xref: /freebsd/contrib/wpa/wpa_supplicant/wpa_supplicant.c (revision a3266ba2697a383d2ede56803320d941866c7e76)
1 /*
2  * WPA Supplicant
3  * Copyright (c) 2003-2019, Jouni Malinen <j@w1.fi>
4  *
5  * This software may be distributed under the terms of the BSD license.
6  * See README for more details.
7  *
8  * This file implements functions for registering and unregistering
9  * %wpa_supplicant interfaces. In addition, this file contains number of
10  * functions for managing network connections.
11  */
12 
13 #include "includes.h"
14 #ifdef CONFIG_MATCH_IFACE
15 #include <net/if.h>
16 #include <fnmatch.h>
17 #endif /* CONFIG_MATCH_IFACE */
18 
19 #include "common.h"
20 #include "crypto/random.h"
21 #include "crypto/sha1.h"
22 #include "eapol_supp/eapol_supp_sm.h"
23 #include "eap_peer/eap.h"
24 #include "eap_peer/eap_proxy.h"
25 #include "eap_server/eap_methods.h"
26 #include "rsn_supp/wpa.h"
27 #include "eloop.h"
28 #include "config.h"
29 #include "utils/ext_password.h"
30 #include "l2_packet/l2_packet.h"
31 #include "wpa_supplicant_i.h"
32 #include "driver_i.h"
33 #include "ctrl_iface.h"
34 #include "pcsc_funcs.h"
35 #include "common/version.h"
36 #include "rsn_supp/preauth.h"
37 #include "rsn_supp/pmksa_cache.h"
38 #include "common/wpa_ctrl.h"
39 #include "common/ieee802_11_common.h"
40 #include "common/ieee802_11_defs.h"
41 #include "common/hw_features_common.h"
42 #include "common/gas_server.h"
43 #include "common/dpp.h"
44 #include "common/ptksa_cache.h"
45 #include "p2p/p2p.h"
46 #include "fst/fst.h"
47 #include "bssid_ignore.h"
48 #include "wpas_glue.h"
49 #include "wps_supplicant.h"
50 #include "ibss_rsn.h"
51 #include "sme.h"
52 #include "gas_query.h"
53 #include "ap.h"
54 #include "p2p_supplicant.h"
55 #include "wifi_display.h"
56 #include "notify.h"
57 #include "bgscan.h"
58 #include "autoscan.h"
59 #include "bss.h"
60 #include "scan.h"
61 #include "offchannel.h"
62 #include "hs20_supplicant.h"
63 #include "wnm_sta.h"
64 #include "wpas_kay.h"
65 #include "mesh.h"
66 #include "dpp_supplicant.h"
67 #ifdef CONFIG_MESH
68 #include "ap/ap_config.h"
69 #include "ap/hostapd.h"
70 #endif /* CONFIG_MESH */
71 
72 const char *const wpa_supplicant_version =
73 "wpa_supplicant v" VERSION_STR "\n"
74 "Copyright (c) 2003-2019, Jouni Malinen <j@w1.fi> and contributors";
75 
76 const char *const wpa_supplicant_license =
77 "This software may be distributed under the terms of the BSD license.\n"
78 "See README for more details.\n"
79 #ifdef EAP_TLS_OPENSSL
80 "\nThis product includes software developed by the OpenSSL Project\n"
81 "for use in the OpenSSL Toolkit (http://www.openssl.org/)\n"
82 #endif /* EAP_TLS_OPENSSL */
83 ;
84 
85 #ifndef CONFIG_NO_STDOUT_DEBUG
86 /* Long text divided into parts in order to fit in C89 strings size limits. */
87 const char *const wpa_supplicant_full_license1 =
88 "";
89 const char *const wpa_supplicant_full_license2 =
90 "This software may be distributed under the terms of the BSD license.\n"
91 "\n"
92 "Redistribution and use in source and binary forms, with or without\n"
93 "modification, are permitted provided that the following conditions are\n"
94 "met:\n"
95 "\n";
96 const char *const wpa_supplicant_full_license3 =
97 "1. Redistributions of source code must retain the above copyright\n"
98 "   notice, this list of conditions and the following disclaimer.\n"
99 "\n"
100 "2. Redistributions in binary form must reproduce the above copyright\n"
101 "   notice, this list of conditions and the following disclaimer in the\n"
102 "   documentation and/or other materials provided with the distribution.\n"
103 "\n";
104 const char *const wpa_supplicant_full_license4 =
105 "3. Neither the name(s) of the above-listed copyright holder(s) nor the\n"
106 "   names of its contributors may be used to endorse or promote products\n"
107 "   derived from this software without specific prior written permission.\n"
108 "\n"
109 "THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS\n"
110 "\"AS IS\" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT\n"
111 "LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR\n"
112 "A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT\n";
113 const char *const wpa_supplicant_full_license5 =
114 "OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,\n"
115 "SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT\n"
116 "LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,\n"
117 "DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY\n"
118 "THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT\n"
119 "(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE\n"
120 "OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n"
121 "\n";
122 #endif /* CONFIG_NO_STDOUT_DEBUG */
123 
124 
125 static void wpa_bss_tmp_disallow_timeout(void *eloop_ctx, void *timeout_ctx);
126 #if defined(CONFIG_FILS) && defined(IEEE8021X_EAPOL)
127 static void wpas_update_fils_connect_params(struct wpa_supplicant *wpa_s);
128 #endif /* CONFIG_FILS && IEEE8021X_EAPOL */
129 #ifdef CONFIG_OWE
130 static void wpas_update_owe_connect_params(struct wpa_supplicant *wpa_s);
131 #endif /* CONFIG_OWE */
132 
133 
134 #ifdef CONFIG_WEP
135 /* Configure default/group WEP keys for static WEP */
136 int wpa_set_wep_keys(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid)
137 {
138 	int i, set = 0;
139 
140 	for (i = 0; i < NUM_WEP_KEYS; i++) {
141 		if (ssid->wep_key_len[i] == 0)
142 			continue;
143 
144 		set = 1;
145 		wpa_drv_set_key(wpa_s, WPA_ALG_WEP, NULL,
146 				i, i == ssid->wep_tx_keyidx, NULL, 0,
147 				ssid->wep_key[i], ssid->wep_key_len[i],
148 				i == ssid->wep_tx_keyidx ?
149 				KEY_FLAG_GROUP_RX_TX_DEFAULT :
150 				KEY_FLAG_GROUP_RX_TX);
151 	}
152 
153 	return set;
154 }
155 #endif /* CONFIG_WEP */
156 
157 
158 int wpa_supplicant_set_wpa_none_key(struct wpa_supplicant *wpa_s,
159 				    struct wpa_ssid *ssid)
160 {
161 	u8 key[32];
162 	size_t keylen;
163 	enum wpa_alg alg;
164 	u8 seq[6] = { 0 };
165 	int ret;
166 
167 	/* IBSS/WPA-None uses only one key (Group) for both receiving and
168 	 * sending unicast and multicast packets. */
169 
170 	if (ssid->mode != WPAS_MODE_IBSS) {
171 		wpa_msg(wpa_s, MSG_INFO, "WPA: Invalid mode %d (not "
172 			"IBSS/ad-hoc) for WPA-None", ssid->mode);
173 		return -1;
174 	}
175 
176 	if (!ssid->psk_set) {
177 		wpa_msg(wpa_s, MSG_INFO, "WPA: No PSK configured for "
178 			"WPA-None");
179 		return -1;
180 	}
181 
182 	switch (wpa_s->group_cipher) {
183 	case WPA_CIPHER_CCMP:
184 		os_memcpy(key, ssid->psk, 16);
185 		keylen = 16;
186 		alg = WPA_ALG_CCMP;
187 		break;
188 	case WPA_CIPHER_GCMP:
189 		os_memcpy(key, ssid->psk, 16);
190 		keylen = 16;
191 		alg = WPA_ALG_GCMP;
192 		break;
193 	case WPA_CIPHER_TKIP:
194 		/* WPA-None uses the same Michael MIC key for both TX and RX */
195 		os_memcpy(key, ssid->psk, 16 + 8);
196 		os_memcpy(key + 16 + 8, ssid->psk + 16, 8);
197 		keylen = 32;
198 		alg = WPA_ALG_TKIP;
199 		break;
200 	default:
201 		wpa_msg(wpa_s, MSG_INFO, "WPA: Invalid group cipher %d for "
202 			"WPA-None", wpa_s->group_cipher);
203 		return -1;
204 	}
205 
206 	/* TODO: should actually remember the previously used seq#, both for TX
207 	 * and RX from each STA.. */
208 
209 	ret = wpa_drv_set_key(wpa_s, alg, NULL, 0, 1, seq, 6, key, keylen,
210 			      KEY_FLAG_GROUP_RX_TX_DEFAULT);
211 	os_memset(key, 0, sizeof(key));
212 	return ret;
213 }
214 
215 
216 static void wpa_supplicant_timeout(void *eloop_ctx, void *timeout_ctx)
217 {
218 	struct wpa_supplicant *wpa_s = eloop_ctx;
219 	const u8 *bssid = wpa_s->bssid;
220 	if (!is_zero_ether_addr(wpa_s->pending_bssid) &&
221 	    (wpa_s->wpa_state == WPA_AUTHENTICATING ||
222 	     wpa_s->wpa_state == WPA_ASSOCIATING))
223 		bssid = wpa_s->pending_bssid;
224 	wpa_msg(wpa_s, MSG_INFO, "Authentication with " MACSTR " timed out.",
225 		MAC2STR(bssid));
226 	wpa_bssid_ignore_add(wpa_s, bssid);
227 	wpa_sm_notify_disassoc(wpa_s->wpa);
228 	wpa_supplicant_deauthenticate(wpa_s, WLAN_REASON_DEAUTH_LEAVING);
229 	wpa_s->reassociate = 1;
230 
231 	/*
232 	 * If we timed out, the AP or the local radio may be busy.
233 	 * So, wait a second until scanning again.
234 	 */
235 	wpa_supplicant_req_scan(wpa_s, 1, 0);
236 }
237 
238 
239 /**
240  * wpa_supplicant_req_auth_timeout - Schedule a timeout for authentication
241  * @wpa_s: Pointer to wpa_supplicant data
242  * @sec: Number of seconds after which to time out authentication
243  * @usec: Number of microseconds after which to time out authentication
244  *
245  * This function is used to schedule a timeout for the current authentication
246  * attempt.
247  */
248 void wpa_supplicant_req_auth_timeout(struct wpa_supplicant *wpa_s,
249 				     int sec, int usec)
250 {
251 	if (wpa_s->conf->ap_scan == 0 &&
252 	    (wpa_s->drv_flags & WPA_DRIVER_FLAGS_WIRED))
253 		return;
254 
255 	wpa_dbg(wpa_s, MSG_DEBUG, "Setting authentication timeout: %d sec "
256 		"%d usec", sec, usec);
257 	eloop_cancel_timeout(wpa_supplicant_timeout, wpa_s, NULL);
258 	wpa_s->last_auth_timeout_sec = sec;
259 	eloop_register_timeout(sec, usec, wpa_supplicant_timeout, wpa_s, NULL);
260 }
261 
262 
263 /*
264  * wpas_auth_timeout_restart - Restart and change timeout for authentication
265  * @wpa_s: Pointer to wpa_supplicant data
266  * @sec_diff: difference in seconds applied to original timeout value
267  */
268 void wpas_auth_timeout_restart(struct wpa_supplicant *wpa_s, int sec_diff)
269 {
270 	int new_sec = wpa_s->last_auth_timeout_sec + sec_diff;
271 
272 	if (eloop_is_timeout_registered(wpa_supplicant_timeout, wpa_s, NULL)) {
273 		wpa_dbg(wpa_s, MSG_DEBUG,
274 			"Authentication timeout restart: %d sec", new_sec);
275 		eloop_cancel_timeout(wpa_supplicant_timeout, wpa_s, NULL);
276 		eloop_register_timeout(new_sec, 0, wpa_supplicant_timeout,
277 				       wpa_s, NULL);
278 	}
279 }
280 
281 
282 /**
283  * wpa_supplicant_cancel_auth_timeout - Cancel authentication timeout
284  * @wpa_s: Pointer to wpa_supplicant data
285  *
286  * This function is used to cancel authentication timeout scheduled with
287  * wpa_supplicant_req_auth_timeout() and it is called when authentication has
288  * been completed.
289  */
290 void wpa_supplicant_cancel_auth_timeout(struct wpa_supplicant *wpa_s)
291 {
292 	wpa_dbg(wpa_s, MSG_DEBUG, "Cancelling authentication timeout");
293 	eloop_cancel_timeout(wpa_supplicant_timeout, wpa_s, NULL);
294 	wpa_bssid_ignore_del(wpa_s, wpa_s->bssid);
295 	os_free(wpa_s->last_con_fail_realm);
296 	wpa_s->last_con_fail_realm = NULL;
297 	wpa_s->last_con_fail_realm_len = 0;
298 }
299 
300 
301 /**
302  * wpa_supplicant_initiate_eapol - Configure EAPOL state machine
303  * @wpa_s: Pointer to wpa_supplicant data
304  *
305  * This function is used to configure EAPOL state machine based on the selected
306  * authentication mode.
307  */
308 void wpa_supplicant_initiate_eapol(struct wpa_supplicant *wpa_s)
309 {
310 #ifdef IEEE8021X_EAPOL
311 	struct eapol_config eapol_conf;
312 	struct wpa_ssid *ssid = wpa_s->current_ssid;
313 
314 #ifdef CONFIG_IBSS_RSN
315 	if (ssid->mode == WPAS_MODE_IBSS &&
316 	    wpa_s->key_mgmt != WPA_KEY_MGMT_NONE &&
317 	    wpa_s->key_mgmt != WPA_KEY_MGMT_WPA_NONE) {
318 		/*
319 		 * RSN IBSS authentication is per-STA and we can disable the
320 		 * per-BSSID EAPOL authentication.
321 		 */
322 		eapol_sm_notify_portControl(wpa_s->eapol, ForceAuthorized);
323 		eapol_sm_notify_eap_success(wpa_s->eapol, true);
324 		eapol_sm_notify_eap_fail(wpa_s->eapol, false);
325 		return;
326 	}
327 #endif /* CONFIG_IBSS_RSN */
328 
329 	eapol_sm_notify_eap_success(wpa_s->eapol, false);
330 	eapol_sm_notify_eap_fail(wpa_s->eapol, false);
331 
332 	if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE ||
333 	    wpa_s->key_mgmt == WPA_KEY_MGMT_WPA_NONE)
334 		eapol_sm_notify_portControl(wpa_s->eapol, ForceAuthorized);
335 	else
336 		eapol_sm_notify_portControl(wpa_s->eapol, Auto);
337 
338 	os_memset(&eapol_conf, 0, sizeof(eapol_conf));
339 	if (wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
340 		eapol_conf.accept_802_1x_keys = 1;
341 		eapol_conf.required_keys = 0;
342 		if (ssid->eapol_flags & EAPOL_FLAG_REQUIRE_KEY_UNICAST) {
343 			eapol_conf.required_keys |= EAPOL_REQUIRE_KEY_UNICAST;
344 		}
345 		if (ssid->eapol_flags & EAPOL_FLAG_REQUIRE_KEY_BROADCAST) {
346 			eapol_conf.required_keys |=
347 				EAPOL_REQUIRE_KEY_BROADCAST;
348 		}
349 
350 		if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_WIRED)
351 			eapol_conf.required_keys = 0;
352 	}
353 	eapol_conf.fast_reauth = wpa_s->conf->fast_reauth;
354 	eapol_conf.workaround = ssid->eap_workaround;
355 	eapol_conf.eap_disabled =
356 		!wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt) &&
357 		wpa_s->key_mgmt != WPA_KEY_MGMT_IEEE8021X_NO_WPA &&
358 		wpa_s->key_mgmt != WPA_KEY_MGMT_WPS;
359 	eapol_conf.external_sim = wpa_s->conf->external_sim;
360 
361 #ifdef CONFIG_WPS
362 	if (wpa_s->key_mgmt == WPA_KEY_MGMT_WPS) {
363 		eapol_conf.wps |= EAPOL_LOCAL_WPS_IN_USE;
364 		if (wpa_s->current_bss) {
365 			struct wpabuf *ie;
366 			ie = wpa_bss_get_vendor_ie_multi(wpa_s->current_bss,
367 							 WPS_IE_VENDOR_TYPE);
368 			if (ie) {
369 				if (wps_is_20(ie))
370 					eapol_conf.wps |=
371 						EAPOL_PEER_IS_WPS20_AP;
372 				wpabuf_free(ie);
373 			}
374 		}
375 	}
376 #endif /* CONFIG_WPS */
377 
378 	eapol_sm_notify_config(wpa_s->eapol, &ssid->eap, &eapol_conf);
379 
380 #ifdef CONFIG_MACSEC
381 	if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE && ssid->mka_psk_set)
382 		ieee802_1x_create_preshared_mka(wpa_s, ssid);
383 	else
384 		ieee802_1x_alloc_kay_sm(wpa_s, ssid);
385 #endif /* CONFIG_MACSEC */
386 #endif /* IEEE8021X_EAPOL */
387 }
388 
389 
390 /**
391  * wpa_supplicant_set_non_wpa_policy - Set WPA parameters to non-WPA mode
392  * @wpa_s: Pointer to wpa_supplicant data
393  * @ssid: Configuration data for the network
394  *
395  * This function is used to configure WPA state machine and related parameters
396  * to a mode where WPA is not enabled. This is called as part of the
397  * authentication configuration when the selected network does not use WPA.
398  */
399 void wpa_supplicant_set_non_wpa_policy(struct wpa_supplicant *wpa_s,
400 				       struct wpa_ssid *ssid)
401 {
402 #ifdef CONFIG_WEP
403 	int i;
404 #endif /* CONFIG_WEP */
405 
406 	if (ssid->key_mgmt & WPA_KEY_MGMT_WPS)
407 		wpa_s->key_mgmt = WPA_KEY_MGMT_WPS;
408 	else if (ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA)
409 		wpa_s->key_mgmt = WPA_KEY_MGMT_IEEE8021X_NO_WPA;
410 	else
411 		wpa_s->key_mgmt = WPA_KEY_MGMT_NONE;
412 	wpa_sm_set_ap_wpa_ie(wpa_s->wpa, NULL, 0);
413 	wpa_sm_set_ap_rsn_ie(wpa_s->wpa, NULL, 0);
414 	wpa_sm_set_ap_rsnxe(wpa_s->wpa, NULL, 0);
415 	wpa_sm_set_assoc_wpa_ie(wpa_s->wpa, NULL, 0);
416 	wpa_sm_set_assoc_rsnxe(wpa_s->wpa, NULL, 0);
417 	wpa_s->rsnxe_len = 0;
418 	wpa_s->pairwise_cipher = WPA_CIPHER_NONE;
419 	wpa_s->group_cipher = WPA_CIPHER_NONE;
420 	wpa_s->mgmt_group_cipher = 0;
421 
422 #ifdef CONFIG_WEP
423 	for (i = 0; i < NUM_WEP_KEYS; i++) {
424 		if (ssid->wep_key_len[i] > 5) {
425 			wpa_s->pairwise_cipher = WPA_CIPHER_WEP104;
426 			wpa_s->group_cipher = WPA_CIPHER_WEP104;
427 			break;
428 		} else if (ssid->wep_key_len[i] > 0) {
429 			wpa_s->pairwise_cipher = WPA_CIPHER_WEP40;
430 			wpa_s->group_cipher = WPA_CIPHER_WEP40;
431 			break;
432 		}
433 	}
434 #endif /* CONFIG_WEP */
435 
436 	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_RSN_ENABLED, 0);
437 	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_KEY_MGMT, wpa_s->key_mgmt);
438 	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_PAIRWISE,
439 			 wpa_s->pairwise_cipher);
440 	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_GROUP, wpa_s->group_cipher);
441 	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_MGMT_GROUP,
442 			 wpa_s->mgmt_group_cipher);
443 
444 	pmksa_cache_clear_current(wpa_s->wpa);
445 }
446 
447 
448 void free_hw_features(struct wpa_supplicant *wpa_s)
449 {
450 	int i;
451 	if (wpa_s->hw.modes == NULL)
452 		return;
453 
454 	for (i = 0; i < wpa_s->hw.num_modes; i++) {
455 		os_free(wpa_s->hw.modes[i].channels);
456 		os_free(wpa_s->hw.modes[i].rates);
457 	}
458 
459 	os_free(wpa_s->hw.modes);
460 	wpa_s->hw.modes = NULL;
461 }
462 
463 
464 static void remove_bss_tmp_disallowed_entry(struct wpa_supplicant *wpa_s,
465 					    struct wpa_bss_tmp_disallowed *bss)
466 {
467 	eloop_cancel_timeout(wpa_bss_tmp_disallow_timeout, wpa_s, bss);
468 	dl_list_del(&bss->list);
469 	os_free(bss);
470 }
471 
472 
473 void free_bss_tmp_disallowed(struct wpa_supplicant *wpa_s)
474 {
475 	struct wpa_bss_tmp_disallowed *bss, *prev;
476 
477 	dl_list_for_each_safe(bss, prev, &wpa_s->bss_tmp_disallowed,
478 			      struct wpa_bss_tmp_disallowed, list)
479 		remove_bss_tmp_disallowed_entry(wpa_s, bss);
480 }
481 
482 
483 void wpas_flush_fils_hlp_req(struct wpa_supplicant *wpa_s)
484 {
485 	struct fils_hlp_req *req;
486 
487 	while ((req = dl_list_first(&wpa_s->fils_hlp_req, struct fils_hlp_req,
488 				    list)) != NULL) {
489 		dl_list_del(&req->list);
490 		wpabuf_free(req->pkt);
491 		os_free(req);
492 	}
493 }
494 
495 
496 void wpas_clear_disabled_interface(void *eloop_ctx, void *timeout_ctx)
497 {
498 	struct wpa_supplicant *wpa_s = eloop_ctx;
499 
500 	if (wpa_s->wpa_state != WPA_INTERFACE_DISABLED)
501 		return;
502 	wpa_dbg(wpa_s, MSG_DEBUG, "Clear cached state on disabled interface");
503 	wpa_bss_flush(wpa_s);
504 }
505 
506 
507 #ifdef CONFIG_TESTING_OPTIONS
508 void wpas_clear_driver_signal_override(struct wpa_supplicant *wpa_s)
509 {
510 	struct driver_signal_override *dso;
511 
512 	while ((dso = dl_list_first(&wpa_s->drv_signal_override,
513 				    struct driver_signal_override, list))) {
514 		dl_list_del(&dso->list);
515 		os_free(dso);
516 	}
517 }
518 #endif /* CONFIG_TESTING_OPTIONS */
519 
520 
521 static void wpa_supplicant_cleanup(struct wpa_supplicant *wpa_s)
522 {
523 	int i;
524 
525 	bgscan_deinit(wpa_s);
526 	autoscan_deinit(wpa_s);
527 	scard_deinit(wpa_s->scard);
528 	wpa_s->scard = NULL;
529 	wpa_sm_set_scard_ctx(wpa_s->wpa, NULL);
530 	eapol_sm_register_scard_ctx(wpa_s->eapol, NULL);
531 	l2_packet_deinit(wpa_s->l2);
532 	wpa_s->l2 = NULL;
533 	if (wpa_s->l2_br) {
534 		l2_packet_deinit(wpa_s->l2_br);
535 		wpa_s->l2_br = NULL;
536 	}
537 #ifdef CONFIG_TESTING_OPTIONS
538 	l2_packet_deinit(wpa_s->l2_test);
539 	wpa_s->l2_test = NULL;
540 	os_free(wpa_s->get_pref_freq_list_override);
541 	wpa_s->get_pref_freq_list_override = NULL;
542 	wpabuf_free(wpa_s->last_assoc_req_wpa_ie);
543 	wpa_s->last_assoc_req_wpa_ie = NULL;
544 	os_free(wpa_s->extra_sae_rejected_groups);
545 	wpa_s->extra_sae_rejected_groups = NULL;
546 	wpabuf_free(wpa_s->rsne_override_eapol);
547 	wpa_s->rsne_override_eapol = NULL;
548 	wpabuf_free(wpa_s->rsnxe_override_assoc);
549 	wpa_s->rsnxe_override_assoc = NULL;
550 	wpabuf_free(wpa_s->rsnxe_override_eapol);
551 	wpa_s->rsnxe_override_eapol = NULL;
552 	wpas_clear_driver_signal_override(wpa_s);
553 #endif /* CONFIG_TESTING_OPTIONS */
554 
555 	if (wpa_s->conf != NULL) {
556 		struct wpa_ssid *ssid;
557 		for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next)
558 			wpas_notify_network_removed(wpa_s, ssid);
559 	}
560 
561 	os_free(wpa_s->confname);
562 	wpa_s->confname = NULL;
563 
564 	os_free(wpa_s->confanother);
565 	wpa_s->confanother = NULL;
566 
567 	os_free(wpa_s->last_con_fail_realm);
568 	wpa_s->last_con_fail_realm = NULL;
569 	wpa_s->last_con_fail_realm_len = 0;
570 
571 	wpa_sm_set_eapol(wpa_s->wpa, NULL);
572 	eapol_sm_deinit(wpa_s->eapol);
573 	wpa_s->eapol = NULL;
574 
575 	rsn_preauth_deinit(wpa_s->wpa);
576 
577 #ifdef CONFIG_TDLS
578 	wpa_tdls_deinit(wpa_s->wpa);
579 #endif /* CONFIG_TDLS */
580 
581 	wmm_ac_clear_saved_tspecs(wpa_s);
582 	pmksa_candidate_free(wpa_s->wpa);
583 	ptksa_cache_deinit(wpa_s->ptksa);
584 	wpa_s->ptksa = NULL;
585 	wpa_sm_deinit(wpa_s->wpa);
586 	wpa_s->wpa = NULL;
587 	wpa_bssid_ignore_clear(wpa_s);
588 
589 #ifdef CONFIG_PASN
590 	wpas_pasn_auth_stop(wpa_s);
591 #endif /* CONFIG_PASN */
592 
593 	wpa_bss_deinit(wpa_s);
594 
595 	wpa_supplicant_cancel_delayed_sched_scan(wpa_s);
596 	wpa_supplicant_cancel_scan(wpa_s);
597 	wpa_supplicant_cancel_auth_timeout(wpa_s);
598 	eloop_cancel_timeout(wpa_supplicant_stop_countermeasures, wpa_s, NULL);
599 #ifdef CONFIG_DELAYED_MIC_ERROR_REPORT
600 	eloop_cancel_timeout(wpa_supplicant_delayed_mic_error_report,
601 			     wpa_s, NULL);
602 #endif /* CONFIG_DELAYED_MIC_ERROR_REPORT */
603 
604 	eloop_cancel_timeout(wpas_network_reenabled, wpa_s, NULL);
605 	eloop_cancel_timeout(wpas_clear_disabled_interface, wpa_s, NULL);
606 
607 	wpas_wps_deinit(wpa_s);
608 
609 	wpabuf_free(wpa_s->pending_eapol_rx);
610 	wpa_s->pending_eapol_rx = NULL;
611 
612 #ifdef CONFIG_IBSS_RSN
613 	ibss_rsn_deinit(wpa_s->ibss_rsn);
614 	wpa_s->ibss_rsn = NULL;
615 #endif /* CONFIG_IBSS_RSN */
616 
617 	sme_deinit(wpa_s);
618 
619 #ifdef CONFIG_AP
620 	wpa_supplicant_ap_deinit(wpa_s);
621 #endif /* CONFIG_AP */
622 
623 	wpas_p2p_deinit(wpa_s);
624 
625 #ifdef CONFIG_OFFCHANNEL
626 	offchannel_deinit(wpa_s);
627 #endif /* CONFIG_OFFCHANNEL */
628 
629 	wpa_supplicant_cancel_sched_scan(wpa_s);
630 
631 	os_free(wpa_s->next_scan_freqs);
632 	wpa_s->next_scan_freqs = NULL;
633 
634 	os_free(wpa_s->manual_scan_freqs);
635 	wpa_s->manual_scan_freqs = NULL;
636 	os_free(wpa_s->select_network_scan_freqs);
637 	wpa_s->select_network_scan_freqs = NULL;
638 
639 	os_free(wpa_s->manual_sched_scan_freqs);
640 	wpa_s->manual_sched_scan_freqs = NULL;
641 
642 	wpas_mac_addr_rand_scan_clear(wpa_s, MAC_ADDR_RAND_ALL);
643 
644 	/*
645 	 * Need to remove any pending gas-query radio work before the
646 	 * gas_query_deinit() call because gas_query::work has not yet been set
647 	 * for works that have not been started. gas_query_free() will be unable
648 	 * to cancel such pending radio works and once the pending gas-query
649 	 * radio work eventually gets removed, the deinit notification call to
650 	 * gas_query_start_cb() would result in dereferencing freed memory.
651 	 */
652 	if (wpa_s->radio)
653 		radio_remove_works(wpa_s, "gas-query", 0);
654 	gas_query_deinit(wpa_s->gas);
655 	wpa_s->gas = NULL;
656 	gas_server_deinit(wpa_s->gas_server);
657 	wpa_s->gas_server = NULL;
658 
659 	free_hw_features(wpa_s);
660 
661 	ieee802_1x_dealloc_kay_sm(wpa_s);
662 
663 	os_free(wpa_s->bssid_filter);
664 	wpa_s->bssid_filter = NULL;
665 
666 	os_free(wpa_s->disallow_aps_bssid);
667 	wpa_s->disallow_aps_bssid = NULL;
668 	os_free(wpa_s->disallow_aps_ssid);
669 	wpa_s->disallow_aps_ssid = NULL;
670 
671 	wnm_bss_keep_alive_deinit(wpa_s);
672 #ifdef CONFIG_WNM
673 	wnm_deallocate_memory(wpa_s);
674 #endif /* CONFIG_WNM */
675 
676 	ext_password_deinit(wpa_s->ext_pw);
677 	wpa_s->ext_pw = NULL;
678 
679 	wpabuf_free(wpa_s->last_gas_resp);
680 	wpa_s->last_gas_resp = NULL;
681 	wpabuf_free(wpa_s->prev_gas_resp);
682 	wpa_s->prev_gas_resp = NULL;
683 
684 	os_free(wpa_s->last_scan_res);
685 	wpa_s->last_scan_res = NULL;
686 
687 #ifdef CONFIG_HS20
688 	if (wpa_s->drv_priv)
689 		wpa_drv_configure_frame_filters(wpa_s, 0);
690 	hs20_deinit(wpa_s);
691 #endif /* CONFIG_HS20 */
692 
693 	for (i = 0; i < NUM_VENDOR_ELEM_FRAMES; i++) {
694 		wpabuf_free(wpa_s->vendor_elem[i]);
695 		wpa_s->vendor_elem[i] = NULL;
696 	}
697 
698 	wmm_ac_notify_disassoc(wpa_s);
699 
700 	wpa_s->sched_scan_plans_num = 0;
701 	os_free(wpa_s->sched_scan_plans);
702 	wpa_s->sched_scan_plans = NULL;
703 
704 #ifdef CONFIG_MBO
705 	wpa_s->non_pref_chan_num = 0;
706 	os_free(wpa_s->non_pref_chan);
707 	wpa_s->non_pref_chan = NULL;
708 #endif /* CONFIG_MBO */
709 
710 	free_bss_tmp_disallowed(wpa_s);
711 
712 	wpabuf_free(wpa_s->lci);
713 	wpa_s->lci = NULL;
714 	wpas_clear_beacon_rep_data(wpa_s);
715 
716 #ifdef CONFIG_PMKSA_CACHE_EXTERNAL
717 #ifdef CONFIG_MESH
718 	{
719 		struct external_pmksa_cache *entry;
720 
721 		while ((entry = dl_list_last(&wpa_s->mesh_external_pmksa_cache,
722 					     struct external_pmksa_cache,
723 					     list)) != NULL) {
724 			dl_list_del(&entry->list);
725 			os_free(entry->pmksa_cache);
726 			os_free(entry);
727 		}
728 	}
729 #endif /* CONFIG_MESH */
730 #endif /* CONFIG_PMKSA_CACHE_EXTERNAL */
731 
732 	wpas_flush_fils_hlp_req(wpa_s);
733 
734 	wpabuf_free(wpa_s->ric_ies);
735 	wpa_s->ric_ies = NULL;
736 
737 #ifdef CONFIG_DPP
738 	wpas_dpp_deinit(wpa_s);
739 	dpp_global_deinit(wpa_s->dpp);
740 	wpa_s->dpp = NULL;
741 #endif /* CONFIG_DPP */
742 
743 #ifdef CONFIG_PASN
744 	wpas_pasn_auth_stop(wpa_s);
745 #endif /* CONFIG_PASN */
746 }
747 
748 
749 /**
750  * wpa_clear_keys - Clear keys configured for the driver
751  * @wpa_s: Pointer to wpa_supplicant data
752  * @addr: Previously used BSSID or %NULL if not available
753  *
754  * This function clears the encryption keys that has been previously configured
755  * for the driver.
756  */
757 void wpa_clear_keys(struct wpa_supplicant *wpa_s, const u8 *addr)
758 {
759 	int i, max = 6;
760 
761 	/* MLME-DELETEKEYS.request */
762 	for (i = 0; i < max; i++) {
763 		if (wpa_s->keys_cleared & BIT(i))
764 			continue;
765 		wpa_drv_set_key(wpa_s, WPA_ALG_NONE, NULL, i, 0, NULL, 0,
766 				NULL, 0, KEY_FLAG_GROUP);
767 	}
768 	/* Pairwise Key ID 1 for Extended Key ID is tracked in bit 15 */
769 	if (~wpa_s->keys_cleared & (BIT(0) | BIT(15)) && addr &&
770 	    !is_zero_ether_addr(addr)) {
771 		if (!(wpa_s->keys_cleared & BIT(0)))
772 			wpa_drv_set_key(wpa_s, WPA_ALG_NONE, addr, 0, 0, NULL,
773 					0, NULL, 0, KEY_FLAG_PAIRWISE);
774 		if (!(wpa_s->keys_cleared & BIT(15)))
775 			wpa_drv_set_key(wpa_s, WPA_ALG_NONE, addr, 1, 0, NULL,
776 					0, NULL, 0, KEY_FLAG_PAIRWISE);
777 		/* MLME-SETPROTECTION.request(None) */
778 		wpa_drv_mlme_setprotection(
779 			wpa_s, addr,
780 			MLME_SETPROTECTION_PROTECT_TYPE_NONE,
781 			MLME_SETPROTECTION_KEY_TYPE_PAIRWISE);
782 	}
783 	wpa_s->keys_cleared = (u32) -1;
784 }
785 
786 
787 /**
788  * wpa_supplicant_state_txt - Get the connection state name as a text string
789  * @state: State (wpa_state; WPA_*)
790  * Returns: The state name as a printable text string
791  */
792 const char * wpa_supplicant_state_txt(enum wpa_states state)
793 {
794 	switch (state) {
795 	case WPA_DISCONNECTED:
796 		return "DISCONNECTED";
797 	case WPA_INACTIVE:
798 		return "INACTIVE";
799 	case WPA_INTERFACE_DISABLED:
800 		return "INTERFACE_DISABLED";
801 	case WPA_SCANNING:
802 		return "SCANNING";
803 	case WPA_AUTHENTICATING:
804 		return "AUTHENTICATING";
805 	case WPA_ASSOCIATING:
806 		return "ASSOCIATING";
807 	case WPA_ASSOCIATED:
808 		return "ASSOCIATED";
809 	case WPA_4WAY_HANDSHAKE:
810 		return "4WAY_HANDSHAKE";
811 	case WPA_GROUP_HANDSHAKE:
812 		return "GROUP_HANDSHAKE";
813 	case WPA_COMPLETED:
814 		return "COMPLETED";
815 	default:
816 		return "UNKNOWN";
817 	}
818 }
819 
820 
821 #ifdef CONFIG_BGSCAN
822 
823 static void wpa_supplicant_stop_bgscan(struct wpa_supplicant *wpa_s)
824 {
825 	if (wpa_s->bgscan_ssid) {
826 		bgscan_deinit(wpa_s);
827 		wpa_s->bgscan_ssid = NULL;
828 	}
829 }
830 
831 
832 /**
833  * wpa_supplicant_reset_bgscan - Reset the bgscan for the current SSID.
834  * @wpa_s: Pointer to the wpa_supplicant data
835  *
836  * Stop, start, or reconfigure the scan parameters depending on the method.
837  */
838 void wpa_supplicant_reset_bgscan(struct wpa_supplicant *wpa_s)
839 {
840 	const char *name;
841 
842 	if (wpa_s->current_ssid && wpa_s->current_ssid->bgscan)
843 		name = wpa_s->current_ssid->bgscan;
844 	else
845 		name = wpa_s->conf->bgscan;
846 	if (!name || name[0] == '\0') {
847 		wpa_supplicant_stop_bgscan(wpa_s);
848 		return;
849 	}
850 	if (wpas_driver_bss_selection(wpa_s))
851 		return;
852 #ifdef CONFIG_P2P
853 	if (wpa_s->p2p_group_interface != NOT_P2P_GROUP_INTERFACE)
854 		return;
855 #endif /* CONFIG_P2P */
856 
857 	bgscan_deinit(wpa_s);
858 	if (wpa_s->current_ssid) {
859 		if (bgscan_init(wpa_s, wpa_s->current_ssid, name)) {
860 			wpa_dbg(wpa_s, MSG_DEBUG, "Failed to initialize "
861 				"bgscan");
862 			/*
863 			 * Live without bgscan; it is only used as a roaming
864 			 * optimization, so the initial connection is not
865 			 * affected.
866 			 */
867 		} else {
868 			struct wpa_scan_results *scan_res;
869 			wpa_s->bgscan_ssid = wpa_s->current_ssid;
870 			scan_res = wpa_supplicant_get_scan_results(wpa_s, NULL,
871 								   0);
872 			if (scan_res) {
873 				bgscan_notify_scan(wpa_s, scan_res);
874 				wpa_scan_results_free(scan_res);
875 			}
876 		}
877 	} else
878 		wpa_s->bgscan_ssid = NULL;
879 }
880 
881 #endif /* CONFIG_BGSCAN */
882 
883 
884 static void wpa_supplicant_start_autoscan(struct wpa_supplicant *wpa_s)
885 {
886 	if (autoscan_init(wpa_s, 0))
887 		wpa_dbg(wpa_s, MSG_DEBUG, "Failed to initialize autoscan");
888 }
889 
890 
891 static void wpa_supplicant_stop_autoscan(struct wpa_supplicant *wpa_s)
892 {
893 	autoscan_deinit(wpa_s);
894 }
895 
896 
897 void wpa_supplicant_reinit_autoscan(struct wpa_supplicant *wpa_s)
898 {
899 	if (wpa_s->wpa_state == WPA_DISCONNECTED ||
900 	    wpa_s->wpa_state == WPA_SCANNING) {
901 		autoscan_deinit(wpa_s);
902 		wpa_supplicant_start_autoscan(wpa_s);
903 	}
904 }
905 
906 
907 /**
908  * wpa_supplicant_set_state - Set current connection state
909  * @wpa_s: Pointer to wpa_supplicant data
910  * @state: The new connection state
911  *
912  * This function is called whenever the connection state changes, e.g.,
913  * association is completed for WPA/WPA2 4-Way Handshake is started.
914  */
915 void wpa_supplicant_set_state(struct wpa_supplicant *wpa_s,
916 			      enum wpa_states state)
917 {
918 	enum wpa_states old_state = wpa_s->wpa_state;
919 #if defined(CONFIG_FILS) && defined(IEEE8021X_EAPOL)
920 	bool update_fils_connect_params = false;
921 #endif /* CONFIG_FILS && IEEE8021X_EAPOL */
922 
923 	wpa_dbg(wpa_s, MSG_DEBUG, "State: %s -> %s",
924 		wpa_supplicant_state_txt(wpa_s->wpa_state),
925 		wpa_supplicant_state_txt(state));
926 
927 	if (state == WPA_COMPLETED &&
928 	    os_reltime_initialized(&wpa_s->roam_start)) {
929 		os_reltime_age(&wpa_s->roam_start, &wpa_s->roam_time);
930 		wpa_s->roam_start.sec = 0;
931 		wpa_s->roam_start.usec = 0;
932 		wpas_notify_auth_changed(wpa_s);
933 		wpas_notify_roam_time(wpa_s);
934 		wpas_notify_roam_complete(wpa_s);
935 	} else if (state == WPA_DISCONNECTED &&
936 		   os_reltime_initialized(&wpa_s->roam_start)) {
937 		wpa_s->roam_start.sec = 0;
938 		wpa_s->roam_start.usec = 0;
939 		wpa_s->roam_time.sec = 0;
940 		wpa_s->roam_time.usec = 0;
941 		wpas_notify_roam_complete(wpa_s);
942 	}
943 
944 	if (state == WPA_INTERFACE_DISABLED) {
945 		/* Assure normal scan when interface is restored */
946 		wpa_s->normal_scans = 0;
947 	}
948 
949 	if (state == WPA_COMPLETED) {
950 		wpas_connect_work_done(wpa_s);
951 		/* Reinitialize normal_scan counter */
952 		wpa_s->normal_scans = 0;
953 	}
954 
955 #ifdef CONFIG_P2P
956 	/*
957 	 * P2PS client has to reply to Probe Request frames received on the
958 	 * group operating channel. Enable Probe Request frame reporting for
959 	 * P2P connected client in case p2p_cli_probe configuration property is
960 	 * set to 1.
961 	 */
962 	if (wpa_s->conf->p2p_cli_probe && wpa_s->current_ssid &&
963 	    wpa_s->current_ssid->mode == WPAS_MODE_INFRA &&
964 	    wpa_s->current_ssid->p2p_group) {
965 		if (state == WPA_COMPLETED && !wpa_s->p2p_cli_probe) {
966 			wpa_dbg(wpa_s, MSG_DEBUG,
967 				"P2P: Enable CLI Probe Request RX reporting");
968 			wpa_s->p2p_cli_probe =
969 				wpa_drv_probe_req_report(wpa_s, 1) >= 0;
970 		} else if (state != WPA_COMPLETED && wpa_s->p2p_cli_probe) {
971 			wpa_dbg(wpa_s, MSG_DEBUG,
972 				"P2P: Disable CLI Probe Request RX reporting");
973 			wpa_s->p2p_cli_probe = 0;
974 			wpa_drv_probe_req_report(wpa_s, 0);
975 		}
976 	}
977 #endif /* CONFIG_P2P */
978 
979 	if (state != WPA_SCANNING)
980 		wpa_supplicant_notify_scanning(wpa_s, 0);
981 
982 	if (state == WPA_COMPLETED && wpa_s->new_connection) {
983 		struct wpa_ssid *ssid = wpa_s->current_ssid;
984 		int fils_hlp_sent = 0;
985 
986 #ifdef CONFIG_SME
987 		if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME) &&
988 		    wpa_auth_alg_fils(wpa_s->sme.auth_alg))
989 			fils_hlp_sent = 1;
990 #endif /* CONFIG_SME */
991 		if (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME) &&
992 		    wpa_auth_alg_fils(wpa_s->auth_alg))
993 			fils_hlp_sent = 1;
994 
995 #if defined(CONFIG_CTRL_IFACE) || !defined(CONFIG_NO_STDOUT_DEBUG)
996 		wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_CONNECTED "- Connection to "
997 			MACSTR " completed [id=%d id_str=%s%s]",
998 			MAC2STR(wpa_s->bssid),
999 			ssid ? ssid->id : -1,
1000 			ssid && ssid->id_str ? ssid->id_str : "",
1001 			fils_hlp_sent ? " FILS_HLP_SENT" : "");
1002 #endif /* CONFIG_CTRL_IFACE || !CONFIG_NO_STDOUT_DEBUG */
1003 		wpas_clear_temp_disabled(wpa_s, ssid, 1);
1004 		wpa_s->consecutive_conn_failures = 0;
1005 		wpa_s->new_connection = 0;
1006 		wpa_drv_set_operstate(wpa_s, 1);
1007 #ifndef IEEE8021X_EAPOL
1008 		wpa_drv_set_supp_port(wpa_s, 1);
1009 #endif /* IEEE8021X_EAPOL */
1010 		wpa_s->after_wps = 0;
1011 		wpa_s->known_wps_freq = 0;
1012 		wpas_p2p_completed(wpa_s);
1013 
1014 		sme_sched_obss_scan(wpa_s, 1);
1015 
1016 #if defined(CONFIG_FILS) && defined(IEEE8021X_EAPOL)
1017 		if (!fils_hlp_sent && ssid && ssid->eap.erp)
1018 			update_fils_connect_params = true;
1019 #endif /* CONFIG_FILS && IEEE8021X_EAPOL */
1020 #ifdef CONFIG_OWE
1021 		if (ssid && (ssid->key_mgmt & WPA_KEY_MGMT_OWE))
1022 			wpas_update_owe_connect_params(wpa_s);
1023 #endif /* CONFIG_OWE */
1024 	} else if (state == WPA_DISCONNECTED || state == WPA_ASSOCIATING ||
1025 		   state == WPA_ASSOCIATED) {
1026 		wpa_s->new_connection = 1;
1027 		wpa_drv_set_operstate(wpa_s, 0);
1028 #ifndef IEEE8021X_EAPOL
1029 		wpa_drv_set_supp_port(wpa_s, 0);
1030 #endif /* IEEE8021X_EAPOL */
1031 		sme_sched_obss_scan(wpa_s, 0);
1032 	}
1033 	wpa_s->wpa_state = state;
1034 
1035 #ifdef CONFIG_BGSCAN
1036 	if (state == WPA_COMPLETED && wpa_s->current_ssid != wpa_s->bgscan_ssid)
1037 		wpa_supplicant_reset_bgscan(wpa_s);
1038 	else if (state < WPA_ASSOCIATED)
1039 		wpa_supplicant_stop_bgscan(wpa_s);
1040 #endif /* CONFIG_BGSCAN */
1041 
1042 	if (state > WPA_SCANNING)
1043 		wpa_supplicant_stop_autoscan(wpa_s);
1044 
1045 	if (state == WPA_DISCONNECTED || state == WPA_INACTIVE)
1046 		wpa_supplicant_start_autoscan(wpa_s);
1047 
1048 	if (old_state >= WPA_ASSOCIATED && wpa_s->wpa_state < WPA_ASSOCIATED)
1049 		wmm_ac_notify_disassoc(wpa_s);
1050 
1051 	if (wpa_s->wpa_state != old_state) {
1052 		wpas_notify_state_changed(wpa_s, wpa_s->wpa_state, old_state);
1053 
1054 		/*
1055 		 * Notify the P2P Device interface about a state change in one
1056 		 * of the interfaces.
1057 		 */
1058 		wpas_p2p_indicate_state_change(wpa_s);
1059 
1060 		if (wpa_s->wpa_state == WPA_COMPLETED ||
1061 		    old_state == WPA_COMPLETED)
1062 			wpas_notify_auth_changed(wpa_s);
1063 #ifdef CONFIG_DPP2
1064 		if (wpa_s->wpa_state == WPA_COMPLETED)
1065 			wpas_dpp_connected(wpa_s);
1066 #endif /* CONFIG_DPP2 */
1067 	}
1068 #if defined(CONFIG_FILS) && defined(IEEE8021X_EAPOL)
1069 	if (update_fils_connect_params)
1070 		wpas_update_fils_connect_params(wpa_s);
1071 #endif /* CONFIG_FILS && IEEE8021X_EAPOL */
1072 }
1073 
1074 
1075 void wpa_supplicant_terminate_proc(struct wpa_global *global)
1076 {
1077 	int pending = 0;
1078 #ifdef CONFIG_WPS
1079 	struct wpa_supplicant *wpa_s = global->ifaces;
1080 	while (wpa_s) {
1081 		struct wpa_supplicant *next = wpa_s->next;
1082 		if (wpas_wps_terminate_pending(wpa_s) == 1)
1083 			pending = 1;
1084 #ifdef CONFIG_P2P
1085 		if (wpa_s->p2p_group_interface != NOT_P2P_GROUP_INTERFACE ||
1086 		    (wpa_s->current_ssid && wpa_s->current_ssid->p2p_group))
1087 			wpas_p2p_disconnect(wpa_s);
1088 #endif /* CONFIG_P2P */
1089 		wpa_s = next;
1090 	}
1091 #endif /* CONFIG_WPS */
1092 	if (pending)
1093 		return;
1094 	eloop_terminate();
1095 }
1096 
1097 
1098 static void wpa_supplicant_terminate(int sig, void *signal_ctx)
1099 {
1100 	struct wpa_global *global = signal_ctx;
1101 	wpa_supplicant_terminate_proc(global);
1102 }
1103 
1104 
1105 void wpa_supplicant_clear_status(struct wpa_supplicant *wpa_s)
1106 {
1107 	enum wpa_states old_state = wpa_s->wpa_state;
1108 	enum wpa_states new_state;
1109 
1110 	if (old_state == WPA_SCANNING)
1111 		new_state = WPA_SCANNING;
1112 	else
1113 		new_state = WPA_DISCONNECTED;
1114 
1115 	wpa_s->pairwise_cipher = 0;
1116 	wpa_s->group_cipher = 0;
1117 	wpa_s->mgmt_group_cipher = 0;
1118 	wpa_s->key_mgmt = 0;
1119 	if (wpa_s->wpa_state != WPA_INTERFACE_DISABLED)
1120 		wpa_supplicant_set_state(wpa_s, new_state);
1121 
1122 	if (wpa_s->wpa_state != old_state)
1123 		wpas_notify_state_changed(wpa_s, wpa_s->wpa_state, old_state);
1124 }
1125 
1126 
1127 /**
1128  * wpa_supplicant_reload_configuration - Reload configuration data
1129  * @wpa_s: Pointer to wpa_supplicant data
1130  * Returns: 0 on success or -1 if configuration parsing failed
1131  *
1132  * This function can be used to request that the configuration data is reloaded
1133  * (e.g., after configuration file change). This function is reloading
1134  * configuration only for one interface, so this may need to be called multiple
1135  * times if %wpa_supplicant is controlling multiple interfaces and all
1136  * interfaces need reconfiguration.
1137  */
1138 int wpa_supplicant_reload_configuration(struct wpa_supplicant *wpa_s)
1139 {
1140 	struct wpa_config *conf;
1141 	int reconf_ctrl;
1142 	int old_ap_scan;
1143 
1144 	if (wpa_s->confname == NULL)
1145 		return -1;
1146 	conf = wpa_config_read(wpa_s->confname, NULL);
1147 	if (conf == NULL) {
1148 		wpa_msg(wpa_s, MSG_ERROR, "Failed to parse the configuration "
1149 			"file '%s' - exiting", wpa_s->confname);
1150 		return -1;
1151 	}
1152 	if (wpa_s->confanother &&
1153 	    !wpa_config_read(wpa_s->confanother, conf)) {
1154 		wpa_msg(wpa_s, MSG_ERROR,
1155 			"Failed to parse the configuration file '%s' - exiting",
1156 			wpa_s->confanother);
1157 		return -1;
1158 	}
1159 
1160 	conf->changed_parameters = (unsigned int) -1;
1161 
1162 	reconf_ctrl = !!conf->ctrl_interface != !!wpa_s->conf->ctrl_interface
1163 		|| (conf->ctrl_interface && wpa_s->conf->ctrl_interface &&
1164 		    os_strcmp(conf->ctrl_interface,
1165 			      wpa_s->conf->ctrl_interface) != 0);
1166 
1167 	if (reconf_ctrl) {
1168 		wpa_supplicant_ctrl_iface_deinit(wpa_s, wpa_s->ctrl_iface);
1169 		wpa_s->ctrl_iface = NULL;
1170 	}
1171 
1172 	eapol_sm_invalidate_cached_session(wpa_s->eapol);
1173 	if (wpa_s->current_ssid) {
1174 		if (wpa_s->wpa_state >= WPA_AUTHENTICATING)
1175 			wpa_s->own_disconnect_req = 1;
1176 		wpa_supplicant_deauthenticate(wpa_s,
1177 					      WLAN_REASON_DEAUTH_LEAVING);
1178 	}
1179 
1180 	/*
1181 	 * TODO: should notify EAPOL SM about changes in opensc_engine_path,
1182 	 * pkcs11_engine_path, pkcs11_module_path, openssl_ciphers.
1183 	 */
1184 	if (wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt) ||
1185 	    wpa_s->key_mgmt == WPA_KEY_MGMT_OWE ||
1186 	    wpa_s->key_mgmt == WPA_KEY_MGMT_DPP) {
1187 		/*
1188 		 * Clear forced success to clear EAP state for next
1189 		 * authentication.
1190 		 */
1191 		eapol_sm_notify_eap_success(wpa_s->eapol, false);
1192 	}
1193 	eapol_sm_notify_config(wpa_s->eapol, NULL, NULL);
1194 	wpa_sm_set_config(wpa_s->wpa, NULL);
1195 	wpa_sm_pmksa_cache_flush(wpa_s->wpa, NULL);
1196 	wpa_sm_set_fast_reauth(wpa_s->wpa, wpa_s->conf->fast_reauth);
1197 	rsn_preauth_deinit(wpa_s->wpa);
1198 
1199 	old_ap_scan = wpa_s->conf->ap_scan;
1200 	wpa_config_free(wpa_s->conf);
1201 	wpa_s->conf = conf;
1202 	if (old_ap_scan != wpa_s->conf->ap_scan)
1203 		wpas_notify_ap_scan_changed(wpa_s);
1204 
1205 	if (reconf_ctrl)
1206 		wpa_s->ctrl_iface = wpa_supplicant_ctrl_iface_init(wpa_s);
1207 
1208 	wpa_supplicant_update_config(wpa_s);
1209 
1210 	wpa_supplicant_clear_status(wpa_s);
1211 	if (wpa_supplicant_enabled_networks(wpa_s)) {
1212 		wpa_s->reassociate = 1;
1213 		wpa_supplicant_req_scan(wpa_s, 0, 0);
1214 	}
1215 	wpa_bssid_ignore_clear(wpa_s);
1216 	wpa_dbg(wpa_s, MSG_DEBUG, "Reconfiguration completed");
1217 	return 0;
1218 }
1219 
1220 
1221 static void wpa_supplicant_reconfig(int sig, void *signal_ctx)
1222 {
1223 	struct wpa_global *global = signal_ctx;
1224 	struct wpa_supplicant *wpa_s;
1225 	for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next) {
1226 		wpa_dbg(wpa_s, MSG_DEBUG, "Signal %d received - reconfiguring",
1227 			sig);
1228 		if (wpa_supplicant_reload_configuration(wpa_s) < 0) {
1229 			wpa_supplicant_terminate_proc(global);
1230 		}
1231 	}
1232 
1233 	if (wpa_debug_reopen_file() < 0) {
1234 		/* Ignore errors since we cannot really do much to fix this */
1235 		wpa_printf(MSG_DEBUG, "Could not reopen debug log file");
1236 	}
1237 }
1238 
1239 
1240 static int wpa_supplicant_suites_from_ai(struct wpa_supplicant *wpa_s,
1241 					 struct wpa_ssid *ssid,
1242 					 struct wpa_ie_data *ie)
1243 {
1244 	int ret = wpa_sm_parse_own_wpa_ie(wpa_s->wpa, ie);
1245 	if (ret) {
1246 		if (ret == -2) {
1247 			wpa_msg(wpa_s, MSG_INFO, "WPA: Failed to parse WPA IE "
1248 				"from association info");
1249 		}
1250 		return -1;
1251 	}
1252 
1253 	wpa_dbg(wpa_s, MSG_DEBUG, "WPA: Using WPA IE from AssocReq to set "
1254 		"cipher suites");
1255 	if (!(ie->group_cipher & ssid->group_cipher)) {
1256 		wpa_msg(wpa_s, MSG_INFO, "WPA: Driver used disabled group "
1257 			"cipher 0x%x (mask 0x%x) - reject",
1258 			ie->group_cipher, ssid->group_cipher);
1259 		return -1;
1260 	}
1261 	if (!(ie->pairwise_cipher & ssid->pairwise_cipher)) {
1262 		wpa_msg(wpa_s, MSG_INFO, "WPA: Driver used disabled pairwise "
1263 			"cipher 0x%x (mask 0x%x) - reject",
1264 			ie->pairwise_cipher, ssid->pairwise_cipher);
1265 		return -1;
1266 	}
1267 	if (!(ie->key_mgmt & ssid->key_mgmt)) {
1268 		wpa_msg(wpa_s, MSG_INFO, "WPA: Driver used disabled key "
1269 			"management 0x%x (mask 0x%x) - reject",
1270 			ie->key_mgmt, ssid->key_mgmt);
1271 		return -1;
1272 	}
1273 
1274 	if (!(ie->capabilities & WPA_CAPABILITY_MFPC) &&
1275 	    wpas_get_ssid_pmf(wpa_s, ssid) == MGMT_FRAME_PROTECTION_REQUIRED) {
1276 		wpa_msg(wpa_s, MSG_INFO, "WPA: Driver associated with an AP "
1277 			"that does not support management frame protection - "
1278 			"reject");
1279 		return -1;
1280 	}
1281 
1282 	return 0;
1283 }
1284 
1285 
1286 static int matching_ciphers(struct wpa_ssid *ssid, struct wpa_ie_data *ie,
1287 			    int freq)
1288 {
1289 	if (!ie->has_group)
1290 		ie->group_cipher = wpa_default_rsn_cipher(freq);
1291 	if (!ie->has_pairwise)
1292 		ie->pairwise_cipher = wpa_default_rsn_cipher(freq);
1293 	return (ie->group_cipher & ssid->group_cipher) &&
1294 		(ie->pairwise_cipher & ssid->pairwise_cipher);
1295 }
1296 
1297 
1298 /**
1299  * wpa_supplicant_set_suites - Set authentication and encryption parameters
1300  * @wpa_s: Pointer to wpa_supplicant data
1301  * @bss: Scan results for the selected BSS, or %NULL if not available
1302  * @ssid: Configuration data for the selected network
1303  * @wpa_ie: Buffer for the WPA/RSN IE
1304  * @wpa_ie_len: Maximum wpa_ie buffer size on input. This is changed to be the
1305  * used buffer length in case the functions returns success.
1306  * Returns: 0 on success or -1 on failure
1307  *
1308  * This function is used to configure authentication and encryption parameters
1309  * based on the network configuration and scan result for the selected BSS (if
1310  * available).
1311  */
1312 int wpa_supplicant_set_suites(struct wpa_supplicant *wpa_s,
1313 			      struct wpa_bss *bss, struct wpa_ssid *ssid,
1314 			      u8 *wpa_ie, size_t *wpa_ie_len)
1315 {
1316 	struct wpa_ie_data ie;
1317 	int sel, proto, sae_pwe;
1318 	const u8 *bss_wpa, *bss_rsn, *bss_rsnx, *bss_osen;
1319 
1320 	if (bss) {
1321 		bss_wpa = wpa_bss_get_vendor_ie(bss, WPA_IE_VENDOR_TYPE);
1322 		bss_rsn = wpa_bss_get_ie(bss, WLAN_EID_RSN);
1323 		bss_rsnx = wpa_bss_get_ie(bss, WLAN_EID_RSNX);
1324 		bss_osen = wpa_bss_get_vendor_ie(bss, OSEN_IE_VENDOR_TYPE);
1325 	} else {
1326 		bss_wpa = bss_rsn = bss_rsnx = bss_osen = NULL;
1327 	}
1328 
1329 	if (bss_rsn && (ssid->proto & WPA_PROTO_RSN) &&
1330 	    wpa_parse_wpa_ie(bss_rsn, 2 + bss_rsn[1], &ie) == 0 &&
1331 	    matching_ciphers(ssid, &ie, bss->freq) &&
1332 	    (ie.key_mgmt & ssid->key_mgmt)) {
1333 		wpa_dbg(wpa_s, MSG_DEBUG, "RSN: using IEEE 802.11i/D9.0");
1334 		proto = WPA_PROTO_RSN;
1335 	} else if (bss_wpa && (ssid->proto & WPA_PROTO_WPA) &&
1336 		   wpa_parse_wpa_ie(bss_wpa, 2 + bss_wpa[1], &ie) == 0 &&
1337 		   (ie.group_cipher & ssid->group_cipher) &&
1338 		   (ie.pairwise_cipher & ssid->pairwise_cipher) &&
1339 		   (ie.key_mgmt & ssid->key_mgmt)) {
1340 		wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using IEEE 802.11i/D3.0");
1341 		proto = WPA_PROTO_WPA;
1342 #ifdef CONFIG_HS20
1343 	} else if (bss_osen && (ssid->proto & WPA_PROTO_OSEN) &&
1344 		   wpa_parse_wpa_ie(bss_osen, 2 + bss_osen[1], &ie) == 0 &&
1345 		   (ie.group_cipher & ssid->group_cipher) &&
1346 		   (ie.pairwise_cipher & ssid->pairwise_cipher) &&
1347 		   (ie.key_mgmt & ssid->key_mgmt)) {
1348 		wpa_dbg(wpa_s, MSG_DEBUG, "HS 2.0: using OSEN");
1349 		proto = WPA_PROTO_OSEN;
1350 	} else if (bss_rsn && (ssid->proto & WPA_PROTO_OSEN) &&
1351 	    wpa_parse_wpa_ie(bss_rsn, 2 + bss_rsn[1], &ie) == 0 &&
1352 	    (ie.group_cipher & ssid->group_cipher) &&
1353 	    (ie.pairwise_cipher & ssid->pairwise_cipher) &&
1354 	    (ie.key_mgmt & ssid->key_mgmt)) {
1355 		wpa_dbg(wpa_s, MSG_DEBUG, "RSN: using OSEN (within RSN)");
1356 		proto = WPA_PROTO_RSN;
1357 #endif /* CONFIG_HS20 */
1358 	} else if (bss) {
1359 		wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to select WPA/RSN");
1360 		wpa_dbg(wpa_s, MSG_DEBUG,
1361 			"WPA: ssid proto=0x%x pairwise_cipher=0x%x group_cipher=0x%x key_mgmt=0x%x",
1362 			ssid->proto, ssid->pairwise_cipher, ssid->group_cipher,
1363 			ssid->key_mgmt);
1364 		wpa_dbg(wpa_s, MSG_DEBUG, "WPA: BSS " MACSTR " ssid='%s'%s%s%s",
1365 			MAC2STR(bss->bssid),
1366 			wpa_ssid_txt(bss->ssid, bss->ssid_len),
1367 			bss_wpa ? " WPA" : "",
1368 			bss_rsn ? " RSN" : "",
1369 			bss_osen ? " OSEN" : "");
1370 		if (bss_rsn) {
1371 			wpa_hexdump(MSG_DEBUG, "RSN", bss_rsn, 2 + bss_rsn[1]);
1372 			if (wpa_parse_wpa_ie(bss_rsn, 2 + bss_rsn[1], &ie)) {
1373 				wpa_dbg(wpa_s, MSG_DEBUG,
1374 					"Could not parse RSN element");
1375 			} else {
1376 				wpa_dbg(wpa_s, MSG_DEBUG,
1377 					"RSN: pairwise_cipher=0x%x group_cipher=0x%x key_mgmt=0x%x",
1378 					ie.pairwise_cipher, ie.group_cipher,
1379 					ie.key_mgmt);
1380 			}
1381 		}
1382 		if (bss_wpa) {
1383 			wpa_hexdump(MSG_DEBUG, "WPA", bss_wpa, 2 + bss_wpa[1]);
1384 			if (wpa_parse_wpa_ie(bss_wpa, 2 + bss_wpa[1], &ie)) {
1385 				wpa_dbg(wpa_s, MSG_DEBUG,
1386 					"Could not parse WPA element");
1387 			} else {
1388 				wpa_dbg(wpa_s, MSG_DEBUG,
1389 					"WPA: pairwise_cipher=0x%x group_cipher=0x%x key_mgmt=0x%x",
1390 					ie.pairwise_cipher, ie.group_cipher,
1391 					ie.key_mgmt);
1392 			}
1393 		}
1394 		return -1;
1395 	} else {
1396 		if (ssid->proto & WPA_PROTO_OSEN)
1397 			proto = WPA_PROTO_OSEN;
1398 		else if (ssid->proto & WPA_PROTO_RSN)
1399 			proto = WPA_PROTO_RSN;
1400 		else
1401 			proto = WPA_PROTO_WPA;
1402 		if (wpa_supplicant_suites_from_ai(wpa_s, ssid, &ie) < 0) {
1403 			os_memset(&ie, 0, sizeof(ie));
1404 			ie.group_cipher = ssid->group_cipher;
1405 			ie.pairwise_cipher = ssid->pairwise_cipher;
1406 			ie.key_mgmt = ssid->key_mgmt;
1407 			ie.mgmt_group_cipher = 0;
1408 			if (ssid->ieee80211w != NO_MGMT_FRAME_PROTECTION) {
1409 				if (ssid->group_mgmt_cipher &
1410 				    WPA_CIPHER_BIP_GMAC_256)
1411 					ie.mgmt_group_cipher =
1412 						WPA_CIPHER_BIP_GMAC_256;
1413 				else if (ssid->group_mgmt_cipher &
1414 					 WPA_CIPHER_BIP_CMAC_256)
1415 					ie.mgmt_group_cipher =
1416 						WPA_CIPHER_BIP_CMAC_256;
1417 				else if (ssid->group_mgmt_cipher &
1418 					 WPA_CIPHER_BIP_GMAC_128)
1419 					ie.mgmt_group_cipher =
1420 						WPA_CIPHER_BIP_GMAC_128;
1421 				else
1422 					ie.mgmt_group_cipher =
1423 						WPA_CIPHER_AES_128_CMAC;
1424 			}
1425 #ifdef CONFIG_OWE
1426 			if ((ssid->key_mgmt & WPA_KEY_MGMT_OWE) &&
1427 			    !ssid->owe_only &&
1428 			    !bss_wpa && !bss_rsn && !bss_osen) {
1429 				wpa_supplicant_set_non_wpa_policy(wpa_s, ssid);
1430 				wpa_s->wpa_proto = 0;
1431 				*wpa_ie_len = 0;
1432 				return 0;
1433 			}
1434 #endif /* CONFIG_OWE */
1435 			wpa_dbg(wpa_s, MSG_DEBUG, "WPA: Set cipher suites "
1436 				"based on configuration");
1437 		} else
1438 			proto = ie.proto;
1439 	}
1440 
1441 	wpa_dbg(wpa_s, MSG_DEBUG, "WPA: Selected cipher suites: group %d "
1442 		"pairwise %d key_mgmt %d proto %d",
1443 		ie.group_cipher, ie.pairwise_cipher, ie.key_mgmt, proto);
1444 	if (ssid->ieee80211w) {
1445 		wpa_dbg(wpa_s, MSG_DEBUG, "WPA: Selected mgmt group cipher %d",
1446 			ie.mgmt_group_cipher);
1447 	}
1448 
1449 	wpa_s->wpa_proto = proto;
1450 	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_PROTO, proto);
1451 	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_RSN_ENABLED,
1452 			 !!(ssid->proto & (WPA_PROTO_RSN | WPA_PROTO_OSEN)));
1453 
1454 	if (bss || !wpa_s->ap_ies_from_associnfo) {
1455 		if (wpa_sm_set_ap_wpa_ie(wpa_s->wpa, bss_wpa,
1456 					 bss_wpa ? 2 + bss_wpa[1] : 0) ||
1457 		    wpa_sm_set_ap_rsn_ie(wpa_s->wpa, bss_rsn,
1458 					 bss_rsn ? 2 + bss_rsn[1] : 0) ||
1459 		    wpa_sm_set_ap_rsnxe(wpa_s->wpa, bss_rsnx,
1460 					bss_rsnx ? 2 + bss_rsnx[1] : 0))
1461 			return -1;
1462 	}
1463 
1464 #ifdef CONFIG_NO_WPA
1465 	wpa_s->group_cipher = WPA_CIPHER_NONE;
1466 	wpa_s->pairwise_cipher = WPA_CIPHER_NONE;
1467 #else /* CONFIG_NO_WPA */
1468 	sel = ie.group_cipher & ssid->group_cipher;
1469 	wpa_dbg(wpa_s, MSG_DEBUG,
1470 		"WPA: AP group 0x%x network profile group 0x%x; available group 0x%x",
1471 		ie.group_cipher, ssid->group_cipher, sel);
1472 	wpa_s->group_cipher = wpa_pick_group_cipher(sel);
1473 	if (wpa_s->group_cipher < 0) {
1474 		wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to select group "
1475 			"cipher");
1476 		return -1;
1477 	}
1478 	wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using GTK %s",
1479 		wpa_cipher_txt(wpa_s->group_cipher));
1480 
1481 	sel = ie.pairwise_cipher & ssid->pairwise_cipher;
1482 	wpa_dbg(wpa_s, MSG_DEBUG,
1483 		"WPA: AP pairwise 0x%x network profile pairwise 0x%x; available pairwise 0x%x",
1484 		ie.pairwise_cipher, ssid->pairwise_cipher, sel);
1485 	wpa_s->pairwise_cipher = wpa_pick_pairwise_cipher(sel, 1);
1486 	if (wpa_s->pairwise_cipher < 0) {
1487 		wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to select pairwise "
1488 			"cipher");
1489 		return -1;
1490 	}
1491 	wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using PTK %s",
1492 		wpa_cipher_txt(wpa_s->pairwise_cipher));
1493 #endif /* CONFIG_NO_WPA */
1494 
1495 	sel = ie.key_mgmt & ssid->key_mgmt;
1496 #ifdef CONFIG_SAE
1497 	if (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_SAE))
1498 		sel &= ~(WPA_KEY_MGMT_SAE | WPA_KEY_MGMT_FT_SAE);
1499 #endif /* CONFIG_SAE */
1500 #ifdef CONFIG_IEEE80211R
1501 	if (!(wpa_s->drv_flags & (WPA_DRIVER_FLAGS_SME |
1502 				  WPA_DRIVER_FLAGS_UPDATE_FT_IES)))
1503 		sel &= ~WPA_KEY_MGMT_FT;
1504 #endif /* CONFIG_IEEE80211R */
1505 	wpa_dbg(wpa_s, MSG_DEBUG,
1506 		"WPA: AP key_mgmt 0x%x network profile key_mgmt 0x%x; available key_mgmt 0x%x",
1507 		ie.key_mgmt, ssid->key_mgmt, sel);
1508 	if (0) {
1509 #ifdef CONFIG_IEEE80211R
1510 #ifdef CONFIG_SHA384
1511 	} else if ((sel & WPA_KEY_MGMT_FT_IEEE8021X_SHA384) &&
1512 		   os_strcmp(wpa_supplicant_get_eap_mode(wpa_s), "LEAP") != 0) {
1513 		wpa_s->key_mgmt = WPA_KEY_MGMT_FT_IEEE8021X_SHA384;
1514 		wpa_dbg(wpa_s, MSG_DEBUG,
1515 			"WPA: using KEY_MGMT FT/802.1X-SHA384");
1516 		if (!ssid->ft_eap_pmksa_caching &&
1517 		    pmksa_cache_get_current(wpa_s->wpa)) {
1518 			/* PMKSA caching with FT may have interoperability
1519 			 * issues, so disable that case by default for now. */
1520 			wpa_dbg(wpa_s, MSG_DEBUG,
1521 				"WPA: Disable PMKSA caching for FT/802.1X connection");
1522 			pmksa_cache_clear_current(wpa_s->wpa);
1523 		}
1524 #endif /* CONFIG_SHA384 */
1525 #endif /* CONFIG_IEEE80211R */
1526 #ifdef CONFIG_SUITEB192
1527 	} else if (sel & WPA_KEY_MGMT_IEEE8021X_SUITE_B_192) {
1528 		wpa_s->key_mgmt = WPA_KEY_MGMT_IEEE8021X_SUITE_B_192;
1529 		wpa_dbg(wpa_s, MSG_DEBUG,
1530 			"WPA: using KEY_MGMT 802.1X with Suite B (192-bit)");
1531 #endif /* CONFIG_SUITEB192 */
1532 #ifdef CONFIG_SUITEB
1533 	} else if (sel & WPA_KEY_MGMT_IEEE8021X_SUITE_B) {
1534 		wpa_s->key_mgmt = WPA_KEY_MGMT_IEEE8021X_SUITE_B;
1535 		wpa_dbg(wpa_s, MSG_DEBUG,
1536 			"WPA: using KEY_MGMT 802.1X with Suite B");
1537 #endif /* CONFIG_SUITEB */
1538 #ifdef CONFIG_FILS
1539 #ifdef CONFIG_IEEE80211R
1540 	} else if (sel & WPA_KEY_MGMT_FT_FILS_SHA384) {
1541 		wpa_s->key_mgmt = WPA_KEY_MGMT_FT_FILS_SHA384;
1542 		wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT FT-FILS-SHA384");
1543 	} else if (sel & WPA_KEY_MGMT_FT_FILS_SHA256) {
1544 		wpa_s->key_mgmt = WPA_KEY_MGMT_FT_FILS_SHA256;
1545 		wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT FT-FILS-SHA256");
1546 #endif /* CONFIG_IEEE80211R */
1547 	} else if (sel & WPA_KEY_MGMT_FILS_SHA384) {
1548 		wpa_s->key_mgmt = WPA_KEY_MGMT_FILS_SHA384;
1549 		wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT FILS-SHA384");
1550 	} else if (sel & WPA_KEY_MGMT_FILS_SHA256) {
1551 		wpa_s->key_mgmt = WPA_KEY_MGMT_FILS_SHA256;
1552 		wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT FILS-SHA256");
1553 #endif /* CONFIG_FILS */
1554 #ifdef CONFIG_IEEE80211R
1555 	} else if ((sel & WPA_KEY_MGMT_FT_IEEE8021X) &&
1556 		   os_strcmp(wpa_supplicant_get_eap_mode(wpa_s), "LEAP") != 0) {
1557 		wpa_s->key_mgmt = WPA_KEY_MGMT_FT_IEEE8021X;
1558 		wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT FT/802.1X");
1559 		if (!ssid->ft_eap_pmksa_caching &&
1560 		    pmksa_cache_get_current(wpa_s->wpa)) {
1561 			/* PMKSA caching with FT may have interoperability
1562 			 * issues, so disable that case by default for now. */
1563 			wpa_dbg(wpa_s, MSG_DEBUG,
1564 				"WPA: Disable PMKSA caching for FT/802.1X connection");
1565 			pmksa_cache_clear_current(wpa_s->wpa);
1566 		}
1567 #endif /* CONFIG_IEEE80211R */
1568 #ifdef CONFIG_DPP
1569 	} else if (sel & WPA_KEY_MGMT_DPP) {
1570 		wpa_s->key_mgmt = WPA_KEY_MGMT_DPP;
1571 		wpa_dbg(wpa_s, MSG_DEBUG, "RSN: using KEY_MGMT DPP");
1572 #endif /* CONFIG_DPP */
1573 #ifdef CONFIG_SAE
1574 	} else if (sel & WPA_KEY_MGMT_FT_SAE) {
1575 		wpa_s->key_mgmt = WPA_KEY_MGMT_FT_SAE;
1576 		wpa_dbg(wpa_s, MSG_DEBUG, "RSN: using KEY_MGMT FT/SAE");
1577 	} else if (sel & WPA_KEY_MGMT_SAE) {
1578 		wpa_s->key_mgmt = WPA_KEY_MGMT_SAE;
1579 		wpa_dbg(wpa_s, MSG_DEBUG, "RSN: using KEY_MGMT SAE");
1580 #endif /* CONFIG_SAE */
1581 #ifdef CONFIG_IEEE80211R
1582 	} else if (sel & WPA_KEY_MGMT_FT_PSK) {
1583 		wpa_s->key_mgmt = WPA_KEY_MGMT_FT_PSK;
1584 		wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT FT/PSK");
1585 #endif /* CONFIG_IEEE80211R */
1586 	} else if (sel & WPA_KEY_MGMT_IEEE8021X_SHA256) {
1587 		wpa_s->key_mgmt = WPA_KEY_MGMT_IEEE8021X_SHA256;
1588 		wpa_dbg(wpa_s, MSG_DEBUG,
1589 			"WPA: using KEY_MGMT 802.1X with SHA256");
1590 	} else if (sel & WPA_KEY_MGMT_PSK_SHA256) {
1591 		wpa_s->key_mgmt = WPA_KEY_MGMT_PSK_SHA256;
1592 		wpa_dbg(wpa_s, MSG_DEBUG,
1593 			"WPA: using KEY_MGMT PSK with SHA256");
1594 	} else if (sel & WPA_KEY_MGMT_IEEE8021X) {
1595 		wpa_s->key_mgmt = WPA_KEY_MGMT_IEEE8021X;
1596 		wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT 802.1X");
1597 	} else if (sel & WPA_KEY_MGMT_PSK) {
1598 		wpa_s->key_mgmt = WPA_KEY_MGMT_PSK;
1599 		wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT WPA-PSK");
1600 	} else if (sel & WPA_KEY_MGMT_WPA_NONE) {
1601 		wpa_s->key_mgmt = WPA_KEY_MGMT_WPA_NONE;
1602 		wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT WPA-NONE");
1603 #ifdef CONFIG_HS20
1604 	} else if (sel & WPA_KEY_MGMT_OSEN) {
1605 		wpa_s->key_mgmt = WPA_KEY_MGMT_OSEN;
1606 		wpa_dbg(wpa_s, MSG_DEBUG, "HS 2.0: using KEY_MGMT OSEN");
1607 #endif /* CONFIG_HS20 */
1608 #ifdef CONFIG_OWE
1609 	} else if (sel & WPA_KEY_MGMT_OWE) {
1610 		wpa_s->key_mgmt = WPA_KEY_MGMT_OWE;
1611 		wpa_dbg(wpa_s, MSG_DEBUG, "RSN: using KEY_MGMT OWE");
1612 #endif /* CONFIG_OWE */
1613 	} else {
1614 		wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to select "
1615 			"authenticated key management type");
1616 		return -1;
1617 	}
1618 
1619 	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_KEY_MGMT, wpa_s->key_mgmt);
1620 	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_PAIRWISE,
1621 			 wpa_s->pairwise_cipher);
1622 	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_GROUP, wpa_s->group_cipher);
1623 
1624 	if (!(ie.capabilities & WPA_CAPABILITY_MFPC) &&
1625 	    wpas_get_ssid_pmf(wpa_s, ssid) == MGMT_FRAME_PROTECTION_REQUIRED) {
1626 		wpa_msg(wpa_s, MSG_INFO,
1627 			"RSN: Management frame protection required but the selected AP does not enable it");
1628 		return -1;
1629 	}
1630 
1631 	sel = ie.mgmt_group_cipher;
1632 	if (ssid->group_mgmt_cipher)
1633 		sel &= ssid->group_mgmt_cipher;
1634 	if (wpas_get_ssid_pmf(wpa_s, ssid) == NO_MGMT_FRAME_PROTECTION ||
1635 	    !(ie.capabilities & WPA_CAPABILITY_MFPC))
1636 		sel = 0;
1637 	wpa_dbg(wpa_s, MSG_DEBUG,
1638 		"WPA: AP mgmt_group_cipher 0x%x network profile mgmt_group_cipher 0x%x; available mgmt_group_cipher 0x%x",
1639 		ie.mgmt_group_cipher, ssid->group_mgmt_cipher, sel);
1640 	if (sel & WPA_CIPHER_AES_128_CMAC) {
1641 		wpa_s->mgmt_group_cipher = WPA_CIPHER_AES_128_CMAC;
1642 		wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using MGMT group cipher "
1643 			"AES-128-CMAC");
1644 	} else if (sel & WPA_CIPHER_BIP_GMAC_128) {
1645 		wpa_s->mgmt_group_cipher = WPA_CIPHER_BIP_GMAC_128;
1646 		wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using MGMT group cipher "
1647 			"BIP-GMAC-128");
1648 	} else if (sel & WPA_CIPHER_BIP_GMAC_256) {
1649 		wpa_s->mgmt_group_cipher = WPA_CIPHER_BIP_GMAC_256;
1650 		wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using MGMT group cipher "
1651 			"BIP-GMAC-256");
1652 	} else if (sel & WPA_CIPHER_BIP_CMAC_256) {
1653 		wpa_s->mgmt_group_cipher = WPA_CIPHER_BIP_CMAC_256;
1654 		wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using MGMT group cipher "
1655 			"BIP-CMAC-256");
1656 	} else {
1657 		wpa_s->mgmt_group_cipher = 0;
1658 		wpa_dbg(wpa_s, MSG_DEBUG, "WPA: not using MGMT group cipher");
1659 	}
1660 	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_MGMT_GROUP,
1661 			 wpa_s->mgmt_group_cipher);
1662 	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_MFP,
1663 			 wpas_get_ssid_pmf(wpa_s, ssid));
1664 #ifdef CONFIG_OCV
1665 	if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME) ||
1666 	    (wpa_s->drv_flags2 & WPA_DRIVER_FLAGS2_OCV))
1667 		wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_OCV, ssid->ocv);
1668 #endif /* CONFIG_OCV */
1669 	sae_pwe = wpa_s->conf->sae_pwe;
1670 	if (ssid->sae_password_id && sae_pwe != 3)
1671 		sae_pwe = 1;
1672 	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_SAE_PWE, sae_pwe);
1673 #ifdef CONFIG_SAE_PK
1674 	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_SAE_PK,
1675 			 wpa_key_mgmt_sae(ssid->key_mgmt) &&
1676 			 ssid->sae_pk != SAE_PK_MODE_DISABLED &&
1677 			 ((ssid->sae_password &&
1678 			   sae_pk_valid_password(ssid->sae_password)) ||
1679 			  (!ssid->sae_password && ssid->passphrase &&
1680 			   sae_pk_valid_password(ssid->passphrase))));
1681 #endif /* CONFIG_SAE_PK */
1682 #ifdef CONFIG_TESTING_OPTIONS
1683 	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_FT_RSNXE_USED,
1684 			 wpa_s->ft_rsnxe_used);
1685 	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_OCI_FREQ_EAPOL,
1686 			 wpa_s->oci_freq_override_eapol);
1687 	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_OCI_FREQ_EAPOL_G2,
1688 			 wpa_s->oci_freq_override_eapol_g2);
1689 	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_OCI_FREQ_FT_ASSOC,
1690 			 wpa_s->oci_freq_override_ft_assoc);
1691 	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_OCI_FREQ_FILS_ASSOC,
1692 			 wpa_s->oci_freq_override_fils_assoc);
1693 #endif /* CONFIG_TESTING_OPTIONS */
1694 
1695 	/* Extended Key ID is only supported in infrastructure BSS so far */
1696 	if (ssid->mode == WPAS_MODE_INFRA && wpa_s->conf->extended_key_id &&
1697 	    (ssid->proto & WPA_PROTO_RSN) &&
1698 	    ssid->pairwise_cipher & (WPA_CIPHER_CCMP | WPA_CIPHER_CCMP_256 |
1699 				     WPA_CIPHER_GCMP | WPA_CIPHER_GCMP_256) &&
1700 	    (wpa_s->drv_flags & WPA_DRIVER_FLAGS_EXTENDED_KEY_ID)) {
1701 		int use_ext_key_id = 0;
1702 
1703 		wpa_msg(wpa_s, MSG_DEBUG,
1704 			"WPA: Enable Extended Key ID support");
1705 		wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_EXT_KEY_ID,
1706 				 wpa_s->conf->extended_key_id);
1707 		if (bss_rsn &&
1708 		    wpa_s->conf->extended_key_id &&
1709 		    wpa_s->pairwise_cipher != WPA_CIPHER_TKIP &&
1710 		    (ie.capabilities & WPA_CAPABILITY_EXT_KEY_ID_FOR_UNICAST))
1711 			use_ext_key_id = 1;
1712 		wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_USE_EXT_KEY_ID,
1713 				 use_ext_key_id);
1714 	} else {
1715 		wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_EXT_KEY_ID, 0);
1716 		wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_USE_EXT_KEY_ID, 0);
1717 	}
1718 
1719 	if (wpa_sm_set_assoc_wpa_ie_default(wpa_s->wpa, wpa_ie, wpa_ie_len)) {
1720 		wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to generate WPA IE");
1721 		return -1;
1722 	}
1723 
1724 	wpa_s->rsnxe_len = sizeof(wpa_s->rsnxe);
1725 	if (wpa_sm_set_assoc_rsnxe_default(wpa_s->wpa, wpa_s->rsnxe,
1726 					   &wpa_s->rsnxe_len)) {
1727 		wpa_msg(wpa_s, MSG_WARNING, "RSN: Failed to generate RSNXE");
1728 		return -1;
1729 	}
1730 
1731 	if (0) {
1732 #ifdef CONFIG_DPP
1733 	} else if (wpa_s->key_mgmt == WPA_KEY_MGMT_DPP) {
1734 		/* Use PMK from DPP network introduction (PMKSA entry) */
1735 		wpa_sm_set_pmk_from_pmksa(wpa_s->wpa);
1736 #ifdef CONFIG_DPP2
1737 		wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_DPP_PFS, ssid->dpp_pfs);
1738 #endif /* CONFIG_DPP2 */
1739 #endif /* CONFIG_DPP */
1740 	} else if (wpa_key_mgmt_wpa_psk(ssid->key_mgmt)) {
1741 		int psk_set = 0;
1742 		int sae_only;
1743 
1744 		sae_only = (ssid->key_mgmt & (WPA_KEY_MGMT_PSK |
1745 					      WPA_KEY_MGMT_FT_PSK |
1746 					      WPA_KEY_MGMT_PSK_SHA256)) == 0;
1747 
1748 		if (ssid->psk_set && !sae_only) {
1749 			wpa_hexdump_key(MSG_MSGDUMP, "PSK (set in config)",
1750 					ssid->psk, PMK_LEN);
1751 			wpa_sm_set_pmk(wpa_s->wpa, ssid->psk, PMK_LEN, NULL,
1752 				       NULL);
1753 			psk_set = 1;
1754 		}
1755 
1756 		if (wpa_key_mgmt_sae(ssid->key_mgmt) &&
1757 		    (ssid->sae_password || ssid->passphrase))
1758 			psk_set = 1;
1759 
1760 #ifndef CONFIG_NO_PBKDF2
1761 		if (bss && ssid->bssid_set && ssid->ssid_len == 0 &&
1762 		    ssid->passphrase && !sae_only) {
1763 			u8 psk[PMK_LEN];
1764 		        pbkdf2_sha1(ssid->passphrase, bss->ssid, bss->ssid_len,
1765 				    4096, psk, PMK_LEN);
1766 		        wpa_hexdump_key(MSG_MSGDUMP, "PSK (from passphrase)",
1767 					psk, PMK_LEN);
1768 			wpa_sm_set_pmk(wpa_s->wpa, psk, PMK_LEN, NULL, NULL);
1769 			psk_set = 1;
1770 			os_memset(psk, 0, sizeof(psk));
1771 		}
1772 #endif /* CONFIG_NO_PBKDF2 */
1773 #ifdef CONFIG_EXT_PASSWORD
1774 		if (ssid->ext_psk && !sae_only) {
1775 			struct wpabuf *pw = ext_password_get(wpa_s->ext_pw,
1776 							     ssid->ext_psk);
1777 			char pw_str[64 + 1];
1778 			u8 psk[PMK_LEN];
1779 
1780 			if (pw == NULL) {
1781 				wpa_msg(wpa_s, MSG_INFO, "EXT PW: No PSK "
1782 					"found from external storage");
1783 				return -1;
1784 			}
1785 
1786 			if (wpabuf_len(pw) < 8 || wpabuf_len(pw) > 64) {
1787 				wpa_msg(wpa_s, MSG_INFO, "EXT PW: Unexpected "
1788 					"PSK length %d in external storage",
1789 					(int) wpabuf_len(pw));
1790 				ext_password_free(pw);
1791 				return -1;
1792 			}
1793 
1794 			os_memcpy(pw_str, wpabuf_head(pw), wpabuf_len(pw));
1795 			pw_str[wpabuf_len(pw)] = '\0';
1796 
1797 #ifndef CONFIG_NO_PBKDF2
1798 			if (wpabuf_len(pw) >= 8 && wpabuf_len(pw) < 64 && bss)
1799 			{
1800 				pbkdf2_sha1(pw_str, bss->ssid, bss->ssid_len,
1801 					    4096, psk, PMK_LEN);
1802 				os_memset(pw_str, 0, sizeof(pw_str));
1803 				wpa_hexdump_key(MSG_MSGDUMP, "PSK (from "
1804 						"external passphrase)",
1805 						psk, PMK_LEN);
1806 				wpa_sm_set_pmk(wpa_s->wpa, psk, PMK_LEN, NULL,
1807 					       NULL);
1808 				psk_set = 1;
1809 				os_memset(psk, 0, sizeof(psk));
1810 			} else
1811 #endif /* CONFIG_NO_PBKDF2 */
1812 			if (wpabuf_len(pw) == 2 * PMK_LEN) {
1813 				if (hexstr2bin(pw_str, psk, PMK_LEN) < 0) {
1814 					wpa_msg(wpa_s, MSG_INFO, "EXT PW: "
1815 						"Invalid PSK hex string");
1816 					os_memset(pw_str, 0, sizeof(pw_str));
1817 					ext_password_free(pw);
1818 					return -1;
1819 				}
1820 				wpa_hexdump_key(MSG_MSGDUMP,
1821 						"PSK (from external PSK)",
1822 						psk, PMK_LEN);
1823 				wpa_sm_set_pmk(wpa_s->wpa, psk, PMK_LEN, NULL,
1824 					       NULL);
1825 				psk_set = 1;
1826 				os_memset(psk, 0, sizeof(psk));
1827 			} else {
1828 				wpa_msg(wpa_s, MSG_INFO, "EXT PW: No suitable "
1829 					"PSK available");
1830 				os_memset(pw_str, 0, sizeof(pw_str));
1831 				ext_password_free(pw);
1832 				return -1;
1833 			}
1834 
1835 			os_memset(pw_str, 0, sizeof(pw_str));
1836 			ext_password_free(pw);
1837 		}
1838 #endif /* CONFIG_EXT_PASSWORD */
1839 
1840 		if (!psk_set) {
1841 			wpa_msg(wpa_s, MSG_INFO,
1842 				"No PSK available for association");
1843 			wpas_auth_failed(wpa_s, "NO_PSK_AVAILABLE");
1844 			return -1;
1845 		}
1846 #ifdef CONFIG_OWE
1847 	} else if (wpa_s->key_mgmt == WPA_KEY_MGMT_OWE) {
1848 		/* OWE Diffie-Hellman exchange in (Re)Association
1849 		 * Request/Response frames set the PMK, so do not override it
1850 		 * here. */
1851 #endif /* CONFIG_OWE */
1852 	} else
1853 		wpa_sm_set_pmk_from_pmksa(wpa_s->wpa);
1854 
1855 	if (ssid->mode != WPAS_MODE_IBSS &&
1856 	    !(wpa_s->drv_flags & WPA_DRIVER_FLAGS_WIRED) &&
1857 	    (ssid->wpa_deny_ptk0_rekey == PTK0_REKEY_ALLOW_NEVER ||
1858 	     (ssid->wpa_deny_ptk0_rekey == PTK0_REKEY_ALLOW_LOCAL_OK &&
1859 	      !(wpa_s->drv_flags & WPA_DRIVER_FLAGS_SAFE_PTK0_REKEYS)))) {
1860 		wpa_msg(wpa_s, MSG_INFO,
1861 			"Disable PTK0 rekey support - replaced with reconnect");
1862 		wpa_s->deny_ptk0_rekey = 1;
1863 		wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_DENY_PTK0_REKEY, 1);
1864 	} else {
1865 		wpa_s->deny_ptk0_rekey = 0;
1866 		wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_DENY_PTK0_REKEY, 0);
1867 	}
1868 
1869 	return 0;
1870 }
1871 
1872 
1873 static void wpas_ext_capab_byte(struct wpa_supplicant *wpa_s, u8 *pos, int idx)
1874 {
1875 	*pos = 0x00;
1876 
1877 	switch (idx) {
1878 	case 0: /* Bits 0-7 */
1879 		break;
1880 	case 1: /* Bits 8-15 */
1881 		if (wpa_s->conf->coloc_intf_reporting) {
1882 			/* Bit 13 - Collocated Interference Reporting */
1883 			*pos |= 0x20;
1884 		}
1885 		break;
1886 	case 2: /* Bits 16-23 */
1887 #ifdef CONFIG_WNM
1888 		*pos |= 0x02; /* Bit 17 - WNM-Sleep Mode */
1889 		if (!wpa_s->disable_mbo_oce && !wpa_s->conf->disable_btm)
1890 			*pos |= 0x08; /* Bit 19 - BSS Transition */
1891 #endif /* CONFIG_WNM */
1892 		break;
1893 	case 3: /* Bits 24-31 */
1894 #ifdef CONFIG_WNM
1895 		*pos |= 0x02; /* Bit 25 - SSID List */
1896 #endif /* CONFIG_WNM */
1897 #ifdef CONFIG_INTERWORKING
1898 		if (wpa_s->conf->interworking)
1899 			*pos |= 0x80; /* Bit 31 - Interworking */
1900 #endif /* CONFIG_INTERWORKING */
1901 		break;
1902 	case 4: /* Bits 32-39 */
1903 #ifdef CONFIG_INTERWORKING
1904 		if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_QOS_MAPPING)
1905 			*pos |= 0x01; /* Bit 32 - QoS Map */
1906 #endif /* CONFIG_INTERWORKING */
1907 		break;
1908 	case 5: /* Bits 40-47 */
1909 #ifdef CONFIG_HS20
1910 		if (wpa_s->conf->hs20)
1911 			*pos |= 0x40; /* Bit 46 - WNM-Notification */
1912 #endif /* CONFIG_HS20 */
1913 #ifdef CONFIG_MBO
1914 		*pos |= 0x40; /* Bit 46 - WNM-Notification */
1915 #endif /* CONFIG_MBO */
1916 		break;
1917 	case 6: /* Bits 48-55 */
1918 		break;
1919 	case 7: /* Bits 56-63 */
1920 		break;
1921 	case 8: /* Bits 64-71 */
1922 		if (wpa_s->conf->ftm_responder)
1923 			*pos |= 0x40; /* Bit 70 - FTM responder */
1924 		if (wpa_s->conf->ftm_initiator)
1925 			*pos |= 0x80; /* Bit 71 - FTM initiator */
1926 		break;
1927 	case 9: /* Bits 72-79 */
1928 #ifdef CONFIG_FILS
1929 		if (!wpa_s->disable_fils)
1930 			*pos |= 0x01;
1931 #endif /* CONFIG_FILS */
1932 		break;
1933 	case 10: /* Bits 80-87 */
1934 		*pos |= 0x20; /* Bit 85 - Mirrored SCS */
1935 		break;
1936 	}
1937 }
1938 
1939 
1940 int wpas_build_ext_capab(struct wpa_supplicant *wpa_s, u8 *buf, size_t buflen)
1941 {
1942 	u8 *pos = buf;
1943 	u8 len = 11, i;
1944 
1945 	if (len < wpa_s->extended_capa_len)
1946 		len = wpa_s->extended_capa_len;
1947 	if (buflen < (size_t) len + 2) {
1948 		wpa_printf(MSG_INFO,
1949 			   "Not enough room for building extended capabilities element");
1950 		return -1;
1951 	}
1952 
1953 	*pos++ = WLAN_EID_EXT_CAPAB;
1954 	*pos++ = len;
1955 	for (i = 0; i < len; i++, pos++) {
1956 		wpas_ext_capab_byte(wpa_s, pos, i);
1957 
1958 		if (i < wpa_s->extended_capa_len) {
1959 			*pos &= ~wpa_s->extended_capa_mask[i];
1960 			*pos |= wpa_s->extended_capa[i];
1961 		}
1962 	}
1963 
1964 	while (len > 0 && buf[1 + len] == 0) {
1965 		len--;
1966 		buf[1] = len;
1967 	}
1968 	if (len == 0)
1969 		return 0;
1970 
1971 	return 2 + len;
1972 }
1973 
1974 
1975 static int wpas_valid_bss(struct wpa_supplicant *wpa_s,
1976 			  struct wpa_bss *test_bss)
1977 {
1978 	struct wpa_bss *bss;
1979 
1980 	dl_list_for_each(bss, &wpa_s->bss, struct wpa_bss, list) {
1981 		if (bss == test_bss)
1982 			return 1;
1983 	}
1984 
1985 	return 0;
1986 }
1987 
1988 
1989 static int wpas_valid_ssid(struct wpa_supplicant *wpa_s,
1990 			   struct wpa_ssid *test_ssid)
1991 {
1992 	struct wpa_ssid *ssid;
1993 
1994 	for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next) {
1995 		if (ssid == test_ssid)
1996 			return 1;
1997 	}
1998 
1999 	return 0;
2000 }
2001 
2002 
2003 int wpas_valid_bss_ssid(struct wpa_supplicant *wpa_s, struct wpa_bss *test_bss,
2004 			struct wpa_ssid *test_ssid)
2005 {
2006 	if (test_bss && !wpas_valid_bss(wpa_s, test_bss))
2007 		return 0;
2008 
2009 	return test_ssid == NULL || wpas_valid_ssid(wpa_s, test_ssid);
2010 }
2011 
2012 
2013 void wpas_connect_work_free(struct wpa_connect_work *cwork)
2014 {
2015 	if (cwork == NULL)
2016 		return;
2017 	os_free(cwork);
2018 }
2019 
2020 
2021 void wpas_connect_work_done(struct wpa_supplicant *wpa_s)
2022 {
2023 	struct wpa_connect_work *cwork;
2024 	struct wpa_radio_work *work = wpa_s->connect_work;
2025 
2026 	if (!work)
2027 		return;
2028 
2029 	wpa_s->connect_work = NULL;
2030 	cwork = work->ctx;
2031 	work->ctx = NULL;
2032 	wpas_connect_work_free(cwork);
2033 	radio_work_done(work);
2034 }
2035 
2036 
2037 int wpas_update_random_addr(struct wpa_supplicant *wpa_s, int style)
2038 {
2039 	struct os_reltime now;
2040 	u8 addr[ETH_ALEN];
2041 
2042 	os_get_reltime(&now);
2043 	if (wpa_s->last_mac_addr_style == style &&
2044 	    wpa_s->last_mac_addr_change.sec != 0 &&
2045 	    !os_reltime_expired(&now, &wpa_s->last_mac_addr_change,
2046 				wpa_s->conf->rand_addr_lifetime)) {
2047 		wpa_msg(wpa_s, MSG_DEBUG,
2048 			"Previously selected random MAC address has not yet expired");
2049 		return 0;
2050 	}
2051 
2052 	switch (style) {
2053 	case 1:
2054 		if (random_mac_addr(addr) < 0)
2055 			return -1;
2056 		break;
2057 	case 2:
2058 		os_memcpy(addr, wpa_s->perm_addr, ETH_ALEN);
2059 		if (random_mac_addr_keep_oui(addr) < 0)
2060 			return -1;
2061 		break;
2062 	default:
2063 		return -1;
2064 	}
2065 
2066 	if (wpa_drv_set_mac_addr(wpa_s, addr) < 0) {
2067 		wpa_msg(wpa_s, MSG_INFO,
2068 			"Failed to set random MAC address");
2069 		return -1;
2070 	}
2071 
2072 	os_get_reltime(&wpa_s->last_mac_addr_change);
2073 	wpa_s->mac_addr_changed = 1;
2074 	wpa_s->last_mac_addr_style = style;
2075 
2076 	if (wpa_supplicant_update_mac_addr(wpa_s) < 0) {
2077 		wpa_msg(wpa_s, MSG_INFO,
2078 			"Could not update MAC address information");
2079 		return -1;
2080 	}
2081 
2082 	wpa_msg(wpa_s, MSG_DEBUG, "Using random MAC address " MACSTR,
2083 		MAC2STR(addr));
2084 
2085 	return 0;
2086 }
2087 
2088 
2089 int wpas_update_random_addr_disassoc(struct wpa_supplicant *wpa_s)
2090 {
2091 	if (wpa_s->wpa_state >= WPA_AUTHENTICATING ||
2092 	    !wpa_s->conf->preassoc_mac_addr)
2093 		return 0;
2094 
2095 	return wpas_update_random_addr(wpa_s, wpa_s->conf->preassoc_mac_addr);
2096 }
2097 
2098 
2099 static void wpa_s_setup_sae_pt(struct wpa_config *conf, struct wpa_ssid *ssid)
2100 {
2101 #ifdef CONFIG_SAE
2102 	int *groups = conf->sae_groups;
2103 	int default_groups[] = { 19, 20, 21, 0 };
2104 	const char *password;
2105 
2106 	if (!groups || groups[0] <= 0)
2107 		groups = default_groups;
2108 
2109 	password = ssid->sae_password;
2110 	if (!password)
2111 		password = ssid->passphrase;
2112 
2113 	if (!password ||
2114 	    (conf->sae_pwe == 0 && !ssid->sae_password_id &&
2115 	     !sae_pk_valid_password(password)) ||
2116 	    conf->sae_pwe == 3) {
2117 		/* PT derivation not needed */
2118 		sae_deinit_pt(ssid->pt);
2119 		ssid->pt = NULL;
2120 		return;
2121 	}
2122 
2123 	if (ssid->pt)
2124 		return; /* PT already derived */
2125 	ssid->pt = sae_derive_pt(groups, ssid->ssid, ssid->ssid_len,
2126 				 (const u8 *) password, os_strlen(password),
2127 				 ssid->sae_password_id);
2128 #endif /* CONFIG_SAE */
2129 }
2130 
2131 
2132 static void wpa_s_clear_sae_rejected(struct wpa_supplicant *wpa_s)
2133 {
2134 #if defined(CONFIG_SAE) && defined(CONFIG_SME)
2135 	os_free(wpa_s->sme.sae_rejected_groups);
2136 	wpa_s->sme.sae_rejected_groups = NULL;
2137 #ifdef CONFIG_TESTING_OPTIONS
2138 	if (wpa_s->extra_sae_rejected_groups) {
2139 		int i, *groups = wpa_s->extra_sae_rejected_groups;
2140 
2141 		for (i = 0; groups[i]; i++) {
2142 			wpa_printf(MSG_DEBUG,
2143 				   "TESTING: Indicate rejection of an extra SAE group %d",
2144 				   groups[i]);
2145 			int_array_add_unique(&wpa_s->sme.sae_rejected_groups,
2146 					     groups[i]);
2147 		}
2148 	}
2149 #endif /* CONFIG_TESTING_OPTIONS */
2150 #endif /* CONFIG_SAE && CONFIG_SME */
2151 }
2152 
2153 
2154 int wpas_restore_permanent_mac_addr(struct wpa_supplicant *wpa_s)
2155 {
2156 	if (wpa_drv_set_mac_addr(wpa_s, NULL) < 0) {
2157 		wpa_msg(wpa_s, MSG_INFO,
2158 			"Could not restore permanent MAC address");
2159 		return -1;
2160 	}
2161 	wpa_s->mac_addr_changed = 0;
2162 	if (wpa_supplicant_update_mac_addr(wpa_s) < 0) {
2163 		wpa_msg(wpa_s, MSG_INFO,
2164 			"Could not update MAC address information");
2165 		return -1;
2166 	}
2167 	wpa_msg(wpa_s, MSG_DEBUG, "Using permanent MAC address");
2168 	return 0;
2169 }
2170 
2171 
2172 static void wpas_start_assoc_cb(struct wpa_radio_work *work, int deinit);
2173 
2174 /**
2175  * wpa_supplicant_associate - Request association
2176  * @wpa_s: Pointer to wpa_supplicant data
2177  * @bss: Scan results for the selected BSS, or %NULL if not available
2178  * @ssid: Configuration data for the selected network
2179  *
2180  * This function is used to request %wpa_supplicant to associate with a BSS.
2181  */
2182 void wpa_supplicant_associate(struct wpa_supplicant *wpa_s,
2183 			      struct wpa_bss *bss, struct wpa_ssid *ssid)
2184 {
2185 	struct wpa_connect_work *cwork;
2186 	int rand_style;
2187 
2188 	wpa_s->own_disconnect_req = 0;
2189 	wpa_s->own_reconnect_req = 0;
2190 
2191 	/*
2192 	 * If we are starting a new connection, any previously pending EAPOL
2193 	 * RX cannot be valid anymore.
2194 	 */
2195 	wpabuf_free(wpa_s->pending_eapol_rx);
2196 	wpa_s->pending_eapol_rx = NULL;
2197 
2198 	if (ssid->mac_addr == -1)
2199 		rand_style = wpa_s->conf->mac_addr;
2200 	else
2201 		rand_style = ssid->mac_addr;
2202 
2203 	wpa_s->multi_ap_ie = 0;
2204 	wmm_ac_clear_saved_tspecs(wpa_s);
2205 	wpa_s->reassoc_same_bss = 0;
2206 	wpa_s->reassoc_same_ess = 0;
2207 #ifdef CONFIG_TESTING_OPTIONS
2208 	wpa_s->testing_resend_assoc = 0;
2209 #endif /* CONFIG_TESTING_OPTIONS */
2210 
2211 	if (wpa_s->last_ssid == ssid) {
2212 		wpa_dbg(wpa_s, MSG_DEBUG, "Re-association to the same ESS");
2213 		wpa_s->reassoc_same_ess = 1;
2214 		if (wpa_s->current_bss && wpa_s->current_bss == bss) {
2215 			wmm_ac_save_tspecs(wpa_s);
2216 			wpa_s->reassoc_same_bss = 1;
2217 		} else if (wpa_s->current_bss && wpa_s->current_bss != bss) {
2218 			os_get_reltime(&wpa_s->roam_start);
2219 		}
2220 	} else {
2221 #ifdef CONFIG_SAE
2222 		wpa_s_clear_sae_rejected(wpa_s);
2223 		wpa_s_setup_sae_pt(wpa_s->conf, ssid);
2224 #endif /* CONFIG_SAE */
2225 	}
2226 
2227 	if (rand_style > 0 && !wpa_s->reassoc_same_ess) {
2228 		if (wpas_update_random_addr(wpa_s, rand_style) < 0)
2229 			return;
2230 		wpa_sm_pmksa_cache_flush(wpa_s->wpa, ssid);
2231 	} else if (rand_style == 0 && wpa_s->mac_addr_changed) {
2232 		if (wpas_restore_permanent_mac_addr(wpa_s) < 0)
2233 			return;
2234 	}
2235 	wpa_s->last_ssid = ssid;
2236 
2237 #ifdef CONFIG_IBSS_RSN
2238 	ibss_rsn_deinit(wpa_s->ibss_rsn);
2239 	wpa_s->ibss_rsn = NULL;
2240 #else /* CONFIG_IBSS_RSN */
2241 	if (ssid->mode == WPAS_MODE_IBSS &&
2242 	    !(ssid->key_mgmt & (WPA_KEY_MGMT_NONE | WPA_KEY_MGMT_WPA_NONE))) {
2243 		wpa_msg(wpa_s, MSG_INFO,
2244 			"IBSS RSN not supported in the build");
2245 		return;
2246 	}
2247 #endif /* CONFIG_IBSS_RSN */
2248 
2249 	if (ssid->mode == WPAS_MODE_AP || ssid->mode == WPAS_MODE_P2P_GO ||
2250 	    ssid->mode == WPAS_MODE_P2P_GROUP_FORMATION) {
2251 #ifdef CONFIG_AP
2252 		if (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_AP)) {
2253 			wpa_msg(wpa_s, MSG_INFO, "Driver does not support AP "
2254 				"mode");
2255 			return;
2256 		}
2257 		if (wpa_supplicant_create_ap(wpa_s, ssid) < 0) {
2258 			wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED);
2259 			if (ssid->mode == WPAS_MODE_P2P_GROUP_FORMATION)
2260 				wpas_p2p_ap_setup_failed(wpa_s);
2261 			return;
2262 		}
2263 		wpa_s->current_bss = bss;
2264 #else /* CONFIG_AP */
2265 		wpa_msg(wpa_s, MSG_ERROR, "AP mode support not included in "
2266 			"the build");
2267 #endif /* CONFIG_AP */
2268 		return;
2269 	}
2270 
2271 	if (ssid->mode == WPAS_MODE_MESH) {
2272 #ifdef CONFIG_MESH
2273 		if (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_MESH)) {
2274 			wpa_msg(wpa_s, MSG_INFO,
2275 				"Driver does not support mesh mode");
2276 			return;
2277 		}
2278 		if (bss)
2279 			ssid->frequency = bss->freq;
2280 		if (wpa_supplicant_join_mesh(wpa_s, ssid) < 0) {
2281 			wpa_msg(wpa_s, MSG_ERROR, "Could not join mesh");
2282 			return;
2283 		}
2284 		wpa_s->current_bss = bss;
2285 #else /* CONFIG_MESH */
2286 		wpa_msg(wpa_s, MSG_ERROR,
2287 			"mesh mode support not included in the build");
2288 #endif /* CONFIG_MESH */
2289 		return;
2290 	}
2291 
2292 	/*
2293 	 * Set WPA state machine configuration to match the selected network now
2294 	 * so that the information is available before wpas_start_assoc_cb()
2295 	 * gets called. This is needed at least for RSN pre-authentication where
2296 	 * candidate APs are added to a list based on scan result processing
2297 	 * before completion of the first association.
2298 	 */
2299 	wpa_supplicant_rsn_supp_set_config(wpa_s, ssid);
2300 
2301 #ifdef CONFIG_DPP
2302 	if (wpas_dpp_check_connect(wpa_s, ssid, bss) != 0)
2303 		return;
2304 #endif /* CONFIG_DPP */
2305 
2306 #ifdef CONFIG_TDLS
2307 	if (bss)
2308 		wpa_tdls_ap_ies(wpa_s->wpa, wpa_bss_ie_ptr(bss), bss->ie_len);
2309 #endif /* CONFIG_TDLS */
2310 
2311 #ifdef CONFIG_MBO
2312 	wpas_mbo_check_pmf(wpa_s, bss, ssid);
2313 #endif /* CONFIG_MBO */
2314 
2315 	if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME) &&
2316 	    ssid->mode == WPAS_MODE_INFRA) {
2317 		sme_authenticate(wpa_s, bss, ssid);
2318 		return;
2319 	}
2320 
2321 	if (wpa_s->connect_work) {
2322 		wpa_dbg(wpa_s, MSG_DEBUG, "Reject wpa_supplicant_associate() call since connect_work exist");
2323 		return;
2324 	}
2325 
2326 	if (radio_work_pending(wpa_s, "connect")) {
2327 		wpa_dbg(wpa_s, MSG_DEBUG, "Reject wpa_supplicant_associate() call since pending work exist");
2328 		return;
2329 	}
2330 
2331 #ifdef CONFIG_SME
2332 	if (ssid->mode == WPAS_MODE_IBSS || ssid->mode == WPAS_MODE_MESH) {
2333 		/* Clear possibly set auth_alg, if any, from last attempt. */
2334 		wpa_s->sme.auth_alg = WPA_AUTH_ALG_OPEN;
2335 	}
2336 #endif /* CONFIG_SME */
2337 
2338 	wpas_abort_ongoing_scan(wpa_s);
2339 
2340 	cwork = os_zalloc(sizeof(*cwork));
2341 	if (cwork == NULL)
2342 		return;
2343 
2344 	cwork->bss = bss;
2345 	cwork->ssid = ssid;
2346 
2347 	if (radio_add_work(wpa_s, bss ? bss->freq : 0, "connect", 1,
2348 			   wpas_start_assoc_cb, cwork) < 0) {
2349 		os_free(cwork);
2350 	}
2351 }
2352 
2353 
2354 static int bss_is_ibss(struct wpa_bss *bss)
2355 {
2356 	return (bss->caps & (IEEE80211_CAP_ESS | IEEE80211_CAP_IBSS)) ==
2357 		IEEE80211_CAP_IBSS;
2358 }
2359 
2360 
2361 static int drv_supports_vht(struct wpa_supplicant *wpa_s,
2362 			    const struct wpa_ssid *ssid)
2363 {
2364 	enum hostapd_hw_mode hw_mode;
2365 	struct hostapd_hw_modes *mode = NULL;
2366 	u8 channel;
2367 	int i;
2368 
2369 	hw_mode = ieee80211_freq_to_chan(ssid->frequency, &channel);
2370 	if (hw_mode == NUM_HOSTAPD_MODES)
2371 		return 0;
2372 	for (i = 0; wpa_s->hw.modes && i < wpa_s->hw.num_modes; i++) {
2373 		if (wpa_s->hw.modes[i].mode == hw_mode) {
2374 			mode = &wpa_s->hw.modes[i];
2375 			break;
2376 		}
2377 	}
2378 
2379 	if (!mode)
2380 		return 0;
2381 
2382 	return mode->vht_capab != 0;
2383 }
2384 
2385 
2386 void ibss_mesh_setup_freq(struct wpa_supplicant *wpa_s,
2387 			  const struct wpa_ssid *ssid,
2388 			  struct hostapd_freq_params *freq)
2389 {
2390 	int ieee80211_mode = wpas_mode_to_ieee80211_mode(ssid->mode);
2391 	enum hostapd_hw_mode hw_mode;
2392 	struct hostapd_hw_modes *mode = NULL;
2393 	int ht40plus[] = { 36, 44, 52, 60, 100, 108, 116, 124, 132, 149, 157,
2394 			   184, 192 };
2395 	int vht80[] = { 36, 52, 100, 116, 132, 149 };
2396 	struct hostapd_channel_data *pri_chan = NULL, *sec_chan = NULL;
2397 	u8 channel;
2398 	int i, chan_idx, ht40 = -1, res, obss_scan = 1;
2399 	unsigned int j, k;
2400 	struct hostapd_freq_params vht_freq;
2401 	int chwidth, seg0, seg1;
2402 	u32 vht_caps = 0;
2403 	int is_24ghz;
2404 
2405 	freq->freq = ssid->frequency;
2406 
2407 	for (j = 0; j < wpa_s->last_scan_res_used; j++) {
2408 		struct wpa_bss *bss = wpa_s->last_scan_res[j];
2409 
2410 		if (ssid->mode != WPAS_MODE_IBSS)
2411 			break;
2412 
2413 		/* Don't adjust control freq in case of fixed_freq */
2414 		if (ssid->fixed_freq)
2415 			break;
2416 
2417 		if (!bss_is_ibss(bss))
2418 			continue;
2419 
2420 		if (ssid->ssid_len == bss->ssid_len &&
2421 		    os_memcmp(ssid->ssid, bss->ssid, bss->ssid_len) == 0) {
2422 			wpa_printf(MSG_DEBUG,
2423 				   "IBSS already found in scan results, adjust control freq: %d",
2424 				   bss->freq);
2425 			freq->freq = bss->freq;
2426 			obss_scan = 0;
2427 			break;
2428 		}
2429 	}
2430 
2431 	/* For IBSS check HT_IBSS flag */
2432 	if (ssid->mode == WPAS_MODE_IBSS &&
2433 	    !(wpa_s->drv_flags & WPA_DRIVER_FLAGS_HT_IBSS))
2434 		return;
2435 
2436 	if (wpa_s->group_cipher == WPA_CIPHER_WEP40 ||
2437 	    wpa_s->group_cipher == WPA_CIPHER_WEP104 ||
2438 	    wpa_s->pairwise_cipher == WPA_CIPHER_TKIP) {
2439 		wpa_printf(MSG_DEBUG,
2440 			   "IBSS: WEP/TKIP detected, do not try to enable HT");
2441 		return;
2442 	}
2443 
2444 	hw_mode = ieee80211_freq_to_chan(freq->freq, &channel);
2445 	for (i = 0; wpa_s->hw.modes && i < wpa_s->hw.num_modes; i++) {
2446 		if (wpa_s->hw.modes[i].mode == hw_mode) {
2447 			mode = &wpa_s->hw.modes[i];
2448 			break;
2449 		}
2450 	}
2451 
2452 	if (!mode)
2453 		return;
2454 
2455 	freq->channel = channel;
2456 
2457 	is_24ghz = hw_mode == HOSTAPD_MODE_IEEE80211G ||
2458 		hw_mode == HOSTAPD_MODE_IEEE80211B;
2459 
2460 #ifdef CONFIG_HT_OVERRIDES
2461 	if (ssid->disable_ht) {
2462 		freq->ht_enabled = 0;
2463 		return;
2464 	}
2465 #endif /* CONFIG_HT_OVERRIDES */
2466 
2467 	freq->ht_enabled = ht_supported(mode);
2468 	if (!freq->ht_enabled)
2469 		return;
2470 
2471 	/* Allow HE on 2.4 GHz without VHT: see nl80211_put_freq_params() */
2472 	if (is_24ghz)
2473 		freq->he_enabled = mode->he_capab[ieee80211_mode].he_supported;
2474 #ifdef CONFIG_HE_OVERRIDES
2475 	if (is_24ghz && ssid->disable_he)
2476 		freq->he_enabled = 0;
2477 #endif /* CONFIG_HE_OVERRIDES */
2478 
2479 	/* Setup higher BW only for 5 GHz */
2480 	if (mode->mode != HOSTAPD_MODE_IEEE80211A)
2481 		return;
2482 
2483 	for (chan_idx = 0; chan_idx < mode->num_channels; chan_idx++) {
2484 		pri_chan = &mode->channels[chan_idx];
2485 		if (pri_chan->chan == channel)
2486 			break;
2487 		pri_chan = NULL;
2488 	}
2489 	if (!pri_chan)
2490 		return;
2491 
2492 	/* Check primary channel flags */
2493 	if (pri_chan->flag & (HOSTAPD_CHAN_DISABLED | HOSTAPD_CHAN_NO_IR))
2494 		return;
2495 
2496 	freq->channel = pri_chan->chan;
2497 
2498 #ifdef CONFIG_HT_OVERRIDES
2499 	if (ssid->disable_ht40) {
2500 #ifdef CONFIG_VHT_OVERRIDES
2501 		if (ssid->disable_vht)
2502 			return;
2503 #endif /* CONFIG_VHT_OVERRIDES */
2504 		goto skip_ht40;
2505 	}
2506 #endif /* CONFIG_HT_OVERRIDES */
2507 
2508 	/* Check/setup HT40+/HT40- */
2509 	for (j = 0; j < ARRAY_SIZE(ht40plus); j++) {
2510 		if (ht40plus[j] == channel) {
2511 			ht40 = 1;
2512 			break;
2513 		}
2514 	}
2515 
2516 	/* Find secondary channel */
2517 	for (i = 0; i < mode->num_channels; i++) {
2518 		sec_chan = &mode->channels[i];
2519 		if (sec_chan->chan == channel + ht40 * 4)
2520 			break;
2521 		sec_chan = NULL;
2522 	}
2523 	if (!sec_chan)
2524 		return;
2525 
2526 	/* Check secondary channel flags */
2527 	if (sec_chan->flag & (HOSTAPD_CHAN_DISABLED | HOSTAPD_CHAN_NO_IR))
2528 		return;
2529 
2530 	if (ht40 == -1) {
2531 		if (!(pri_chan->flag & HOSTAPD_CHAN_HT40MINUS))
2532 			return;
2533 	} else {
2534 		if (!(pri_chan->flag & HOSTAPD_CHAN_HT40PLUS))
2535 			return;
2536 	}
2537 	freq->sec_channel_offset = ht40;
2538 
2539 	if (obss_scan) {
2540 		struct wpa_scan_results *scan_res;
2541 
2542 		scan_res = wpa_supplicant_get_scan_results(wpa_s, NULL, 0);
2543 		if (scan_res == NULL) {
2544 			/* Back to HT20 */
2545 			freq->sec_channel_offset = 0;
2546 			return;
2547 		}
2548 
2549 		res = check_40mhz_5g(scan_res, pri_chan, sec_chan);
2550 		switch (res) {
2551 		case 0:
2552 			/* Back to HT20 */
2553 			freq->sec_channel_offset = 0;
2554 			break;
2555 		case 1:
2556 			/* Configuration allowed */
2557 			break;
2558 		case 2:
2559 			/* Switch pri/sec channels */
2560 			freq->freq = hw_get_freq(mode, sec_chan->chan);
2561 			freq->sec_channel_offset = -freq->sec_channel_offset;
2562 			freq->channel = sec_chan->chan;
2563 			break;
2564 		default:
2565 			freq->sec_channel_offset = 0;
2566 			break;
2567 		}
2568 
2569 		wpa_scan_results_free(scan_res);
2570 	}
2571 
2572 #ifdef CONFIG_HT_OVERRIDES
2573 skip_ht40:
2574 #endif /* CONFIG_HT_OVERRIDES */
2575 	wpa_printf(MSG_DEBUG,
2576 		   "IBSS/mesh: setup freq channel %d, sec_channel_offset %d",
2577 		   freq->channel, freq->sec_channel_offset);
2578 
2579 	if (!drv_supports_vht(wpa_s, ssid))
2580 		return;
2581 
2582 	/* For IBSS check VHT_IBSS flag */
2583 	if (ssid->mode == WPAS_MODE_IBSS &&
2584 	    !(wpa_s->drv_flags & WPA_DRIVER_FLAGS_VHT_IBSS))
2585 		return;
2586 
2587 	vht_freq = *freq;
2588 
2589 #ifdef CONFIG_VHT_OVERRIDES
2590 	if (ssid->disable_vht) {
2591 		freq->vht_enabled = 0;
2592 		return;
2593 	}
2594 #endif /* CONFIG_VHT_OVERRIDES */
2595 
2596 	vht_freq.vht_enabled = vht_supported(mode);
2597 	if (!vht_freq.vht_enabled)
2598 		return;
2599 
2600 	/* Enable HE with VHT for 5 GHz */
2601 	freq->he_enabled = mode->he_capab[ieee80211_mode].he_supported;
2602 
2603 	/* setup center_freq1, bandwidth */
2604 	for (j = 0; j < ARRAY_SIZE(vht80); j++) {
2605 		if (freq->channel >= vht80[j] &&
2606 		    freq->channel < vht80[j] + 16)
2607 			break;
2608 	}
2609 
2610 	if (j == ARRAY_SIZE(vht80))
2611 		return;
2612 
2613 	for (i = vht80[j]; i < vht80[j] + 16; i += 4) {
2614 		struct hostapd_channel_data *chan;
2615 
2616 		chan = hw_get_channel_chan(mode, i, NULL);
2617 		if (!chan)
2618 			return;
2619 
2620 		/* Back to HT configuration if channel not usable */
2621 		if (chan->flag & (HOSTAPD_CHAN_DISABLED | HOSTAPD_CHAN_NO_IR))
2622 			return;
2623 	}
2624 
2625 	chwidth = CHANWIDTH_80MHZ;
2626 	seg0 = vht80[j] + 6;
2627 	seg1 = 0;
2628 
2629 	if (ssid->max_oper_chwidth == CHANWIDTH_80P80MHZ) {
2630 		/* setup center_freq2, bandwidth */
2631 		for (k = 0; k < ARRAY_SIZE(vht80); k++) {
2632 			/* Only accept 80 MHz segments separated by a gap */
2633 			if (j == k || abs(vht80[j] - vht80[k]) == 16)
2634 				continue;
2635 			for (i = vht80[k]; i < vht80[k] + 16; i += 4) {
2636 				struct hostapd_channel_data *chan;
2637 
2638 				chan = hw_get_channel_chan(mode, i, NULL);
2639 				if (!chan)
2640 					continue;
2641 
2642 				if (chan->flag & (HOSTAPD_CHAN_DISABLED |
2643 						  HOSTAPD_CHAN_NO_IR |
2644 						  HOSTAPD_CHAN_RADAR))
2645 					continue;
2646 
2647 				/* Found a suitable second segment for 80+80 */
2648 				chwidth = CHANWIDTH_80P80MHZ;
2649 				vht_caps |=
2650 					VHT_CAP_SUPP_CHAN_WIDTH_160_80PLUS80MHZ;
2651 				seg1 = vht80[k] + 6;
2652 			}
2653 
2654 			if (chwidth == CHANWIDTH_80P80MHZ)
2655 				break;
2656 		}
2657 	} else if (ssid->max_oper_chwidth == CHANWIDTH_160MHZ) {
2658 		if (freq->freq == 5180) {
2659 			chwidth = CHANWIDTH_160MHZ;
2660 			vht_caps |= VHT_CAP_SUPP_CHAN_WIDTH_160MHZ;
2661 			seg0 = 50;
2662 		} else if (freq->freq == 5520) {
2663 			chwidth = CHANWIDTH_160MHZ;
2664 			vht_caps |= VHT_CAP_SUPP_CHAN_WIDTH_160MHZ;
2665 			seg0 = 114;
2666 		}
2667 	} else if (ssid->max_oper_chwidth == CHANWIDTH_USE_HT) {
2668 		chwidth = CHANWIDTH_USE_HT;
2669 		seg0 = vht80[j] + 2;
2670 #ifdef CONFIG_HT_OVERRIDES
2671 		if (ssid->disable_ht40)
2672 			seg0 = 0;
2673 #endif /* CONFIG_HT_OVERRIDES */
2674 	}
2675 
2676 #ifdef CONFIG_HE_OVERRIDES
2677 	if (ssid->disable_he) {
2678 		vht_freq.he_enabled = 0;
2679 		freq->he_enabled = 0;
2680 	}
2681 #endif /* CONFIG_HE_OVERRIDES */
2682 	if (hostapd_set_freq_params(&vht_freq, mode->mode, freq->freq,
2683 				    freq->channel, ssid->enable_edmg,
2684 				    ssid->edmg_channel, freq->ht_enabled,
2685 				    vht_freq.vht_enabled, freq->he_enabled,
2686 				    freq->sec_channel_offset,
2687 				    chwidth, seg0, seg1, vht_caps,
2688 				    &mode->he_capab[ieee80211_mode]) != 0)
2689 		return;
2690 
2691 	*freq = vht_freq;
2692 
2693 	wpa_printf(MSG_DEBUG, "IBSS: VHT setup freq cf1 %d, cf2 %d, bw %d",
2694 		   freq->center_freq1, freq->center_freq2, freq->bandwidth);
2695 }
2696 
2697 
2698 #ifdef CONFIG_FILS
2699 static size_t wpas_add_fils_hlp_req(struct wpa_supplicant *wpa_s, u8 *ie_buf,
2700 				    size_t ie_buf_len)
2701 {
2702 	struct fils_hlp_req *req;
2703 	size_t rem_len, hdr_len, hlp_len, len, ie_len = 0;
2704 	const u8 *pos;
2705 	u8 *buf = ie_buf;
2706 
2707 	dl_list_for_each(req, &wpa_s->fils_hlp_req, struct fils_hlp_req,
2708 			 list) {
2709 		rem_len = ie_buf_len - ie_len;
2710 		pos = wpabuf_head(req->pkt);
2711 		hdr_len = 1 + 2 * ETH_ALEN + 6;
2712 		hlp_len = wpabuf_len(req->pkt);
2713 
2714 		if (rem_len < 2 + hdr_len + hlp_len) {
2715 			wpa_printf(MSG_ERROR,
2716 				   "FILS: Cannot fit HLP - rem_len=%lu to_fill=%lu",
2717 				   (unsigned long) rem_len,
2718 				   (unsigned long) (2 + hdr_len + hlp_len));
2719 			break;
2720 		}
2721 
2722 		len = (hdr_len + hlp_len) > 255 ? 255 : hdr_len + hlp_len;
2723 		/* Element ID */
2724 		*buf++ = WLAN_EID_EXTENSION;
2725 		/* Length */
2726 		*buf++ = len;
2727 		/* Element ID Extension */
2728 		*buf++ = WLAN_EID_EXT_FILS_HLP_CONTAINER;
2729 		/* Destination MAC address */
2730 		os_memcpy(buf, req->dst, ETH_ALEN);
2731 		buf += ETH_ALEN;
2732 		/* Source MAC address */
2733 		os_memcpy(buf, wpa_s->own_addr, ETH_ALEN);
2734 		buf += ETH_ALEN;
2735 		/* LLC/SNAP Header */
2736 		os_memcpy(buf, "\xaa\xaa\x03\x00\x00\x00", 6);
2737 		buf += 6;
2738 		/* HLP Packet */
2739 		os_memcpy(buf, pos, len - hdr_len);
2740 		buf += len - hdr_len;
2741 		pos += len - hdr_len;
2742 
2743 		hlp_len -= len - hdr_len;
2744 		ie_len += 2 + len;
2745 		rem_len -= 2 + len;
2746 
2747 		while (hlp_len) {
2748 			len = (hlp_len > 255) ? 255 : hlp_len;
2749 			if (rem_len < 2 + len)
2750 				break;
2751 			*buf++ = WLAN_EID_FRAGMENT;
2752 			*buf++ = len;
2753 			os_memcpy(buf, pos, len);
2754 			buf += len;
2755 			pos += len;
2756 
2757 			hlp_len -= len;
2758 			ie_len += 2 + len;
2759 			rem_len -= 2 + len;
2760 		}
2761 	}
2762 
2763 	return ie_len;
2764 }
2765 
2766 
2767 int wpa_is_fils_supported(struct wpa_supplicant *wpa_s)
2768 {
2769 	return (((wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME) &&
2770 		 (wpa_s->drv_flags & WPA_DRIVER_FLAGS_SUPPORT_FILS)) ||
2771 		(!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME) &&
2772 		 (wpa_s->drv_flags & WPA_DRIVER_FLAGS_FILS_SK_OFFLOAD)));
2773 }
2774 
2775 
2776 int wpa_is_fils_sk_pfs_supported(struct wpa_supplicant *wpa_s)
2777 {
2778 #ifdef CONFIG_FILS_SK_PFS
2779 	return (wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME) &&
2780 		(wpa_s->drv_flags & WPA_DRIVER_FLAGS_SUPPORT_FILS);
2781 #else /* CONFIG_FILS_SK_PFS */
2782 	return 0;
2783 #endif /* CONFIG_FILS_SK_PFS */
2784 }
2785 
2786 #endif /* CONFIG_FILS */
2787 
2788 
2789 static u8 * wpas_populate_assoc_ies(
2790 	struct wpa_supplicant *wpa_s,
2791 	struct wpa_bss *bss, struct wpa_ssid *ssid,
2792 	struct wpa_driver_associate_params *params,
2793 	enum wpa_drv_update_connect_params_mask *mask)
2794 {
2795 	u8 *wpa_ie;
2796 	size_t max_wpa_ie_len = 500;
2797 	size_t wpa_ie_len;
2798 	int algs = WPA_AUTH_ALG_OPEN;
2799 #ifdef CONFIG_MBO
2800 	const u8 *mbo_ie;
2801 #endif
2802 #if defined(CONFIG_SAE) || defined(CONFIG_FILS)
2803 	int pmksa_cached = 0;
2804 #endif /* CONFIG_SAE || CONFIG_FILS */
2805 #ifdef CONFIG_FILS
2806 	const u8 *realm, *username, *rrk;
2807 	size_t realm_len, username_len, rrk_len;
2808 	u16 next_seq_num;
2809 	struct fils_hlp_req *req;
2810 
2811 	dl_list_for_each(req, &wpa_s->fils_hlp_req, struct fils_hlp_req,
2812 			 list) {
2813 		max_wpa_ie_len += 3 + 2 * ETH_ALEN + 6 + wpabuf_len(req->pkt) +
2814 				  2 + 2 * wpabuf_len(req->pkt) / 255;
2815 	}
2816 #endif /* CONFIG_FILS */
2817 
2818 	wpa_ie = os_malloc(max_wpa_ie_len);
2819 	if (!wpa_ie) {
2820 		wpa_printf(MSG_ERROR,
2821 			   "Failed to allocate connect IE buffer for %lu bytes",
2822 			   (unsigned long) max_wpa_ie_len);
2823 		return NULL;
2824 	}
2825 
2826 	if (bss && (wpa_bss_get_vendor_ie(bss, WPA_IE_VENDOR_TYPE) ||
2827 		    wpa_bss_get_ie(bss, WLAN_EID_RSN)) &&
2828 	    wpa_key_mgmt_wpa(ssid->key_mgmt)) {
2829 		int try_opportunistic;
2830 		const u8 *cache_id = NULL;
2831 
2832 		try_opportunistic = (ssid->proactive_key_caching < 0 ?
2833 				     wpa_s->conf->okc :
2834 				     ssid->proactive_key_caching) &&
2835 			(ssid->proto & WPA_PROTO_RSN);
2836 #ifdef CONFIG_FILS
2837 		if (wpa_key_mgmt_fils(ssid->key_mgmt))
2838 			cache_id = wpa_bss_get_fils_cache_id(bss);
2839 #endif /* CONFIG_FILS */
2840 		if (pmksa_cache_set_current(wpa_s->wpa, NULL, bss->bssid,
2841 					    ssid, try_opportunistic,
2842 					    cache_id, 0) == 0) {
2843 			eapol_sm_notify_pmkid_attempt(wpa_s->eapol);
2844 #if defined(CONFIG_SAE) || defined(CONFIG_FILS)
2845 			pmksa_cached = 1;
2846 #endif /* CONFIG_SAE || CONFIG_FILS */
2847 		}
2848 		wpa_ie_len = max_wpa_ie_len;
2849 		if (wpa_supplicant_set_suites(wpa_s, bss, ssid,
2850 					      wpa_ie, &wpa_ie_len)) {
2851 			wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to set WPA "
2852 				"key management and encryption suites");
2853 			os_free(wpa_ie);
2854 			return NULL;
2855 		}
2856 #ifdef CONFIG_HS20
2857 	} else if (bss && wpa_bss_get_vendor_ie(bss, OSEN_IE_VENDOR_TYPE) &&
2858 		   (ssid->key_mgmt & WPA_KEY_MGMT_OSEN)) {
2859 		/* No PMKSA caching, but otherwise similar to RSN/WPA */
2860 		wpa_ie_len = max_wpa_ie_len;
2861 		if (wpa_supplicant_set_suites(wpa_s, bss, ssid,
2862 					      wpa_ie, &wpa_ie_len)) {
2863 			wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to set WPA "
2864 				"key management and encryption suites");
2865 			os_free(wpa_ie);
2866 			return NULL;
2867 		}
2868 #endif /* CONFIG_HS20 */
2869 	} else if ((ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA) && bss &&
2870 		   wpa_key_mgmt_wpa_ieee8021x(ssid->key_mgmt)) {
2871 		/*
2872 		 * Both WPA and non-WPA IEEE 802.1X enabled in configuration -
2873 		 * use non-WPA since the scan results did not indicate that the
2874 		 * AP is using WPA or WPA2.
2875 		 */
2876 		wpa_supplicant_set_non_wpa_policy(wpa_s, ssid);
2877 		wpa_ie_len = 0;
2878 		wpa_s->wpa_proto = 0;
2879 	} else if (wpa_key_mgmt_wpa_any(ssid->key_mgmt)) {
2880 		wpa_ie_len = max_wpa_ie_len;
2881 		if (wpa_supplicant_set_suites(wpa_s, NULL, ssid,
2882 					      wpa_ie, &wpa_ie_len)) {
2883 			wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to set WPA "
2884 				"key management and encryption suites (no "
2885 				"scan results)");
2886 			os_free(wpa_ie);
2887 			return NULL;
2888 		}
2889 #ifdef CONFIG_WPS
2890 	} else if (ssid->key_mgmt & WPA_KEY_MGMT_WPS) {
2891 		struct wpabuf *wps_ie;
2892 		wps_ie = wps_build_assoc_req_ie(wpas_wps_get_req_type(ssid));
2893 		if (wps_ie && wpabuf_len(wps_ie) <= max_wpa_ie_len) {
2894 			wpa_ie_len = wpabuf_len(wps_ie);
2895 			os_memcpy(wpa_ie, wpabuf_head(wps_ie), wpa_ie_len);
2896 		} else
2897 			wpa_ie_len = 0;
2898 		wpabuf_free(wps_ie);
2899 		wpa_supplicant_set_non_wpa_policy(wpa_s, ssid);
2900 		if (!bss || (bss->caps & IEEE80211_CAP_PRIVACY))
2901 			params->wps = WPS_MODE_PRIVACY;
2902 		else
2903 			params->wps = WPS_MODE_OPEN;
2904 		wpa_s->wpa_proto = 0;
2905 #endif /* CONFIG_WPS */
2906 	} else {
2907 		wpa_supplicant_set_non_wpa_policy(wpa_s, ssid);
2908 		wpa_ie_len = 0;
2909 		wpa_s->wpa_proto = 0;
2910 	}
2911 
2912 #ifdef IEEE8021X_EAPOL
2913 	if (ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
2914 		if (ssid->leap) {
2915 			if (ssid->non_leap == 0)
2916 				algs = WPA_AUTH_ALG_LEAP;
2917 			else
2918 				algs |= WPA_AUTH_ALG_LEAP;
2919 		}
2920 	}
2921 
2922 #ifdef CONFIG_FILS
2923 	/* Clear FILS association */
2924 	wpa_sm_set_reset_fils_completed(wpa_s->wpa, 0);
2925 
2926 	if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_FILS_SK_OFFLOAD) &&
2927 	    ssid->eap.erp && wpa_key_mgmt_fils(wpa_s->key_mgmt) &&
2928 	    eapol_sm_get_erp_info(wpa_s->eapol, &ssid->eap, &username,
2929 				  &username_len, &realm, &realm_len,
2930 				  &next_seq_num, &rrk, &rrk_len) == 0 &&
2931 	    (!wpa_s->last_con_fail_realm ||
2932 	     wpa_s->last_con_fail_realm_len != realm_len ||
2933 	     os_memcmp(wpa_s->last_con_fail_realm, realm, realm_len) != 0)) {
2934 		algs = WPA_AUTH_ALG_FILS;
2935 		params->fils_erp_username = username;
2936 		params->fils_erp_username_len = username_len;
2937 		params->fils_erp_realm = realm;
2938 		params->fils_erp_realm_len = realm_len;
2939 		params->fils_erp_next_seq_num = next_seq_num;
2940 		params->fils_erp_rrk = rrk;
2941 		params->fils_erp_rrk_len = rrk_len;
2942 
2943 		if (mask)
2944 			*mask |= WPA_DRV_UPDATE_FILS_ERP_INFO;
2945 	} else if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_FILS_SK_OFFLOAD) &&
2946 		   ssid->eap.erp && wpa_key_mgmt_fils(wpa_s->key_mgmt) &&
2947 		   pmksa_cached) {
2948 		algs = WPA_AUTH_ALG_FILS;
2949 	}
2950 #endif /* CONFIG_FILS */
2951 #endif /* IEEE8021X_EAPOL */
2952 #ifdef CONFIG_SAE
2953 	if (wpa_s->key_mgmt & (WPA_KEY_MGMT_SAE | WPA_KEY_MGMT_FT_SAE))
2954 		algs = WPA_AUTH_ALG_SAE;
2955 #endif /* CONFIG_SAE */
2956 
2957 	wpa_dbg(wpa_s, MSG_DEBUG, "Automatic auth_alg selection: 0x%x", algs);
2958 	if (ssid->auth_alg) {
2959 		algs = ssid->auth_alg;
2960 		wpa_dbg(wpa_s, MSG_DEBUG,
2961 			"Overriding auth_alg selection: 0x%x", algs);
2962 	}
2963 
2964 #ifdef CONFIG_SAE
2965 	if (pmksa_cached && algs == WPA_AUTH_ALG_SAE) {
2966 		wpa_dbg(wpa_s, MSG_DEBUG,
2967 			"SAE: Use WPA_AUTH_ALG_OPEN for PMKSA caching attempt");
2968 		algs = WPA_AUTH_ALG_OPEN;
2969 	}
2970 #endif /* CONFIG_SAE */
2971 
2972 #ifdef CONFIG_P2P
2973 	if (wpa_s->global->p2p) {
2974 		u8 *pos;
2975 		size_t len;
2976 		int res;
2977 		pos = wpa_ie + wpa_ie_len;
2978 		len = max_wpa_ie_len - wpa_ie_len;
2979 		res = wpas_p2p_assoc_req_ie(wpa_s, bss, pos, len,
2980 					    ssid->p2p_group);
2981 		if (res >= 0)
2982 			wpa_ie_len += res;
2983 	}
2984 
2985 	wpa_s->cross_connect_disallowed = 0;
2986 	if (bss) {
2987 		struct wpabuf *p2p;
2988 		p2p = wpa_bss_get_vendor_ie_multi(bss, P2P_IE_VENDOR_TYPE);
2989 		if (p2p) {
2990 			wpa_s->cross_connect_disallowed =
2991 				p2p_get_cross_connect_disallowed(p2p);
2992 			wpabuf_free(p2p);
2993 			wpa_dbg(wpa_s, MSG_DEBUG, "P2P: WLAN AP %s cross "
2994 				"connection",
2995 				wpa_s->cross_connect_disallowed ?
2996 				"disallows" : "allows");
2997 		}
2998 	}
2999 
3000 	os_memset(wpa_s->p2p_ip_addr_info, 0, sizeof(wpa_s->p2p_ip_addr_info));
3001 #endif /* CONFIG_P2P */
3002 
3003 	if (bss) {
3004 		wpa_ie_len += wpas_supp_op_class_ie(wpa_s, ssid, bss,
3005 						    wpa_ie + wpa_ie_len,
3006 						    max_wpa_ie_len -
3007 						    wpa_ie_len);
3008 	}
3009 
3010 	/*
3011 	 * Workaround: Add Extended Capabilities element only if the AP
3012 	 * included this element in Beacon/Probe Response frames. Some older
3013 	 * APs seem to have interoperability issues if this element is
3014 	 * included, so while the standard may require us to include the
3015 	 * element in all cases, it is justifiable to skip it to avoid
3016 	 * interoperability issues.
3017 	 */
3018 	if (ssid->p2p_group)
3019 		wpa_drv_get_ext_capa(wpa_s, WPA_IF_P2P_CLIENT);
3020 	else
3021 		wpa_drv_get_ext_capa(wpa_s, WPA_IF_STATION);
3022 
3023 	if (!bss || wpa_bss_get_ie(bss, WLAN_EID_EXT_CAPAB)) {
3024 		u8 ext_capab[18];
3025 		int ext_capab_len;
3026 		ext_capab_len = wpas_build_ext_capab(wpa_s, ext_capab,
3027 						     sizeof(ext_capab));
3028 		if (ext_capab_len > 0 &&
3029 		    wpa_ie_len + ext_capab_len <= max_wpa_ie_len) {
3030 			u8 *pos = wpa_ie;
3031 			if (wpa_ie_len > 0 && pos[0] == WLAN_EID_RSN)
3032 				pos += 2 + pos[1];
3033 			os_memmove(pos + ext_capab_len, pos,
3034 				   wpa_ie_len - (pos - wpa_ie));
3035 			wpa_ie_len += ext_capab_len;
3036 			os_memcpy(pos, ext_capab, ext_capab_len);
3037 		}
3038 	}
3039 
3040 #ifdef CONFIG_HS20
3041 	if (is_hs20_network(wpa_s, ssid, bss)) {
3042 		struct wpabuf *hs20;
3043 
3044 		hs20 = wpabuf_alloc(20 + MAX_ROAMING_CONS_OI_LEN);
3045 		if (hs20) {
3046 			int pps_mo_id = hs20_get_pps_mo_id(wpa_s, ssid);
3047 			size_t len;
3048 
3049 			wpas_hs20_add_indication(hs20, pps_mo_id,
3050 						 get_hs20_version(bss));
3051 			wpas_hs20_add_roam_cons_sel(hs20, ssid);
3052 			len = max_wpa_ie_len - wpa_ie_len;
3053 			if (wpabuf_len(hs20) <= len) {
3054 				os_memcpy(wpa_ie + wpa_ie_len,
3055 					  wpabuf_head(hs20), wpabuf_len(hs20));
3056 				wpa_ie_len += wpabuf_len(hs20);
3057 			}
3058 			wpabuf_free(hs20);
3059 
3060 			hs20_configure_frame_filters(wpa_s);
3061 		}
3062 	}
3063 #endif /* CONFIG_HS20 */
3064 
3065 	if (wpa_s->vendor_elem[VENDOR_ELEM_ASSOC_REQ]) {
3066 		struct wpabuf *buf = wpa_s->vendor_elem[VENDOR_ELEM_ASSOC_REQ];
3067 		size_t len;
3068 
3069 		len = max_wpa_ie_len - wpa_ie_len;
3070 		if (wpabuf_len(buf) <= len) {
3071 			os_memcpy(wpa_ie + wpa_ie_len,
3072 				  wpabuf_head(buf), wpabuf_len(buf));
3073 			wpa_ie_len += wpabuf_len(buf);
3074 		}
3075 	}
3076 
3077 #ifdef CONFIG_FST
3078 	if (wpa_s->fst_ies) {
3079 		int fst_ies_len = wpabuf_len(wpa_s->fst_ies);
3080 
3081 		if (wpa_ie_len + fst_ies_len <= max_wpa_ie_len) {
3082 			os_memcpy(wpa_ie + wpa_ie_len,
3083 				  wpabuf_head(wpa_s->fst_ies), fst_ies_len);
3084 			wpa_ie_len += fst_ies_len;
3085 		}
3086 	}
3087 #endif /* CONFIG_FST */
3088 
3089 #ifdef CONFIG_MBO
3090 	mbo_ie = bss ? wpa_bss_get_vendor_ie(bss, MBO_IE_VENDOR_TYPE) : NULL;
3091 	if (!wpa_s->disable_mbo_oce && mbo_ie) {
3092 		int len;
3093 
3094 		len = wpas_mbo_ie(wpa_s, wpa_ie + wpa_ie_len,
3095 				  max_wpa_ie_len - wpa_ie_len,
3096 				  !!mbo_attr_from_mbo_ie(mbo_ie,
3097 							 OCE_ATTR_ID_CAPA_IND));
3098 		if (len >= 0)
3099 			wpa_ie_len += len;
3100 	}
3101 #endif /* CONFIG_MBO */
3102 
3103 #ifdef CONFIG_FILS
3104 	if (algs == WPA_AUTH_ALG_FILS) {
3105 		size_t len;
3106 
3107 		len = wpas_add_fils_hlp_req(wpa_s, wpa_ie + wpa_ie_len,
3108 					    max_wpa_ie_len - wpa_ie_len);
3109 		wpa_ie_len += len;
3110 	}
3111 #endif /* CONFIG_FILS */
3112 
3113 #ifdef CONFIG_OWE
3114 #ifdef CONFIG_TESTING_OPTIONS
3115 	if (get_ie_ext(wpa_ie, wpa_ie_len, WLAN_EID_EXT_OWE_DH_PARAM)) {
3116 		wpa_printf(MSG_INFO, "TESTING: Override OWE DH element");
3117 	} else
3118 #endif /* CONFIG_TESTING_OPTIONS */
3119 	if (algs == WPA_AUTH_ALG_OPEN &&
3120 	    ssid->key_mgmt == WPA_KEY_MGMT_OWE) {
3121 		struct wpabuf *owe_ie;
3122 		u16 group;
3123 
3124 		if (ssid->owe_group) {
3125 			group = ssid->owe_group;
3126 		} else if (wpa_s->assoc_status_code ==
3127 			   WLAN_STATUS_FINITE_CYCLIC_GROUP_NOT_SUPPORTED) {
3128 			if (wpa_s->last_owe_group == 19)
3129 				group = 20;
3130 			else if (wpa_s->last_owe_group == 20)
3131 				group = 21;
3132 			else
3133 				group = OWE_DH_GROUP;
3134 		} else {
3135 			group = OWE_DH_GROUP;
3136 		}
3137 
3138 		wpa_s->last_owe_group = group;
3139 		wpa_printf(MSG_DEBUG, "OWE: Try to use group %u", group);
3140 		owe_ie = owe_build_assoc_req(wpa_s->wpa, group);
3141 		if (owe_ie &&
3142 		    wpabuf_len(owe_ie) <= max_wpa_ie_len - wpa_ie_len) {
3143 			os_memcpy(wpa_ie + wpa_ie_len,
3144 				  wpabuf_head(owe_ie), wpabuf_len(owe_ie));
3145 			wpa_ie_len += wpabuf_len(owe_ie);
3146 		}
3147 		wpabuf_free(owe_ie);
3148 	}
3149 #endif /* CONFIG_OWE */
3150 
3151 #ifdef CONFIG_DPP2
3152 	if (DPP_VERSION > 1 &&
3153 	    wpa_sm_get_key_mgmt(wpa_s->wpa) == WPA_KEY_MGMT_DPP &&
3154 	    ssid->dpp_netaccesskey &&
3155 	    ssid->dpp_pfs != 2 && !ssid->dpp_pfs_fallback) {
3156 		struct rsn_pmksa_cache_entry *pmksa;
3157 
3158 		pmksa = pmksa_cache_get_current(wpa_s->wpa);
3159 		if (!pmksa || !pmksa->dpp_pfs)
3160 			goto pfs_fail;
3161 
3162 		dpp_pfs_free(wpa_s->dpp_pfs);
3163 		wpa_s->dpp_pfs = dpp_pfs_init(ssid->dpp_netaccesskey,
3164 					      ssid->dpp_netaccesskey_len);
3165 		if (!wpa_s->dpp_pfs) {
3166 			wpa_printf(MSG_DEBUG, "DPP: Could not initialize PFS");
3167 			/* Try to continue without PFS */
3168 			goto pfs_fail;
3169 		}
3170 		if (wpabuf_len(wpa_s->dpp_pfs->ie) <=
3171 		    max_wpa_ie_len - wpa_ie_len) {
3172 			os_memcpy(wpa_ie + wpa_ie_len,
3173 				  wpabuf_head(wpa_s->dpp_pfs->ie),
3174 				  wpabuf_len(wpa_s->dpp_pfs->ie));
3175 			wpa_ie_len += wpabuf_len(wpa_s->dpp_pfs->ie);
3176 		}
3177 	}
3178 pfs_fail:
3179 #endif /* CONFIG_DPP2 */
3180 
3181 #ifdef CONFIG_IEEE80211R
3182 	/*
3183 	 * Add MDIE under these conditions: the network profile allows FT,
3184 	 * the AP supports FT, and the mobility domain ID matches.
3185 	 */
3186 	if (bss && wpa_key_mgmt_ft(wpa_sm_get_key_mgmt(wpa_s->wpa))) {
3187 		const u8 *mdie = wpa_bss_get_ie(bss, WLAN_EID_MOBILITY_DOMAIN);
3188 
3189 		if (mdie && mdie[1] >= MOBILITY_DOMAIN_ID_LEN) {
3190 			size_t len = 0;
3191 			const u8 *md = mdie + 2;
3192 			const u8 *wpa_md = wpa_sm_get_ft_md(wpa_s->wpa);
3193 
3194 			if (os_memcmp(md, wpa_md,
3195 				      MOBILITY_DOMAIN_ID_LEN) == 0) {
3196 				/* Add mobility domain IE */
3197 				len = wpa_ft_add_mdie(
3198 					wpa_s->wpa, wpa_ie + wpa_ie_len,
3199 					max_wpa_ie_len - wpa_ie_len, mdie);
3200 				wpa_ie_len += len;
3201 			}
3202 #ifdef CONFIG_SME
3203 			if (len > 0 && wpa_s->sme.ft_used &&
3204 			    wpa_sm_has_ptk(wpa_s->wpa)) {
3205 				wpa_dbg(wpa_s, MSG_DEBUG,
3206 					"SME: Trying to use FT over-the-air");
3207 				algs |= WPA_AUTH_ALG_FT;
3208 			}
3209 #endif /* CONFIG_SME */
3210 		}
3211 	}
3212 #endif /* CONFIG_IEEE80211R */
3213 
3214 #ifdef CONFIG_TESTING_OPTIONS
3215 	if (wpa_s->rsnxe_override_assoc &&
3216 	    wpabuf_len(wpa_s->rsnxe_override_assoc) <=
3217 	    max_wpa_ie_len - wpa_ie_len) {
3218 		wpa_printf(MSG_DEBUG, "TESTING: RSNXE AssocReq override");
3219 		os_memcpy(wpa_ie + wpa_ie_len,
3220 			  wpabuf_head(wpa_s->rsnxe_override_assoc),
3221 			  wpabuf_len(wpa_s->rsnxe_override_assoc));
3222 		wpa_ie_len += wpabuf_len(wpa_s->rsnxe_override_assoc);
3223 	} else
3224 #endif /* CONFIG_TESTING_OPTIONS */
3225 	if (wpa_s->rsnxe_len > 0 &&
3226 	    wpa_s->rsnxe_len <= max_wpa_ie_len - wpa_ie_len) {
3227 		os_memcpy(wpa_ie + wpa_ie_len, wpa_s->rsnxe, wpa_s->rsnxe_len);
3228 		wpa_ie_len += wpa_s->rsnxe_len;
3229 	}
3230 
3231 	if (wpa_bss_ext_capab(bss, WLAN_EXT_CAPAB_MSCS) &&
3232 	    wpa_s->robust_av.valid_config) {
3233 		struct wpabuf *mscs_ie;
3234 		size_t mscs_ie_len, buf_len;
3235 
3236 		buf_len = 3 +	/* MSCS descriptor IE header */
3237 			  1 +	/* Request type */
3238 			  2 +	/* User priority control */
3239 			  4 +	/* Stream timeout */
3240 			  3 +	/* TCLAS Mask IE header */
3241 			  wpa_s->robust_av.frame_classifier_len;
3242 		mscs_ie = wpabuf_alloc(buf_len);
3243 		if (!mscs_ie) {
3244 			wpa_printf(MSG_INFO,
3245 				   "MSCS: Failed to allocate MSCS IE");
3246 			goto mscs_fail;
3247 		}
3248 
3249 		wpas_populate_mscs_descriptor_ie(&wpa_s->robust_av, mscs_ie);
3250 		if ((wpa_ie_len + wpabuf_len(mscs_ie)) <= max_wpa_ie_len) {
3251 			wpa_hexdump_buf(MSG_MSGDUMP, "MSCS IE", mscs_ie);
3252 			mscs_ie_len = wpabuf_len(mscs_ie);
3253 			os_memcpy(wpa_ie + wpa_ie_len, wpabuf_head(mscs_ie),
3254 				  mscs_ie_len);
3255 			wpa_ie_len += mscs_ie_len;
3256 		}
3257 
3258 		wpabuf_free(mscs_ie);
3259 	}
3260 mscs_fail:
3261 
3262 	if (ssid->multi_ap_backhaul_sta) {
3263 		size_t multi_ap_ie_len;
3264 
3265 		multi_ap_ie_len = add_multi_ap_ie(wpa_ie + wpa_ie_len,
3266 						  max_wpa_ie_len - wpa_ie_len,
3267 						  MULTI_AP_BACKHAUL_STA);
3268 		if (multi_ap_ie_len == 0) {
3269 			wpa_printf(MSG_ERROR,
3270 				   "Multi-AP: Failed to build Multi-AP IE");
3271 			os_free(wpa_ie);
3272 			return NULL;
3273 		}
3274 		wpa_ie_len += multi_ap_ie_len;
3275 	}
3276 
3277 	params->wpa_ie = wpa_ie;
3278 	params->wpa_ie_len = wpa_ie_len;
3279 	params->auth_alg = algs;
3280 	if (mask)
3281 		*mask |= WPA_DRV_UPDATE_ASSOC_IES | WPA_DRV_UPDATE_AUTH_TYPE;
3282 
3283 	return wpa_ie;
3284 }
3285 
3286 
3287 #ifdef CONFIG_OWE
3288 static void wpas_update_owe_connect_params(struct wpa_supplicant *wpa_s)
3289 {
3290 	struct wpa_driver_associate_params params;
3291 	u8 *wpa_ie;
3292 
3293 	os_memset(&params, 0, sizeof(params));
3294 	wpa_ie = wpas_populate_assoc_ies(wpa_s, wpa_s->current_bss,
3295 					 wpa_s->current_ssid, &params, NULL);
3296 	if (!wpa_ie)
3297 		return;
3298 
3299 	wpa_drv_update_connect_params(wpa_s, &params, WPA_DRV_UPDATE_ASSOC_IES);
3300 	os_free(wpa_ie);
3301 }
3302 #endif /* CONFIG_OWE */
3303 
3304 
3305 #if defined(CONFIG_FILS) && defined(IEEE8021X_EAPOL)
3306 static void wpas_update_fils_connect_params(struct wpa_supplicant *wpa_s)
3307 {
3308 	struct wpa_driver_associate_params params;
3309 	enum wpa_drv_update_connect_params_mask mask = 0;
3310 	u8 *wpa_ie;
3311 
3312 	if (wpa_s->auth_alg != WPA_AUTH_ALG_OPEN)
3313 		return; /* nothing to do */
3314 
3315 	os_memset(&params, 0, sizeof(params));
3316 	wpa_ie = wpas_populate_assoc_ies(wpa_s, wpa_s->current_bss,
3317 					 wpa_s->current_ssid, &params, &mask);
3318 	if (!wpa_ie)
3319 		return;
3320 
3321 	if (params.auth_alg == WPA_AUTH_ALG_FILS) {
3322 		wpa_s->auth_alg = params.auth_alg;
3323 		wpa_drv_update_connect_params(wpa_s, &params, mask);
3324 	}
3325 
3326 	os_free(wpa_ie);
3327 }
3328 #endif /* CONFIG_FILS && IEEE8021X_EAPOL */
3329 
3330 
3331 static u8 wpa_ie_get_edmg_oper_chans(const u8 *edmg_ie)
3332 {
3333 	if (!edmg_ie || edmg_ie[1] < 6)
3334 		return 0;
3335 	return edmg_ie[EDMG_BSS_OPERATING_CHANNELS_OFFSET];
3336 }
3337 
3338 
3339 static u8 wpa_ie_get_edmg_oper_chan_width(const u8 *edmg_ie)
3340 {
3341 	if (!edmg_ie || edmg_ie[1] < 6)
3342 		return 0;
3343 	return edmg_ie[EDMG_OPERATING_CHANNEL_WIDTH_OFFSET];
3344 }
3345 
3346 
3347 /* Returns the intersection of two EDMG configurations.
3348  * Note: The current implementation is limited to CB2 only (CB1 included),
3349  * i.e., the implementation supports up to 2 contiguous channels.
3350  * For supporting non-contiguous (aggregated) channels and for supporting
3351  * CB3 and above, this function will need to be extended.
3352  */
3353 static struct ieee80211_edmg_config
3354 get_edmg_intersection(struct ieee80211_edmg_config a,
3355 		      struct ieee80211_edmg_config b,
3356 		      u8 primary_channel)
3357 {
3358 	struct ieee80211_edmg_config result;
3359 	int i, contiguous = 0;
3360 	int max_contiguous = 0;
3361 
3362 	result.channels = b.channels & a.channels;
3363 	if (!result.channels) {
3364 		wpa_printf(MSG_DEBUG,
3365 			   "EDMG not possible: cannot intersect channels 0x%x and 0x%x",
3366 			   a.channels, b.channels);
3367 		goto fail;
3368 	}
3369 
3370 	if (!(result.channels & BIT(primary_channel - 1))) {
3371 		wpa_printf(MSG_DEBUG,
3372 			   "EDMG not possible: the primary channel %d is not one of the intersected channels 0x%x",
3373 			   primary_channel, result.channels);
3374 		goto fail;
3375 	}
3376 
3377 	/* Find max contiguous channels */
3378 	for (i = 0; i < 6; i++) {
3379 		if (result.channels & BIT(i))
3380 			contiguous++;
3381 		else
3382 			contiguous = 0;
3383 
3384 		if (contiguous > max_contiguous)
3385 			max_contiguous = contiguous;
3386 	}
3387 
3388 	/* Assuming AP and STA supports ONLY contiguous channels,
3389 	 * bw configuration can have value between 4-7.
3390 	 */
3391 	if ((b.bw_config < a.bw_config))
3392 		result.bw_config = b.bw_config;
3393 	else
3394 		result.bw_config = a.bw_config;
3395 
3396 	if ((max_contiguous >= 2 && result.bw_config < EDMG_BW_CONFIG_5) ||
3397 	    (max_contiguous >= 1 && result.bw_config < EDMG_BW_CONFIG_4)) {
3398 		wpa_printf(MSG_DEBUG,
3399 			   "EDMG not possible: not enough contiguous channels %d for supporting CB1 or CB2",
3400 			   max_contiguous);
3401 		goto fail;
3402 	}
3403 
3404 	return result;
3405 
3406 fail:
3407 	result.channels = 0;
3408 	result.bw_config = 0;
3409 	return result;
3410 }
3411 
3412 
3413 static struct ieee80211_edmg_config
3414 get_supported_edmg(struct wpa_supplicant *wpa_s,
3415 		   struct hostapd_freq_params *freq,
3416 		   struct ieee80211_edmg_config request_edmg)
3417 {
3418 	enum hostapd_hw_mode hw_mode;
3419 	struct hostapd_hw_modes *mode = NULL;
3420 	u8 primary_channel;
3421 
3422 	if (!wpa_s->hw.modes)
3423 		goto fail;
3424 
3425 	hw_mode = ieee80211_freq_to_chan(freq->freq, &primary_channel);
3426 	if (hw_mode == NUM_HOSTAPD_MODES)
3427 		goto fail;
3428 
3429 	mode = get_mode(wpa_s->hw.modes, wpa_s->hw.num_modes, hw_mode, false);
3430 	if (!mode)
3431 		goto fail;
3432 
3433 	return get_edmg_intersection(mode->edmg, request_edmg, primary_channel);
3434 
3435 fail:
3436 	request_edmg.channels = 0;
3437 	request_edmg.bw_config = 0;
3438 	return request_edmg;
3439 }
3440 
3441 
3442 #ifdef CONFIG_MBO
3443 void wpas_update_mbo_connect_params(struct wpa_supplicant *wpa_s)
3444 {
3445 	struct wpa_driver_associate_params params;
3446 	u8 *wpa_ie;
3447 
3448 	/*
3449 	 * Update MBO connect params only in case of change of MBO attributes
3450 	 * when connected, if the AP support MBO.
3451 	 */
3452 
3453 	if (wpa_s->wpa_state != WPA_COMPLETED || !wpa_s->current_ssid ||
3454 	    !wpa_s->current_bss ||
3455 	    !wpa_bss_get_vendor_ie(wpa_s->current_bss, MBO_IE_VENDOR_TYPE))
3456 		return;
3457 
3458 	os_memset(&params, 0, sizeof(params));
3459 	wpa_ie = wpas_populate_assoc_ies(wpa_s, wpa_s->current_bss,
3460 					 wpa_s->current_ssid, &params, NULL);
3461 	if (!wpa_ie)
3462 		return;
3463 
3464 	wpa_drv_update_connect_params(wpa_s, &params, WPA_DRV_UPDATE_ASSOC_IES);
3465 	os_free(wpa_ie);
3466 }
3467 #endif /* CONFIG_MBO */
3468 
3469 
3470 static void wpas_start_assoc_cb(struct wpa_radio_work *work, int deinit)
3471 {
3472 	struct wpa_connect_work *cwork = work->ctx;
3473 	struct wpa_bss *bss = cwork->bss;
3474 	struct wpa_ssid *ssid = cwork->ssid;
3475 	struct wpa_supplicant *wpa_s = work->wpa_s;
3476 	u8 *wpa_ie;
3477 	const u8 *edmg_ie_oper;
3478 	int use_crypt, ret, bssid_changed;
3479 	unsigned int cipher_pairwise, cipher_group, cipher_group_mgmt;
3480 	struct wpa_driver_associate_params params;
3481 #if defined(CONFIG_WEP) || defined(IEEE8021X_EAPOL)
3482 	int wep_keys_set = 0;
3483 #endif /* CONFIG_WEP || IEEE8021X_EAPOL */
3484 	int assoc_failed = 0;
3485 	struct wpa_ssid *old_ssid;
3486 	u8 prev_bssid[ETH_ALEN];
3487 #ifdef CONFIG_HT_OVERRIDES
3488 	struct ieee80211_ht_capabilities htcaps;
3489 	struct ieee80211_ht_capabilities htcaps_mask;
3490 #endif /* CONFIG_HT_OVERRIDES */
3491 #ifdef CONFIG_VHT_OVERRIDES
3492        struct ieee80211_vht_capabilities vhtcaps;
3493        struct ieee80211_vht_capabilities vhtcaps_mask;
3494 #endif /* CONFIG_VHT_OVERRIDES */
3495 
3496 	if (deinit) {
3497 		if (work->started) {
3498 			wpa_s->connect_work = NULL;
3499 
3500 			/* cancel possible auth. timeout */
3501 			eloop_cancel_timeout(wpa_supplicant_timeout, wpa_s,
3502 					     NULL);
3503 		}
3504 		wpas_connect_work_free(cwork);
3505 		return;
3506 	}
3507 
3508 	wpa_s->connect_work = work;
3509 
3510 	if (cwork->bss_removed || !wpas_valid_bss_ssid(wpa_s, bss, ssid) ||
3511 	    wpas_network_disabled(wpa_s, ssid)) {
3512 		wpa_dbg(wpa_s, MSG_DEBUG, "BSS/SSID entry for association not valid anymore - drop connection attempt");
3513 		wpas_connect_work_done(wpa_s);
3514 		return;
3515 	}
3516 
3517 	os_memcpy(prev_bssid, wpa_s->bssid, ETH_ALEN);
3518 	os_memset(&params, 0, sizeof(params));
3519 	wpa_s->reassociate = 0;
3520 	wpa_s->eap_expected_failure = 0;
3521 
3522 	/* Starting new association, so clear the possibly used WPA IE from the
3523 	 * previous association. */
3524 	wpa_sm_set_assoc_wpa_ie(wpa_s->wpa, NULL, 0);
3525 	wpa_sm_set_assoc_rsnxe(wpa_s->wpa, NULL, 0);
3526 	wpa_s->rsnxe_len = 0;
3527 	wpa_s->mscs_setup_done = false;
3528 
3529 	wpa_ie = wpas_populate_assoc_ies(wpa_s, bss, ssid, &params, NULL);
3530 	if (!wpa_ie) {
3531 		wpas_connect_work_done(wpa_s);
3532 		return;
3533 	}
3534 
3535 	if (bss &&
3536 	    (!wpas_driver_bss_selection(wpa_s) || wpas_wps_searching(wpa_s))) {
3537 #ifdef CONFIG_IEEE80211R
3538 		const u8 *ie, *md = NULL;
3539 #endif /* CONFIG_IEEE80211R */
3540 		wpa_msg(wpa_s, MSG_INFO, "Trying to associate with " MACSTR
3541 			" (SSID='%s' freq=%d MHz)", MAC2STR(bss->bssid),
3542 			wpa_ssid_txt(bss->ssid, bss->ssid_len), bss->freq);
3543 		bssid_changed = !is_zero_ether_addr(wpa_s->bssid);
3544 		os_memset(wpa_s->bssid, 0, ETH_ALEN);
3545 		os_memcpy(wpa_s->pending_bssid, bss->bssid, ETH_ALEN);
3546 		if (bssid_changed)
3547 			wpas_notify_bssid_changed(wpa_s);
3548 #ifdef CONFIG_IEEE80211R
3549 		ie = wpa_bss_get_ie(bss, WLAN_EID_MOBILITY_DOMAIN);
3550 		if (ie && ie[1] >= MOBILITY_DOMAIN_ID_LEN)
3551 			md = ie + 2;
3552 		wpa_sm_set_ft_params(wpa_s->wpa, ie, ie ? 2 + ie[1] : 0);
3553 		if (md) {
3554 			/* Prepare for the next transition */
3555 			wpa_ft_prepare_auth_request(wpa_s->wpa, ie);
3556 		}
3557 #endif /* CONFIG_IEEE80211R */
3558 #ifdef CONFIG_WPS
3559 	} else if ((ssid->ssid == NULL || ssid->ssid_len == 0) &&
3560 		   wpa_s->conf->ap_scan == 2 &&
3561 		   (ssid->key_mgmt & WPA_KEY_MGMT_WPS)) {
3562 		/* Use ap_scan==1 style network selection to find the network
3563 		 */
3564 		wpas_connect_work_done(wpa_s);
3565 		wpa_s->scan_req = MANUAL_SCAN_REQ;
3566 		wpa_s->reassociate = 1;
3567 		wpa_supplicant_req_scan(wpa_s, 0, 0);
3568 		os_free(wpa_ie);
3569 		return;
3570 #endif /* CONFIG_WPS */
3571 	} else {
3572 		wpa_msg(wpa_s, MSG_INFO, "Trying to associate with SSID '%s'",
3573 			wpa_ssid_txt(ssid->ssid, ssid->ssid_len));
3574 		if (bss)
3575 			os_memcpy(wpa_s->pending_bssid, bss->bssid, ETH_ALEN);
3576 		else
3577 			os_memset(wpa_s->pending_bssid, 0, ETH_ALEN);
3578 	}
3579 	if (!wpa_s->pno)
3580 		wpa_supplicant_cancel_sched_scan(wpa_s);
3581 
3582 	wpa_supplicant_cancel_scan(wpa_s);
3583 
3584 	wpa_clear_keys(wpa_s, bss ? bss->bssid : NULL);
3585 	use_crypt = 1;
3586 	cipher_pairwise = wpa_s->pairwise_cipher;
3587 	cipher_group = wpa_s->group_cipher;
3588 	cipher_group_mgmt = wpa_s->mgmt_group_cipher;
3589 	if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE ||
3590 	    wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
3591 		if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE)
3592 			use_crypt = 0;
3593 #ifdef CONFIG_WEP
3594 		if (wpa_set_wep_keys(wpa_s, ssid)) {
3595 			use_crypt = 1;
3596 			wep_keys_set = 1;
3597 		}
3598 #endif /* CONFIG_WEP */
3599 	}
3600 	if (wpa_s->key_mgmt == WPA_KEY_MGMT_WPS)
3601 		use_crypt = 0;
3602 
3603 #ifdef IEEE8021X_EAPOL
3604 	if (wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
3605 		if ((ssid->eapol_flags &
3606 		     (EAPOL_FLAG_REQUIRE_KEY_UNICAST |
3607 		      EAPOL_FLAG_REQUIRE_KEY_BROADCAST)) == 0 &&
3608 		    !wep_keys_set) {
3609 			use_crypt = 0;
3610 		} else {
3611 			/* Assume that dynamic WEP-104 keys will be used and
3612 			 * set cipher suites in order for drivers to expect
3613 			 * encryption. */
3614 			cipher_pairwise = cipher_group = WPA_CIPHER_WEP104;
3615 		}
3616 	}
3617 #endif /* IEEE8021X_EAPOL */
3618 
3619 	if (wpa_s->key_mgmt == WPA_KEY_MGMT_WPA_NONE) {
3620 		/* Set the key before (and later after) association */
3621 		wpa_supplicant_set_wpa_none_key(wpa_s, ssid);
3622 	}
3623 
3624 	wpa_supplicant_set_state(wpa_s, WPA_ASSOCIATING);
3625 	if (bss) {
3626 		params.ssid = bss->ssid;
3627 		params.ssid_len = bss->ssid_len;
3628 		if (!wpas_driver_bss_selection(wpa_s) || ssid->bssid_set ||
3629 		    wpa_s->key_mgmt == WPA_KEY_MGMT_WPS) {
3630 			wpa_printf(MSG_DEBUG, "Limit connection to BSSID "
3631 				   MACSTR " freq=%u MHz based on scan results "
3632 				   "(bssid_set=%d wps=%d)",
3633 				   MAC2STR(bss->bssid), bss->freq,
3634 				   ssid->bssid_set,
3635 				   wpa_s->key_mgmt == WPA_KEY_MGMT_WPS);
3636 			params.bssid = bss->bssid;
3637 			params.freq.freq = bss->freq;
3638 		}
3639 		params.bssid_hint = bss->bssid;
3640 		params.freq_hint = bss->freq;
3641 		params.pbss = bss_is_pbss(bss);
3642 	} else {
3643 		if (ssid->bssid_hint_set)
3644 			params.bssid_hint = ssid->bssid_hint;
3645 
3646 		params.ssid = ssid->ssid;
3647 		params.ssid_len = ssid->ssid_len;
3648 		params.pbss = (ssid->pbss != 2) ? ssid->pbss : 0;
3649 	}
3650 
3651 	if (ssid->mode == WPAS_MODE_IBSS && ssid->bssid_set &&
3652 	    wpa_s->conf->ap_scan == 2) {
3653 		params.bssid = ssid->bssid;
3654 		params.fixed_bssid = 1;
3655 	}
3656 
3657 	/* Initial frequency for IBSS/mesh */
3658 	if ((ssid->mode == WPAS_MODE_IBSS || ssid->mode == WPAS_MODE_MESH) &&
3659 	    ssid->frequency > 0 && params.freq.freq == 0)
3660 		ibss_mesh_setup_freq(wpa_s, ssid, &params.freq);
3661 
3662 	if (ssid->mode == WPAS_MODE_IBSS) {
3663 		params.fixed_freq = ssid->fixed_freq;
3664 		if (ssid->beacon_int)
3665 			params.beacon_int = ssid->beacon_int;
3666 		else
3667 			params.beacon_int = wpa_s->conf->beacon_int;
3668 	}
3669 
3670 	if (bss && ssid->enable_edmg)
3671 		edmg_ie_oper = wpa_bss_get_ie_ext(bss,
3672 						  WLAN_EID_EXT_EDMG_OPERATION);
3673 	else
3674 		edmg_ie_oper = NULL;
3675 
3676 	if (edmg_ie_oper) {
3677 		params.freq.edmg.channels =
3678 			wpa_ie_get_edmg_oper_chans(edmg_ie_oper);
3679 		params.freq.edmg.bw_config =
3680 			wpa_ie_get_edmg_oper_chan_width(edmg_ie_oper);
3681 		wpa_printf(MSG_DEBUG,
3682 			   "AP supports EDMG channels 0x%x, bw_config %d",
3683 			   params.freq.edmg.channels,
3684 			   params.freq.edmg.bw_config);
3685 
3686 		/* User may ask for specific EDMG channel for EDMG connection
3687 		 * (must be supported by AP)
3688 		 */
3689 		if (ssid->edmg_channel) {
3690 			struct ieee80211_edmg_config configured_edmg;
3691 			enum hostapd_hw_mode hw_mode;
3692 			u8 primary_channel;
3693 
3694 			hw_mode = ieee80211_freq_to_chan(bss->freq,
3695 							 &primary_channel);
3696 			if (hw_mode == NUM_HOSTAPD_MODES)
3697 				goto edmg_fail;
3698 
3699 			hostapd_encode_edmg_chan(ssid->enable_edmg,
3700 						 ssid->edmg_channel,
3701 						 primary_channel,
3702 						 &configured_edmg);
3703 
3704 			if (ieee802_edmg_is_allowed(params.freq.edmg,
3705 						    configured_edmg)) {
3706 				params.freq.edmg = configured_edmg;
3707 				wpa_printf(MSG_DEBUG,
3708 					   "Use EDMG channel %d for connection",
3709 					   ssid->edmg_channel);
3710 			} else {
3711 			edmg_fail:
3712 				params.freq.edmg.channels = 0;
3713 				params.freq.edmg.bw_config = 0;
3714 				wpa_printf(MSG_WARNING,
3715 					   "EDMG channel %d not supported by AP, fallback to DMG",
3716 					   ssid->edmg_channel);
3717 			}
3718 		}
3719 
3720 		if (params.freq.edmg.channels) {
3721 			wpa_printf(MSG_DEBUG,
3722 				   "EDMG before: channels 0x%x, bw_config %d",
3723 				   params.freq.edmg.channels,
3724 				   params.freq.edmg.bw_config);
3725 			params.freq.edmg = get_supported_edmg(wpa_s,
3726 							      &params.freq,
3727 							      params.freq.edmg);
3728 			wpa_printf(MSG_DEBUG,
3729 				   "EDMG after: channels 0x%x, bw_config %d",
3730 				   params.freq.edmg.channels,
3731 				   params.freq.edmg.bw_config);
3732 		}
3733 	}
3734 
3735 	params.pairwise_suite = cipher_pairwise;
3736 	params.group_suite = cipher_group;
3737 	params.mgmt_group_suite = cipher_group_mgmt;
3738 	params.key_mgmt_suite = wpa_s->key_mgmt;
3739 	params.wpa_proto = wpa_s->wpa_proto;
3740 	wpa_s->auth_alg = params.auth_alg;
3741 	params.mode = ssid->mode;
3742 	params.bg_scan_period = ssid->bg_scan_period;
3743 #ifdef CONFIG_WEP
3744 	{
3745 		int i;
3746 
3747 		for (i = 0; i < NUM_WEP_KEYS; i++) {
3748 			if (ssid->wep_key_len[i])
3749 				params.wep_key[i] = ssid->wep_key[i];
3750 			params.wep_key_len[i] = ssid->wep_key_len[i];
3751 		}
3752 		params.wep_tx_keyidx = ssid->wep_tx_keyidx;
3753 	}
3754 #endif /* CONFIG_WEP */
3755 
3756 	if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_PSK) &&
3757 	    (params.key_mgmt_suite == WPA_KEY_MGMT_PSK ||
3758 	     params.key_mgmt_suite == WPA_KEY_MGMT_FT_PSK)) {
3759 		params.passphrase = ssid->passphrase;
3760 		if (ssid->psk_set)
3761 			params.psk = ssid->psk;
3762 	}
3763 
3764 	if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_8021X) &&
3765 	    (params.key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X ||
3766 	     params.key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X_SHA256 ||
3767 	     params.key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X_SUITE_B ||
3768 	     params.key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X_SUITE_B_192))
3769 		params.req_handshake_offload = 1;
3770 
3771 	if (wpa_s->conf->key_mgmt_offload) {
3772 		if (params.key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X ||
3773 		    params.key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X_SHA256 ||
3774 		    params.key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X_SUITE_B ||
3775 		    params.key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X_SUITE_B_192)
3776 			params.req_key_mgmt_offload =
3777 				ssid->proactive_key_caching < 0 ?
3778 				wpa_s->conf->okc : ssid->proactive_key_caching;
3779 		else
3780 			params.req_key_mgmt_offload = 1;
3781 
3782 		if ((params.key_mgmt_suite == WPA_KEY_MGMT_PSK ||
3783 		     params.key_mgmt_suite == WPA_KEY_MGMT_PSK_SHA256 ||
3784 		     params.key_mgmt_suite == WPA_KEY_MGMT_FT_PSK) &&
3785 		    ssid->psk_set)
3786 			params.psk = ssid->psk;
3787 	}
3788 
3789 	params.drop_unencrypted = use_crypt;
3790 
3791 	params.mgmt_frame_protection = wpas_get_ssid_pmf(wpa_s, ssid);
3792 	if (params.mgmt_frame_protection != NO_MGMT_FRAME_PROTECTION && bss) {
3793 		const u8 *rsn = wpa_bss_get_ie(bss, WLAN_EID_RSN);
3794 		struct wpa_ie_data ie;
3795 		if (rsn && wpa_parse_wpa_ie(rsn, 2 + rsn[1], &ie) == 0 &&
3796 		    ie.capabilities &
3797 		    (WPA_CAPABILITY_MFPC | WPA_CAPABILITY_MFPR)) {
3798 			wpa_dbg(wpa_s, MSG_DEBUG, "WPA: Selected AP supports "
3799 				"MFP: require MFP");
3800 			params.mgmt_frame_protection =
3801 				MGMT_FRAME_PROTECTION_REQUIRED;
3802 #ifdef CONFIG_OWE
3803 		} else if (!rsn && (ssid->key_mgmt & WPA_KEY_MGMT_OWE) &&
3804 			   !ssid->owe_only) {
3805 			params.mgmt_frame_protection = NO_MGMT_FRAME_PROTECTION;
3806 #endif /* CONFIG_OWE */
3807 		}
3808 	}
3809 
3810 	params.p2p = ssid->p2p_group;
3811 
3812 	if (wpa_s->p2pdev->set_sta_uapsd)
3813 		params.uapsd = wpa_s->p2pdev->sta_uapsd;
3814 	else
3815 		params.uapsd = -1;
3816 
3817 #ifdef CONFIG_HT_OVERRIDES
3818 	os_memset(&htcaps, 0, sizeof(htcaps));
3819 	os_memset(&htcaps_mask, 0, sizeof(htcaps_mask));
3820 	params.htcaps = (u8 *) &htcaps;
3821 	params.htcaps_mask = (u8 *) &htcaps_mask;
3822 	wpa_supplicant_apply_ht_overrides(wpa_s, ssid, &params);
3823 #endif /* CONFIG_HT_OVERRIDES */
3824 #ifdef CONFIG_VHT_OVERRIDES
3825 	os_memset(&vhtcaps, 0, sizeof(vhtcaps));
3826 	os_memset(&vhtcaps_mask, 0, sizeof(vhtcaps_mask));
3827 	params.vhtcaps = &vhtcaps;
3828 	params.vhtcaps_mask = &vhtcaps_mask;
3829 	wpa_supplicant_apply_vht_overrides(wpa_s, ssid, &params);
3830 #endif /* CONFIG_VHT_OVERRIDES */
3831 #ifdef CONFIG_HE_OVERRIDES
3832 	wpa_supplicant_apply_he_overrides(wpa_s, ssid, &params);
3833 #endif /* CONFIG_HE_OVERRIDES */
3834 
3835 #ifdef CONFIG_P2P
3836 	/*
3837 	 * If multi-channel concurrency is not supported, check for any
3838 	 * frequency conflict. In case of any frequency conflict, remove the
3839 	 * least prioritized connection.
3840 	 */
3841 	if (wpa_s->num_multichan_concurrent < 2) {
3842 		int freq, num;
3843 		num = get_shared_radio_freqs(wpa_s, &freq, 1);
3844 		if (num > 0 && freq > 0 && freq != params.freq.freq) {
3845 			wpa_printf(MSG_DEBUG,
3846 				   "Assoc conflicting freq found (%d != %d)",
3847 				   freq, params.freq.freq);
3848 			if (wpas_p2p_handle_frequency_conflicts(
3849 				    wpa_s, params.freq.freq, ssid) < 0) {
3850 				wpas_connect_work_done(wpa_s);
3851 				os_free(wpa_ie);
3852 				return;
3853 			}
3854 		}
3855 	}
3856 #endif /* CONFIG_P2P */
3857 
3858 	if (wpa_s->reassoc_same_ess && !is_zero_ether_addr(prev_bssid) &&
3859 	    wpa_s->current_ssid)
3860 		params.prev_bssid = prev_bssid;
3861 
3862 #ifdef CONFIG_SAE
3863 	params.sae_pwe = wpa_s->conf->sae_pwe;
3864 #endif /* CONFIG_SAE */
3865 
3866 	ret = wpa_drv_associate(wpa_s, &params);
3867 	os_free(wpa_ie);
3868 	if (ret < 0) {
3869 		wpa_msg(wpa_s, MSG_INFO, "Association request to the driver "
3870 			"failed");
3871 		if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_SANE_ERROR_CODES) {
3872 			/*
3873 			 * The driver is known to mean what is saying, so we
3874 			 * can stop right here; the association will not
3875 			 * succeed.
3876 			 */
3877 			wpas_connection_failed(wpa_s, wpa_s->pending_bssid);
3878 			wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED);
3879 			os_memset(wpa_s->pending_bssid, 0, ETH_ALEN);
3880 			return;
3881 		}
3882 		/* try to continue anyway; new association will be tried again
3883 		 * after timeout */
3884 		assoc_failed = 1;
3885 	}
3886 
3887 	if (wpa_s->key_mgmt == WPA_KEY_MGMT_WPA_NONE) {
3888 		/* Set the key after the association just in case association
3889 		 * cleared the previously configured key. */
3890 		wpa_supplicant_set_wpa_none_key(wpa_s, ssid);
3891 		/* No need to timeout authentication since there is no key
3892 		 * management. */
3893 		wpa_supplicant_cancel_auth_timeout(wpa_s);
3894 		wpa_supplicant_set_state(wpa_s, WPA_COMPLETED);
3895 #ifdef CONFIG_IBSS_RSN
3896 	} else if (ssid->mode == WPAS_MODE_IBSS &&
3897 		   wpa_s->key_mgmt != WPA_KEY_MGMT_NONE &&
3898 		   wpa_s->key_mgmt != WPA_KEY_MGMT_WPA_NONE) {
3899 		/*
3900 		 * RSN IBSS authentication is per-STA and we can disable the
3901 		 * per-BSSID authentication.
3902 		 */
3903 		wpa_supplicant_cancel_auth_timeout(wpa_s);
3904 #endif /* CONFIG_IBSS_RSN */
3905 	} else {
3906 		/* Timeout for IEEE 802.11 authentication and association */
3907 		int timeout = 60;
3908 
3909 		if (assoc_failed) {
3910 			/* give IBSS a bit more time */
3911 			timeout = ssid->mode == WPAS_MODE_IBSS ? 10 : 5;
3912 		} else if (wpa_s->conf->ap_scan == 1) {
3913 			/* give IBSS a bit more time */
3914 			timeout = ssid->mode == WPAS_MODE_IBSS ? 20 : 10;
3915 		}
3916 		wpa_supplicant_req_auth_timeout(wpa_s, timeout, 0);
3917 	}
3918 
3919 #ifdef CONFIG_WEP
3920 	if (wep_keys_set &&
3921 	    (wpa_s->drv_flags & WPA_DRIVER_FLAGS_SET_KEYS_AFTER_ASSOC)) {
3922 		/* Set static WEP keys again */
3923 		wpa_set_wep_keys(wpa_s, ssid);
3924 	}
3925 #endif /* CONFIG_WEP */
3926 
3927 	if (wpa_s->current_ssid && wpa_s->current_ssid != ssid) {
3928 		/*
3929 		 * Do not allow EAP session resumption between different
3930 		 * network configurations.
3931 		 */
3932 		eapol_sm_invalidate_cached_session(wpa_s->eapol);
3933 	}
3934 	old_ssid = wpa_s->current_ssid;
3935 	wpa_s->current_ssid = ssid;
3936 
3937 	if (!wpas_driver_bss_selection(wpa_s) || ssid->bssid_set) {
3938 		wpa_s->current_bss = bss;
3939 #ifdef CONFIG_HS20
3940 		hs20_configure_frame_filters(wpa_s);
3941 #endif /* CONFIG_HS20 */
3942 	}
3943 
3944 	wpa_supplicant_rsn_supp_set_config(wpa_s, wpa_s->current_ssid);
3945 	wpa_supplicant_initiate_eapol(wpa_s);
3946 	if (old_ssid != wpa_s->current_ssid)
3947 		wpas_notify_network_changed(wpa_s);
3948 }
3949 
3950 
3951 static void wpa_supplicant_clear_connection(struct wpa_supplicant *wpa_s,
3952 					    const u8 *addr)
3953 {
3954 	struct wpa_ssid *old_ssid;
3955 
3956 	wpas_connect_work_done(wpa_s);
3957 	wpa_clear_keys(wpa_s, addr);
3958 	old_ssid = wpa_s->current_ssid;
3959 	wpa_supplicant_mark_disassoc(wpa_s);
3960 	wpa_sm_set_config(wpa_s->wpa, NULL);
3961 	eapol_sm_notify_config(wpa_s->eapol, NULL, NULL);
3962 	if (old_ssid != wpa_s->current_ssid)
3963 		wpas_notify_network_changed(wpa_s);
3964 	eloop_cancel_timeout(wpa_supplicant_timeout, wpa_s, NULL);
3965 }
3966 
3967 
3968 /**
3969  * wpa_supplicant_deauthenticate - Deauthenticate the current connection
3970  * @wpa_s: Pointer to wpa_supplicant data
3971  * @reason_code: IEEE 802.11 reason code for the deauthenticate frame
3972  *
3973  * This function is used to request %wpa_supplicant to deauthenticate from the
3974  * current AP.
3975  */
3976 void wpa_supplicant_deauthenticate(struct wpa_supplicant *wpa_s,
3977 				   u16 reason_code)
3978 {
3979 	u8 *addr = NULL;
3980 	union wpa_event_data event;
3981 	int zero_addr = 0;
3982 
3983 	wpa_dbg(wpa_s, MSG_DEBUG, "Request to deauthenticate - bssid=" MACSTR
3984 		" pending_bssid=" MACSTR " reason=%d (%s) state=%s",
3985 		MAC2STR(wpa_s->bssid), MAC2STR(wpa_s->pending_bssid),
3986 		reason_code, reason2str(reason_code),
3987 		wpa_supplicant_state_txt(wpa_s->wpa_state));
3988 
3989 	if (!is_zero_ether_addr(wpa_s->pending_bssid) &&
3990 	    (wpa_s->wpa_state == WPA_AUTHENTICATING ||
3991 	     wpa_s->wpa_state == WPA_ASSOCIATING))
3992 		addr = wpa_s->pending_bssid;
3993 	else if (!is_zero_ether_addr(wpa_s->bssid))
3994 		addr = wpa_s->bssid;
3995 	else if (wpa_s->wpa_state == WPA_ASSOCIATING) {
3996 		/*
3997 		 * When using driver-based BSS selection, we may not know the
3998 		 * BSSID with which we are currently trying to associate. We
3999 		 * need to notify the driver of this disconnection even in such
4000 		 * a case, so use the all zeros address here.
4001 		 */
4002 		addr = wpa_s->bssid;
4003 		zero_addr = 1;
4004 	}
4005 
4006 	if (wpa_s->enabled_4addr_mode && wpa_drv_set_4addr_mode(wpa_s, 0) == 0)
4007 		wpa_s->enabled_4addr_mode = 0;
4008 
4009 #ifdef CONFIG_TDLS
4010 	wpa_tdls_teardown_peers(wpa_s->wpa);
4011 #endif /* CONFIG_TDLS */
4012 
4013 #ifdef CONFIG_MESH
4014 	if (wpa_s->ifmsh) {
4015 		struct mesh_conf *mconf;
4016 
4017 		mconf = wpa_s->ifmsh->mconf;
4018 		wpa_msg(wpa_s, MSG_INFO, MESH_GROUP_REMOVED "%s",
4019 			wpa_s->ifname);
4020 		wpas_notify_mesh_group_removed(wpa_s, mconf->meshid,
4021 					       mconf->meshid_len, reason_code);
4022 		wpa_supplicant_leave_mesh(wpa_s, true);
4023 	}
4024 #endif /* CONFIG_MESH */
4025 
4026 	if (addr) {
4027 		wpa_drv_deauthenticate(wpa_s, addr, reason_code);
4028 		os_memset(&event, 0, sizeof(event));
4029 		event.deauth_info.reason_code = reason_code;
4030 		event.deauth_info.locally_generated = 1;
4031 		wpa_supplicant_event(wpa_s, EVENT_DEAUTH, &event);
4032 		if (zero_addr)
4033 			addr = NULL;
4034 	}
4035 
4036 	wpa_supplicant_clear_connection(wpa_s, addr);
4037 }
4038 
4039 
4040 void wpa_supplicant_reconnect(struct wpa_supplicant *wpa_s)
4041 {
4042 	wpa_s->own_reconnect_req = 1;
4043 	wpa_supplicant_deauthenticate(wpa_s, WLAN_REASON_UNSPECIFIED);
4044 
4045 }
4046 
4047 
4048 static void wpa_supplicant_enable_one_network(struct wpa_supplicant *wpa_s,
4049 					      struct wpa_ssid *ssid)
4050 {
4051 	if (!ssid || !ssid->disabled || ssid->disabled == 2)
4052 		return;
4053 
4054 	ssid->disabled = 0;
4055 	ssid->owe_transition_bss_select_count = 0;
4056 	wpas_clear_temp_disabled(wpa_s, ssid, 1);
4057 	wpas_notify_network_enabled_changed(wpa_s, ssid);
4058 
4059 	/*
4060 	 * Try to reassociate since there is no current configuration and a new
4061 	 * network was made available.
4062 	 */
4063 	if (!wpa_s->current_ssid && !wpa_s->disconnected)
4064 		wpa_s->reassociate = 1;
4065 }
4066 
4067 
4068 /**
4069  * wpa_supplicant_add_network - Add a new network
4070  * @wpa_s: wpa_supplicant structure for a network interface
4071  * Returns: The new network configuration or %NULL if operation failed
4072  *
4073  * This function performs the following operations:
4074  * 1. Adds a new network.
4075  * 2. Send network addition notification.
4076  * 3. Marks the network disabled.
4077  * 4. Set network default parameters.
4078  */
4079 struct wpa_ssid * wpa_supplicant_add_network(struct wpa_supplicant *wpa_s)
4080 {
4081 	struct wpa_ssid *ssid;
4082 
4083 	ssid = wpa_config_add_network(wpa_s->conf);
4084 	if (!ssid)
4085 		return NULL;
4086 	wpas_notify_network_added(wpa_s, ssid);
4087 	ssid->disabled = 1;
4088 	wpa_config_set_network_defaults(ssid);
4089 
4090 	return ssid;
4091 }
4092 
4093 
4094 /**
4095  * wpa_supplicant_remove_network - Remove a configured network based on id
4096  * @wpa_s: wpa_supplicant structure for a network interface
4097  * @id: Unique network id to search for
4098  * Returns: 0 on success, or -1 if the network was not found, -2 if the network
4099  * could not be removed
4100  *
4101  * This function performs the following operations:
4102  * 1. Removes the network.
4103  * 2. Send network removal notification.
4104  * 3. Update internal state machines.
4105  * 4. Stop any running sched scans.
4106  */
4107 int wpa_supplicant_remove_network(struct wpa_supplicant *wpa_s, int id)
4108 {
4109 	struct wpa_ssid *ssid;
4110 	int was_disabled;
4111 
4112 	ssid = wpa_config_get_network(wpa_s->conf, id);
4113 	if (!ssid)
4114 		return -1;
4115 	wpas_notify_network_removed(wpa_s, ssid);
4116 
4117 	if (wpa_s->last_ssid == ssid)
4118 		wpa_s->last_ssid = NULL;
4119 
4120 	if (ssid == wpa_s->current_ssid || !wpa_s->current_ssid) {
4121 #ifdef CONFIG_SME
4122 		wpa_s->sme.prev_bssid_set = 0;
4123 #endif /* CONFIG_SME */
4124 		/*
4125 		 * Invalidate the EAP session cache if the current or
4126 		 * previously used network is removed.
4127 		 */
4128 		eapol_sm_invalidate_cached_session(wpa_s->eapol);
4129 	}
4130 
4131 	if (ssid == wpa_s->current_ssid) {
4132 		wpa_sm_set_config(wpa_s->wpa, NULL);
4133 		eapol_sm_notify_config(wpa_s->eapol, NULL, NULL);
4134 
4135 		if (wpa_s->wpa_state >= WPA_AUTHENTICATING)
4136 			wpa_s->own_disconnect_req = 1;
4137 		wpa_supplicant_deauthenticate(wpa_s,
4138 					      WLAN_REASON_DEAUTH_LEAVING);
4139 	}
4140 
4141 	was_disabled = ssid->disabled;
4142 
4143 	if (wpa_config_remove_network(wpa_s->conf, id) < 0)
4144 		return -2;
4145 
4146 	if (!was_disabled && wpa_s->sched_scanning) {
4147 		wpa_printf(MSG_DEBUG,
4148 			   "Stop ongoing sched_scan to remove network from filters");
4149 		wpa_supplicant_cancel_sched_scan(wpa_s);
4150 		wpa_supplicant_req_scan(wpa_s, 0, 0);
4151 	}
4152 
4153 	return 0;
4154 }
4155 
4156 
4157 /**
4158  * wpa_supplicant_remove_all_networks - Remove all configured networks
4159  * @wpa_s: wpa_supplicant structure for a network interface
4160  * Returns: 0 on success (errors are currently ignored)
4161  *
4162  * This function performs the following operations:
4163  * 1. Remove all networks.
4164  * 2. Send network removal notifications.
4165  * 3. Update internal state machines.
4166  * 4. Stop any running sched scans.
4167  */
4168 int wpa_supplicant_remove_all_networks(struct wpa_supplicant *wpa_s)
4169 {
4170 	struct wpa_ssid *ssid;
4171 
4172 	if (wpa_s->sched_scanning)
4173 		wpa_supplicant_cancel_sched_scan(wpa_s);
4174 
4175 	eapol_sm_invalidate_cached_session(wpa_s->eapol);
4176 	if (wpa_s->current_ssid) {
4177 #ifdef CONFIG_SME
4178 		wpa_s->sme.prev_bssid_set = 0;
4179 #endif /* CONFIG_SME */
4180 		wpa_sm_set_config(wpa_s->wpa, NULL);
4181 		eapol_sm_notify_config(wpa_s->eapol, NULL, NULL);
4182 		if (wpa_s->wpa_state >= WPA_AUTHENTICATING)
4183 			wpa_s->own_disconnect_req = 1;
4184 		wpa_supplicant_deauthenticate(
4185 			wpa_s, WLAN_REASON_DEAUTH_LEAVING);
4186 	}
4187 	ssid = wpa_s->conf->ssid;
4188 	while (ssid) {
4189 		struct wpa_ssid *remove_ssid = ssid;
4190 		int id;
4191 
4192 		id = ssid->id;
4193 		ssid = ssid->next;
4194 		if (wpa_s->last_ssid == remove_ssid)
4195 			wpa_s->last_ssid = NULL;
4196 		wpas_notify_network_removed(wpa_s, remove_ssid);
4197 		wpa_config_remove_network(wpa_s->conf, id);
4198 	}
4199 	return 0;
4200 }
4201 
4202 
4203 /**
4204  * wpa_supplicant_enable_network - Mark a configured network as enabled
4205  * @wpa_s: wpa_supplicant structure for a network interface
4206  * @ssid: wpa_ssid structure for a configured network or %NULL
4207  *
4208  * Enables the specified network or all networks if no network specified.
4209  */
4210 void wpa_supplicant_enable_network(struct wpa_supplicant *wpa_s,
4211 				   struct wpa_ssid *ssid)
4212 {
4213 	if (ssid == NULL) {
4214 		for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next)
4215 			wpa_supplicant_enable_one_network(wpa_s, ssid);
4216 	} else
4217 		wpa_supplicant_enable_one_network(wpa_s, ssid);
4218 
4219 	if (wpa_s->reassociate && !wpa_s->disconnected &&
4220 	    (!wpa_s->current_ssid ||
4221 	     wpa_s->wpa_state == WPA_DISCONNECTED ||
4222 	     wpa_s->wpa_state == WPA_SCANNING)) {
4223 		if (wpa_s->sched_scanning) {
4224 			wpa_printf(MSG_DEBUG, "Stop ongoing sched_scan to add "
4225 				   "new network to scan filters");
4226 			wpa_supplicant_cancel_sched_scan(wpa_s);
4227 		}
4228 
4229 		if (wpa_supplicant_fast_associate(wpa_s) != 1) {
4230 			wpa_s->scan_req = NORMAL_SCAN_REQ;
4231 			wpa_supplicant_req_scan(wpa_s, 0, 0);
4232 		}
4233 	}
4234 }
4235 
4236 
4237 /**
4238  * wpa_supplicant_disable_network - Mark a configured network as disabled
4239  * @wpa_s: wpa_supplicant structure for a network interface
4240  * @ssid: wpa_ssid structure for a configured network or %NULL
4241  *
4242  * Disables the specified network or all networks if no network specified.
4243  */
4244 void wpa_supplicant_disable_network(struct wpa_supplicant *wpa_s,
4245 				    struct wpa_ssid *ssid)
4246 {
4247 	struct wpa_ssid *other_ssid;
4248 	int was_disabled;
4249 
4250 	if (ssid == NULL) {
4251 		if (wpa_s->sched_scanning)
4252 			wpa_supplicant_cancel_sched_scan(wpa_s);
4253 
4254 		for (other_ssid = wpa_s->conf->ssid; other_ssid;
4255 		     other_ssid = other_ssid->next) {
4256 			was_disabled = other_ssid->disabled;
4257 			if (was_disabled == 2)
4258 				continue; /* do not change persistent P2P group
4259 					   * data */
4260 
4261 			other_ssid->disabled = 1;
4262 
4263 			if (was_disabled != other_ssid->disabled)
4264 				wpas_notify_network_enabled_changed(
4265 					wpa_s, other_ssid);
4266 		}
4267 		if (wpa_s->current_ssid) {
4268 			if (wpa_s->wpa_state >= WPA_AUTHENTICATING)
4269 				wpa_s->own_disconnect_req = 1;
4270 			wpa_supplicant_deauthenticate(
4271 				wpa_s, WLAN_REASON_DEAUTH_LEAVING);
4272 		}
4273 	} else if (ssid->disabled != 2) {
4274 		if (ssid == wpa_s->current_ssid) {
4275 			if (wpa_s->wpa_state >= WPA_AUTHENTICATING)
4276 				wpa_s->own_disconnect_req = 1;
4277 			wpa_supplicant_deauthenticate(
4278 				wpa_s, WLAN_REASON_DEAUTH_LEAVING);
4279 		}
4280 
4281 		was_disabled = ssid->disabled;
4282 
4283 		ssid->disabled = 1;
4284 
4285 		if (was_disabled != ssid->disabled) {
4286 			wpas_notify_network_enabled_changed(wpa_s, ssid);
4287 			if (wpa_s->sched_scanning) {
4288 				wpa_printf(MSG_DEBUG, "Stop ongoing sched_scan "
4289 					   "to remove network from filters");
4290 				wpa_supplicant_cancel_sched_scan(wpa_s);
4291 				wpa_supplicant_req_scan(wpa_s, 0, 0);
4292 			}
4293 		}
4294 	}
4295 }
4296 
4297 
4298 /**
4299  * wpa_supplicant_select_network - Attempt association with a network
4300  * @wpa_s: wpa_supplicant structure for a network interface
4301  * @ssid: wpa_ssid structure for a configured network or %NULL for any network
4302  */
4303 void wpa_supplicant_select_network(struct wpa_supplicant *wpa_s,
4304 				   struct wpa_ssid *ssid)
4305 {
4306 
4307 	struct wpa_ssid *other_ssid;
4308 	int disconnected = 0;
4309 
4310 	if (ssid && ssid != wpa_s->current_ssid && wpa_s->current_ssid) {
4311 		if (wpa_s->wpa_state >= WPA_AUTHENTICATING)
4312 			wpa_s->own_disconnect_req = 1;
4313 		wpa_supplicant_deauthenticate(
4314 			wpa_s, WLAN_REASON_DEAUTH_LEAVING);
4315 		disconnected = 1;
4316 	}
4317 
4318 	if (ssid)
4319 		wpas_clear_temp_disabled(wpa_s, ssid, 1);
4320 
4321 	/*
4322 	 * Mark all other networks disabled or mark all networks enabled if no
4323 	 * network specified.
4324 	 */
4325 	for (other_ssid = wpa_s->conf->ssid; other_ssid;
4326 	     other_ssid = other_ssid->next) {
4327 		int was_disabled = other_ssid->disabled;
4328 		if (was_disabled == 2)
4329 			continue; /* do not change persistent P2P group data */
4330 
4331 		other_ssid->disabled = ssid ? (ssid->id != other_ssid->id) : 0;
4332 		if (was_disabled && !other_ssid->disabled)
4333 			wpas_clear_temp_disabled(wpa_s, other_ssid, 0);
4334 
4335 		if (was_disabled != other_ssid->disabled)
4336 			wpas_notify_network_enabled_changed(wpa_s, other_ssid);
4337 	}
4338 
4339 	if (ssid && ssid == wpa_s->current_ssid && wpa_s->current_ssid &&
4340 	    wpa_s->wpa_state >= WPA_AUTHENTICATING) {
4341 		/* We are already associated with the selected network */
4342 		wpa_printf(MSG_DEBUG, "Already associated with the "
4343 			   "selected network - do nothing");
4344 		return;
4345 	}
4346 
4347 	if (ssid) {
4348 		wpa_s->current_ssid = ssid;
4349 		eapol_sm_notify_config(wpa_s->eapol, NULL, NULL);
4350 		wpa_s->connect_without_scan =
4351 			(ssid->mode == WPAS_MODE_MESH) ? ssid : NULL;
4352 
4353 		/*
4354 		 * Don't optimize next scan freqs since a new ESS has been
4355 		 * selected.
4356 		 */
4357 		os_free(wpa_s->next_scan_freqs);
4358 		wpa_s->next_scan_freqs = NULL;
4359 	} else {
4360 		wpa_s->connect_without_scan = NULL;
4361 	}
4362 
4363 	wpa_s->disconnected = 0;
4364 	wpa_s->reassociate = 1;
4365 	wpa_s_clear_sae_rejected(wpa_s);
4366 	wpa_s->last_owe_group = 0;
4367 	if (ssid) {
4368 		ssid->owe_transition_bss_select_count = 0;
4369 		wpa_s_setup_sae_pt(wpa_s->conf, ssid);
4370 	}
4371 
4372 	if (wpa_s->connect_without_scan ||
4373 	    wpa_supplicant_fast_associate(wpa_s) != 1) {
4374 		wpa_s->scan_req = NORMAL_SCAN_REQ;
4375 		wpas_scan_reset_sched_scan(wpa_s);
4376 		wpa_supplicant_req_scan(wpa_s, 0, disconnected ? 100000 : 0);
4377 	}
4378 
4379 	if (ssid)
4380 		wpas_notify_network_selected(wpa_s, ssid);
4381 }
4382 
4383 
4384 /**
4385  * wpas_set_pkcs11_engine_and_module_path - Set PKCS #11 engine and module path
4386  * @wpa_s: wpa_supplicant structure for a network interface
4387  * @pkcs11_engine_path: PKCS #11 engine path or NULL
4388  * @pkcs11_module_path: PKCS #11 module path or NULL
4389  * Returns: 0 on success; -1 on failure
4390  *
4391  * Sets the PKCS #11 engine and module path. Both have to be NULL or a valid
4392  * path. If resetting the EAPOL state machine with the new PKCS #11 engine and
4393  * module path fails the paths will be reset to the default value (NULL).
4394  */
4395 int wpas_set_pkcs11_engine_and_module_path(struct wpa_supplicant *wpa_s,
4396 					   const char *pkcs11_engine_path,
4397 					   const char *pkcs11_module_path)
4398 {
4399 	char *pkcs11_engine_path_copy = NULL;
4400 	char *pkcs11_module_path_copy = NULL;
4401 
4402 	if (pkcs11_engine_path != NULL) {
4403 		pkcs11_engine_path_copy = os_strdup(pkcs11_engine_path);
4404 		if (pkcs11_engine_path_copy == NULL)
4405 			return -1;
4406 	}
4407 	if (pkcs11_module_path != NULL) {
4408 		pkcs11_module_path_copy = os_strdup(pkcs11_module_path);
4409 		if (pkcs11_module_path_copy == NULL) {
4410 			os_free(pkcs11_engine_path_copy);
4411 			return -1;
4412 		}
4413 	}
4414 
4415 	os_free(wpa_s->conf->pkcs11_engine_path);
4416 	os_free(wpa_s->conf->pkcs11_module_path);
4417 	wpa_s->conf->pkcs11_engine_path = pkcs11_engine_path_copy;
4418 	wpa_s->conf->pkcs11_module_path = pkcs11_module_path_copy;
4419 
4420 	wpa_sm_set_eapol(wpa_s->wpa, NULL);
4421 	eapol_sm_deinit(wpa_s->eapol);
4422 	wpa_s->eapol = NULL;
4423 	if (wpa_supplicant_init_eapol(wpa_s)) {
4424 		/* Error -> Reset paths to the default value (NULL) once. */
4425 		if (pkcs11_engine_path != NULL && pkcs11_module_path != NULL)
4426 			wpas_set_pkcs11_engine_and_module_path(wpa_s, NULL,
4427 							       NULL);
4428 
4429 		return -1;
4430 	}
4431 	wpa_sm_set_eapol(wpa_s->wpa, wpa_s->eapol);
4432 
4433 	return 0;
4434 }
4435 
4436 
4437 /**
4438  * wpa_supplicant_set_ap_scan - Set AP scan mode for interface
4439  * @wpa_s: wpa_supplicant structure for a network interface
4440  * @ap_scan: AP scan mode
4441  * Returns: 0 if succeed or -1 if ap_scan has an invalid value
4442  *
4443  */
4444 int wpa_supplicant_set_ap_scan(struct wpa_supplicant *wpa_s, int ap_scan)
4445 {
4446 
4447 	int old_ap_scan;
4448 
4449 	if (ap_scan < 0 || ap_scan > 2)
4450 		return -1;
4451 
4452 	if (ap_scan == 2 && os_strcmp(wpa_s->driver->name, "nl80211") == 0) {
4453 		wpa_printf(MSG_INFO,
4454 			   "Note: nl80211 driver interface is not designed to be used with ap_scan=2; this can result in connection failures");
4455 	}
4456 
4457 #ifdef ANDROID
4458 	if (ap_scan == 2 && ap_scan != wpa_s->conf->ap_scan &&
4459 	    wpa_s->wpa_state >= WPA_ASSOCIATING &&
4460 	    wpa_s->wpa_state < WPA_COMPLETED) {
4461 		wpa_printf(MSG_ERROR, "ap_scan = %d (%d) rejected while "
4462 			   "associating", wpa_s->conf->ap_scan, ap_scan);
4463 		return 0;
4464 	}
4465 #endif /* ANDROID */
4466 
4467 	old_ap_scan = wpa_s->conf->ap_scan;
4468 	wpa_s->conf->ap_scan = ap_scan;
4469 
4470 	if (old_ap_scan != wpa_s->conf->ap_scan)
4471 		wpas_notify_ap_scan_changed(wpa_s);
4472 
4473 	return 0;
4474 }
4475 
4476 
4477 /**
4478  * wpa_supplicant_set_bss_expiration_age - Set BSS entry expiration age
4479  * @wpa_s: wpa_supplicant structure for a network interface
4480  * @expire_age: Expiration age in seconds
4481  * Returns: 0 if succeed or -1 if expire_age has an invalid value
4482  *
4483  */
4484 int wpa_supplicant_set_bss_expiration_age(struct wpa_supplicant *wpa_s,
4485 					  unsigned int bss_expire_age)
4486 {
4487 	if (bss_expire_age < 10) {
4488 		wpa_msg(wpa_s, MSG_ERROR, "Invalid bss expiration age %u",
4489 			bss_expire_age);
4490 		return -1;
4491 	}
4492 	wpa_msg(wpa_s, MSG_DEBUG, "Setting bss expiration age: %d sec",
4493 		bss_expire_age);
4494 	wpa_s->conf->bss_expiration_age = bss_expire_age;
4495 
4496 	return 0;
4497 }
4498 
4499 
4500 /**
4501  * wpa_supplicant_set_bss_expiration_count - Set BSS entry expiration scan count
4502  * @wpa_s: wpa_supplicant structure for a network interface
4503  * @expire_count: number of scans after which an unseen BSS is reclaimed
4504  * Returns: 0 if succeed or -1 if expire_count has an invalid value
4505  *
4506  */
4507 int wpa_supplicant_set_bss_expiration_count(struct wpa_supplicant *wpa_s,
4508 					    unsigned int bss_expire_count)
4509 {
4510 	if (bss_expire_count < 1) {
4511 		wpa_msg(wpa_s, MSG_ERROR, "Invalid bss expiration count %u",
4512 			bss_expire_count);
4513 		return -1;
4514 	}
4515 	wpa_msg(wpa_s, MSG_DEBUG, "Setting bss expiration scan count: %u",
4516 		bss_expire_count);
4517 	wpa_s->conf->bss_expiration_scan_count = bss_expire_count;
4518 
4519 	return 0;
4520 }
4521 
4522 
4523 /**
4524  * wpa_supplicant_set_scan_interval - Set scan interval
4525  * @wpa_s: wpa_supplicant structure for a network interface
4526  * @scan_interval: scan interval in seconds
4527  * Returns: 0 if succeed or -1 if scan_interval has an invalid value
4528  *
4529  */
4530 int wpa_supplicant_set_scan_interval(struct wpa_supplicant *wpa_s,
4531 				     int scan_interval)
4532 {
4533 	if (scan_interval < 0) {
4534 		wpa_msg(wpa_s, MSG_ERROR, "Invalid scan interval %d",
4535 			scan_interval);
4536 		return -1;
4537 	}
4538 	wpa_msg(wpa_s, MSG_DEBUG, "Setting scan interval: %d sec",
4539 		scan_interval);
4540 	wpa_supplicant_update_scan_int(wpa_s, scan_interval);
4541 
4542 	return 0;
4543 }
4544 
4545 
4546 /**
4547  * wpa_supplicant_set_debug_params - Set global debug params
4548  * @global: wpa_global structure
4549  * @debug_level: debug level
4550  * @debug_timestamp: determines if show timestamp in debug data
4551  * @debug_show_keys: determines if show keys in debug data
4552  * Returns: 0 if succeed or -1 if debug_level has wrong value
4553  */
4554 int wpa_supplicant_set_debug_params(struct wpa_global *global, int debug_level,
4555 				    int debug_timestamp, int debug_show_keys)
4556 {
4557 
4558 	int old_level, old_timestamp, old_show_keys;
4559 
4560 	/* check for allowed debuglevels */
4561 	if (debug_level != MSG_EXCESSIVE &&
4562 	    debug_level != MSG_MSGDUMP &&
4563 	    debug_level != MSG_DEBUG &&
4564 	    debug_level != MSG_INFO &&
4565 	    debug_level != MSG_WARNING &&
4566 	    debug_level != MSG_ERROR)
4567 		return -1;
4568 
4569 	old_level = wpa_debug_level;
4570 	old_timestamp = wpa_debug_timestamp;
4571 	old_show_keys = wpa_debug_show_keys;
4572 
4573 	wpa_debug_level = debug_level;
4574 	wpa_debug_timestamp = debug_timestamp ? 1 : 0;
4575 	wpa_debug_show_keys = debug_show_keys ? 1 : 0;
4576 
4577 	if (wpa_debug_level != old_level)
4578 		wpas_notify_debug_level_changed(global);
4579 	if (wpa_debug_timestamp != old_timestamp)
4580 		wpas_notify_debug_timestamp_changed(global);
4581 	if (wpa_debug_show_keys != old_show_keys)
4582 		wpas_notify_debug_show_keys_changed(global);
4583 
4584 	return 0;
4585 }
4586 
4587 
4588 #ifdef CONFIG_OWE
4589 static int owe_trans_ssid_match(struct wpa_supplicant *wpa_s, const u8 *bssid,
4590 				const u8 *entry_ssid, size_t entry_ssid_len)
4591 {
4592 	const u8 *owe, *pos, *end;
4593 	u8 ssid_len;
4594 	struct wpa_bss *bss;
4595 
4596 	/* Check network profile SSID aganst the SSID in the
4597 	 * OWE Transition Mode element. */
4598 
4599 	bss = wpa_bss_get_bssid_latest(wpa_s, bssid);
4600 	if (!bss)
4601 		return 0;
4602 
4603 	owe = wpa_bss_get_vendor_ie(bss, OWE_IE_VENDOR_TYPE);
4604 	if (!owe)
4605 		return 0;
4606 
4607 	pos = owe + 6;
4608 	end = owe + 2 + owe[1];
4609 
4610 	if (end - pos < ETH_ALEN + 1)
4611 		return 0;
4612 	pos += ETH_ALEN;
4613 	ssid_len = *pos++;
4614 	if (end - pos < ssid_len || ssid_len > SSID_MAX_LEN)
4615 		return 0;
4616 
4617 	return entry_ssid_len == ssid_len &&
4618 		os_memcmp(pos, entry_ssid, ssid_len) == 0;
4619 }
4620 #endif /* CONFIG_OWE */
4621 
4622 
4623 /**
4624  * wpa_supplicant_get_ssid - Get a pointer to the current network structure
4625  * @wpa_s: Pointer to wpa_supplicant data
4626  * Returns: A pointer to the current network structure or %NULL on failure
4627  */
4628 struct wpa_ssid * wpa_supplicant_get_ssid(struct wpa_supplicant *wpa_s)
4629 {
4630 	struct wpa_ssid *entry;
4631 	u8 ssid[SSID_MAX_LEN];
4632 	int res;
4633 	size_t ssid_len;
4634 	u8 bssid[ETH_ALEN];
4635 	int wired;
4636 
4637 	res = wpa_drv_get_ssid(wpa_s, ssid);
4638 	if (res < 0) {
4639 		wpa_msg(wpa_s, MSG_WARNING, "Could not read SSID from "
4640 			"driver");
4641 		return NULL;
4642 	}
4643 	ssid_len = res;
4644 
4645 	if (wpa_drv_get_bssid(wpa_s, bssid) < 0) {
4646 		wpa_msg(wpa_s, MSG_WARNING, "Could not read BSSID from "
4647 			"driver");
4648 		return NULL;
4649 	}
4650 
4651 	wired = wpa_s->conf->ap_scan == 0 &&
4652 		(wpa_s->drv_flags & WPA_DRIVER_FLAGS_WIRED);
4653 
4654 	entry = wpa_s->conf->ssid;
4655 	while (entry) {
4656 		if (!wpas_network_disabled(wpa_s, entry) &&
4657 		    ((ssid_len == entry->ssid_len &&
4658 		      (!entry->ssid ||
4659 		       os_memcmp(ssid, entry->ssid, ssid_len) == 0)) ||
4660 		     wired) &&
4661 		    (!entry->bssid_set ||
4662 		     os_memcmp(bssid, entry->bssid, ETH_ALEN) == 0))
4663 			return entry;
4664 #ifdef CONFIG_WPS
4665 		if (!wpas_network_disabled(wpa_s, entry) &&
4666 		    (entry->key_mgmt & WPA_KEY_MGMT_WPS) &&
4667 		    (entry->ssid == NULL || entry->ssid_len == 0) &&
4668 		    (!entry->bssid_set ||
4669 		     os_memcmp(bssid, entry->bssid, ETH_ALEN) == 0))
4670 			return entry;
4671 #endif /* CONFIG_WPS */
4672 
4673 #ifdef CONFIG_OWE
4674 		if (!wpas_network_disabled(wpa_s, entry) &&
4675 		    owe_trans_ssid_match(wpa_s, bssid, entry->ssid,
4676 		    entry->ssid_len) &&
4677 		    (!entry->bssid_set ||
4678 		     os_memcmp(bssid, entry->bssid, ETH_ALEN) == 0))
4679 			return entry;
4680 #endif /* CONFIG_OWE */
4681 
4682 		if (!wpas_network_disabled(wpa_s, entry) && entry->bssid_set &&
4683 		    entry->ssid_len == 0 &&
4684 		    os_memcmp(bssid, entry->bssid, ETH_ALEN) == 0)
4685 			return entry;
4686 
4687 		entry = entry->next;
4688 	}
4689 
4690 	return NULL;
4691 }
4692 
4693 
4694 static int select_driver(struct wpa_supplicant *wpa_s, int i)
4695 {
4696 	struct wpa_global *global = wpa_s->global;
4697 
4698 	if (wpa_drivers[i]->global_init && global->drv_priv[i] == NULL) {
4699 		global->drv_priv[i] = wpa_drivers[i]->global_init(global);
4700 		if (global->drv_priv[i] == NULL) {
4701 			wpa_printf(MSG_ERROR, "Failed to initialize driver "
4702 				   "'%s'", wpa_drivers[i]->name);
4703 			return -1;
4704 		}
4705 	}
4706 
4707 	wpa_s->driver = wpa_drivers[i];
4708 	wpa_s->global_drv_priv = global->drv_priv[i];
4709 
4710 	return 0;
4711 }
4712 
4713 
4714 static int wpa_supplicant_set_driver(struct wpa_supplicant *wpa_s,
4715 				     const char *name)
4716 {
4717 	int i;
4718 	size_t len;
4719 	const char *pos, *driver = name;
4720 
4721 	if (wpa_s == NULL)
4722 		return -1;
4723 
4724 	if (wpa_drivers[0] == NULL) {
4725 		wpa_msg(wpa_s, MSG_ERROR, "No driver interfaces build into "
4726 			"wpa_supplicant");
4727 		return -1;
4728 	}
4729 
4730 	if (name == NULL) {
4731 		/* default to first driver in the list */
4732 		return select_driver(wpa_s, 0);
4733 	}
4734 
4735 	do {
4736 		pos = os_strchr(driver, ',');
4737 		if (pos)
4738 			len = pos - driver;
4739 		else
4740 			len = os_strlen(driver);
4741 
4742 		for (i = 0; wpa_drivers[i]; i++) {
4743 			if (os_strlen(wpa_drivers[i]->name) == len &&
4744 			    os_strncmp(driver, wpa_drivers[i]->name, len) ==
4745 			    0) {
4746 				/* First driver that succeeds wins */
4747 				if (select_driver(wpa_s, i) == 0)
4748 					return 0;
4749 			}
4750 		}
4751 
4752 		driver = pos + 1;
4753 	} while (pos);
4754 
4755 	wpa_msg(wpa_s, MSG_ERROR, "Unsupported driver '%s'", name);
4756 	return -1;
4757 }
4758 
4759 
4760 /**
4761  * wpa_supplicant_rx_eapol - Deliver a received EAPOL frame to wpa_supplicant
4762  * @ctx: Context pointer (wpa_s); this is the ctx variable registered
4763  *	with struct wpa_driver_ops::init()
4764  * @src_addr: Source address of the EAPOL frame
4765  * @buf: EAPOL data starting from the EAPOL header (i.e., no Ethernet header)
4766  * @len: Length of the EAPOL data
4767  *
4768  * This function is called for each received EAPOL frame. Most driver
4769  * interfaces rely on more generic OS mechanism for receiving frames through
4770  * l2_packet, but if such a mechanism is not available, the driver wrapper may
4771  * take care of received EAPOL frames and deliver them to the core supplicant
4772  * code by calling this function.
4773  */
4774 void wpa_supplicant_rx_eapol(void *ctx, const u8 *src_addr,
4775 			     const u8 *buf, size_t len)
4776 {
4777 	struct wpa_supplicant *wpa_s = ctx;
4778 
4779 	wpa_dbg(wpa_s, MSG_DEBUG, "RX EAPOL from " MACSTR, MAC2STR(src_addr));
4780 	wpa_hexdump(MSG_MSGDUMP, "RX EAPOL", buf, len);
4781 
4782 	if (wpa_s->own_disconnect_req) {
4783 		wpa_printf(MSG_DEBUG,
4784 			   "Drop received EAPOL frame as we are disconnecting");
4785 		return;
4786 	}
4787 
4788 #ifdef CONFIG_TESTING_OPTIONS
4789 	wpa_msg_ctrl(wpa_s, MSG_INFO, "EAPOL-RX " MACSTR " %zu",
4790 		     MAC2STR(src_addr), len);
4791 	if (wpa_s->ignore_auth_resp) {
4792 		wpa_printf(MSG_INFO, "RX EAPOL - ignore_auth_resp active!");
4793 		return;
4794 	}
4795 #endif /* CONFIG_TESTING_OPTIONS */
4796 
4797 	if (wpa_s->wpa_state < WPA_ASSOCIATED ||
4798 	    (wpa_s->last_eapol_matches_bssid &&
4799 #ifdef CONFIG_AP
4800 	     !wpa_s->ap_iface &&
4801 #endif /* CONFIG_AP */
4802 	     os_memcmp(src_addr, wpa_s->bssid, ETH_ALEN) != 0)) {
4803 		/*
4804 		 * There is possible race condition between receiving the
4805 		 * association event and the EAPOL frame since they are coming
4806 		 * through different paths from the driver. In order to avoid
4807 		 * issues in trying to process the EAPOL frame before receiving
4808 		 * association information, lets queue it for processing until
4809 		 * the association event is received. This may also be needed in
4810 		 * driver-based roaming case, so also use src_addr != BSSID as a
4811 		 * trigger if we have previously confirmed that the
4812 		 * Authenticator uses BSSID as the src_addr (which is not the
4813 		 * case with wired IEEE 802.1X).
4814 		 */
4815 		wpa_dbg(wpa_s, MSG_DEBUG, "Not associated - Delay processing "
4816 			"of received EAPOL frame (state=%s bssid=" MACSTR ")",
4817 			wpa_supplicant_state_txt(wpa_s->wpa_state),
4818 			MAC2STR(wpa_s->bssid));
4819 		wpabuf_free(wpa_s->pending_eapol_rx);
4820 		wpa_s->pending_eapol_rx = wpabuf_alloc_copy(buf, len);
4821 		if (wpa_s->pending_eapol_rx) {
4822 			os_get_reltime(&wpa_s->pending_eapol_rx_time);
4823 			os_memcpy(wpa_s->pending_eapol_rx_src, src_addr,
4824 				  ETH_ALEN);
4825 		}
4826 		return;
4827 	}
4828 
4829 	wpa_s->last_eapol_matches_bssid =
4830 		os_memcmp(src_addr, wpa_s->bssid, ETH_ALEN) == 0;
4831 
4832 #ifdef CONFIG_AP
4833 	if (wpa_s->ap_iface) {
4834 		wpa_supplicant_ap_rx_eapol(wpa_s, src_addr, buf, len);
4835 		return;
4836 	}
4837 #endif /* CONFIG_AP */
4838 
4839 	if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE) {
4840 		wpa_dbg(wpa_s, MSG_DEBUG, "Ignored received EAPOL frame since "
4841 			"no key management is configured");
4842 		return;
4843 	}
4844 
4845 	if (wpa_s->eapol_received == 0 &&
4846 	    (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_PSK) ||
4847 	     !wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt) ||
4848 	     wpa_s->wpa_state != WPA_COMPLETED) &&
4849 	    (wpa_s->current_ssid == NULL ||
4850 	     wpa_s->current_ssid->mode != WPAS_MODE_IBSS)) {
4851 		/* Timeout for completing IEEE 802.1X and WPA authentication */
4852 		int timeout = 10;
4853 
4854 		if (wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt) ||
4855 		    wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA ||
4856 		    wpa_s->key_mgmt == WPA_KEY_MGMT_WPS) {
4857 			/* Use longer timeout for IEEE 802.1X/EAP */
4858 			timeout = 70;
4859 		}
4860 
4861 #ifdef CONFIG_WPS
4862 		if (wpa_s->current_ssid && wpa_s->current_bss &&
4863 		    (wpa_s->current_ssid->key_mgmt & WPA_KEY_MGMT_WPS) &&
4864 		    eap_is_wps_pin_enrollee(&wpa_s->current_ssid->eap)) {
4865 			/*
4866 			 * Use shorter timeout if going through WPS AP iteration
4867 			 * for PIN config method with an AP that does not
4868 			 * advertise Selected Registrar.
4869 			 */
4870 			struct wpabuf *wps_ie;
4871 
4872 			wps_ie = wpa_bss_get_vendor_ie_multi(
4873 				wpa_s->current_bss, WPS_IE_VENDOR_TYPE);
4874 			if (wps_ie &&
4875 			    !wps_is_addr_authorized(wps_ie, wpa_s->own_addr, 1))
4876 				timeout = 10;
4877 			wpabuf_free(wps_ie);
4878 		}
4879 #endif /* CONFIG_WPS */
4880 
4881 		wpa_supplicant_req_auth_timeout(wpa_s, timeout, 0);
4882 	}
4883 	wpa_s->eapol_received++;
4884 
4885 	if (wpa_s->countermeasures) {
4886 		wpa_msg(wpa_s, MSG_INFO, "WPA: Countermeasures - dropped "
4887 			"EAPOL packet");
4888 		return;
4889 	}
4890 
4891 #ifdef CONFIG_IBSS_RSN
4892 	if (wpa_s->current_ssid &&
4893 	    wpa_s->current_ssid->mode == WPAS_MODE_IBSS) {
4894 		ibss_rsn_rx_eapol(wpa_s->ibss_rsn, src_addr, buf, len);
4895 		return;
4896 	}
4897 #endif /* CONFIG_IBSS_RSN */
4898 
4899 	/* Source address of the incoming EAPOL frame could be compared to the
4900 	 * current BSSID. However, it is possible that a centralized
4901 	 * Authenticator could be using another MAC address than the BSSID of
4902 	 * an AP, so just allow any address to be used for now. The replies are
4903 	 * still sent to the current BSSID (if available), though. */
4904 
4905 	os_memcpy(wpa_s->last_eapol_src, src_addr, ETH_ALEN);
4906 	if (!wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt) &&
4907 	    wpa_s->key_mgmt != WPA_KEY_MGMT_OWE &&
4908 	    wpa_s->key_mgmt != WPA_KEY_MGMT_DPP &&
4909 	    eapol_sm_rx_eapol(wpa_s->eapol, src_addr, buf, len) > 0)
4910 		return;
4911 	wpa_drv_poll(wpa_s);
4912 	if (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_PSK))
4913 		wpa_sm_rx_eapol(wpa_s->wpa, src_addr, buf, len);
4914 	else if (wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt)) {
4915 		/*
4916 		 * Set portValid = true here since we are going to skip 4-way
4917 		 * handshake processing which would normally set portValid. We
4918 		 * need this to allow the EAPOL state machines to be completed
4919 		 * without going through EAPOL-Key handshake.
4920 		 */
4921 		eapol_sm_notify_portValid(wpa_s->eapol, true);
4922 	}
4923 }
4924 
4925 
4926 static int wpas_eapol_needs_l2_packet(struct wpa_supplicant *wpa_s)
4927 {
4928 	return !(wpa_s->drv_flags & WPA_DRIVER_FLAGS_CONTROL_PORT) ||
4929 		!(wpa_s->drv_flags2 & WPA_DRIVER_FLAGS2_CONTROL_PORT_RX);
4930 }
4931 
4932 
4933 int wpa_supplicant_update_mac_addr(struct wpa_supplicant *wpa_s)
4934 {
4935 	if ((!wpa_s->p2p_mgmt ||
4936 	     !(wpa_s->drv_flags & WPA_DRIVER_FLAGS_DEDICATED_P2P_DEVICE)) &&
4937 	    !(wpa_s->drv_flags & WPA_DRIVER_FLAGS_P2P_DEDICATED_INTERFACE)) {
4938 		l2_packet_deinit(wpa_s->l2);
4939 		wpa_s->l2 = l2_packet_init(wpa_s->ifname,
4940 					   wpa_drv_get_mac_addr(wpa_s),
4941 					   ETH_P_EAPOL,
4942 					   wpas_eapol_needs_l2_packet(wpa_s) ?
4943 					   wpa_supplicant_rx_eapol : NULL,
4944 					   wpa_s, 0);
4945 		if (wpa_s->l2 == NULL)
4946 			return -1;
4947 
4948 		if (l2_packet_set_packet_filter(wpa_s->l2,
4949 						L2_PACKET_FILTER_PKTTYPE))
4950 			wpa_dbg(wpa_s, MSG_DEBUG,
4951 				"Failed to attach pkt_type filter");
4952 
4953 		if (l2_packet_get_own_addr(wpa_s->l2, wpa_s->own_addr)) {
4954 			wpa_msg(wpa_s, MSG_ERROR,
4955 				"Failed to get own L2 address");
4956 			return -1;
4957 		}
4958 	} else {
4959 		const u8 *addr = wpa_drv_get_mac_addr(wpa_s);
4960 		if (addr)
4961 			os_memcpy(wpa_s->own_addr, addr, ETH_ALEN);
4962 	}
4963 
4964 	wpa_sm_set_own_addr(wpa_s->wpa, wpa_s->own_addr);
4965 	wpas_wps_update_mac_addr(wpa_s);
4966 
4967 #ifdef CONFIG_FST
4968 	if (wpa_s->fst)
4969 		fst_update_mac_addr(wpa_s->fst, wpa_s->own_addr);
4970 #endif /* CONFIG_FST */
4971 
4972 	return 0;
4973 }
4974 
4975 
4976 static void wpa_supplicant_rx_eapol_bridge(void *ctx, const u8 *src_addr,
4977 					   const u8 *buf, size_t len)
4978 {
4979 	struct wpa_supplicant *wpa_s = ctx;
4980 	const struct l2_ethhdr *eth;
4981 
4982 	if (len < sizeof(*eth))
4983 		return;
4984 	eth = (const struct l2_ethhdr *) buf;
4985 
4986 	if (os_memcmp(eth->h_dest, wpa_s->own_addr, ETH_ALEN) != 0 &&
4987 	    !(eth->h_dest[0] & 0x01)) {
4988 		wpa_dbg(wpa_s, MSG_DEBUG, "RX EAPOL from " MACSTR " to " MACSTR
4989 			" (bridge - not for this interface - ignore)",
4990 			MAC2STR(src_addr), MAC2STR(eth->h_dest));
4991 		return;
4992 	}
4993 
4994 	wpa_dbg(wpa_s, MSG_DEBUG, "RX EAPOL from " MACSTR " to " MACSTR
4995 		" (bridge)", MAC2STR(src_addr), MAC2STR(eth->h_dest));
4996 	wpa_supplicant_rx_eapol(wpa_s, src_addr, buf + sizeof(*eth),
4997 				len - sizeof(*eth));
4998 }
4999 
5000 
5001 int wpa_supplicant_update_bridge_ifname(struct wpa_supplicant *wpa_s,
5002 					const char *bridge_ifname)
5003 {
5004 	if (wpa_s->wpa_state > WPA_SCANNING)
5005 		return -EBUSY;
5006 
5007 	if (bridge_ifname &&
5008 	    os_strlen(bridge_ifname) >= sizeof(wpa_s->bridge_ifname))
5009 		return -EINVAL;
5010 
5011 	if (!bridge_ifname)
5012 		bridge_ifname = "";
5013 
5014 	if (os_strcmp(wpa_s->bridge_ifname, bridge_ifname) == 0)
5015 		return 0;
5016 
5017 	if (wpa_s->l2_br) {
5018 		l2_packet_deinit(wpa_s->l2_br);
5019 		wpa_s->l2_br = NULL;
5020 	}
5021 
5022 	os_strlcpy(wpa_s->bridge_ifname, bridge_ifname,
5023 		   sizeof(wpa_s->bridge_ifname));
5024 
5025 	if (wpa_s->bridge_ifname[0]) {
5026 		wpa_dbg(wpa_s, MSG_DEBUG,
5027 			"Receiving packets from bridge interface '%s'",
5028 			wpa_s->bridge_ifname);
5029 		wpa_s->l2_br = l2_packet_init_bridge(
5030 			wpa_s->bridge_ifname, wpa_s->ifname, wpa_s->own_addr,
5031 			ETH_P_EAPOL, wpa_supplicant_rx_eapol_bridge, wpa_s, 1);
5032 		if (!wpa_s->l2_br) {
5033 			wpa_msg(wpa_s, MSG_ERROR,
5034 				"Failed to open l2_packet connection for the bridge interface '%s'",
5035 				wpa_s->bridge_ifname);
5036 			goto fail;
5037 		}
5038 	}
5039 
5040 #ifdef CONFIG_TDLS
5041 	if (!wpa_s->p2p_mgmt && wpa_tdls_init(wpa_s->wpa))
5042 		goto fail;
5043 #endif /* CONFIG_TDLS */
5044 
5045 	return 0;
5046 fail:
5047 	wpa_s->bridge_ifname[0] = 0;
5048 	if (wpa_s->l2_br) {
5049 		l2_packet_deinit(wpa_s->l2_br);
5050 		wpa_s->l2_br = NULL;
5051 	}
5052 #ifdef CONFIG_TDLS
5053 	if (!wpa_s->p2p_mgmt)
5054 		wpa_tdls_init(wpa_s->wpa);
5055 #endif /* CONFIG_TDLS */
5056 	return -EIO;
5057 }
5058 
5059 
5060 /**
5061  * wpa_supplicant_driver_init - Initialize driver interface parameters
5062  * @wpa_s: Pointer to wpa_supplicant data
5063  * Returns: 0 on success, -1 on failure
5064  *
5065  * This function is called to initialize driver interface parameters.
5066  * wpa_drv_init() must have been called before this function to initialize the
5067  * driver interface.
5068  */
5069 int wpa_supplicant_driver_init(struct wpa_supplicant *wpa_s)
5070 {
5071 	static int interface_count = 0;
5072 
5073 	if (wpa_supplicant_update_mac_addr(wpa_s) < 0)
5074 		return -1;
5075 
5076 	wpa_dbg(wpa_s, MSG_DEBUG, "Own MAC address: " MACSTR,
5077 		MAC2STR(wpa_s->own_addr));
5078 	os_memcpy(wpa_s->perm_addr, wpa_s->own_addr, ETH_ALEN);
5079 	wpa_sm_set_own_addr(wpa_s->wpa, wpa_s->own_addr);
5080 
5081 	if (wpa_s->bridge_ifname[0] && wpas_eapol_needs_l2_packet(wpa_s)) {
5082 		wpa_dbg(wpa_s, MSG_DEBUG, "Receiving packets from bridge "
5083 			"interface '%s'", wpa_s->bridge_ifname);
5084 		wpa_s->l2_br = l2_packet_init_bridge(
5085 			wpa_s->bridge_ifname, wpa_s->ifname, wpa_s->own_addr,
5086 			ETH_P_EAPOL, wpa_supplicant_rx_eapol_bridge, wpa_s, 1);
5087 		if (wpa_s->l2_br == NULL) {
5088 			wpa_msg(wpa_s, MSG_ERROR, "Failed to open l2_packet "
5089 				"connection for the bridge interface '%s'",
5090 				wpa_s->bridge_ifname);
5091 			return -1;
5092 		}
5093 	}
5094 
5095 	if (wpa_s->conf->ap_scan == 2 &&
5096 	    os_strcmp(wpa_s->driver->name, "nl80211") == 0) {
5097 		wpa_printf(MSG_INFO,
5098 			   "Note: nl80211 driver interface is not designed to be used with ap_scan=2; this can result in connection failures");
5099 	}
5100 
5101 	wpa_clear_keys(wpa_s, NULL);
5102 
5103 	/* Make sure that TKIP countermeasures are not left enabled (could
5104 	 * happen if wpa_supplicant is killed during countermeasures. */
5105 	wpa_drv_set_countermeasures(wpa_s, 0);
5106 
5107 	wpa_dbg(wpa_s, MSG_DEBUG, "RSN: flushing PMKID list in the driver");
5108 	wpa_drv_flush_pmkid(wpa_s);
5109 
5110 	wpa_s->prev_scan_ssid = WILDCARD_SSID_SCAN;
5111 	wpa_s->prev_scan_wildcard = 0;
5112 
5113 	if (wpa_supplicant_enabled_networks(wpa_s)) {
5114 		if (wpa_s->wpa_state == WPA_INTERFACE_DISABLED) {
5115 			wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED);
5116 			interface_count = 0;
5117 		}
5118 #ifndef ANDROID
5119 		if (!wpa_s->p2p_mgmt &&
5120 		    wpa_supplicant_delayed_sched_scan(wpa_s,
5121 						      interface_count % 3,
5122 						      100000))
5123 			wpa_supplicant_req_scan(wpa_s, interface_count % 3,
5124 						100000);
5125 #endif /* ANDROID */
5126 		interface_count++;
5127 	} else
5128 		wpa_supplicant_set_state(wpa_s, WPA_INACTIVE);
5129 
5130 	return 0;
5131 }
5132 
5133 
5134 static int wpa_supplicant_daemon(const char *pid_file)
5135 {
5136 	wpa_printf(MSG_DEBUG, "Daemonize..");
5137 	return os_daemonize(pid_file);
5138 }
5139 
5140 
5141 static struct wpa_supplicant *
5142 wpa_supplicant_alloc(struct wpa_supplicant *parent)
5143 {
5144 	struct wpa_supplicant *wpa_s;
5145 
5146 	wpa_s = os_zalloc(sizeof(*wpa_s));
5147 	if (wpa_s == NULL)
5148 		return NULL;
5149 	wpa_s->scan_req = INITIAL_SCAN_REQ;
5150 	wpa_s->scan_interval = 5;
5151 	wpa_s->new_connection = 1;
5152 	wpa_s->parent = parent ? parent : wpa_s;
5153 	wpa_s->p2pdev = wpa_s->parent;
5154 	wpa_s->sched_scanning = 0;
5155 	wpa_s->setband_mask = WPA_SETBAND_AUTO;
5156 
5157 	dl_list_init(&wpa_s->bss_tmp_disallowed);
5158 	dl_list_init(&wpa_s->fils_hlp_req);
5159 #ifdef CONFIG_TESTING_OPTIONS
5160 	dl_list_init(&wpa_s->drv_signal_override);
5161 #endif /* CONFIG_TESTING_OPTIONS */
5162 
5163 	return wpa_s;
5164 }
5165 
5166 
5167 #ifdef CONFIG_HT_OVERRIDES
5168 
5169 static int wpa_set_htcap_mcs(struct wpa_supplicant *wpa_s,
5170 			     struct ieee80211_ht_capabilities *htcaps,
5171 			     struct ieee80211_ht_capabilities *htcaps_mask,
5172 			     const char *ht_mcs)
5173 {
5174 	/* parse ht_mcs into hex array */
5175 	int i;
5176 	const char *tmp = ht_mcs;
5177 	char *end = NULL;
5178 
5179 	/* If ht_mcs is null, do not set anything */
5180 	if (!ht_mcs)
5181 		return 0;
5182 
5183 	/* This is what we are setting in the kernel */
5184 	os_memset(&htcaps->supported_mcs_set, 0, IEEE80211_HT_MCS_MASK_LEN);
5185 
5186 	wpa_msg(wpa_s, MSG_DEBUG, "set_htcap, ht_mcs -:%s:-", ht_mcs);
5187 
5188 	for (i = 0; i < IEEE80211_HT_MCS_MASK_LEN; i++) {
5189 		long v;
5190 
5191 		errno = 0;
5192 		v = strtol(tmp, &end, 16);
5193 
5194 		if (errno == 0) {
5195 			wpa_msg(wpa_s, MSG_DEBUG,
5196 				"htcap value[%i]: %ld end: %p  tmp: %p",
5197 				i, v, end, tmp);
5198 			if (end == tmp)
5199 				break;
5200 
5201 			htcaps->supported_mcs_set[i] = v;
5202 			tmp = end;
5203 		} else {
5204 			wpa_msg(wpa_s, MSG_ERROR,
5205 				"Failed to parse ht-mcs: %s, error: %s\n",
5206 				ht_mcs, strerror(errno));
5207 			return -1;
5208 		}
5209 	}
5210 
5211 	/*
5212 	 * If we were able to parse any values, then set mask for the MCS set.
5213 	 */
5214 	if (i) {
5215 		os_memset(&htcaps_mask->supported_mcs_set, 0xff,
5216 			  IEEE80211_HT_MCS_MASK_LEN - 1);
5217 		/* skip the 3 reserved bits */
5218 		htcaps_mask->supported_mcs_set[IEEE80211_HT_MCS_MASK_LEN - 1] =
5219 			0x1f;
5220 	}
5221 
5222 	return 0;
5223 }
5224 
5225 
5226 static int wpa_disable_max_amsdu(struct wpa_supplicant *wpa_s,
5227 				 struct ieee80211_ht_capabilities *htcaps,
5228 				 struct ieee80211_ht_capabilities *htcaps_mask,
5229 				 int disabled)
5230 {
5231 	le16 msk;
5232 
5233 	if (disabled == -1)
5234 		return 0;
5235 
5236 	wpa_msg(wpa_s, MSG_DEBUG, "set_disable_max_amsdu: %d", disabled);
5237 
5238 	msk = host_to_le16(HT_CAP_INFO_MAX_AMSDU_SIZE);
5239 	htcaps_mask->ht_capabilities_info |= msk;
5240 	if (disabled)
5241 		htcaps->ht_capabilities_info &= msk;
5242 	else
5243 		htcaps->ht_capabilities_info |= msk;
5244 
5245 	return 0;
5246 }
5247 
5248 
5249 static int wpa_set_ampdu_factor(struct wpa_supplicant *wpa_s,
5250 				struct ieee80211_ht_capabilities *htcaps,
5251 				struct ieee80211_ht_capabilities *htcaps_mask,
5252 				int factor)
5253 {
5254 	if (factor == -1)
5255 		return 0;
5256 
5257 	wpa_msg(wpa_s, MSG_DEBUG, "set_ampdu_factor: %d", factor);
5258 
5259 	if (factor < 0 || factor > 3) {
5260 		wpa_msg(wpa_s, MSG_ERROR, "ampdu_factor: %d out of range. "
5261 			"Must be 0-3 or -1", factor);
5262 		return -EINVAL;
5263 	}
5264 
5265 	htcaps_mask->a_mpdu_params |= 0x3; /* 2 bits for factor */
5266 	htcaps->a_mpdu_params &= ~0x3;
5267 	htcaps->a_mpdu_params |= factor & 0x3;
5268 
5269 	return 0;
5270 }
5271 
5272 
5273 static int wpa_set_ampdu_density(struct wpa_supplicant *wpa_s,
5274 				 struct ieee80211_ht_capabilities *htcaps,
5275 				 struct ieee80211_ht_capabilities *htcaps_mask,
5276 				 int density)
5277 {
5278 	if (density == -1)
5279 		return 0;
5280 
5281 	wpa_msg(wpa_s, MSG_DEBUG, "set_ampdu_density: %d", density);
5282 
5283 	if (density < 0 || density > 7) {
5284 		wpa_msg(wpa_s, MSG_ERROR,
5285 			"ampdu_density: %d out of range. Must be 0-7 or -1.",
5286 			density);
5287 		return -EINVAL;
5288 	}
5289 
5290 	htcaps_mask->a_mpdu_params |= 0x1C;
5291 	htcaps->a_mpdu_params &= ~(0x1C);
5292 	htcaps->a_mpdu_params |= (density << 2) & 0x1C;
5293 
5294 	return 0;
5295 }
5296 
5297 
5298 static int wpa_set_disable_ht40(struct wpa_supplicant *wpa_s,
5299 				struct ieee80211_ht_capabilities *htcaps,
5300 				struct ieee80211_ht_capabilities *htcaps_mask,
5301 				int disabled)
5302 {
5303 	if (disabled)
5304 		wpa_msg(wpa_s, MSG_DEBUG, "set_disable_ht40: %d", disabled);
5305 
5306 	set_disable_ht40(htcaps, disabled);
5307 	set_disable_ht40(htcaps_mask, 0);
5308 
5309 	return 0;
5310 }
5311 
5312 
5313 static int wpa_set_disable_sgi(struct wpa_supplicant *wpa_s,
5314 			       struct ieee80211_ht_capabilities *htcaps,
5315 			       struct ieee80211_ht_capabilities *htcaps_mask,
5316 			       int disabled)
5317 {
5318 	/* Masking these out disables SGI */
5319 	le16 msk = host_to_le16(HT_CAP_INFO_SHORT_GI20MHZ |
5320 				HT_CAP_INFO_SHORT_GI40MHZ);
5321 
5322 	if (disabled)
5323 		wpa_msg(wpa_s, MSG_DEBUG, "set_disable_sgi: %d", disabled);
5324 
5325 	if (disabled)
5326 		htcaps->ht_capabilities_info &= ~msk;
5327 	else
5328 		htcaps->ht_capabilities_info |= msk;
5329 
5330 	htcaps_mask->ht_capabilities_info |= msk;
5331 
5332 	return 0;
5333 }
5334 
5335 
5336 static int wpa_set_disable_ldpc(struct wpa_supplicant *wpa_s,
5337 			       struct ieee80211_ht_capabilities *htcaps,
5338 			       struct ieee80211_ht_capabilities *htcaps_mask,
5339 			       int disabled)
5340 {
5341 	/* Masking these out disables LDPC */
5342 	le16 msk = host_to_le16(HT_CAP_INFO_LDPC_CODING_CAP);
5343 
5344 	if (disabled)
5345 		wpa_msg(wpa_s, MSG_DEBUG, "set_disable_ldpc: %d", disabled);
5346 
5347 	if (disabled)
5348 		htcaps->ht_capabilities_info &= ~msk;
5349 	else
5350 		htcaps->ht_capabilities_info |= msk;
5351 
5352 	htcaps_mask->ht_capabilities_info |= msk;
5353 
5354 	return 0;
5355 }
5356 
5357 
5358 static int wpa_set_tx_stbc(struct wpa_supplicant *wpa_s,
5359 			   struct ieee80211_ht_capabilities *htcaps,
5360 			   struct ieee80211_ht_capabilities *htcaps_mask,
5361 			   int tx_stbc)
5362 {
5363 	le16 msk = host_to_le16(HT_CAP_INFO_TX_STBC);
5364 
5365 	if (tx_stbc == -1)
5366 		return 0;
5367 
5368 	wpa_msg(wpa_s, MSG_DEBUG, "set_tx_stbc: %d", tx_stbc);
5369 
5370 	if (tx_stbc < 0 || tx_stbc > 1) {
5371 		wpa_msg(wpa_s, MSG_ERROR,
5372 			"tx_stbc: %d out of range. Must be 0-1 or -1", tx_stbc);
5373 		return -EINVAL;
5374 	}
5375 
5376 	htcaps_mask->ht_capabilities_info |= msk;
5377 	htcaps->ht_capabilities_info &= ~msk;
5378 	htcaps->ht_capabilities_info |= (tx_stbc << 7) & msk;
5379 
5380 	return 0;
5381 }
5382 
5383 
5384 static int wpa_set_rx_stbc(struct wpa_supplicant *wpa_s,
5385 			   struct ieee80211_ht_capabilities *htcaps,
5386 			   struct ieee80211_ht_capabilities *htcaps_mask,
5387 			   int rx_stbc)
5388 {
5389 	le16 msk = host_to_le16(HT_CAP_INFO_RX_STBC_MASK);
5390 
5391 	if (rx_stbc == -1)
5392 		return 0;
5393 
5394 	wpa_msg(wpa_s, MSG_DEBUG, "set_rx_stbc: %d", rx_stbc);
5395 
5396 	if (rx_stbc < 0 || rx_stbc > 3) {
5397 		wpa_msg(wpa_s, MSG_ERROR,
5398 			"rx_stbc: %d out of range. Must be 0-3 or -1", rx_stbc);
5399 		return -EINVAL;
5400 	}
5401 
5402 	htcaps_mask->ht_capabilities_info |= msk;
5403 	htcaps->ht_capabilities_info &= ~msk;
5404 	htcaps->ht_capabilities_info |= (rx_stbc << 8) & msk;
5405 
5406 	return 0;
5407 }
5408 
5409 
5410 void wpa_supplicant_apply_ht_overrides(
5411 	struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid,
5412 	struct wpa_driver_associate_params *params)
5413 {
5414 	struct ieee80211_ht_capabilities *htcaps;
5415 	struct ieee80211_ht_capabilities *htcaps_mask;
5416 
5417 	if (!ssid)
5418 		return;
5419 
5420 	params->disable_ht = ssid->disable_ht;
5421 	if (!params->htcaps || !params->htcaps_mask)
5422 		return;
5423 
5424 	htcaps = (struct ieee80211_ht_capabilities *) params->htcaps;
5425 	htcaps_mask = (struct ieee80211_ht_capabilities *) params->htcaps_mask;
5426 	wpa_set_htcap_mcs(wpa_s, htcaps, htcaps_mask, ssid->ht_mcs);
5427 	wpa_disable_max_amsdu(wpa_s, htcaps, htcaps_mask,
5428 			      ssid->disable_max_amsdu);
5429 	wpa_set_ampdu_factor(wpa_s, htcaps, htcaps_mask, ssid->ampdu_factor);
5430 	wpa_set_ampdu_density(wpa_s, htcaps, htcaps_mask, ssid->ampdu_density);
5431 	wpa_set_disable_ht40(wpa_s, htcaps, htcaps_mask, ssid->disable_ht40);
5432 	wpa_set_disable_sgi(wpa_s, htcaps, htcaps_mask, ssid->disable_sgi);
5433 	wpa_set_disable_ldpc(wpa_s, htcaps, htcaps_mask, ssid->disable_ldpc);
5434 	wpa_set_rx_stbc(wpa_s, htcaps, htcaps_mask, ssid->rx_stbc);
5435 	wpa_set_tx_stbc(wpa_s, htcaps, htcaps_mask, ssid->tx_stbc);
5436 
5437 	if (ssid->ht40_intolerant) {
5438 		le16 bit = host_to_le16(HT_CAP_INFO_40MHZ_INTOLERANT);
5439 		htcaps->ht_capabilities_info |= bit;
5440 		htcaps_mask->ht_capabilities_info |= bit;
5441 	}
5442 }
5443 
5444 #endif /* CONFIG_HT_OVERRIDES */
5445 
5446 
5447 #ifdef CONFIG_VHT_OVERRIDES
5448 void wpa_supplicant_apply_vht_overrides(
5449 	struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid,
5450 	struct wpa_driver_associate_params *params)
5451 {
5452 	struct ieee80211_vht_capabilities *vhtcaps;
5453 	struct ieee80211_vht_capabilities *vhtcaps_mask;
5454 
5455 	if (!ssid)
5456 		return;
5457 
5458 	params->disable_vht = ssid->disable_vht;
5459 
5460 	vhtcaps = (void *) params->vhtcaps;
5461 	vhtcaps_mask = (void *) params->vhtcaps_mask;
5462 
5463 	if (!vhtcaps || !vhtcaps_mask)
5464 		return;
5465 
5466 	vhtcaps->vht_capabilities_info = host_to_le32(ssid->vht_capa);
5467 	vhtcaps_mask->vht_capabilities_info = host_to_le32(ssid->vht_capa_mask);
5468 
5469 #ifdef CONFIG_HT_OVERRIDES
5470 	if (ssid->disable_sgi) {
5471 		vhtcaps_mask->vht_capabilities_info |= (VHT_CAP_SHORT_GI_80 |
5472 							VHT_CAP_SHORT_GI_160);
5473 		vhtcaps->vht_capabilities_info &= ~(VHT_CAP_SHORT_GI_80 |
5474 						    VHT_CAP_SHORT_GI_160);
5475 		wpa_msg(wpa_s, MSG_DEBUG,
5476 			"disable-sgi override specified, vht-caps: 0x%x",
5477 			vhtcaps->vht_capabilities_info);
5478 	}
5479 
5480 	/* if max ampdu is <= 3, we have to make the HT cap the same */
5481 	if (ssid->vht_capa_mask & VHT_CAP_MAX_A_MPDU_LENGTH_EXPONENT_MAX) {
5482 		int max_ampdu;
5483 
5484 		max_ampdu = (ssid->vht_capa &
5485 			     VHT_CAP_MAX_A_MPDU_LENGTH_EXPONENT_MAX) >>
5486 			VHT_CAP_MAX_A_MPDU_LENGTH_EXPONENT_MAX_SHIFT;
5487 
5488 		max_ampdu = max_ampdu < 3 ? max_ampdu : 3;
5489 		wpa_set_ampdu_factor(wpa_s,
5490 				     (void *) params->htcaps,
5491 				     (void *) params->htcaps_mask,
5492 				     max_ampdu);
5493 	}
5494 #endif /* CONFIG_HT_OVERRIDES */
5495 
5496 #define OVERRIDE_MCS(i)							\
5497 	if (ssid->vht_tx_mcs_nss_ ##i >= 0) {				\
5498 		vhtcaps_mask->vht_supported_mcs_set.tx_map |=		\
5499 			host_to_le16(3 << 2 * (i - 1));			\
5500 		vhtcaps->vht_supported_mcs_set.tx_map |=		\
5501 			host_to_le16(ssid->vht_tx_mcs_nss_ ##i <<	\
5502 				     2 * (i - 1));			\
5503 	}								\
5504 	if (ssid->vht_rx_mcs_nss_ ##i >= 0) {				\
5505 		vhtcaps_mask->vht_supported_mcs_set.rx_map |=		\
5506 			host_to_le16(3 << 2 * (i - 1));			\
5507 		vhtcaps->vht_supported_mcs_set.rx_map |=		\
5508 			host_to_le16(ssid->vht_rx_mcs_nss_ ##i <<	\
5509 				     2 * (i - 1));			\
5510 	}
5511 
5512 	OVERRIDE_MCS(1);
5513 	OVERRIDE_MCS(2);
5514 	OVERRIDE_MCS(3);
5515 	OVERRIDE_MCS(4);
5516 	OVERRIDE_MCS(5);
5517 	OVERRIDE_MCS(6);
5518 	OVERRIDE_MCS(7);
5519 	OVERRIDE_MCS(8);
5520 }
5521 #endif /* CONFIG_VHT_OVERRIDES */
5522 
5523 
5524 #ifdef CONFIG_HE_OVERRIDES
5525 void wpa_supplicant_apply_he_overrides(
5526 	struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid,
5527 	struct wpa_driver_associate_params *params)
5528 {
5529 	if (!ssid)
5530 		return;
5531 
5532 	params->disable_he = ssid->disable_he;
5533 }
5534 #endif /* CONFIG_HE_OVERRIDES */
5535 
5536 
5537 static int pcsc_reader_init(struct wpa_supplicant *wpa_s)
5538 {
5539 #ifdef PCSC_FUNCS
5540 	size_t len;
5541 
5542 	if (!wpa_s->conf->pcsc_reader)
5543 		return 0;
5544 
5545 	wpa_s->scard = scard_init(wpa_s->conf->pcsc_reader);
5546 	if (!wpa_s->scard)
5547 		return 1;
5548 
5549 	if (wpa_s->conf->pcsc_pin &&
5550 	    scard_set_pin(wpa_s->scard, wpa_s->conf->pcsc_pin) < 0) {
5551 		scard_deinit(wpa_s->scard);
5552 		wpa_s->scard = NULL;
5553 		wpa_msg(wpa_s, MSG_ERROR, "PC/SC PIN validation failed");
5554 		return -1;
5555 	}
5556 
5557 	len = sizeof(wpa_s->imsi) - 1;
5558 	if (scard_get_imsi(wpa_s->scard, wpa_s->imsi, &len)) {
5559 		scard_deinit(wpa_s->scard);
5560 		wpa_s->scard = NULL;
5561 		wpa_msg(wpa_s, MSG_ERROR, "Could not read IMSI");
5562 		return -1;
5563 	}
5564 	wpa_s->imsi[len] = '\0';
5565 
5566 	wpa_s->mnc_len = scard_get_mnc_len(wpa_s->scard);
5567 
5568 	wpa_printf(MSG_DEBUG, "SCARD: IMSI %s (MNC length %d)",
5569 		   wpa_s->imsi, wpa_s->mnc_len);
5570 
5571 	wpa_sm_set_scard_ctx(wpa_s->wpa, wpa_s->scard);
5572 	eapol_sm_register_scard_ctx(wpa_s->eapol, wpa_s->scard);
5573 #endif /* PCSC_FUNCS */
5574 
5575 	return 0;
5576 }
5577 
5578 
5579 int wpas_init_ext_pw(struct wpa_supplicant *wpa_s)
5580 {
5581 	char *val, *pos;
5582 
5583 	ext_password_deinit(wpa_s->ext_pw);
5584 	wpa_s->ext_pw = NULL;
5585 	eapol_sm_set_ext_pw_ctx(wpa_s->eapol, NULL);
5586 
5587 	if (!wpa_s->conf->ext_password_backend)
5588 		return 0;
5589 
5590 	val = os_strdup(wpa_s->conf->ext_password_backend);
5591 	if (val == NULL)
5592 		return -1;
5593 	pos = os_strchr(val, ':');
5594 	if (pos)
5595 		*pos++ = '\0';
5596 
5597 	wpa_printf(MSG_DEBUG, "EXT PW: Initialize backend '%s'", val);
5598 
5599 	wpa_s->ext_pw = ext_password_init(val, pos);
5600 	os_free(val);
5601 	if (wpa_s->ext_pw == NULL) {
5602 		wpa_printf(MSG_DEBUG, "EXT PW: Failed to initialize backend");
5603 		return -1;
5604 	}
5605 	eapol_sm_set_ext_pw_ctx(wpa_s->eapol, wpa_s->ext_pw);
5606 
5607 	return 0;
5608 }
5609 
5610 
5611 #ifdef CONFIG_FST
5612 
5613 static const u8 * wpas_fst_get_bssid_cb(void *ctx)
5614 {
5615 	struct wpa_supplicant *wpa_s = ctx;
5616 
5617 	return (is_zero_ether_addr(wpa_s->bssid) ||
5618 		wpa_s->wpa_state != WPA_COMPLETED) ? NULL : wpa_s->bssid;
5619 }
5620 
5621 
5622 static void wpas_fst_get_channel_info_cb(void *ctx,
5623 					 enum hostapd_hw_mode *hw_mode,
5624 					 u8 *channel)
5625 {
5626 	struct wpa_supplicant *wpa_s = ctx;
5627 
5628 	if (wpa_s->current_bss) {
5629 		*hw_mode = ieee80211_freq_to_chan(wpa_s->current_bss->freq,
5630 						  channel);
5631 	} else if (wpa_s->hw.num_modes) {
5632 		*hw_mode = wpa_s->hw.modes[0].mode;
5633 	} else {
5634 		WPA_ASSERT(0);
5635 		*hw_mode = 0;
5636 	}
5637 }
5638 
5639 
5640 static int wpas_fst_get_hw_modes(void *ctx, struct hostapd_hw_modes **modes)
5641 {
5642 	struct wpa_supplicant *wpa_s = ctx;
5643 
5644 	*modes = wpa_s->hw.modes;
5645 	return wpa_s->hw.num_modes;
5646 }
5647 
5648 
5649 static void wpas_fst_set_ies_cb(void *ctx, const struct wpabuf *fst_ies)
5650 {
5651 	struct wpa_supplicant *wpa_s = ctx;
5652 
5653 	wpa_hexdump_buf(MSG_DEBUG, "FST: Set IEs", fst_ies);
5654 	wpa_s->fst_ies = fst_ies;
5655 }
5656 
5657 
5658 static int wpas_fst_send_action_cb(void *ctx, const u8 *da, struct wpabuf *data)
5659 {
5660 	struct wpa_supplicant *wpa_s = ctx;
5661 
5662 	if (os_memcmp(wpa_s->bssid, da, ETH_ALEN) != 0) {
5663 		wpa_printf(MSG_INFO, "FST:%s:bssid=" MACSTR " != da=" MACSTR,
5664 			   __func__, MAC2STR(wpa_s->bssid), MAC2STR(da));
5665 		return -1;
5666 	}
5667 	return wpa_drv_send_action(wpa_s, wpa_s->assoc_freq, 0, wpa_s->bssid,
5668 				   wpa_s->own_addr, wpa_s->bssid,
5669 				   wpabuf_head(data), wpabuf_len(data),
5670 				   0);
5671 }
5672 
5673 
5674 static const struct wpabuf * wpas_fst_get_mb_ie_cb(void *ctx, const u8 *addr)
5675 {
5676 	struct wpa_supplicant *wpa_s = ctx;
5677 
5678 	WPA_ASSERT(os_memcmp(wpa_s->bssid, addr, ETH_ALEN) == 0);
5679 	return wpa_s->received_mb_ies;
5680 }
5681 
5682 
5683 static void wpas_fst_update_mb_ie_cb(void *ctx, const u8 *addr,
5684 				     const u8 *buf, size_t size)
5685 {
5686 	struct wpa_supplicant *wpa_s = ctx;
5687 	struct mb_ies_info info;
5688 
5689 	WPA_ASSERT(os_memcmp(wpa_s->bssid, addr, ETH_ALEN) == 0);
5690 
5691 	if (!mb_ies_info_by_ies(&info, buf, size)) {
5692 		wpabuf_free(wpa_s->received_mb_ies);
5693 		wpa_s->received_mb_ies = mb_ies_by_info(&info);
5694 	}
5695 }
5696 
5697 
5698 static const u8 * wpas_fst_get_peer_first(void *ctx,
5699 					  struct fst_get_peer_ctx **get_ctx,
5700 					  bool mb_only)
5701 {
5702 	struct wpa_supplicant *wpa_s = ctx;
5703 
5704 	*get_ctx = NULL;
5705 	if (!is_zero_ether_addr(wpa_s->bssid))
5706 		return (wpa_s->received_mb_ies || !mb_only) ?
5707 			wpa_s->bssid : NULL;
5708 	return NULL;
5709 }
5710 
5711 
5712 static const u8 * wpas_fst_get_peer_next(void *ctx,
5713 					 struct fst_get_peer_ctx **get_ctx,
5714 					 bool mb_only)
5715 {
5716 	return NULL;
5717 }
5718 
5719 void fst_wpa_supplicant_fill_iface_obj(struct wpa_supplicant *wpa_s,
5720 				       struct fst_wpa_obj *iface_obj)
5721 {
5722 	iface_obj->ctx              = wpa_s;
5723 	iface_obj->get_bssid        = wpas_fst_get_bssid_cb;
5724 	iface_obj->get_channel_info = wpas_fst_get_channel_info_cb;
5725 	iface_obj->get_hw_modes     = wpas_fst_get_hw_modes;
5726 	iface_obj->set_ies          = wpas_fst_set_ies_cb;
5727 	iface_obj->send_action      = wpas_fst_send_action_cb;
5728 	iface_obj->get_mb_ie        = wpas_fst_get_mb_ie_cb;
5729 	iface_obj->update_mb_ie     = wpas_fst_update_mb_ie_cb;
5730 	iface_obj->get_peer_first   = wpas_fst_get_peer_first;
5731 	iface_obj->get_peer_next    = wpas_fst_get_peer_next;
5732 }
5733 #endif /* CONFIG_FST */
5734 
5735 static int wpas_set_wowlan_triggers(struct wpa_supplicant *wpa_s,
5736 				    const struct wpa_driver_capa *capa)
5737 {
5738 	struct wowlan_triggers *triggers;
5739 	int ret = 0;
5740 
5741 	if (!wpa_s->conf->wowlan_triggers)
5742 		return 0;
5743 
5744 	triggers = wpa_get_wowlan_triggers(wpa_s->conf->wowlan_triggers, capa);
5745 	if (triggers) {
5746 		ret = wpa_drv_wowlan(wpa_s, triggers);
5747 		os_free(triggers);
5748 	}
5749 	return ret;
5750 }
5751 
5752 
5753 enum wpa_radio_work_band wpas_freq_to_band(int freq)
5754 {
5755 	if (freq < 3000)
5756 		return BAND_2_4_GHZ;
5757 	if (freq > 50000)
5758 		return BAND_60_GHZ;
5759 	return BAND_5_GHZ;
5760 }
5761 
5762 
5763 unsigned int wpas_get_bands(struct wpa_supplicant *wpa_s, const int *freqs)
5764 {
5765 	int i;
5766 	unsigned int band = 0;
5767 
5768 	if (freqs) {
5769 		/* freqs are specified for the radio work */
5770 		for (i = 0; freqs[i]; i++)
5771 			band |= wpas_freq_to_band(freqs[i]);
5772 	} else {
5773 		/*
5774 		 * freqs are not specified, implies all
5775 		 * the supported freqs by HW
5776 		 */
5777 		for (i = 0; i < wpa_s->hw.num_modes; i++) {
5778 			if (wpa_s->hw.modes[i].num_channels != 0) {
5779 				if (wpa_s->hw.modes[i].mode ==
5780 				    HOSTAPD_MODE_IEEE80211B ||
5781 				    wpa_s->hw.modes[i].mode ==
5782 				    HOSTAPD_MODE_IEEE80211G)
5783 					band |= BAND_2_4_GHZ;
5784 				else if (wpa_s->hw.modes[i].mode ==
5785 					 HOSTAPD_MODE_IEEE80211A)
5786 					band |= BAND_5_GHZ;
5787 				else if (wpa_s->hw.modes[i].mode ==
5788 					 HOSTAPD_MODE_IEEE80211AD)
5789 					band |= BAND_60_GHZ;
5790 				else if (wpa_s->hw.modes[i].mode ==
5791 					 HOSTAPD_MODE_IEEE80211ANY)
5792 					band = BAND_2_4_GHZ | BAND_5_GHZ |
5793 						BAND_60_GHZ;
5794 			}
5795 		}
5796 	}
5797 
5798 	return band;
5799 }
5800 
5801 
5802 static struct wpa_radio * radio_add_interface(struct wpa_supplicant *wpa_s,
5803 					      const char *rn)
5804 {
5805 	struct wpa_supplicant *iface = wpa_s->global->ifaces;
5806 	struct wpa_radio *radio;
5807 
5808 	while (rn && iface) {
5809 		radio = iface->radio;
5810 		if (radio && os_strcmp(rn, radio->name) == 0) {
5811 			wpa_printf(MSG_DEBUG, "Add interface %s to existing radio %s",
5812 				   wpa_s->ifname, rn);
5813 			dl_list_add(&radio->ifaces, &wpa_s->radio_list);
5814 			return radio;
5815 		}
5816 
5817 		iface = iface->next;
5818 	}
5819 
5820 	wpa_printf(MSG_DEBUG, "Add interface %s to a new radio %s",
5821 		   wpa_s->ifname, rn ? rn : "N/A");
5822 	radio = os_zalloc(sizeof(*radio));
5823 	if (radio == NULL)
5824 		return NULL;
5825 
5826 	if (rn)
5827 		os_strlcpy(radio->name, rn, sizeof(radio->name));
5828 	dl_list_init(&radio->ifaces);
5829 	dl_list_init(&radio->work);
5830 	dl_list_add(&radio->ifaces, &wpa_s->radio_list);
5831 
5832 	return radio;
5833 }
5834 
5835 
5836 static void radio_work_free(struct wpa_radio_work *work)
5837 {
5838 	if (work->wpa_s->scan_work == work) {
5839 		/* This should not really happen. */
5840 		wpa_dbg(work->wpa_s, MSG_INFO, "Freeing radio work '%s'@%p (started=%d) that is marked as scan_work",
5841 			work->type, work, work->started);
5842 		work->wpa_s->scan_work = NULL;
5843 	}
5844 
5845 #ifdef CONFIG_P2P
5846 	if (work->wpa_s->p2p_scan_work == work) {
5847 		/* This should not really happen. */
5848 		wpa_dbg(work->wpa_s, MSG_INFO, "Freeing radio work '%s'@%p (started=%d) that is marked as p2p_scan_work",
5849 			work->type, work, work->started);
5850 		work->wpa_s->p2p_scan_work = NULL;
5851 	}
5852 #endif /* CONFIG_P2P */
5853 
5854 	if (work->started) {
5855 		work->wpa_s->radio->num_active_works--;
5856 		wpa_dbg(work->wpa_s, MSG_DEBUG,
5857 			"radio_work_free('%s'@%p): num_active_works --> %u",
5858 			work->type, work,
5859 			work->wpa_s->radio->num_active_works);
5860 	}
5861 
5862 	dl_list_del(&work->list);
5863 	os_free(work);
5864 }
5865 
5866 
5867 static int radio_work_is_connect(struct wpa_radio_work *work)
5868 {
5869 	return os_strcmp(work->type, "sme-connect") == 0 ||
5870 		os_strcmp(work->type, "connect") == 0;
5871 }
5872 
5873 
5874 static int radio_work_is_scan(struct wpa_radio_work *work)
5875 {
5876 	return os_strcmp(work->type, "scan") == 0 ||
5877 		os_strcmp(work->type, "p2p-scan") == 0;
5878 }
5879 
5880 
5881 static struct wpa_radio_work * radio_work_get_next_work(struct wpa_radio *radio)
5882 {
5883 	struct wpa_radio_work *active_work = NULL;
5884 	struct wpa_radio_work *tmp;
5885 
5886 	/* Get the active work to know the type and band. */
5887 	dl_list_for_each(tmp, &radio->work, struct wpa_radio_work, list) {
5888 		if (tmp->started) {
5889 			active_work = tmp;
5890 			break;
5891 		}
5892 	}
5893 
5894 	if (!active_work) {
5895 		/* No active work, start one */
5896 		radio->num_active_works = 0;
5897 		dl_list_for_each(tmp, &radio->work, struct wpa_radio_work,
5898 				 list) {
5899 			if (os_strcmp(tmp->type, "scan") == 0 &&
5900 			    external_scan_running(radio) &&
5901 			    (((struct wpa_driver_scan_params *)
5902 			      tmp->ctx)->only_new_results ||
5903 			     tmp->wpa_s->clear_driver_scan_cache))
5904 				continue;
5905 			return tmp;
5906 		}
5907 		return NULL;
5908 	}
5909 
5910 	if (radio_work_is_connect(active_work)) {
5911 		/*
5912 		 * If the active work is either connect or sme-connect,
5913 		 * do not parallelize them with other radio works.
5914 		 */
5915 		wpa_dbg(active_work->wpa_s, MSG_DEBUG,
5916 			"Do not parallelize radio work with %s",
5917 			active_work->type);
5918 		return NULL;
5919 	}
5920 
5921 	dl_list_for_each(tmp, &radio->work, struct wpa_radio_work, list) {
5922 		if (tmp->started)
5923 			continue;
5924 
5925 		/*
5926 		 * If connect or sme-connect are enqueued, parallelize only
5927 		 * those operations ahead of them in the queue.
5928 		 */
5929 		if (radio_work_is_connect(tmp))
5930 			break;
5931 
5932 		/* Serialize parallel scan and p2p_scan operations on the same
5933 		 * interface since the driver_nl80211 mechanism for tracking
5934 		 * scan cookies does not yet have support for this. */
5935 		if (active_work->wpa_s == tmp->wpa_s &&
5936 		    radio_work_is_scan(active_work) &&
5937 		    radio_work_is_scan(tmp)) {
5938 			wpa_dbg(active_work->wpa_s, MSG_DEBUG,
5939 				"Do not start work '%s' when another work '%s' is already scheduled",
5940 				tmp->type, active_work->type);
5941 			continue;
5942 		}
5943 		/*
5944 		 * Check that the radio works are distinct and
5945 		 * on different bands.
5946 		 */
5947 		if (os_strcmp(active_work->type, tmp->type) != 0 &&
5948 		    (active_work->bands != tmp->bands)) {
5949 			/*
5950 			 * If a scan has to be scheduled through nl80211 scan
5951 			 * interface and if an external scan is already running,
5952 			 * do not schedule the scan since it is likely to get
5953 			 * rejected by kernel.
5954 			 */
5955 			if (os_strcmp(tmp->type, "scan") == 0 &&
5956 			    external_scan_running(radio) &&
5957 			    (((struct wpa_driver_scan_params *)
5958 			      tmp->ctx)->only_new_results ||
5959 			     tmp->wpa_s->clear_driver_scan_cache))
5960 				continue;
5961 
5962 			wpa_dbg(active_work->wpa_s, MSG_DEBUG,
5963 				"active_work:%s new_work:%s",
5964 				active_work->type, tmp->type);
5965 			return tmp;
5966 		}
5967 	}
5968 
5969 	/* Did not find a radio work to schedule in parallel. */
5970 	return NULL;
5971 }
5972 
5973 
5974 static void radio_start_next_work(void *eloop_ctx, void *timeout_ctx)
5975 {
5976 	struct wpa_radio *radio = eloop_ctx;
5977 	struct wpa_radio_work *work;
5978 	struct os_reltime now, diff;
5979 	struct wpa_supplicant *wpa_s;
5980 
5981 	work = dl_list_first(&radio->work, struct wpa_radio_work, list);
5982 	if (work == NULL) {
5983 		radio->num_active_works = 0;
5984 		return;
5985 	}
5986 
5987 	wpa_s = dl_list_first(&radio->ifaces, struct wpa_supplicant,
5988 			      radio_list);
5989 
5990 	if (!(wpa_s &&
5991 	      wpa_s->drv_flags & WPA_DRIVER_FLAGS_OFFCHANNEL_SIMULTANEOUS)) {
5992 		if (work->started)
5993 			return; /* already started and still in progress */
5994 
5995 		if (wpa_s && external_scan_running(wpa_s->radio)) {
5996 			wpa_printf(MSG_DEBUG, "Delay radio work start until externally triggered scan completes");
5997 			return;
5998 		}
5999 	} else {
6000 		work = NULL;
6001 		if (radio->num_active_works < MAX_ACTIVE_WORKS) {
6002 			/* get the work to schedule next */
6003 			work = radio_work_get_next_work(radio);
6004 		}
6005 		if (!work)
6006 			return;
6007 	}
6008 
6009 	wpa_s = work->wpa_s;
6010 	os_get_reltime(&now);
6011 	os_reltime_sub(&now, &work->time, &diff);
6012 	wpa_dbg(wpa_s, MSG_DEBUG,
6013 		"Starting radio work '%s'@%p after %ld.%06ld second wait",
6014 		work->type, work, diff.sec, diff.usec);
6015 	work->started = 1;
6016 	work->time = now;
6017 	radio->num_active_works++;
6018 
6019 	work->cb(work, 0);
6020 
6021 	if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_OFFCHANNEL_SIMULTANEOUS) &&
6022 	    radio->num_active_works < MAX_ACTIVE_WORKS)
6023 		radio_work_check_next(wpa_s);
6024 }
6025 
6026 
6027 /*
6028  * This function removes both started and pending radio works running on
6029  * the provided interface's radio.
6030  * Prior to the removal of the radio work, its callback (cb) is called with
6031  * deinit set to be 1. Each work's callback is responsible for clearing its
6032  * internal data and restoring to a correct state.
6033  * @wpa_s: wpa_supplicant data
6034  * @type: type of works to be removed
6035  * @remove_all: 1 to remove all the works on this radio, 0 to remove only
6036  * this interface's works.
6037  */
6038 void radio_remove_works(struct wpa_supplicant *wpa_s,
6039 			const char *type, int remove_all)
6040 {
6041 	struct wpa_radio_work *work, *tmp;
6042 	struct wpa_radio *radio = wpa_s->radio;
6043 
6044 	dl_list_for_each_safe(work, tmp, &radio->work, struct wpa_radio_work,
6045 			      list) {
6046 		if (type && os_strcmp(type, work->type) != 0)
6047 			continue;
6048 
6049 		/* skip other ifaces' works */
6050 		if (!remove_all && work->wpa_s != wpa_s)
6051 			continue;
6052 
6053 		wpa_dbg(wpa_s, MSG_DEBUG, "Remove radio work '%s'@%p%s",
6054 			work->type, work, work->started ? " (started)" : "");
6055 		work->cb(work, 1);
6056 		radio_work_free(work);
6057 	}
6058 
6059 	/* in case we removed the started work */
6060 	radio_work_check_next(wpa_s);
6061 }
6062 
6063 
6064 void radio_remove_pending_work(struct wpa_supplicant *wpa_s, void *ctx)
6065 {
6066 	struct wpa_radio_work *work;
6067 	struct wpa_radio *radio = wpa_s->radio;
6068 
6069 	dl_list_for_each(work, &radio->work, struct wpa_radio_work, list) {
6070 		if (work->ctx != ctx)
6071 			continue;
6072 		wpa_dbg(wpa_s, MSG_DEBUG, "Free pending radio work '%s'@%p%s",
6073 			work->type, work, work->started ? " (started)" : "");
6074 		radio_work_free(work);
6075 		break;
6076 	}
6077 }
6078 
6079 
6080 static void radio_remove_interface(struct wpa_supplicant *wpa_s)
6081 {
6082 	struct wpa_radio *radio = wpa_s->radio;
6083 
6084 	if (!radio)
6085 		return;
6086 
6087 	wpa_printf(MSG_DEBUG, "Remove interface %s from radio %s",
6088 		   wpa_s->ifname, radio->name);
6089 	dl_list_del(&wpa_s->radio_list);
6090 	radio_remove_works(wpa_s, NULL, 0);
6091 	/* If the interface that triggered the external scan was removed, the
6092 	 * external scan is no longer running. */
6093 	if (wpa_s == radio->external_scan_req_interface)
6094 		radio->external_scan_req_interface = NULL;
6095 	wpa_s->radio = NULL;
6096 	if (!dl_list_empty(&radio->ifaces))
6097 		return; /* Interfaces remain for this radio */
6098 
6099 	wpa_printf(MSG_DEBUG, "Remove radio %s", radio->name);
6100 	eloop_cancel_timeout(radio_start_next_work, radio, NULL);
6101 	os_free(radio);
6102 }
6103 
6104 
6105 void radio_work_check_next(struct wpa_supplicant *wpa_s)
6106 {
6107 	struct wpa_radio *radio = wpa_s->radio;
6108 
6109 	if (dl_list_empty(&radio->work))
6110 		return;
6111 	if (wpa_s->ext_work_in_progress) {
6112 		wpa_printf(MSG_DEBUG,
6113 			   "External radio work in progress - delay start of pending item");
6114 		return;
6115 	}
6116 	eloop_cancel_timeout(radio_start_next_work, radio, NULL);
6117 	eloop_register_timeout(0, 0, radio_start_next_work, radio, NULL);
6118 }
6119 
6120 
6121 /**
6122  * radio_add_work - Add a radio work item
6123  * @wpa_s: Pointer to wpa_supplicant data
6124  * @freq: Frequency of the offchannel operation in MHz or 0
6125  * @type: Unique identifier for each type of work
6126  * @next: Force as the next work to be executed
6127  * @cb: Callback function for indicating when radio is available
6128  * @ctx: Context pointer for the work (work->ctx in cb())
6129  * Returns: 0 on success, -1 on failure
6130  *
6131  * This function is used to request time for an operation that requires
6132  * exclusive radio control. Once the radio is available, the registered callback
6133  * function will be called. radio_work_done() must be called once the exclusive
6134  * radio operation has been completed, so that the radio is freed for other
6135  * operations. The special case of deinit=1 is used to free the context data
6136  * during interface removal. That does not allow the callback function to start
6137  * the radio operation, i.e., it must free any resources allocated for the radio
6138  * work and return.
6139  *
6140  * The @freq parameter can be used to indicate a single channel on which the
6141  * offchannel operation will occur. This may allow multiple radio work
6142  * operations to be performed in parallel if they apply for the same channel.
6143  * Setting this to 0 indicates that the work item may use multiple channels or
6144  * requires exclusive control of the radio.
6145  */
6146 int radio_add_work(struct wpa_supplicant *wpa_s, unsigned int freq,
6147 		   const char *type, int next,
6148 		   void (*cb)(struct wpa_radio_work *work, int deinit),
6149 		   void *ctx)
6150 {
6151 	struct wpa_radio *radio = wpa_s->radio;
6152 	struct wpa_radio_work *work;
6153 	int was_empty;
6154 
6155 	work = os_zalloc(sizeof(*work));
6156 	if (work == NULL)
6157 		return -1;
6158 	wpa_dbg(wpa_s, MSG_DEBUG, "Add radio work '%s'@%p", type, work);
6159 	os_get_reltime(&work->time);
6160 	work->freq = freq;
6161 	work->type = type;
6162 	work->wpa_s = wpa_s;
6163 	work->cb = cb;
6164 	work->ctx = ctx;
6165 
6166 	if (freq)
6167 		work->bands = wpas_freq_to_band(freq);
6168 	else if (os_strcmp(type, "scan") == 0 ||
6169 		 os_strcmp(type, "p2p-scan") == 0)
6170 		work->bands = wpas_get_bands(wpa_s,
6171 					     ((struct wpa_driver_scan_params *)
6172 					      ctx)->freqs);
6173 	else
6174 		work->bands = wpas_get_bands(wpa_s, NULL);
6175 
6176 	was_empty = dl_list_empty(&wpa_s->radio->work);
6177 	if (next)
6178 		dl_list_add(&wpa_s->radio->work, &work->list);
6179 	else
6180 		dl_list_add_tail(&wpa_s->radio->work, &work->list);
6181 	if (was_empty) {
6182 		wpa_dbg(wpa_s, MSG_DEBUG, "First radio work item in the queue - schedule start immediately");
6183 		radio_work_check_next(wpa_s);
6184 	} else if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_OFFCHANNEL_SIMULTANEOUS)
6185 		   && radio->num_active_works < MAX_ACTIVE_WORKS) {
6186 		wpa_dbg(wpa_s, MSG_DEBUG,
6187 			"Try to schedule a radio work (num_active_works=%u)",
6188 			radio->num_active_works);
6189 		radio_work_check_next(wpa_s);
6190 	}
6191 
6192 	return 0;
6193 }
6194 
6195 
6196 /**
6197  * radio_work_done - Indicate that a radio work item has been completed
6198  * @work: Completed work
6199  *
6200  * This function is called once the callback function registered with
6201  * radio_add_work() has completed its work.
6202  */
6203 void radio_work_done(struct wpa_radio_work *work)
6204 {
6205 	struct wpa_supplicant *wpa_s = work->wpa_s;
6206 	struct os_reltime now, diff;
6207 	unsigned int started = work->started;
6208 
6209 	os_get_reltime(&now);
6210 	os_reltime_sub(&now, &work->time, &diff);
6211 	wpa_dbg(wpa_s, MSG_DEBUG, "Radio work '%s'@%p %s in %ld.%06ld seconds",
6212 		work->type, work, started ? "done" : "canceled",
6213 		diff.sec, diff.usec);
6214 	radio_work_free(work);
6215 	if (started)
6216 		radio_work_check_next(wpa_s);
6217 }
6218 
6219 
6220 struct wpa_radio_work *
6221 radio_work_pending(struct wpa_supplicant *wpa_s, const char *type)
6222 {
6223 	struct wpa_radio_work *work;
6224 	struct wpa_radio *radio = wpa_s->radio;
6225 
6226 	dl_list_for_each(work, &radio->work, struct wpa_radio_work, list) {
6227 		if (work->wpa_s == wpa_s && os_strcmp(work->type, type) == 0)
6228 			return work;
6229 	}
6230 
6231 	return NULL;
6232 }
6233 
6234 
6235 static int wpas_init_driver(struct wpa_supplicant *wpa_s,
6236 			    const struct wpa_interface *iface)
6237 {
6238 	const char *ifname, *driver, *rn;
6239 
6240 	driver = iface->driver;
6241 next_driver:
6242 	if (wpa_supplicant_set_driver(wpa_s, driver) < 0)
6243 		return -1;
6244 
6245 	wpa_s->drv_priv = wpa_drv_init(wpa_s, wpa_s->ifname);
6246 	if (wpa_s->drv_priv == NULL) {
6247 		const char *pos;
6248 		int level = MSG_ERROR;
6249 
6250 		pos = driver ? os_strchr(driver, ',') : NULL;
6251 		if (pos) {
6252 			wpa_dbg(wpa_s, MSG_DEBUG, "Failed to initialize "
6253 				"driver interface - try next driver wrapper");
6254 			driver = pos + 1;
6255 			goto next_driver;
6256 		}
6257 
6258 #ifdef CONFIG_MATCH_IFACE
6259 		if (wpa_s->matched == WPA_IFACE_MATCHED_NULL)
6260 			level = MSG_DEBUG;
6261 #endif /* CONFIG_MATCH_IFACE */
6262 		wpa_msg(wpa_s, level, "Failed to initialize driver interface");
6263 		return -1;
6264 	}
6265 	if (wpa_drv_set_param(wpa_s, wpa_s->conf->driver_param) < 0) {
6266 		wpa_msg(wpa_s, MSG_ERROR, "Driver interface rejected "
6267 			"driver_param '%s'", wpa_s->conf->driver_param);
6268 		return -1;
6269 	}
6270 
6271 	ifname = wpa_drv_get_ifname(wpa_s);
6272 	if (ifname && os_strcmp(ifname, wpa_s->ifname) != 0) {
6273 		wpa_dbg(wpa_s, MSG_DEBUG, "Driver interface replaced "
6274 			"interface name with '%s'", ifname);
6275 		os_strlcpy(wpa_s->ifname, ifname, sizeof(wpa_s->ifname));
6276 	}
6277 
6278 	rn = wpa_driver_get_radio_name(wpa_s);
6279 	if (rn && rn[0] == '\0')
6280 		rn = NULL;
6281 
6282 	wpa_s->radio = radio_add_interface(wpa_s, rn);
6283 	if (wpa_s->radio == NULL)
6284 		return -1;
6285 
6286 	return 0;
6287 }
6288 
6289 
6290 #ifdef CONFIG_GAS_SERVER
6291 
6292 static void wpas_gas_server_tx_status(struct wpa_supplicant *wpa_s,
6293 				      unsigned int freq, const u8 *dst,
6294 				      const u8 *src, const u8 *bssid,
6295 				      const u8 *data, size_t data_len,
6296 				      enum offchannel_send_action_result result)
6297 {
6298 	wpa_printf(MSG_DEBUG, "GAS: TX status: freq=%u dst=" MACSTR
6299 		   " result=%s",
6300 		   freq, MAC2STR(dst),
6301 		   result == OFFCHANNEL_SEND_ACTION_SUCCESS ? "SUCCESS" :
6302 		   (result == OFFCHANNEL_SEND_ACTION_NO_ACK ? "no-ACK" :
6303 		    "FAILED"));
6304 	gas_server_tx_status(wpa_s->gas_server, dst, data, data_len,
6305 			     result == OFFCHANNEL_SEND_ACTION_SUCCESS);
6306 }
6307 
6308 
6309 static void wpas_gas_server_tx(void *ctx, int freq, const u8 *da,
6310 			       struct wpabuf *buf, unsigned int wait_time)
6311 {
6312 	struct wpa_supplicant *wpa_s = ctx;
6313 	const u8 broadcast[ETH_ALEN] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
6314 
6315 	if (wait_time > wpa_s->max_remain_on_chan)
6316 		wait_time = wpa_s->max_remain_on_chan;
6317 
6318 	offchannel_send_action(wpa_s, freq, da, wpa_s->own_addr, broadcast,
6319 			       wpabuf_head(buf), wpabuf_len(buf),
6320 			       wait_time, wpas_gas_server_tx_status, 0);
6321 }
6322 
6323 #endif /* CONFIG_GAS_SERVER */
6324 
6325 static int wpa_supplicant_init_iface(struct wpa_supplicant *wpa_s,
6326 				     const struct wpa_interface *iface)
6327 {
6328 	struct wpa_driver_capa capa;
6329 	int capa_res;
6330 	u8 dfs_domain;
6331 
6332 	wpa_printf(MSG_DEBUG, "Initializing interface '%s' conf '%s' driver "
6333 		   "'%s' ctrl_interface '%s' bridge '%s'", iface->ifname,
6334 		   iface->confname ? iface->confname : "N/A",
6335 		   iface->driver ? iface->driver : "default",
6336 		   iface->ctrl_interface ? iface->ctrl_interface : "N/A",
6337 		   iface->bridge_ifname ? iface->bridge_ifname : "N/A");
6338 
6339 	if (iface->confname) {
6340 #ifdef CONFIG_BACKEND_FILE
6341 		wpa_s->confname = os_rel2abs_path(iface->confname);
6342 		if (wpa_s->confname == NULL) {
6343 			wpa_printf(MSG_ERROR, "Failed to get absolute path "
6344 				   "for configuration file '%s'.",
6345 				   iface->confname);
6346 			return -1;
6347 		}
6348 		wpa_printf(MSG_DEBUG, "Configuration file '%s' -> '%s'",
6349 			   iface->confname, wpa_s->confname);
6350 #else /* CONFIG_BACKEND_FILE */
6351 		wpa_s->confname = os_strdup(iface->confname);
6352 #endif /* CONFIG_BACKEND_FILE */
6353 		wpa_s->conf = wpa_config_read(wpa_s->confname, NULL);
6354 		if (wpa_s->conf == NULL) {
6355 			wpa_printf(MSG_ERROR, "Failed to read or parse "
6356 				   "configuration '%s'.", wpa_s->confname);
6357 			return -1;
6358 		}
6359 		wpa_s->confanother = os_rel2abs_path(iface->confanother);
6360 		if (wpa_s->confanother &&
6361 		    !wpa_config_read(wpa_s->confanother, wpa_s->conf)) {
6362 			wpa_printf(MSG_ERROR,
6363 				   "Failed to read or parse configuration '%s'.",
6364 				   wpa_s->confanother);
6365 			return -1;
6366 		}
6367 
6368 		/*
6369 		 * Override ctrl_interface and driver_param if set on command
6370 		 * line.
6371 		 */
6372 		if (iface->ctrl_interface) {
6373 			os_free(wpa_s->conf->ctrl_interface);
6374 			wpa_s->conf->ctrl_interface =
6375 				os_strdup(iface->ctrl_interface);
6376 		}
6377 
6378 		if (iface->driver_param) {
6379 			os_free(wpa_s->conf->driver_param);
6380 			wpa_s->conf->driver_param =
6381 				os_strdup(iface->driver_param);
6382 		}
6383 
6384 		if (iface->p2p_mgmt && !iface->ctrl_interface) {
6385 			os_free(wpa_s->conf->ctrl_interface);
6386 			wpa_s->conf->ctrl_interface = NULL;
6387 		}
6388 	} else
6389 		wpa_s->conf = wpa_config_alloc_empty(iface->ctrl_interface,
6390 						     iface->driver_param);
6391 
6392 	if (wpa_s->conf == NULL) {
6393 		wpa_printf(MSG_ERROR, "\nNo configuration found.");
6394 		return -1;
6395 	}
6396 
6397 	if (iface->ifname == NULL) {
6398 		wpa_printf(MSG_ERROR, "\nInterface name is required.");
6399 		return -1;
6400 	}
6401 	if (os_strlen(iface->ifname) >= sizeof(wpa_s->ifname)) {
6402 		wpa_printf(MSG_ERROR, "\nToo long interface name '%s'.",
6403 			   iface->ifname);
6404 		return -1;
6405 	}
6406 	os_strlcpy(wpa_s->ifname, iface->ifname, sizeof(wpa_s->ifname));
6407 #ifdef CONFIG_MATCH_IFACE
6408 	wpa_s->matched = iface->matched;
6409 #endif /* CONFIG_MATCH_IFACE */
6410 
6411 	if (iface->bridge_ifname) {
6412 		if (os_strlen(iface->bridge_ifname) >=
6413 		    sizeof(wpa_s->bridge_ifname)) {
6414 			wpa_printf(MSG_ERROR, "\nToo long bridge interface "
6415 				   "name '%s'.", iface->bridge_ifname);
6416 			return -1;
6417 		}
6418 		os_strlcpy(wpa_s->bridge_ifname, iface->bridge_ifname,
6419 			   sizeof(wpa_s->bridge_ifname));
6420 	}
6421 
6422 	/* RSNA Supplicant Key Management - INITIALIZE */
6423 	eapol_sm_notify_portEnabled(wpa_s->eapol, false);
6424 	eapol_sm_notify_portValid(wpa_s->eapol, false);
6425 
6426 	/* Initialize driver interface and register driver event handler before
6427 	 * L2 receive handler so that association events are processed before
6428 	 * EAPOL-Key packets if both become available for the same select()
6429 	 * call. */
6430 	if (wpas_init_driver(wpa_s, iface) < 0)
6431 		return -1;
6432 
6433 	if (wpa_supplicant_init_wpa(wpa_s) < 0)
6434 		return -1;
6435 
6436 	wpa_sm_set_ifname(wpa_s->wpa, wpa_s->ifname,
6437 			  wpa_s->bridge_ifname[0] ? wpa_s->bridge_ifname :
6438 			  NULL);
6439 	wpa_sm_set_fast_reauth(wpa_s->wpa, wpa_s->conf->fast_reauth);
6440 
6441 	if (wpa_s->conf->dot11RSNAConfigPMKLifetime &&
6442 	    wpa_sm_set_param(wpa_s->wpa, RSNA_PMK_LIFETIME,
6443 			     wpa_s->conf->dot11RSNAConfigPMKLifetime)) {
6444 		wpa_msg(wpa_s, MSG_ERROR, "Invalid WPA parameter value for "
6445 			"dot11RSNAConfigPMKLifetime");
6446 		return -1;
6447 	}
6448 
6449 	if (wpa_s->conf->dot11RSNAConfigPMKReauthThreshold &&
6450 	    wpa_sm_set_param(wpa_s->wpa, RSNA_PMK_REAUTH_THRESHOLD,
6451 			     wpa_s->conf->dot11RSNAConfigPMKReauthThreshold)) {
6452 		wpa_msg(wpa_s, MSG_ERROR, "Invalid WPA parameter value for "
6453 			"dot11RSNAConfigPMKReauthThreshold");
6454 		return -1;
6455 	}
6456 
6457 	if (wpa_s->conf->dot11RSNAConfigSATimeout &&
6458 	    wpa_sm_set_param(wpa_s->wpa, RSNA_SA_TIMEOUT,
6459 			     wpa_s->conf->dot11RSNAConfigSATimeout)) {
6460 		wpa_msg(wpa_s, MSG_ERROR, "Invalid WPA parameter value for "
6461 			"dot11RSNAConfigSATimeout");
6462 		return -1;
6463 	}
6464 
6465 	wpa_s->hw.modes = wpa_drv_get_hw_feature_data(wpa_s,
6466 						      &wpa_s->hw.num_modes,
6467 						      &wpa_s->hw.flags,
6468 						      &dfs_domain);
6469 	if (wpa_s->hw.modes) {
6470 		u16 i;
6471 
6472 		for (i = 0; i < wpa_s->hw.num_modes; i++) {
6473 			if (wpa_s->hw.modes[i].vht_capab) {
6474 				wpa_s->hw_capab = CAPAB_VHT;
6475 				break;
6476 			}
6477 
6478 			if (wpa_s->hw.modes[i].ht_capab &
6479 			    HT_CAP_INFO_SUPP_CHANNEL_WIDTH_SET)
6480 				wpa_s->hw_capab = CAPAB_HT40;
6481 			else if (wpa_s->hw.modes[i].ht_capab &&
6482 				 wpa_s->hw_capab == CAPAB_NO_HT_VHT)
6483 				wpa_s->hw_capab = CAPAB_HT;
6484 		}
6485 	}
6486 
6487 	capa_res = wpa_drv_get_capa(wpa_s, &capa);
6488 	if (capa_res == 0) {
6489 		wpa_s->drv_capa_known = 1;
6490 		wpa_s->drv_flags = capa.flags;
6491 		wpa_s->drv_flags2 = capa.flags2;
6492 		wpa_s->drv_enc = capa.enc;
6493 		wpa_s->drv_rrm_flags = capa.rrm_flags;
6494 		wpa_s->probe_resp_offloads = capa.probe_resp_offloads;
6495 		wpa_s->max_scan_ssids = capa.max_scan_ssids;
6496 		wpa_s->max_sched_scan_ssids = capa.max_sched_scan_ssids;
6497 		wpa_s->max_sched_scan_plans = capa.max_sched_scan_plans;
6498 		wpa_s->max_sched_scan_plan_interval =
6499 			capa.max_sched_scan_plan_interval;
6500 		wpa_s->max_sched_scan_plan_iterations =
6501 			capa.max_sched_scan_plan_iterations;
6502 		wpa_s->sched_scan_supported = capa.sched_scan_supported;
6503 		wpa_s->max_match_sets = capa.max_match_sets;
6504 		wpa_s->max_remain_on_chan = capa.max_remain_on_chan;
6505 		wpa_s->max_stations = capa.max_stations;
6506 		wpa_s->extended_capa = capa.extended_capa;
6507 		wpa_s->extended_capa_mask = capa.extended_capa_mask;
6508 		wpa_s->extended_capa_len = capa.extended_capa_len;
6509 		wpa_s->num_multichan_concurrent =
6510 			capa.num_multichan_concurrent;
6511 		wpa_s->wmm_ac_supported = capa.wmm_ac_supported;
6512 
6513 		if (capa.mac_addr_rand_scan_supported)
6514 			wpa_s->mac_addr_rand_supported |= MAC_ADDR_RAND_SCAN;
6515 		if (wpa_s->sched_scan_supported &&
6516 		    capa.mac_addr_rand_sched_scan_supported)
6517 			wpa_s->mac_addr_rand_supported |=
6518 				(MAC_ADDR_RAND_SCHED_SCAN | MAC_ADDR_RAND_PNO);
6519 
6520 		wpa_drv_get_ext_capa(wpa_s, WPA_IF_STATION);
6521 		if (wpa_s->extended_capa &&
6522 		    wpa_s->extended_capa_len >= 3 &&
6523 		    wpa_s->extended_capa[2] & 0x40)
6524 			wpa_s->multi_bss_support = 1;
6525 	}
6526 	if (wpa_s->max_remain_on_chan == 0)
6527 		wpa_s->max_remain_on_chan = 1000;
6528 
6529 	/*
6530 	 * Only take p2p_mgmt parameters when P2P Device is supported.
6531 	 * Doing it here as it determines whether l2_packet_init() will be done
6532 	 * during wpa_supplicant_driver_init().
6533 	 */
6534 	if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_DEDICATED_P2P_DEVICE)
6535 		wpa_s->p2p_mgmt = iface->p2p_mgmt;
6536 
6537 	if (wpa_s->num_multichan_concurrent == 0)
6538 		wpa_s->num_multichan_concurrent = 1;
6539 
6540 	if (wpa_supplicant_driver_init(wpa_s) < 0)
6541 		return -1;
6542 
6543 #ifdef CONFIG_TDLS
6544 	if (!iface->p2p_mgmt && wpa_tdls_init(wpa_s->wpa))
6545 		return -1;
6546 #endif /* CONFIG_TDLS */
6547 
6548 	if (wpa_s->conf->country[0] && wpa_s->conf->country[1] &&
6549 	    wpa_drv_set_country(wpa_s, wpa_s->conf->country)) {
6550 		wpa_dbg(wpa_s, MSG_DEBUG, "Failed to set country");
6551 		return -1;
6552 	}
6553 
6554 #ifdef CONFIG_FST
6555 	if (wpa_s->conf->fst_group_id) {
6556 		struct fst_iface_cfg cfg;
6557 		struct fst_wpa_obj iface_obj;
6558 
6559 		fst_wpa_supplicant_fill_iface_obj(wpa_s, &iface_obj);
6560 		os_strlcpy(cfg.group_id, wpa_s->conf->fst_group_id,
6561 			   sizeof(cfg.group_id));
6562 		cfg.priority = wpa_s->conf->fst_priority;
6563 		cfg.llt = wpa_s->conf->fst_llt;
6564 
6565 		wpa_s->fst = fst_attach(wpa_s->ifname, wpa_s->own_addr,
6566 					&iface_obj, &cfg);
6567 		if (!wpa_s->fst) {
6568 			wpa_msg(wpa_s, MSG_ERROR,
6569 				"FST: Cannot attach iface %s to group %s",
6570 				wpa_s->ifname, cfg.group_id);
6571 			return -1;
6572 		}
6573 	}
6574 #endif /* CONFIG_FST */
6575 
6576 	if (wpas_wps_init(wpa_s))
6577 		return -1;
6578 
6579 #ifdef CONFIG_GAS_SERVER
6580 	wpa_s->gas_server = gas_server_init(wpa_s, wpas_gas_server_tx);
6581 	if (!wpa_s->gas_server) {
6582 		wpa_printf(MSG_ERROR, "Failed to initialize GAS server");
6583 		return -1;
6584 	}
6585 #endif /* CONFIG_GAS_SERVER */
6586 
6587 #ifdef CONFIG_DPP
6588 	if (wpas_dpp_init(wpa_s) < 0)
6589 		return -1;
6590 #endif /* CONFIG_DPP */
6591 
6592 	if (wpa_supplicant_init_eapol(wpa_s) < 0)
6593 		return -1;
6594 	wpa_sm_set_eapol(wpa_s->wpa, wpa_s->eapol);
6595 
6596 	wpa_s->ctrl_iface = wpa_supplicant_ctrl_iface_init(wpa_s);
6597 	if (wpa_s->ctrl_iface == NULL) {
6598 		wpa_printf(MSG_ERROR,
6599 			   "Failed to initialize control interface '%s'.\n"
6600 			   "You may have another wpa_supplicant process "
6601 			   "already running or the file was\n"
6602 			   "left by an unclean termination of wpa_supplicant "
6603 			   "in which case you will need\n"
6604 			   "to manually remove this file before starting "
6605 			   "wpa_supplicant again.\n",
6606 			   wpa_s->conf->ctrl_interface);
6607 		return -1;
6608 	}
6609 
6610 	wpa_s->gas = gas_query_init(wpa_s);
6611 	if (wpa_s->gas == NULL) {
6612 		wpa_printf(MSG_ERROR, "Failed to initialize GAS query");
6613 		return -1;
6614 	}
6615 
6616 	if ((!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_DEDICATED_P2P_DEVICE) ||
6617 	     wpa_s->p2p_mgmt) &&
6618 	    wpas_p2p_init(wpa_s->global, wpa_s) < 0) {
6619 		wpa_msg(wpa_s, MSG_ERROR, "Failed to init P2P");
6620 		return -1;
6621 	}
6622 
6623 	if (wpa_bss_init(wpa_s) < 0)
6624 		return -1;
6625 
6626 #ifdef CONFIG_PMKSA_CACHE_EXTERNAL
6627 #ifdef CONFIG_MESH
6628 	dl_list_init(&wpa_s->mesh_external_pmksa_cache);
6629 #endif /* CONFIG_MESH */
6630 #endif /* CONFIG_PMKSA_CACHE_EXTERNAL */
6631 
6632 	/*
6633 	 * Set Wake-on-WLAN triggers, if configured.
6634 	 * Note: We don't restore/remove the triggers on shutdown (it doesn't
6635 	 * have effect anyway when the interface is down).
6636 	 */
6637 	if (capa_res == 0 && wpas_set_wowlan_triggers(wpa_s, &capa) < 0)
6638 		return -1;
6639 
6640 #ifdef CONFIG_EAP_PROXY
6641 {
6642 	size_t len;
6643 	wpa_s->mnc_len = eapol_sm_get_eap_proxy_imsi(wpa_s->eapol, -1,
6644 						     wpa_s->imsi, &len);
6645 	if (wpa_s->mnc_len > 0) {
6646 		wpa_s->imsi[len] = '\0';
6647 		wpa_printf(MSG_DEBUG, "eap_proxy: IMSI %s (MNC length %d)",
6648 			   wpa_s->imsi, wpa_s->mnc_len);
6649 	} else {
6650 		wpa_printf(MSG_DEBUG, "eap_proxy: IMSI not available");
6651 	}
6652 }
6653 #endif /* CONFIG_EAP_PROXY */
6654 
6655 	if (pcsc_reader_init(wpa_s) < 0)
6656 		return -1;
6657 
6658 	if (wpas_init_ext_pw(wpa_s) < 0)
6659 		return -1;
6660 
6661 	wpas_rrm_reset(wpa_s);
6662 
6663 	wpas_sched_scan_plans_set(wpa_s, wpa_s->conf->sched_scan_plans);
6664 
6665 #ifdef CONFIG_HS20
6666 	hs20_init(wpa_s);
6667 #endif /* CONFIG_HS20 */
6668 #ifdef CONFIG_MBO
6669 	if (!wpa_s->disable_mbo_oce && wpa_s->conf->oce) {
6670 		if ((wpa_s->conf->oce & OCE_STA) &&
6671 		    (wpa_s->drv_flags & WPA_DRIVER_FLAGS_OCE_STA))
6672 			wpa_s->enable_oce = OCE_STA;
6673 		if ((wpa_s->conf->oce & OCE_STA_CFON) &&
6674 		    (wpa_s->drv_flags & WPA_DRIVER_FLAGS_OCE_STA_CFON)) {
6675 			/* TODO: Need to add STA-CFON support */
6676 			wpa_printf(MSG_ERROR,
6677 				   "OCE STA-CFON feature is not yet supported");
6678 		}
6679 	}
6680 	wpas_mbo_update_non_pref_chan(wpa_s, wpa_s->conf->non_pref_chan);
6681 #endif /* CONFIG_MBO */
6682 
6683 	wpa_supplicant_set_default_scan_ies(wpa_s);
6684 
6685 	return 0;
6686 }
6687 
6688 
6689 static void wpa_supplicant_deinit_iface(struct wpa_supplicant *wpa_s,
6690 					int notify, int terminate)
6691 {
6692 	struct wpa_global *global = wpa_s->global;
6693 	struct wpa_supplicant *iface, *prev;
6694 
6695 	if (wpa_s == wpa_s->parent)
6696 		wpas_p2p_group_remove(wpa_s, "*");
6697 
6698 	iface = global->ifaces;
6699 	while (iface) {
6700 		if (iface->p2pdev == wpa_s)
6701 			iface->p2pdev = iface->parent;
6702 		if (iface == wpa_s || iface->parent != wpa_s) {
6703 			iface = iface->next;
6704 			continue;
6705 		}
6706 		wpa_printf(MSG_DEBUG,
6707 			   "Remove remaining child interface %s from parent %s",
6708 			   iface->ifname, wpa_s->ifname);
6709 		prev = iface;
6710 		iface = iface->next;
6711 		wpa_supplicant_remove_iface(global, prev, terminate);
6712 	}
6713 
6714 	wpa_s->disconnected = 1;
6715 	if (wpa_s->drv_priv) {
6716 		/*
6717 		 * Don't deauthenticate if WoWLAN is enable and not explicitly
6718 		 * been configured to disconnect.
6719 		 */
6720 		if (!wpa_drv_get_wowlan(wpa_s) ||
6721 		    wpa_s->conf->wowlan_disconnect_on_deinit) {
6722 			wpa_supplicant_deauthenticate(
6723 				wpa_s, WLAN_REASON_DEAUTH_LEAVING);
6724 
6725 			wpa_drv_set_countermeasures(wpa_s, 0);
6726 			wpa_clear_keys(wpa_s, NULL);
6727 		} else {
6728 			wpa_msg(wpa_s, MSG_INFO,
6729 				"Do not deauthenticate as part of interface deinit since WoWLAN is enabled");
6730 		}
6731 	}
6732 
6733 	wpa_supplicant_cleanup(wpa_s);
6734 	wpas_p2p_deinit_iface(wpa_s);
6735 
6736 	wpas_ctrl_radio_work_flush(wpa_s);
6737 	radio_remove_interface(wpa_s);
6738 
6739 #ifdef CONFIG_FST
6740 	if (wpa_s->fst) {
6741 		fst_detach(wpa_s->fst);
6742 		wpa_s->fst = NULL;
6743 	}
6744 	if (wpa_s->received_mb_ies) {
6745 		wpabuf_free(wpa_s->received_mb_ies);
6746 		wpa_s->received_mb_ies = NULL;
6747 	}
6748 #endif /* CONFIG_FST */
6749 
6750 	if (wpa_s->drv_priv)
6751 		wpa_drv_deinit(wpa_s);
6752 
6753 	if (notify)
6754 		wpas_notify_iface_removed(wpa_s);
6755 
6756 	if (terminate)
6757 		wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_TERMINATING);
6758 
6759 	wpa_supplicant_ctrl_iface_deinit(wpa_s, wpa_s->ctrl_iface);
6760 	wpa_s->ctrl_iface = NULL;
6761 
6762 #ifdef CONFIG_MESH
6763 	if (wpa_s->ifmsh) {
6764 		wpa_supplicant_mesh_iface_deinit(wpa_s, wpa_s->ifmsh, true);
6765 		wpa_s->ifmsh = NULL;
6766 	}
6767 #endif /* CONFIG_MESH */
6768 
6769 	if (wpa_s->conf != NULL) {
6770 		wpa_config_free(wpa_s->conf);
6771 		wpa_s->conf = NULL;
6772 	}
6773 
6774 	os_free(wpa_s->ssids_from_scan_req);
6775 	os_free(wpa_s->last_scan_freqs);
6776 
6777 	os_free(wpa_s);
6778 }
6779 
6780 
6781 #ifdef CONFIG_MATCH_IFACE
6782 
6783 /**
6784  * wpa_supplicant_match_iface - Match an interface description to a name
6785  * @global: Pointer to global data from wpa_supplicant_init()
6786  * @ifname: Name of the interface to match
6787  * Returns: Pointer to the created interface description or %NULL on failure
6788  */
6789 struct wpa_interface * wpa_supplicant_match_iface(struct wpa_global *global,
6790 						  const char *ifname)
6791 {
6792 	int i;
6793 	struct wpa_interface *iface, *miface;
6794 
6795 	for (i = 0; i < global->params.match_iface_count; i++) {
6796 		miface = &global->params.match_ifaces[i];
6797 		if (!miface->ifname ||
6798 		    fnmatch(miface->ifname, ifname, 0) == 0) {
6799 			iface = os_zalloc(sizeof(*iface));
6800 			if (!iface)
6801 				return NULL;
6802 			*iface = *miface;
6803 			if (!miface->ifname)
6804 				iface->matched = WPA_IFACE_MATCHED_NULL;
6805 			else
6806 				iface->matched = WPA_IFACE_MATCHED;
6807 			iface->ifname = ifname;
6808 			return iface;
6809 		}
6810 	}
6811 
6812 	return NULL;
6813 }
6814 
6815 
6816 /**
6817  * wpa_supplicant_match_existing - Match existing interfaces
6818  * @global: Pointer to global data from wpa_supplicant_init()
6819  * Returns: 0 on success, -1 on failure
6820  */
6821 static int wpa_supplicant_match_existing(struct wpa_global *global)
6822 {
6823 	struct if_nameindex *ifi, *ifp;
6824 	struct wpa_supplicant *wpa_s;
6825 	struct wpa_interface *iface;
6826 
6827 	ifp = if_nameindex();
6828 	if (!ifp) {
6829 		wpa_printf(MSG_ERROR, "if_nameindex: %s", strerror(errno));
6830 		return -1;
6831 	}
6832 
6833 	for (ifi = ifp; ifi->if_name; ifi++) {
6834 		wpa_s = wpa_supplicant_get_iface(global, ifi->if_name);
6835 		if (wpa_s)
6836 			continue;
6837 		iface = wpa_supplicant_match_iface(global, ifi->if_name);
6838 		if (iface) {
6839 			wpa_supplicant_add_iface(global, iface, NULL);
6840 			os_free(iface);
6841 		}
6842 	}
6843 
6844 	if_freenameindex(ifp);
6845 	return 0;
6846 }
6847 
6848 #endif /* CONFIG_MATCH_IFACE */
6849 
6850 
6851 /**
6852  * wpa_supplicant_add_iface - Add a new network interface
6853  * @global: Pointer to global data from wpa_supplicant_init()
6854  * @iface: Interface configuration options
6855  * @parent: Parent interface or %NULL to assign new interface as parent
6856  * Returns: Pointer to the created interface or %NULL on failure
6857  *
6858  * This function is used to add new network interfaces for %wpa_supplicant.
6859  * This can be called before wpa_supplicant_run() to add interfaces before the
6860  * main event loop has been started. In addition, new interfaces can be added
6861  * dynamically while %wpa_supplicant is already running. This could happen,
6862  * e.g., when a hotplug network adapter is inserted.
6863  */
6864 struct wpa_supplicant * wpa_supplicant_add_iface(struct wpa_global *global,
6865 						 struct wpa_interface *iface,
6866 						 struct wpa_supplicant *parent)
6867 {
6868 	struct wpa_supplicant *wpa_s;
6869 	struct wpa_interface t_iface;
6870 	struct wpa_ssid *ssid;
6871 
6872 	if (global == NULL || iface == NULL)
6873 		return NULL;
6874 
6875 	wpa_s = wpa_supplicant_alloc(parent);
6876 	if (wpa_s == NULL)
6877 		return NULL;
6878 
6879 	wpa_s->global = global;
6880 
6881 	t_iface = *iface;
6882 	if (global->params.override_driver) {
6883 		wpa_printf(MSG_DEBUG, "Override interface parameter: driver "
6884 			   "('%s' -> '%s')",
6885 			   iface->driver, global->params.override_driver);
6886 		t_iface.driver = global->params.override_driver;
6887 	}
6888 	if (global->params.override_ctrl_interface) {
6889 		wpa_printf(MSG_DEBUG, "Override interface parameter: "
6890 			   "ctrl_interface ('%s' -> '%s')",
6891 			   iface->ctrl_interface,
6892 			   global->params.override_ctrl_interface);
6893 		t_iface.ctrl_interface =
6894 			global->params.override_ctrl_interface;
6895 	}
6896 	if (wpa_supplicant_init_iface(wpa_s, &t_iface)) {
6897 		wpa_printf(MSG_DEBUG, "Failed to add interface %s",
6898 			   iface->ifname);
6899 		wpa_supplicant_deinit_iface(wpa_s, 0, 0);
6900 		return NULL;
6901 	}
6902 
6903 	if (iface->p2p_mgmt == 0) {
6904 		/* Notify the control interfaces about new iface */
6905 		if (wpas_notify_iface_added(wpa_s)) {
6906 			wpa_supplicant_deinit_iface(wpa_s, 1, 0);
6907 			return NULL;
6908 		}
6909 
6910 		for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next)
6911 			wpas_notify_network_added(wpa_s, ssid);
6912 	}
6913 
6914 	wpa_s->next = global->ifaces;
6915 	global->ifaces = wpa_s;
6916 
6917 	wpa_dbg(wpa_s, MSG_DEBUG, "Added interface %s", wpa_s->ifname);
6918 	wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED);
6919 
6920 #ifdef CONFIG_P2P
6921 	if (wpa_s->global->p2p == NULL &&
6922 	    !wpa_s->global->p2p_disabled && !wpa_s->conf->p2p_disabled &&
6923 	    (wpa_s->drv_flags & WPA_DRIVER_FLAGS_DEDICATED_P2P_DEVICE) &&
6924 	    wpas_p2p_add_p2pdev_interface(
6925 		    wpa_s, wpa_s->global->params.conf_p2p_dev) < 0) {
6926 		wpa_printf(MSG_INFO,
6927 			   "P2P: Failed to enable P2P Device interface");
6928 		/* Try to continue without. P2P will be disabled. */
6929 	}
6930 #endif /* CONFIG_P2P */
6931 
6932 	return wpa_s;
6933 }
6934 
6935 
6936 /**
6937  * wpa_supplicant_remove_iface - Remove a network interface
6938  * @global: Pointer to global data from wpa_supplicant_init()
6939  * @wpa_s: Pointer to the network interface to be removed
6940  * Returns: 0 if interface was removed, -1 if interface was not found
6941  *
6942  * This function can be used to dynamically remove network interfaces from
6943  * %wpa_supplicant, e.g., when a hotplug network adapter is ejected. In
6944  * addition, this function is used to remove all remaining interfaces when
6945  * %wpa_supplicant is terminated.
6946  */
6947 int wpa_supplicant_remove_iface(struct wpa_global *global,
6948 				struct wpa_supplicant *wpa_s,
6949 				int terminate)
6950 {
6951 	struct wpa_supplicant *prev;
6952 #ifdef CONFIG_MESH
6953 	unsigned int mesh_if_created = wpa_s->mesh_if_created;
6954 	char *ifname = NULL;
6955 	struct wpa_supplicant *parent = wpa_s->parent;
6956 #endif /* CONFIG_MESH */
6957 
6958 	/* Remove interface from the global list of interfaces */
6959 	prev = global->ifaces;
6960 	if (prev == wpa_s) {
6961 		global->ifaces = wpa_s->next;
6962 	} else {
6963 		while (prev && prev->next != wpa_s)
6964 			prev = prev->next;
6965 		if (prev == NULL)
6966 			return -1;
6967 		prev->next = wpa_s->next;
6968 	}
6969 
6970 	wpa_dbg(wpa_s, MSG_DEBUG, "Removing interface %s", wpa_s->ifname);
6971 
6972 #ifdef CONFIG_MESH
6973 	if (mesh_if_created) {
6974 		ifname = os_strdup(wpa_s->ifname);
6975 		if (ifname == NULL) {
6976 			wpa_dbg(wpa_s, MSG_ERROR,
6977 				"mesh: Failed to malloc ifname");
6978 			return -1;
6979 		}
6980 	}
6981 #endif /* CONFIG_MESH */
6982 
6983 	if (global->p2p_group_formation == wpa_s)
6984 		global->p2p_group_formation = NULL;
6985 	if (global->p2p_invite_group == wpa_s)
6986 		global->p2p_invite_group = NULL;
6987 	wpa_supplicant_deinit_iface(wpa_s, 1, terminate);
6988 
6989 #ifdef CONFIG_MESH
6990 	if (mesh_if_created) {
6991 		wpa_drv_if_remove(parent, WPA_IF_MESH, ifname);
6992 		os_free(ifname);
6993 	}
6994 #endif /* CONFIG_MESH */
6995 
6996 	return 0;
6997 }
6998 
6999 
7000 /**
7001  * wpa_supplicant_get_eap_mode - Get the current EAP mode
7002  * @wpa_s: Pointer to the network interface
7003  * Returns: Pointer to the eap mode or the string "UNKNOWN" if not found
7004  */
7005 const char * wpa_supplicant_get_eap_mode(struct wpa_supplicant *wpa_s)
7006 {
7007 	const char *eapol_method;
7008 
7009         if (wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt) == 0 &&
7010             wpa_s->key_mgmt != WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
7011 		return "NO-EAP";
7012 	}
7013 
7014 	eapol_method = eapol_sm_get_method_name(wpa_s->eapol);
7015 	if (eapol_method == NULL)
7016 		return "UNKNOWN-EAP";
7017 
7018 	return eapol_method;
7019 }
7020 
7021 
7022 /**
7023  * wpa_supplicant_get_iface - Get a new network interface
7024  * @global: Pointer to global data from wpa_supplicant_init()
7025  * @ifname: Interface name
7026  * Returns: Pointer to the interface or %NULL if not found
7027  */
7028 struct wpa_supplicant * wpa_supplicant_get_iface(struct wpa_global *global,
7029 						 const char *ifname)
7030 {
7031 	struct wpa_supplicant *wpa_s;
7032 
7033 	for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next) {
7034 		if (os_strcmp(wpa_s->ifname, ifname) == 0)
7035 			return wpa_s;
7036 	}
7037 	return NULL;
7038 }
7039 
7040 
7041 #ifndef CONFIG_NO_WPA_MSG
7042 static const char * wpa_supplicant_msg_ifname_cb(void *ctx)
7043 {
7044 	struct wpa_supplicant *wpa_s = ctx;
7045 	if (wpa_s == NULL)
7046 		return NULL;
7047 	return wpa_s->ifname;
7048 }
7049 #endif /* CONFIG_NO_WPA_MSG */
7050 
7051 
7052 #ifndef WPA_SUPPLICANT_CLEANUP_INTERVAL
7053 #define WPA_SUPPLICANT_CLEANUP_INTERVAL 10
7054 #endif /* WPA_SUPPLICANT_CLEANUP_INTERVAL */
7055 
7056 /* Periodic cleanup tasks */
7057 static void wpas_periodic(void *eloop_ctx, void *timeout_ctx)
7058 {
7059 	struct wpa_global *global = eloop_ctx;
7060 	struct wpa_supplicant *wpa_s;
7061 
7062 	eloop_register_timeout(WPA_SUPPLICANT_CLEANUP_INTERVAL, 0,
7063 			       wpas_periodic, global, NULL);
7064 
7065 #ifdef CONFIG_P2P
7066 	if (global->p2p)
7067 		p2p_expire_peers(global->p2p);
7068 #endif /* CONFIG_P2P */
7069 
7070 	for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next) {
7071 		wpa_bss_flush_by_age(wpa_s, wpa_s->conf->bss_expiration_age);
7072 #ifdef CONFIG_AP
7073 		ap_periodic(wpa_s);
7074 #endif /* CONFIG_AP */
7075 	}
7076 }
7077 
7078 
7079 /**
7080  * wpa_supplicant_init - Initialize %wpa_supplicant
7081  * @params: Parameters for %wpa_supplicant
7082  * Returns: Pointer to global %wpa_supplicant data, or %NULL on failure
7083  *
7084  * This function is used to initialize %wpa_supplicant. After successful
7085  * initialization, the returned data pointer can be used to add and remove
7086  * network interfaces, and eventually, to deinitialize %wpa_supplicant.
7087  */
7088 struct wpa_global * wpa_supplicant_init(struct wpa_params *params)
7089 {
7090 	struct wpa_global *global;
7091 	int ret, i;
7092 
7093 	if (params == NULL)
7094 		return NULL;
7095 
7096 #ifndef CONFIG_NO_WPA_MSG
7097 	wpa_msg_register_ifname_cb(wpa_supplicant_msg_ifname_cb);
7098 #endif /* CONFIG_NO_WPA_MSG */
7099 
7100 	if (params->wpa_debug_file_path)
7101 		wpa_debug_open_file(params->wpa_debug_file_path);
7102 	if (!params->wpa_debug_file_path && !params->wpa_debug_syslog)
7103 		wpa_debug_setup_stdout();
7104 	if (params->wpa_debug_syslog)
7105 		wpa_debug_open_syslog();
7106 	if (params->wpa_debug_tracing) {
7107 		ret = wpa_debug_open_linux_tracing();
7108 		if (ret) {
7109 			wpa_printf(MSG_ERROR,
7110 				   "Failed to enable trace logging");
7111 			return NULL;
7112 		}
7113 	}
7114 
7115 	ret = eap_register_methods();
7116 	if (ret) {
7117 		wpa_printf(MSG_ERROR, "Failed to register EAP methods");
7118 		if (ret == -2)
7119 			wpa_printf(MSG_ERROR, "Two or more EAP methods used "
7120 				   "the same EAP type.");
7121 		return NULL;
7122 	}
7123 
7124 	global = os_zalloc(sizeof(*global));
7125 	if (global == NULL)
7126 		return NULL;
7127 	dl_list_init(&global->p2p_srv_bonjour);
7128 	dl_list_init(&global->p2p_srv_upnp);
7129 	global->params.daemonize = params->daemonize;
7130 	global->params.wait_for_monitor = params->wait_for_monitor;
7131 	global->params.dbus_ctrl_interface = params->dbus_ctrl_interface;
7132 	if (params->pid_file)
7133 		global->params.pid_file = os_strdup(params->pid_file);
7134 	if (params->ctrl_interface)
7135 		global->params.ctrl_interface =
7136 			os_strdup(params->ctrl_interface);
7137 	if (params->ctrl_interface_group)
7138 		global->params.ctrl_interface_group =
7139 			os_strdup(params->ctrl_interface_group);
7140 	if (params->override_driver)
7141 		global->params.override_driver =
7142 			os_strdup(params->override_driver);
7143 	if (params->override_ctrl_interface)
7144 		global->params.override_ctrl_interface =
7145 			os_strdup(params->override_ctrl_interface);
7146 #ifdef CONFIG_MATCH_IFACE
7147 	global->params.match_iface_count = params->match_iface_count;
7148 	if (params->match_iface_count) {
7149 		global->params.match_ifaces =
7150 			os_calloc(params->match_iface_count,
7151 				  sizeof(struct wpa_interface));
7152 		os_memcpy(global->params.match_ifaces,
7153 			  params->match_ifaces,
7154 			  params->match_iface_count *
7155 			  sizeof(struct wpa_interface));
7156 	}
7157 #endif /* CONFIG_MATCH_IFACE */
7158 #ifdef CONFIG_P2P
7159 	if (params->conf_p2p_dev)
7160 		global->params.conf_p2p_dev =
7161 			os_strdup(params->conf_p2p_dev);
7162 #endif /* CONFIG_P2P */
7163 	wpa_debug_level = global->params.wpa_debug_level =
7164 		params->wpa_debug_level;
7165 	wpa_debug_show_keys = global->params.wpa_debug_show_keys =
7166 		params->wpa_debug_show_keys;
7167 	wpa_debug_timestamp = global->params.wpa_debug_timestamp =
7168 		params->wpa_debug_timestamp;
7169 
7170 	wpa_printf(MSG_DEBUG, "wpa_supplicant v%s", VERSION_STR);
7171 
7172 	if (eloop_init()) {
7173 		wpa_printf(MSG_ERROR, "Failed to initialize event loop");
7174 		wpa_supplicant_deinit(global);
7175 		return NULL;
7176 	}
7177 
7178 	random_init(params->entropy_file);
7179 
7180 	global->ctrl_iface = wpa_supplicant_global_ctrl_iface_init(global);
7181 	if (global->ctrl_iface == NULL) {
7182 		wpa_supplicant_deinit(global);
7183 		return NULL;
7184 	}
7185 
7186 	if (wpas_notify_supplicant_initialized(global)) {
7187 		wpa_supplicant_deinit(global);
7188 		return NULL;
7189 	}
7190 
7191 	for (i = 0; wpa_drivers[i]; i++)
7192 		global->drv_count++;
7193 	if (global->drv_count == 0) {
7194 		wpa_printf(MSG_ERROR, "No drivers enabled");
7195 		wpa_supplicant_deinit(global);
7196 		return NULL;
7197 	}
7198 	global->drv_priv = os_calloc(global->drv_count, sizeof(void *));
7199 	if (global->drv_priv == NULL) {
7200 		wpa_supplicant_deinit(global);
7201 		return NULL;
7202 	}
7203 
7204 #ifdef CONFIG_WIFI_DISPLAY
7205 	if (wifi_display_init(global) < 0) {
7206 		wpa_printf(MSG_ERROR, "Failed to initialize Wi-Fi Display");
7207 		wpa_supplicant_deinit(global);
7208 		return NULL;
7209 	}
7210 #endif /* CONFIG_WIFI_DISPLAY */
7211 
7212 	eloop_register_timeout(WPA_SUPPLICANT_CLEANUP_INTERVAL, 0,
7213 			       wpas_periodic, global, NULL);
7214 
7215 	return global;
7216 }
7217 
7218 
7219 /**
7220  * wpa_supplicant_run - Run the %wpa_supplicant main event loop
7221  * @global: Pointer to global data from wpa_supplicant_init()
7222  * Returns: 0 after successful event loop run, -1 on failure
7223  *
7224  * This function starts the main event loop and continues running as long as
7225  * there are any remaining events. In most cases, this function is running as
7226  * long as the %wpa_supplicant process in still in use.
7227  */
7228 int wpa_supplicant_run(struct wpa_global *global)
7229 {
7230 	struct wpa_supplicant *wpa_s;
7231 
7232 	if (global->params.daemonize &&
7233 	    (wpa_supplicant_daemon(global->params.pid_file) ||
7234 	     eloop_sock_requeue()))
7235 		return -1;
7236 
7237 #ifdef CONFIG_MATCH_IFACE
7238 	if (wpa_supplicant_match_existing(global))
7239 		return -1;
7240 #endif
7241 
7242 	if (global->params.wait_for_monitor) {
7243 		for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next)
7244 			if (wpa_s->ctrl_iface && !wpa_s->p2p_mgmt)
7245 				wpa_supplicant_ctrl_iface_wait(
7246 					wpa_s->ctrl_iface);
7247 	}
7248 
7249 	eloop_register_signal_terminate(wpa_supplicant_terminate, global);
7250 	eloop_register_signal_reconfig(wpa_supplicant_reconfig, global);
7251 
7252 	eloop_run();
7253 
7254 	return 0;
7255 }
7256 
7257 
7258 /**
7259  * wpa_supplicant_deinit - Deinitialize %wpa_supplicant
7260  * @global: Pointer to global data from wpa_supplicant_init()
7261  *
7262  * This function is called to deinitialize %wpa_supplicant and to free all
7263  * allocated resources. Remaining network interfaces will also be removed.
7264  */
7265 void wpa_supplicant_deinit(struct wpa_global *global)
7266 {
7267 	int i;
7268 
7269 	if (global == NULL)
7270 		return;
7271 
7272 	eloop_cancel_timeout(wpas_periodic, global, NULL);
7273 
7274 #ifdef CONFIG_WIFI_DISPLAY
7275 	wifi_display_deinit(global);
7276 #endif /* CONFIG_WIFI_DISPLAY */
7277 
7278 	while (global->ifaces)
7279 		wpa_supplicant_remove_iface(global, global->ifaces, 1);
7280 
7281 	if (global->ctrl_iface)
7282 		wpa_supplicant_global_ctrl_iface_deinit(global->ctrl_iface);
7283 
7284 	wpas_notify_supplicant_deinitialized(global);
7285 
7286 	eap_peer_unregister_methods();
7287 #ifdef CONFIG_AP
7288 	eap_server_unregister_methods();
7289 #endif /* CONFIG_AP */
7290 
7291 	for (i = 0; wpa_drivers[i] && global->drv_priv; i++) {
7292 		if (!global->drv_priv[i])
7293 			continue;
7294 		wpa_drivers[i]->global_deinit(global->drv_priv[i]);
7295 	}
7296 	os_free(global->drv_priv);
7297 
7298 	random_deinit();
7299 
7300 	eloop_destroy();
7301 
7302 	if (global->params.pid_file) {
7303 		os_daemonize_terminate(global->params.pid_file);
7304 		os_free(global->params.pid_file);
7305 	}
7306 	os_free(global->params.ctrl_interface);
7307 	os_free(global->params.ctrl_interface_group);
7308 	os_free(global->params.override_driver);
7309 	os_free(global->params.override_ctrl_interface);
7310 #ifdef CONFIG_MATCH_IFACE
7311 	os_free(global->params.match_ifaces);
7312 #endif /* CONFIG_MATCH_IFACE */
7313 #ifdef CONFIG_P2P
7314 	os_free(global->params.conf_p2p_dev);
7315 #endif /* CONFIG_P2P */
7316 
7317 	os_free(global->p2p_disallow_freq.range);
7318 	os_free(global->p2p_go_avoid_freq.range);
7319 	os_free(global->add_psk);
7320 
7321 	os_free(global);
7322 	wpa_debug_close_syslog();
7323 	wpa_debug_close_file();
7324 	wpa_debug_close_linux_tracing();
7325 }
7326 
7327 
7328 void wpa_supplicant_update_config(struct wpa_supplicant *wpa_s)
7329 {
7330 	if ((wpa_s->conf->changed_parameters & CFG_CHANGED_COUNTRY) &&
7331 	    wpa_s->conf->country[0] && wpa_s->conf->country[1]) {
7332 		char country[3];
7333 		country[0] = wpa_s->conf->country[0];
7334 		country[1] = wpa_s->conf->country[1];
7335 		country[2] = '\0';
7336 		if (wpa_drv_set_country(wpa_s, country) < 0) {
7337 			wpa_printf(MSG_ERROR, "Failed to set country code "
7338 				   "'%s'", country);
7339 		}
7340 	}
7341 
7342 	if (wpa_s->conf->changed_parameters & CFG_CHANGED_EXT_PW_BACKEND)
7343 		wpas_init_ext_pw(wpa_s);
7344 
7345 	if (wpa_s->conf->changed_parameters & CFG_CHANGED_SCHED_SCAN_PLANS)
7346 		wpas_sched_scan_plans_set(wpa_s, wpa_s->conf->sched_scan_plans);
7347 
7348 	if (wpa_s->conf->changed_parameters & CFG_CHANGED_WOWLAN_TRIGGERS) {
7349 		struct wpa_driver_capa capa;
7350 		int res = wpa_drv_get_capa(wpa_s, &capa);
7351 
7352 		if (res == 0 && wpas_set_wowlan_triggers(wpa_s, &capa) < 0)
7353 			wpa_printf(MSG_ERROR,
7354 				   "Failed to update wowlan_triggers to '%s'",
7355 				   wpa_s->conf->wowlan_triggers);
7356 	}
7357 
7358 	if (wpa_s->conf->changed_parameters & CFG_CHANGED_DISABLE_BTM)
7359 		wpa_supplicant_set_default_scan_ies(wpa_s);
7360 
7361 #ifdef CONFIG_BGSCAN
7362 	/*
7363 	 * We default to global bgscan parameters only when per-network bgscan
7364 	 * parameters aren't set. Only bother resetting bgscan parameters if
7365 	 * this is the case.
7366 	 */
7367 	if ((wpa_s->conf->changed_parameters & CFG_CHANGED_BGSCAN) &&
7368 	    wpa_s->current_ssid && !wpa_s->current_ssid->bgscan &&
7369 	    wpa_s->wpa_state == WPA_COMPLETED)
7370 		wpa_supplicant_reset_bgscan(wpa_s);
7371 #endif /* CONFIG_BGSCAN */
7372 
7373 #ifdef CONFIG_WPS
7374 	wpas_wps_update_config(wpa_s);
7375 #endif /* CONFIG_WPS */
7376 	wpas_p2p_update_config(wpa_s);
7377 	wpa_s->conf->changed_parameters = 0;
7378 }
7379 
7380 
7381 void add_freq(int *freqs, int *num_freqs, int freq)
7382 {
7383 	int i;
7384 
7385 	for (i = 0; i < *num_freqs; i++) {
7386 		if (freqs[i] == freq)
7387 			return;
7388 	}
7389 
7390 	freqs[*num_freqs] = freq;
7391 	(*num_freqs)++;
7392 }
7393 
7394 
7395 static int * get_bss_freqs_in_ess(struct wpa_supplicant *wpa_s)
7396 {
7397 	struct wpa_bss *bss, *cbss;
7398 	const int max_freqs = 10;
7399 	int *freqs;
7400 	int num_freqs = 0;
7401 
7402 	freqs = os_calloc(max_freqs + 1, sizeof(int));
7403 	if (freqs == NULL)
7404 		return NULL;
7405 
7406 	cbss = wpa_s->current_bss;
7407 
7408 	dl_list_for_each(bss, &wpa_s->bss, struct wpa_bss, list) {
7409 		if (bss == cbss)
7410 			continue;
7411 		if (bss->ssid_len == cbss->ssid_len &&
7412 		    os_memcmp(bss->ssid, cbss->ssid, bss->ssid_len) == 0 &&
7413 		    !wpa_bssid_ignore_is_listed(wpa_s, bss->bssid)) {
7414 			add_freq(freqs, &num_freqs, bss->freq);
7415 			if (num_freqs == max_freqs)
7416 				break;
7417 		}
7418 	}
7419 
7420 	if (num_freqs == 0) {
7421 		os_free(freqs);
7422 		freqs = NULL;
7423 	}
7424 
7425 	return freqs;
7426 }
7427 
7428 
7429 void wpas_connection_failed(struct wpa_supplicant *wpa_s, const u8 *bssid)
7430 {
7431 	int timeout;
7432 	int count;
7433 	int *freqs = NULL;
7434 
7435 	wpas_connect_work_done(wpa_s);
7436 
7437 	/*
7438 	 * Remove possible authentication timeout since the connection failed.
7439 	 */
7440 	eloop_cancel_timeout(wpa_supplicant_timeout, wpa_s, NULL);
7441 
7442 	/*
7443 	 * There is no point in ignoring the AP temporarily if this event is
7444 	 * generated based on local request to disconnect.
7445 	 */
7446 	if (wpa_s->own_disconnect_req || wpa_s->own_reconnect_req) {
7447 		wpa_s->own_disconnect_req = 0;
7448 		wpa_dbg(wpa_s, MSG_DEBUG,
7449 			"Ignore connection failure due to local request to disconnect");
7450 		return;
7451 	}
7452 	if (wpa_s->disconnected) {
7453 		wpa_dbg(wpa_s, MSG_DEBUG, "Ignore connection failure "
7454 			"indication since interface has been put into "
7455 			"disconnected state");
7456 		return;
7457 	}
7458 
7459 	/*
7460 	 * Add the failed BSSID into the ignore list and speed up next scan
7461 	 * attempt if there could be other APs that could accept association.
7462 	 */
7463 	count = wpa_bssid_ignore_add(wpa_s, bssid);
7464 	if (count == 1 && wpa_s->current_bss) {
7465 		/*
7466 		 * This BSS was not in the ignore list before. If there is
7467 		 * another BSS available for the same ESS, we should try that
7468 		 * next. Otherwise, we may as well try this one once more
7469 		 * before allowing other, likely worse, ESSes to be considered.
7470 		 */
7471 		freqs = get_bss_freqs_in_ess(wpa_s);
7472 		if (freqs) {
7473 			wpa_dbg(wpa_s, MSG_DEBUG, "Another BSS in this ESS "
7474 				"has been seen; try it next");
7475 			wpa_bssid_ignore_add(wpa_s, bssid);
7476 			/*
7477 			 * On the next scan, go through only the known channels
7478 			 * used in this ESS based on previous scans to speed up
7479 			 * common load balancing use case.
7480 			 */
7481 			os_free(wpa_s->next_scan_freqs);
7482 			wpa_s->next_scan_freqs = freqs;
7483 		}
7484 	}
7485 
7486 	wpa_s->consecutive_conn_failures++;
7487 
7488 	if (wpa_s->consecutive_conn_failures > 3 && wpa_s->current_ssid) {
7489 		wpa_printf(MSG_DEBUG, "Continuous association failures - "
7490 			   "consider temporary network disabling");
7491 		wpas_auth_failed(wpa_s, "CONN_FAILED");
7492 	}
7493 	/*
7494 	 * Multiple consecutive connection failures mean that other APs are
7495 	 * either not available or have already been tried, so we can start
7496 	 * increasing the delay here to avoid constant scanning.
7497 	 */
7498 	switch (wpa_s->consecutive_conn_failures) {
7499 	case 1:
7500 		timeout = 100;
7501 		break;
7502 	case 2:
7503 		timeout = 500;
7504 		break;
7505 	case 3:
7506 		timeout = 1000;
7507 		break;
7508 	case 4:
7509 		timeout = 5000;
7510 		break;
7511 	default:
7512 		timeout = 10000;
7513 		break;
7514 	}
7515 
7516 	wpa_dbg(wpa_s, MSG_DEBUG,
7517 		"Consecutive connection failures: %d --> request scan in %d ms",
7518 		wpa_s->consecutive_conn_failures, timeout);
7519 
7520 	/*
7521 	 * TODO: if more than one possible AP is available in scan results,
7522 	 * could try the other ones before requesting a new scan.
7523 	 */
7524 
7525 	/* speed up the connection attempt with normal scan */
7526 	wpa_s->normal_scans = 0;
7527 	wpa_supplicant_req_scan(wpa_s, timeout / 1000,
7528 				1000 * (timeout % 1000));
7529 }
7530 
7531 
7532 #ifdef CONFIG_FILS
7533 
7534 void fils_pmksa_cache_flush(struct wpa_supplicant *wpa_s)
7535 {
7536 	struct wpa_ssid *ssid = wpa_s->current_ssid;
7537 	const u8 *realm, *username, *rrk;
7538 	size_t realm_len, username_len, rrk_len;
7539 	u16 next_seq_num;
7540 
7541 	/* Clear the PMKSA cache entry if FILS authentication was rejected.
7542 	 * Check for ERP keys existing to limit when this can be done since
7543 	 * the rejection response is not protected and such triggers should
7544 	 * really not allow internal state to be modified unless required to
7545 	 * avoid significant issues in functionality. In addition, drop
7546 	 * externally configure PMKSA entries even without ERP keys since it
7547 	 * is possible for an external component to add PMKSA entries for FILS
7548 	 * authentication without restoring previously generated ERP keys.
7549 	 *
7550 	 * In this case, this is needed to allow recovery from cases where the
7551 	 * AP or authentication server has dropped PMKSAs and ERP keys. */
7552 	if (!ssid || !ssid->eap.erp || !wpa_key_mgmt_fils(ssid->key_mgmt))
7553 		return;
7554 
7555 	if (eapol_sm_get_erp_info(wpa_s->eapol, &ssid->eap,
7556 				  &username, &username_len,
7557 				  &realm, &realm_len, &next_seq_num,
7558 				  &rrk, &rrk_len) != 0 ||
7559 	    !realm) {
7560 		wpa_dbg(wpa_s, MSG_DEBUG,
7561 			"FILS: Drop external PMKSA cache entry");
7562 		wpa_sm_aborted_external_cached(wpa_s->wpa);
7563 		wpa_sm_external_pmksa_cache_flush(wpa_s->wpa, ssid);
7564 		return;
7565 	}
7566 
7567 	wpa_dbg(wpa_s, MSG_DEBUG, "FILS: Drop PMKSA cache entry");
7568 	wpa_sm_aborted_cached(wpa_s->wpa);
7569 	wpa_sm_pmksa_cache_flush(wpa_s->wpa, ssid);
7570 }
7571 
7572 
7573 void fils_connection_failure(struct wpa_supplicant *wpa_s)
7574 {
7575 	struct wpa_ssid *ssid = wpa_s->current_ssid;
7576 	const u8 *realm, *username, *rrk;
7577 	size_t realm_len, username_len, rrk_len;
7578 	u16 next_seq_num;
7579 
7580 	if (!ssid || !ssid->eap.erp || !wpa_key_mgmt_fils(ssid->key_mgmt) ||
7581 	    eapol_sm_get_erp_info(wpa_s->eapol, &ssid->eap,
7582 				  &username, &username_len,
7583 				  &realm, &realm_len, &next_seq_num,
7584 				  &rrk, &rrk_len) != 0 ||
7585 	    !realm)
7586 		return;
7587 
7588 	wpa_hexdump_ascii(MSG_DEBUG,
7589 			  "FILS: Store last connection failure realm",
7590 			  realm, realm_len);
7591 	os_free(wpa_s->last_con_fail_realm);
7592 	wpa_s->last_con_fail_realm = os_malloc(realm_len);
7593 	if (wpa_s->last_con_fail_realm) {
7594 		wpa_s->last_con_fail_realm_len = realm_len;
7595 		os_memcpy(wpa_s->last_con_fail_realm, realm, realm_len);
7596 	}
7597 }
7598 #endif /* CONFIG_FILS */
7599 
7600 
7601 int wpas_driver_bss_selection(struct wpa_supplicant *wpa_s)
7602 {
7603 	return wpa_s->conf->ap_scan == 2 ||
7604 		(wpa_s->drv_flags & WPA_DRIVER_FLAGS_BSS_SELECTION);
7605 }
7606 
7607 
7608 #if defined(CONFIG_CTRL_IFACE) || defined(CONFIG_CTRL_IFACE_DBUS_NEW)
7609 int wpa_supplicant_ctrl_iface_ctrl_rsp_handle(struct wpa_supplicant *wpa_s,
7610 					      struct wpa_ssid *ssid,
7611 					      const char *field,
7612 					      const char *value)
7613 {
7614 #ifdef IEEE8021X_EAPOL
7615 	struct eap_peer_config *eap = &ssid->eap;
7616 
7617 	wpa_printf(MSG_DEBUG, "CTRL_IFACE: response handle field=%s", field);
7618 	wpa_hexdump_ascii_key(MSG_DEBUG, "CTRL_IFACE: response value",
7619 			      (const u8 *) value, os_strlen(value));
7620 
7621 	switch (wpa_supplicant_ctrl_req_from_string(field)) {
7622 	case WPA_CTRL_REQ_EAP_IDENTITY:
7623 		os_free(eap->identity);
7624 		eap->identity = (u8 *) os_strdup(value);
7625 		eap->identity_len = os_strlen(value);
7626 		eap->pending_req_identity = 0;
7627 		if (ssid == wpa_s->current_ssid)
7628 			wpa_s->reassociate = 1;
7629 		break;
7630 	case WPA_CTRL_REQ_EAP_PASSWORD:
7631 		bin_clear_free(eap->password, eap->password_len);
7632 		eap->password = (u8 *) os_strdup(value);
7633 		eap->password_len = os_strlen(value);
7634 		eap->pending_req_password = 0;
7635 		if (ssid == wpa_s->current_ssid)
7636 			wpa_s->reassociate = 1;
7637 		break;
7638 	case WPA_CTRL_REQ_EAP_NEW_PASSWORD:
7639 		bin_clear_free(eap->new_password, eap->new_password_len);
7640 		eap->new_password = (u8 *) os_strdup(value);
7641 		eap->new_password_len = os_strlen(value);
7642 		eap->pending_req_new_password = 0;
7643 		if (ssid == wpa_s->current_ssid)
7644 			wpa_s->reassociate = 1;
7645 		break;
7646 	case WPA_CTRL_REQ_EAP_PIN:
7647 		str_clear_free(eap->cert.pin);
7648 		eap->cert.pin = os_strdup(value);
7649 		eap->pending_req_pin = 0;
7650 		if (ssid == wpa_s->current_ssid)
7651 			wpa_s->reassociate = 1;
7652 		break;
7653 	case WPA_CTRL_REQ_EAP_OTP:
7654 		bin_clear_free(eap->otp, eap->otp_len);
7655 		eap->otp = (u8 *) os_strdup(value);
7656 		eap->otp_len = os_strlen(value);
7657 		os_free(eap->pending_req_otp);
7658 		eap->pending_req_otp = NULL;
7659 		eap->pending_req_otp_len = 0;
7660 		break;
7661 	case WPA_CTRL_REQ_EAP_PASSPHRASE:
7662 		str_clear_free(eap->cert.private_key_passwd);
7663 		eap->cert.private_key_passwd = os_strdup(value);
7664 		eap->pending_req_passphrase = 0;
7665 		if (ssid == wpa_s->current_ssid)
7666 			wpa_s->reassociate = 1;
7667 		break;
7668 	case WPA_CTRL_REQ_SIM:
7669 		str_clear_free(eap->external_sim_resp);
7670 		eap->external_sim_resp = os_strdup(value);
7671 		eap->pending_req_sim = 0;
7672 		break;
7673 	case WPA_CTRL_REQ_PSK_PASSPHRASE:
7674 		if (wpa_config_set(ssid, "psk", value, 0) < 0)
7675 			return -1;
7676 		ssid->mem_only_psk = 1;
7677 		if (ssid->passphrase)
7678 			wpa_config_update_psk(ssid);
7679 		if (wpa_s->wpa_state == WPA_SCANNING && !wpa_s->scanning)
7680 			wpa_supplicant_req_scan(wpa_s, 0, 0);
7681 		break;
7682 	case WPA_CTRL_REQ_EXT_CERT_CHECK:
7683 		if (eap->pending_ext_cert_check != PENDING_CHECK)
7684 			return -1;
7685 		if (os_strcmp(value, "good") == 0)
7686 			eap->pending_ext_cert_check = EXT_CERT_CHECK_GOOD;
7687 		else if (os_strcmp(value, "bad") == 0)
7688 			eap->pending_ext_cert_check = EXT_CERT_CHECK_BAD;
7689 		else
7690 			return -1;
7691 		break;
7692 	default:
7693 		wpa_printf(MSG_DEBUG, "CTRL_IFACE: Unknown field '%s'", field);
7694 		return -1;
7695 	}
7696 
7697 	return 0;
7698 #else /* IEEE8021X_EAPOL */
7699 	wpa_printf(MSG_DEBUG, "CTRL_IFACE: IEEE 802.1X not included");
7700 	return -1;
7701 #endif /* IEEE8021X_EAPOL */
7702 }
7703 #endif /* CONFIG_CTRL_IFACE || CONFIG_CTRL_IFACE_DBUS_NEW */
7704 
7705 
7706 int wpas_network_disabled(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid)
7707 {
7708 #ifdef CONFIG_WEP
7709 	int i;
7710 	unsigned int drv_enc;
7711 #endif /* CONFIG_WEP */
7712 
7713 	if (wpa_s->p2p_mgmt)
7714 		return 1; /* no normal network profiles on p2p_mgmt interface */
7715 
7716 	if (ssid == NULL)
7717 		return 1;
7718 
7719 	if (ssid->disabled)
7720 		return 1;
7721 
7722 #ifdef CONFIG_WEP
7723 	if (wpa_s->drv_capa_known)
7724 		drv_enc = wpa_s->drv_enc;
7725 	else
7726 		drv_enc = (unsigned int) -1;
7727 
7728 	for (i = 0; i < NUM_WEP_KEYS; i++) {
7729 		size_t len = ssid->wep_key_len[i];
7730 		if (len == 0)
7731 			continue;
7732 		if (len == 5 && (drv_enc & WPA_DRIVER_CAPA_ENC_WEP40))
7733 			continue;
7734 		if (len == 13 && (drv_enc & WPA_DRIVER_CAPA_ENC_WEP104))
7735 			continue;
7736 		if (len == 16 && (drv_enc & WPA_DRIVER_CAPA_ENC_WEP128))
7737 			continue;
7738 		return 1; /* invalid WEP key */
7739 	}
7740 #endif /* CONFIG_WEP */
7741 
7742 	if (wpa_key_mgmt_wpa_psk(ssid->key_mgmt) && !ssid->psk_set &&
7743 	    (!ssid->passphrase || ssid->ssid_len != 0) && !ssid->ext_psk &&
7744 	    !(wpa_key_mgmt_sae(ssid->key_mgmt) && ssid->sae_password) &&
7745 	    !ssid->mem_only_psk)
7746 		return 1;
7747 
7748 	return 0;
7749 }
7750 
7751 
7752 int wpas_get_ssid_pmf(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid)
7753 {
7754 	if (ssid == NULL || ssid->ieee80211w == MGMT_FRAME_PROTECTION_DEFAULT) {
7755 		if (wpa_s->conf->pmf == MGMT_FRAME_PROTECTION_OPTIONAL &&
7756 		    !(wpa_s->drv_enc & WPA_DRIVER_CAPA_ENC_BIP)) {
7757 			/*
7758 			 * Driver does not support BIP -- ignore pmf=1 default
7759 			 * since the connection with PMF would fail and the
7760 			 * configuration does not require PMF to be enabled.
7761 			 */
7762 			return NO_MGMT_FRAME_PROTECTION;
7763 		}
7764 
7765 		if (ssid &&
7766 		    (ssid->key_mgmt &
7767 		     ~(WPA_KEY_MGMT_NONE | WPA_KEY_MGMT_WPS |
7768 		       WPA_KEY_MGMT_IEEE8021X_NO_WPA)) == 0) {
7769 			/*
7770 			 * Do not use the default PMF value for non-RSN networks
7771 			 * since PMF is available only with RSN and pmf=2
7772 			 * configuration would otherwise prevent connections to
7773 			 * all open networks.
7774 			 */
7775 			return NO_MGMT_FRAME_PROTECTION;
7776 		}
7777 
7778 		return wpa_s->conf->pmf;
7779 	}
7780 
7781 	return ssid->ieee80211w;
7782 }
7783 
7784 
7785 int wpas_is_p2p_prioritized(struct wpa_supplicant *wpa_s)
7786 {
7787 	if (wpa_s->global->conc_pref == WPA_CONC_PREF_P2P)
7788 		return 1;
7789 	if (wpa_s->global->conc_pref == WPA_CONC_PREF_STA)
7790 		return 0;
7791 	return -1;
7792 }
7793 
7794 
7795 void wpas_auth_failed(struct wpa_supplicant *wpa_s, char *reason)
7796 {
7797 	struct wpa_ssid *ssid = wpa_s->current_ssid;
7798 	int dur;
7799 	struct os_reltime now;
7800 
7801 	if (ssid == NULL) {
7802 		wpa_printf(MSG_DEBUG, "Authentication failure but no known "
7803 			   "SSID block");
7804 		return;
7805 	}
7806 
7807 	if (ssid->key_mgmt == WPA_KEY_MGMT_WPS)
7808 		return;
7809 
7810 	ssid->auth_failures++;
7811 
7812 #ifdef CONFIG_P2P
7813 	if (ssid->p2p_group &&
7814 	    (wpa_s->p2p_in_provisioning || wpa_s->show_group_started)) {
7815 		/*
7816 		 * Skip the wait time since there is a short timeout on the
7817 		 * connection to a P2P group.
7818 		 */
7819 		return;
7820 	}
7821 #endif /* CONFIG_P2P */
7822 
7823 	if (ssid->auth_failures > 50)
7824 		dur = 300;
7825 	else if (ssid->auth_failures > 10)
7826 		dur = 120;
7827 	else if (ssid->auth_failures > 5)
7828 		dur = 90;
7829 	else if (ssid->auth_failures > 3)
7830 		dur = 60;
7831 	else if (ssid->auth_failures > 2)
7832 		dur = 30;
7833 	else if (ssid->auth_failures > 1)
7834 		dur = 20;
7835 	else
7836 		dur = 10;
7837 
7838 	if (ssid->auth_failures > 1 &&
7839 	    wpa_key_mgmt_wpa_ieee8021x(ssid->key_mgmt))
7840 		dur += os_random() % (ssid->auth_failures * 10);
7841 
7842 	os_get_reltime(&now);
7843 	if (now.sec + dur <= ssid->disabled_until.sec)
7844 		return;
7845 
7846 	ssid->disabled_until.sec = now.sec + dur;
7847 
7848 	wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_TEMP_DISABLED
7849 		"id=%d ssid=\"%s\" auth_failures=%u duration=%d reason=%s",
7850 		ssid->id, wpa_ssid_txt(ssid->ssid, ssid->ssid_len),
7851 		ssid->auth_failures, dur, reason);
7852 }
7853 
7854 
7855 void wpas_clear_temp_disabled(struct wpa_supplicant *wpa_s,
7856 			      struct wpa_ssid *ssid, int clear_failures)
7857 {
7858 	if (ssid == NULL)
7859 		return;
7860 
7861 	if (ssid->disabled_until.sec) {
7862 		wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_REENABLED
7863 			"id=%d ssid=\"%s\"",
7864 			ssid->id, wpa_ssid_txt(ssid->ssid, ssid->ssid_len));
7865 	}
7866 	ssid->disabled_until.sec = 0;
7867 	ssid->disabled_until.usec = 0;
7868 	if (clear_failures)
7869 		ssid->auth_failures = 0;
7870 }
7871 
7872 
7873 int disallowed_bssid(struct wpa_supplicant *wpa_s, const u8 *bssid)
7874 {
7875 	size_t i;
7876 
7877 	if (wpa_s->disallow_aps_bssid == NULL)
7878 		return 0;
7879 
7880 	for (i = 0; i < wpa_s->disallow_aps_bssid_count; i++) {
7881 		if (os_memcmp(wpa_s->disallow_aps_bssid + i * ETH_ALEN,
7882 			      bssid, ETH_ALEN) == 0)
7883 			return 1;
7884 	}
7885 
7886 	return 0;
7887 }
7888 
7889 
7890 int disallowed_ssid(struct wpa_supplicant *wpa_s, const u8 *ssid,
7891 		    size_t ssid_len)
7892 {
7893 	size_t i;
7894 
7895 	if (wpa_s->disallow_aps_ssid == NULL || ssid == NULL)
7896 		return 0;
7897 
7898 	for (i = 0; i < wpa_s->disallow_aps_ssid_count; i++) {
7899 		struct wpa_ssid_value *s = &wpa_s->disallow_aps_ssid[i];
7900 		if (ssid_len == s->ssid_len &&
7901 		    os_memcmp(ssid, s->ssid, ssid_len) == 0)
7902 			return 1;
7903 	}
7904 
7905 	return 0;
7906 }
7907 
7908 
7909 /**
7910  * wpas_request_connection - Request a new connection
7911  * @wpa_s: Pointer to the network interface
7912  *
7913  * This function is used to request a new connection to be found. It will mark
7914  * the interface to allow reassociation and request a new scan to find a
7915  * suitable network to connect to.
7916  */
7917 void wpas_request_connection(struct wpa_supplicant *wpa_s)
7918 {
7919 	wpa_s->normal_scans = 0;
7920 	wpa_s->scan_req = NORMAL_SCAN_REQ;
7921 	wpa_supplicant_reinit_autoscan(wpa_s);
7922 	wpa_s->disconnected = 0;
7923 	wpa_s->reassociate = 1;
7924 	wpa_s->last_owe_group = 0;
7925 
7926 	if (wpa_supplicant_fast_associate(wpa_s) != 1)
7927 		wpa_supplicant_req_scan(wpa_s, 0, 0);
7928 	else
7929 		wpa_s->reattach = 0;
7930 }
7931 
7932 
7933 /**
7934  * wpas_request_disconnection - Request disconnection
7935  * @wpa_s: Pointer to the network interface
7936  *
7937  * This function is used to request disconnection from the currently connected
7938  * network. This will stop any ongoing scans and initiate deauthentication.
7939  */
7940 void wpas_request_disconnection(struct wpa_supplicant *wpa_s)
7941 {
7942 #ifdef CONFIG_SME
7943 	wpa_s->sme.prev_bssid_set = 0;
7944 #endif /* CONFIG_SME */
7945 	wpa_s->reassociate = 0;
7946 	wpa_s->disconnected = 1;
7947 	wpa_supplicant_cancel_sched_scan(wpa_s);
7948 	wpa_supplicant_cancel_scan(wpa_s);
7949 	wpa_supplicant_deauthenticate(wpa_s, WLAN_REASON_DEAUTH_LEAVING);
7950 	eloop_cancel_timeout(wpas_network_reenabled, wpa_s, NULL);
7951 	radio_remove_works(wpa_s, "connect", 0);
7952 	radio_remove_works(wpa_s, "sme-connect", 0);
7953 }
7954 
7955 
7956 void dump_freq_data(struct wpa_supplicant *wpa_s, const char *title,
7957 		    struct wpa_used_freq_data *freqs_data,
7958 		    unsigned int len)
7959 {
7960 	unsigned int i;
7961 
7962 	wpa_dbg(wpa_s, MSG_DEBUG, "Shared frequencies (len=%u): %s",
7963 		len, title);
7964 	for (i = 0; i < len; i++) {
7965 		struct wpa_used_freq_data *cur = &freqs_data[i];
7966 		wpa_dbg(wpa_s, MSG_DEBUG, "freq[%u]: %d, flags=0x%X",
7967 			i, cur->freq, cur->flags);
7968 	}
7969 }
7970 
7971 
7972 /*
7973  * Find the operating frequencies of any of the virtual interfaces that
7974  * are using the same radio as the current interface, and in addition, get
7975  * information about the interface types that are using the frequency.
7976  */
7977 int get_shared_radio_freqs_data(struct wpa_supplicant *wpa_s,
7978 				struct wpa_used_freq_data *freqs_data,
7979 				unsigned int len)
7980 {
7981 	struct wpa_supplicant *ifs;
7982 	u8 bssid[ETH_ALEN];
7983 	int freq;
7984 	unsigned int idx = 0, i;
7985 
7986 	wpa_dbg(wpa_s, MSG_DEBUG,
7987 		"Determining shared radio frequencies (max len %u)", len);
7988 	os_memset(freqs_data, 0, sizeof(struct wpa_used_freq_data) * len);
7989 
7990 	dl_list_for_each(ifs, &wpa_s->radio->ifaces, struct wpa_supplicant,
7991 			 radio_list) {
7992 		if (idx == len)
7993 			break;
7994 
7995 		if (ifs->current_ssid == NULL || ifs->assoc_freq == 0)
7996 			continue;
7997 
7998 		if (ifs->current_ssid->mode == WPAS_MODE_AP ||
7999 		    ifs->current_ssid->mode == WPAS_MODE_P2P_GO ||
8000 		    ifs->current_ssid->mode == WPAS_MODE_MESH)
8001 			freq = ifs->current_ssid->frequency;
8002 		else if (wpa_drv_get_bssid(ifs, bssid) == 0)
8003 			freq = ifs->assoc_freq;
8004 		else
8005 			continue;
8006 
8007 		/* Hold only distinct freqs */
8008 		for (i = 0; i < idx; i++)
8009 			if (freqs_data[i].freq == freq)
8010 				break;
8011 
8012 		if (i == idx)
8013 			freqs_data[idx++].freq = freq;
8014 
8015 		if (ifs->current_ssid->mode == WPAS_MODE_INFRA) {
8016 			freqs_data[i].flags |= ifs->current_ssid->p2p_group ?
8017 				WPA_FREQ_USED_BY_P2P_CLIENT :
8018 				WPA_FREQ_USED_BY_INFRA_STATION;
8019 		}
8020 	}
8021 
8022 	dump_freq_data(wpa_s, "completed iteration", freqs_data, idx);
8023 	return idx;
8024 }
8025 
8026 
8027 /*
8028  * Find the operating frequencies of any of the virtual interfaces that
8029  * are using the same radio as the current interface.
8030  */
8031 int get_shared_radio_freqs(struct wpa_supplicant *wpa_s,
8032 			   int *freq_array, unsigned int len)
8033 {
8034 	struct wpa_used_freq_data *freqs_data;
8035 	int num, i;
8036 
8037 	os_memset(freq_array, 0, sizeof(int) * len);
8038 
8039 	freqs_data = os_calloc(len, sizeof(struct wpa_used_freq_data));
8040 	if (!freqs_data)
8041 		return -1;
8042 
8043 	num = get_shared_radio_freqs_data(wpa_s, freqs_data, len);
8044 	for (i = 0; i < num; i++)
8045 		freq_array[i] = freqs_data[i].freq;
8046 
8047 	os_free(freqs_data);
8048 
8049 	return num;
8050 }
8051 
8052 
8053 struct wpa_supplicant *
8054 wpas_vendor_elem(struct wpa_supplicant *wpa_s, enum wpa_vendor_elem_frame frame)
8055 {
8056 	switch (frame) {
8057 #ifdef CONFIG_P2P
8058 	case VENDOR_ELEM_PROBE_REQ_P2P:
8059 	case VENDOR_ELEM_PROBE_RESP_P2P:
8060 	case VENDOR_ELEM_PROBE_RESP_P2P_GO:
8061 	case VENDOR_ELEM_BEACON_P2P_GO:
8062 	case VENDOR_ELEM_P2P_PD_REQ:
8063 	case VENDOR_ELEM_P2P_PD_RESP:
8064 	case VENDOR_ELEM_P2P_GO_NEG_REQ:
8065 	case VENDOR_ELEM_P2P_GO_NEG_RESP:
8066 	case VENDOR_ELEM_P2P_GO_NEG_CONF:
8067 	case VENDOR_ELEM_P2P_INV_REQ:
8068 	case VENDOR_ELEM_P2P_INV_RESP:
8069 	case VENDOR_ELEM_P2P_ASSOC_REQ:
8070 	case VENDOR_ELEM_P2P_ASSOC_RESP:
8071 		return wpa_s->p2pdev;
8072 #endif /* CONFIG_P2P */
8073 	default:
8074 		return wpa_s;
8075 	}
8076 }
8077 
8078 
8079 void wpas_vendor_elem_update(struct wpa_supplicant *wpa_s)
8080 {
8081 	unsigned int i;
8082 	char buf[30];
8083 
8084 	wpa_printf(MSG_DEBUG, "Update vendor elements");
8085 
8086 	for (i = 0; i < NUM_VENDOR_ELEM_FRAMES; i++) {
8087 		if (wpa_s->vendor_elem[i]) {
8088 			int res;
8089 
8090 			res = os_snprintf(buf, sizeof(buf), "frame[%u]", i);
8091 			if (!os_snprintf_error(sizeof(buf), res)) {
8092 				wpa_hexdump_buf(MSG_DEBUG, buf,
8093 						wpa_s->vendor_elem[i]);
8094 			}
8095 		}
8096 	}
8097 
8098 #ifdef CONFIG_P2P
8099 	if (wpa_s->parent == wpa_s &&
8100 	    wpa_s->global->p2p &&
8101 	    !wpa_s->global->p2p_disabled)
8102 		p2p_set_vendor_elems(wpa_s->global->p2p, wpa_s->vendor_elem);
8103 #endif /* CONFIG_P2P */
8104 }
8105 
8106 
8107 int wpas_vendor_elem_remove(struct wpa_supplicant *wpa_s, int frame,
8108 			    const u8 *elem, size_t len)
8109 {
8110 	u8 *ie, *end;
8111 
8112 	ie = wpabuf_mhead_u8(wpa_s->vendor_elem[frame]);
8113 	end = ie + wpabuf_len(wpa_s->vendor_elem[frame]);
8114 
8115 	for (; ie + 1 < end; ie += 2 + ie[1]) {
8116 		if (ie + len > end)
8117 			break;
8118 		if (os_memcmp(ie, elem, len) != 0)
8119 			continue;
8120 
8121 		if (wpabuf_len(wpa_s->vendor_elem[frame]) == len) {
8122 			wpabuf_free(wpa_s->vendor_elem[frame]);
8123 			wpa_s->vendor_elem[frame] = NULL;
8124 		} else {
8125 			os_memmove(ie, ie + len, end - (ie + len));
8126 			wpa_s->vendor_elem[frame]->used -= len;
8127 		}
8128 		wpas_vendor_elem_update(wpa_s);
8129 		return 0;
8130 	}
8131 
8132 	return -1;
8133 }
8134 
8135 
8136 struct hostapd_hw_modes * get_mode(struct hostapd_hw_modes *modes,
8137 				   u16 num_modes, enum hostapd_hw_mode mode,
8138 				   bool is_6ghz)
8139 {
8140 	u16 i;
8141 
8142 	for (i = 0; i < num_modes; i++) {
8143 		if (modes[i].mode != mode ||
8144 		    !modes[i].num_channels || !modes[i].channels)
8145 			continue;
8146 		if ((!is_6ghz && !is_6ghz_freq(modes[i].channels[0].freq)) ||
8147 		    (is_6ghz && is_6ghz_freq(modes[i].channels[0].freq)))
8148 			return &modes[i];
8149 	}
8150 
8151 	return NULL;
8152 }
8153 
8154 
8155 struct hostapd_hw_modes * get_mode_with_freq(struct hostapd_hw_modes *modes,
8156 					     u16 num_modes, int freq)
8157 {
8158 	int i, j;
8159 
8160 	for (i = 0; i < num_modes; i++) {
8161 		for (j = 0; j < modes[i].num_channels; j++) {
8162 			if (freq == modes[i].channels[j].freq)
8163 				return &modes[i];
8164 		}
8165 	}
8166 
8167 	return NULL;
8168 }
8169 
8170 
8171 static struct
8172 wpa_bss_tmp_disallowed * wpas_get_disallowed_bss(struct wpa_supplicant *wpa_s,
8173 						 const u8 *bssid)
8174 {
8175 	struct wpa_bss_tmp_disallowed *bss;
8176 
8177 	dl_list_for_each(bss, &wpa_s->bss_tmp_disallowed,
8178 			 struct wpa_bss_tmp_disallowed, list) {
8179 		if (os_memcmp(bssid, bss->bssid, ETH_ALEN) == 0)
8180 			return bss;
8181 	}
8182 
8183 	return NULL;
8184 }
8185 
8186 
8187 static int wpa_set_driver_tmp_disallow_list(struct wpa_supplicant *wpa_s)
8188 {
8189 	struct wpa_bss_tmp_disallowed *tmp;
8190 	unsigned int num_bssid = 0;
8191 	u8 *bssids;
8192 	int ret;
8193 
8194 	bssids = os_malloc(dl_list_len(&wpa_s->bss_tmp_disallowed) * ETH_ALEN);
8195 	if (!bssids)
8196 		return -1;
8197 	dl_list_for_each(tmp, &wpa_s->bss_tmp_disallowed,
8198 			 struct wpa_bss_tmp_disallowed, list) {
8199 		os_memcpy(&bssids[num_bssid * ETH_ALEN], tmp->bssid,
8200 			  ETH_ALEN);
8201 		num_bssid++;
8202 	}
8203 	ret = wpa_drv_set_bssid_tmp_disallow(wpa_s, num_bssid, bssids);
8204 	os_free(bssids);
8205 	return ret;
8206 }
8207 
8208 
8209 static void wpa_bss_tmp_disallow_timeout(void *eloop_ctx, void *timeout_ctx)
8210 {
8211 	struct wpa_supplicant *wpa_s = eloop_ctx;
8212 	struct wpa_bss_tmp_disallowed *tmp, *bss = timeout_ctx;
8213 
8214 	/* Make sure the bss is not already freed */
8215 	dl_list_for_each(tmp, &wpa_s->bss_tmp_disallowed,
8216 			 struct wpa_bss_tmp_disallowed, list) {
8217 		if (bss == tmp) {
8218 			remove_bss_tmp_disallowed_entry(wpa_s, tmp);
8219 			wpa_set_driver_tmp_disallow_list(wpa_s);
8220 			break;
8221 		}
8222 	}
8223 }
8224 
8225 
8226 void wpa_bss_tmp_disallow(struct wpa_supplicant *wpa_s, const u8 *bssid,
8227 			  unsigned int sec, int rssi_threshold)
8228 {
8229 	struct wpa_bss_tmp_disallowed *bss;
8230 
8231 	bss = wpas_get_disallowed_bss(wpa_s, bssid);
8232 	if (bss) {
8233 		eloop_cancel_timeout(wpa_bss_tmp_disallow_timeout, wpa_s, bss);
8234 		goto finish;
8235 	}
8236 
8237 	bss = os_malloc(sizeof(*bss));
8238 	if (!bss) {
8239 		wpa_printf(MSG_DEBUG,
8240 			   "Failed to allocate memory for temp disallow BSS");
8241 		return;
8242 	}
8243 
8244 	os_memcpy(bss->bssid, bssid, ETH_ALEN);
8245 	dl_list_add(&wpa_s->bss_tmp_disallowed, &bss->list);
8246 	wpa_set_driver_tmp_disallow_list(wpa_s);
8247 
8248 finish:
8249 	bss->rssi_threshold = rssi_threshold;
8250 	eloop_register_timeout(sec, 0, wpa_bss_tmp_disallow_timeout,
8251 			       wpa_s, bss);
8252 }
8253 
8254 
8255 int wpa_is_bss_tmp_disallowed(struct wpa_supplicant *wpa_s,
8256 			      struct wpa_bss *bss)
8257 {
8258 	struct wpa_bss_tmp_disallowed *disallowed = NULL, *tmp, *prev;
8259 
8260 	dl_list_for_each_safe(tmp, prev, &wpa_s->bss_tmp_disallowed,
8261 			 struct wpa_bss_tmp_disallowed, list) {
8262 		if (os_memcmp(bss->bssid, tmp->bssid, ETH_ALEN) == 0) {
8263 			disallowed = tmp;
8264 			break;
8265 		}
8266 	}
8267 	if (!disallowed)
8268 		return 0;
8269 
8270 	if (disallowed->rssi_threshold != 0 &&
8271 	    bss->level > disallowed->rssi_threshold) {
8272 		remove_bss_tmp_disallowed_entry(wpa_s, disallowed);
8273 		wpa_set_driver_tmp_disallow_list(wpa_s);
8274 		return 0;
8275 	}
8276 
8277 	return 1;
8278 }
8279 
8280 
8281 int wpas_enable_mac_addr_randomization(struct wpa_supplicant *wpa_s,
8282 				       unsigned int type, const u8 *addr,
8283 				       const u8 *mask)
8284 {
8285 	if ((addr && !mask) || (!addr && mask)) {
8286 		wpa_printf(MSG_INFO,
8287 			   "MAC_ADDR_RAND_SCAN invalid addr/mask combination");
8288 		return -1;
8289 	}
8290 
8291 	if (addr && mask && (!(mask[0] & 0x01) || (addr[0] & 0x01))) {
8292 		wpa_printf(MSG_INFO,
8293 			   "MAC_ADDR_RAND_SCAN cannot allow multicast address");
8294 		return -1;
8295 	}
8296 
8297 	if (type & MAC_ADDR_RAND_SCAN) {
8298 		if (wpas_mac_addr_rand_scan_set(wpa_s, MAC_ADDR_RAND_SCAN,
8299 						addr, mask))
8300 			return -1;
8301 	}
8302 
8303 	if (type & MAC_ADDR_RAND_SCHED_SCAN) {
8304 		if (wpas_mac_addr_rand_scan_set(wpa_s, MAC_ADDR_RAND_SCHED_SCAN,
8305 						addr, mask))
8306 			return -1;
8307 
8308 		if (wpa_s->sched_scanning && !wpa_s->pno)
8309 			wpas_scan_restart_sched_scan(wpa_s);
8310 	}
8311 
8312 	if (type & MAC_ADDR_RAND_PNO) {
8313 		if (wpas_mac_addr_rand_scan_set(wpa_s, MAC_ADDR_RAND_PNO,
8314 						addr, mask))
8315 			return -1;
8316 
8317 		if (wpa_s->pno) {
8318 			wpas_stop_pno(wpa_s);
8319 			wpas_start_pno(wpa_s);
8320 		}
8321 	}
8322 
8323 	return 0;
8324 }
8325 
8326 
8327 int wpas_disable_mac_addr_randomization(struct wpa_supplicant *wpa_s,
8328 					unsigned int type)
8329 {
8330 	wpas_mac_addr_rand_scan_clear(wpa_s, type);
8331 	if (wpa_s->pno) {
8332 		if (type & MAC_ADDR_RAND_PNO) {
8333 			wpas_stop_pno(wpa_s);
8334 			wpas_start_pno(wpa_s);
8335 		}
8336 	} else if (wpa_s->sched_scanning && (type & MAC_ADDR_RAND_SCHED_SCAN)) {
8337 		wpas_scan_restart_sched_scan(wpa_s);
8338 	}
8339 
8340 	return 0;
8341 }
8342 
8343 
8344 int wpa_drv_signal_poll(struct wpa_supplicant *wpa_s,
8345 			struct wpa_signal_info *si)
8346 {
8347 	int res;
8348 
8349 	if (!wpa_s->driver->signal_poll)
8350 		return -1;
8351 
8352 	res = wpa_s->driver->signal_poll(wpa_s->drv_priv, si);
8353 
8354 #ifdef CONFIG_TESTING_OPTIONS
8355 	if (res == 0) {
8356 		struct driver_signal_override *dso;
8357 
8358 		dl_list_for_each(dso, &wpa_s->drv_signal_override,
8359 				 struct driver_signal_override, list) {
8360 			if (os_memcmp(wpa_s->bssid, dso->bssid,
8361 				      ETH_ALEN) != 0)
8362 				continue;
8363 			wpa_printf(MSG_DEBUG,
8364 				   "Override driver signal_poll information: current_signal: %d->%d avg_signal: %d->%d avg_beacon_signal: %d->%d current_noise: %d->%d",
8365 				   si->current_signal,
8366 				   dso->si_current_signal,
8367 				   si->avg_signal,
8368 				   dso->si_avg_signal,
8369 				   si->avg_beacon_signal,
8370 				   dso->si_avg_beacon_signal,
8371 				   si->current_noise,
8372 				   dso->si_current_noise);
8373 			si->current_signal = dso->si_current_signal;
8374 			si->avg_signal = dso->si_avg_signal;
8375 			si->avg_beacon_signal = dso->si_avg_beacon_signal;
8376 			si->current_noise = dso->si_current_noise;
8377 			break;
8378 		}
8379 	}
8380 #endif /* CONFIG_TESTING_OPTIONS */
8381 
8382 	return res;
8383 }
8384 
8385 
8386 struct wpa_scan_results *
8387 wpa_drv_get_scan_results2(struct wpa_supplicant *wpa_s)
8388 {
8389 	struct wpa_scan_results *scan_res;
8390 #ifdef CONFIG_TESTING_OPTIONS
8391 	size_t idx;
8392 #endif /* CONFIG_TESTING_OPTIONS */
8393 
8394 	if (!wpa_s->driver->get_scan_results2)
8395 		return NULL;
8396 
8397 	scan_res = wpa_s->driver->get_scan_results2(wpa_s->drv_priv);
8398 
8399 #ifdef CONFIG_TESTING_OPTIONS
8400 	for (idx = 0; scan_res && idx < scan_res->num; idx++) {
8401 		struct driver_signal_override *dso;
8402 		struct wpa_scan_res *res = scan_res->res[idx];
8403 
8404 		dl_list_for_each(dso, &wpa_s->drv_signal_override,
8405 				 struct driver_signal_override, list) {
8406 			if (os_memcmp(res->bssid, dso->bssid, ETH_ALEN) != 0)
8407 				continue;
8408 			wpa_printf(MSG_DEBUG,
8409 				   "Override driver scan signal level %d->%d for "
8410 				   MACSTR,
8411 				   res->level, dso->scan_level,
8412 				   MAC2STR(res->bssid));
8413 			res->flags |= WPA_SCAN_QUAL_INVALID;
8414 			if (dso->scan_level < 0)
8415 				res->flags |= WPA_SCAN_LEVEL_DBM;
8416 			else
8417 				res->flags &= ~WPA_SCAN_LEVEL_DBM;
8418 			res->level = dso->scan_level;
8419 			break;
8420 		}
8421 	}
8422 #endif /* CONFIG_TESTING_OPTIONS */
8423 
8424 	return scan_res;
8425 }
8426