET
70d4084 RADIUS client: Fix socket close/re-open on server change
d045cc8 RADIUS client: Fix crash issue in radius_client_timer()
c1fb75a RADIUS client: Handle ENETUNREACH similarly to other failure cases
9ed4076 RADIUS client: Do not try to send message without socket
cc0b7cb hostapd_cli: Fix segmentation fault with interface command
114153b P2P: Debug print channel lists for invitation processing
4eb3b76 OpenSSL: Fix OCSP certificate debug print to use wpa_printf
f6fb192 HS 2.0R2: Fix subscr_remediation_method for RADIUS server
74879f3 Remove extra newline from a debug print

Change-Id: I82d4f00501fabb8b325e4461178b45e7b2c0178e
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
/external/wpa_supplicant_8/src/crypto/tls_openssl.c
26af48b2fcdee1b88e4092a9078cb7c9bf79da6e 09-Apr-2014 Jouni Malinen <jouni@qca.qualcomm.com> OpenSSL: Detect and prevent TLS heartbeat attack

Some OpenSSL versions have vulnerability in TLS heartbeat request
processing. Check the processed message to determine if the attack has
been used and if so, do not send the response to the peer. This does not
prevent the buffer read overflow within OpenSSL, but this prevents the
attacker from receiving the information.

This change is an additional layer of protection if some yet to be
identified paths were to expose this OpenSSL vulnerability. However, the
way OpenSSL is used for EAP-TLS/TTLS/PEAP/FAST in hostapd/wpa_supplicant
was already rejecting the messages before the response goes out and as
such, this additional change is unlikely to be needed to avoid the
issue.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
/external/wpa_supplicant_8/src/crypto/tls_openssl.c
7d5c8f257a74ac0d12828962a492e8b84ef83923 03-Mar-2014 Dmitry Shmidt <dimitrysh@google.com> Cumulative patch from commit 5f7e1c06cd428888a2ed4fa763c5da37a873e422

5f7e1c0 Redirect more frames with ext_mgmt_frame_handling=1
7738163 RADIUS server: Copy IPv4 address only when IPv6 is not used
508e24c dbus: Clean up error reporting for TDLS peer address parsing
3b6170b WPS: Remove duplicate variable setting
78789d9 Remove unnecessary variable initialization
a7c37d9 dbus: Remove duplicated variable assignment
e997bc7 Remove a static analyzer warning about unused variable write
ea3b8c1 Do not use a separate variable for tracking first entry in a list
8a4ce28 WPA: Clean up cipher suite counting in write routines
6ed626d Remove unused gid_str pointer update
749fa14 Debug print trailing WPA/RSN IE bytes, if any
a5802c0 OpenSSL: Avoid never-used analyzer warning
7b6e815 Clean up hostapd add_iface error path operations
67adcd2 WNM: Check wpa_s->current_bss more consistently
3ff8073 EAP-FAST: Use clear eap_get_config() result validation
a8716d1 roboswitch: Verify that register read succeeds before comparing res
3d91a04 DFS: Make sure center frequency is always initialized for VHT
fa0a9f5 trace: Fix memory use on no-function name path
bd27b13 Make code path easier for static analyzers
64abb72 nl80211: Allow old r-o-c offchannel TX to be tested
fa72a88 P2P: Fix validation on Invitation Request error path
ca412c7 Remove unreachable return statement
2af4d87 GAS: Fix additional comeback delay with status code 95
07d462c Interworking: Remove unused password setting for SIM credential
3141b82 Add OSEN to proto config field writer
b908c50 Clear hostapd bss entry to NULL on add-interface-failure
0052ce4 atheros: Add support for OSEN

Change-Id: Ifd78a8f8259e5b0f654d3dbadd24c9ab029d3afb
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
/external/wpa_supplicant_8/src/crypto/tls_openssl.c
745be3f298f4a0899238a99d96b7ed804edd3329 20-Feb-2014 Dmitry Shmidt <dimitrysh@google.com> Android: Remove explicit SSL_OP_NO_TLSv1_1 and SSL_OP_NO_TLSv1_2

Now wpa_supplicant allows to set these options dynamically per network
by adding to 'phase1' "tls_disable_tlsv1_1=1" or "tls_disable_tlsv1_2=1"

Change-Id: I954af5356833bed5b78c4ebf4a50c788ba984114
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
/external/wpa_supplicant_8/src/crypto/tls_openssl.c
13ca8d8ea51a1aa5e24c6c956473a11b0c7daed4 20-Feb-2014 Dmitry Shmidt <dimitrysh@google.com> Cumulative patch from commit 848905b12abf2df650c43cb821d36a13246baacb

848905b Avoid undefined references with CONFIG_WPA_TRACE_BFD=y
9e38836 wpa_debug: Remove 2048 byte message length limit
f667e03 P2P: Address few issues seen with P2P SD
e9a6f18 TLS: Add tls_disable_tlsv1_1 and tls_disable_tlsv1_2 phase1 params
cb10c7d RADIUS DAS: Add support for NAS identification attributes
0d7c5e1 RADIUS DAS: Remove PMKSA entry on Disconnect-Request
d87a6ac WPS: Fix STA state validation when processing PutWLANResponse

Change-Id: I4799cad2fe661db567eb3a92af2b3eefb7c96dab
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
/external/wpa_supplicant_8/src/crypto/tls_openssl.c
ec58b164a608cbc1d99e71bb3d86ef4b263377dc 19-Feb-2014 Dmitry Shmidt <dimitrysh@google.com> Cumulative patch from commit ac494fcce4270dbd076ab1d167dbffd6e0f7060b

ac494fc Android: Use external libnl 2.0 dynamic library
b7cac41 Fix hostapd and wpa_supplicant build with binutils >= 2.24.x
b62d5b5 Revert "OpenSSL: Do not accept SSL Client certificate for server"
94a3df5 P2P: Enable U-APSD support on GO automatically
a5527a4 P2P: Add more debug prints for Probe Request processing

Change-Id: Ic3354f72b7399b8de86c74018de7a8c1275d893a
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
/external/wpa_supplicant_8/src/crypto/tls_openssl.c
96be6222df414a7dde5c5b1b72df22e67b1a77fc 13-Feb-2014 Dmitry Shmidt <dimitrysh@google.com> Cumulative patch from commit 7ae7a84eefd43ed9385e2f8f520a918468f87178

7ae7a84 NFC: Workaround nfcpy message debug exception
6ceb95c Avoid NULL dereference in ieee802_1x_get_mib_sta() printf
97efe70 wpa_supplicant: Fix NULL dereference in tls_verify_cb()
c0c11af wpa_supplicant: Fix NULL dereference in eap_fast_parse_end()
93a1cae Remove unnecessary NULL check
1e2ffc6 Fix theoretical NULL dereference in debug printf
cbf21c7 P2P: Avoid compiler warning in p2p_supplicant.c
5479ff9 DFS: Avoid compiler warnings in src/ap/dfs.c
5e6aa04 wpa_supplicant: Fix memory leak in wfd_subelems error path
88853ae Fix CONFIG_WPS_NFC=y build without CONFIG_P2P=y
7ac7fd4 Add bssid/freq hint for driver-based BSS selection
92484e2 Start using unodified Developer Certificate of Origin v1.1
56ec49c Sync with wireless-testing.git include/uapi/linux/nl80211.h
b64afe2 Fix SAE state validation on AP
d6bfaaa NFC: Add summary and success file options for nfcpy scripts
25cfc6f P2P NFC: Add p2p-nfc.py --handover-only option
7bea076 P2P NFC: Clean up p2p-nfc.py error handling
b0d18bc WPS: Make UUID-from-MAC Address easily available
825fb6b P2P: Do not indicate P2P_FIND failure if p2p_scan is in progress
8c18fcc WPS: Add more debug information to M7 AP Settings
d7a15d5 WPS: Indicate current AP settings in M7 in unconfigurated state
d55fc03 P2P: Handle unexpected GO Neg Req reject message more cleanly
062a7c0 Fix persistent P2P connection failure in case channel list changes

Change-Id: I5c400a6503f9f00d259ff225999593958322a1ba
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
/external/wpa_supplicant_8/src/crypto/tls_openssl.c
fb79edc9df1f20461e90e478363d207348213d35 10-Jan-2014 Dmitry Shmidt <dimitrysh@google.com> Cumulative patch from commit 95fb2db2420d8fa291fd6423cc6dbcd042f4eb46

95fb2db P2P: Reject group formation on WPS provisioning failure
6fc61e1 Fix TX status processing during AP mode shutdown in wpa_supplicant
90a545c nl80211: Clean up netlink parsing and debug prints
b6a9590 Interworking: Keep up to two pending GAS_REQUEST responses
090b8e3 Update copyright notices for the new year 2014
991aa9c nl80211: Move CS supported flag to wpa_driver_capa
f0cbb98 Add DRIVER-STATUS command for hostapd
188ebcd EAP-IKEv2 peer: Fix a memory leak in notify round
a190189 Remove PEAPv2 support
16a19dd EAP-pwd peer: Allow fragmentation limit to be configured
60bf585 EAP-IKEv2 peer: Allow fragmentation limit to be configured
ea6fc58 WPS: Convert printf() debug print to use wpa_printf()
c4b8c71 EAP-GPSK: Report CSuite negotiation failure properly
5a0f596 EAP-GPSK: Allow forced algorithm selection to be configured
5f01c3c EAP peer: Improve failure reporting from METHOD with no eapRespData
7271ee8 Fix EAP-GPSK server compilation for SHA256 cipher suite
356d148 Interworking: Add optional freq argument to INTERWORKING_SELECT
a09ffd5 Fix req_scan-deplete-timeout and update eloop API for this
083916c P2P: Clear p2p_disabled and p2p_per_sta_psk on FLUSH command
3f45fc4 P2P: Clear services on FLUSH command
1f965e6 Allow external programs to request wpa_radio work items
6428d0a Do not start wpa_radio work during externally triggered scan
6470f47 Remove unneeded scan delay on connection-in-progress
4bb2321 Remove unneeded GAS query delay on connection-in-progress
6ac4b15 Use wpa_radio work for connection
b9e6d70 Use radio work for GAS requests
e05e130 P2P: Use radio work to protect offchannel Action frame exchanges
e1d1c8e Use radio work for P2P Listen requests
1b5d471 Use radio work for P2P scan requests
d12a51b Use radio work for scan requests
b1ae396 Add framework for exclusive radio operations
dd43aaa Add helper functions for cloning and freeing scan parameters
06f9acc Ignore externally triggered scan results with scan_res_handler
c9b5559 Clean up ctrl_iface debug prints for monitor events
d31b5ac Use cleaner debug print for ctrl_iface commands with private info
9595151 Remove duplicated RX ctrl_iface hexdump
9b85079 Fix scan-cache-clearing operation to avoid unnecessary cases
2f30cac Avoid unnecessary key clearing operations
466bcf9 Remove some unnecessary EAPOL port (un)authorized callbacks
949938a Ask driver to report only new scan results if requested
a1a31b6 Remove hostapd dump_file functionality
ea23df6 Make EAPOL dump data available through ctrl_iface STA command
96ea74b Convert EAPOL authenticator dump into easier to parse format
ca3b71c Remove hostapd dump_file data that is available through ctrl_iface
4c03a2b Make RADIUS server MIB available through control interface
f538be3 Add more STA information into the ctrl_iface STA command
101bdc2 Remove forgotten notes about already removed driver wrappers
7006753 Update EAP-FAST note regarding OpenSSL support
17b79e6 nl80211: Initial support for vendor commands and events
5890fa8 WPS: Fix clear-from-timeout handling to avoid race condition
c64e3a0 P2P: Send received Presence Response information to ctrl_iface monitors
f7fb676 ACS: Mark acs_fail() static
3cf06c9 OpenSSL: Include sha1/sha256 header files to verify declarations
5ace51a WNM: Clean up le16 variable use to avoid sparse warnings
c583868 Mark wpas_wps_er_nfc_handover_sel() static
8cf1e68 Move declaration of hostapd_acs_completed() into correct header file
0187c41 Declare wpa_debug_* variables in src/utils/wpa_debug.h
fcc6123 Declare wpa_drivers in src/drivers/driver.h
0d79b50 Clear EAPOL Logoff state on FLUSH command
327b01d nl80211: Add driver param for forcing monitor and connect APIs
6f06766 nl80211: Fix nl_mgmt handling in partial error case
4ea6a47 nl80211: Prefer newer scan result over older during duplicate removal
2eef517 nl80211: Report set_supp_port failures in debug log
a0bdd19 nl80211: Share a helper function for connect and associate commands
e00d546 Remove unnecessary build #ifdef from definitions
4848a38 Get rid of duplicated cipher suite and AKM definitions
de4ed4a nl80211: Use helper functions for cipher suite mapping
a565084 nl80211: Set control port for NL80211_CMD_COMMAND
ef93abd WPS: Clean up UUID debug print
35f3d3e nl80211: Clean up regulatory rule debug prints
880de88 nl80211: Print frame registration match on same debug line
03ed332 Interworking: Allow cred blocks not to be saved to a file
04f7ecc Reset WPA parameters to default values on FLUSH command
152cff6 P2P: Remove WPA_DRIVER_FLAGS_P2P_MGMT option
538d6f4 WPS: Use shorter scan interval during pre-provisioning search
3187fd9 WPS: Replace wpas_wps_in_progress with identical wpas_wps_searching
4414d9e SAE: Fix ECC element y coordinate validation step
069fb47 EAP-EKE: Allow forced algorithm selection to be configured
3a88914 Remove unused information element parsing data
dbfb8e8 Remove unnecessary EVENT_RX_ACTION
1450e1e Define __maybe_unused
912b34f Do not process Action frames twice in hostapd SME/MLME
006309b Fix whitespace style
6780713 WPS: Remove unused send_wpabuf()
e912986 tests: Verify concurrent WPS protocol run with assigned PIN
8aaafce Make local UUID available through ctrl_iface STATUS command
0e22b8d WPS: Make sure reconfiguration timeout is not left behind on deinit
75d1d0f WPS: Allow testing mode to disable 2.0 functionality
f7e2542 Remove unused wps_device_data_dup()
c89d9db Remove unnecessary extra tracking of eloop registration
c86bf16 Replace unnecessary hex_value() with hex2byte()
7b02375 Clear wps_fragment_size on FLUSH command
aa189ac Enable FT with SAE
2d2ecf5 nl80211: Fix protected Action frame reporting for AP mode
db76aa6 Fix PeerKey 4-way handshake
7732729 Fix PeerKey deinit behavior
8d321a7 WNM: Move disassociation imminent sending to wnm_ap.c
b76f4c2 hostapd: Make STA flags available through ctrl_iface STA command
aa03dbd Remove IEEE80211_REQUIRE_AUTH_ACK
121f2ab Remove unused STA flags
3578e66 WNM: Add STA flag to indicate the current WNM-Sleep-Mode state
4776897 WNM: Fix AP processing without wnm_oper driver callback
2025cad WNM: Move ESS Disassoc Imminent sending to a helper function
28ab64a WNM: Minimal processing of BSS Transition Management Query/Response
2cd0f6a WNM: Add Target BSSID into BSS Transition Management Response
a8a6a35 WNM: Use nonzero dialog token in BSS Transition Management Query
629edfe WNM: Fix Sleep Mode AP processing in open network
3c1060f WNM: Add debug logs to get the RSSI from the scan results
dff1e28 Initial handling of GTK-not-used cipher suite
51e3eaf OpenSSL: Do not accept SSL Client certificate for server
6bf61fb OpenSSL: Use certificates from TLS authentication in OCSP stapling
c962947 WPS ER: Fix deinit timeout handling with delayed/failing unsubscribe
7b75c30 WPS: Reschedule AP configuration reload on EAP completion
c511b32 WPS: Remove old duplicate network even if key is different
9d2cb3e Make CONFIG_TESTING_OPTIONS=y enable all testing options
662b40b WPS: Reduce scan wait time during WPS processing
015af91 Do not use results from externally requested scan for network selection
1cd93ff Reschedule own scan request if an externally started one is in progress
dc3906c Show timing information about scan requests in debug log
d81c73b Optional scan id for ctrl_iface SCAN requests
a5f40ef Track whether scan was started by us or an external program
18ae237 Fix comment format
88c2d48 Allow passive scan to be requested with SCAN passive=1
3ae3ec2 nl80211: Add scanned frequencies/SSIDs into debug log
69278f7 Remove unused last_scan_full
1f5d2dd Interworking: Allow EAP-FAST to be used
6ffa168 Add GAS-QUERY-START and GAS-QUERY-DONE event messages
93827f4 hostapd: Allow external management frame processing or testing
fee5234 Allow channel list to be specified for SCAN command
98eda9c Move int_array helpfer functions to utils/common.c
a4cfb48 Add make lcov-html to generate code coverage report
bee25cc nl80211: Fetch cipher capabilities from the driver
4daa011 Clean up cipher capability prints
35c2006 Convert wpa_hexdump functions to use void pointer instead of u8 *
5f9c134 Remove obsolete license notifications
bd1e328 Android: Remove old WEXT extensions
bad5cdf Verify that beacon setup succeeds before proceeding
7d7f7be Verify group key configuration for WPA group
30675c3 Add definitions for new cipher suites from IEEE Std 802.11ac-2013
13b24a7 VHT: Use status code 104 to indicate VHT required
ab41595 wpa_supplicant: Fix crash when terminating all interfaces
76aab03 Add secondary channel IE for CSA
8f4713c Store entire CS freq_params and not only freq
13daed5 Include driver.h in hostapd.h
a12d345 wpa_supplicant: Use monotonic time for last_scan check
51bffab WPS: Use monotonic time for AP connection attempt
6473e5c wpa_supplicant: Use relative time for TKIP Michael MIC failures
4e1eae1 wpa_supplicant: Use monotonic time for temp-disabled networks
151ab80 P2P: Use monotonic time for GO client waiting
3326f19 IBSS RSN: Use monotonic time for reinit detection
196a217 WPS_UPNP: Use monotonic time for event debouncing
864c9af wps_registrar: Use monotonic time for PBC workaround
61e98e9 wps_registrar: Use monotonic time for PBC session timeout
3647e5a wps_registrar: Use monotonic time for PIN timeout
3618618 rsn_supp: Use monotonic time for PMKSA cache expiry
c2be937 wpa_supplicant: Use monotonic time for EAPOL RX workaround
e72a001 bgscan: Use monotonic time
e05f060 rsn_supp: Do not track expiration time
5870717 RADIUS server: Use monotonic time
4012804 RADIUS client: Use monotonic time
acb69ce wpa_supplicant: Use monotonic time for RX/BSS times
46b8d4c wpa_supplicant: Use monotonic time for SA query timeout
f073fde EAP server: Remove SIM-DB pending timestamp
636e19a wpa_ctrl: Use monotonic time for request retry loop
7ffe7d2 AP: Use monotonic time for MMIC failure/TKIP countermeasures
dd4e32b AP: Use monotonic time for PMKSA cache
0fc545a AP: Use monotonic time for STA accounting
3e06180 bgscan_learn: Start scanning from the first freq
f4c73ae bgscan_learn: Fix initial interval
7dab119 bgscan_learn: Avoid redundant frequencies
3727123 bgscan: Stop bgscan only on disassociation
b2838ba Update IBSS documentation to include RSN option
429dd9a Advertise QoS Map support based on driver capability
049105b nl80211: Add support for QoS Map configuration
74ddd64 nl80211: Sync with mac80211-next.git
9fcd300 nl80211: Sync with wireless-testing.git

Change-Id: Iabdd88d9cabd478a41c3cb0a8d061b425cc1beca
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
/external/wpa_supplicant_8/src/crypto/tls_openssl.c
fa3fc4a1ac08ad14272301c7f6f01b362997c3e4 21-Nov-2013 Dmitry Shmidt <dimitrysh@google.com> Cumulative patch from commit 594516b4c28a94ca686b17f1e463dfd6712b75a7

594516b Use monotonic clock for relative time for eloop if available
461e3eb Fix and work around some MinGW compilation issues
81cbc04 Fix compiler warning for OpenSSL without HAVE_OCSP
68d628a hostapd: Fix interface enabling/disabling and DFS
1cba9be STA: Cancel sched_scan while initiating wps_reassoc
215a02f Add Wi-Fi Direct to the build configuration example
ca9c14f dbus_new: Add documentation for D-Bus TDLS methods
6fc4848 P2P: Short scan wait to speed up the group re-invocation
93a06fe Fix QoS Map Configure frame use

Change-Id: Id76002ca7fa742b6533e7e592ffd3867886dc50e
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
/external/wpa_supplicant_8/src/crypto/tls_openssl.c
ff07917b8921a2a178ed9188a63b166af144ae53 08-Nov-2013 Dmitry Shmidt <dimitrysh@google.com> Android: Minor sync with mainstream code

Change-Id: Ia7b165534577394e0117318e6655d14a3a1d9d2d
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
/external/wpa_supplicant_8/src/crypto/tls_openssl.c
68d0e3ed07847339aedfac8e02f50db68c702e52 29-Oct-2013 Dmitry Shmidt <dimitrysh@google.com> Cumulative patch from commit 32b62704fac6af74f60b2effb173474e11ff089d

32b6270 Android: Fix ARRAY_SIZE() compilation
7617388 Interworking: Report STATUS:sp_type even if domain is not configured
c20bc9d P2P: Remove compiler warning without CONFIG_IEEE80211N
ca9bc5b P2P: Add VHT support
20ea1ca P2P: Add VHT parameter to P2P operations
53cfad4 nl80211: Mark VHT 80 MHz channels
f2112b2 wpa_supplicant: Add CONFIG_IEEE80211AC
6b02335 hostapd: Mask out not-supported VHT capabilities
7f0303d hostapd: Verify VHT 160/80+80 MHz driver support
c781eb8 hostapd: Verify VHT capabilities are supported by driver
b29b012 Fix some VHT Capabilities definitions
7066a8e hostapd: Fix wrong VHT configuration capabilities flags
6651f1f nl80211: Use max tx power from regulatory domain
7ac3616 nl80211: Replace perror() and printf() calls with wpa_printf()
4d9fb08 WPS: Clear known_wps_freq in addition to after_wps
d20c340 Interworking: Clear known_wps_freq for network selection
f3be6ee tests: Allow test case descriptions to be written into database
1bd05d0 Interworking: Force normal scan for network selection
51e9f22 P2P: Add option to allow additional client channels
556b30d P2P: Add option to remove channels from GO use
e7ecab4 Use ARRAY_SIZE() macro
39044a7 Introduce ARRAY_SIZE() macro
2e94624 DFS: Handle radar event when CAC actived correctly
5eaf240 DFS: Fix overlapped() function to check only DFS channels
345276a DFS: Adjust center freq correctly for VHT20/VHT40
1dc17db DFS: Fix available channels list for VHT80
34068ac nl80211: Add debug prints on nl_recvmsgs() failure
10b8592 nl80211: Make eloop sockets non-blocking
5f65e9f nl80211: Abstract handling of sockets on eloop
e8d1168 nl80211: Register for IBSS auth frames before eloop
03610ad Clean up get_seqnum() use for IPN
29179b8 Stop ctrl_iface monitor send loop on reinit failure
a2a535f Remove unnecessary wpa_s->conf checks
3318376 Add explicit buffer length checks for p2p_build_wps_ie()
0f01201 Verify that readlink() did not truncate result
f5eb9da nl80211: Clean up if_add() for hostapd use
a288da6 OpenSSL: Fix memory leak on error path
6cb4f11 nl80211: Fix strerror() value in P2P Dev debug messages
35f8363 DFS: Add forgotten break statement
2f243b8 Remove os_strncpy()
24f051e Replace remainining strncpy() uses with strlcpy()
41c526f P2P: Fix snprintf buffer length for group ifname backup

Change-Id: I2e1506cb9219a5a37efbb2ae0dc180fb081c809f
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
/external/wpa_supplicant_8/src/crypto/tls_openssl.c
051af73b8f8014eff33330aead0f36944b3403e6 22-Oct-2013 Dmitry Shmidt <dimitrysh@google.com> Cumulative patch from commit 538922a628d4f5403b9a96b171a59235bcb3d921

538922a dbus: Add boolean AllowRoam option to Scan() method options dictionary
c6f5dec Don't start second scan when changing scan interval
cd3b070 nl80211: Fix DFS radar event parsing
2b72df6 nl80211: Free BSS structure even if netdev does not exists
41cc50d nl80211: Update send_action_cookie on AP-offchannel-TX path
313424d GAS: Add support for multiple pending queries for the same destination
cbc5484 GAS: Do not start new scan operation during an ongoing GAS query
c377514 GAS: Delay GAS query Tx while scanning/connecting
24c694b GAS: Delay GAS query Tx while another query is in progress
7255983 WPS: Clear after_wps from number of new locations
73b54d6 P2P: Fix Operating Channel in Invitation Request for operating group
dc46fd6 P2P: Cancel offchannel TX wait on Invitation Response RX
0c92963 D-Bus: Clean up debug print for P2P invitation result
8d82c21 P2P: Fix PD retry channel on join-a-group case
d285888 P2P: Add GO BSS entry details to debug log on join-a-group
512629a P2P: Accept Invitation Response non-success without Channel List
e241b1b eap_proxy: Fix IMSI fetch for home vs. visited network determination
db13605 EAP-AKA/AKA' peer: Allow external USIM processing to be used
569ccf7 EAP-SIM peer: Allow external SIM processing to be used
84dc137 hlr_auc_gw: Add GSM-AUTH-REQ command
a5d44ac EAP peer: Add framework for external SIM/USIM processing
7e8bc7d eapol_test: Initialize BSS lists
bceb843 Send CTRL-RSP command response before processing EAPOL update
b607796 eapol_test: Fix external EAP request mechanism
94de082 eapol_test: Initialize wpa_s->global to fix ctrl_iface
f07bba3 Android: Add dfs.c into build
0cf0af2 WNM: Set Disassoc Imminent flag in ESS Disassoc Imminent frame
f47c145 Interworking: Add required_roaming_consortium parameter for credentials
a83e574 GAS: Update timeout from TX status handler
e88060e HTTP server: Allow TCP socket to be reused
9bc3386 Add test option for specifying hardcoded BSS Load element
9c7e43a Define BSS Load element id
56f5af4 Interworking: Add support for QoS Mapping functionality for the STA
850e1c2 atheros: Add support for QoS Mapping configuration
c551700 Interworking: Add support for QoS Mapping functionality for the AP
ac1bc54 Interworking: Add domain_suffix_match for credentials
463c8ff Interworking: Add support for multiple home FQDNs
01f809c Add AAA server domain name suffix matching constraint
be7963b OpenSSL: Fix code indentation in OCSP processing
899cc14 hostapd: Add support for DFS with 160 MHz channel width
6de0e0c Mark DFS functions static and rename them
58b73e3 hostapd: DFS with 40/80 MHz channel width support
846de15 DFS: Add more parameters to radar events
04e8003 nl80211: Use struct hostapd_freq_params with start_dfs_cac
72c753d hostapd: Split hostapd_set_freq to helper function
e76da50 hostapd: Add AP DFS support

Change-Id: Ie9ed4662ba6d81e6d8b14bccb29ffa192becf0f2
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
/external/wpa_supplicant_8/src/crypto/tls_openssl.c
5605286c30e1701491bd3af974ae423727750edd 04-Oct-2013 Dmitry Shmidt <dimitrysh@google.com> Cumulative patch from commit 8b3b803ab9fe69650da7e3b2ee9e44f0f054ee0a

8b3b803 Include Extended Capabilities element based on scan results
6903ee6 P2P Extend postponing of concurrent scans for persistent GO
77e3094 hlr_auc_gw: Fix max_chal value validation
3e6547b hlr_auc_gw: Add support for processing command line operations
2b5b875 EAP-AKA server: Fix AUTS processing
9a50ee6 hlr_auc_gw: Update file comments to mention Milenage
5388dc9 Document use of Linux capabilities instead of privileged process
a771c07 Add driver status information to control interface
739faee nl80211: Add some more debug prints for mgmt frame TX
f78f278 nl80211: Fix off-channel Action frame TX from GO with use_monitor
298f518 Get rid of compiler warning in no-CONFIG_CTRL_IFACE builds
ea61aa1 Add no_ctrl_interface config param to clear ctrl_interface
25b65a1 Make sure updated BSS entry does not get added twice to the list
bbc6c72 P2P: Use group formation timeout on persistent group GO
41f8532 P2P: Extend group formation timeout on GO to first data connection
20625e9 P2P: Remove P2P groups on process termination
76fe79e Register wpa_msg callback even if only global ctrl_iface is used
af96448 nl80211: Add more debug prints for send_mlme operations
5d4c78f nl80211: Reset nlmode to station on leaving IBSS
0249c12 Avoid compiler warning with CONFIG_NO_STDOUT_DEBUG=y
ed1bf01 Allow hostapd config file for dynamically added interface
97bacf7 Do not clear hostapd configuration parameters on disable-iface
66f4dd1 hostapd: Fix couple of deinit path cases to clear pointers
f18b781 nl80211: Print more debug info on management frame RX information
89286e9 Re-open ctrl_iface socket on some failure cases as a workaround
3ca96df atheros: Compile fix for driver code not defining IEEE80211_APPIE_FRAME_WNM
762c92a OpenSSL: Split OCSP peer_cert/peer_issuer debug output into parts
f224cf0 HS 2.0: Allow printf format parsing with language:name strings
913c19c Fix wpa_config_parse_string() to null terminate printf decoded values
04e533e Fix language string length validation in parse_lang_string()
742e715 Simplify ctrl_iface sendto() use
6668efd Clear frequency list on empty value
1a9f247 Make scan_freq field to be saved by save_config
aa78cd3 Drop EAP packet with code 10 before EAPOL state machine processing
3cc247a Use configured sched_scan interval for the PNO scan
d047ae6 WPS: Ignore PBC-to-PIN change from M1 to M2 as a workaround
79986bf Print ctrl_iface sendto() failures into debug log
eab2b50 P2P: Cancel group formation timeout on client connection
00eb299 P2P: Fix operation channel configuration update

Change-Id: I9269e23bc8019b951c2a2d3c707562b2e006148b
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
/external/wpa_supplicant_8/src/crypto/tls_openssl.c
0d16a24facb038db649f4baeb6e6709880adfd98 12-Jul-2013 Dmitry Shmidt <dimitrysh@google.com> Merge "Accumulative patch from commit 1075b2957169d8f9d6dddd7679339c751dc9515b"
34af306c42b7ccf956508e7cd23f0ba90606e360 11-Jul-2013 Dmitry Shmidt <dimitrysh@google.com> Accumulative patch from commit 1075b2957169d8f9d6dddd7679339c751dc9515b

1075b29 P2P: Report group formation failure on error to start GO mode
b62b29e Do not block on ctrl_iface monitor events
eb7ddbf WPS: Stop SSDP service before freeing the pending entries
98cbc0a Remove forgotten Xcode defines
0b9d3b2 Interworking: Relax 3GPP info PLMN matching for MNC
c7a67a7 WPS: Disconnect when removing existing WPS network block
fe65847 EAP-EKE: Add server implementation
7e7610d EAP-EKE: Add peer implementation
489202d EAP-SAKE: Use configured server identity
a607b42 EAP-PSK: Use configured server identity
15b042b EAP-MSCHAPv2: Use configured server identity
162865b EAP-IKEv2 server: Use configured server identity
8f89d82 EAP-GPSK server: Use configured server identity
67fe933 Add server identity configuration for EAP server
06aeff5 dbus: Register the AutoScan method call at the right place
78f79fe P2P: Do not add ctrl interface for P2P_DEVICE (p2p-dev-*)
1c42b42 P2P: Fix TDLS and l2_packet init without P2P Device interface
9e6a321 Fix non-P2P build after the P2P_DEVICE changes
d53d259 Fix build with older OpenSSL versions
54d4ba4 nl80211: Silence a compiler warning with older gcc versions
2e5ba4b P2P: Derive group interface name bit more sensibly
c68f620 P2P: Create P2P Device interface if supported
851b0c5 nl80211: Do not indicate P2P_DEVICE support by default
bb4028f P2P: Ignore p2p_no_group_iface when driver advertizes P2P_DEVICE support
7940c79 nl80211: Use wdev id when cancelling wait for frame using P2P_DEVICE
f608081 nl80211: Verify P2P GO/client address with all interface addresses
5fbcb45 nl80211: Fix determining phy name for P2P Device
27ce1d6 nl80211: Fix nl80211_get_wiphy_index() for P2P Device
080585c Add support for OCSP stapling to validate server certificate
72950ed P2P: Remove a call to wpas_p2p_deinit_global()
ab7a1ad nl80211: Fix P2P group interface creating using P2P Device
fa93de4 nl80211: Use wdev_id in nl80211_create_iface_once()
fdc554b nl80211: Use wdev id to obtain P2P Device scan results
597b94f nl80211: Add .get_mac_addr() callback for P2P Device
8e12685 nl80211: Rework setting interface mode
91724d6 nl80211: Introduce i802_set_iface_flags()
eb4582f nl80211: Remove P2P Device interface upon .deinit()
f632e48 nl80211: Fix P2P Device interface initialization
e472e1b nl80211: Handle creation of P2P Device interface
01517c8 nl80211: Allow Android P2P functionality
6bae92e nl80211: Add support for P2P Device in add interface
d6dcfcd nl80211: Add a handler to create_interface
d3aaef8 nl80211: Hold wdev identification for P2P Device
7aad838 nl80211: Identify if nl80211 is capable of P2P Device abstraction
6a71413 nl80211: Rename is_p2p_interface
8393e1a nl80211: Print interface name on set_key()
80ebfd9 VLAN: Avoid access to non-existing interfaces
4345fe9 bridge: Track inter-BSS usage
459eee9 bridge: Use safe default bridge interface
2aaeedf bridge: Give bridge name in per-bss configuration
8a901d7 D-Bus: Emit signal when a station is authorized or deauthorized
9578329 Add AVG_RSSI report in signal_poll
2cc8d8f Add bandwidth and center freq info to signal_poll
1e0e943 Remove 802.11b rates only in case of P2P group operation
2090a0b nl80211: Add prints for kernel events
8743676 TDLS: Validate ext_supp_rates in copy_supp_rates
85b4eac P2P: Do not reply to 802.11b-only Probe Request frames as GO
ec7b97a Interworking: Add support for using eap_proxy offload
4331263 Fix session timeout after ANQP dummy STA entry with SME-in-driver
56cb4e1 wpadebug: Add option to ignore SSL errors
aa20e1a Remove CONFIG_NO_WPA2 build parameter
5d5c4ee Remove compiler warnings with CONFIG_NO_SCAN_PROCESSING
9aaa695 Remove compiler warnings if TDLS is enabled without WPA2
84ae1d4 Fix WNM build without WPA2
c33d5eb Fix build without WPA2 or EAP
1aef400 IBSS RSN: Implement disconnect() callback using sta_deauth()

Change-Id: I4593be5b1478f6532da917423b1d2afa95fb8020
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
/external/wpa_supplicant_8/src/crypto/tls_openssl.c
e6cf61356701e87728df492dee978eb08c994ca0 27-Jun-2013 Kenny Root <kroot@google.com> am 65699d14: am 499d6840: Merge "Remove obsolete keystore path"

* commit '65699d14fab37ab374ce46c6192d4e9b56ec26c1':
Remove obsolete keystore path
7f401806ed4775e4230dc3265d2c70b61c7c7e4e 26-Jun-2013 Kenny Root <kroot@google.com> Remove obsolete keystore path

It's not possible to get a raw private key from keystore anymore, so
this would fail every time anyway. Remove it so it doesn't confuse
anyone that looks at this code.

Change-Id: I021fc1707b16474d8698c85055a6fcc4095cd215
/external/wpa_supplicant_8/src/crypto/tls_openssl.c
ea69e84a6f4455c59348485895d3d5e3af77a65b 13-May-2013 Dmitry Shmidt <dimitrysh@google.com> Accumulative patch from commit 455299fb40d79bcbeaedcfbc04d00ac8330bbbdd

455299f nl80211: Fix foreign address filtering for MLME frame events
e679f14 Mark interface disconnected on removal request
3636b89 Do not try auto connect mechanism in disconnected state
0cdb93f Do not add BSS to blacklist on local disconnection request
36b9883 Defer scan if connection is in progress on any of the shared interfaces
7c0e1e2 tls_openssl: Store TLS context per-connection
732118e Rename hostapd_parse_rates() to a more generic int list parser
b113a17 DFS: Add ieee80211h hostapd configuration parameter
695c703 nl80211: Add driver_ops for stopping AP beaconing
f90e9c1 nl80211: Add driver_ops for starting radar detection
fc96522 nl80211: Add channel flags for DFS state information
f295d0c nl80211: Add driver capability flag for radar detection
04be54f nl80211: Add driver events for radar detection
a7505b1 eloop: Allow to run event loop multiple times in a row
6124e85 wpa_supplicant: Allow vifs to scan only current channel
893a0a5 systemd: Fix systemd interface alias

Change-Id: I0a39a6868562cd458202285fed8986ac81a0cef2
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
/external/wpa_supplicant_8/src/crypto/tls_openssl.c
3f3ca3bb849b192d41b99aae775f6fc52f67118d 13-Nov-2012 Kenny Root <kroot@google.com> Switch keystore to binder

Change-Id: Idfcff5f2799863075160cc6c2565f2fe774c2552
/external/wpa_supplicant_8/src/crypto/tls_openssl.c
61d9df3e62aaa0e87ad05452fcb95142159a17b6 30-Aug-2012 Dmitry Shmidt <dimitrysh@google.com> wpa_supplicant: Update to 29-Aug-2012 TOT

commit 6ffdc2f7bd496ace7a46e055f9714e7db4b1f722
Author: Jouni Malinen <jouni@qca.qualcomm.com>
Date: Fri Mar 2 22:31:04 2012 +0200

WFD: Add preliminary WSD request processing and response

This commit does not yet address support for different device roles,
i.e., the same set of subelements are returned regardless of which
role was indicated in the request.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>

Change-Id: I9d63acce719b982c02e589bb59602382e82988c8
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
/external/wpa_supplicant_8/src/crypto/tls_openssl.c
21a1e4c6e69742ba96f610b4b0db2e5a2d95528a 27-Jul-2012 Brian Carlstrom <bdc@google.com> am 27bf1073: Use SSL_OP_NO_TLSv1_1 SSL_OP_NO_TLSv1_2 SSL_OP_NO_TICKET for better wpa_supplicant_8 interoperability

* commit '27bf1073abe534644cc1146397082cc78873f516':
Use SSL_OP_NO_TLSv1_1 SSL_OP_NO_TLSv1_2 SSL_OP_NO_TICKET for better wpa_supplicant_8 interoperability
27bf1073abe534644cc1146397082cc78873f516 26-Jul-2012 Brian Carlstrom <bdc@google.com> Use SSL_OP_NO_TLSv1_1 SSL_OP_NO_TLSv1_2 SSL_OP_NO_TICKET for better wpa_supplicant_8 interoperability

Bug: https://bugs.launchpad.net/ubuntu/+source/wpasupplicant/+bug/969343/comments/72
Bug: http://w1.fi/bugz/show_bug.cgi?id=447#c7
Bug: http://code.google.com/p/android/issues/detail?id=34212
Bug: 6883259
Change-Id: Ib53326cc8cd40e800454b7b92586c052bc910ba8
/external/wpa_supplicant_8/src/crypto/tls_openssl.c
04949598a23f501be6eec21697465fd46a28840a 19-Jul-2012 Dmitry Shmidt <dimitrysh@google.com> wpa_supplicant: Update to 07-Jul-2012 TOT

commit a5ed45586c63ffd8f9d2b44e27c251d7bacbeaf4
Author: Jouni Malinen <j@w1.fi>
Date: Sat Jul 7 13:01:45 2012 +0300

WPS SSDP: Fix socket leaks on error paths

Change-Id: I0864aac7fc88fa2a60f5cca7d524b94363410c85
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
/external/wpa_supplicant_8/src/crypto/tls_openssl.c
db3c5a43353099fd4771f3b7a13efae905878ce9 21-Mar-2012 Kenny Root <kroot@google.com> Use keystore ENGINE for private key operations

The new keystore ENGINE is usable to perform private key operations when
we can't get the actual private key data. This is the case when hardware
crypto is enabled: the private key never leaves the hardware.

Subsequently, we need to be able to talk to OpenSSL ENGINEs that aren't
PKCS#11 or OpenSC. This just changes a few #define variables to allow us
to talk to our keystore engine without having one of those enabled and
without using a PIN.

Change-Id: Iabab5077c3d167a1e13bc8ef8745dc59ad4d62f7
/external/wpa_supplicant_8/src/crypto/tls_openssl.c
c5ec7f57ead87efa365800228aa0b09a12d9e6c4 07-Mar-2012 Dmitry Shmidt <dimitrysh@google.com> Update to new version 0.8.22 from BRCM

- Based on 0c01d65 : Ignore TX status for Data frames from not associated
STA

Change-Id: I2776ff8e292593f407bf5b9177640c512e06bf0d
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
/external/wpa_supplicant_8/src/crypto/tls_openssl.c
1f69aa52ea2e0a73ac502565df8c666ee49cab6a 25-Jan-2012 Dmitry Shmidt <dimitrysh@google.com> Update to new version 0.8.16 from BRCM

Sync with main tree commit b8349523e460493fa0b4de36c689595109e45e91
Author: Neeraj Kumar Garg <neerajkg@broadcom.com>
Date: Tue Dec 27 23:21:45 2011 +0200
P2P: Reject p2p_group_add if forced frequency is not acceptable

Change-Id: Icb4541a371b05c270e80440d7a7fdea7f33ff61e
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
/external/wpa_supplicant_8/src/crypto/tls_openssl.c
c55524ad84d13014e8019491c2b17e5dcf13545a 07-Jul-2011 Dmitry Shmidt <dimitrysh@google.com> Accumulative patch from commit 8fd0f0f323a922aa88ec720ee524f7105d3b0f64

Fix D-Bus build without CONFIG_P2P=y
nl80211: Allow AP mode to be started without monitor interface
nl80211: Process association/disassociation events in AP mode
DBus/P2P: Adding decl for PersistentGroupRemoved signal
DBus/P2P: Rectified type of SecondaryDeviceTypes in device property Get
P2P: Only call dev_lost() for devices that have been dev_found()
wpa_cli: Add missing parameter for P2P_GROUP_ADD command
wpa_supplicant: Respect PKG_CONFIG variable if set in the environment
TLS: Add support for tls_disable_time_checks=1 in client mode
hostapd: Clear keys configured when hostapd reloads configuration
Add dbus signal for information about server certification
Move peer certificate wpa_msg() calls to notify.c
wpa_supplicant AP: Disable AP mode on disassoc paths
wpa_s AP mode: Enable HT20 if driver supports it
Allow PMKSA caching to be disabled on Authenticator
FT: Disable PMKSA cache for FT-IEEE8021X
FT: Clear SME ft_used/ft_ies when disconnecting
8fd0f0f323a922aa88ec720ee524f7105d3b0f64

Change-Id: I6ae333196c36ffa7589662d5269fabfc3b994605
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
/external/wpa_supplicant_8/src/crypto/tls_openssl.c
8d520ff1dc2da35cdca849e982051b86468016d8 09-May-2011 Dmitry Shmidt <dimitrysh@google.com> wpa_supplicant: Initial Revision 0.8.X

Based on:
commit 0725cc7b7efc434910e89865c42eda7ce61bbf08
Author: Jouni Malinen <j@w1.fi>
Date: Thu Apr 21 20:41:01 2011 +0300

Enable CONFIG_DRIVER_NL80211=y in the default configuration

nl80211 should be preferred over WEXT with any recent Linux
kernel version.

Change-Id: I26aec5afbbd4f4a1f5fd900912545b6f5050de64
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
/external/wpa_supplicant_8/src/crypto/tls_openssl.c