xref: /freebsd/contrib/wpa/wpa_supplicant/wpa_supplicant.c (revision e92ffd9b626833ebdbf2742c8ffddc6cd94b963e)
1 /*
2  * WPA Supplicant
3  * Copyright (c) 2003-2022, Jouni Malinen <j@w1.fi>
4  *
5  * This software may be distributed under the terms of the BSD license.
6  * See README for more details.
7  *
8  * This file implements functions for registering and unregistering
9  * %wpa_supplicant interfaces. In addition, this file contains number of
10  * functions for managing network connections.
11  */
12 
13 #include "includes.h"
14 #ifdef CONFIG_MATCH_IFACE
15 #include <net/if.h>
16 #include <fnmatch.h>
17 #endif /* CONFIG_MATCH_IFACE */
18 
19 #include "common.h"
20 #include "crypto/random.h"
21 #include "crypto/sha1.h"
22 #include "eapol_supp/eapol_supp_sm.h"
23 #include "eap_peer/eap.h"
24 #include "eap_peer/eap_proxy.h"
25 #include "eap_server/eap_methods.h"
26 #include "rsn_supp/wpa.h"
27 #include "eloop.h"
28 #include "config.h"
29 #include "utils/ext_password.h"
30 #include "l2_packet/l2_packet.h"
31 #include "wpa_supplicant_i.h"
32 #include "driver_i.h"
33 #include "ctrl_iface.h"
34 #include "pcsc_funcs.h"
35 #include "common/version.h"
36 #include "rsn_supp/preauth.h"
37 #include "rsn_supp/pmksa_cache.h"
38 #include "common/wpa_ctrl.h"
39 #include "common/ieee802_11_common.h"
40 #include "common/ieee802_11_defs.h"
41 #include "common/hw_features_common.h"
42 #include "common/gas_server.h"
43 #include "common/dpp.h"
44 #include "common/ptksa_cache.h"
45 #include "p2p/p2p.h"
46 #include "fst/fst.h"
47 #include "bssid_ignore.h"
48 #include "wpas_glue.h"
49 #include "wps_supplicant.h"
50 #include "ibss_rsn.h"
51 #include "sme.h"
52 #include "gas_query.h"
53 #include "ap.h"
54 #include "p2p_supplicant.h"
55 #include "wifi_display.h"
56 #include "notify.h"
57 #include "bgscan.h"
58 #include "autoscan.h"
59 #include "bss.h"
60 #include "scan.h"
61 #include "offchannel.h"
62 #include "hs20_supplicant.h"
63 #include "wnm_sta.h"
64 #include "wpas_kay.h"
65 #include "mesh.h"
66 #include "dpp_supplicant.h"
67 #ifdef CONFIG_MESH
68 #include "ap/ap_config.h"
69 #include "ap/hostapd.h"
70 #endif /* CONFIG_MESH */
71 
72 const char *const wpa_supplicant_version =
73 "wpa_supplicant v" VERSION_STR "\n"
74 "Copyright (c) 2003-2022, Jouni Malinen <j@w1.fi> and contributors";
75 
76 const char *const wpa_supplicant_license =
77 "This software may be distributed under the terms of the BSD license.\n"
78 "See README for more details.\n"
79 #ifdef EAP_TLS_OPENSSL
80 "\nThis product includes software developed by the OpenSSL Project\n"
81 "for use in the OpenSSL Toolkit (http://www.openssl.org/)\n"
82 #endif /* EAP_TLS_OPENSSL */
83 ;
84 
85 #ifndef CONFIG_NO_STDOUT_DEBUG
86 /* Long text divided into parts in order to fit in C89 strings size limits. */
87 const char *const wpa_supplicant_full_license1 =
88 "";
89 const char *const wpa_supplicant_full_license2 =
90 "This software may be distributed under the terms of the BSD license.\n"
91 "\n"
92 "Redistribution and use in source and binary forms, with or without\n"
93 "modification, are permitted provided that the following conditions are\n"
94 "met:\n"
95 "\n";
96 const char *const wpa_supplicant_full_license3 =
97 "1. Redistributions of source code must retain the above copyright\n"
98 "   notice, this list of conditions and the following disclaimer.\n"
99 "\n"
100 "2. Redistributions in binary form must reproduce the above copyright\n"
101 "   notice, this list of conditions and the following disclaimer in the\n"
102 "   documentation and/or other materials provided with the distribution.\n"
103 "\n";
104 const char *const wpa_supplicant_full_license4 =
105 "3. Neither the name(s) of the above-listed copyright holder(s) nor the\n"
106 "   names of its contributors may be used to endorse or promote products\n"
107 "   derived from this software without specific prior written permission.\n"
108 "\n"
109 "THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS\n"
110 "\"AS IS\" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT\n"
111 "LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR\n"
112 "A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT\n";
113 const char *const wpa_supplicant_full_license5 =
114 "OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,\n"
115 "SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT\n"
116 "LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,\n"
117 "DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY\n"
118 "THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT\n"
119 "(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE\n"
120 "OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n"
121 "\n";
122 #endif /* CONFIG_NO_STDOUT_DEBUG */
123 
124 
125 static void wpa_bss_tmp_disallow_timeout(void *eloop_ctx, void *timeout_ctx);
126 #if defined(CONFIG_FILS) && defined(IEEE8021X_EAPOL)
127 static void wpas_update_fils_connect_params(struct wpa_supplicant *wpa_s);
128 #endif /* CONFIG_FILS && IEEE8021X_EAPOL */
129 #ifdef CONFIG_OWE
130 static void wpas_update_owe_connect_params(struct wpa_supplicant *wpa_s);
131 #endif /* CONFIG_OWE */
132 
133 
134 #ifdef CONFIG_WEP
135 /* Configure default/group WEP keys for static WEP */
136 int wpa_set_wep_keys(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid)
137 {
138 	int i, set = 0;
139 
140 	for (i = 0; i < NUM_WEP_KEYS; i++) {
141 		if (ssid->wep_key_len[i] == 0)
142 			continue;
143 
144 		set = 1;
145 		wpa_drv_set_key(wpa_s, WPA_ALG_WEP, NULL,
146 				i, i == ssid->wep_tx_keyidx, NULL, 0,
147 				ssid->wep_key[i], ssid->wep_key_len[i],
148 				i == ssid->wep_tx_keyidx ?
149 				KEY_FLAG_GROUP_RX_TX_DEFAULT :
150 				KEY_FLAG_GROUP_RX_TX);
151 	}
152 
153 	return set;
154 }
155 #endif /* CONFIG_WEP */
156 
157 
158 int wpa_supplicant_set_wpa_none_key(struct wpa_supplicant *wpa_s,
159 				    struct wpa_ssid *ssid)
160 {
161 	u8 key[32];
162 	size_t keylen;
163 	enum wpa_alg alg;
164 	u8 seq[6] = { 0 };
165 	int ret;
166 
167 	/* IBSS/WPA-None uses only one key (Group) for both receiving and
168 	 * sending unicast and multicast packets. */
169 
170 	if (ssid->mode != WPAS_MODE_IBSS) {
171 		wpa_msg(wpa_s, MSG_INFO, "WPA: Invalid mode %d (not "
172 			"IBSS/ad-hoc) for WPA-None", ssid->mode);
173 		return -1;
174 	}
175 
176 	if (!ssid->psk_set) {
177 		wpa_msg(wpa_s, MSG_INFO, "WPA: No PSK configured for "
178 			"WPA-None");
179 		return -1;
180 	}
181 
182 	switch (wpa_s->group_cipher) {
183 	case WPA_CIPHER_CCMP:
184 		os_memcpy(key, ssid->psk, 16);
185 		keylen = 16;
186 		alg = WPA_ALG_CCMP;
187 		break;
188 	case WPA_CIPHER_GCMP:
189 		os_memcpy(key, ssid->psk, 16);
190 		keylen = 16;
191 		alg = WPA_ALG_GCMP;
192 		break;
193 	case WPA_CIPHER_TKIP:
194 		/* WPA-None uses the same Michael MIC key for both TX and RX */
195 		os_memcpy(key, ssid->psk, 16 + 8);
196 		os_memcpy(key + 16 + 8, ssid->psk + 16, 8);
197 		keylen = 32;
198 		alg = WPA_ALG_TKIP;
199 		break;
200 	default:
201 		wpa_msg(wpa_s, MSG_INFO, "WPA: Invalid group cipher %d for "
202 			"WPA-None", wpa_s->group_cipher);
203 		return -1;
204 	}
205 
206 	/* TODO: should actually remember the previously used seq#, both for TX
207 	 * and RX from each STA.. */
208 
209 	ret = wpa_drv_set_key(wpa_s, alg, NULL, 0, 1, seq, 6, key, keylen,
210 			      KEY_FLAG_GROUP_RX_TX_DEFAULT);
211 	os_memset(key, 0, sizeof(key));
212 	return ret;
213 }
214 
215 
216 static void wpa_supplicant_timeout(void *eloop_ctx, void *timeout_ctx)
217 {
218 	struct wpa_supplicant *wpa_s = eloop_ctx;
219 	const u8 *bssid = wpa_s->bssid;
220 	if (!is_zero_ether_addr(wpa_s->pending_bssid) &&
221 	    (wpa_s->wpa_state == WPA_AUTHENTICATING ||
222 	     wpa_s->wpa_state == WPA_ASSOCIATING))
223 		bssid = wpa_s->pending_bssid;
224 	wpa_msg(wpa_s, MSG_INFO, "Authentication with " MACSTR " timed out.",
225 		MAC2STR(bssid));
226 	wpa_bssid_ignore_add(wpa_s, bssid);
227 	wpa_sm_notify_disassoc(wpa_s->wpa);
228 	wpa_supplicant_deauthenticate(wpa_s, WLAN_REASON_DEAUTH_LEAVING);
229 	wpa_s->reassociate = 1;
230 
231 	/*
232 	 * If we timed out, the AP or the local radio may be busy.
233 	 * So, wait a second until scanning again.
234 	 */
235 	wpa_supplicant_req_scan(wpa_s, 1, 0);
236 }
237 
238 
239 /**
240  * wpa_supplicant_req_auth_timeout - Schedule a timeout for authentication
241  * @wpa_s: Pointer to wpa_supplicant data
242  * @sec: Number of seconds after which to time out authentication
243  * @usec: Number of microseconds after which to time out authentication
244  *
245  * This function is used to schedule a timeout for the current authentication
246  * attempt.
247  */
248 void wpa_supplicant_req_auth_timeout(struct wpa_supplicant *wpa_s,
249 				     int sec, int usec)
250 {
251 	if (wpa_s->conf->ap_scan == 0 &&
252 	    (wpa_s->drv_flags & WPA_DRIVER_FLAGS_WIRED))
253 		return;
254 
255 	wpa_dbg(wpa_s, MSG_DEBUG, "Setting authentication timeout: %d sec "
256 		"%d usec", sec, usec);
257 	eloop_cancel_timeout(wpa_supplicant_timeout, wpa_s, NULL);
258 	wpa_s->last_auth_timeout_sec = sec;
259 	eloop_register_timeout(sec, usec, wpa_supplicant_timeout, wpa_s, NULL);
260 }
261 
262 
263 /*
264  * wpas_auth_timeout_restart - Restart and change timeout for authentication
265  * @wpa_s: Pointer to wpa_supplicant data
266  * @sec_diff: difference in seconds applied to original timeout value
267  */
268 void wpas_auth_timeout_restart(struct wpa_supplicant *wpa_s, int sec_diff)
269 {
270 	int new_sec = wpa_s->last_auth_timeout_sec + sec_diff;
271 
272 	if (eloop_is_timeout_registered(wpa_supplicant_timeout, wpa_s, NULL)) {
273 		wpa_dbg(wpa_s, MSG_DEBUG,
274 			"Authentication timeout restart: %d sec", new_sec);
275 		eloop_cancel_timeout(wpa_supplicant_timeout, wpa_s, NULL);
276 		eloop_register_timeout(new_sec, 0, wpa_supplicant_timeout,
277 				       wpa_s, NULL);
278 	}
279 }
280 
281 
282 /**
283  * wpa_supplicant_cancel_auth_timeout - Cancel authentication timeout
284  * @wpa_s: Pointer to wpa_supplicant data
285  *
286  * This function is used to cancel authentication timeout scheduled with
287  * wpa_supplicant_req_auth_timeout() and it is called when authentication has
288  * been completed.
289  */
290 void wpa_supplicant_cancel_auth_timeout(struct wpa_supplicant *wpa_s)
291 {
292 	wpa_dbg(wpa_s, MSG_DEBUG, "Cancelling authentication timeout");
293 	eloop_cancel_timeout(wpa_supplicant_timeout, wpa_s, NULL);
294 	wpa_bssid_ignore_del(wpa_s, wpa_s->bssid);
295 	os_free(wpa_s->last_con_fail_realm);
296 	wpa_s->last_con_fail_realm = NULL;
297 	wpa_s->last_con_fail_realm_len = 0;
298 }
299 
300 
301 /**
302  * wpa_supplicant_initiate_eapol - Configure EAPOL state machine
303  * @wpa_s: Pointer to wpa_supplicant data
304  *
305  * This function is used to configure EAPOL state machine based on the selected
306  * authentication mode.
307  */
308 void wpa_supplicant_initiate_eapol(struct wpa_supplicant *wpa_s)
309 {
310 #ifdef IEEE8021X_EAPOL
311 	struct eapol_config eapol_conf;
312 	struct wpa_ssid *ssid = wpa_s->current_ssid;
313 
314 #ifdef CONFIG_IBSS_RSN
315 	if (ssid->mode == WPAS_MODE_IBSS &&
316 	    wpa_s->key_mgmt != WPA_KEY_MGMT_NONE &&
317 	    wpa_s->key_mgmt != WPA_KEY_MGMT_WPA_NONE) {
318 		/*
319 		 * RSN IBSS authentication is per-STA and we can disable the
320 		 * per-BSSID EAPOL authentication.
321 		 */
322 		eapol_sm_notify_portControl(wpa_s->eapol, ForceAuthorized);
323 		eapol_sm_notify_eap_success(wpa_s->eapol, true);
324 		eapol_sm_notify_eap_fail(wpa_s->eapol, false);
325 		return;
326 	}
327 #endif /* CONFIG_IBSS_RSN */
328 
329 	eapol_sm_notify_eap_success(wpa_s->eapol, false);
330 	eapol_sm_notify_eap_fail(wpa_s->eapol, false);
331 
332 	if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE ||
333 	    wpa_s->key_mgmt == WPA_KEY_MGMT_WPA_NONE)
334 		eapol_sm_notify_portControl(wpa_s->eapol, ForceAuthorized);
335 	else
336 		eapol_sm_notify_portControl(wpa_s->eapol, Auto);
337 
338 	os_memset(&eapol_conf, 0, sizeof(eapol_conf));
339 	if (wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
340 		eapol_conf.accept_802_1x_keys = 1;
341 		eapol_conf.required_keys = 0;
342 		if (ssid->eapol_flags & EAPOL_FLAG_REQUIRE_KEY_UNICAST) {
343 			eapol_conf.required_keys |= EAPOL_REQUIRE_KEY_UNICAST;
344 		}
345 		if (ssid->eapol_flags & EAPOL_FLAG_REQUIRE_KEY_BROADCAST) {
346 			eapol_conf.required_keys |=
347 				EAPOL_REQUIRE_KEY_BROADCAST;
348 		}
349 
350 		if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_WIRED)
351 			eapol_conf.required_keys = 0;
352 	}
353 	eapol_conf.fast_reauth = wpa_s->conf->fast_reauth;
354 	eapol_conf.workaround = ssid->eap_workaround;
355 	eapol_conf.eap_disabled =
356 		!wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt) &&
357 		wpa_s->key_mgmt != WPA_KEY_MGMT_IEEE8021X_NO_WPA &&
358 		wpa_s->key_mgmt != WPA_KEY_MGMT_WPS;
359 	eapol_conf.external_sim = wpa_s->conf->external_sim;
360 
361 #ifdef CONFIG_WPS
362 	if (wpa_s->key_mgmt == WPA_KEY_MGMT_WPS) {
363 		eapol_conf.wps |= EAPOL_LOCAL_WPS_IN_USE;
364 		if (wpa_s->current_bss) {
365 			struct wpabuf *ie;
366 			ie = wpa_bss_get_vendor_ie_multi(wpa_s->current_bss,
367 							 WPS_IE_VENDOR_TYPE);
368 			if (ie) {
369 				if (wps_is_20(ie))
370 					eapol_conf.wps |=
371 						EAPOL_PEER_IS_WPS20_AP;
372 				wpabuf_free(ie);
373 			}
374 		}
375 	}
376 #endif /* CONFIG_WPS */
377 
378 	eapol_sm_notify_config(wpa_s->eapol, &ssid->eap, &eapol_conf);
379 
380 #ifdef CONFIG_MACSEC
381 	if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE && ssid->mka_psk_set)
382 		ieee802_1x_create_preshared_mka(wpa_s, ssid);
383 	else
384 		ieee802_1x_alloc_kay_sm(wpa_s, ssid);
385 #endif /* CONFIG_MACSEC */
386 #endif /* IEEE8021X_EAPOL */
387 }
388 
389 
390 /**
391  * wpa_supplicant_set_non_wpa_policy - Set WPA parameters to non-WPA mode
392  * @wpa_s: Pointer to wpa_supplicant data
393  * @ssid: Configuration data for the network
394  *
395  * This function is used to configure WPA state machine and related parameters
396  * to a mode where WPA is not enabled. This is called as part of the
397  * authentication configuration when the selected network does not use WPA.
398  */
399 void wpa_supplicant_set_non_wpa_policy(struct wpa_supplicant *wpa_s,
400 				       struct wpa_ssid *ssid)
401 {
402 #ifdef CONFIG_WEP
403 	int i;
404 #endif /* CONFIG_WEP */
405 
406 	if (ssid->key_mgmt & WPA_KEY_MGMT_WPS)
407 		wpa_s->key_mgmt = WPA_KEY_MGMT_WPS;
408 	else if (ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA)
409 		wpa_s->key_mgmt = WPA_KEY_MGMT_IEEE8021X_NO_WPA;
410 	else
411 		wpa_s->key_mgmt = WPA_KEY_MGMT_NONE;
412 	wpa_sm_set_ap_wpa_ie(wpa_s->wpa, NULL, 0);
413 	wpa_sm_set_ap_rsn_ie(wpa_s->wpa, NULL, 0);
414 	wpa_sm_set_ap_rsnxe(wpa_s->wpa, NULL, 0);
415 	wpa_sm_set_assoc_wpa_ie(wpa_s->wpa, NULL, 0);
416 	wpa_sm_set_assoc_rsnxe(wpa_s->wpa, NULL, 0);
417 	wpa_s->rsnxe_len = 0;
418 	wpa_s->pairwise_cipher = WPA_CIPHER_NONE;
419 	wpa_s->group_cipher = WPA_CIPHER_NONE;
420 	wpa_s->mgmt_group_cipher = 0;
421 
422 #ifdef CONFIG_WEP
423 	for (i = 0; i < NUM_WEP_KEYS; i++) {
424 		if (ssid->wep_key_len[i] > 5) {
425 			wpa_s->pairwise_cipher = WPA_CIPHER_WEP104;
426 			wpa_s->group_cipher = WPA_CIPHER_WEP104;
427 			break;
428 		} else if (ssid->wep_key_len[i] > 0) {
429 			wpa_s->pairwise_cipher = WPA_CIPHER_WEP40;
430 			wpa_s->group_cipher = WPA_CIPHER_WEP40;
431 			break;
432 		}
433 	}
434 #endif /* CONFIG_WEP */
435 
436 	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_RSN_ENABLED, 0);
437 	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_KEY_MGMT, wpa_s->key_mgmt);
438 	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_PAIRWISE,
439 			 wpa_s->pairwise_cipher);
440 	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_GROUP, wpa_s->group_cipher);
441 	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_MGMT_GROUP,
442 			 wpa_s->mgmt_group_cipher);
443 
444 	pmksa_cache_clear_current(wpa_s->wpa);
445 }
446 
447 
448 void free_hw_features(struct wpa_supplicant *wpa_s)
449 {
450 	int i;
451 	if (wpa_s->hw.modes == NULL)
452 		return;
453 
454 	for (i = 0; i < wpa_s->hw.num_modes; i++) {
455 		os_free(wpa_s->hw.modes[i].channels);
456 		os_free(wpa_s->hw.modes[i].rates);
457 	}
458 
459 	os_free(wpa_s->hw.modes);
460 	wpa_s->hw.modes = NULL;
461 }
462 
463 
464 static void remove_bss_tmp_disallowed_entry(struct wpa_supplicant *wpa_s,
465 					    struct wpa_bss_tmp_disallowed *bss)
466 {
467 	eloop_cancel_timeout(wpa_bss_tmp_disallow_timeout, wpa_s, bss);
468 	dl_list_del(&bss->list);
469 	os_free(bss);
470 }
471 
472 
473 void free_bss_tmp_disallowed(struct wpa_supplicant *wpa_s)
474 {
475 	struct wpa_bss_tmp_disallowed *bss, *prev;
476 
477 	dl_list_for_each_safe(bss, prev, &wpa_s->bss_tmp_disallowed,
478 			      struct wpa_bss_tmp_disallowed, list)
479 		remove_bss_tmp_disallowed_entry(wpa_s, bss);
480 }
481 
482 
483 void wpas_flush_fils_hlp_req(struct wpa_supplicant *wpa_s)
484 {
485 	struct fils_hlp_req *req;
486 
487 	while ((req = dl_list_first(&wpa_s->fils_hlp_req, struct fils_hlp_req,
488 				    list)) != NULL) {
489 		dl_list_del(&req->list);
490 		wpabuf_free(req->pkt);
491 		os_free(req);
492 	}
493 }
494 
495 
496 void wpas_clear_disabled_interface(void *eloop_ctx, void *timeout_ctx)
497 {
498 	struct wpa_supplicant *wpa_s = eloop_ctx;
499 
500 	if (wpa_s->wpa_state != WPA_INTERFACE_DISABLED)
501 		return;
502 	wpa_dbg(wpa_s, MSG_DEBUG, "Clear cached state on disabled interface");
503 	wpa_bss_flush(wpa_s);
504 }
505 
506 
507 #ifdef CONFIG_TESTING_OPTIONS
508 void wpas_clear_driver_signal_override(struct wpa_supplicant *wpa_s)
509 {
510 	struct driver_signal_override *dso;
511 
512 	while ((dso = dl_list_first(&wpa_s->drv_signal_override,
513 				    struct driver_signal_override, list))) {
514 		dl_list_del(&dso->list);
515 		os_free(dso);
516 	}
517 }
518 #endif /* CONFIG_TESTING_OPTIONS */
519 
520 
521 static void wpa_supplicant_cleanup(struct wpa_supplicant *wpa_s)
522 {
523 	int i;
524 
525 	bgscan_deinit(wpa_s);
526 	autoscan_deinit(wpa_s);
527 	scard_deinit(wpa_s->scard);
528 	wpa_s->scard = NULL;
529 	wpa_sm_set_scard_ctx(wpa_s->wpa, NULL);
530 	eapol_sm_register_scard_ctx(wpa_s->eapol, NULL);
531 	l2_packet_deinit(wpa_s->l2);
532 	wpa_s->l2 = NULL;
533 	if (wpa_s->l2_br) {
534 		l2_packet_deinit(wpa_s->l2_br);
535 		wpa_s->l2_br = NULL;
536 	}
537 #ifdef CONFIG_TESTING_OPTIONS
538 	l2_packet_deinit(wpa_s->l2_test);
539 	wpa_s->l2_test = NULL;
540 	os_free(wpa_s->get_pref_freq_list_override);
541 	wpa_s->get_pref_freq_list_override = NULL;
542 	wpabuf_free(wpa_s->last_assoc_req_wpa_ie);
543 	wpa_s->last_assoc_req_wpa_ie = NULL;
544 	os_free(wpa_s->extra_sae_rejected_groups);
545 	wpa_s->extra_sae_rejected_groups = NULL;
546 	wpabuf_free(wpa_s->rsne_override_eapol);
547 	wpa_s->rsne_override_eapol = NULL;
548 	wpabuf_free(wpa_s->rsnxe_override_assoc);
549 	wpa_s->rsnxe_override_assoc = NULL;
550 	wpabuf_free(wpa_s->rsnxe_override_eapol);
551 	wpa_s->rsnxe_override_eapol = NULL;
552 	wpas_clear_driver_signal_override(wpa_s);
553 #endif /* CONFIG_TESTING_OPTIONS */
554 
555 	if (wpa_s->conf != NULL) {
556 		struct wpa_ssid *ssid;
557 		for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next)
558 			wpas_notify_network_removed(wpa_s, ssid);
559 	}
560 
561 	os_free(wpa_s->confname);
562 	wpa_s->confname = NULL;
563 
564 	os_free(wpa_s->confanother);
565 	wpa_s->confanother = NULL;
566 
567 	os_free(wpa_s->last_con_fail_realm);
568 	wpa_s->last_con_fail_realm = NULL;
569 	wpa_s->last_con_fail_realm_len = 0;
570 
571 	wpa_sm_set_eapol(wpa_s->wpa, NULL);
572 	eapol_sm_deinit(wpa_s->eapol);
573 	wpa_s->eapol = NULL;
574 
575 	rsn_preauth_deinit(wpa_s->wpa);
576 
577 #ifdef CONFIG_TDLS
578 	wpa_tdls_deinit(wpa_s->wpa);
579 #endif /* CONFIG_TDLS */
580 
581 	wmm_ac_clear_saved_tspecs(wpa_s);
582 	pmksa_candidate_free(wpa_s->wpa);
583 	ptksa_cache_deinit(wpa_s->ptksa);
584 	wpa_s->ptksa = NULL;
585 	wpa_sm_deinit(wpa_s->wpa);
586 	wpa_s->wpa = NULL;
587 	wpa_bssid_ignore_clear(wpa_s);
588 
589 #ifdef CONFIG_PASN
590 	wpas_pasn_auth_stop(wpa_s);
591 #endif /* CONFIG_PASN */
592 
593 	wpa_bss_deinit(wpa_s);
594 
595 	wpa_supplicant_cancel_delayed_sched_scan(wpa_s);
596 	wpa_supplicant_cancel_scan(wpa_s);
597 	wpa_supplicant_cancel_auth_timeout(wpa_s);
598 	eloop_cancel_timeout(wpa_supplicant_stop_countermeasures, wpa_s, NULL);
599 #ifdef CONFIG_DELAYED_MIC_ERROR_REPORT
600 	eloop_cancel_timeout(wpa_supplicant_delayed_mic_error_report,
601 			     wpa_s, NULL);
602 #endif /* CONFIG_DELAYED_MIC_ERROR_REPORT */
603 
604 	eloop_cancel_timeout(wpas_network_reenabled, wpa_s, NULL);
605 	eloop_cancel_timeout(wpas_clear_disabled_interface, wpa_s, NULL);
606 
607 	wpas_wps_deinit(wpa_s);
608 
609 	wpabuf_free(wpa_s->pending_eapol_rx);
610 	wpa_s->pending_eapol_rx = NULL;
611 
612 #ifdef CONFIG_IBSS_RSN
613 	ibss_rsn_deinit(wpa_s->ibss_rsn);
614 	wpa_s->ibss_rsn = NULL;
615 #endif /* CONFIG_IBSS_RSN */
616 
617 	sme_deinit(wpa_s);
618 
619 #ifdef CONFIG_AP
620 	wpa_supplicant_ap_deinit(wpa_s);
621 #endif /* CONFIG_AP */
622 
623 	wpas_p2p_deinit(wpa_s);
624 
625 #ifdef CONFIG_OFFCHANNEL
626 	offchannel_deinit(wpa_s);
627 #endif /* CONFIG_OFFCHANNEL */
628 
629 	wpa_supplicant_cancel_sched_scan(wpa_s);
630 
631 	os_free(wpa_s->next_scan_freqs);
632 	wpa_s->next_scan_freqs = NULL;
633 
634 	os_free(wpa_s->manual_scan_freqs);
635 	wpa_s->manual_scan_freqs = NULL;
636 	os_free(wpa_s->select_network_scan_freqs);
637 	wpa_s->select_network_scan_freqs = NULL;
638 
639 	os_free(wpa_s->manual_sched_scan_freqs);
640 	wpa_s->manual_sched_scan_freqs = NULL;
641 
642 	wpas_mac_addr_rand_scan_clear(wpa_s, MAC_ADDR_RAND_ALL);
643 
644 	/*
645 	 * Need to remove any pending gas-query radio work before the
646 	 * gas_query_deinit() call because gas_query::work has not yet been set
647 	 * for works that have not been started. gas_query_free() will be unable
648 	 * to cancel such pending radio works and once the pending gas-query
649 	 * radio work eventually gets removed, the deinit notification call to
650 	 * gas_query_start_cb() would result in dereferencing freed memory.
651 	 */
652 	if (wpa_s->radio)
653 		radio_remove_works(wpa_s, "gas-query", 0);
654 	gas_query_deinit(wpa_s->gas);
655 	wpa_s->gas = NULL;
656 	gas_server_deinit(wpa_s->gas_server);
657 	wpa_s->gas_server = NULL;
658 
659 	free_hw_features(wpa_s);
660 
661 	ieee802_1x_dealloc_kay_sm(wpa_s);
662 
663 	os_free(wpa_s->bssid_filter);
664 	wpa_s->bssid_filter = NULL;
665 
666 	os_free(wpa_s->disallow_aps_bssid);
667 	wpa_s->disallow_aps_bssid = NULL;
668 	os_free(wpa_s->disallow_aps_ssid);
669 	wpa_s->disallow_aps_ssid = NULL;
670 
671 	wnm_bss_keep_alive_deinit(wpa_s);
672 #ifdef CONFIG_WNM
673 	wnm_deallocate_memory(wpa_s);
674 #endif /* CONFIG_WNM */
675 
676 	ext_password_deinit(wpa_s->ext_pw);
677 	wpa_s->ext_pw = NULL;
678 
679 	wpabuf_free(wpa_s->last_gas_resp);
680 	wpa_s->last_gas_resp = NULL;
681 	wpabuf_free(wpa_s->prev_gas_resp);
682 	wpa_s->prev_gas_resp = NULL;
683 
684 	os_free(wpa_s->last_scan_res);
685 	wpa_s->last_scan_res = NULL;
686 
687 #ifdef CONFIG_HS20
688 	if (wpa_s->drv_priv)
689 		wpa_drv_configure_frame_filters(wpa_s, 0);
690 	hs20_deinit(wpa_s);
691 #endif /* CONFIG_HS20 */
692 
693 	for (i = 0; i < NUM_VENDOR_ELEM_FRAMES; i++) {
694 		wpabuf_free(wpa_s->vendor_elem[i]);
695 		wpa_s->vendor_elem[i] = NULL;
696 	}
697 
698 	wmm_ac_notify_disassoc(wpa_s);
699 
700 	wpa_s->sched_scan_plans_num = 0;
701 	os_free(wpa_s->sched_scan_plans);
702 	wpa_s->sched_scan_plans = NULL;
703 
704 #ifdef CONFIG_MBO
705 	wpa_s->non_pref_chan_num = 0;
706 	os_free(wpa_s->non_pref_chan);
707 	wpa_s->non_pref_chan = NULL;
708 #endif /* CONFIG_MBO */
709 
710 	free_bss_tmp_disallowed(wpa_s);
711 
712 	wpabuf_free(wpa_s->lci);
713 	wpa_s->lci = NULL;
714 	wpas_clear_beacon_rep_data(wpa_s);
715 
716 #ifdef CONFIG_PMKSA_CACHE_EXTERNAL
717 #ifdef CONFIG_MESH
718 	{
719 		struct external_pmksa_cache *entry;
720 
721 		while ((entry = dl_list_last(&wpa_s->mesh_external_pmksa_cache,
722 					     struct external_pmksa_cache,
723 					     list)) != NULL) {
724 			dl_list_del(&entry->list);
725 			os_free(entry->pmksa_cache);
726 			os_free(entry);
727 		}
728 	}
729 #endif /* CONFIG_MESH */
730 #endif /* CONFIG_PMKSA_CACHE_EXTERNAL */
731 
732 	wpas_flush_fils_hlp_req(wpa_s);
733 
734 	wpabuf_free(wpa_s->ric_ies);
735 	wpa_s->ric_ies = NULL;
736 
737 #ifdef CONFIG_DPP
738 	wpas_dpp_deinit(wpa_s);
739 	dpp_global_deinit(wpa_s->dpp);
740 	wpa_s->dpp = NULL;
741 #endif /* CONFIG_DPP */
742 
743 #ifdef CONFIG_PASN
744 	wpas_pasn_auth_stop(wpa_s);
745 #endif /* CONFIG_PASN */
746 	wpas_scs_deinit(wpa_s);
747 	wpas_dscp_deinit(wpa_s);
748 }
749 
750 
751 /**
752  * wpa_clear_keys - Clear keys configured for the driver
753  * @wpa_s: Pointer to wpa_supplicant data
754  * @addr: Previously used BSSID or %NULL if not available
755  *
756  * This function clears the encryption keys that has been previously configured
757  * for the driver.
758  */
759 void wpa_clear_keys(struct wpa_supplicant *wpa_s, const u8 *addr)
760 {
761 	int i, max = 6;
762 
763 	/* MLME-DELETEKEYS.request */
764 	for (i = 0; i < max; i++) {
765 		if (wpa_s->keys_cleared & BIT(i))
766 			continue;
767 		wpa_drv_set_key(wpa_s, WPA_ALG_NONE, NULL, i, 0, NULL, 0,
768 				NULL, 0, KEY_FLAG_GROUP);
769 	}
770 	/* Pairwise Key ID 1 for Extended Key ID is tracked in bit 15 */
771 	if (~wpa_s->keys_cleared & (BIT(0) | BIT(15)) && addr &&
772 	    !is_zero_ether_addr(addr)) {
773 		if (!(wpa_s->keys_cleared & BIT(0)))
774 			wpa_drv_set_key(wpa_s, WPA_ALG_NONE, addr, 0, 0, NULL,
775 					0, NULL, 0, KEY_FLAG_PAIRWISE);
776 		if (!(wpa_s->keys_cleared & BIT(15)))
777 			wpa_drv_set_key(wpa_s, WPA_ALG_NONE, addr, 1, 0, NULL,
778 					0, NULL, 0, KEY_FLAG_PAIRWISE);
779 		/* MLME-SETPROTECTION.request(None) */
780 		wpa_drv_mlme_setprotection(
781 			wpa_s, addr,
782 			MLME_SETPROTECTION_PROTECT_TYPE_NONE,
783 			MLME_SETPROTECTION_KEY_TYPE_PAIRWISE);
784 	}
785 	wpa_s->keys_cleared = (u32) -1;
786 }
787 
788 
789 /**
790  * wpa_supplicant_state_txt - Get the connection state name as a text string
791  * @state: State (wpa_state; WPA_*)
792  * Returns: The state name as a printable text string
793  */
794 const char * wpa_supplicant_state_txt(enum wpa_states state)
795 {
796 	switch (state) {
797 	case WPA_DISCONNECTED:
798 		return "DISCONNECTED";
799 	case WPA_INACTIVE:
800 		return "INACTIVE";
801 	case WPA_INTERFACE_DISABLED:
802 		return "INTERFACE_DISABLED";
803 	case WPA_SCANNING:
804 		return "SCANNING";
805 	case WPA_AUTHENTICATING:
806 		return "AUTHENTICATING";
807 	case WPA_ASSOCIATING:
808 		return "ASSOCIATING";
809 	case WPA_ASSOCIATED:
810 		return "ASSOCIATED";
811 	case WPA_4WAY_HANDSHAKE:
812 		return "4WAY_HANDSHAKE";
813 	case WPA_GROUP_HANDSHAKE:
814 		return "GROUP_HANDSHAKE";
815 	case WPA_COMPLETED:
816 		return "COMPLETED";
817 	default:
818 		return "UNKNOWN";
819 	}
820 }
821 
822 
823 #ifdef CONFIG_BGSCAN
824 
825 static void wpa_supplicant_stop_bgscan(struct wpa_supplicant *wpa_s)
826 {
827 	if (wpa_s->bgscan_ssid) {
828 		bgscan_deinit(wpa_s);
829 		wpa_s->bgscan_ssid = NULL;
830 	}
831 }
832 
833 
834 /**
835  * wpa_supplicant_reset_bgscan - Reset the bgscan for the current SSID.
836  * @wpa_s: Pointer to the wpa_supplicant data
837  *
838  * Stop, start, or reconfigure the scan parameters depending on the method.
839  */
840 void wpa_supplicant_reset_bgscan(struct wpa_supplicant *wpa_s)
841 {
842 	const char *name;
843 
844 	if (wpa_s->current_ssid && wpa_s->current_ssid->bgscan)
845 		name = wpa_s->current_ssid->bgscan;
846 	else
847 		name = wpa_s->conf->bgscan;
848 	if (!name || name[0] == '\0') {
849 		wpa_supplicant_stop_bgscan(wpa_s);
850 		return;
851 	}
852 	if (wpas_driver_bss_selection(wpa_s))
853 		return;
854 #ifdef CONFIG_P2P
855 	if (wpa_s->p2p_group_interface != NOT_P2P_GROUP_INTERFACE)
856 		return;
857 #endif /* CONFIG_P2P */
858 
859 	bgscan_deinit(wpa_s);
860 	if (wpa_s->current_ssid) {
861 		if (bgscan_init(wpa_s, wpa_s->current_ssid, name)) {
862 			wpa_dbg(wpa_s, MSG_DEBUG, "Failed to initialize "
863 				"bgscan");
864 			/*
865 			 * Live without bgscan; it is only used as a roaming
866 			 * optimization, so the initial connection is not
867 			 * affected.
868 			 */
869 		} else {
870 			struct wpa_scan_results *scan_res;
871 			wpa_s->bgscan_ssid = wpa_s->current_ssid;
872 			scan_res = wpa_supplicant_get_scan_results(wpa_s, NULL,
873 								   0);
874 			if (scan_res) {
875 				bgscan_notify_scan(wpa_s, scan_res);
876 				wpa_scan_results_free(scan_res);
877 			}
878 		}
879 	} else
880 		wpa_s->bgscan_ssid = NULL;
881 }
882 
883 #endif /* CONFIG_BGSCAN */
884 
885 
886 static void wpa_supplicant_start_autoscan(struct wpa_supplicant *wpa_s)
887 {
888 	if (autoscan_init(wpa_s, 0))
889 		wpa_dbg(wpa_s, MSG_DEBUG, "Failed to initialize autoscan");
890 }
891 
892 
893 static void wpa_supplicant_stop_autoscan(struct wpa_supplicant *wpa_s)
894 {
895 	autoscan_deinit(wpa_s);
896 }
897 
898 
899 void wpa_supplicant_reinit_autoscan(struct wpa_supplicant *wpa_s)
900 {
901 	if (wpa_s->wpa_state == WPA_DISCONNECTED ||
902 	    wpa_s->wpa_state == WPA_SCANNING) {
903 		autoscan_deinit(wpa_s);
904 		wpa_supplicant_start_autoscan(wpa_s);
905 	}
906 }
907 
908 
909 /**
910  * wpa_supplicant_set_state - Set current connection state
911  * @wpa_s: Pointer to wpa_supplicant data
912  * @state: The new connection state
913  *
914  * This function is called whenever the connection state changes, e.g.,
915  * association is completed for WPA/WPA2 4-Way Handshake is started.
916  */
917 void wpa_supplicant_set_state(struct wpa_supplicant *wpa_s,
918 			      enum wpa_states state)
919 {
920 	enum wpa_states old_state = wpa_s->wpa_state;
921 #if defined(CONFIG_FILS) && defined(IEEE8021X_EAPOL)
922 	bool update_fils_connect_params = false;
923 #endif /* CONFIG_FILS && IEEE8021X_EAPOL */
924 
925 	wpa_dbg(wpa_s, MSG_DEBUG, "State: %s -> %s",
926 		wpa_supplicant_state_txt(wpa_s->wpa_state),
927 		wpa_supplicant_state_txt(state));
928 
929 	if (state == WPA_COMPLETED &&
930 	    os_reltime_initialized(&wpa_s->roam_start)) {
931 		os_reltime_age(&wpa_s->roam_start, &wpa_s->roam_time);
932 		wpa_s->roam_start.sec = 0;
933 		wpa_s->roam_start.usec = 0;
934 		wpas_notify_auth_changed(wpa_s);
935 		wpas_notify_roam_time(wpa_s);
936 		wpas_notify_roam_complete(wpa_s);
937 	} else if (state == WPA_DISCONNECTED &&
938 		   os_reltime_initialized(&wpa_s->roam_start)) {
939 		wpa_s->roam_start.sec = 0;
940 		wpa_s->roam_start.usec = 0;
941 		wpa_s->roam_time.sec = 0;
942 		wpa_s->roam_time.usec = 0;
943 		wpas_notify_roam_complete(wpa_s);
944 	}
945 
946 	if (state == WPA_INTERFACE_DISABLED) {
947 		/* Assure normal scan when interface is restored */
948 		wpa_s->normal_scans = 0;
949 	}
950 
951 	if (state == WPA_COMPLETED) {
952 		wpas_connect_work_done(wpa_s);
953 		/* Reinitialize normal_scan counter */
954 		wpa_s->normal_scans = 0;
955 	}
956 
957 #ifdef CONFIG_P2P
958 	/*
959 	 * P2PS client has to reply to Probe Request frames received on the
960 	 * group operating channel. Enable Probe Request frame reporting for
961 	 * P2P connected client in case p2p_cli_probe configuration property is
962 	 * set to 1.
963 	 */
964 	if (wpa_s->conf->p2p_cli_probe && wpa_s->current_ssid &&
965 	    wpa_s->current_ssid->mode == WPAS_MODE_INFRA &&
966 	    wpa_s->current_ssid->p2p_group) {
967 		if (state == WPA_COMPLETED && !wpa_s->p2p_cli_probe) {
968 			wpa_dbg(wpa_s, MSG_DEBUG,
969 				"P2P: Enable CLI Probe Request RX reporting");
970 			wpa_s->p2p_cli_probe =
971 				wpa_drv_probe_req_report(wpa_s, 1) >= 0;
972 		} else if (state != WPA_COMPLETED && wpa_s->p2p_cli_probe) {
973 			wpa_dbg(wpa_s, MSG_DEBUG,
974 				"P2P: Disable CLI Probe Request RX reporting");
975 			wpa_s->p2p_cli_probe = 0;
976 			wpa_drv_probe_req_report(wpa_s, 0);
977 		}
978 	}
979 #endif /* CONFIG_P2P */
980 
981 	if (state != WPA_SCANNING)
982 		wpa_supplicant_notify_scanning(wpa_s, 0);
983 
984 	if (state == WPA_COMPLETED && wpa_s->new_connection) {
985 		struct wpa_ssid *ssid = wpa_s->current_ssid;
986 		int fils_hlp_sent = 0;
987 
988 #ifdef CONFIG_SME
989 		if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME) &&
990 		    wpa_auth_alg_fils(wpa_s->sme.auth_alg))
991 			fils_hlp_sent = 1;
992 #endif /* CONFIG_SME */
993 		if (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME) &&
994 		    wpa_auth_alg_fils(wpa_s->auth_alg))
995 			fils_hlp_sent = 1;
996 
997 #if defined(CONFIG_CTRL_IFACE) || !defined(CONFIG_NO_STDOUT_DEBUG)
998 		wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_CONNECTED "- Connection to "
999 			MACSTR " completed [id=%d id_str=%s%s]",
1000 			MAC2STR(wpa_s->bssid),
1001 			ssid ? ssid->id : -1,
1002 			ssid && ssid->id_str ? ssid->id_str : "",
1003 			fils_hlp_sent ? " FILS_HLP_SENT" : "");
1004 #endif /* CONFIG_CTRL_IFACE || !CONFIG_NO_STDOUT_DEBUG */
1005 		wpas_clear_temp_disabled(wpa_s, ssid, 1);
1006 		wpa_s->consecutive_conn_failures = 0;
1007 		wpa_s->new_connection = 0;
1008 		wpa_drv_set_operstate(wpa_s, 1);
1009 #ifndef IEEE8021X_EAPOL
1010 		wpa_drv_set_supp_port(wpa_s, 1);
1011 #endif /* IEEE8021X_EAPOL */
1012 		wpa_s->after_wps = 0;
1013 		wpa_s->known_wps_freq = 0;
1014 		wpas_p2p_completed(wpa_s);
1015 
1016 		sme_sched_obss_scan(wpa_s, 1);
1017 
1018 #if defined(CONFIG_FILS) && defined(IEEE8021X_EAPOL)
1019 		if (!fils_hlp_sent && ssid && ssid->eap.erp)
1020 			update_fils_connect_params = true;
1021 #endif /* CONFIG_FILS && IEEE8021X_EAPOL */
1022 #ifdef CONFIG_OWE
1023 		if (ssid && (ssid->key_mgmt & WPA_KEY_MGMT_OWE))
1024 			wpas_update_owe_connect_params(wpa_s);
1025 #endif /* CONFIG_OWE */
1026 	} else if (state == WPA_DISCONNECTED || state == WPA_ASSOCIATING ||
1027 		   state == WPA_ASSOCIATED) {
1028 		wpa_s->new_connection = 1;
1029 		wpa_drv_set_operstate(wpa_s, 0);
1030 #ifndef IEEE8021X_EAPOL
1031 		wpa_drv_set_supp_port(wpa_s, 0);
1032 #endif /* IEEE8021X_EAPOL */
1033 		sme_sched_obss_scan(wpa_s, 0);
1034 	}
1035 	wpa_s->wpa_state = state;
1036 
1037 #ifdef CONFIG_BGSCAN
1038 	if (state == WPA_COMPLETED && wpa_s->current_ssid != wpa_s->bgscan_ssid)
1039 		wpa_supplicant_reset_bgscan(wpa_s);
1040 	else if (state < WPA_ASSOCIATED)
1041 		wpa_supplicant_stop_bgscan(wpa_s);
1042 #endif /* CONFIG_BGSCAN */
1043 
1044 	if (state > WPA_SCANNING)
1045 		wpa_supplicant_stop_autoscan(wpa_s);
1046 
1047 	if (state == WPA_DISCONNECTED || state == WPA_INACTIVE)
1048 		wpa_supplicant_start_autoscan(wpa_s);
1049 
1050 	if (old_state >= WPA_ASSOCIATED && wpa_s->wpa_state < WPA_ASSOCIATED)
1051 		wmm_ac_notify_disassoc(wpa_s);
1052 
1053 	if (wpa_s->wpa_state != old_state) {
1054 		wpas_notify_state_changed(wpa_s, wpa_s->wpa_state, old_state);
1055 
1056 		/*
1057 		 * Notify the P2P Device interface about a state change in one
1058 		 * of the interfaces.
1059 		 */
1060 		wpas_p2p_indicate_state_change(wpa_s);
1061 
1062 		if (wpa_s->wpa_state == WPA_COMPLETED ||
1063 		    old_state == WPA_COMPLETED)
1064 			wpas_notify_auth_changed(wpa_s);
1065 #ifdef CONFIG_DPP2
1066 		if (wpa_s->wpa_state == WPA_COMPLETED)
1067 			wpas_dpp_connected(wpa_s);
1068 #endif /* CONFIG_DPP2 */
1069 	}
1070 #if defined(CONFIG_FILS) && defined(IEEE8021X_EAPOL)
1071 	if (update_fils_connect_params)
1072 		wpas_update_fils_connect_params(wpa_s);
1073 #endif /* CONFIG_FILS && IEEE8021X_EAPOL */
1074 }
1075 
1076 
1077 void wpa_supplicant_terminate_proc(struct wpa_global *global)
1078 {
1079 	int pending = 0;
1080 #ifdef CONFIG_WPS
1081 	struct wpa_supplicant *wpa_s = global->ifaces;
1082 	while (wpa_s) {
1083 		struct wpa_supplicant *next = wpa_s->next;
1084 		if (wpas_wps_terminate_pending(wpa_s) == 1)
1085 			pending = 1;
1086 #ifdef CONFIG_P2P
1087 		if (wpa_s->p2p_group_interface != NOT_P2P_GROUP_INTERFACE ||
1088 		    (wpa_s->current_ssid && wpa_s->current_ssid->p2p_group))
1089 			wpas_p2p_disconnect(wpa_s);
1090 #endif /* CONFIG_P2P */
1091 		wpa_s = next;
1092 	}
1093 #endif /* CONFIG_WPS */
1094 	if (pending)
1095 		return;
1096 	eloop_terminate();
1097 }
1098 
1099 
1100 static void wpa_supplicant_terminate(int sig, void *signal_ctx)
1101 {
1102 	struct wpa_global *global = signal_ctx;
1103 	wpa_supplicant_terminate_proc(global);
1104 }
1105 
1106 
1107 void wpa_supplicant_clear_status(struct wpa_supplicant *wpa_s)
1108 {
1109 	enum wpa_states old_state = wpa_s->wpa_state;
1110 	enum wpa_states new_state;
1111 
1112 	if (old_state == WPA_SCANNING)
1113 		new_state = WPA_SCANNING;
1114 	else
1115 		new_state = WPA_DISCONNECTED;
1116 
1117 	wpa_s->pairwise_cipher = 0;
1118 	wpa_s->group_cipher = 0;
1119 	wpa_s->mgmt_group_cipher = 0;
1120 	wpa_s->key_mgmt = 0;
1121 	if (wpa_s->wpa_state != WPA_INTERFACE_DISABLED)
1122 		wpa_supplicant_set_state(wpa_s, new_state);
1123 
1124 	if (wpa_s->wpa_state != old_state)
1125 		wpas_notify_state_changed(wpa_s, wpa_s->wpa_state, old_state);
1126 }
1127 
1128 
1129 /**
1130  * wpa_supplicant_reload_configuration - Reload configuration data
1131  * @wpa_s: Pointer to wpa_supplicant data
1132  * Returns: 0 on success or -1 if configuration parsing failed
1133  *
1134  * This function can be used to request that the configuration data is reloaded
1135  * (e.g., after configuration file change). This function is reloading
1136  * configuration only for one interface, so this may need to be called multiple
1137  * times if %wpa_supplicant is controlling multiple interfaces and all
1138  * interfaces need reconfiguration.
1139  */
1140 int wpa_supplicant_reload_configuration(struct wpa_supplicant *wpa_s)
1141 {
1142 	struct wpa_config *conf;
1143 	int reconf_ctrl;
1144 	int old_ap_scan;
1145 
1146 	if (wpa_s->confname == NULL)
1147 		return -1;
1148 	conf = wpa_config_read(wpa_s->confname, NULL);
1149 	if (conf == NULL) {
1150 		wpa_msg(wpa_s, MSG_ERROR, "Failed to parse the configuration "
1151 			"file '%s' - exiting", wpa_s->confname);
1152 		return -1;
1153 	}
1154 	if (wpa_s->confanother &&
1155 	    !wpa_config_read(wpa_s->confanother, conf)) {
1156 		wpa_msg(wpa_s, MSG_ERROR,
1157 			"Failed to parse the configuration file '%s' - exiting",
1158 			wpa_s->confanother);
1159 		return -1;
1160 	}
1161 
1162 	conf->changed_parameters = (unsigned int) -1;
1163 
1164 	reconf_ctrl = !!conf->ctrl_interface != !!wpa_s->conf->ctrl_interface
1165 		|| (conf->ctrl_interface && wpa_s->conf->ctrl_interface &&
1166 		    os_strcmp(conf->ctrl_interface,
1167 			      wpa_s->conf->ctrl_interface) != 0);
1168 
1169 	if (reconf_ctrl) {
1170 		wpa_supplicant_ctrl_iface_deinit(wpa_s, wpa_s->ctrl_iface);
1171 		wpa_s->ctrl_iface = NULL;
1172 	}
1173 
1174 	eapol_sm_invalidate_cached_session(wpa_s->eapol);
1175 	if (wpa_s->current_ssid) {
1176 		if (wpa_s->wpa_state >= WPA_AUTHENTICATING)
1177 			wpa_s->own_disconnect_req = 1;
1178 		wpa_supplicant_deauthenticate(wpa_s,
1179 					      WLAN_REASON_DEAUTH_LEAVING);
1180 	}
1181 
1182 	/*
1183 	 * TODO: should notify EAPOL SM about changes in opensc_engine_path,
1184 	 * pkcs11_engine_path, pkcs11_module_path, openssl_ciphers.
1185 	 */
1186 	if (wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt) ||
1187 	    wpa_s->key_mgmt == WPA_KEY_MGMT_OWE ||
1188 	    wpa_s->key_mgmt == WPA_KEY_MGMT_DPP) {
1189 		/*
1190 		 * Clear forced success to clear EAP state for next
1191 		 * authentication.
1192 		 */
1193 		eapol_sm_notify_eap_success(wpa_s->eapol, false);
1194 	}
1195 	eapol_sm_notify_config(wpa_s->eapol, NULL, NULL);
1196 	wpa_sm_set_config(wpa_s->wpa, NULL);
1197 	wpa_sm_pmksa_cache_flush(wpa_s->wpa, NULL);
1198 	wpa_sm_set_fast_reauth(wpa_s->wpa, wpa_s->conf->fast_reauth);
1199 	rsn_preauth_deinit(wpa_s->wpa);
1200 
1201 	old_ap_scan = wpa_s->conf->ap_scan;
1202 	wpa_config_free(wpa_s->conf);
1203 	wpa_s->conf = conf;
1204 	if (old_ap_scan != wpa_s->conf->ap_scan)
1205 		wpas_notify_ap_scan_changed(wpa_s);
1206 
1207 	if (reconf_ctrl)
1208 		wpa_s->ctrl_iface = wpa_supplicant_ctrl_iface_init(wpa_s);
1209 
1210 	wpa_supplicant_update_config(wpa_s);
1211 
1212 	wpa_supplicant_clear_status(wpa_s);
1213 	if (wpa_supplicant_enabled_networks(wpa_s)) {
1214 		wpa_s->reassociate = 1;
1215 		wpa_supplicant_req_scan(wpa_s, 0, 0);
1216 	}
1217 	wpa_bssid_ignore_clear(wpa_s);
1218 	wpa_dbg(wpa_s, MSG_DEBUG, "Reconfiguration completed");
1219 	return 0;
1220 }
1221 
1222 
1223 static void wpa_supplicant_reconfig(int sig, void *signal_ctx)
1224 {
1225 	struct wpa_global *global = signal_ctx;
1226 	struct wpa_supplicant *wpa_s;
1227 	for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next) {
1228 		wpa_dbg(wpa_s, MSG_DEBUG, "Signal %d received - reconfiguring",
1229 			sig);
1230 		if (wpa_supplicant_reload_configuration(wpa_s) < 0) {
1231 			wpa_supplicant_terminate_proc(global);
1232 		}
1233 	}
1234 
1235 	if (wpa_debug_reopen_file() < 0) {
1236 		/* Ignore errors since we cannot really do much to fix this */
1237 		wpa_printf(MSG_DEBUG, "Could not reopen debug log file");
1238 	}
1239 }
1240 
1241 
1242 static int wpa_supplicant_suites_from_ai(struct wpa_supplicant *wpa_s,
1243 					 struct wpa_ssid *ssid,
1244 					 struct wpa_ie_data *ie)
1245 {
1246 	int ret = wpa_sm_parse_own_wpa_ie(wpa_s->wpa, ie);
1247 	if (ret) {
1248 		if (ret == -2) {
1249 			wpa_msg(wpa_s, MSG_INFO, "WPA: Failed to parse WPA IE "
1250 				"from association info");
1251 		}
1252 		return -1;
1253 	}
1254 
1255 	wpa_dbg(wpa_s, MSG_DEBUG, "WPA: Using WPA IE from AssocReq to set "
1256 		"cipher suites");
1257 	if (!(ie->group_cipher & ssid->group_cipher)) {
1258 		wpa_msg(wpa_s, MSG_INFO, "WPA: Driver used disabled group "
1259 			"cipher 0x%x (mask 0x%x) - reject",
1260 			ie->group_cipher, ssid->group_cipher);
1261 		return -1;
1262 	}
1263 	if (!(ie->pairwise_cipher & ssid->pairwise_cipher)) {
1264 		wpa_msg(wpa_s, MSG_INFO, "WPA: Driver used disabled pairwise "
1265 			"cipher 0x%x (mask 0x%x) - reject",
1266 			ie->pairwise_cipher, ssid->pairwise_cipher);
1267 		return -1;
1268 	}
1269 	if (!(ie->key_mgmt & ssid->key_mgmt)) {
1270 		wpa_msg(wpa_s, MSG_INFO, "WPA: Driver used disabled key "
1271 			"management 0x%x (mask 0x%x) - reject",
1272 			ie->key_mgmt, ssid->key_mgmt);
1273 		return -1;
1274 	}
1275 
1276 	if (!(ie->capabilities & WPA_CAPABILITY_MFPC) &&
1277 	    wpas_get_ssid_pmf(wpa_s, ssid) == MGMT_FRAME_PROTECTION_REQUIRED) {
1278 		wpa_msg(wpa_s, MSG_INFO, "WPA: Driver associated with an AP "
1279 			"that does not support management frame protection - "
1280 			"reject");
1281 		return -1;
1282 	}
1283 
1284 	return 0;
1285 }
1286 
1287 
1288 static int matching_ciphers(struct wpa_ssid *ssid, struct wpa_ie_data *ie,
1289 			    int freq)
1290 {
1291 	if (!ie->has_group)
1292 		ie->group_cipher = wpa_default_rsn_cipher(freq);
1293 	if (!ie->has_pairwise)
1294 		ie->pairwise_cipher = wpa_default_rsn_cipher(freq);
1295 	return (ie->group_cipher & ssid->group_cipher) &&
1296 		(ie->pairwise_cipher & ssid->pairwise_cipher);
1297 }
1298 
1299 
1300 void wpas_set_mgmt_group_cipher(struct wpa_supplicant *wpa_s,
1301 				struct wpa_ssid *ssid, struct wpa_ie_data *ie)
1302 {
1303 	int sel;
1304 
1305 	sel = ie->mgmt_group_cipher;
1306 	if (ssid->group_mgmt_cipher)
1307 		sel &= ssid->group_mgmt_cipher;
1308 	if (wpas_get_ssid_pmf(wpa_s, ssid) == NO_MGMT_FRAME_PROTECTION ||
1309 	    !(ie->capabilities & WPA_CAPABILITY_MFPC))
1310 		sel = 0;
1311 	wpa_dbg(wpa_s, MSG_DEBUG,
1312 		"WPA: AP mgmt_group_cipher 0x%x network profile mgmt_group_cipher 0x%x; available mgmt_group_cipher 0x%x",
1313 		ie->mgmt_group_cipher, ssid->group_mgmt_cipher, sel);
1314 	if (sel & WPA_CIPHER_AES_128_CMAC) {
1315 		wpa_s->mgmt_group_cipher = WPA_CIPHER_AES_128_CMAC;
1316 		wpa_dbg(wpa_s, MSG_DEBUG,
1317 			"WPA: using MGMT group cipher AES-128-CMAC");
1318 	} else if (sel & WPA_CIPHER_BIP_GMAC_128) {
1319 		wpa_s->mgmt_group_cipher = WPA_CIPHER_BIP_GMAC_128;
1320 		wpa_dbg(wpa_s, MSG_DEBUG,
1321 			"WPA: using MGMT group cipher BIP-GMAC-128");
1322 	} else if (sel & WPA_CIPHER_BIP_GMAC_256) {
1323 		wpa_s->mgmt_group_cipher = WPA_CIPHER_BIP_GMAC_256;
1324 		wpa_dbg(wpa_s, MSG_DEBUG,
1325 			"WPA: using MGMT group cipher BIP-GMAC-256");
1326 	} else if (sel & WPA_CIPHER_BIP_CMAC_256) {
1327 		wpa_s->mgmt_group_cipher = WPA_CIPHER_BIP_CMAC_256;
1328 		wpa_dbg(wpa_s, MSG_DEBUG,
1329 			"WPA: using MGMT group cipher BIP-CMAC-256");
1330 	} else {
1331 		wpa_s->mgmt_group_cipher = 0;
1332 		wpa_dbg(wpa_s, MSG_DEBUG, "WPA: not using MGMT group cipher");
1333 	}
1334 	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_MGMT_GROUP,
1335 			 wpa_s->mgmt_group_cipher);
1336 	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_MFP,
1337 			 wpas_get_ssid_pmf(wpa_s, ssid));
1338 }
1339 
1340 
1341 /**
1342  * wpa_supplicant_set_suites - Set authentication and encryption parameters
1343  * @wpa_s: Pointer to wpa_supplicant data
1344  * @bss: Scan results for the selected BSS, or %NULL if not available
1345  * @ssid: Configuration data for the selected network
1346  * @wpa_ie: Buffer for the WPA/RSN IE
1347  * @wpa_ie_len: Maximum wpa_ie buffer size on input. This is changed to be the
1348  * used buffer length in case the functions returns success.
1349  * Returns: 0 on success or -1 on failure
1350  *
1351  * This function is used to configure authentication and encryption parameters
1352  * based on the network configuration and scan result for the selected BSS (if
1353  * available).
1354  */
1355 int wpa_supplicant_set_suites(struct wpa_supplicant *wpa_s,
1356 			      struct wpa_bss *bss, struct wpa_ssid *ssid,
1357 			      u8 *wpa_ie, size_t *wpa_ie_len)
1358 {
1359 	struct wpa_ie_data ie;
1360 	int sel, proto, sae_pwe;
1361 	const u8 *bss_wpa, *bss_rsn, *bss_rsnx, *bss_osen;
1362 
1363 	if (bss) {
1364 		bss_wpa = wpa_bss_get_vendor_ie(bss, WPA_IE_VENDOR_TYPE);
1365 		bss_rsn = wpa_bss_get_ie(bss, WLAN_EID_RSN);
1366 		bss_rsnx = wpa_bss_get_ie(bss, WLAN_EID_RSNX);
1367 		bss_osen = wpa_bss_get_vendor_ie(bss, OSEN_IE_VENDOR_TYPE);
1368 	} else {
1369 		bss_wpa = bss_rsn = bss_rsnx = bss_osen = NULL;
1370 	}
1371 
1372 	if (bss_rsn && (ssid->proto & WPA_PROTO_RSN) &&
1373 	    wpa_parse_wpa_ie(bss_rsn, 2 + bss_rsn[1], &ie) == 0 &&
1374 	    matching_ciphers(ssid, &ie, bss->freq) &&
1375 	    (ie.key_mgmt & ssid->key_mgmt)) {
1376 		wpa_dbg(wpa_s, MSG_DEBUG, "RSN: using IEEE 802.11i/D9.0");
1377 		proto = WPA_PROTO_RSN;
1378 	} else if (bss_wpa && (ssid->proto & WPA_PROTO_WPA) &&
1379 		   wpa_parse_wpa_ie(bss_wpa, 2 + bss_wpa[1], &ie) == 0 &&
1380 		   (ie.group_cipher & ssid->group_cipher) &&
1381 		   (ie.pairwise_cipher & ssid->pairwise_cipher) &&
1382 		   (ie.key_mgmt & ssid->key_mgmt)) {
1383 		wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using IEEE 802.11i/D3.0");
1384 		proto = WPA_PROTO_WPA;
1385 #ifdef CONFIG_HS20
1386 	} else if (bss_osen && (ssid->proto & WPA_PROTO_OSEN) &&
1387 		   wpa_parse_wpa_ie(bss_osen, 2 + bss_osen[1], &ie) == 0 &&
1388 		   (ie.group_cipher & ssid->group_cipher) &&
1389 		   (ie.pairwise_cipher & ssid->pairwise_cipher) &&
1390 		   (ie.key_mgmt & ssid->key_mgmt)) {
1391 		wpa_dbg(wpa_s, MSG_DEBUG, "HS 2.0: using OSEN");
1392 		proto = WPA_PROTO_OSEN;
1393 	} else if (bss_rsn && (ssid->proto & WPA_PROTO_OSEN) &&
1394 	    wpa_parse_wpa_ie(bss_rsn, 2 + bss_rsn[1], &ie) == 0 &&
1395 	    (ie.group_cipher & ssid->group_cipher) &&
1396 	    (ie.pairwise_cipher & ssid->pairwise_cipher) &&
1397 	    (ie.key_mgmt & ssid->key_mgmt)) {
1398 		wpa_dbg(wpa_s, MSG_DEBUG, "RSN: using OSEN (within RSN)");
1399 		proto = WPA_PROTO_RSN;
1400 #endif /* CONFIG_HS20 */
1401 	} else if (bss) {
1402 		wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to select WPA/RSN");
1403 		wpa_dbg(wpa_s, MSG_DEBUG,
1404 			"WPA: ssid proto=0x%x pairwise_cipher=0x%x group_cipher=0x%x key_mgmt=0x%x",
1405 			ssid->proto, ssid->pairwise_cipher, ssid->group_cipher,
1406 			ssid->key_mgmt);
1407 		wpa_dbg(wpa_s, MSG_DEBUG, "WPA: BSS " MACSTR " ssid='%s'%s%s%s",
1408 			MAC2STR(bss->bssid),
1409 			wpa_ssid_txt(bss->ssid, bss->ssid_len),
1410 			bss_wpa ? " WPA" : "",
1411 			bss_rsn ? " RSN" : "",
1412 			bss_osen ? " OSEN" : "");
1413 		if (bss_rsn) {
1414 			wpa_hexdump(MSG_DEBUG, "RSN", bss_rsn, 2 + bss_rsn[1]);
1415 			if (wpa_parse_wpa_ie(bss_rsn, 2 + bss_rsn[1], &ie)) {
1416 				wpa_dbg(wpa_s, MSG_DEBUG,
1417 					"Could not parse RSN element");
1418 			} else {
1419 				wpa_dbg(wpa_s, MSG_DEBUG,
1420 					"RSN: pairwise_cipher=0x%x group_cipher=0x%x key_mgmt=0x%x",
1421 					ie.pairwise_cipher, ie.group_cipher,
1422 					ie.key_mgmt);
1423 			}
1424 		}
1425 		if (bss_wpa) {
1426 			wpa_hexdump(MSG_DEBUG, "WPA", bss_wpa, 2 + bss_wpa[1]);
1427 			if (wpa_parse_wpa_ie(bss_wpa, 2 + bss_wpa[1], &ie)) {
1428 				wpa_dbg(wpa_s, MSG_DEBUG,
1429 					"Could not parse WPA element");
1430 			} else {
1431 				wpa_dbg(wpa_s, MSG_DEBUG,
1432 					"WPA: pairwise_cipher=0x%x group_cipher=0x%x key_mgmt=0x%x",
1433 					ie.pairwise_cipher, ie.group_cipher,
1434 					ie.key_mgmt);
1435 			}
1436 		}
1437 		return -1;
1438 	} else {
1439 		if (ssid->proto & WPA_PROTO_OSEN)
1440 			proto = WPA_PROTO_OSEN;
1441 		else if (ssid->proto & WPA_PROTO_RSN)
1442 			proto = WPA_PROTO_RSN;
1443 		else
1444 			proto = WPA_PROTO_WPA;
1445 		if (wpa_supplicant_suites_from_ai(wpa_s, ssid, &ie) < 0) {
1446 			os_memset(&ie, 0, sizeof(ie));
1447 			ie.group_cipher = ssid->group_cipher;
1448 			ie.pairwise_cipher = ssid->pairwise_cipher;
1449 			ie.key_mgmt = ssid->key_mgmt;
1450 			ie.mgmt_group_cipher = 0;
1451 			if (ssid->ieee80211w != NO_MGMT_FRAME_PROTECTION) {
1452 				if (ssid->group_mgmt_cipher &
1453 				    WPA_CIPHER_BIP_GMAC_256)
1454 					ie.mgmt_group_cipher =
1455 						WPA_CIPHER_BIP_GMAC_256;
1456 				else if (ssid->group_mgmt_cipher &
1457 					 WPA_CIPHER_BIP_CMAC_256)
1458 					ie.mgmt_group_cipher =
1459 						WPA_CIPHER_BIP_CMAC_256;
1460 				else if (ssid->group_mgmt_cipher &
1461 					 WPA_CIPHER_BIP_GMAC_128)
1462 					ie.mgmt_group_cipher =
1463 						WPA_CIPHER_BIP_GMAC_128;
1464 				else
1465 					ie.mgmt_group_cipher =
1466 						WPA_CIPHER_AES_128_CMAC;
1467 			}
1468 #ifdef CONFIG_OWE
1469 			if ((ssid->key_mgmt & WPA_KEY_MGMT_OWE) &&
1470 			    !ssid->owe_only &&
1471 			    !bss_wpa && !bss_rsn && !bss_osen) {
1472 				wpa_supplicant_set_non_wpa_policy(wpa_s, ssid);
1473 				wpa_s->wpa_proto = 0;
1474 				*wpa_ie_len = 0;
1475 				return 0;
1476 			}
1477 #endif /* CONFIG_OWE */
1478 			wpa_dbg(wpa_s, MSG_DEBUG, "WPA: Set cipher suites "
1479 				"based on configuration");
1480 		} else
1481 			proto = ie.proto;
1482 	}
1483 
1484 	wpa_dbg(wpa_s, MSG_DEBUG, "WPA: Selected cipher suites: group %d "
1485 		"pairwise %d key_mgmt %d proto %d",
1486 		ie.group_cipher, ie.pairwise_cipher, ie.key_mgmt, proto);
1487 	if (ssid->ieee80211w) {
1488 		wpa_dbg(wpa_s, MSG_DEBUG, "WPA: Selected mgmt group cipher %d",
1489 			ie.mgmt_group_cipher);
1490 	}
1491 
1492 	wpa_s->wpa_proto = proto;
1493 	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_PROTO, proto);
1494 	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_RSN_ENABLED,
1495 			 !!(ssid->proto & (WPA_PROTO_RSN | WPA_PROTO_OSEN)));
1496 
1497 	if (bss || !wpa_s->ap_ies_from_associnfo) {
1498 		if (wpa_sm_set_ap_wpa_ie(wpa_s->wpa, bss_wpa,
1499 					 bss_wpa ? 2 + bss_wpa[1] : 0) ||
1500 		    wpa_sm_set_ap_rsn_ie(wpa_s->wpa, bss_rsn,
1501 					 bss_rsn ? 2 + bss_rsn[1] : 0) ||
1502 		    wpa_sm_set_ap_rsnxe(wpa_s->wpa, bss_rsnx,
1503 					bss_rsnx ? 2 + bss_rsnx[1] : 0))
1504 			return -1;
1505 	}
1506 
1507 #ifdef CONFIG_NO_WPA
1508 	wpa_s->group_cipher = WPA_CIPHER_NONE;
1509 	wpa_s->pairwise_cipher = WPA_CIPHER_NONE;
1510 #else /* CONFIG_NO_WPA */
1511 	sel = ie.group_cipher & ssid->group_cipher;
1512 	wpa_dbg(wpa_s, MSG_DEBUG,
1513 		"WPA: AP group 0x%x network profile group 0x%x; available group 0x%x",
1514 		ie.group_cipher, ssid->group_cipher, sel);
1515 	wpa_s->group_cipher = wpa_pick_group_cipher(sel);
1516 	if (wpa_s->group_cipher < 0) {
1517 		wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to select group "
1518 			"cipher");
1519 		return -1;
1520 	}
1521 	wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using GTK %s",
1522 		wpa_cipher_txt(wpa_s->group_cipher));
1523 
1524 	sel = ie.pairwise_cipher & ssid->pairwise_cipher;
1525 	wpa_dbg(wpa_s, MSG_DEBUG,
1526 		"WPA: AP pairwise 0x%x network profile pairwise 0x%x; available pairwise 0x%x",
1527 		ie.pairwise_cipher, ssid->pairwise_cipher, sel);
1528 	wpa_s->pairwise_cipher = wpa_pick_pairwise_cipher(sel, 1);
1529 	if (wpa_s->pairwise_cipher < 0) {
1530 		wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to select pairwise "
1531 			"cipher");
1532 		return -1;
1533 	}
1534 	wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using PTK %s",
1535 		wpa_cipher_txt(wpa_s->pairwise_cipher));
1536 #endif /* CONFIG_NO_WPA */
1537 
1538 	sel = ie.key_mgmt & ssid->key_mgmt;
1539 #ifdef CONFIG_SAE
1540 	if (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_SAE))
1541 		sel &= ~(WPA_KEY_MGMT_SAE | WPA_KEY_MGMT_FT_SAE);
1542 #endif /* CONFIG_SAE */
1543 #ifdef CONFIG_IEEE80211R
1544 	if (!(wpa_s->drv_flags & (WPA_DRIVER_FLAGS_SME |
1545 				  WPA_DRIVER_FLAGS_UPDATE_FT_IES)))
1546 		sel &= ~WPA_KEY_MGMT_FT;
1547 #endif /* CONFIG_IEEE80211R */
1548 	wpa_dbg(wpa_s, MSG_DEBUG,
1549 		"WPA: AP key_mgmt 0x%x network profile key_mgmt 0x%x; available key_mgmt 0x%x",
1550 		ie.key_mgmt, ssid->key_mgmt, sel);
1551 	if (0) {
1552 #ifdef CONFIG_IEEE80211R
1553 #ifdef CONFIG_SHA384
1554 	} else if ((sel & WPA_KEY_MGMT_FT_IEEE8021X_SHA384) &&
1555 		   os_strcmp(wpa_supplicant_get_eap_mode(wpa_s), "LEAP") != 0) {
1556 		wpa_s->key_mgmt = WPA_KEY_MGMT_FT_IEEE8021X_SHA384;
1557 		wpa_dbg(wpa_s, MSG_DEBUG,
1558 			"WPA: using KEY_MGMT FT/802.1X-SHA384");
1559 		if (!ssid->ft_eap_pmksa_caching &&
1560 		    pmksa_cache_get_current(wpa_s->wpa)) {
1561 			/* PMKSA caching with FT may have interoperability
1562 			 * issues, so disable that case by default for now. */
1563 			wpa_dbg(wpa_s, MSG_DEBUG,
1564 				"WPA: Disable PMKSA caching for FT/802.1X connection");
1565 			pmksa_cache_clear_current(wpa_s->wpa);
1566 		}
1567 #endif /* CONFIG_SHA384 */
1568 #endif /* CONFIG_IEEE80211R */
1569 #ifdef CONFIG_SUITEB192
1570 	} else if (sel & WPA_KEY_MGMT_IEEE8021X_SUITE_B_192) {
1571 		wpa_s->key_mgmt = WPA_KEY_MGMT_IEEE8021X_SUITE_B_192;
1572 		wpa_dbg(wpa_s, MSG_DEBUG,
1573 			"WPA: using KEY_MGMT 802.1X with Suite B (192-bit)");
1574 #endif /* CONFIG_SUITEB192 */
1575 #ifdef CONFIG_SUITEB
1576 	} else if (sel & WPA_KEY_MGMT_IEEE8021X_SUITE_B) {
1577 		wpa_s->key_mgmt = WPA_KEY_MGMT_IEEE8021X_SUITE_B;
1578 		wpa_dbg(wpa_s, MSG_DEBUG,
1579 			"WPA: using KEY_MGMT 802.1X with Suite B");
1580 #endif /* CONFIG_SUITEB */
1581 #ifdef CONFIG_FILS
1582 #ifdef CONFIG_IEEE80211R
1583 	} else if (sel & WPA_KEY_MGMT_FT_FILS_SHA384) {
1584 		wpa_s->key_mgmt = WPA_KEY_MGMT_FT_FILS_SHA384;
1585 		wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT FT-FILS-SHA384");
1586 	} else if (sel & WPA_KEY_MGMT_FT_FILS_SHA256) {
1587 		wpa_s->key_mgmt = WPA_KEY_MGMT_FT_FILS_SHA256;
1588 		wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT FT-FILS-SHA256");
1589 #endif /* CONFIG_IEEE80211R */
1590 	} else if (sel & WPA_KEY_MGMT_FILS_SHA384) {
1591 		wpa_s->key_mgmt = WPA_KEY_MGMT_FILS_SHA384;
1592 		wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT FILS-SHA384");
1593 	} else if (sel & WPA_KEY_MGMT_FILS_SHA256) {
1594 		wpa_s->key_mgmt = WPA_KEY_MGMT_FILS_SHA256;
1595 		wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT FILS-SHA256");
1596 #endif /* CONFIG_FILS */
1597 #ifdef CONFIG_IEEE80211R
1598 	} else if ((sel & WPA_KEY_MGMT_FT_IEEE8021X) &&
1599 		   os_strcmp(wpa_supplicant_get_eap_mode(wpa_s), "LEAP") != 0) {
1600 		wpa_s->key_mgmt = WPA_KEY_MGMT_FT_IEEE8021X;
1601 		wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT FT/802.1X");
1602 		if (!ssid->ft_eap_pmksa_caching &&
1603 		    pmksa_cache_get_current(wpa_s->wpa)) {
1604 			/* PMKSA caching with FT may have interoperability
1605 			 * issues, so disable that case by default for now. */
1606 			wpa_dbg(wpa_s, MSG_DEBUG,
1607 				"WPA: Disable PMKSA caching for FT/802.1X connection");
1608 			pmksa_cache_clear_current(wpa_s->wpa);
1609 		}
1610 #endif /* CONFIG_IEEE80211R */
1611 #ifdef CONFIG_DPP
1612 	} else if (sel & WPA_KEY_MGMT_DPP) {
1613 		wpa_s->key_mgmt = WPA_KEY_MGMT_DPP;
1614 		wpa_dbg(wpa_s, MSG_DEBUG, "RSN: using KEY_MGMT DPP");
1615 #endif /* CONFIG_DPP */
1616 #ifdef CONFIG_SAE
1617 	} else if (sel & WPA_KEY_MGMT_FT_SAE) {
1618 		wpa_s->key_mgmt = WPA_KEY_MGMT_FT_SAE;
1619 		wpa_dbg(wpa_s, MSG_DEBUG, "RSN: using KEY_MGMT FT/SAE");
1620 	} else if (sel & WPA_KEY_MGMT_SAE) {
1621 		wpa_s->key_mgmt = WPA_KEY_MGMT_SAE;
1622 		wpa_dbg(wpa_s, MSG_DEBUG, "RSN: using KEY_MGMT SAE");
1623 #endif /* CONFIG_SAE */
1624 #ifdef CONFIG_IEEE80211R
1625 	} else if (sel & WPA_KEY_MGMT_FT_PSK) {
1626 		wpa_s->key_mgmt = WPA_KEY_MGMT_FT_PSK;
1627 		wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT FT/PSK");
1628 #endif /* CONFIG_IEEE80211R */
1629 	} else if (sel & WPA_KEY_MGMT_IEEE8021X_SHA256) {
1630 		wpa_s->key_mgmt = WPA_KEY_MGMT_IEEE8021X_SHA256;
1631 		wpa_dbg(wpa_s, MSG_DEBUG,
1632 			"WPA: using KEY_MGMT 802.1X with SHA256");
1633 	} else if (sel & WPA_KEY_MGMT_PSK_SHA256) {
1634 		wpa_s->key_mgmt = WPA_KEY_MGMT_PSK_SHA256;
1635 		wpa_dbg(wpa_s, MSG_DEBUG,
1636 			"WPA: using KEY_MGMT PSK with SHA256");
1637 	} else if (sel & WPA_KEY_MGMT_IEEE8021X) {
1638 		wpa_s->key_mgmt = WPA_KEY_MGMT_IEEE8021X;
1639 		wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT 802.1X");
1640 	} else if (sel & WPA_KEY_MGMT_PSK) {
1641 		wpa_s->key_mgmt = WPA_KEY_MGMT_PSK;
1642 		wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT WPA-PSK");
1643 	} else if (sel & WPA_KEY_MGMT_WPA_NONE) {
1644 		wpa_s->key_mgmt = WPA_KEY_MGMT_WPA_NONE;
1645 		wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT WPA-NONE");
1646 #ifdef CONFIG_HS20
1647 	} else if (sel & WPA_KEY_MGMT_OSEN) {
1648 		wpa_s->key_mgmt = WPA_KEY_MGMT_OSEN;
1649 		wpa_dbg(wpa_s, MSG_DEBUG, "HS 2.0: using KEY_MGMT OSEN");
1650 #endif /* CONFIG_HS20 */
1651 #ifdef CONFIG_OWE
1652 	} else if (sel & WPA_KEY_MGMT_OWE) {
1653 		wpa_s->key_mgmt = WPA_KEY_MGMT_OWE;
1654 		wpa_dbg(wpa_s, MSG_DEBUG, "RSN: using KEY_MGMT OWE");
1655 #endif /* CONFIG_OWE */
1656 	} else {
1657 		wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to select "
1658 			"authenticated key management type");
1659 		return -1;
1660 	}
1661 
1662 	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_KEY_MGMT, wpa_s->key_mgmt);
1663 	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_PAIRWISE,
1664 			 wpa_s->pairwise_cipher);
1665 	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_GROUP, wpa_s->group_cipher);
1666 
1667 	if (!(ie.capabilities & WPA_CAPABILITY_MFPC) &&
1668 	    wpas_get_ssid_pmf(wpa_s, ssid) == MGMT_FRAME_PROTECTION_REQUIRED) {
1669 		wpa_msg(wpa_s, MSG_INFO,
1670 			"RSN: Management frame protection required but the selected AP does not enable it");
1671 		return -1;
1672 	}
1673 
1674 	wpas_set_mgmt_group_cipher(wpa_s, ssid, &ie);
1675 #ifdef CONFIG_OCV
1676 	if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME) ||
1677 	    (wpa_s->drv_flags2 & WPA_DRIVER_FLAGS2_OCV))
1678 		wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_OCV, ssid->ocv);
1679 #endif /* CONFIG_OCV */
1680 	sae_pwe = wpa_s->conf->sae_pwe;
1681 	if (ssid->sae_password_id && sae_pwe != 3)
1682 		sae_pwe = 1;
1683 	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_SAE_PWE, sae_pwe);
1684 #ifdef CONFIG_SAE_PK
1685 	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_SAE_PK,
1686 			 wpa_key_mgmt_sae(ssid->key_mgmt) &&
1687 			 ssid->sae_pk != SAE_PK_MODE_DISABLED &&
1688 			 ((ssid->sae_password &&
1689 			   sae_pk_valid_password(ssid->sae_password)) ||
1690 			  (!ssid->sae_password && ssid->passphrase &&
1691 			   sae_pk_valid_password(ssid->passphrase))));
1692 #endif /* CONFIG_SAE_PK */
1693 #ifdef CONFIG_TESTING_OPTIONS
1694 	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_FT_RSNXE_USED,
1695 			 wpa_s->ft_rsnxe_used);
1696 	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_OCI_FREQ_EAPOL,
1697 			 wpa_s->oci_freq_override_eapol);
1698 	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_OCI_FREQ_EAPOL_G2,
1699 			 wpa_s->oci_freq_override_eapol_g2);
1700 	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_OCI_FREQ_FT_ASSOC,
1701 			 wpa_s->oci_freq_override_ft_assoc);
1702 	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_OCI_FREQ_FILS_ASSOC,
1703 			 wpa_s->oci_freq_override_fils_assoc);
1704 #endif /* CONFIG_TESTING_OPTIONS */
1705 
1706 	/* Extended Key ID is only supported in infrastructure BSS so far */
1707 	if (ssid->mode == WPAS_MODE_INFRA && wpa_s->conf->extended_key_id &&
1708 	    (ssid->proto & WPA_PROTO_RSN) &&
1709 	    ssid->pairwise_cipher & (WPA_CIPHER_CCMP | WPA_CIPHER_CCMP_256 |
1710 				     WPA_CIPHER_GCMP | WPA_CIPHER_GCMP_256) &&
1711 	    (wpa_s->drv_flags & WPA_DRIVER_FLAGS_EXTENDED_KEY_ID)) {
1712 		int use_ext_key_id = 0;
1713 
1714 		wpa_msg(wpa_s, MSG_DEBUG,
1715 			"WPA: Enable Extended Key ID support");
1716 		wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_EXT_KEY_ID,
1717 				 wpa_s->conf->extended_key_id);
1718 		if (bss_rsn &&
1719 		    wpa_s->conf->extended_key_id &&
1720 		    wpa_s->pairwise_cipher != WPA_CIPHER_TKIP &&
1721 		    (ie.capabilities & WPA_CAPABILITY_EXT_KEY_ID_FOR_UNICAST))
1722 			use_ext_key_id = 1;
1723 		wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_USE_EXT_KEY_ID,
1724 				 use_ext_key_id);
1725 	} else {
1726 		wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_EXT_KEY_ID, 0);
1727 		wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_USE_EXT_KEY_ID, 0);
1728 	}
1729 
1730 	if (wpa_sm_set_assoc_wpa_ie_default(wpa_s->wpa, wpa_ie, wpa_ie_len)) {
1731 		wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to generate WPA IE");
1732 		return -1;
1733 	}
1734 
1735 	wpa_s->rsnxe_len = sizeof(wpa_s->rsnxe);
1736 	if (wpa_sm_set_assoc_rsnxe_default(wpa_s->wpa, wpa_s->rsnxe,
1737 					   &wpa_s->rsnxe_len)) {
1738 		wpa_msg(wpa_s, MSG_WARNING, "RSN: Failed to generate RSNXE");
1739 		return -1;
1740 	}
1741 
1742 	if (0) {
1743 #ifdef CONFIG_DPP
1744 	} else if (wpa_s->key_mgmt == WPA_KEY_MGMT_DPP) {
1745 		/* Use PMK from DPP network introduction (PMKSA entry) */
1746 		wpa_sm_set_pmk_from_pmksa(wpa_s->wpa);
1747 #ifdef CONFIG_DPP2
1748 		wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_DPP_PFS, ssid->dpp_pfs);
1749 #endif /* CONFIG_DPP2 */
1750 #endif /* CONFIG_DPP */
1751 	} else if (wpa_key_mgmt_wpa_psk(ssid->key_mgmt)) {
1752 		int psk_set = 0;
1753 		int sae_only;
1754 
1755 		sae_only = (ssid->key_mgmt & (WPA_KEY_MGMT_PSK |
1756 					      WPA_KEY_MGMT_FT_PSK |
1757 					      WPA_KEY_MGMT_PSK_SHA256)) == 0;
1758 
1759 		if (ssid->psk_set && !sae_only) {
1760 			wpa_hexdump_key(MSG_MSGDUMP, "PSK (set in config)",
1761 					ssid->psk, PMK_LEN);
1762 			wpa_sm_set_pmk(wpa_s->wpa, ssid->psk, PMK_LEN, NULL,
1763 				       NULL);
1764 			psk_set = 1;
1765 		}
1766 
1767 		if (wpa_key_mgmt_sae(ssid->key_mgmt) &&
1768 		    (ssid->sae_password || ssid->passphrase))
1769 			psk_set = 1;
1770 
1771 #ifndef CONFIG_NO_PBKDF2
1772 		if (bss && ssid->bssid_set && ssid->ssid_len == 0 &&
1773 		    ssid->passphrase && !sae_only) {
1774 			u8 psk[PMK_LEN];
1775 		        pbkdf2_sha1(ssid->passphrase, bss->ssid, bss->ssid_len,
1776 				    4096, psk, PMK_LEN);
1777 		        wpa_hexdump_key(MSG_MSGDUMP, "PSK (from passphrase)",
1778 					psk, PMK_LEN);
1779 			wpa_sm_set_pmk(wpa_s->wpa, psk, PMK_LEN, NULL, NULL);
1780 			psk_set = 1;
1781 			os_memset(psk, 0, sizeof(psk));
1782 		}
1783 #endif /* CONFIG_NO_PBKDF2 */
1784 #ifdef CONFIG_EXT_PASSWORD
1785 		if (ssid->ext_psk && !sae_only) {
1786 			struct wpabuf *pw = ext_password_get(wpa_s->ext_pw,
1787 							     ssid->ext_psk);
1788 			char pw_str[64 + 1];
1789 			u8 psk[PMK_LEN];
1790 
1791 			if (pw == NULL) {
1792 				wpa_msg(wpa_s, MSG_INFO, "EXT PW: No PSK "
1793 					"found from external storage");
1794 				return -1;
1795 			}
1796 
1797 			if (wpabuf_len(pw) < 8 || wpabuf_len(pw) > 64) {
1798 				wpa_msg(wpa_s, MSG_INFO, "EXT PW: Unexpected "
1799 					"PSK length %d in external storage",
1800 					(int) wpabuf_len(pw));
1801 				ext_password_free(pw);
1802 				return -1;
1803 			}
1804 
1805 			os_memcpy(pw_str, wpabuf_head(pw), wpabuf_len(pw));
1806 			pw_str[wpabuf_len(pw)] = '\0';
1807 
1808 #ifndef CONFIG_NO_PBKDF2
1809 			if (wpabuf_len(pw) >= 8 && wpabuf_len(pw) < 64 && bss)
1810 			{
1811 				pbkdf2_sha1(pw_str, bss->ssid, bss->ssid_len,
1812 					    4096, psk, PMK_LEN);
1813 				os_memset(pw_str, 0, sizeof(pw_str));
1814 				wpa_hexdump_key(MSG_MSGDUMP, "PSK (from "
1815 						"external passphrase)",
1816 						psk, PMK_LEN);
1817 				wpa_sm_set_pmk(wpa_s->wpa, psk, PMK_LEN, NULL,
1818 					       NULL);
1819 				psk_set = 1;
1820 				os_memset(psk, 0, sizeof(psk));
1821 			} else
1822 #endif /* CONFIG_NO_PBKDF2 */
1823 			if (wpabuf_len(pw) == 2 * PMK_LEN) {
1824 				if (hexstr2bin(pw_str, psk, PMK_LEN) < 0) {
1825 					wpa_msg(wpa_s, MSG_INFO, "EXT PW: "
1826 						"Invalid PSK hex string");
1827 					os_memset(pw_str, 0, sizeof(pw_str));
1828 					ext_password_free(pw);
1829 					return -1;
1830 				}
1831 				wpa_hexdump_key(MSG_MSGDUMP,
1832 						"PSK (from external PSK)",
1833 						psk, PMK_LEN);
1834 				wpa_sm_set_pmk(wpa_s->wpa, psk, PMK_LEN, NULL,
1835 					       NULL);
1836 				psk_set = 1;
1837 				os_memset(psk, 0, sizeof(psk));
1838 			} else {
1839 				wpa_msg(wpa_s, MSG_INFO, "EXT PW: No suitable "
1840 					"PSK available");
1841 				os_memset(pw_str, 0, sizeof(pw_str));
1842 				ext_password_free(pw);
1843 				return -1;
1844 			}
1845 
1846 			os_memset(pw_str, 0, sizeof(pw_str));
1847 			ext_password_free(pw);
1848 		}
1849 #endif /* CONFIG_EXT_PASSWORD */
1850 
1851 		if (!psk_set) {
1852 			wpa_msg(wpa_s, MSG_INFO,
1853 				"No PSK available for association");
1854 			wpas_auth_failed(wpa_s, "NO_PSK_AVAILABLE");
1855 			return -1;
1856 		}
1857 #ifdef CONFIG_OWE
1858 	} else if (wpa_s->key_mgmt == WPA_KEY_MGMT_OWE) {
1859 		/* OWE Diffie-Hellman exchange in (Re)Association
1860 		 * Request/Response frames set the PMK, so do not override it
1861 		 * here. */
1862 #endif /* CONFIG_OWE */
1863 	} else
1864 		wpa_sm_set_pmk_from_pmksa(wpa_s->wpa);
1865 
1866 	if (ssid->mode != WPAS_MODE_IBSS &&
1867 	    !(wpa_s->drv_flags & WPA_DRIVER_FLAGS_WIRED) &&
1868 	    (ssid->wpa_deny_ptk0_rekey == PTK0_REKEY_ALLOW_NEVER ||
1869 	     (ssid->wpa_deny_ptk0_rekey == PTK0_REKEY_ALLOW_LOCAL_OK &&
1870 	      !(wpa_s->drv_flags & WPA_DRIVER_FLAGS_SAFE_PTK0_REKEYS)))) {
1871 		wpa_msg(wpa_s, MSG_INFO,
1872 			"Disable PTK0 rekey support - replaced with reconnect");
1873 		wpa_s->deny_ptk0_rekey = 1;
1874 		wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_DENY_PTK0_REKEY, 1);
1875 	} else {
1876 		wpa_s->deny_ptk0_rekey = 0;
1877 		wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_DENY_PTK0_REKEY, 0);
1878 	}
1879 
1880 	return 0;
1881 }
1882 
1883 
1884 static void wpas_ext_capab_byte(struct wpa_supplicant *wpa_s, u8 *pos, int idx)
1885 {
1886 	bool scs = true, mscs = true;
1887 
1888 	*pos = 0x00;
1889 
1890 	switch (idx) {
1891 	case 0: /* Bits 0-7 */
1892 		break;
1893 	case 1: /* Bits 8-15 */
1894 		if (wpa_s->conf->coloc_intf_reporting) {
1895 			/* Bit 13 - Collocated Interference Reporting */
1896 			*pos |= 0x20;
1897 		}
1898 		break;
1899 	case 2: /* Bits 16-23 */
1900 #ifdef CONFIG_WNM
1901 		*pos |= 0x02; /* Bit 17 - WNM-Sleep Mode */
1902 		if (!wpa_s->disable_mbo_oce && !wpa_s->conf->disable_btm)
1903 			*pos |= 0x08; /* Bit 19 - BSS Transition */
1904 #endif /* CONFIG_WNM */
1905 		break;
1906 	case 3: /* Bits 24-31 */
1907 #ifdef CONFIG_WNM
1908 		*pos |= 0x02; /* Bit 25 - SSID List */
1909 #endif /* CONFIG_WNM */
1910 #ifdef CONFIG_INTERWORKING
1911 		if (wpa_s->conf->interworking)
1912 			*pos |= 0x80; /* Bit 31 - Interworking */
1913 #endif /* CONFIG_INTERWORKING */
1914 		break;
1915 	case 4: /* Bits 32-39 */
1916 #ifdef CONFIG_INTERWORKING
1917 		if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_QOS_MAPPING)
1918 			*pos |= 0x01; /* Bit 32 - QoS Map */
1919 #endif /* CONFIG_INTERWORKING */
1920 		break;
1921 	case 5: /* Bits 40-47 */
1922 #ifdef CONFIG_HS20
1923 		if (wpa_s->conf->hs20)
1924 			*pos |= 0x40; /* Bit 46 - WNM-Notification */
1925 #endif /* CONFIG_HS20 */
1926 #ifdef CONFIG_MBO
1927 		*pos |= 0x40; /* Bit 46 - WNM-Notification */
1928 #endif /* CONFIG_MBO */
1929 		break;
1930 	case 6: /* Bits 48-55 */
1931 #ifdef CONFIG_TESTING_OPTIONS
1932 		if (wpa_s->disable_scs_support)
1933 			scs = false;
1934 #endif /* CONFIG_TESTING_OPTIONS */
1935 		if (scs)
1936 			*pos |= 0x40; /* Bit 54 - SCS */
1937 		break;
1938 	case 7: /* Bits 56-63 */
1939 		break;
1940 	case 8: /* Bits 64-71 */
1941 		if (wpa_s->conf->ftm_responder)
1942 			*pos |= 0x40; /* Bit 70 - FTM responder */
1943 		if (wpa_s->conf->ftm_initiator)
1944 			*pos |= 0x80; /* Bit 71 - FTM initiator */
1945 		break;
1946 	case 9: /* Bits 72-79 */
1947 #ifdef CONFIG_FILS
1948 		if (!wpa_s->disable_fils)
1949 			*pos |= 0x01;
1950 #endif /* CONFIG_FILS */
1951 		break;
1952 	case 10: /* Bits 80-87 */
1953 #ifdef CONFIG_TESTING_OPTIONS
1954 		if (wpa_s->disable_mscs_support)
1955 			mscs = false;
1956 #endif /* CONFIG_TESTING_OPTIONS */
1957 		if (mscs)
1958 			*pos |= 0x20; /* Bit 85 - Mirrored SCS */
1959 		break;
1960 	}
1961 }
1962 
1963 
1964 int wpas_build_ext_capab(struct wpa_supplicant *wpa_s, u8 *buf, size_t buflen)
1965 {
1966 	u8 *pos = buf;
1967 	u8 len = 11, i;
1968 
1969 	if (len < wpa_s->extended_capa_len)
1970 		len = wpa_s->extended_capa_len;
1971 	if (buflen < (size_t) len + 2) {
1972 		wpa_printf(MSG_INFO,
1973 			   "Not enough room for building extended capabilities element");
1974 		return -1;
1975 	}
1976 
1977 	*pos++ = WLAN_EID_EXT_CAPAB;
1978 	*pos++ = len;
1979 	for (i = 0; i < len; i++, pos++) {
1980 		wpas_ext_capab_byte(wpa_s, pos, i);
1981 
1982 		if (i < wpa_s->extended_capa_len) {
1983 			*pos &= ~wpa_s->extended_capa_mask[i];
1984 			*pos |= wpa_s->extended_capa[i];
1985 		}
1986 	}
1987 
1988 	while (len > 0 && buf[1 + len] == 0) {
1989 		len--;
1990 		buf[1] = len;
1991 	}
1992 	if (len == 0)
1993 		return 0;
1994 
1995 	return 2 + len;
1996 }
1997 
1998 
1999 static int wpas_valid_bss(struct wpa_supplicant *wpa_s,
2000 			  struct wpa_bss *test_bss)
2001 {
2002 	struct wpa_bss *bss;
2003 
2004 	dl_list_for_each(bss, &wpa_s->bss, struct wpa_bss, list) {
2005 		if (bss == test_bss)
2006 			return 1;
2007 	}
2008 
2009 	return 0;
2010 }
2011 
2012 
2013 static int wpas_valid_ssid(struct wpa_supplicant *wpa_s,
2014 			   struct wpa_ssid *test_ssid)
2015 {
2016 	struct wpa_ssid *ssid;
2017 
2018 	for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next) {
2019 		if (ssid == test_ssid)
2020 			return 1;
2021 	}
2022 
2023 	return 0;
2024 }
2025 
2026 
2027 int wpas_valid_bss_ssid(struct wpa_supplicant *wpa_s, struct wpa_bss *test_bss,
2028 			struct wpa_ssid *test_ssid)
2029 {
2030 	if (test_bss && !wpas_valid_bss(wpa_s, test_bss))
2031 		return 0;
2032 
2033 	return test_ssid == NULL || wpas_valid_ssid(wpa_s, test_ssid);
2034 }
2035 
2036 
2037 void wpas_connect_work_free(struct wpa_connect_work *cwork)
2038 {
2039 	if (cwork == NULL)
2040 		return;
2041 	os_free(cwork);
2042 }
2043 
2044 
2045 void wpas_connect_work_done(struct wpa_supplicant *wpa_s)
2046 {
2047 	struct wpa_connect_work *cwork;
2048 	struct wpa_radio_work *work = wpa_s->connect_work;
2049 
2050 	if (!work)
2051 		return;
2052 
2053 	wpa_s->connect_work = NULL;
2054 	cwork = work->ctx;
2055 	work->ctx = NULL;
2056 	wpas_connect_work_free(cwork);
2057 	radio_work_done(work);
2058 }
2059 
2060 
2061 int wpas_update_random_addr(struct wpa_supplicant *wpa_s, int style)
2062 {
2063 	struct os_reltime now;
2064 	u8 addr[ETH_ALEN];
2065 
2066 	os_get_reltime(&now);
2067 	if (wpa_s->last_mac_addr_style == style &&
2068 	    wpa_s->last_mac_addr_change.sec != 0 &&
2069 	    !os_reltime_expired(&now, &wpa_s->last_mac_addr_change,
2070 				wpa_s->conf->rand_addr_lifetime)) {
2071 		wpa_msg(wpa_s, MSG_DEBUG,
2072 			"Previously selected random MAC address has not yet expired");
2073 		return 0;
2074 	}
2075 
2076 	switch (style) {
2077 	case 1:
2078 		if (random_mac_addr(addr) < 0)
2079 			return -1;
2080 		break;
2081 	case 2:
2082 		os_memcpy(addr, wpa_s->perm_addr, ETH_ALEN);
2083 		if (random_mac_addr_keep_oui(addr) < 0)
2084 			return -1;
2085 		break;
2086 	default:
2087 		return -1;
2088 	}
2089 
2090 	if (wpa_drv_set_mac_addr(wpa_s, addr) < 0) {
2091 		wpa_msg(wpa_s, MSG_INFO,
2092 			"Failed to set random MAC address");
2093 		return -1;
2094 	}
2095 
2096 	os_get_reltime(&wpa_s->last_mac_addr_change);
2097 	wpa_s->mac_addr_changed = 1;
2098 	wpa_s->last_mac_addr_style = style;
2099 
2100 	if (wpa_supplicant_update_mac_addr(wpa_s) < 0) {
2101 		wpa_msg(wpa_s, MSG_INFO,
2102 			"Could not update MAC address information");
2103 		return -1;
2104 	}
2105 
2106 	wpa_msg(wpa_s, MSG_DEBUG, "Using random MAC address " MACSTR,
2107 		MAC2STR(addr));
2108 
2109 	return 0;
2110 }
2111 
2112 
2113 int wpas_update_random_addr_disassoc(struct wpa_supplicant *wpa_s)
2114 {
2115 	if (wpa_s->wpa_state >= WPA_AUTHENTICATING ||
2116 	    !wpa_s->conf->preassoc_mac_addr)
2117 		return 0;
2118 
2119 	return wpas_update_random_addr(wpa_s, wpa_s->conf->preassoc_mac_addr);
2120 }
2121 
2122 
2123 static void wpa_s_setup_sae_pt(struct wpa_config *conf, struct wpa_ssid *ssid)
2124 {
2125 #ifdef CONFIG_SAE
2126 	int *groups = conf->sae_groups;
2127 	int default_groups[] = { 19, 20, 21, 0 };
2128 	const char *password;
2129 
2130 	if (!groups || groups[0] <= 0)
2131 		groups = default_groups;
2132 
2133 	password = ssid->sae_password;
2134 	if (!password)
2135 		password = ssid->passphrase;
2136 
2137 	if (!password ||
2138 	    (conf->sae_pwe == 0 && !ssid->sae_password_id &&
2139 	     !sae_pk_valid_password(password)) ||
2140 	    conf->sae_pwe == 3) {
2141 		/* PT derivation not needed */
2142 		sae_deinit_pt(ssid->pt);
2143 		ssid->pt = NULL;
2144 		return;
2145 	}
2146 
2147 	if (ssid->pt)
2148 		return; /* PT already derived */
2149 	ssid->pt = sae_derive_pt(groups, ssid->ssid, ssid->ssid_len,
2150 				 (const u8 *) password, os_strlen(password),
2151 				 ssid->sae_password_id);
2152 #endif /* CONFIG_SAE */
2153 }
2154 
2155 
2156 static void wpa_s_clear_sae_rejected(struct wpa_supplicant *wpa_s)
2157 {
2158 #if defined(CONFIG_SAE) && defined(CONFIG_SME)
2159 	os_free(wpa_s->sme.sae_rejected_groups);
2160 	wpa_s->sme.sae_rejected_groups = NULL;
2161 #ifdef CONFIG_TESTING_OPTIONS
2162 	if (wpa_s->extra_sae_rejected_groups) {
2163 		int i, *groups = wpa_s->extra_sae_rejected_groups;
2164 
2165 		for (i = 0; groups[i]; i++) {
2166 			wpa_printf(MSG_DEBUG,
2167 				   "TESTING: Indicate rejection of an extra SAE group %d",
2168 				   groups[i]);
2169 			int_array_add_unique(&wpa_s->sme.sae_rejected_groups,
2170 					     groups[i]);
2171 		}
2172 	}
2173 #endif /* CONFIG_TESTING_OPTIONS */
2174 #endif /* CONFIG_SAE && CONFIG_SME */
2175 }
2176 
2177 
2178 int wpas_restore_permanent_mac_addr(struct wpa_supplicant *wpa_s)
2179 {
2180 	if (wpa_drv_set_mac_addr(wpa_s, NULL) < 0) {
2181 		wpa_msg(wpa_s, MSG_INFO,
2182 			"Could not restore permanent MAC address");
2183 		return -1;
2184 	}
2185 	wpa_s->mac_addr_changed = 0;
2186 	if (wpa_supplicant_update_mac_addr(wpa_s) < 0) {
2187 		wpa_msg(wpa_s, MSG_INFO,
2188 			"Could not update MAC address information");
2189 		return -1;
2190 	}
2191 	wpa_msg(wpa_s, MSG_DEBUG, "Using permanent MAC address");
2192 	return 0;
2193 }
2194 
2195 
2196 static void wpas_start_assoc_cb(struct wpa_radio_work *work, int deinit);
2197 
2198 /**
2199  * wpa_supplicant_associate - Request association
2200  * @wpa_s: Pointer to wpa_supplicant data
2201  * @bss: Scan results for the selected BSS, or %NULL if not available
2202  * @ssid: Configuration data for the selected network
2203  *
2204  * This function is used to request %wpa_supplicant to associate with a BSS.
2205  */
2206 void wpa_supplicant_associate(struct wpa_supplicant *wpa_s,
2207 			      struct wpa_bss *bss, struct wpa_ssid *ssid)
2208 {
2209 	struct wpa_connect_work *cwork;
2210 	int rand_style;
2211 
2212 	wpa_s->own_disconnect_req = 0;
2213 	wpa_s->own_reconnect_req = 0;
2214 
2215 	/*
2216 	 * If we are starting a new connection, any previously pending EAPOL
2217 	 * RX cannot be valid anymore.
2218 	 */
2219 	wpabuf_free(wpa_s->pending_eapol_rx);
2220 	wpa_s->pending_eapol_rx = NULL;
2221 
2222 	if (ssid->mac_addr == -1)
2223 		rand_style = wpa_s->conf->mac_addr;
2224 	else
2225 		rand_style = ssid->mac_addr;
2226 
2227 	wpa_s->multi_ap_ie = 0;
2228 	wmm_ac_clear_saved_tspecs(wpa_s);
2229 	wpa_s->reassoc_same_bss = 0;
2230 	wpa_s->reassoc_same_ess = 0;
2231 #ifdef CONFIG_TESTING_OPTIONS
2232 	wpa_s->testing_resend_assoc = 0;
2233 #endif /* CONFIG_TESTING_OPTIONS */
2234 
2235 	if (wpa_s->last_ssid == ssid) {
2236 		wpa_dbg(wpa_s, MSG_DEBUG, "Re-association to the same ESS");
2237 		wpa_s->reassoc_same_ess = 1;
2238 		if (wpa_s->current_bss && wpa_s->current_bss == bss) {
2239 			wmm_ac_save_tspecs(wpa_s);
2240 			wpa_s->reassoc_same_bss = 1;
2241 		} else if (wpa_s->current_bss && wpa_s->current_bss != bss) {
2242 			os_get_reltime(&wpa_s->roam_start);
2243 		}
2244 	} else {
2245 #ifdef CONFIG_SAE
2246 		wpa_s_clear_sae_rejected(wpa_s);
2247 #endif /* CONFIG_SAE */
2248 	}
2249 #ifdef CONFIG_SAE
2250 	wpa_s_setup_sae_pt(wpa_s->conf, ssid);
2251 #endif /* CONFIG_SAE */
2252 
2253 	if (rand_style > 0 && !wpa_s->reassoc_same_ess) {
2254 		if (wpas_update_random_addr(wpa_s, rand_style) < 0)
2255 			return;
2256 		wpa_sm_pmksa_cache_flush(wpa_s->wpa, ssid);
2257 	} else if (rand_style == 0 && wpa_s->mac_addr_changed) {
2258 		if (wpas_restore_permanent_mac_addr(wpa_s) < 0)
2259 			return;
2260 	}
2261 	wpa_s->last_ssid = ssid;
2262 
2263 #ifdef CONFIG_IBSS_RSN
2264 	ibss_rsn_deinit(wpa_s->ibss_rsn);
2265 	wpa_s->ibss_rsn = NULL;
2266 #else /* CONFIG_IBSS_RSN */
2267 	if (ssid->mode == WPAS_MODE_IBSS &&
2268 	    !(ssid->key_mgmt & (WPA_KEY_MGMT_NONE | WPA_KEY_MGMT_WPA_NONE))) {
2269 		wpa_msg(wpa_s, MSG_INFO,
2270 			"IBSS RSN not supported in the build");
2271 		return;
2272 	}
2273 #endif /* CONFIG_IBSS_RSN */
2274 
2275 	if (ssid->mode == WPAS_MODE_AP || ssid->mode == WPAS_MODE_P2P_GO ||
2276 	    ssid->mode == WPAS_MODE_P2P_GROUP_FORMATION) {
2277 #ifdef CONFIG_AP
2278 		if (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_AP)) {
2279 			wpa_msg(wpa_s, MSG_INFO, "Driver does not support AP "
2280 				"mode");
2281 			return;
2282 		}
2283 		if (wpa_supplicant_create_ap(wpa_s, ssid) < 0) {
2284 			wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED);
2285 			if (ssid->mode == WPAS_MODE_P2P_GROUP_FORMATION)
2286 				wpas_p2p_ap_setup_failed(wpa_s);
2287 			return;
2288 		}
2289 		wpa_s->current_bss = bss;
2290 #else /* CONFIG_AP */
2291 		wpa_msg(wpa_s, MSG_ERROR, "AP mode support not included in "
2292 			"the build");
2293 #endif /* CONFIG_AP */
2294 		return;
2295 	}
2296 
2297 	if (ssid->mode == WPAS_MODE_MESH) {
2298 #ifdef CONFIG_MESH
2299 		if (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_MESH)) {
2300 			wpa_msg(wpa_s, MSG_INFO,
2301 				"Driver does not support mesh mode");
2302 			return;
2303 		}
2304 		if (bss)
2305 			ssid->frequency = bss->freq;
2306 		if (wpa_supplicant_join_mesh(wpa_s, ssid) < 0) {
2307 			wpa_msg(wpa_s, MSG_ERROR, "Could not join mesh");
2308 			return;
2309 		}
2310 		wpa_s->current_bss = bss;
2311 #else /* CONFIG_MESH */
2312 		wpa_msg(wpa_s, MSG_ERROR,
2313 			"mesh mode support not included in the build");
2314 #endif /* CONFIG_MESH */
2315 		return;
2316 	}
2317 
2318 	/*
2319 	 * Set WPA state machine configuration to match the selected network now
2320 	 * so that the information is available before wpas_start_assoc_cb()
2321 	 * gets called. This is needed at least for RSN pre-authentication where
2322 	 * candidate APs are added to a list based on scan result processing
2323 	 * before completion of the first association.
2324 	 */
2325 	wpa_supplicant_rsn_supp_set_config(wpa_s, ssid);
2326 
2327 #ifdef CONFIG_DPP
2328 	if (wpas_dpp_check_connect(wpa_s, ssid, bss) != 0)
2329 		return;
2330 #endif /* CONFIG_DPP */
2331 
2332 #ifdef CONFIG_TDLS
2333 	if (bss)
2334 		wpa_tdls_ap_ies(wpa_s->wpa, wpa_bss_ie_ptr(bss), bss->ie_len);
2335 #endif /* CONFIG_TDLS */
2336 
2337 #ifdef CONFIG_MBO
2338 	wpas_mbo_check_pmf(wpa_s, bss, ssid);
2339 #endif /* CONFIG_MBO */
2340 
2341 	if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME) &&
2342 	    ssid->mode == WPAS_MODE_INFRA) {
2343 		sme_authenticate(wpa_s, bss, ssid);
2344 		return;
2345 	}
2346 
2347 	if (wpa_s->connect_work) {
2348 		wpa_dbg(wpa_s, MSG_DEBUG, "Reject wpa_supplicant_associate() call since connect_work exist");
2349 		return;
2350 	}
2351 
2352 	if (radio_work_pending(wpa_s, "connect")) {
2353 		wpa_dbg(wpa_s, MSG_DEBUG, "Reject wpa_supplicant_associate() call since pending work exist");
2354 		return;
2355 	}
2356 
2357 #ifdef CONFIG_SME
2358 	if (ssid->mode == WPAS_MODE_IBSS || ssid->mode == WPAS_MODE_MESH) {
2359 		/* Clear possibly set auth_alg, if any, from last attempt. */
2360 		wpa_s->sme.auth_alg = WPA_AUTH_ALG_OPEN;
2361 	}
2362 #endif /* CONFIG_SME */
2363 
2364 	wpas_abort_ongoing_scan(wpa_s);
2365 
2366 	cwork = os_zalloc(sizeof(*cwork));
2367 	if (cwork == NULL)
2368 		return;
2369 
2370 	cwork->bss = bss;
2371 	cwork->ssid = ssid;
2372 
2373 	if (radio_add_work(wpa_s, bss ? bss->freq : 0, "connect", 1,
2374 			   wpas_start_assoc_cb, cwork) < 0) {
2375 		os_free(cwork);
2376 	}
2377 }
2378 
2379 
2380 static int bss_is_ibss(struct wpa_bss *bss)
2381 {
2382 	return (bss->caps & (IEEE80211_CAP_ESS | IEEE80211_CAP_IBSS)) ==
2383 		IEEE80211_CAP_IBSS;
2384 }
2385 
2386 
2387 static int drv_supports_vht(struct wpa_supplicant *wpa_s,
2388 			    const struct wpa_ssid *ssid)
2389 {
2390 	enum hostapd_hw_mode hw_mode;
2391 	struct hostapd_hw_modes *mode = NULL;
2392 	u8 channel;
2393 	int i;
2394 
2395 	hw_mode = ieee80211_freq_to_chan(ssid->frequency, &channel);
2396 	if (hw_mode == NUM_HOSTAPD_MODES)
2397 		return 0;
2398 	for (i = 0; wpa_s->hw.modes && i < wpa_s->hw.num_modes; i++) {
2399 		if (wpa_s->hw.modes[i].mode == hw_mode) {
2400 			mode = &wpa_s->hw.modes[i];
2401 			break;
2402 		}
2403 	}
2404 
2405 	if (!mode)
2406 		return 0;
2407 
2408 	return mode->vht_capab != 0;
2409 }
2410 
2411 
2412 static bool ibss_mesh_is_80mhz_avail(int channel, struct hostapd_hw_modes *mode)
2413 {
2414 	int i;
2415 
2416 	for (i = channel; i < channel + 16; i += 4) {
2417 		struct hostapd_channel_data *chan;
2418 
2419 		chan = hw_get_channel_chan(mode, i, NULL);
2420 		if (!chan ||
2421 		    chan->flag & (HOSTAPD_CHAN_DISABLED | HOSTAPD_CHAN_NO_IR))
2422 			return false;
2423 	}
2424 
2425 	return true;
2426 }
2427 
2428 
2429 void ibss_mesh_setup_freq(struct wpa_supplicant *wpa_s,
2430 			  const struct wpa_ssid *ssid,
2431 			  struct hostapd_freq_params *freq)
2432 {
2433 	int ieee80211_mode = wpas_mode_to_ieee80211_mode(ssid->mode);
2434 	enum hostapd_hw_mode hw_mode;
2435 	struct hostapd_hw_modes *mode = NULL;
2436 	int ht40plus[] = { 36, 44, 52, 60, 100, 108, 116, 124, 132, 149, 157,
2437 			   184, 192 };
2438 	int bw80[] = { 5180, 5260, 5500, 5580, 5660, 5745, 5955,
2439 		       6035, 6115, 6195, 6275, 6355, 6435, 6515,
2440 		       6595, 6675, 6755, 6835, 6915, 6995 };
2441 	int bw160[] = { 5955, 6115, 6275, 6435, 6595, 6755, 6915 };
2442 	struct hostapd_channel_data *pri_chan = NULL, *sec_chan = NULL;
2443 	u8 channel;
2444 	int i, chan_idx, ht40 = -1, res, obss_scan = 1;
2445 	unsigned int j, k;
2446 	struct hostapd_freq_params vht_freq;
2447 	int chwidth, seg0, seg1;
2448 	u32 vht_caps = 0;
2449 	bool is_24ghz, is_6ghz;
2450 
2451 	freq->freq = ssid->frequency;
2452 
2453 	for (j = 0; j < wpa_s->last_scan_res_used; j++) {
2454 		struct wpa_bss *bss = wpa_s->last_scan_res[j];
2455 
2456 		if (ssid->mode != WPAS_MODE_IBSS)
2457 			break;
2458 
2459 		/* Don't adjust control freq in case of fixed_freq */
2460 		if (ssid->fixed_freq)
2461 			break;
2462 
2463 		if (!bss_is_ibss(bss))
2464 			continue;
2465 
2466 		if (ssid->ssid_len == bss->ssid_len &&
2467 		    os_memcmp(ssid->ssid, bss->ssid, bss->ssid_len) == 0) {
2468 			wpa_printf(MSG_DEBUG,
2469 				   "IBSS already found in scan results, adjust control freq: %d",
2470 				   bss->freq);
2471 			freq->freq = bss->freq;
2472 			obss_scan = 0;
2473 			break;
2474 		}
2475 	}
2476 
2477 	/* For IBSS check HT_IBSS flag */
2478 	if (ssid->mode == WPAS_MODE_IBSS &&
2479 	    !(wpa_s->drv_flags & WPA_DRIVER_FLAGS_HT_IBSS))
2480 		return;
2481 
2482 	if (wpa_s->group_cipher == WPA_CIPHER_WEP40 ||
2483 	    wpa_s->group_cipher == WPA_CIPHER_WEP104 ||
2484 	    wpa_s->pairwise_cipher == WPA_CIPHER_TKIP) {
2485 		wpa_printf(MSG_DEBUG,
2486 			   "IBSS: WEP/TKIP detected, do not try to enable HT");
2487 		return;
2488 	}
2489 
2490 	hw_mode = ieee80211_freq_to_chan(freq->freq, &channel);
2491 	for (i = 0; wpa_s->hw.modes && i < wpa_s->hw.num_modes; i++) {
2492 		if (wpa_s->hw.modes[i].mode == hw_mode) {
2493 			mode = &wpa_s->hw.modes[i];
2494 			break;
2495 		}
2496 	}
2497 
2498 	if (!mode)
2499 		return;
2500 
2501 	freq->channel = channel;
2502 
2503 	is_24ghz = hw_mode == HOSTAPD_MODE_IEEE80211G ||
2504 		hw_mode == HOSTAPD_MODE_IEEE80211B;
2505 
2506 	/* HT/VHT and corresponding overrides are not applicable to 6 GHz.
2507 	 * However, HE is mandatory for 6 GHz.
2508 	 */
2509 	is_6ghz = is_6ghz_freq(freq->freq);
2510 	if (is_6ghz)
2511 		goto skip_to_6ghz;
2512 
2513 #ifdef CONFIG_HT_OVERRIDES
2514 	if (ssid->disable_ht) {
2515 		freq->ht_enabled = 0;
2516 		return;
2517 	}
2518 #endif /* CONFIG_HT_OVERRIDES */
2519 
2520 	freq->ht_enabled = ht_supported(mode);
2521 	if (!freq->ht_enabled)
2522 		return;
2523 
2524 	/* Allow HE on 2.4 GHz without VHT: see nl80211_put_freq_params() */
2525 	if (is_24ghz)
2526 		freq->he_enabled = mode->he_capab[ieee80211_mode].he_supported;
2527 #ifdef CONFIG_HE_OVERRIDES
2528 	if (is_24ghz && ssid->disable_he)
2529 		freq->he_enabled = 0;
2530 #endif /* CONFIG_HE_OVERRIDES */
2531 
2532 	/* Setup higher BW only for 5 GHz */
2533 	if (mode->mode != HOSTAPD_MODE_IEEE80211A)
2534 		return;
2535 
2536 	for (chan_idx = 0; chan_idx < mode->num_channels; chan_idx++) {
2537 		pri_chan = &mode->channels[chan_idx];
2538 		if (pri_chan->chan == channel)
2539 			break;
2540 		pri_chan = NULL;
2541 	}
2542 	if (!pri_chan)
2543 		return;
2544 
2545 	/* Check primary channel flags */
2546 	if (pri_chan->flag & (HOSTAPD_CHAN_DISABLED | HOSTAPD_CHAN_NO_IR))
2547 		return;
2548 
2549 	freq->channel = pri_chan->chan;
2550 
2551 #ifdef CONFIG_HT_OVERRIDES
2552 	if (ssid->disable_ht40) {
2553 #ifdef CONFIG_VHT_OVERRIDES
2554 		if (ssid->disable_vht)
2555 			return;
2556 #endif /* CONFIG_VHT_OVERRIDES */
2557 		goto skip_ht40;
2558 	}
2559 #endif /* CONFIG_HT_OVERRIDES */
2560 
2561 	/* Check/setup HT40+/HT40- */
2562 	for (j = 0; j < ARRAY_SIZE(ht40plus); j++) {
2563 		if (ht40plus[j] == channel) {
2564 			ht40 = 1;
2565 			break;
2566 		}
2567 	}
2568 
2569 	/* Find secondary channel */
2570 	for (i = 0; i < mode->num_channels; i++) {
2571 		sec_chan = &mode->channels[i];
2572 		if (sec_chan->chan == channel + ht40 * 4)
2573 			break;
2574 		sec_chan = NULL;
2575 	}
2576 	if (!sec_chan)
2577 		return;
2578 
2579 	/* Check secondary channel flags */
2580 	if (sec_chan->flag & (HOSTAPD_CHAN_DISABLED | HOSTAPD_CHAN_NO_IR))
2581 		return;
2582 
2583 	if (ht40 == -1) {
2584 		if (!(pri_chan->flag & HOSTAPD_CHAN_HT40MINUS))
2585 			return;
2586 	} else {
2587 		if (!(pri_chan->flag & HOSTAPD_CHAN_HT40PLUS))
2588 			return;
2589 	}
2590 	freq->sec_channel_offset = ht40;
2591 
2592 	if (obss_scan) {
2593 		struct wpa_scan_results *scan_res;
2594 
2595 		scan_res = wpa_supplicant_get_scan_results(wpa_s, NULL, 0);
2596 		if (scan_res == NULL) {
2597 			/* Back to HT20 */
2598 			freq->sec_channel_offset = 0;
2599 			return;
2600 		}
2601 
2602 		res = check_40mhz_5g(scan_res, pri_chan, sec_chan);
2603 		switch (res) {
2604 		case 0:
2605 			/* Back to HT20 */
2606 			freq->sec_channel_offset = 0;
2607 			break;
2608 		case 1:
2609 			/* Configuration allowed */
2610 			break;
2611 		case 2:
2612 			/* Switch pri/sec channels */
2613 			freq->freq = hw_get_freq(mode, sec_chan->chan);
2614 			freq->sec_channel_offset = -freq->sec_channel_offset;
2615 			freq->channel = sec_chan->chan;
2616 			break;
2617 		default:
2618 			freq->sec_channel_offset = 0;
2619 			break;
2620 		}
2621 
2622 		wpa_scan_results_free(scan_res);
2623 	}
2624 
2625 #ifdef CONFIG_HT_OVERRIDES
2626 skip_ht40:
2627 #endif /* CONFIG_HT_OVERRIDES */
2628 	wpa_printf(MSG_DEBUG,
2629 		   "IBSS/mesh: setup freq channel %d, sec_channel_offset %d",
2630 		   freq->channel, freq->sec_channel_offset);
2631 
2632 	if (!drv_supports_vht(wpa_s, ssid))
2633 		return;
2634 
2635 	/* For IBSS check VHT_IBSS flag */
2636 	if (ssid->mode == WPAS_MODE_IBSS &&
2637 	    !(wpa_s->drv_flags & WPA_DRIVER_FLAGS_VHT_IBSS))
2638 		return;
2639 
2640 #ifdef CONFIG_VHT_OVERRIDES
2641 	if (ssid->disable_vht) {
2642 		freq->vht_enabled = 0;
2643 		return;
2644 	}
2645 #endif /* CONFIG_VHT_OVERRIDES */
2646 
2647 skip_to_6ghz:
2648 	vht_freq = *freq;
2649 
2650 	/* 6 GHz does not have VHT enabled, so allow that exception here. */
2651 	vht_freq.vht_enabled = vht_supported(mode);
2652 	if (!vht_freq.vht_enabled && !is_6ghz)
2653 		return;
2654 
2655 	/* Enable HE with VHT for 5 GHz */
2656 	freq->he_enabled = mode->he_capab[ieee80211_mode].he_supported;
2657 
2658 	/* setup center_freq1, bandwidth */
2659 	for (j = 0; j < ARRAY_SIZE(bw80); j++) {
2660 		if (freq->freq >= bw80[j] &&
2661 		    freq->freq < bw80[j] + 80)
2662 			break;
2663 	}
2664 
2665 	if (j == ARRAY_SIZE(bw80) ||
2666 	    ieee80211_freq_to_chan(bw80[j], &channel) == NUM_HOSTAPD_MODES)
2667 		return;
2668 
2669 	/* Back to HT configuration if channel not usable */
2670 	if (!ibss_mesh_is_80mhz_avail(channel, mode))
2671 		return;
2672 
2673 	chwidth = CHANWIDTH_80MHZ;
2674 	seg0 = channel + 6;
2675 	seg1 = 0;
2676 
2677 	if ((mode->he_capab[ieee80211_mode].phy_cap[
2678 		     HE_PHYCAP_CHANNEL_WIDTH_SET_IDX] &
2679 	     HE_PHYCAP_CHANNEL_WIDTH_SET_160MHZ_IN_5G) && is_6ghz) {
2680 		/* In 160 MHz, the initial four 20 MHz channels were validated
2681 		 * above; check the remaining four 20 MHz channels for the total
2682 		 * of 160 MHz bandwidth.
2683 		 */
2684 		if (!ibss_mesh_is_80mhz_avail(channel + 16, mode))
2685 			return;
2686 
2687 		for (j = 0; j < ARRAY_SIZE(bw160); j++) {
2688 			if (freq->freq == bw160[j]) {
2689 				chwidth = CHANWIDTH_160MHZ;
2690 				seg0 = channel + 14;
2691 				break;
2692 			}
2693 		}
2694 	}
2695 
2696 	if (ssid->max_oper_chwidth == CHANWIDTH_80P80MHZ) {
2697 		/* setup center_freq2, bandwidth */
2698 		for (k = 0; k < ARRAY_SIZE(bw80); k++) {
2699 			/* Only accept 80 MHz segments separated by a gap */
2700 			if (j == k || abs(bw80[j] - bw80[k]) == 80)
2701 				continue;
2702 
2703 			if (ieee80211_freq_to_chan(bw80[k], &channel) ==
2704 			    NUM_HOSTAPD_MODES)
2705 				return;
2706 
2707 			for (i = channel; i < channel + 16; i += 4) {
2708 				struct hostapd_channel_data *chan;
2709 
2710 				chan = hw_get_channel_chan(mode, i, NULL);
2711 				if (!chan)
2712 					continue;
2713 
2714 				if (chan->flag & (HOSTAPD_CHAN_DISABLED |
2715 						  HOSTAPD_CHAN_NO_IR |
2716 						  HOSTAPD_CHAN_RADAR))
2717 					continue;
2718 
2719 				/* Found a suitable second segment for 80+80 */
2720 				chwidth = CHANWIDTH_80P80MHZ;
2721 				if (!is_6ghz)
2722 					vht_caps |=
2723 						VHT_CAP_SUPP_CHAN_WIDTH_160_80PLUS80MHZ;
2724 				seg1 = channel + 6;
2725 			}
2726 
2727 			if (chwidth == CHANWIDTH_80P80MHZ)
2728 				break;
2729 		}
2730 	} else if (ssid->max_oper_chwidth == CHANWIDTH_160MHZ) {
2731 		if (freq->freq == 5180) {
2732 			chwidth = CHANWIDTH_160MHZ;
2733 			vht_caps |= VHT_CAP_SUPP_CHAN_WIDTH_160MHZ;
2734 			seg0 = 50;
2735 		} else if (freq->freq == 5520) {
2736 			chwidth = CHANWIDTH_160MHZ;
2737 			vht_caps |= VHT_CAP_SUPP_CHAN_WIDTH_160MHZ;
2738 			seg0 = 114;
2739 		}
2740 	} else if (ssid->max_oper_chwidth == CHANWIDTH_USE_HT) {
2741 		chwidth = CHANWIDTH_USE_HT;
2742 		seg0 = channel + 2;
2743 #ifdef CONFIG_HT_OVERRIDES
2744 		if (ssid->disable_ht40)
2745 			seg0 = 0;
2746 #endif /* CONFIG_HT_OVERRIDES */
2747 	}
2748 
2749 #ifdef CONFIG_HE_OVERRIDES
2750 	if (ssid->disable_he) {
2751 		vht_freq.he_enabled = 0;
2752 		freq->he_enabled = 0;
2753 	}
2754 #endif /* CONFIG_HE_OVERRIDES */
2755 	if (hostapd_set_freq_params(&vht_freq, mode->mode, freq->freq,
2756 				    freq->channel, ssid->enable_edmg,
2757 				    ssid->edmg_channel, freq->ht_enabled,
2758 				    vht_freq.vht_enabled, freq->he_enabled,
2759 				    freq->sec_channel_offset,
2760 				    chwidth, seg0, seg1, vht_caps,
2761 				    &mode->he_capab[ieee80211_mode]) != 0)
2762 		return;
2763 
2764 	*freq = vht_freq;
2765 
2766 	wpa_printf(MSG_DEBUG, "IBSS: VHT setup freq cf1 %d, cf2 %d, bw %d",
2767 		   freq->center_freq1, freq->center_freq2, freq->bandwidth);
2768 }
2769 
2770 
2771 #ifdef CONFIG_FILS
2772 static size_t wpas_add_fils_hlp_req(struct wpa_supplicant *wpa_s, u8 *ie_buf,
2773 				    size_t ie_buf_len)
2774 {
2775 	struct fils_hlp_req *req;
2776 	size_t rem_len, hdr_len, hlp_len, len, ie_len = 0;
2777 	const u8 *pos;
2778 	u8 *buf = ie_buf;
2779 
2780 	dl_list_for_each(req, &wpa_s->fils_hlp_req, struct fils_hlp_req,
2781 			 list) {
2782 		rem_len = ie_buf_len - ie_len;
2783 		pos = wpabuf_head(req->pkt);
2784 		hdr_len = 1 + 2 * ETH_ALEN + 6;
2785 		hlp_len = wpabuf_len(req->pkt);
2786 
2787 		if (rem_len < 2 + hdr_len + hlp_len) {
2788 			wpa_printf(MSG_ERROR,
2789 				   "FILS: Cannot fit HLP - rem_len=%lu to_fill=%lu",
2790 				   (unsigned long) rem_len,
2791 				   (unsigned long) (2 + hdr_len + hlp_len));
2792 			break;
2793 		}
2794 
2795 		len = (hdr_len + hlp_len) > 255 ? 255 : hdr_len + hlp_len;
2796 		/* Element ID */
2797 		*buf++ = WLAN_EID_EXTENSION;
2798 		/* Length */
2799 		*buf++ = len;
2800 		/* Element ID Extension */
2801 		*buf++ = WLAN_EID_EXT_FILS_HLP_CONTAINER;
2802 		/* Destination MAC address */
2803 		os_memcpy(buf, req->dst, ETH_ALEN);
2804 		buf += ETH_ALEN;
2805 		/* Source MAC address */
2806 		os_memcpy(buf, wpa_s->own_addr, ETH_ALEN);
2807 		buf += ETH_ALEN;
2808 		/* LLC/SNAP Header */
2809 		os_memcpy(buf, "\xaa\xaa\x03\x00\x00\x00", 6);
2810 		buf += 6;
2811 		/* HLP Packet */
2812 		os_memcpy(buf, pos, len - hdr_len);
2813 		buf += len - hdr_len;
2814 		pos += len - hdr_len;
2815 
2816 		hlp_len -= len - hdr_len;
2817 		ie_len += 2 + len;
2818 		rem_len -= 2 + len;
2819 
2820 		while (hlp_len) {
2821 			len = (hlp_len > 255) ? 255 : hlp_len;
2822 			if (rem_len < 2 + len)
2823 				break;
2824 			*buf++ = WLAN_EID_FRAGMENT;
2825 			*buf++ = len;
2826 			os_memcpy(buf, pos, len);
2827 			buf += len;
2828 			pos += len;
2829 
2830 			hlp_len -= len;
2831 			ie_len += 2 + len;
2832 			rem_len -= 2 + len;
2833 		}
2834 	}
2835 
2836 	return ie_len;
2837 }
2838 
2839 
2840 int wpa_is_fils_supported(struct wpa_supplicant *wpa_s)
2841 {
2842 	return (((wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME) &&
2843 		 (wpa_s->drv_flags & WPA_DRIVER_FLAGS_SUPPORT_FILS)) ||
2844 		(!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME) &&
2845 		 (wpa_s->drv_flags & WPA_DRIVER_FLAGS_FILS_SK_OFFLOAD)));
2846 }
2847 
2848 
2849 int wpa_is_fils_sk_pfs_supported(struct wpa_supplicant *wpa_s)
2850 {
2851 #ifdef CONFIG_FILS_SK_PFS
2852 	return (wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME) &&
2853 		(wpa_s->drv_flags & WPA_DRIVER_FLAGS_SUPPORT_FILS);
2854 #else /* CONFIG_FILS_SK_PFS */
2855 	return 0;
2856 #endif /* CONFIG_FILS_SK_PFS */
2857 }
2858 
2859 #endif /* CONFIG_FILS */
2860 
2861 
2862 static int wpas_populate_wfa_capa(struct wpa_supplicant *wpa_s,
2863 				  struct wpa_bss *bss,
2864 				  u8 *wpa_ie, size_t wpa_ie_len,
2865 				  size_t max_wpa_ie_len)
2866 {
2867 	struct wpabuf *wfa_ie = NULL;
2868 	u8 wfa_capa[1];
2869 	size_t wfa_ie_len, buf_len;
2870 
2871 	os_memset(wfa_capa, 0, sizeof(wfa_capa));
2872 	if (wpa_s->enable_dscp_policy_capa)
2873 		wfa_capa[0] |= WFA_CAPA_QM_DSCP_POLICY;
2874 
2875 	if (!wfa_capa[0])
2876 		return wpa_ie_len;
2877 
2878 	/* Wi-Fi Alliance element */
2879 	buf_len = 1 +	/* Element ID */
2880 		  1 +	/* Length */
2881 		  3 +	/* OUI */
2882 		  1 +	/* OUI Type */
2883 		  1 +	/* Capabilities Length */
2884 		  sizeof(wfa_capa);	/* Capabilities */
2885 	wfa_ie = wpabuf_alloc(buf_len);
2886 	if (!wfa_ie)
2887 		return wpa_ie_len;
2888 
2889 	wpabuf_put_u8(wfa_ie, WLAN_EID_VENDOR_SPECIFIC);
2890 	wpabuf_put_u8(wfa_ie, buf_len - 2);
2891 	wpabuf_put_be24(wfa_ie, OUI_WFA);
2892 	wpabuf_put_u8(wfa_ie, WFA_CAPA_OUI_TYPE);
2893 	wpabuf_put_u8(wfa_ie, sizeof(wfa_capa));
2894 	wpabuf_put_data(wfa_ie, wfa_capa, sizeof(wfa_capa));
2895 
2896 	wfa_ie_len = wpabuf_len(wfa_ie);
2897 	if (wpa_ie_len + wfa_ie_len <= max_wpa_ie_len) {
2898 		wpa_hexdump_buf(MSG_MSGDUMP, "WFA Capabilities element",
2899 				wfa_ie);
2900 		os_memcpy(wpa_ie + wpa_ie_len, wpabuf_head(wfa_ie),
2901 			  wfa_ie_len);
2902 		wpa_ie_len += wfa_ie_len;
2903 	}
2904 
2905 	wpabuf_free(wfa_ie);
2906 	return wpa_ie_len;
2907 }
2908 
2909 
2910 static u8 * wpas_populate_assoc_ies(
2911 	struct wpa_supplicant *wpa_s,
2912 	struct wpa_bss *bss, struct wpa_ssid *ssid,
2913 	struct wpa_driver_associate_params *params,
2914 	enum wpa_drv_update_connect_params_mask *mask)
2915 {
2916 	u8 *wpa_ie;
2917 	size_t max_wpa_ie_len = 500;
2918 	size_t wpa_ie_len;
2919 	int algs = WPA_AUTH_ALG_OPEN;
2920 #ifdef CONFIG_MBO
2921 	const u8 *mbo_ie;
2922 #endif
2923 #if defined(CONFIG_SAE) || defined(CONFIG_FILS)
2924 	int pmksa_cached = 0;
2925 #endif /* CONFIG_SAE || CONFIG_FILS */
2926 #ifdef CONFIG_FILS
2927 	const u8 *realm, *username, *rrk;
2928 	size_t realm_len, username_len, rrk_len;
2929 	u16 next_seq_num;
2930 	struct fils_hlp_req *req;
2931 
2932 	dl_list_for_each(req, &wpa_s->fils_hlp_req, struct fils_hlp_req,
2933 			 list) {
2934 		max_wpa_ie_len += 3 + 2 * ETH_ALEN + 6 + wpabuf_len(req->pkt) +
2935 				  2 + 2 * wpabuf_len(req->pkt) / 255;
2936 	}
2937 #endif /* CONFIG_FILS */
2938 
2939 	wpa_ie = os_malloc(max_wpa_ie_len);
2940 	if (!wpa_ie) {
2941 		wpa_printf(MSG_ERROR,
2942 			   "Failed to allocate connect IE buffer for %lu bytes",
2943 			   (unsigned long) max_wpa_ie_len);
2944 		return NULL;
2945 	}
2946 
2947 	if (bss && (wpa_bss_get_vendor_ie(bss, WPA_IE_VENDOR_TYPE) ||
2948 		    wpa_bss_get_ie(bss, WLAN_EID_RSN)) &&
2949 	    wpa_key_mgmt_wpa(ssid->key_mgmt)) {
2950 		int try_opportunistic;
2951 		const u8 *cache_id = NULL;
2952 
2953 		try_opportunistic = (ssid->proactive_key_caching < 0 ?
2954 				     wpa_s->conf->okc :
2955 				     ssid->proactive_key_caching) &&
2956 			(ssid->proto & WPA_PROTO_RSN);
2957 #ifdef CONFIG_FILS
2958 		if (wpa_key_mgmt_fils(ssid->key_mgmt))
2959 			cache_id = wpa_bss_get_fils_cache_id(bss);
2960 #endif /* CONFIG_FILS */
2961 		if (pmksa_cache_set_current(wpa_s->wpa, NULL, bss->bssid,
2962 					    ssid, try_opportunistic,
2963 					    cache_id, 0) == 0) {
2964 			eapol_sm_notify_pmkid_attempt(wpa_s->eapol);
2965 #if defined(CONFIG_SAE) || defined(CONFIG_FILS)
2966 			pmksa_cached = 1;
2967 #endif /* CONFIG_SAE || CONFIG_FILS */
2968 		}
2969 		wpa_ie_len = max_wpa_ie_len;
2970 		if (wpa_supplicant_set_suites(wpa_s, bss, ssid,
2971 					      wpa_ie, &wpa_ie_len)) {
2972 			wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to set WPA "
2973 				"key management and encryption suites");
2974 			os_free(wpa_ie);
2975 			return NULL;
2976 		}
2977 #ifdef CONFIG_HS20
2978 	} else if (bss && wpa_bss_get_vendor_ie(bss, OSEN_IE_VENDOR_TYPE) &&
2979 		   (ssid->key_mgmt & WPA_KEY_MGMT_OSEN)) {
2980 		/* No PMKSA caching, but otherwise similar to RSN/WPA */
2981 		wpa_ie_len = max_wpa_ie_len;
2982 		if (wpa_supplicant_set_suites(wpa_s, bss, ssid,
2983 					      wpa_ie, &wpa_ie_len)) {
2984 			wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to set WPA "
2985 				"key management and encryption suites");
2986 			os_free(wpa_ie);
2987 			return NULL;
2988 		}
2989 #endif /* CONFIG_HS20 */
2990 	} else if ((ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA) && bss &&
2991 		   wpa_key_mgmt_wpa_ieee8021x(ssid->key_mgmt)) {
2992 		/*
2993 		 * Both WPA and non-WPA IEEE 802.1X enabled in configuration -
2994 		 * use non-WPA since the scan results did not indicate that the
2995 		 * AP is using WPA or WPA2.
2996 		 */
2997 		wpa_supplicant_set_non_wpa_policy(wpa_s, ssid);
2998 		wpa_ie_len = 0;
2999 		wpa_s->wpa_proto = 0;
3000 	} else if (wpa_key_mgmt_wpa_any(ssid->key_mgmt)) {
3001 		wpa_ie_len = max_wpa_ie_len;
3002 		if (wpa_supplicant_set_suites(wpa_s, NULL, ssid,
3003 					      wpa_ie, &wpa_ie_len)) {
3004 			wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to set WPA "
3005 				"key management and encryption suites (no "
3006 				"scan results)");
3007 			os_free(wpa_ie);
3008 			return NULL;
3009 		}
3010 #ifdef CONFIG_WPS
3011 	} else if (ssid->key_mgmt & WPA_KEY_MGMT_WPS) {
3012 		struct wpabuf *wps_ie;
3013 		wps_ie = wps_build_assoc_req_ie(wpas_wps_get_req_type(ssid));
3014 		if (wps_ie && wpabuf_len(wps_ie) <= max_wpa_ie_len) {
3015 			wpa_ie_len = wpabuf_len(wps_ie);
3016 			os_memcpy(wpa_ie, wpabuf_head(wps_ie), wpa_ie_len);
3017 		} else
3018 			wpa_ie_len = 0;
3019 		wpabuf_free(wps_ie);
3020 		wpa_supplicant_set_non_wpa_policy(wpa_s, ssid);
3021 		if (!bss || (bss->caps & IEEE80211_CAP_PRIVACY))
3022 			params->wps = WPS_MODE_PRIVACY;
3023 		else
3024 			params->wps = WPS_MODE_OPEN;
3025 		wpa_s->wpa_proto = 0;
3026 #endif /* CONFIG_WPS */
3027 	} else {
3028 		wpa_supplicant_set_non_wpa_policy(wpa_s, ssid);
3029 		wpa_ie_len = 0;
3030 		wpa_s->wpa_proto = 0;
3031 	}
3032 
3033 #ifdef IEEE8021X_EAPOL
3034 	if (ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
3035 		if (ssid->leap) {
3036 			if (ssid->non_leap == 0)
3037 				algs = WPA_AUTH_ALG_LEAP;
3038 			else
3039 				algs |= WPA_AUTH_ALG_LEAP;
3040 		}
3041 	}
3042 
3043 #ifdef CONFIG_FILS
3044 	/* Clear FILS association */
3045 	wpa_sm_set_reset_fils_completed(wpa_s->wpa, 0);
3046 
3047 	if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_FILS_SK_OFFLOAD) &&
3048 	    ssid->eap.erp && wpa_key_mgmt_fils(wpa_s->key_mgmt) &&
3049 	    eapol_sm_get_erp_info(wpa_s->eapol, &ssid->eap, &username,
3050 				  &username_len, &realm, &realm_len,
3051 				  &next_seq_num, &rrk, &rrk_len) == 0 &&
3052 	    (!wpa_s->last_con_fail_realm ||
3053 	     wpa_s->last_con_fail_realm_len != realm_len ||
3054 	     os_memcmp(wpa_s->last_con_fail_realm, realm, realm_len) != 0)) {
3055 		algs = WPA_AUTH_ALG_FILS;
3056 		params->fils_erp_username = username;
3057 		params->fils_erp_username_len = username_len;
3058 		params->fils_erp_realm = realm;
3059 		params->fils_erp_realm_len = realm_len;
3060 		params->fils_erp_next_seq_num = next_seq_num;
3061 		params->fils_erp_rrk = rrk;
3062 		params->fils_erp_rrk_len = rrk_len;
3063 
3064 		if (mask)
3065 			*mask |= WPA_DRV_UPDATE_FILS_ERP_INFO;
3066 	} else if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_FILS_SK_OFFLOAD) &&
3067 		   ssid->eap.erp && wpa_key_mgmt_fils(wpa_s->key_mgmt) &&
3068 		   pmksa_cached) {
3069 		algs = WPA_AUTH_ALG_FILS;
3070 	}
3071 #endif /* CONFIG_FILS */
3072 #endif /* IEEE8021X_EAPOL */
3073 #ifdef CONFIG_SAE
3074 	if (wpa_s->key_mgmt & (WPA_KEY_MGMT_SAE | WPA_KEY_MGMT_FT_SAE))
3075 		algs = WPA_AUTH_ALG_SAE;
3076 #endif /* CONFIG_SAE */
3077 
3078 	wpa_dbg(wpa_s, MSG_DEBUG, "Automatic auth_alg selection: 0x%x", algs);
3079 	if (ssid->auth_alg) {
3080 		algs = ssid->auth_alg;
3081 		wpa_dbg(wpa_s, MSG_DEBUG,
3082 			"Overriding auth_alg selection: 0x%x", algs);
3083 	}
3084 
3085 #ifdef CONFIG_SAE
3086 	if (pmksa_cached && algs == WPA_AUTH_ALG_SAE) {
3087 		wpa_dbg(wpa_s, MSG_DEBUG,
3088 			"SAE: Use WPA_AUTH_ALG_OPEN for PMKSA caching attempt");
3089 		algs = WPA_AUTH_ALG_OPEN;
3090 	}
3091 #endif /* CONFIG_SAE */
3092 
3093 #ifdef CONFIG_P2P
3094 	if (wpa_s->global->p2p) {
3095 		u8 *pos;
3096 		size_t len;
3097 		int res;
3098 		pos = wpa_ie + wpa_ie_len;
3099 		len = max_wpa_ie_len - wpa_ie_len;
3100 		res = wpas_p2p_assoc_req_ie(wpa_s, bss, pos, len,
3101 					    ssid->p2p_group);
3102 		if (res >= 0)
3103 			wpa_ie_len += res;
3104 	}
3105 
3106 	wpa_s->cross_connect_disallowed = 0;
3107 	if (bss) {
3108 		struct wpabuf *p2p;
3109 		p2p = wpa_bss_get_vendor_ie_multi(bss, P2P_IE_VENDOR_TYPE);
3110 		if (p2p) {
3111 			wpa_s->cross_connect_disallowed =
3112 				p2p_get_cross_connect_disallowed(p2p);
3113 			wpabuf_free(p2p);
3114 			wpa_dbg(wpa_s, MSG_DEBUG, "P2P: WLAN AP %s cross "
3115 				"connection",
3116 				wpa_s->cross_connect_disallowed ?
3117 				"disallows" : "allows");
3118 		}
3119 	}
3120 
3121 	os_memset(wpa_s->p2p_ip_addr_info, 0, sizeof(wpa_s->p2p_ip_addr_info));
3122 #endif /* CONFIG_P2P */
3123 
3124 	if (bss) {
3125 		wpa_ie_len += wpas_supp_op_class_ie(wpa_s, ssid, bss,
3126 						    wpa_ie + wpa_ie_len,
3127 						    max_wpa_ie_len -
3128 						    wpa_ie_len);
3129 	}
3130 
3131 	/*
3132 	 * Workaround: Add Extended Capabilities element only if the AP
3133 	 * included this element in Beacon/Probe Response frames. Some older
3134 	 * APs seem to have interoperability issues if this element is
3135 	 * included, so while the standard may require us to include the
3136 	 * element in all cases, it is justifiable to skip it to avoid
3137 	 * interoperability issues.
3138 	 */
3139 	if (ssid->p2p_group)
3140 		wpa_drv_get_ext_capa(wpa_s, WPA_IF_P2P_CLIENT);
3141 	else
3142 		wpa_drv_get_ext_capa(wpa_s, WPA_IF_STATION);
3143 
3144 	if (!bss || wpa_bss_get_ie(bss, WLAN_EID_EXT_CAPAB)) {
3145 		u8 ext_capab[18];
3146 		int ext_capab_len;
3147 		ext_capab_len = wpas_build_ext_capab(wpa_s, ext_capab,
3148 						     sizeof(ext_capab));
3149 		if (ext_capab_len > 0 &&
3150 		    wpa_ie_len + ext_capab_len <= max_wpa_ie_len) {
3151 			u8 *pos = wpa_ie;
3152 			if (wpa_ie_len > 0 && pos[0] == WLAN_EID_RSN)
3153 				pos += 2 + pos[1];
3154 			os_memmove(pos + ext_capab_len, pos,
3155 				   wpa_ie_len - (pos - wpa_ie));
3156 			wpa_ie_len += ext_capab_len;
3157 			os_memcpy(pos, ext_capab, ext_capab_len);
3158 		}
3159 	}
3160 
3161 #ifdef CONFIG_HS20
3162 	if (is_hs20_network(wpa_s, ssid, bss)) {
3163 		struct wpabuf *hs20;
3164 
3165 		hs20 = wpabuf_alloc(20 + MAX_ROAMING_CONS_OI_LEN);
3166 		if (hs20) {
3167 			int pps_mo_id = hs20_get_pps_mo_id(wpa_s, ssid);
3168 			size_t len;
3169 
3170 			wpas_hs20_add_indication(hs20, pps_mo_id,
3171 						 get_hs20_version(bss));
3172 			wpas_hs20_add_roam_cons_sel(hs20, ssid);
3173 			len = max_wpa_ie_len - wpa_ie_len;
3174 			if (wpabuf_len(hs20) <= len) {
3175 				os_memcpy(wpa_ie + wpa_ie_len,
3176 					  wpabuf_head(hs20), wpabuf_len(hs20));
3177 				wpa_ie_len += wpabuf_len(hs20);
3178 			}
3179 			wpabuf_free(hs20);
3180 
3181 			hs20_configure_frame_filters(wpa_s);
3182 		}
3183 	}
3184 #endif /* CONFIG_HS20 */
3185 
3186 	if (wpa_s->vendor_elem[VENDOR_ELEM_ASSOC_REQ]) {
3187 		struct wpabuf *buf = wpa_s->vendor_elem[VENDOR_ELEM_ASSOC_REQ];
3188 		size_t len;
3189 
3190 		len = max_wpa_ie_len - wpa_ie_len;
3191 		if (wpabuf_len(buf) <= len) {
3192 			os_memcpy(wpa_ie + wpa_ie_len,
3193 				  wpabuf_head(buf), wpabuf_len(buf));
3194 			wpa_ie_len += wpabuf_len(buf);
3195 		}
3196 	}
3197 
3198 #ifdef CONFIG_FST
3199 	if (wpa_s->fst_ies) {
3200 		int fst_ies_len = wpabuf_len(wpa_s->fst_ies);
3201 
3202 		if (wpa_ie_len + fst_ies_len <= max_wpa_ie_len) {
3203 			os_memcpy(wpa_ie + wpa_ie_len,
3204 				  wpabuf_head(wpa_s->fst_ies), fst_ies_len);
3205 			wpa_ie_len += fst_ies_len;
3206 		}
3207 	}
3208 #endif /* CONFIG_FST */
3209 
3210 #ifdef CONFIG_MBO
3211 	mbo_ie = bss ? wpa_bss_get_vendor_ie(bss, MBO_IE_VENDOR_TYPE) : NULL;
3212 	if (!wpa_s->disable_mbo_oce && mbo_ie) {
3213 		int len;
3214 
3215 		len = wpas_mbo_ie(wpa_s, wpa_ie + wpa_ie_len,
3216 				  max_wpa_ie_len - wpa_ie_len,
3217 				  !!mbo_attr_from_mbo_ie(mbo_ie,
3218 							 OCE_ATTR_ID_CAPA_IND));
3219 		if (len >= 0)
3220 			wpa_ie_len += len;
3221 	}
3222 #endif /* CONFIG_MBO */
3223 
3224 #ifdef CONFIG_FILS
3225 	if (algs == WPA_AUTH_ALG_FILS) {
3226 		size_t len;
3227 
3228 		len = wpas_add_fils_hlp_req(wpa_s, wpa_ie + wpa_ie_len,
3229 					    max_wpa_ie_len - wpa_ie_len);
3230 		wpa_ie_len += len;
3231 	}
3232 #endif /* CONFIG_FILS */
3233 
3234 #ifdef CONFIG_OWE
3235 #ifdef CONFIG_TESTING_OPTIONS
3236 	if (get_ie_ext(wpa_ie, wpa_ie_len, WLAN_EID_EXT_OWE_DH_PARAM)) {
3237 		wpa_printf(MSG_INFO, "TESTING: Override OWE DH element");
3238 	} else
3239 #endif /* CONFIG_TESTING_OPTIONS */
3240 	if (algs == WPA_AUTH_ALG_OPEN &&
3241 	    ssid->key_mgmt == WPA_KEY_MGMT_OWE) {
3242 		struct wpabuf *owe_ie;
3243 		u16 group;
3244 
3245 		if (ssid->owe_group) {
3246 			group = ssid->owe_group;
3247 		} else if (wpa_s->assoc_status_code ==
3248 			   WLAN_STATUS_FINITE_CYCLIC_GROUP_NOT_SUPPORTED) {
3249 			if (wpa_s->last_owe_group == 19)
3250 				group = 20;
3251 			else if (wpa_s->last_owe_group == 20)
3252 				group = 21;
3253 			else
3254 				group = OWE_DH_GROUP;
3255 		} else {
3256 			group = OWE_DH_GROUP;
3257 		}
3258 
3259 		wpa_s->last_owe_group = group;
3260 		wpa_printf(MSG_DEBUG, "OWE: Try to use group %u", group);
3261 		owe_ie = owe_build_assoc_req(wpa_s->wpa, group);
3262 		if (owe_ie &&
3263 		    wpabuf_len(owe_ie) <= max_wpa_ie_len - wpa_ie_len) {
3264 			os_memcpy(wpa_ie + wpa_ie_len,
3265 				  wpabuf_head(owe_ie), wpabuf_len(owe_ie));
3266 			wpa_ie_len += wpabuf_len(owe_ie);
3267 		}
3268 		wpabuf_free(owe_ie);
3269 	}
3270 #endif /* CONFIG_OWE */
3271 
3272 #ifdef CONFIG_DPP2
3273 	if (DPP_VERSION > 1 &&
3274 	    wpa_sm_get_key_mgmt(wpa_s->wpa) == WPA_KEY_MGMT_DPP &&
3275 	    ssid->dpp_netaccesskey &&
3276 	    ssid->dpp_pfs != 2 && !ssid->dpp_pfs_fallback) {
3277 		struct rsn_pmksa_cache_entry *pmksa;
3278 
3279 		pmksa = pmksa_cache_get_current(wpa_s->wpa);
3280 		if (!pmksa || !pmksa->dpp_pfs)
3281 			goto pfs_fail;
3282 
3283 		dpp_pfs_free(wpa_s->dpp_pfs);
3284 		wpa_s->dpp_pfs = dpp_pfs_init(ssid->dpp_netaccesskey,
3285 					      ssid->dpp_netaccesskey_len);
3286 		if (!wpa_s->dpp_pfs) {
3287 			wpa_printf(MSG_DEBUG, "DPP: Could not initialize PFS");
3288 			/* Try to continue without PFS */
3289 			goto pfs_fail;
3290 		}
3291 		if (wpabuf_len(wpa_s->dpp_pfs->ie) <=
3292 		    max_wpa_ie_len - wpa_ie_len) {
3293 			os_memcpy(wpa_ie + wpa_ie_len,
3294 				  wpabuf_head(wpa_s->dpp_pfs->ie),
3295 				  wpabuf_len(wpa_s->dpp_pfs->ie));
3296 			wpa_ie_len += wpabuf_len(wpa_s->dpp_pfs->ie);
3297 		}
3298 	}
3299 pfs_fail:
3300 #endif /* CONFIG_DPP2 */
3301 
3302 #ifdef CONFIG_IEEE80211R
3303 	/*
3304 	 * Add MDIE under these conditions: the network profile allows FT,
3305 	 * the AP supports FT, and the mobility domain ID matches.
3306 	 */
3307 	if (bss && wpa_key_mgmt_ft(wpa_sm_get_key_mgmt(wpa_s->wpa))) {
3308 		const u8 *mdie = wpa_bss_get_ie(bss, WLAN_EID_MOBILITY_DOMAIN);
3309 
3310 		if (mdie && mdie[1] >= MOBILITY_DOMAIN_ID_LEN) {
3311 			size_t len = 0;
3312 			const u8 *md = mdie + 2;
3313 			const u8 *wpa_md = wpa_sm_get_ft_md(wpa_s->wpa);
3314 
3315 			if (os_memcmp(md, wpa_md,
3316 				      MOBILITY_DOMAIN_ID_LEN) == 0) {
3317 				/* Add mobility domain IE */
3318 				len = wpa_ft_add_mdie(
3319 					wpa_s->wpa, wpa_ie + wpa_ie_len,
3320 					max_wpa_ie_len - wpa_ie_len, mdie);
3321 				wpa_ie_len += len;
3322 			}
3323 #ifdef CONFIG_SME
3324 			if (len > 0 && wpa_s->sme.ft_used &&
3325 			    wpa_sm_has_ptk(wpa_s->wpa)) {
3326 				wpa_dbg(wpa_s, MSG_DEBUG,
3327 					"SME: Trying to use FT over-the-air");
3328 				algs |= WPA_AUTH_ALG_FT;
3329 			}
3330 #endif /* CONFIG_SME */
3331 		}
3332 	}
3333 #endif /* CONFIG_IEEE80211R */
3334 
3335 #ifdef CONFIG_TESTING_OPTIONS
3336 	if (wpa_s->rsnxe_override_assoc &&
3337 	    wpabuf_len(wpa_s->rsnxe_override_assoc) <=
3338 	    max_wpa_ie_len - wpa_ie_len) {
3339 		wpa_printf(MSG_DEBUG, "TESTING: RSNXE AssocReq override");
3340 		os_memcpy(wpa_ie + wpa_ie_len,
3341 			  wpabuf_head(wpa_s->rsnxe_override_assoc),
3342 			  wpabuf_len(wpa_s->rsnxe_override_assoc));
3343 		wpa_ie_len += wpabuf_len(wpa_s->rsnxe_override_assoc);
3344 	} else
3345 #endif /* CONFIG_TESTING_OPTIONS */
3346 	if (wpa_s->rsnxe_len > 0 &&
3347 	    wpa_s->rsnxe_len <= max_wpa_ie_len - wpa_ie_len) {
3348 		os_memcpy(wpa_ie + wpa_ie_len, wpa_s->rsnxe, wpa_s->rsnxe_len);
3349 		wpa_ie_len += wpa_s->rsnxe_len;
3350 	}
3351 
3352 #ifdef CONFIG_TESTING_OPTIONS
3353 	if (wpa_s->disable_mscs_support)
3354 		goto mscs_end;
3355 #endif /* CONFIG_TESTING_OPTIONS */
3356 	if (wpa_bss_ext_capab(bss, WLAN_EXT_CAPAB_MSCS) &&
3357 	    wpa_s->robust_av.valid_config) {
3358 		struct wpabuf *mscs_ie;
3359 		size_t mscs_ie_len, buf_len;
3360 
3361 		buf_len = 3 +	/* MSCS descriptor IE header */
3362 			  1 +	/* Request type */
3363 			  2 +	/* User priority control */
3364 			  4 +	/* Stream timeout */
3365 			  3 +	/* TCLAS Mask IE header */
3366 			  wpa_s->robust_av.frame_classifier_len;
3367 		mscs_ie = wpabuf_alloc(buf_len);
3368 		if (!mscs_ie) {
3369 			wpa_printf(MSG_INFO,
3370 				   "MSCS: Failed to allocate MSCS IE");
3371 			goto mscs_end;
3372 		}
3373 
3374 		wpas_populate_mscs_descriptor_ie(&wpa_s->robust_av, mscs_ie);
3375 		if ((wpa_ie_len + wpabuf_len(mscs_ie)) <= max_wpa_ie_len) {
3376 			wpa_hexdump_buf(MSG_MSGDUMP, "MSCS IE", mscs_ie);
3377 			mscs_ie_len = wpabuf_len(mscs_ie);
3378 			os_memcpy(wpa_ie + wpa_ie_len, wpabuf_head(mscs_ie),
3379 				  mscs_ie_len);
3380 			wpa_ie_len += mscs_ie_len;
3381 		}
3382 
3383 		wpabuf_free(mscs_ie);
3384 	}
3385 mscs_end:
3386 
3387 	wpa_ie_len = wpas_populate_wfa_capa(wpa_s, bss, wpa_ie, wpa_ie_len,
3388 					    max_wpa_ie_len);
3389 
3390 	if (ssid->multi_ap_backhaul_sta) {
3391 		size_t multi_ap_ie_len;
3392 
3393 		multi_ap_ie_len = add_multi_ap_ie(wpa_ie + wpa_ie_len,
3394 						  max_wpa_ie_len - wpa_ie_len,
3395 						  MULTI_AP_BACKHAUL_STA);
3396 		if (multi_ap_ie_len == 0) {
3397 			wpa_printf(MSG_ERROR,
3398 				   "Multi-AP: Failed to build Multi-AP IE");
3399 			os_free(wpa_ie);
3400 			return NULL;
3401 		}
3402 		wpa_ie_len += multi_ap_ie_len;
3403 	}
3404 
3405 	params->wpa_ie = wpa_ie;
3406 	params->wpa_ie_len = wpa_ie_len;
3407 	params->auth_alg = algs;
3408 	if (mask)
3409 		*mask |= WPA_DRV_UPDATE_ASSOC_IES | WPA_DRV_UPDATE_AUTH_TYPE;
3410 
3411 	return wpa_ie;
3412 }
3413 
3414 
3415 #ifdef CONFIG_OWE
3416 static void wpas_update_owe_connect_params(struct wpa_supplicant *wpa_s)
3417 {
3418 	struct wpa_driver_associate_params params;
3419 	u8 *wpa_ie;
3420 
3421 	os_memset(&params, 0, sizeof(params));
3422 	wpa_ie = wpas_populate_assoc_ies(wpa_s, wpa_s->current_bss,
3423 					 wpa_s->current_ssid, &params, NULL);
3424 	if (!wpa_ie)
3425 		return;
3426 
3427 	wpa_drv_update_connect_params(wpa_s, &params, WPA_DRV_UPDATE_ASSOC_IES);
3428 	os_free(wpa_ie);
3429 }
3430 #endif /* CONFIG_OWE */
3431 
3432 
3433 #if defined(CONFIG_FILS) && defined(IEEE8021X_EAPOL)
3434 static void wpas_update_fils_connect_params(struct wpa_supplicant *wpa_s)
3435 {
3436 	struct wpa_driver_associate_params params;
3437 	enum wpa_drv_update_connect_params_mask mask = 0;
3438 	u8 *wpa_ie;
3439 
3440 	if (wpa_s->auth_alg != WPA_AUTH_ALG_OPEN)
3441 		return; /* nothing to do */
3442 
3443 	os_memset(&params, 0, sizeof(params));
3444 	wpa_ie = wpas_populate_assoc_ies(wpa_s, wpa_s->current_bss,
3445 					 wpa_s->current_ssid, &params, &mask);
3446 	if (!wpa_ie)
3447 		return;
3448 
3449 	if (params.auth_alg == WPA_AUTH_ALG_FILS) {
3450 		wpa_s->auth_alg = params.auth_alg;
3451 		wpa_drv_update_connect_params(wpa_s, &params, mask);
3452 	}
3453 
3454 	os_free(wpa_ie);
3455 }
3456 #endif /* CONFIG_FILS && IEEE8021X_EAPOL */
3457 
3458 
3459 static u8 wpa_ie_get_edmg_oper_chans(const u8 *edmg_ie)
3460 {
3461 	if (!edmg_ie || edmg_ie[1] < 6)
3462 		return 0;
3463 	return edmg_ie[EDMG_BSS_OPERATING_CHANNELS_OFFSET];
3464 }
3465 
3466 
3467 static u8 wpa_ie_get_edmg_oper_chan_width(const u8 *edmg_ie)
3468 {
3469 	if (!edmg_ie || edmg_ie[1] < 6)
3470 		return 0;
3471 	return edmg_ie[EDMG_OPERATING_CHANNEL_WIDTH_OFFSET];
3472 }
3473 
3474 
3475 /* Returns the intersection of two EDMG configurations.
3476  * Note: The current implementation is limited to CB2 only (CB1 included),
3477  * i.e., the implementation supports up to 2 contiguous channels.
3478  * For supporting non-contiguous (aggregated) channels and for supporting
3479  * CB3 and above, this function will need to be extended.
3480  */
3481 static struct ieee80211_edmg_config
3482 get_edmg_intersection(struct ieee80211_edmg_config a,
3483 		      struct ieee80211_edmg_config b,
3484 		      u8 primary_channel)
3485 {
3486 	struct ieee80211_edmg_config result;
3487 	int i, contiguous = 0;
3488 	int max_contiguous = 0;
3489 
3490 	result.channels = b.channels & a.channels;
3491 	if (!result.channels) {
3492 		wpa_printf(MSG_DEBUG,
3493 			   "EDMG not possible: cannot intersect channels 0x%x and 0x%x",
3494 			   a.channels, b.channels);
3495 		goto fail;
3496 	}
3497 
3498 	if (!(result.channels & BIT(primary_channel - 1))) {
3499 		wpa_printf(MSG_DEBUG,
3500 			   "EDMG not possible: the primary channel %d is not one of the intersected channels 0x%x",
3501 			   primary_channel, result.channels);
3502 		goto fail;
3503 	}
3504 
3505 	/* Find max contiguous channels */
3506 	for (i = 0; i < 6; i++) {
3507 		if (result.channels & BIT(i))
3508 			contiguous++;
3509 		else
3510 			contiguous = 0;
3511 
3512 		if (contiguous > max_contiguous)
3513 			max_contiguous = contiguous;
3514 	}
3515 
3516 	/* Assuming AP and STA supports ONLY contiguous channels,
3517 	 * bw configuration can have value between 4-7.
3518 	 */
3519 	if ((b.bw_config < a.bw_config))
3520 		result.bw_config = b.bw_config;
3521 	else
3522 		result.bw_config = a.bw_config;
3523 
3524 	if ((max_contiguous >= 2 && result.bw_config < EDMG_BW_CONFIG_5) ||
3525 	    (max_contiguous >= 1 && result.bw_config < EDMG_BW_CONFIG_4)) {
3526 		wpa_printf(MSG_DEBUG,
3527 			   "EDMG not possible: not enough contiguous channels %d for supporting CB1 or CB2",
3528 			   max_contiguous);
3529 		goto fail;
3530 	}
3531 
3532 	return result;
3533 
3534 fail:
3535 	result.channels = 0;
3536 	result.bw_config = 0;
3537 	return result;
3538 }
3539 
3540 
3541 static struct ieee80211_edmg_config
3542 get_supported_edmg(struct wpa_supplicant *wpa_s,
3543 		   struct hostapd_freq_params *freq,
3544 		   struct ieee80211_edmg_config request_edmg)
3545 {
3546 	enum hostapd_hw_mode hw_mode;
3547 	struct hostapd_hw_modes *mode = NULL;
3548 	u8 primary_channel;
3549 
3550 	if (!wpa_s->hw.modes)
3551 		goto fail;
3552 
3553 	hw_mode = ieee80211_freq_to_chan(freq->freq, &primary_channel);
3554 	if (hw_mode == NUM_HOSTAPD_MODES)
3555 		goto fail;
3556 
3557 	mode = get_mode(wpa_s->hw.modes, wpa_s->hw.num_modes, hw_mode, false);
3558 	if (!mode)
3559 		goto fail;
3560 
3561 	return get_edmg_intersection(mode->edmg, request_edmg, primary_channel);
3562 
3563 fail:
3564 	request_edmg.channels = 0;
3565 	request_edmg.bw_config = 0;
3566 	return request_edmg;
3567 }
3568 
3569 
3570 #ifdef CONFIG_MBO
3571 void wpas_update_mbo_connect_params(struct wpa_supplicant *wpa_s)
3572 {
3573 	struct wpa_driver_associate_params params;
3574 	u8 *wpa_ie;
3575 
3576 	/*
3577 	 * Update MBO connect params only in case of change of MBO attributes
3578 	 * when connected, if the AP support MBO.
3579 	 */
3580 
3581 	if (wpa_s->wpa_state != WPA_COMPLETED || !wpa_s->current_ssid ||
3582 	    !wpa_s->current_bss ||
3583 	    !wpa_bss_get_vendor_ie(wpa_s->current_bss, MBO_IE_VENDOR_TYPE))
3584 		return;
3585 
3586 	os_memset(&params, 0, sizeof(params));
3587 	wpa_ie = wpas_populate_assoc_ies(wpa_s, wpa_s->current_bss,
3588 					 wpa_s->current_ssid, &params, NULL);
3589 	if (!wpa_ie)
3590 		return;
3591 
3592 	wpa_drv_update_connect_params(wpa_s, &params, WPA_DRV_UPDATE_ASSOC_IES);
3593 	os_free(wpa_ie);
3594 }
3595 #endif /* CONFIG_MBO */
3596 
3597 
3598 static void wpas_start_assoc_cb(struct wpa_radio_work *work, int deinit)
3599 {
3600 	struct wpa_connect_work *cwork = work->ctx;
3601 	struct wpa_bss *bss = cwork->bss;
3602 	struct wpa_ssid *ssid = cwork->ssid;
3603 	struct wpa_supplicant *wpa_s = work->wpa_s;
3604 	u8 *wpa_ie;
3605 	const u8 *edmg_ie_oper;
3606 	int use_crypt, ret, bssid_changed;
3607 	unsigned int cipher_pairwise, cipher_group, cipher_group_mgmt;
3608 	struct wpa_driver_associate_params params;
3609 #if defined(CONFIG_WEP) || defined(IEEE8021X_EAPOL)
3610 	int wep_keys_set = 0;
3611 #endif /* CONFIG_WEP || IEEE8021X_EAPOL */
3612 	int assoc_failed = 0;
3613 	struct wpa_ssid *old_ssid;
3614 	u8 prev_bssid[ETH_ALEN];
3615 #ifdef CONFIG_HT_OVERRIDES
3616 	struct ieee80211_ht_capabilities htcaps;
3617 	struct ieee80211_ht_capabilities htcaps_mask;
3618 #endif /* CONFIG_HT_OVERRIDES */
3619 #ifdef CONFIG_VHT_OVERRIDES
3620        struct ieee80211_vht_capabilities vhtcaps;
3621        struct ieee80211_vht_capabilities vhtcaps_mask;
3622 #endif /* CONFIG_VHT_OVERRIDES */
3623 
3624 	wpa_s->roam_in_progress = false;
3625 #ifdef CONFIG_WNM
3626 	wpa_s->bss_trans_mgmt_in_progress = false;
3627 #endif /* CONFIG_WNM */
3628 
3629 	if (deinit) {
3630 		if (work->started) {
3631 			wpa_s->connect_work = NULL;
3632 
3633 			/* cancel possible auth. timeout */
3634 			eloop_cancel_timeout(wpa_supplicant_timeout, wpa_s,
3635 					     NULL);
3636 		}
3637 		wpas_connect_work_free(cwork);
3638 		return;
3639 	}
3640 
3641 	wpa_s->connect_work = work;
3642 
3643 	if (cwork->bss_removed || !wpas_valid_bss_ssid(wpa_s, bss, ssid) ||
3644 	    wpas_network_disabled(wpa_s, ssid)) {
3645 		wpa_dbg(wpa_s, MSG_DEBUG, "BSS/SSID entry for association not valid anymore - drop connection attempt");
3646 		wpas_connect_work_done(wpa_s);
3647 		return;
3648 	}
3649 
3650 	os_memcpy(prev_bssid, wpa_s->bssid, ETH_ALEN);
3651 	os_memset(&params, 0, sizeof(params));
3652 	wpa_s->reassociate = 0;
3653 	wpa_s->eap_expected_failure = 0;
3654 
3655 	/* Starting new association, so clear the possibly used WPA IE from the
3656 	 * previous association. */
3657 	wpa_sm_set_assoc_wpa_ie(wpa_s->wpa, NULL, 0);
3658 	wpa_sm_set_assoc_rsnxe(wpa_s->wpa, NULL, 0);
3659 	wpa_s->rsnxe_len = 0;
3660 	wpa_s->mscs_setup_done = false;
3661 
3662 	wpa_ie = wpas_populate_assoc_ies(wpa_s, bss, ssid, &params, NULL);
3663 	if (!wpa_ie) {
3664 		wpas_connect_work_done(wpa_s);
3665 		return;
3666 	}
3667 
3668 	if (bss &&
3669 	    (!wpas_driver_bss_selection(wpa_s) || wpas_wps_searching(wpa_s))) {
3670 #ifdef CONFIG_IEEE80211R
3671 		const u8 *ie, *md = NULL;
3672 #endif /* CONFIG_IEEE80211R */
3673 		wpa_msg(wpa_s, MSG_INFO, "Trying to associate with " MACSTR
3674 			" (SSID='%s' freq=%d MHz)", MAC2STR(bss->bssid),
3675 			wpa_ssid_txt(bss->ssid, bss->ssid_len), bss->freq);
3676 		bssid_changed = !is_zero_ether_addr(wpa_s->bssid);
3677 		os_memset(wpa_s->bssid, 0, ETH_ALEN);
3678 		os_memcpy(wpa_s->pending_bssid, bss->bssid, ETH_ALEN);
3679 		if (bssid_changed)
3680 			wpas_notify_bssid_changed(wpa_s);
3681 #ifdef CONFIG_IEEE80211R
3682 		ie = wpa_bss_get_ie(bss, WLAN_EID_MOBILITY_DOMAIN);
3683 		if (ie && ie[1] >= MOBILITY_DOMAIN_ID_LEN)
3684 			md = ie + 2;
3685 		wpa_sm_set_ft_params(wpa_s->wpa, ie, ie ? 2 + ie[1] : 0);
3686 		if (md) {
3687 			/* Prepare for the next transition */
3688 			wpa_ft_prepare_auth_request(wpa_s->wpa, ie);
3689 		}
3690 #endif /* CONFIG_IEEE80211R */
3691 #ifdef CONFIG_WPS
3692 	} else if ((ssid->ssid == NULL || ssid->ssid_len == 0) &&
3693 		   wpa_s->conf->ap_scan == 2 &&
3694 		   (ssid->key_mgmt & WPA_KEY_MGMT_WPS)) {
3695 		/* Use ap_scan==1 style network selection to find the network
3696 		 */
3697 		wpas_connect_work_done(wpa_s);
3698 		wpa_s->scan_req = MANUAL_SCAN_REQ;
3699 		wpa_s->reassociate = 1;
3700 		wpa_supplicant_req_scan(wpa_s, 0, 0);
3701 		os_free(wpa_ie);
3702 		return;
3703 #endif /* CONFIG_WPS */
3704 	} else {
3705 		wpa_msg(wpa_s, MSG_INFO, "Trying to associate with SSID '%s'",
3706 			wpa_ssid_txt(ssid->ssid, ssid->ssid_len));
3707 		if (bss)
3708 			os_memcpy(wpa_s->pending_bssid, bss->bssid, ETH_ALEN);
3709 		else
3710 			os_memset(wpa_s->pending_bssid, 0, ETH_ALEN);
3711 	}
3712 	if (!wpa_s->pno)
3713 		wpa_supplicant_cancel_sched_scan(wpa_s);
3714 
3715 	wpa_supplicant_cancel_scan(wpa_s);
3716 
3717 	wpa_clear_keys(wpa_s, bss ? bss->bssid : NULL);
3718 	use_crypt = 1;
3719 	cipher_pairwise = wpa_s->pairwise_cipher;
3720 	cipher_group = wpa_s->group_cipher;
3721 	cipher_group_mgmt = wpa_s->mgmt_group_cipher;
3722 	if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE ||
3723 	    wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
3724 		if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE)
3725 			use_crypt = 0;
3726 #ifdef CONFIG_WEP
3727 		if (wpa_set_wep_keys(wpa_s, ssid)) {
3728 			use_crypt = 1;
3729 			wep_keys_set = 1;
3730 		}
3731 #endif /* CONFIG_WEP */
3732 	}
3733 	if (wpa_s->key_mgmt == WPA_KEY_MGMT_WPS)
3734 		use_crypt = 0;
3735 
3736 #ifdef IEEE8021X_EAPOL
3737 	if (wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
3738 		if ((ssid->eapol_flags &
3739 		     (EAPOL_FLAG_REQUIRE_KEY_UNICAST |
3740 		      EAPOL_FLAG_REQUIRE_KEY_BROADCAST)) == 0 &&
3741 		    !wep_keys_set) {
3742 			use_crypt = 0;
3743 		} else {
3744 			/* Assume that dynamic WEP-104 keys will be used and
3745 			 * set cipher suites in order for drivers to expect
3746 			 * encryption. */
3747 			cipher_pairwise = cipher_group = WPA_CIPHER_WEP104;
3748 		}
3749 	}
3750 #endif /* IEEE8021X_EAPOL */
3751 
3752 	if (wpa_s->key_mgmt == WPA_KEY_MGMT_WPA_NONE) {
3753 		/* Set the key before (and later after) association */
3754 		wpa_supplicant_set_wpa_none_key(wpa_s, ssid);
3755 	}
3756 
3757 	wpa_supplicant_set_state(wpa_s, WPA_ASSOCIATING);
3758 	if (bss) {
3759 		params.ssid = bss->ssid;
3760 		params.ssid_len = bss->ssid_len;
3761 		if (!wpas_driver_bss_selection(wpa_s) || ssid->bssid_set ||
3762 		    wpa_s->key_mgmt == WPA_KEY_MGMT_WPS) {
3763 			wpa_printf(MSG_DEBUG, "Limit connection to BSSID "
3764 				   MACSTR " freq=%u MHz based on scan results "
3765 				   "(bssid_set=%d wps=%d)",
3766 				   MAC2STR(bss->bssid), bss->freq,
3767 				   ssid->bssid_set,
3768 				   wpa_s->key_mgmt == WPA_KEY_MGMT_WPS);
3769 			params.bssid = bss->bssid;
3770 			params.freq.freq = bss->freq;
3771 		}
3772 		params.bssid_hint = bss->bssid;
3773 		params.freq_hint = bss->freq;
3774 		params.pbss = bss_is_pbss(bss);
3775 	} else {
3776 		if (ssid->bssid_hint_set)
3777 			params.bssid_hint = ssid->bssid_hint;
3778 
3779 		params.ssid = ssid->ssid;
3780 		params.ssid_len = ssid->ssid_len;
3781 		params.pbss = (ssid->pbss != 2) ? ssid->pbss : 0;
3782 	}
3783 
3784 	if (ssid->mode == WPAS_MODE_IBSS && ssid->bssid_set &&
3785 	    wpa_s->conf->ap_scan == 2) {
3786 		params.bssid = ssid->bssid;
3787 		params.fixed_bssid = 1;
3788 	}
3789 
3790 	/* Initial frequency for IBSS/mesh */
3791 	if ((ssid->mode == WPAS_MODE_IBSS || ssid->mode == WPAS_MODE_MESH) &&
3792 	    ssid->frequency > 0 && params.freq.freq == 0)
3793 		ibss_mesh_setup_freq(wpa_s, ssid, &params.freq);
3794 
3795 	if (ssid->mode == WPAS_MODE_IBSS) {
3796 		params.fixed_freq = ssid->fixed_freq;
3797 		if (ssid->beacon_int)
3798 			params.beacon_int = ssid->beacon_int;
3799 		else
3800 			params.beacon_int = wpa_s->conf->beacon_int;
3801 	}
3802 
3803 	if (bss && ssid->enable_edmg)
3804 		edmg_ie_oper = wpa_bss_get_ie_ext(bss,
3805 						  WLAN_EID_EXT_EDMG_OPERATION);
3806 	else
3807 		edmg_ie_oper = NULL;
3808 
3809 	if (edmg_ie_oper) {
3810 		params.freq.edmg.channels =
3811 			wpa_ie_get_edmg_oper_chans(edmg_ie_oper);
3812 		params.freq.edmg.bw_config =
3813 			wpa_ie_get_edmg_oper_chan_width(edmg_ie_oper);
3814 		wpa_printf(MSG_DEBUG,
3815 			   "AP supports EDMG channels 0x%x, bw_config %d",
3816 			   params.freq.edmg.channels,
3817 			   params.freq.edmg.bw_config);
3818 
3819 		/* User may ask for specific EDMG channel for EDMG connection
3820 		 * (must be supported by AP)
3821 		 */
3822 		if (ssid->edmg_channel) {
3823 			struct ieee80211_edmg_config configured_edmg;
3824 			enum hostapd_hw_mode hw_mode;
3825 			u8 primary_channel;
3826 
3827 			hw_mode = ieee80211_freq_to_chan(bss->freq,
3828 							 &primary_channel);
3829 			if (hw_mode == NUM_HOSTAPD_MODES)
3830 				goto edmg_fail;
3831 
3832 			hostapd_encode_edmg_chan(ssid->enable_edmg,
3833 						 ssid->edmg_channel,
3834 						 primary_channel,
3835 						 &configured_edmg);
3836 
3837 			if (ieee802_edmg_is_allowed(params.freq.edmg,
3838 						    configured_edmg)) {
3839 				params.freq.edmg = configured_edmg;
3840 				wpa_printf(MSG_DEBUG,
3841 					   "Use EDMG channel %d for connection",
3842 					   ssid->edmg_channel);
3843 			} else {
3844 			edmg_fail:
3845 				params.freq.edmg.channels = 0;
3846 				params.freq.edmg.bw_config = 0;
3847 				wpa_printf(MSG_WARNING,
3848 					   "EDMG channel %d not supported by AP, fallback to DMG",
3849 					   ssid->edmg_channel);
3850 			}
3851 		}
3852 
3853 		if (params.freq.edmg.channels) {
3854 			wpa_printf(MSG_DEBUG,
3855 				   "EDMG before: channels 0x%x, bw_config %d",
3856 				   params.freq.edmg.channels,
3857 				   params.freq.edmg.bw_config);
3858 			params.freq.edmg = get_supported_edmg(wpa_s,
3859 							      &params.freq,
3860 							      params.freq.edmg);
3861 			wpa_printf(MSG_DEBUG,
3862 				   "EDMG after: channels 0x%x, bw_config %d",
3863 				   params.freq.edmg.channels,
3864 				   params.freq.edmg.bw_config);
3865 		}
3866 	}
3867 
3868 	params.pairwise_suite = cipher_pairwise;
3869 	params.group_suite = cipher_group;
3870 	params.mgmt_group_suite = cipher_group_mgmt;
3871 	params.key_mgmt_suite = wpa_s->key_mgmt;
3872 	params.wpa_proto = wpa_s->wpa_proto;
3873 	wpa_s->auth_alg = params.auth_alg;
3874 	params.mode = ssid->mode;
3875 	params.bg_scan_period = ssid->bg_scan_period;
3876 #ifdef CONFIG_WEP
3877 	{
3878 		int i;
3879 
3880 		for (i = 0; i < NUM_WEP_KEYS; i++) {
3881 			if (ssid->wep_key_len[i])
3882 				params.wep_key[i] = ssid->wep_key[i];
3883 			params.wep_key_len[i] = ssid->wep_key_len[i];
3884 		}
3885 		params.wep_tx_keyidx = ssid->wep_tx_keyidx;
3886 	}
3887 #endif /* CONFIG_WEP */
3888 
3889 	if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_PSK) &&
3890 	    (params.key_mgmt_suite == WPA_KEY_MGMT_PSK ||
3891 	     params.key_mgmt_suite == WPA_KEY_MGMT_FT_PSK)) {
3892 		params.passphrase = ssid->passphrase;
3893 		if (ssid->psk_set)
3894 			params.psk = ssid->psk;
3895 	}
3896 
3897 	if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_8021X) &&
3898 	    (params.key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X ||
3899 	     params.key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X_SHA256 ||
3900 	     params.key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X_SUITE_B ||
3901 	     params.key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X_SUITE_B_192))
3902 		params.req_handshake_offload = 1;
3903 
3904 	if (wpa_s->conf->key_mgmt_offload) {
3905 		if (params.key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X ||
3906 		    params.key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X_SHA256 ||
3907 		    params.key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X_SUITE_B ||
3908 		    params.key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X_SUITE_B_192)
3909 			params.req_key_mgmt_offload =
3910 				ssid->proactive_key_caching < 0 ?
3911 				wpa_s->conf->okc : ssid->proactive_key_caching;
3912 		else
3913 			params.req_key_mgmt_offload = 1;
3914 
3915 		if ((params.key_mgmt_suite == WPA_KEY_MGMT_PSK ||
3916 		     params.key_mgmt_suite == WPA_KEY_MGMT_PSK_SHA256 ||
3917 		     params.key_mgmt_suite == WPA_KEY_MGMT_FT_PSK) &&
3918 		    ssid->psk_set)
3919 			params.psk = ssid->psk;
3920 	}
3921 
3922 	params.drop_unencrypted = use_crypt;
3923 
3924 	params.mgmt_frame_protection = wpas_get_ssid_pmf(wpa_s, ssid);
3925 	if (params.mgmt_frame_protection != NO_MGMT_FRAME_PROTECTION && bss) {
3926 		const u8 *rsn = wpa_bss_get_ie(bss, WLAN_EID_RSN);
3927 		struct wpa_ie_data ie;
3928 		if (rsn && wpa_parse_wpa_ie(rsn, 2 + rsn[1], &ie) == 0 &&
3929 		    ie.capabilities &
3930 		    (WPA_CAPABILITY_MFPC | WPA_CAPABILITY_MFPR)) {
3931 			wpa_dbg(wpa_s, MSG_DEBUG, "WPA: Selected AP supports "
3932 				"MFP: require MFP");
3933 			params.mgmt_frame_protection =
3934 				MGMT_FRAME_PROTECTION_REQUIRED;
3935 #ifdef CONFIG_OWE
3936 		} else if (!rsn && (ssid->key_mgmt & WPA_KEY_MGMT_OWE) &&
3937 			   !ssid->owe_only) {
3938 			params.mgmt_frame_protection = NO_MGMT_FRAME_PROTECTION;
3939 #endif /* CONFIG_OWE */
3940 		}
3941 	}
3942 
3943 	params.p2p = ssid->p2p_group;
3944 
3945 	if (wpa_s->p2pdev->set_sta_uapsd)
3946 		params.uapsd = wpa_s->p2pdev->sta_uapsd;
3947 	else
3948 		params.uapsd = -1;
3949 
3950 #ifdef CONFIG_HT_OVERRIDES
3951 	os_memset(&htcaps, 0, sizeof(htcaps));
3952 	os_memset(&htcaps_mask, 0, sizeof(htcaps_mask));
3953 	params.htcaps = (u8 *) &htcaps;
3954 	params.htcaps_mask = (u8 *) &htcaps_mask;
3955 	wpa_supplicant_apply_ht_overrides(wpa_s, ssid, &params);
3956 #endif /* CONFIG_HT_OVERRIDES */
3957 #ifdef CONFIG_VHT_OVERRIDES
3958 	os_memset(&vhtcaps, 0, sizeof(vhtcaps));
3959 	os_memset(&vhtcaps_mask, 0, sizeof(vhtcaps_mask));
3960 	params.vhtcaps = &vhtcaps;
3961 	params.vhtcaps_mask = &vhtcaps_mask;
3962 	wpa_supplicant_apply_vht_overrides(wpa_s, ssid, &params);
3963 #endif /* CONFIG_VHT_OVERRIDES */
3964 #ifdef CONFIG_HE_OVERRIDES
3965 	wpa_supplicant_apply_he_overrides(wpa_s, ssid, &params);
3966 #endif /* CONFIG_HE_OVERRIDES */
3967 
3968 #ifdef CONFIG_P2P
3969 	/*
3970 	 * If multi-channel concurrency is not supported, check for any
3971 	 * frequency conflict. In case of any frequency conflict, remove the
3972 	 * least prioritized connection.
3973 	 */
3974 	if (wpa_s->num_multichan_concurrent < 2) {
3975 		int freq, num;
3976 		num = get_shared_radio_freqs(wpa_s, &freq, 1);
3977 		if (num > 0 && freq > 0 && freq != params.freq.freq) {
3978 			wpa_printf(MSG_DEBUG,
3979 				   "Assoc conflicting freq found (%d != %d)",
3980 				   freq, params.freq.freq);
3981 			if (wpas_p2p_handle_frequency_conflicts(
3982 				    wpa_s, params.freq.freq, ssid) < 0) {
3983 				wpas_connect_work_done(wpa_s);
3984 				os_free(wpa_ie);
3985 				return;
3986 			}
3987 		}
3988 	}
3989 #endif /* CONFIG_P2P */
3990 
3991 	if (wpa_s->reassoc_same_ess && !is_zero_ether_addr(prev_bssid) &&
3992 	    wpa_s->current_ssid)
3993 		params.prev_bssid = prev_bssid;
3994 
3995 #ifdef CONFIG_SAE
3996 	params.sae_pwe = wpa_s->conf->sae_pwe;
3997 #endif /* CONFIG_SAE */
3998 
3999 	ret = wpa_drv_associate(wpa_s, &params);
4000 	os_free(wpa_ie);
4001 	if (ret < 0) {
4002 		wpa_msg(wpa_s, MSG_INFO, "Association request to the driver "
4003 			"failed");
4004 		if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_VALID_ERROR_CODES) {
4005 			/*
4006 			 * The driver is known to mean what is saying, so we
4007 			 * can stop right here; the association will not
4008 			 * succeed.
4009 			 */
4010 			wpas_connection_failed(wpa_s, wpa_s->pending_bssid);
4011 			wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED);
4012 			os_memset(wpa_s->pending_bssid, 0, ETH_ALEN);
4013 			return;
4014 		}
4015 		/* try to continue anyway; new association will be tried again
4016 		 * after timeout */
4017 		assoc_failed = 1;
4018 	}
4019 
4020 	if (wpa_s->key_mgmt == WPA_KEY_MGMT_WPA_NONE) {
4021 		/* Set the key after the association just in case association
4022 		 * cleared the previously configured key. */
4023 		wpa_supplicant_set_wpa_none_key(wpa_s, ssid);
4024 		/* No need to timeout authentication since there is no key
4025 		 * management. */
4026 		wpa_supplicant_cancel_auth_timeout(wpa_s);
4027 		wpa_supplicant_set_state(wpa_s, WPA_COMPLETED);
4028 #ifdef CONFIG_IBSS_RSN
4029 	} else if (ssid->mode == WPAS_MODE_IBSS &&
4030 		   wpa_s->key_mgmt != WPA_KEY_MGMT_NONE &&
4031 		   wpa_s->key_mgmt != WPA_KEY_MGMT_WPA_NONE) {
4032 		/*
4033 		 * RSN IBSS authentication is per-STA and we can disable the
4034 		 * per-BSSID authentication.
4035 		 */
4036 		wpa_supplicant_cancel_auth_timeout(wpa_s);
4037 #endif /* CONFIG_IBSS_RSN */
4038 	} else {
4039 		/* Timeout for IEEE 802.11 authentication and association */
4040 		int timeout = 60;
4041 
4042 		if (assoc_failed) {
4043 			/* give IBSS a bit more time */
4044 			timeout = ssid->mode == WPAS_MODE_IBSS ? 10 : 5;
4045 		} else if (wpa_s->conf->ap_scan == 1) {
4046 			/* give IBSS a bit more time */
4047 			timeout = ssid->mode == WPAS_MODE_IBSS ? 20 : 10;
4048 		}
4049 		wpa_supplicant_req_auth_timeout(wpa_s, timeout, 0);
4050 	}
4051 
4052 #ifdef CONFIG_WEP
4053 	if (wep_keys_set &&
4054 	    (wpa_s->drv_flags & WPA_DRIVER_FLAGS_SET_KEYS_AFTER_ASSOC)) {
4055 		/* Set static WEP keys again */
4056 		wpa_set_wep_keys(wpa_s, ssid);
4057 	}
4058 #endif /* CONFIG_WEP */
4059 
4060 	if (wpa_s->current_ssid && wpa_s->current_ssid != ssid) {
4061 		/*
4062 		 * Do not allow EAP session resumption between different
4063 		 * network configurations.
4064 		 */
4065 		eapol_sm_invalidate_cached_session(wpa_s->eapol);
4066 	}
4067 	old_ssid = wpa_s->current_ssid;
4068 	wpa_s->current_ssid = ssid;
4069 
4070 	if (!wpas_driver_bss_selection(wpa_s) || ssid->bssid_set) {
4071 		wpa_s->current_bss = bss;
4072 #ifdef CONFIG_HS20
4073 		hs20_configure_frame_filters(wpa_s);
4074 #endif /* CONFIG_HS20 */
4075 	}
4076 
4077 	wpa_supplicant_rsn_supp_set_config(wpa_s, wpa_s->current_ssid);
4078 	wpa_supplicant_initiate_eapol(wpa_s);
4079 	if (old_ssid != wpa_s->current_ssid)
4080 		wpas_notify_network_changed(wpa_s);
4081 }
4082 
4083 
4084 static void wpa_supplicant_clear_connection(struct wpa_supplicant *wpa_s,
4085 					    const u8 *addr)
4086 {
4087 	struct wpa_ssid *old_ssid;
4088 
4089 	wpas_connect_work_done(wpa_s);
4090 	wpa_clear_keys(wpa_s, addr);
4091 	old_ssid = wpa_s->current_ssid;
4092 	wpa_supplicant_mark_disassoc(wpa_s);
4093 	wpa_sm_set_config(wpa_s->wpa, NULL);
4094 	eapol_sm_notify_config(wpa_s->eapol, NULL, NULL);
4095 	if (old_ssid != wpa_s->current_ssid)
4096 		wpas_notify_network_changed(wpa_s);
4097 
4098 	wpas_scs_deinit(wpa_s);
4099 	wpas_dscp_deinit(wpa_s);
4100 	eloop_cancel_timeout(wpa_supplicant_timeout, wpa_s, NULL);
4101 }
4102 
4103 
4104 /**
4105  * wpa_supplicant_deauthenticate - Deauthenticate the current connection
4106  * @wpa_s: Pointer to wpa_supplicant data
4107  * @reason_code: IEEE 802.11 reason code for the deauthenticate frame
4108  *
4109  * This function is used to request %wpa_supplicant to deauthenticate from the
4110  * current AP.
4111  */
4112 void wpa_supplicant_deauthenticate(struct wpa_supplicant *wpa_s,
4113 				   u16 reason_code)
4114 {
4115 	u8 *addr = NULL;
4116 	union wpa_event_data event;
4117 	int zero_addr = 0;
4118 
4119 	wpa_dbg(wpa_s, MSG_DEBUG, "Request to deauthenticate - bssid=" MACSTR
4120 		" pending_bssid=" MACSTR " reason=%d (%s) state=%s",
4121 		MAC2STR(wpa_s->bssid), MAC2STR(wpa_s->pending_bssid),
4122 		reason_code, reason2str(reason_code),
4123 		wpa_supplicant_state_txt(wpa_s->wpa_state));
4124 
4125 	if (!is_zero_ether_addr(wpa_s->pending_bssid) &&
4126 	    (wpa_s->wpa_state == WPA_AUTHENTICATING ||
4127 	     wpa_s->wpa_state == WPA_ASSOCIATING))
4128 		addr = wpa_s->pending_bssid;
4129 	else if (!is_zero_ether_addr(wpa_s->bssid))
4130 		addr = wpa_s->bssid;
4131 	else if (wpa_s->wpa_state == WPA_ASSOCIATING) {
4132 		/*
4133 		 * When using driver-based BSS selection, we may not know the
4134 		 * BSSID with which we are currently trying to associate. We
4135 		 * need to notify the driver of this disconnection even in such
4136 		 * a case, so use the all zeros address here.
4137 		 */
4138 		addr = wpa_s->bssid;
4139 		zero_addr = 1;
4140 	}
4141 
4142 	if (wpa_s->enabled_4addr_mode && wpa_drv_set_4addr_mode(wpa_s, 0) == 0)
4143 		wpa_s->enabled_4addr_mode = 0;
4144 
4145 #ifdef CONFIG_TDLS
4146 	wpa_tdls_teardown_peers(wpa_s->wpa);
4147 #endif /* CONFIG_TDLS */
4148 
4149 #ifdef CONFIG_MESH
4150 	if (wpa_s->ifmsh) {
4151 		struct mesh_conf *mconf;
4152 
4153 		mconf = wpa_s->ifmsh->mconf;
4154 		wpa_msg(wpa_s, MSG_INFO, MESH_GROUP_REMOVED "%s",
4155 			wpa_s->ifname);
4156 		wpas_notify_mesh_group_removed(wpa_s, mconf->meshid,
4157 					       mconf->meshid_len, reason_code);
4158 		wpa_supplicant_leave_mesh(wpa_s, true);
4159 	}
4160 #endif /* CONFIG_MESH */
4161 
4162 	if (addr) {
4163 		wpa_drv_deauthenticate(wpa_s, addr, reason_code);
4164 		os_memset(&event, 0, sizeof(event));
4165 		event.deauth_info.reason_code = reason_code;
4166 		event.deauth_info.locally_generated = 1;
4167 		wpa_supplicant_event(wpa_s, EVENT_DEAUTH, &event);
4168 		if (zero_addr)
4169 			addr = NULL;
4170 	}
4171 
4172 	wpa_supplicant_clear_connection(wpa_s, addr);
4173 }
4174 
4175 
4176 void wpa_supplicant_reconnect(struct wpa_supplicant *wpa_s)
4177 {
4178 	wpa_s->own_reconnect_req = 1;
4179 	wpa_supplicant_deauthenticate(wpa_s, WLAN_REASON_UNSPECIFIED);
4180 
4181 }
4182 
4183 
4184 static void wpa_supplicant_enable_one_network(struct wpa_supplicant *wpa_s,
4185 					      struct wpa_ssid *ssid)
4186 {
4187 	if (!ssid || !ssid->disabled || ssid->disabled == 2)
4188 		return;
4189 
4190 	ssid->disabled = 0;
4191 	ssid->owe_transition_bss_select_count = 0;
4192 	wpas_clear_temp_disabled(wpa_s, ssid, 1);
4193 	wpas_notify_network_enabled_changed(wpa_s, ssid);
4194 
4195 	/*
4196 	 * Try to reassociate since there is no current configuration and a new
4197 	 * network was made available.
4198 	 */
4199 	if (!wpa_s->current_ssid && !wpa_s->disconnected)
4200 		wpa_s->reassociate = 1;
4201 }
4202 
4203 
4204 /**
4205  * wpa_supplicant_add_network - Add a new network
4206  * @wpa_s: wpa_supplicant structure for a network interface
4207  * Returns: The new network configuration or %NULL if operation failed
4208  *
4209  * This function performs the following operations:
4210  * 1. Adds a new network.
4211  * 2. Send network addition notification.
4212  * 3. Marks the network disabled.
4213  * 4. Set network default parameters.
4214  */
4215 struct wpa_ssid * wpa_supplicant_add_network(struct wpa_supplicant *wpa_s)
4216 {
4217 	struct wpa_ssid *ssid;
4218 
4219 	ssid = wpa_config_add_network(wpa_s->conf);
4220 	if (!ssid)
4221 		return NULL;
4222 	wpas_notify_network_added(wpa_s, ssid);
4223 	ssid->disabled = 1;
4224 	wpa_config_set_network_defaults(ssid);
4225 
4226 	return ssid;
4227 }
4228 
4229 
4230 /**
4231  * wpa_supplicant_remove_network - Remove a configured network based on id
4232  * @wpa_s: wpa_supplicant structure for a network interface
4233  * @id: Unique network id to search for
4234  * Returns: 0 on success, or -1 if the network was not found, -2 if the network
4235  * could not be removed
4236  *
4237  * This function performs the following operations:
4238  * 1. Removes the network.
4239  * 2. Send network removal notification.
4240  * 3. Update internal state machines.
4241  * 4. Stop any running sched scans.
4242  */
4243 int wpa_supplicant_remove_network(struct wpa_supplicant *wpa_s, int id)
4244 {
4245 	struct wpa_ssid *ssid;
4246 	int was_disabled;
4247 
4248 	ssid = wpa_config_get_network(wpa_s->conf, id);
4249 	if (!ssid)
4250 		return -1;
4251 	wpas_notify_network_removed(wpa_s, ssid);
4252 
4253 	if (wpa_s->last_ssid == ssid)
4254 		wpa_s->last_ssid = NULL;
4255 
4256 	if (ssid == wpa_s->current_ssid || !wpa_s->current_ssid) {
4257 #ifdef CONFIG_SME
4258 		wpa_s->sme.prev_bssid_set = 0;
4259 #endif /* CONFIG_SME */
4260 		/*
4261 		 * Invalidate the EAP session cache if the current or
4262 		 * previously used network is removed.
4263 		 */
4264 		eapol_sm_invalidate_cached_session(wpa_s->eapol);
4265 	}
4266 
4267 	if (ssid == wpa_s->current_ssid) {
4268 		wpa_sm_set_config(wpa_s->wpa, NULL);
4269 		eapol_sm_notify_config(wpa_s->eapol, NULL, NULL);
4270 
4271 		if (wpa_s->wpa_state >= WPA_AUTHENTICATING)
4272 			wpa_s->own_disconnect_req = 1;
4273 		wpa_supplicant_deauthenticate(wpa_s,
4274 					      WLAN_REASON_DEAUTH_LEAVING);
4275 	}
4276 
4277 	was_disabled = ssid->disabled;
4278 
4279 	if (wpa_config_remove_network(wpa_s->conf, id) < 0)
4280 		return -2;
4281 
4282 	if (!was_disabled && wpa_s->sched_scanning) {
4283 		wpa_printf(MSG_DEBUG,
4284 			   "Stop ongoing sched_scan to remove network from filters");
4285 		wpa_supplicant_cancel_sched_scan(wpa_s);
4286 		wpa_supplicant_req_scan(wpa_s, 0, 0);
4287 	}
4288 
4289 	return 0;
4290 }
4291 
4292 
4293 /**
4294  * wpa_supplicant_remove_all_networks - Remove all configured networks
4295  * @wpa_s: wpa_supplicant structure for a network interface
4296  * Returns: 0 on success (errors are currently ignored)
4297  *
4298  * This function performs the following operations:
4299  * 1. Remove all networks.
4300  * 2. Send network removal notifications.
4301  * 3. Update internal state machines.
4302  * 4. Stop any running sched scans.
4303  */
4304 int wpa_supplicant_remove_all_networks(struct wpa_supplicant *wpa_s)
4305 {
4306 	struct wpa_ssid *ssid;
4307 
4308 	if (wpa_s->sched_scanning)
4309 		wpa_supplicant_cancel_sched_scan(wpa_s);
4310 
4311 	eapol_sm_invalidate_cached_session(wpa_s->eapol);
4312 	if (wpa_s->current_ssid) {
4313 #ifdef CONFIG_SME
4314 		wpa_s->sme.prev_bssid_set = 0;
4315 #endif /* CONFIG_SME */
4316 		wpa_sm_set_config(wpa_s->wpa, NULL);
4317 		eapol_sm_notify_config(wpa_s->eapol, NULL, NULL);
4318 		if (wpa_s->wpa_state >= WPA_AUTHENTICATING)
4319 			wpa_s->own_disconnect_req = 1;
4320 		wpa_supplicant_deauthenticate(
4321 			wpa_s, WLAN_REASON_DEAUTH_LEAVING);
4322 	}
4323 	ssid = wpa_s->conf->ssid;
4324 	while (ssid) {
4325 		struct wpa_ssid *remove_ssid = ssid;
4326 		int id;
4327 
4328 		id = ssid->id;
4329 		ssid = ssid->next;
4330 		if (wpa_s->last_ssid == remove_ssid)
4331 			wpa_s->last_ssid = NULL;
4332 		wpas_notify_network_removed(wpa_s, remove_ssid);
4333 		wpa_config_remove_network(wpa_s->conf, id);
4334 	}
4335 	return 0;
4336 }
4337 
4338 
4339 /**
4340  * wpa_supplicant_enable_network - Mark a configured network as enabled
4341  * @wpa_s: wpa_supplicant structure for a network interface
4342  * @ssid: wpa_ssid structure for a configured network or %NULL
4343  *
4344  * Enables the specified network or all networks if no network specified.
4345  */
4346 void wpa_supplicant_enable_network(struct wpa_supplicant *wpa_s,
4347 				   struct wpa_ssid *ssid)
4348 {
4349 	if (ssid == NULL) {
4350 		for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next)
4351 			wpa_supplicant_enable_one_network(wpa_s, ssid);
4352 	} else
4353 		wpa_supplicant_enable_one_network(wpa_s, ssid);
4354 
4355 	if (wpa_s->reassociate && !wpa_s->disconnected &&
4356 	    (!wpa_s->current_ssid ||
4357 	     wpa_s->wpa_state == WPA_DISCONNECTED ||
4358 	     wpa_s->wpa_state == WPA_SCANNING)) {
4359 		if (wpa_s->sched_scanning) {
4360 			wpa_printf(MSG_DEBUG, "Stop ongoing sched_scan to add "
4361 				   "new network to scan filters");
4362 			wpa_supplicant_cancel_sched_scan(wpa_s);
4363 		}
4364 
4365 		if (wpa_supplicant_fast_associate(wpa_s) != 1) {
4366 			wpa_s->scan_req = NORMAL_SCAN_REQ;
4367 			wpa_supplicant_req_scan(wpa_s, 0, 0);
4368 		}
4369 	}
4370 }
4371 
4372 
4373 /**
4374  * wpa_supplicant_disable_network - Mark a configured network as disabled
4375  * @wpa_s: wpa_supplicant structure for a network interface
4376  * @ssid: wpa_ssid structure for a configured network or %NULL
4377  *
4378  * Disables the specified network or all networks if no network specified.
4379  */
4380 void wpa_supplicant_disable_network(struct wpa_supplicant *wpa_s,
4381 				    struct wpa_ssid *ssid)
4382 {
4383 	struct wpa_ssid *other_ssid;
4384 	int was_disabled;
4385 
4386 	if (ssid == NULL) {
4387 		if (wpa_s->sched_scanning)
4388 			wpa_supplicant_cancel_sched_scan(wpa_s);
4389 
4390 		for (other_ssid = wpa_s->conf->ssid; other_ssid;
4391 		     other_ssid = other_ssid->next) {
4392 			was_disabled = other_ssid->disabled;
4393 			if (was_disabled == 2)
4394 				continue; /* do not change persistent P2P group
4395 					   * data */
4396 
4397 			other_ssid->disabled = 1;
4398 
4399 			if (was_disabled != other_ssid->disabled)
4400 				wpas_notify_network_enabled_changed(
4401 					wpa_s, other_ssid);
4402 		}
4403 		if (wpa_s->current_ssid) {
4404 			if (wpa_s->wpa_state >= WPA_AUTHENTICATING)
4405 				wpa_s->own_disconnect_req = 1;
4406 			wpa_supplicant_deauthenticate(
4407 				wpa_s, WLAN_REASON_DEAUTH_LEAVING);
4408 		}
4409 	} else if (ssid->disabled != 2) {
4410 		if (ssid == wpa_s->current_ssid) {
4411 			if (wpa_s->wpa_state >= WPA_AUTHENTICATING)
4412 				wpa_s->own_disconnect_req = 1;
4413 			wpa_supplicant_deauthenticate(
4414 				wpa_s, WLAN_REASON_DEAUTH_LEAVING);
4415 		}
4416 
4417 		was_disabled = ssid->disabled;
4418 
4419 		ssid->disabled = 1;
4420 
4421 		if (was_disabled != ssid->disabled) {
4422 			wpas_notify_network_enabled_changed(wpa_s, ssid);
4423 			if (wpa_s->sched_scanning) {
4424 				wpa_printf(MSG_DEBUG, "Stop ongoing sched_scan "
4425 					   "to remove network from filters");
4426 				wpa_supplicant_cancel_sched_scan(wpa_s);
4427 				wpa_supplicant_req_scan(wpa_s, 0, 0);
4428 			}
4429 		}
4430 	}
4431 }
4432 
4433 
4434 /**
4435  * wpa_supplicant_select_network - Attempt association with a network
4436  * @wpa_s: wpa_supplicant structure for a network interface
4437  * @ssid: wpa_ssid structure for a configured network or %NULL for any network
4438  */
4439 void wpa_supplicant_select_network(struct wpa_supplicant *wpa_s,
4440 				   struct wpa_ssid *ssid)
4441 {
4442 
4443 	struct wpa_ssid *other_ssid;
4444 	int disconnected = 0;
4445 
4446 	if (ssid && ssid != wpa_s->current_ssid && wpa_s->current_ssid) {
4447 		if (wpa_s->wpa_state >= WPA_AUTHENTICATING)
4448 			wpa_s->own_disconnect_req = 1;
4449 		wpa_supplicant_deauthenticate(
4450 			wpa_s, WLAN_REASON_DEAUTH_LEAVING);
4451 		disconnected = 1;
4452 	}
4453 
4454 	if (ssid)
4455 		wpas_clear_temp_disabled(wpa_s, ssid, 1);
4456 
4457 	/*
4458 	 * Mark all other networks disabled or mark all networks enabled if no
4459 	 * network specified.
4460 	 */
4461 	for (other_ssid = wpa_s->conf->ssid; other_ssid;
4462 	     other_ssid = other_ssid->next) {
4463 		int was_disabled = other_ssid->disabled;
4464 		if (was_disabled == 2)
4465 			continue; /* do not change persistent P2P group data */
4466 
4467 		other_ssid->disabled = ssid ? (ssid->id != other_ssid->id) : 0;
4468 		if (was_disabled && !other_ssid->disabled)
4469 			wpas_clear_temp_disabled(wpa_s, other_ssid, 0);
4470 
4471 		if (was_disabled != other_ssid->disabled)
4472 			wpas_notify_network_enabled_changed(wpa_s, other_ssid);
4473 	}
4474 
4475 	if (ssid && ssid == wpa_s->current_ssid && wpa_s->current_ssid &&
4476 	    wpa_s->wpa_state >= WPA_AUTHENTICATING) {
4477 		/* We are already associated with the selected network */
4478 		wpa_printf(MSG_DEBUG, "Already associated with the "
4479 			   "selected network - do nothing");
4480 		return;
4481 	}
4482 
4483 	if (ssid) {
4484 		wpa_s->current_ssid = ssid;
4485 		eapol_sm_notify_config(wpa_s->eapol, NULL, NULL);
4486 		wpa_s->connect_without_scan =
4487 			(ssid->mode == WPAS_MODE_MESH) ? ssid : NULL;
4488 
4489 		/*
4490 		 * Don't optimize next scan freqs since a new ESS has been
4491 		 * selected.
4492 		 */
4493 		os_free(wpa_s->next_scan_freqs);
4494 		wpa_s->next_scan_freqs = NULL;
4495 	} else {
4496 		wpa_s->connect_without_scan = NULL;
4497 	}
4498 
4499 	wpa_s->disconnected = 0;
4500 	wpa_s->reassociate = 1;
4501 	wpa_s_clear_sae_rejected(wpa_s);
4502 	wpa_s->last_owe_group = 0;
4503 	if (ssid) {
4504 		ssid->owe_transition_bss_select_count = 0;
4505 		wpa_s_setup_sae_pt(wpa_s->conf, ssid);
4506 	}
4507 
4508 	if (wpa_s->connect_without_scan ||
4509 	    wpa_supplicant_fast_associate(wpa_s) != 1) {
4510 		wpa_s->scan_req = NORMAL_SCAN_REQ;
4511 		wpas_scan_reset_sched_scan(wpa_s);
4512 		wpa_supplicant_req_scan(wpa_s, 0, disconnected ? 100000 : 0);
4513 	}
4514 
4515 	if (ssid)
4516 		wpas_notify_network_selected(wpa_s, ssid);
4517 }
4518 
4519 
4520 /**
4521  * wpas_remove_cred - Remove the specified credential and all the network
4522  * entries created based on the removed credential
4523  * @wpa_s: wpa_supplicant structure for a network interface
4524  * @cred: The credential to remove
4525  * Returns: 0 on success, -1 on failure
4526  */
4527 int wpas_remove_cred(struct wpa_supplicant *wpa_s, struct wpa_cred *cred)
4528 {
4529 	struct wpa_ssid *ssid, *next;
4530 	int id;
4531 
4532 	if (!cred) {
4533 		wpa_printf(MSG_DEBUG, "Could not find cred");
4534 		return -1;
4535 	}
4536 
4537 	id = cred->id;
4538 	if (wpa_config_remove_cred(wpa_s->conf, id) < 0) {
4539 		wpa_printf(MSG_DEBUG, "Could not find cred %d", id);
4540 		return -1;
4541 	}
4542 
4543 	wpa_msg(wpa_s, MSG_INFO, CRED_REMOVED "%d", id);
4544 
4545 	/* Remove any network entry created based on the removed credential */
4546 	ssid = wpa_s->conf->ssid;
4547 	while (ssid) {
4548 		next = ssid->next;
4549 
4550 		if (ssid->parent_cred == cred) {
4551 			wpa_printf(MSG_DEBUG,
4552 				   "Remove network id %d since it used the removed credential",
4553 				   ssid->id);
4554 			if (wpa_supplicant_remove_network(wpa_s, ssid->id) ==
4555 			    -1) {
4556 				wpa_printf(MSG_DEBUG,
4557 					   "Could not find network id=%d",
4558 					   ssid->id);
4559 			}
4560 		}
4561 
4562 		ssid = next;
4563 	}
4564 
4565 	return 0;
4566 }
4567 
4568 
4569 /**
4570  * wpas_remove_cred - Remove all the Interworking credentials
4571  * @wpa_s: wpa_supplicant structure for a network interface
4572  * Returns: 0 on success, -1 on failure
4573  */
4574 int wpas_remove_all_creds(struct wpa_supplicant *wpa_s)
4575 {
4576 	int res, ret = 0;
4577 	struct wpa_cred *cred, *prev;
4578 
4579 	cred = wpa_s->conf->cred;
4580 	while (cred) {
4581 		prev = cred;
4582 		cred = cred->next;
4583 		res = wpas_remove_cred(wpa_s, prev);
4584 		if (res < 0) {
4585 			wpa_printf(MSG_DEBUG,
4586 				   "Removal of all credentials failed - failed to remove credential id=%d",
4587 				   prev->id);
4588 			ret = -1;
4589 		}
4590 	}
4591 
4592 	return ret;
4593 }
4594 
4595 
4596 /**
4597  * wpas_set_pkcs11_engine_and_module_path - Set PKCS #11 engine and module path
4598  * @wpa_s: wpa_supplicant structure for a network interface
4599  * @pkcs11_engine_path: PKCS #11 engine path or NULL
4600  * @pkcs11_module_path: PKCS #11 module path or NULL
4601  * Returns: 0 on success; -1 on failure
4602  *
4603  * Sets the PKCS #11 engine and module path. Both have to be NULL or a valid
4604  * path. If resetting the EAPOL state machine with the new PKCS #11 engine and
4605  * module path fails the paths will be reset to the default value (NULL).
4606  */
4607 int wpas_set_pkcs11_engine_and_module_path(struct wpa_supplicant *wpa_s,
4608 					   const char *pkcs11_engine_path,
4609 					   const char *pkcs11_module_path)
4610 {
4611 	char *pkcs11_engine_path_copy = NULL;
4612 	char *pkcs11_module_path_copy = NULL;
4613 
4614 	if (pkcs11_engine_path != NULL) {
4615 		pkcs11_engine_path_copy = os_strdup(pkcs11_engine_path);
4616 		if (pkcs11_engine_path_copy == NULL)
4617 			return -1;
4618 	}
4619 	if (pkcs11_module_path != NULL) {
4620 		pkcs11_module_path_copy = os_strdup(pkcs11_module_path);
4621 		if (pkcs11_module_path_copy == NULL) {
4622 			os_free(pkcs11_engine_path_copy);
4623 			return -1;
4624 		}
4625 	}
4626 
4627 	os_free(wpa_s->conf->pkcs11_engine_path);
4628 	os_free(wpa_s->conf->pkcs11_module_path);
4629 	wpa_s->conf->pkcs11_engine_path = pkcs11_engine_path_copy;
4630 	wpa_s->conf->pkcs11_module_path = pkcs11_module_path_copy;
4631 
4632 	wpa_sm_set_eapol(wpa_s->wpa, NULL);
4633 	eapol_sm_deinit(wpa_s->eapol);
4634 	wpa_s->eapol = NULL;
4635 	if (wpa_supplicant_init_eapol(wpa_s)) {
4636 		/* Error -> Reset paths to the default value (NULL) once. */
4637 		if (pkcs11_engine_path != NULL && pkcs11_module_path != NULL)
4638 			wpas_set_pkcs11_engine_and_module_path(wpa_s, NULL,
4639 							       NULL);
4640 
4641 		return -1;
4642 	}
4643 	wpa_sm_set_eapol(wpa_s->wpa, wpa_s->eapol);
4644 
4645 	return 0;
4646 }
4647 
4648 
4649 /**
4650  * wpa_supplicant_set_ap_scan - Set AP scan mode for interface
4651  * @wpa_s: wpa_supplicant structure for a network interface
4652  * @ap_scan: AP scan mode
4653  * Returns: 0 if succeed or -1 if ap_scan has an invalid value
4654  *
4655  */
4656 int wpa_supplicant_set_ap_scan(struct wpa_supplicant *wpa_s, int ap_scan)
4657 {
4658 
4659 	int old_ap_scan;
4660 
4661 	if (ap_scan < 0 || ap_scan > 2)
4662 		return -1;
4663 
4664 	if (ap_scan == 2 && os_strcmp(wpa_s->driver->name, "nl80211") == 0) {
4665 		wpa_printf(MSG_INFO,
4666 			   "Note: nl80211 driver interface is not designed to be used with ap_scan=2; this can result in connection failures");
4667 	}
4668 
4669 #ifdef ANDROID
4670 	if (ap_scan == 2 && ap_scan != wpa_s->conf->ap_scan &&
4671 	    wpa_s->wpa_state >= WPA_ASSOCIATING &&
4672 	    wpa_s->wpa_state < WPA_COMPLETED) {
4673 		wpa_printf(MSG_ERROR, "ap_scan = %d (%d) rejected while "
4674 			   "associating", wpa_s->conf->ap_scan, ap_scan);
4675 		return 0;
4676 	}
4677 #endif /* ANDROID */
4678 
4679 	old_ap_scan = wpa_s->conf->ap_scan;
4680 	wpa_s->conf->ap_scan = ap_scan;
4681 
4682 	if (old_ap_scan != wpa_s->conf->ap_scan)
4683 		wpas_notify_ap_scan_changed(wpa_s);
4684 
4685 	return 0;
4686 }
4687 
4688 
4689 /**
4690  * wpa_supplicant_set_bss_expiration_age - Set BSS entry expiration age
4691  * @wpa_s: wpa_supplicant structure for a network interface
4692  * @expire_age: Expiration age in seconds
4693  * Returns: 0 if succeed or -1 if expire_age has an invalid value
4694  *
4695  */
4696 int wpa_supplicant_set_bss_expiration_age(struct wpa_supplicant *wpa_s,
4697 					  unsigned int bss_expire_age)
4698 {
4699 	if (bss_expire_age < 10) {
4700 		wpa_msg(wpa_s, MSG_ERROR, "Invalid bss expiration age %u",
4701 			bss_expire_age);
4702 		return -1;
4703 	}
4704 	wpa_msg(wpa_s, MSG_DEBUG, "Setting bss expiration age: %d sec",
4705 		bss_expire_age);
4706 	wpa_s->conf->bss_expiration_age = bss_expire_age;
4707 
4708 	return 0;
4709 }
4710 
4711 
4712 /**
4713  * wpa_supplicant_set_bss_expiration_count - Set BSS entry expiration scan count
4714  * @wpa_s: wpa_supplicant structure for a network interface
4715  * @expire_count: number of scans after which an unseen BSS is reclaimed
4716  * Returns: 0 if succeed or -1 if expire_count has an invalid value
4717  *
4718  */
4719 int wpa_supplicant_set_bss_expiration_count(struct wpa_supplicant *wpa_s,
4720 					    unsigned int bss_expire_count)
4721 {
4722 	if (bss_expire_count < 1) {
4723 		wpa_msg(wpa_s, MSG_ERROR, "Invalid bss expiration count %u",
4724 			bss_expire_count);
4725 		return -1;
4726 	}
4727 	wpa_msg(wpa_s, MSG_DEBUG, "Setting bss expiration scan count: %u",
4728 		bss_expire_count);
4729 	wpa_s->conf->bss_expiration_scan_count = bss_expire_count;
4730 
4731 	return 0;
4732 }
4733 
4734 
4735 /**
4736  * wpa_supplicant_set_scan_interval - Set scan interval
4737  * @wpa_s: wpa_supplicant structure for a network interface
4738  * @scan_interval: scan interval in seconds
4739  * Returns: 0 if succeed or -1 if scan_interval has an invalid value
4740  *
4741  */
4742 int wpa_supplicant_set_scan_interval(struct wpa_supplicant *wpa_s,
4743 				     int scan_interval)
4744 {
4745 	if (scan_interval < 0) {
4746 		wpa_msg(wpa_s, MSG_ERROR, "Invalid scan interval %d",
4747 			scan_interval);
4748 		return -1;
4749 	}
4750 	wpa_msg(wpa_s, MSG_DEBUG, "Setting scan interval: %d sec",
4751 		scan_interval);
4752 	wpa_supplicant_update_scan_int(wpa_s, scan_interval);
4753 
4754 	return 0;
4755 }
4756 
4757 
4758 /**
4759  * wpa_supplicant_set_debug_params - Set global debug params
4760  * @global: wpa_global structure
4761  * @debug_level: debug level
4762  * @debug_timestamp: determines if show timestamp in debug data
4763  * @debug_show_keys: determines if show keys in debug data
4764  * Returns: 0 if succeed or -1 if debug_level has wrong value
4765  */
4766 int wpa_supplicant_set_debug_params(struct wpa_global *global, int debug_level,
4767 				    int debug_timestamp, int debug_show_keys)
4768 {
4769 
4770 	int old_level, old_timestamp, old_show_keys;
4771 
4772 	/* check for allowed debuglevels */
4773 	if (debug_level != MSG_EXCESSIVE &&
4774 	    debug_level != MSG_MSGDUMP &&
4775 	    debug_level != MSG_DEBUG &&
4776 	    debug_level != MSG_INFO &&
4777 	    debug_level != MSG_WARNING &&
4778 	    debug_level != MSG_ERROR)
4779 		return -1;
4780 
4781 	old_level = wpa_debug_level;
4782 	old_timestamp = wpa_debug_timestamp;
4783 	old_show_keys = wpa_debug_show_keys;
4784 
4785 	wpa_debug_level = debug_level;
4786 	wpa_debug_timestamp = debug_timestamp ? 1 : 0;
4787 	wpa_debug_show_keys = debug_show_keys ? 1 : 0;
4788 
4789 	if (wpa_debug_level != old_level)
4790 		wpas_notify_debug_level_changed(global);
4791 	if (wpa_debug_timestamp != old_timestamp)
4792 		wpas_notify_debug_timestamp_changed(global);
4793 	if (wpa_debug_show_keys != old_show_keys)
4794 		wpas_notify_debug_show_keys_changed(global);
4795 
4796 	return 0;
4797 }
4798 
4799 
4800 #ifdef CONFIG_OWE
4801 static int owe_trans_ssid_match(struct wpa_supplicant *wpa_s, const u8 *bssid,
4802 				const u8 *entry_ssid, size_t entry_ssid_len)
4803 {
4804 	const u8 *owe, *pos, *end;
4805 	u8 ssid_len;
4806 	struct wpa_bss *bss;
4807 
4808 	/* Check network profile SSID aganst the SSID in the
4809 	 * OWE Transition Mode element. */
4810 
4811 	bss = wpa_bss_get_bssid_latest(wpa_s, bssid);
4812 	if (!bss)
4813 		return 0;
4814 
4815 	owe = wpa_bss_get_vendor_ie(bss, OWE_IE_VENDOR_TYPE);
4816 	if (!owe)
4817 		return 0;
4818 
4819 	pos = owe + 6;
4820 	end = owe + 2 + owe[1];
4821 
4822 	if (end - pos < ETH_ALEN + 1)
4823 		return 0;
4824 	pos += ETH_ALEN;
4825 	ssid_len = *pos++;
4826 	if (end - pos < ssid_len || ssid_len > SSID_MAX_LEN)
4827 		return 0;
4828 
4829 	return entry_ssid_len == ssid_len &&
4830 		os_memcmp(pos, entry_ssid, ssid_len) == 0;
4831 }
4832 #endif /* CONFIG_OWE */
4833 
4834 
4835 /**
4836  * wpa_supplicant_get_ssid - Get a pointer to the current network structure
4837  * @wpa_s: Pointer to wpa_supplicant data
4838  * Returns: A pointer to the current network structure or %NULL on failure
4839  */
4840 struct wpa_ssid * wpa_supplicant_get_ssid(struct wpa_supplicant *wpa_s)
4841 {
4842 	struct wpa_ssid *entry;
4843 	u8 ssid[SSID_MAX_LEN];
4844 	int res;
4845 	size_t ssid_len;
4846 	u8 bssid[ETH_ALEN];
4847 	int wired;
4848 
4849 	res = wpa_drv_get_ssid(wpa_s, ssid);
4850 	if (res < 0) {
4851 		wpa_msg(wpa_s, MSG_WARNING, "Could not read SSID from "
4852 			"driver");
4853 		return NULL;
4854 	}
4855 	ssid_len = res;
4856 
4857 	if (wpa_drv_get_bssid(wpa_s, bssid) < 0) {
4858 		wpa_msg(wpa_s, MSG_WARNING, "Could not read BSSID from "
4859 			"driver");
4860 		return NULL;
4861 	}
4862 
4863 	wired = wpa_s->conf->ap_scan == 0 &&
4864 		(wpa_s->drv_flags & WPA_DRIVER_FLAGS_WIRED);
4865 
4866 	entry = wpa_s->conf->ssid;
4867 	while (entry) {
4868 		if (!wpas_network_disabled(wpa_s, entry) &&
4869 		    ((ssid_len == entry->ssid_len &&
4870 		      (!entry->ssid ||
4871 		       os_memcmp(ssid, entry->ssid, ssid_len) == 0)) ||
4872 		     wired) &&
4873 		    (!entry->bssid_set ||
4874 		     os_memcmp(bssid, entry->bssid, ETH_ALEN) == 0))
4875 			return entry;
4876 #ifdef CONFIG_WPS
4877 		if (!wpas_network_disabled(wpa_s, entry) &&
4878 		    (entry->key_mgmt & WPA_KEY_MGMT_WPS) &&
4879 		    (entry->ssid == NULL || entry->ssid_len == 0) &&
4880 		    (!entry->bssid_set ||
4881 		     os_memcmp(bssid, entry->bssid, ETH_ALEN) == 0))
4882 			return entry;
4883 #endif /* CONFIG_WPS */
4884 
4885 #ifdef CONFIG_OWE
4886 		if (!wpas_network_disabled(wpa_s, entry) &&
4887 		    owe_trans_ssid_match(wpa_s, bssid, entry->ssid,
4888 		    entry->ssid_len) &&
4889 		    (!entry->bssid_set ||
4890 		     os_memcmp(bssid, entry->bssid, ETH_ALEN) == 0))
4891 			return entry;
4892 #endif /* CONFIG_OWE */
4893 
4894 		if (!wpas_network_disabled(wpa_s, entry) && entry->bssid_set &&
4895 		    entry->ssid_len == 0 &&
4896 		    os_memcmp(bssid, entry->bssid, ETH_ALEN) == 0)
4897 			return entry;
4898 
4899 		entry = entry->next;
4900 	}
4901 
4902 	return NULL;
4903 }
4904 
4905 
4906 static int select_driver(struct wpa_supplicant *wpa_s, int i)
4907 {
4908 	struct wpa_global *global = wpa_s->global;
4909 
4910 	if (wpa_drivers[i]->global_init && global->drv_priv[i] == NULL) {
4911 		global->drv_priv[i] = wpa_drivers[i]->global_init(global);
4912 		if (global->drv_priv[i] == NULL) {
4913 			wpa_printf(MSG_ERROR, "Failed to initialize driver "
4914 				   "'%s'", wpa_drivers[i]->name);
4915 			return -1;
4916 		}
4917 	}
4918 
4919 	wpa_s->driver = wpa_drivers[i];
4920 	wpa_s->global_drv_priv = global->drv_priv[i];
4921 
4922 	return 0;
4923 }
4924 
4925 
4926 static int wpa_supplicant_set_driver(struct wpa_supplicant *wpa_s,
4927 				     const char *name)
4928 {
4929 	int i;
4930 	size_t len;
4931 	const char *pos, *driver = name;
4932 
4933 	if (wpa_s == NULL)
4934 		return -1;
4935 
4936 	if (wpa_drivers[0] == NULL) {
4937 		wpa_msg(wpa_s, MSG_ERROR, "No driver interfaces build into "
4938 			"wpa_supplicant");
4939 		return -1;
4940 	}
4941 
4942 	if (name == NULL) {
4943 		/* Default to first successful driver in the list */
4944 		for (i = 0; wpa_drivers[i]; i++) {
4945 			if (select_driver(wpa_s, i) == 0)
4946 				return 0;
4947 		}
4948 		/* Drivers have each reported failure, so no wpa_msg() here. */
4949 		return -1;
4950 	}
4951 
4952 	do {
4953 		pos = os_strchr(driver, ',');
4954 		if (pos)
4955 			len = pos - driver;
4956 		else
4957 			len = os_strlen(driver);
4958 
4959 		for (i = 0; wpa_drivers[i]; i++) {
4960 			if (os_strlen(wpa_drivers[i]->name) == len &&
4961 			    os_strncmp(driver, wpa_drivers[i]->name, len) ==
4962 			    0) {
4963 				/* First driver that succeeds wins */
4964 				if (select_driver(wpa_s, i) == 0)
4965 					return 0;
4966 			}
4967 		}
4968 
4969 		driver = pos + 1;
4970 	} while (pos);
4971 
4972 	wpa_msg(wpa_s, MSG_ERROR, "Unsupported driver '%s'", name);
4973 	return -1;
4974 }
4975 
4976 
4977 /**
4978  * wpa_supplicant_rx_eapol - Deliver a received EAPOL frame to wpa_supplicant
4979  * @ctx: Context pointer (wpa_s); this is the ctx variable registered
4980  *	with struct wpa_driver_ops::init()
4981  * @src_addr: Source address of the EAPOL frame
4982  * @buf: EAPOL data starting from the EAPOL header (i.e., no Ethernet header)
4983  * @len: Length of the EAPOL data
4984  *
4985  * This function is called for each received EAPOL frame. Most driver
4986  * interfaces rely on more generic OS mechanism for receiving frames through
4987  * l2_packet, but if such a mechanism is not available, the driver wrapper may
4988  * take care of received EAPOL frames and deliver them to the core supplicant
4989  * code by calling this function.
4990  */
4991 void wpa_supplicant_rx_eapol(void *ctx, const u8 *src_addr,
4992 			     const u8 *buf, size_t len)
4993 {
4994 	struct wpa_supplicant *wpa_s = ctx;
4995 
4996 	wpa_dbg(wpa_s, MSG_DEBUG, "RX EAPOL from " MACSTR, MAC2STR(src_addr));
4997 	wpa_hexdump(MSG_MSGDUMP, "RX EAPOL", buf, len);
4998 
4999 	if (wpa_s->own_disconnect_req) {
5000 		wpa_printf(MSG_DEBUG,
5001 			   "Drop received EAPOL frame as we are disconnecting");
5002 		return;
5003 	}
5004 
5005 #ifdef CONFIG_TESTING_OPTIONS
5006 	wpa_msg_ctrl(wpa_s, MSG_INFO, "EAPOL-RX " MACSTR " %zu",
5007 		     MAC2STR(src_addr), len);
5008 	if (wpa_s->ignore_auth_resp) {
5009 		wpa_printf(MSG_INFO, "RX EAPOL - ignore_auth_resp active!");
5010 		return;
5011 	}
5012 #endif /* CONFIG_TESTING_OPTIONS */
5013 
5014 	if (wpa_s->wpa_state < WPA_ASSOCIATED ||
5015 	    (wpa_s->last_eapol_matches_bssid &&
5016 #ifdef CONFIG_AP
5017 	     !wpa_s->ap_iface &&
5018 #endif /* CONFIG_AP */
5019 	     os_memcmp(src_addr, wpa_s->bssid, ETH_ALEN) != 0)) {
5020 		/*
5021 		 * There is possible race condition between receiving the
5022 		 * association event and the EAPOL frame since they are coming
5023 		 * through different paths from the driver. In order to avoid
5024 		 * issues in trying to process the EAPOL frame before receiving
5025 		 * association information, lets queue it for processing until
5026 		 * the association event is received. This may also be needed in
5027 		 * driver-based roaming case, so also use src_addr != BSSID as a
5028 		 * trigger if we have previously confirmed that the
5029 		 * Authenticator uses BSSID as the src_addr (which is not the
5030 		 * case with wired IEEE 802.1X).
5031 		 */
5032 		wpa_dbg(wpa_s, MSG_DEBUG, "Not associated - Delay processing "
5033 			"of received EAPOL frame (state=%s bssid=" MACSTR ")",
5034 			wpa_supplicant_state_txt(wpa_s->wpa_state),
5035 			MAC2STR(wpa_s->bssid));
5036 		wpabuf_free(wpa_s->pending_eapol_rx);
5037 		wpa_s->pending_eapol_rx = wpabuf_alloc_copy(buf, len);
5038 		if (wpa_s->pending_eapol_rx) {
5039 			os_get_reltime(&wpa_s->pending_eapol_rx_time);
5040 			os_memcpy(wpa_s->pending_eapol_rx_src, src_addr,
5041 				  ETH_ALEN);
5042 		}
5043 		return;
5044 	}
5045 
5046 	wpa_s->last_eapol_matches_bssid =
5047 		os_memcmp(src_addr, wpa_s->bssid, ETH_ALEN) == 0;
5048 
5049 #ifdef CONFIG_AP
5050 	if (wpa_s->ap_iface) {
5051 		wpa_supplicant_ap_rx_eapol(wpa_s, src_addr, buf, len);
5052 		return;
5053 	}
5054 #endif /* CONFIG_AP */
5055 
5056 	if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE) {
5057 		wpa_dbg(wpa_s, MSG_DEBUG, "Ignored received EAPOL frame since "
5058 			"no key management is configured");
5059 		return;
5060 	}
5061 
5062 	if (wpa_s->eapol_received == 0 &&
5063 	    (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_PSK) ||
5064 	     !wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt) ||
5065 	     wpa_s->wpa_state != WPA_COMPLETED) &&
5066 	    (wpa_s->current_ssid == NULL ||
5067 	     wpa_s->current_ssid->mode != WPAS_MODE_IBSS)) {
5068 		/* Timeout for completing IEEE 802.1X and WPA authentication */
5069 		int timeout = 10;
5070 
5071 		if (wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt) ||
5072 		    wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA ||
5073 		    wpa_s->key_mgmt == WPA_KEY_MGMT_WPS) {
5074 			/* Use longer timeout for IEEE 802.1X/EAP */
5075 			timeout = 70;
5076 		}
5077 
5078 #ifdef CONFIG_WPS
5079 		if (wpa_s->current_ssid && wpa_s->current_bss &&
5080 		    (wpa_s->current_ssid->key_mgmt & WPA_KEY_MGMT_WPS) &&
5081 		    eap_is_wps_pin_enrollee(&wpa_s->current_ssid->eap)) {
5082 			/*
5083 			 * Use shorter timeout if going through WPS AP iteration
5084 			 * for PIN config method with an AP that does not
5085 			 * advertise Selected Registrar.
5086 			 */
5087 			struct wpabuf *wps_ie;
5088 
5089 			wps_ie = wpa_bss_get_vendor_ie_multi(
5090 				wpa_s->current_bss, WPS_IE_VENDOR_TYPE);
5091 			if (wps_ie &&
5092 			    !wps_is_addr_authorized(wps_ie, wpa_s->own_addr, 1))
5093 				timeout = 10;
5094 			wpabuf_free(wps_ie);
5095 		}
5096 #endif /* CONFIG_WPS */
5097 
5098 		wpa_supplicant_req_auth_timeout(wpa_s, timeout, 0);
5099 	}
5100 	wpa_s->eapol_received++;
5101 
5102 	if (wpa_s->countermeasures) {
5103 		wpa_msg(wpa_s, MSG_INFO, "WPA: Countermeasures - dropped "
5104 			"EAPOL packet");
5105 		return;
5106 	}
5107 
5108 #ifdef CONFIG_IBSS_RSN
5109 	if (wpa_s->current_ssid &&
5110 	    wpa_s->current_ssid->mode == WPAS_MODE_IBSS) {
5111 		ibss_rsn_rx_eapol(wpa_s->ibss_rsn, src_addr, buf, len);
5112 		return;
5113 	}
5114 #endif /* CONFIG_IBSS_RSN */
5115 
5116 	/* Source address of the incoming EAPOL frame could be compared to the
5117 	 * current BSSID. However, it is possible that a centralized
5118 	 * Authenticator could be using another MAC address than the BSSID of
5119 	 * an AP, so just allow any address to be used for now. The replies are
5120 	 * still sent to the current BSSID (if available), though. */
5121 
5122 	os_memcpy(wpa_s->last_eapol_src, src_addr, ETH_ALEN);
5123 	if (!wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt) &&
5124 	    wpa_s->key_mgmt != WPA_KEY_MGMT_OWE &&
5125 	    wpa_s->key_mgmt != WPA_KEY_MGMT_DPP &&
5126 	    eapol_sm_rx_eapol(wpa_s->eapol, src_addr, buf, len) > 0)
5127 		return;
5128 	wpa_drv_poll(wpa_s);
5129 	if (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_PSK))
5130 		wpa_sm_rx_eapol(wpa_s->wpa, src_addr, buf, len);
5131 	else if (wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt)) {
5132 		/*
5133 		 * Set portValid = true here since we are going to skip 4-way
5134 		 * handshake processing which would normally set portValid. We
5135 		 * need this to allow the EAPOL state machines to be completed
5136 		 * without going through EAPOL-Key handshake.
5137 		 */
5138 		eapol_sm_notify_portValid(wpa_s->eapol, true);
5139 	}
5140 }
5141 
5142 
5143 static int wpas_eapol_needs_l2_packet(struct wpa_supplicant *wpa_s)
5144 {
5145 	return !(wpa_s->drv_flags & WPA_DRIVER_FLAGS_CONTROL_PORT) ||
5146 		!(wpa_s->drv_flags2 & WPA_DRIVER_FLAGS2_CONTROL_PORT_RX);
5147 }
5148 
5149 
5150 int wpa_supplicant_update_mac_addr(struct wpa_supplicant *wpa_s)
5151 {
5152 	if ((!wpa_s->p2p_mgmt ||
5153 	     !(wpa_s->drv_flags & WPA_DRIVER_FLAGS_DEDICATED_P2P_DEVICE)) &&
5154 	    !(wpa_s->drv_flags & WPA_DRIVER_FLAGS_P2P_DEDICATED_INTERFACE)) {
5155 		l2_packet_deinit(wpa_s->l2);
5156 		wpa_s->l2 = l2_packet_init(wpa_s->ifname,
5157 					   wpa_drv_get_mac_addr(wpa_s),
5158 					   ETH_P_EAPOL,
5159 					   wpas_eapol_needs_l2_packet(wpa_s) ?
5160 					   wpa_supplicant_rx_eapol : NULL,
5161 					   wpa_s, 0);
5162 		if (wpa_s->l2 == NULL)
5163 			return -1;
5164 
5165 		if (l2_packet_set_packet_filter(wpa_s->l2,
5166 						L2_PACKET_FILTER_PKTTYPE))
5167 			wpa_dbg(wpa_s, MSG_DEBUG,
5168 				"Failed to attach pkt_type filter");
5169 
5170 		if (l2_packet_get_own_addr(wpa_s->l2, wpa_s->own_addr)) {
5171 			wpa_msg(wpa_s, MSG_ERROR,
5172 				"Failed to get own L2 address");
5173 			return -1;
5174 		}
5175 	} else {
5176 		const u8 *addr = wpa_drv_get_mac_addr(wpa_s);
5177 		if (addr)
5178 			os_memcpy(wpa_s->own_addr, addr, ETH_ALEN);
5179 	}
5180 
5181 	wpa_sm_set_own_addr(wpa_s->wpa, wpa_s->own_addr);
5182 	wpas_wps_update_mac_addr(wpa_s);
5183 
5184 #ifdef CONFIG_FST
5185 	if (wpa_s->fst)
5186 		fst_update_mac_addr(wpa_s->fst, wpa_s->own_addr);
5187 #endif /* CONFIG_FST */
5188 
5189 	return 0;
5190 }
5191 
5192 
5193 static void wpa_supplicant_rx_eapol_bridge(void *ctx, const u8 *src_addr,
5194 					   const u8 *buf, size_t len)
5195 {
5196 	struct wpa_supplicant *wpa_s = ctx;
5197 	const struct l2_ethhdr *eth;
5198 
5199 	if (len < sizeof(*eth))
5200 		return;
5201 	eth = (const struct l2_ethhdr *) buf;
5202 
5203 	if (os_memcmp(eth->h_dest, wpa_s->own_addr, ETH_ALEN) != 0 &&
5204 	    !(eth->h_dest[0] & 0x01)) {
5205 		wpa_dbg(wpa_s, MSG_DEBUG, "RX EAPOL from " MACSTR " to " MACSTR
5206 			" (bridge - not for this interface - ignore)",
5207 			MAC2STR(src_addr), MAC2STR(eth->h_dest));
5208 		return;
5209 	}
5210 
5211 	wpa_dbg(wpa_s, MSG_DEBUG, "RX EAPOL from " MACSTR " to " MACSTR
5212 		" (bridge)", MAC2STR(src_addr), MAC2STR(eth->h_dest));
5213 	wpa_supplicant_rx_eapol(wpa_s, src_addr, buf + sizeof(*eth),
5214 				len - sizeof(*eth));
5215 }
5216 
5217 
5218 int wpa_supplicant_update_bridge_ifname(struct wpa_supplicant *wpa_s,
5219 					const char *bridge_ifname)
5220 {
5221 	if (wpa_s->wpa_state > WPA_SCANNING)
5222 		return -EBUSY;
5223 
5224 	if (bridge_ifname &&
5225 	    os_strlen(bridge_ifname) >= sizeof(wpa_s->bridge_ifname))
5226 		return -EINVAL;
5227 
5228 	if (!bridge_ifname)
5229 		bridge_ifname = "";
5230 
5231 	if (os_strcmp(wpa_s->bridge_ifname, bridge_ifname) == 0)
5232 		return 0;
5233 
5234 	if (wpa_s->l2_br) {
5235 		l2_packet_deinit(wpa_s->l2_br);
5236 		wpa_s->l2_br = NULL;
5237 	}
5238 
5239 	os_strlcpy(wpa_s->bridge_ifname, bridge_ifname,
5240 		   sizeof(wpa_s->bridge_ifname));
5241 
5242 	if (wpa_s->bridge_ifname[0]) {
5243 		wpa_dbg(wpa_s, MSG_DEBUG,
5244 			"Receiving packets from bridge interface '%s'",
5245 			wpa_s->bridge_ifname);
5246 		wpa_s->l2_br = l2_packet_init_bridge(
5247 			wpa_s->bridge_ifname, wpa_s->ifname, wpa_s->own_addr,
5248 			ETH_P_EAPOL, wpa_supplicant_rx_eapol_bridge, wpa_s, 1);
5249 		if (!wpa_s->l2_br) {
5250 			wpa_msg(wpa_s, MSG_ERROR,
5251 				"Failed to open l2_packet connection for the bridge interface '%s'",
5252 				wpa_s->bridge_ifname);
5253 			goto fail;
5254 		}
5255 	}
5256 
5257 #ifdef CONFIG_TDLS
5258 	if (!wpa_s->p2p_mgmt && wpa_tdls_init(wpa_s->wpa))
5259 		goto fail;
5260 #endif /* CONFIG_TDLS */
5261 
5262 	return 0;
5263 fail:
5264 	wpa_s->bridge_ifname[0] = 0;
5265 	if (wpa_s->l2_br) {
5266 		l2_packet_deinit(wpa_s->l2_br);
5267 		wpa_s->l2_br = NULL;
5268 	}
5269 #ifdef CONFIG_TDLS
5270 	if (!wpa_s->p2p_mgmt)
5271 		wpa_tdls_init(wpa_s->wpa);
5272 #endif /* CONFIG_TDLS */
5273 	return -EIO;
5274 }
5275 
5276 
5277 /**
5278  * wpa_supplicant_driver_init - Initialize driver interface parameters
5279  * @wpa_s: Pointer to wpa_supplicant data
5280  * Returns: 0 on success, -1 on failure
5281  *
5282  * This function is called to initialize driver interface parameters.
5283  * wpa_drv_init() must have been called before this function to initialize the
5284  * driver interface.
5285  */
5286 int wpa_supplicant_driver_init(struct wpa_supplicant *wpa_s)
5287 {
5288 	static int interface_count = 0;
5289 
5290 	if (wpa_supplicant_update_mac_addr(wpa_s) < 0)
5291 		return -1;
5292 
5293 	wpa_dbg(wpa_s, MSG_DEBUG, "Own MAC address: " MACSTR,
5294 		MAC2STR(wpa_s->own_addr));
5295 	os_memcpy(wpa_s->perm_addr, wpa_s->own_addr, ETH_ALEN);
5296 	wpa_sm_set_own_addr(wpa_s->wpa, wpa_s->own_addr);
5297 
5298 	if (wpa_s->bridge_ifname[0] && wpas_eapol_needs_l2_packet(wpa_s)) {
5299 		wpa_dbg(wpa_s, MSG_DEBUG, "Receiving packets from bridge "
5300 			"interface '%s'", wpa_s->bridge_ifname);
5301 		wpa_s->l2_br = l2_packet_init_bridge(
5302 			wpa_s->bridge_ifname, wpa_s->ifname, wpa_s->own_addr,
5303 			ETH_P_EAPOL, wpa_supplicant_rx_eapol_bridge, wpa_s, 1);
5304 		if (wpa_s->l2_br == NULL) {
5305 			wpa_msg(wpa_s, MSG_ERROR, "Failed to open l2_packet "
5306 				"connection for the bridge interface '%s'",
5307 				wpa_s->bridge_ifname);
5308 			return -1;
5309 		}
5310 	}
5311 
5312 	if (wpa_s->conf->ap_scan == 2 &&
5313 	    os_strcmp(wpa_s->driver->name, "nl80211") == 0) {
5314 		wpa_printf(MSG_INFO,
5315 			   "Note: nl80211 driver interface is not designed to be used with ap_scan=2; this can result in connection failures");
5316 	}
5317 
5318 	wpa_clear_keys(wpa_s, NULL);
5319 
5320 	/* Make sure that TKIP countermeasures are not left enabled (could
5321 	 * happen if wpa_supplicant is killed during countermeasures. */
5322 	wpa_drv_set_countermeasures(wpa_s, 0);
5323 
5324 	wpa_dbg(wpa_s, MSG_DEBUG, "RSN: flushing PMKID list in the driver");
5325 	wpa_drv_flush_pmkid(wpa_s);
5326 
5327 	wpa_s->prev_scan_ssid = WILDCARD_SSID_SCAN;
5328 	wpa_s->prev_scan_wildcard = 0;
5329 
5330 	if (wpa_supplicant_enabled_networks(wpa_s)) {
5331 		if (wpa_s->wpa_state == WPA_INTERFACE_DISABLED) {
5332 			wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED);
5333 			interface_count = 0;
5334 		}
5335 #ifndef ANDROID
5336 		if (!wpa_s->p2p_mgmt &&
5337 		    wpa_supplicant_delayed_sched_scan(wpa_s,
5338 						      interface_count % 3,
5339 						      100000))
5340 			wpa_supplicant_req_scan(wpa_s, interface_count % 3,
5341 						100000);
5342 #endif /* ANDROID */
5343 		interface_count++;
5344 	} else
5345 		wpa_supplicant_set_state(wpa_s, WPA_INACTIVE);
5346 
5347 	return 0;
5348 }
5349 
5350 
5351 static int wpa_supplicant_daemon(const char *pid_file)
5352 {
5353 	wpa_printf(MSG_DEBUG, "Daemonize..");
5354 	return os_daemonize(pid_file);
5355 }
5356 
5357 
5358 static struct wpa_supplicant *
5359 wpa_supplicant_alloc(struct wpa_supplicant *parent)
5360 {
5361 	struct wpa_supplicant *wpa_s;
5362 
5363 	wpa_s = os_zalloc(sizeof(*wpa_s));
5364 	if (wpa_s == NULL)
5365 		return NULL;
5366 	wpa_s->scan_req = INITIAL_SCAN_REQ;
5367 	wpa_s->scan_interval = 5;
5368 	wpa_s->new_connection = 1;
5369 	wpa_s->parent = parent ? parent : wpa_s;
5370 	wpa_s->p2pdev = wpa_s->parent;
5371 	wpa_s->sched_scanning = 0;
5372 	wpa_s->setband_mask = WPA_SETBAND_AUTO;
5373 
5374 	dl_list_init(&wpa_s->bss_tmp_disallowed);
5375 	dl_list_init(&wpa_s->fils_hlp_req);
5376 #ifdef CONFIG_TESTING_OPTIONS
5377 	dl_list_init(&wpa_s->drv_signal_override);
5378 #endif /* CONFIG_TESTING_OPTIONS */
5379 	dl_list_init(&wpa_s->active_scs_ids);
5380 
5381 	return wpa_s;
5382 }
5383 
5384 
5385 #ifdef CONFIG_HT_OVERRIDES
5386 
5387 static int wpa_set_htcap_mcs(struct wpa_supplicant *wpa_s,
5388 			     struct ieee80211_ht_capabilities *htcaps,
5389 			     struct ieee80211_ht_capabilities *htcaps_mask,
5390 			     const char *ht_mcs)
5391 {
5392 	/* parse ht_mcs into hex array */
5393 	int i;
5394 	const char *tmp = ht_mcs;
5395 	char *end = NULL;
5396 
5397 	/* If ht_mcs is null, do not set anything */
5398 	if (!ht_mcs)
5399 		return 0;
5400 
5401 	/* This is what we are setting in the kernel */
5402 	os_memset(&htcaps->supported_mcs_set, 0, IEEE80211_HT_MCS_MASK_LEN);
5403 
5404 	wpa_msg(wpa_s, MSG_DEBUG, "set_htcap, ht_mcs -:%s:-", ht_mcs);
5405 
5406 	for (i = 0; i < IEEE80211_HT_MCS_MASK_LEN; i++) {
5407 		long v;
5408 
5409 		errno = 0;
5410 		v = strtol(tmp, &end, 16);
5411 
5412 		if (errno == 0) {
5413 			wpa_msg(wpa_s, MSG_DEBUG,
5414 				"htcap value[%i]: %ld end: %p  tmp: %p",
5415 				i, v, end, tmp);
5416 			if (end == tmp)
5417 				break;
5418 
5419 			htcaps->supported_mcs_set[i] = v;
5420 			tmp = end;
5421 		} else {
5422 			wpa_msg(wpa_s, MSG_ERROR,
5423 				"Failed to parse ht-mcs: %s, error: %s\n",
5424 				ht_mcs, strerror(errno));
5425 			return -1;
5426 		}
5427 	}
5428 
5429 	/*
5430 	 * If we were able to parse any values, then set mask for the MCS set.
5431 	 */
5432 	if (i) {
5433 		os_memset(&htcaps_mask->supported_mcs_set, 0xff,
5434 			  IEEE80211_HT_MCS_MASK_LEN - 1);
5435 		/* skip the 3 reserved bits */
5436 		htcaps_mask->supported_mcs_set[IEEE80211_HT_MCS_MASK_LEN - 1] =
5437 			0x1f;
5438 	}
5439 
5440 	return 0;
5441 }
5442 
5443 
5444 static int wpa_disable_max_amsdu(struct wpa_supplicant *wpa_s,
5445 				 struct ieee80211_ht_capabilities *htcaps,
5446 				 struct ieee80211_ht_capabilities *htcaps_mask,
5447 				 int disabled)
5448 {
5449 	le16 msk;
5450 
5451 	if (disabled == -1)
5452 		return 0;
5453 
5454 	wpa_msg(wpa_s, MSG_DEBUG, "set_disable_max_amsdu: %d", disabled);
5455 
5456 	msk = host_to_le16(HT_CAP_INFO_MAX_AMSDU_SIZE);
5457 	htcaps_mask->ht_capabilities_info |= msk;
5458 	if (disabled)
5459 		htcaps->ht_capabilities_info &= msk;
5460 	else
5461 		htcaps->ht_capabilities_info |= msk;
5462 
5463 	return 0;
5464 }
5465 
5466 
5467 static int wpa_set_ampdu_factor(struct wpa_supplicant *wpa_s,
5468 				struct ieee80211_ht_capabilities *htcaps,
5469 				struct ieee80211_ht_capabilities *htcaps_mask,
5470 				int factor)
5471 {
5472 	if (factor == -1)
5473 		return 0;
5474 
5475 	wpa_msg(wpa_s, MSG_DEBUG, "set_ampdu_factor: %d", factor);
5476 
5477 	if (factor < 0 || factor > 3) {
5478 		wpa_msg(wpa_s, MSG_ERROR, "ampdu_factor: %d out of range. "
5479 			"Must be 0-3 or -1", factor);
5480 		return -EINVAL;
5481 	}
5482 
5483 	htcaps_mask->a_mpdu_params |= 0x3; /* 2 bits for factor */
5484 	htcaps->a_mpdu_params &= ~0x3;
5485 	htcaps->a_mpdu_params |= factor & 0x3;
5486 
5487 	return 0;
5488 }
5489 
5490 
5491 static int wpa_set_ampdu_density(struct wpa_supplicant *wpa_s,
5492 				 struct ieee80211_ht_capabilities *htcaps,
5493 				 struct ieee80211_ht_capabilities *htcaps_mask,
5494 				 int density)
5495 {
5496 	if (density == -1)
5497 		return 0;
5498 
5499 	wpa_msg(wpa_s, MSG_DEBUG, "set_ampdu_density: %d", density);
5500 
5501 	if (density < 0 || density > 7) {
5502 		wpa_msg(wpa_s, MSG_ERROR,
5503 			"ampdu_density: %d out of range. Must be 0-7 or -1.",
5504 			density);
5505 		return -EINVAL;
5506 	}
5507 
5508 	htcaps_mask->a_mpdu_params |= 0x1C;
5509 	htcaps->a_mpdu_params &= ~(0x1C);
5510 	htcaps->a_mpdu_params |= (density << 2) & 0x1C;
5511 
5512 	return 0;
5513 }
5514 
5515 
5516 static int wpa_set_disable_ht40(struct wpa_supplicant *wpa_s,
5517 				struct ieee80211_ht_capabilities *htcaps,
5518 				struct ieee80211_ht_capabilities *htcaps_mask,
5519 				int disabled)
5520 {
5521 	if (disabled)
5522 		wpa_msg(wpa_s, MSG_DEBUG, "set_disable_ht40: %d", disabled);
5523 
5524 	set_disable_ht40(htcaps, disabled);
5525 	set_disable_ht40(htcaps_mask, 0);
5526 
5527 	return 0;
5528 }
5529 
5530 
5531 static int wpa_set_disable_sgi(struct wpa_supplicant *wpa_s,
5532 			       struct ieee80211_ht_capabilities *htcaps,
5533 			       struct ieee80211_ht_capabilities *htcaps_mask,
5534 			       int disabled)
5535 {
5536 	/* Masking these out disables SGI */
5537 	le16 msk = host_to_le16(HT_CAP_INFO_SHORT_GI20MHZ |
5538 				HT_CAP_INFO_SHORT_GI40MHZ);
5539 
5540 	if (disabled)
5541 		wpa_msg(wpa_s, MSG_DEBUG, "set_disable_sgi: %d", disabled);
5542 
5543 	if (disabled)
5544 		htcaps->ht_capabilities_info &= ~msk;
5545 	else
5546 		htcaps->ht_capabilities_info |= msk;
5547 
5548 	htcaps_mask->ht_capabilities_info |= msk;
5549 
5550 	return 0;
5551 }
5552 
5553 
5554 static int wpa_set_disable_ldpc(struct wpa_supplicant *wpa_s,
5555 			       struct ieee80211_ht_capabilities *htcaps,
5556 			       struct ieee80211_ht_capabilities *htcaps_mask,
5557 			       int disabled)
5558 {
5559 	/* Masking these out disables LDPC */
5560 	le16 msk = host_to_le16(HT_CAP_INFO_LDPC_CODING_CAP);
5561 
5562 	if (disabled)
5563 		wpa_msg(wpa_s, MSG_DEBUG, "set_disable_ldpc: %d", disabled);
5564 
5565 	if (disabled)
5566 		htcaps->ht_capabilities_info &= ~msk;
5567 	else
5568 		htcaps->ht_capabilities_info |= msk;
5569 
5570 	htcaps_mask->ht_capabilities_info |= msk;
5571 
5572 	return 0;
5573 }
5574 
5575 
5576 static int wpa_set_tx_stbc(struct wpa_supplicant *wpa_s,
5577 			   struct ieee80211_ht_capabilities *htcaps,
5578 			   struct ieee80211_ht_capabilities *htcaps_mask,
5579 			   int tx_stbc)
5580 {
5581 	le16 msk = host_to_le16(HT_CAP_INFO_TX_STBC);
5582 
5583 	if (tx_stbc == -1)
5584 		return 0;
5585 
5586 	wpa_msg(wpa_s, MSG_DEBUG, "set_tx_stbc: %d", tx_stbc);
5587 
5588 	if (tx_stbc < 0 || tx_stbc > 1) {
5589 		wpa_msg(wpa_s, MSG_ERROR,
5590 			"tx_stbc: %d out of range. Must be 0-1 or -1", tx_stbc);
5591 		return -EINVAL;
5592 	}
5593 
5594 	htcaps_mask->ht_capabilities_info |= msk;
5595 	htcaps->ht_capabilities_info &= ~msk;
5596 	htcaps->ht_capabilities_info |= (tx_stbc << 7) & msk;
5597 
5598 	return 0;
5599 }
5600 
5601 
5602 static int wpa_set_rx_stbc(struct wpa_supplicant *wpa_s,
5603 			   struct ieee80211_ht_capabilities *htcaps,
5604 			   struct ieee80211_ht_capabilities *htcaps_mask,
5605 			   int rx_stbc)
5606 {
5607 	le16 msk = host_to_le16(HT_CAP_INFO_RX_STBC_MASK);
5608 
5609 	if (rx_stbc == -1)
5610 		return 0;
5611 
5612 	wpa_msg(wpa_s, MSG_DEBUG, "set_rx_stbc: %d", rx_stbc);
5613 
5614 	if (rx_stbc < 0 || rx_stbc > 3) {
5615 		wpa_msg(wpa_s, MSG_ERROR,
5616 			"rx_stbc: %d out of range. Must be 0-3 or -1", rx_stbc);
5617 		return -EINVAL;
5618 	}
5619 
5620 	htcaps_mask->ht_capabilities_info |= msk;
5621 	htcaps->ht_capabilities_info &= ~msk;
5622 	htcaps->ht_capabilities_info |= (rx_stbc << 8) & msk;
5623 
5624 	return 0;
5625 }
5626 
5627 
5628 void wpa_supplicant_apply_ht_overrides(
5629 	struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid,
5630 	struct wpa_driver_associate_params *params)
5631 {
5632 	struct ieee80211_ht_capabilities *htcaps;
5633 	struct ieee80211_ht_capabilities *htcaps_mask;
5634 
5635 	if (!ssid)
5636 		return;
5637 
5638 	params->disable_ht = ssid->disable_ht;
5639 	if (!params->htcaps || !params->htcaps_mask)
5640 		return;
5641 
5642 	htcaps = (struct ieee80211_ht_capabilities *) params->htcaps;
5643 	htcaps_mask = (struct ieee80211_ht_capabilities *) params->htcaps_mask;
5644 	wpa_set_htcap_mcs(wpa_s, htcaps, htcaps_mask, ssid->ht_mcs);
5645 	wpa_disable_max_amsdu(wpa_s, htcaps, htcaps_mask,
5646 			      ssid->disable_max_amsdu);
5647 	wpa_set_ampdu_factor(wpa_s, htcaps, htcaps_mask, ssid->ampdu_factor);
5648 	wpa_set_ampdu_density(wpa_s, htcaps, htcaps_mask, ssid->ampdu_density);
5649 	wpa_set_disable_ht40(wpa_s, htcaps, htcaps_mask, ssid->disable_ht40);
5650 	wpa_set_disable_sgi(wpa_s, htcaps, htcaps_mask, ssid->disable_sgi);
5651 	wpa_set_disable_ldpc(wpa_s, htcaps, htcaps_mask, ssid->disable_ldpc);
5652 	wpa_set_rx_stbc(wpa_s, htcaps, htcaps_mask, ssid->rx_stbc);
5653 	wpa_set_tx_stbc(wpa_s, htcaps, htcaps_mask, ssid->tx_stbc);
5654 
5655 	if (ssid->ht40_intolerant) {
5656 		le16 bit = host_to_le16(HT_CAP_INFO_40MHZ_INTOLERANT);
5657 		htcaps->ht_capabilities_info |= bit;
5658 		htcaps_mask->ht_capabilities_info |= bit;
5659 	}
5660 }
5661 
5662 #endif /* CONFIG_HT_OVERRIDES */
5663 
5664 
5665 #ifdef CONFIG_VHT_OVERRIDES
5666 void wpa_supplicant_apply_vht_overrides(
5667 	struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid,
5668 	struct wpa_driver_associate_params *params)
5669 {
5670 	struct ieee80211_vht_capabilities *vhtcaps;
5671 	struct ieee80211_vht_capabilities *vhtcaps_mask;
5672 
5673 	if (!ssid)
5674 		return;
5675 
5676 	params->disable_vht = ssid->disable_vht;
5677 
5678 	vhtcaps = (void *) params->vhtcaps;
5679 	vhtcaps_mask = (void *) params->vhtcaps_mask;
5680 
5681 	if (!vhtcaps || !vhtcaps_mask)
5682 		return;
5683 
5684 	vhtcaps->vht_capabilities_info = host_to_le32(ssid->vht_capa);
5685 	vhtcaps_mask->vht_capabilities_info = host_to_le32(ssid->vht_capa_mask);
5686 
5687 #ifdef CONFIG_HT_OVERRIDES
5688 	if (ssid->disable_sgi) {
5689 		vhtcaps_mask->vht_capabilities_info |= (VHT_CAP_SHORT_GI_80 |
5690 							VHT_CAP_SHORT_GI_160);
5691 		vhtcaps->vht_capabilities_info &= ~(VHT_CAP_SHORT_GI_80 |
5692 						    VHT_CAP_SHORT_GI_160);
5693 		wpa_msg(wpa_s, MSG_DEBUG,
5694 			"disable-sgi override specified, vht-caps: 0x%x",
5695 			vhtcaps->vht_capabilities_info);
5696 	}
5697 
5698 	/* if max ampdu is <= 3, we have to make the HT cap the same */
5699 	if (ssid->vht_capa_mask & VHT_CAP_MAX_A_MPDU_LENGTH_EXPONENT_MAX) {
5700 		int max_ampdu;
5701 
5702 		max_ampdu = (ssid->vht_capa &
5703 			     VHT_CAP_MAX_A_MPDU_LENGTH_EXPONENT_MAX) >>
5704 			VHT_CAP_MAX_A_MPDU_LENGTH_EXPONENT_MAX_SHIFT;
5705 
5706 		max_ampdu = max_ampdu < 3 ? max_ampdu : 3;
5707 		wpa_set_ampdu_factor(wpa_s,
5708 				     (void *) params->htcaps,
5709 				     (void *) params->htcaps_mask,
5710 				     max_ampdu);
5711 	}
5712 #endif /* CONFIG_HT_OVERRIDES */
5713 
5714 #define OVERRIDE_MCS(i)							\
5715 	if (ssid->vht_tx_mcs_nss_ ##i >= 0) {				\
5716 		vhtcaps_mask->vht_supported_mcs_set.tx_map |=		\
5717 			host_to_le16(3 << 2 * (i - 1));			\
5718 		vhtcaps->vht_supported_mcs_set.tx_map |=		\
5719 			host_to_le16(ssid->vht_tx_mcs_nss_ ##i <<	\
5720 				     2 * (i - 1));			\
5721 	}								\
5722 	if (ssid->vht_rx_mcs_nss_ ##i >= 0) {				\
5723 		vhtcaps_mask->vht_supported_mcs_set.rx_map |=		\
5724 			host_to_le16(3 << 2 * (i - 1));			\
5725 		vhtcaps->vht_supported_mcs_set.rx_map |=		\
5726 			host_to_le16(ssid->vht_rx_mcs_nss_ ##i <<	\
5727 				     2 * (i - 1));			\
5728 	}
5729 
5730 	OVERRIDE_MCS(1);
5731 	OVERRIDE_MCS(2);
5732 	OVERRIDE_MCS(3);
5733 	OVERRIDE_MCS(4);
5734 	OVERRIDE_MCS(5);
5735 	OVERRIDE_MCS(6);
5736 	OVERRIDE_MCS(7);
5737 	OVERRIDE_MCS(8);
5738 }
5739 #endif /* CONFIG_VHT_OVERRIDES */
5740 
5741 
5742 #ifdef CONFIG_HE_OVERRIDES
5743 void wpa_supplicant_apply_he_overrides(
5744 	struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid,
5745 	struct wpa_driver_associate_params *params)
5746 {
5747 	if (!ssid)
5748 		return;
5749 
5750 	params->disable_he = ssid->disable_he;
5751 }
5752 #endif /* CONFIG_HE_OVERRIDES */
5753 
5754 
5755 static int pcsc_reader_init(struct wpa_supplicant *wpa_s)
5756 {
5757 #ifdef PCSC_FUNCS
5758 	size_t len;
5759 
5760 	if (!wpa_s->conf->pcsc_reader)
5761 		return 0;
5762 
5763 	wpa_s->scard = scard_init(wpa_s->conf->pcsc_reader);
5764 	if (!wpa_s->scard)
5765 		return 1;
5766 
5767 	if (wpa_s->conf->pcsc_pin &&
5768 	    scard_set_pin(wpa_s->scard, wpa_s->conf->pcsc_pin) < 0) {
5769 		scard_deinit(wpa_s->scard);
5770 		wpa_s->scard = NULL;
5771 		wpa_msg(wpa_s, MSG_ERROR, "PC/SC PIN validation failed");
5772 		return -1;
5773 	}
5774 
5775 	len = sizeof(wpa_s->imsi) - 1;
5776 	if (scard_get_imsi(wpa_s->scard, wpa_s->imsi, &len)) {
5777 		scard_deinit(wpa_s->scard);
5778 		wpa_s->scard = NULL;
5779 		wpa_msg(wpa_s, MSG_ERROR, "Could not read IMSI");
5780 		return -1;
5781 	}
5782 	wpa_s->imsi[len] = '\0';
5783 
5784 	wpa_s->mnc_len = scard_get_mnc_len(wpa_s->scard);
5785 
5786 	wpa_printf(MSG_DEBUG, "SCARD: IMSI %s (MNC length %d)",
5787 		   wpa_s->imsi, wpa_s->mnc_len);
5788 
5789 	wpa_sm_set_scard_ctx(wpa_s->wpa, wpa_s->scard);
5790 	eapol_sm_register_scard_ctx(wpa_s->eapol, wpa_s->scard);
5791 #endif /* PCSC_FUNCS */
5792 
5793 	return 0;
5794 }
5795 
5796 
5797 int wpas_init_ext_pw(struct wpa_supplicant *wpa_s)
5798 {
5799 	char *val, *pos;
5800 
5801 	ext_password_deinit(wpa_s->ext_pw);
5802 	wpa_s->ext_pw = NULL;
5803 	eapol_sm_set_ext_pw_ctx(wpa_s->eapol, NULL);
5804 
5805 	if (!wpa_s->conf->ext_password_backend)
5806 		return 0;
5807 
5808 	val = os_strdup(wpa_s->conf->ext_password_backend);
5809 	if (val == NULL)
5810 		return -1;
5811 	pos = os_strchr(val, ':');
5812 	if (pos)
5813 		*pos++ = '\0';
5814 
5815 	wpa_printf(MSG_DEBUG, "EXT PW: Initialize backend '%s'", val);
5816 
5817 	wpa_s->ext_pw = ext_password_init(val, pos);
5818 	os_free(val);
5819 	if (wpa_s->ext_pw == NULL) {
5820 		wpa_printf(MSG_DEBUG, "EXT PW: Failed to initialize backend");
5821 		return -1;
5822 	}
5823 	eapol_sm_set_ext_pw_ctx(wpa_s->eapol, wpa_s->ext_pw);
5824 
5825 	return 0;
5826 }
5827 
5828 
5829 #ifdef CONFIG_FST
5830 
5831 static const u8 * wpas_fst_get_bssid_cb(void *ctx)
5832 {
5833 	struct wpa_supplicant *wpa_s = ctx;
5834 
5835 	return (is_zero_ether_addr(wpa_s->bssid) ||
5836 		wpa_s->wpa_state != WPA_COMPLETED) ? NULL : wpa_s->bssid;
5837 }
5838 
5839 
5840 static void wpas_fst_get_channel_info_cb(void *ctx,
5841 					 enum hostapd_hw_mode *hw_mode,
5842 					 u8 *channel)
5843 {
5844 	struct wpa_supplicant *wpa_s = ctx;
5845 
5846 	if (wpa_s->current_bss) {
5847 		*hw_mode = ieee80211_freq_to_chan(wpa_s->current_bss->freq,
5848 						  channel);
5849 	} else if (wpa_s->hw.num_modes) {
5850 		*hw_mode = wpa_s->hw.modes[0].mode;
5851 	} else {
5852 		WPA_ASSERT(0);
5853 		*hw_mode = 0;
5854 	}
5855 }
5856 
5857 
5858 static int wpas_fst_get_hw_modes(void *ctx, struct hostapd_hw_modes **modes)
5859 {
5860 	struct wpa_supplicant *wpa_s = ctx;
5861 
5862 	*modes = wpa_s->hw.modes;
5863 	return wpa_s->hw.num_modes;
5864 }
5865 
5866 
5867 static void wpas_fst_set_ies_cb(void *ctx, const struct wpabuf *fst_ies)
5868 {
5869 	struct wpa_supplicant *wpa_s = ctx;
5870 
5871 	wpa_hexdump_buf(MSG_DEBUG, "FST: Set IEs", fst_ies);
5872 	wpa_s->fst_ies = fst_ies;
5873 }
5874 
5875 
5876 static int wpas_fst_send_action_cb(void *ctx, const u8 *da, struct wpabuf *data)
5877 {
5878 	struct wpa_supplicant *wpa_s = ctx;
5879 
5880 	if (os_memcmp(wpa_s->bssid, da, ETH_ALEN) != 0) {
5881 		wpa_printf(MSG_INFO, "FST:%s:bssid=" MACSTR " != da=" MACSTR,
5882 			   __func__, MAC2STR(wpa_s->bssid), MAC2STR(da));
5883 		return -1;
5884 	}
5885 	return wpa_drv_send_action(wpa_s, wpa_s->assoc_freq, 0, wpa_s->bssid,
5886 				   wpa_s->own_addr, wpa_s->bssid,
5887 				   wpabuf_head(data), wpabuf_len(data),
5888 				   0);
5889 }
5890 
5891 
5892 static const struct wpabuf * wpas_fst_get_mb_ie_cb(void *ctx, const u8 *addr)
5893 {
5894 	struct wpa_supplicant *wpa_s = ctx;
5895 
5896 	WPA_ASSERT(os_memcmp(wpa_s->bssid, addr, ETH_ALEN) == 0);
5897 	return wpa_s->received_mb_ies;
5898 }
5899 
5900 
5901 static void wpas_fst_update_mb_ie_cb(void *ctx, const u8 *addr,
5902 				     const u8 *buf, size_t size)
5903 {
5904 	struct wpa_supplicant *wpa_s = ctx;
5905 	struct mb_ies_info info;
5906 
5907 	WPA_ASSERT(os_memcmp(wpa_s->bssid, addr, ETH_ALEN) == 0);
5908 
5909 	if (!mb_ies_info_by_ies(&info, buf, size)) {
5910 		wpabuf_free(wpa_s->received_mb_ies);
5911 		wpa_s->received_mb_ies = mb_ies_by_info(&info);
5912 	}
5913 }
5914 
5915 
5916 static const u8 * wpas_fst_get_peer_first(void *ctx,
5917 					  struct fst_get_peer_ctx **get_ctx,
5918 					  bool mb_only)
5919 {
5920 	struct wpa_supplicant *wpa_s = ctx;
5921 
5922 	*get_ctx = NULL;
5923 	if (!is_zero_ether_addr(wpa_s->bssid))
5924 		return (wpa_s->received_mb_ies || !mb_only) ?
5925 			wpa_s->bssid : NULL;
5926 	return NULL;
5927 }
5928 
5929 
5930 static const u8 * wpas_fst_get_peer_next(void *ctx,
5931 					 struct fst_get_peer_ctx **get_ctx,
5932 					 bool mb_only)
5933 {
5934 	return NULL;
5935 }
5936 
5937 void fst_wpa_supplicant_fill_iface_obj(struct wpa_supplicant *wpa_s,
5938 				       struct fst_wpa_obj *iface_obj)
5939 {
5940 	iface_obj->ctx              = wpa_s;
5941 	iface_obj->get_bssid        = wpas_fst_get_bssid_cb;
5942 	iface_obj->get_channel_info = wpas_fst_get_channel_info_cb;
5943 	iface_obj->get_hw_modes     = wpas_fst_get_hw_modes;
5944 	iface_obj->set_ies          = wpas_fst_set_ies_cb;
5945 	iface_obj->send_action      = wpas_fst_send_action_cb;
5946 	iface_obj->get_mb_ie        = wpas_fst_get_mb_ie_cb;
5947 	iface_obj->update_mb_ie     = wpas_fst_update_mb_ie_cb;
5948 	iface_obj->get_peer_first   = wpas_fst_get_peer_first;
5949 	iface_obj->get_peer_next    = wpas_fst_get_peer_next;
5950 }
5951 #endif /* CONFIG_FST */
5952 
5953 static int wpas_set_wowlan_triggers(struct wpa_supplicant *wpa_s,
5954 				    const struct wpa_driver_capa *capa)
5955 {
5956 	struct wowlan_triggers *triggers;
5957 	int ret = 0;
5958 
5959 	if (!wpa_s->conf->wowlan_triggers)
5960 		return 0;
5961 
5962 	triggers = wpa_get_wowlan_triggers(wpa_s->conf->wowlan_triggers, capa);
5963 	if (triggers) {
5964 		ret = wpa_drv_wowlan(wpa_s, triggers);
5965 		os_free(triggers);
5966 	}
5967 	return ret;
5968 }
5969 
5970 
5971 enum wpa_radio_work_band wpas_freq_to_band(int freq)
5972 {
5973 	if (freq < 3000)
5974 		return BAND_2_4_GHZ;
5975 	if (freq > 50000)
5976 		return BAND_60_GHZ;
5977 	return BAND_5_GHZ;
5978 }
5979 
5980 
5981 unsigned int wpas_get_bands(struct wpa_supplicant *wpa_s, const int *freqs)
5982 {
5983 	int i;
5984 	unsigned int band = 0;
5985 
5986 	if (freqs) {
5987 		/* freqs are specified for the radio work */
5988 		for (i = 0; freqs[i]; i++)
5989 			band |= wpas_freq_to_band(freqs[i]);
5990 	} else {
5991 		/*
5992 		 * freqs are not specified, implies all
5993 		 * the supported freqs by HW
5994 		 */
5995 		for (i = 0; i < wpa_s->hw.num_modes; i++) {
5996 			if (wpa_s->hw.modes[i].num_channels != 0) {
5997 				if (wpa_s->hw.modes[i].mode ==
5998 				    HOSTAPD_MODE_IEEE80211B ||
5999 				    wpa_s->hw.modes[i].mode ==
6000 				    HOSTAPD_MODE_IEEE80211G)
6001 					band |= BAND_2_4_GHZ;
6002 				else if (wpa_s->hw.modes[i].mode ==
6003 					 HOSTAPD_MODE_IEEE80211A)
6004 					band |= BAND_5_GHZ;
6005 				else if (wpa_s->hw.modes[i].mode ==
6006 					 HOSTAPD_MODE_IEEE80211AD)
6007 					band |= BAND_60_GHZ;
6008 				else if (wpa_s->hw.modes[i].mode ==
6009 					 HOSTAPD_MODE_IEEE80211ANY)
6010 					band = BAND_2_4_GHZ | BAND_5_GHZ |
6011 						BAND_60_GHZ;
6012 			}
6013 		}
6014 	}
6015 
6016 	return band;
6017 }
6018 
6019 
6020 static struct wpa_radio * radio_add_interface(struct wpa_supplicant *wpa_s,
6021 					      const char *rn)
6022 {
6023 	struct wpa_supplicant *iface = wpa_s->global->ifaces;
6024 	struct wpa_radio *radio;
6025 
6026 	while (rn && iface) {
6027 		radio = iface->radio;
6028 		if (radio && os_strcmp(rn, radio->name) == 0) {
6029 			wpa_printf(MSG_DEBUG, "Add interface %s to existing radio %s",
6030 				   wpa_s->ifname, rn);
6031 			dl_list_add(&radio->ifaces, &wpa_s->radio_list);
6032 			return radio;
6033 		}
6034 
6035 		iface = iface->next;
6036 	}
6037 
6038 	wpa_printf(MSG_DEBUG, "Add interface %s to a new radio %s",
6039 		   wpa_s->ifname, rn ? rn : "N/A");
6040 	radio = os_zalloc(sizeof(*radio));
6041 	if (radio == NULL)
6042 		return NULL;
6043 
6044 	if (rn)
6045 		os_strlcpy(radio->name, rn, sizeof(radio->name));
6046 	dl_list_init(&radio->ifaces);
6047 	dl_list_init(&radio->work);
6048 	dl_list_add(&radio->ifaces, &wpa_s->radio_list);
6049 
6050 	return radio;
6051 }
6052 
6053 
6054 static void radio_work_free(struct wpa_radio_work *work)
6055 {
6056 	if (work->wpa_s->scan_work == work) {
6057 		/* This should not really happen. */
6058 		wpa_dbg(work->wpa_s, MSG_INFO, "Freeing radio work '%s'@%p (started=%d) that is marked as scan_work",
6059 			work->type, work, work->started);
6060 		work->wpa_s->scan_work = NULL;
6061 	}
6062 
6063 #ifdef CONFIG_P2P
6064 	if (work->wpa_s->p2p_scan_work == work) {
6065 		/* This should not really happen. */
6066 		wpa_dbg(work->wpa_s, MSG_INFO, "Freeing radio work '%s'@%p (started=%d) that is marked as p2p_scan_work",
6067 			work->type, work, work->started);
6068 		work->wpa_s->p2p_scan_work = NULL;
6069 	}
6070 #endif /* CONFIG_P2P */
6071 
6072 	if (work->started) {
6073 		work->wpa_s->radio->num_active_works--;
6074 		wpa_dbg(work->wpa_s, MSG_DEBUG,
6075 			"radio_work_free('%s'@%p): num_active_works --> %u",
6076 			work->type, work,
6077 			work->wpa_s->radio->num_active_works);
6078 	}
6079 
6080 	dl_list_del(&work->list);
6081 	os_free(work);
6082 }
6083 
6084 
6085 static int radio_work_is_connect(struct wpa_radio_work *work)
6086 {
6087 	return os_strcmp(work->type, "sme-connect") == 0 ||
6088 		os_strcmp(work->type, "connect") == 0;
6089 }
6090 
6091 
6092 static int radio_work_is_scan(struct wpa_radio_work *work)
6093 {
6094 	return os_strcmp(work->type, "scan") == 0 ||
6095 		os_strcmp(work->type, "p2p-scan") == 0;
6096 }
6097 
6098 
6099 static struct wpa_radio_work * radio_work_get_next_work(struct wpa_radio *radio)
6100 {
6101 	struct wpa_radio_work *active_work = NULL;
6102 	struct wpa_radio_work *tmp;
6103 
6104 	/* Get the active work to know the type and band. */
6105 	dl_list_for_each(tmp, &radio->work, struct wpa_radio_work, list) {
6106 		if (tmp->started) {
6107 			active_work = tmp;
6108 			break;
6109 		}
6110 	}
6111 
6112 	if (!active_work) {
6113 		/* No active work, start one */
6114 		radio->num_active_works = 0;
6115 		dl_list_for_each(tmp, &radio->work, struct wpa_radio_work,
6116 				 list) {
6117 			if (os_strcmp(tmp->type, "scan") == 0 &&
6118 			    external_scan_running(radio) &&
6119 			    (((struct wpa_driver_scan_params *)
6120 			      tmp->ctx)->only_new_results ||
6121 			     tmp->wpa_s->clear_driver_scan_cache))
6122 				continue;
6123 			return tmp;
6124 		}
6125 		return NULL;
6126 	}
6127 
6128 	if (radio_work_is_connect(active_work)) {
6129 		/*
6130 		 * If the active work is either connect or sme-connect,
6131 		 * do not parallelize them with other radio works.
6132 		 */
6133 		wpa_dbg(active_work->wpa_s, MSG_DEBUG,
6134 			"Do not parallelize radio work with %s",
6135 			active_work->type);
6136 		return NULL;
6137 	}
6138 
6139 	dl_list_for_each(tmp, &radio->work, struct wpa_radio_work, list) {
6140 		if (tmp->started)
6141 			continue;
6142 
6143 		/*
6144 		 * If connect or sme-connect are enqueued, parallelize only
6145 		 * those operations ahead of them in the queue.
6146 		 */
6147 		if (radio_work_is_connect(tmp))
6148 			break;
6149 
6150 		/* Serialize parallel scan and p2p_scan operations on the same
6151 		 * interface since the driver_nl80211 mechanism for tracking
6152 		 * scan cookies does not yet have support for this. */
6153 		if (active_work->wpa_s == tmp->wpa_s &&
6154 		    radio_work_is_scan(active_work) &&
6155 		    radio_work_is_scan(tmp)) {
6156 			wpa_dbg(active_work->wpa_s, MSG_DEBUG,
6157 				"Do not start work '%s' when another work '%s' is already scheduled",
6158 				tmp->type, active_work->type);
6159 			continue;
6160 		}
6161 		/*
6162 		 * Check that the radio works are distinct and
6163 		 * on different bands.
6164 		 */
6165 		if (os_strcmp(active_work->type, tmp->type) != 0 &&
6166 		    (active_work->bands != tmp->bands)) {
6167 			/*
6168 			 * If a scan has to be scheduled through nl80211 scan
6169 			 * interface and if an external scan is already running,
6170 			 * do not schedule the scan since it is likely to get
6171 			 * rejected by kernel.
6172 			 */
6173 			if (os_strcmp(tmp->type, "scan") == 0 &&
6174 			    external_scan_running(radio) &&
6175 			    (((struct wpa_driver_scan_params *)
6176 			      tmp->ctx)->only_new_results ||
6177 			     tmp->wpa_s->clear_driver_scan_cache))
6178 				continue;
6179 
6180 			wpa_dbg(active_work->wpa_s, MSG_DEBUG,
6181 				"active_work:%s new_work:%s",
6182 				active_work->type, tmp->type);
6183 			return tmp;
6184 		}
6185 	}
6186 
6187 	/* Did not find a radio work to schedule in parallel. */
6188 	return NULL;
6189 }
6190 
6191 
6192 static void radio_start_next_work(void *eloop_ctx, void *timeout_ctx)
6193 {
6194 	struct wpa_radio *radio = eloop_ctx;
6195 	struct wpa_radio_work *work;
6196 	struct os_reltime now, diff;
6197 	struct wpa_supplicant *wpa_s;
6198 
6199 	work = dl_list_first(&radio->work, struct wpa_radio_work, list);
6200 	if (work == NULL) {
6201 		radio->num_active_works = 0;
6202 		return;
6203 	}
6204 
6205 	wpa_s = dl_list_first(&radio->ifaces, struct wpa_supplicant,
6206 			      radio_list);
6207 
6208 	if (!(wpa_s &&
6209 	      wpa_s->drv_flags & WPA_DRIVER_FLAGS_OFFCHANNEL_SIMULTANEOUS)) {
6210 		if (work->started)
6211 			return; /* already started and still in progress */
6212 
6213 		if (wpa_s && external_scan_running(wpa_s->radio)) {
6214 			wpa_printf(MSG_DEBUG, "Delay radio work start until externally triggered scan completes");
6215 			return;
6216 		}
6217 	} else {
6218 		work = NULL;
6219 		if (radio->num_active_works < MAX_ACTIVE_WORKS) {
6220 			/* get the work to schedule next */
6221 			work = radio_work_get_next_work(radio);
6222 		}
6223 		if (!work)
6224 			return;
6225 	}
6226 
6227 	wpa_s = work->wpa_s;
6228 	os_get_reltime(&now);
6229 	os_reltime_sub(&now, &work->time, &diff);
6230 	wpa_dbg(wpa_s, MSG_DEBUG,
6231 		"Starting radio work '%s'@%p after %ld.%06ld second wait",
6232 		work->type, work, diff.sec, diff.usec);
6233 	work->started = 1;
6234 	work->time = now;
6235 	radio->num_active_works++;
6236 
6237 	work->cb(work, 0);
6238 
6239 	if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_OFFCHANNEL_SIMULTANEOUS) &&
6240 	    radio->num_active_works < MAX_ACTIVE_WORKS)
6241 		radio_work_check_next(wpa_s);
6242 }
6243 
6244 
6245 /*
6246  * This function removes both started and pending radio works running on
6247  * the provided interface's radio.
6248  * Prior to the removal of the radio work, its callback (cb) is called with
6249  * deinit set to be 1. Each work's callback is responsible for clearing its
6250  * internal data and restoring to a correct state.
6251  * @wpa_s: wpa_supplicant data
6252  * @type: type of works to be removed
6253  * @remove_all: 1 to remove all the works on this radio, 0 to remove only
6254  * this interface's works.
6255  */
6256 void radio_remove_works(struct wpa_supplicant *wpa_s,
6257 			const char *type, int remove_all)
6258 {
6259 	struct wpa_radio_work *work, *tmp;
6260 	struct wpa_radio *radio = wpa_s->radio;
6261 
6262 	dl_list_for_each_safe(work, tmp, &radio->work, struct wpa_radio_work,
6263 			      list) {
6264 		if (type && os_strcmp(type, work->type) != 0)
6265 			continue;
6266 
6267 		/* skip other ifaces' works */
6268 		if (!remove_all && work->wpa_s != wpa_s)
6269 			continue;
6270 
6271 		wpa_dbg(wpa_s, MSG_DEBUG, "Remove radio work '%s'@%p%s",
6272 			work->type, work, work->started ? " (started)" : "");
6273 		work->cb(work, 1);
6274 		radio_work_free(work);
6275 	}
6276 
6277 	/* in case we removed the started work */
6278 	radio_work_check_next(wpa_s);
6279 }
6280 
6281 
6282 void radio_remove_pending_work(struct wpa_supplicant *wpa_s, void *ctx)
6283 {
6284 	struct wpa_radio_work *work;
6285 	struct wpa_radio *radio = wpa_s->radio;
6286 
6287 	dl_list_for_each(work, &radio->work, struct wpa_radio_work, list) {
6288 		if (work->ctx != ctx)
6289 			continue;
6290 		wpa_dbg(wpa_s, MSG_DEBUG, "Free pending radio work '%s'@%p%s",
6291 			work->type, work, work->started ? " (started)" : "");
6292 		radio_work_free(work);
6293 		break;
6294 	}
6295 }
6296 
6297 
6298 static void radio_remove_interface(struct wpa_supplicant *wpa_s)
6299 {
6300 	struct wpa_radio *radio = wpa_s->radio;
6301 
6302 	if (!radio)
6303 		return;
6304 
6305 	wpa_printf(MSG_DEBUG, "Remove interface %s from radio %s",
6306 		   wpa_s->ifname, radio->name);
6307 	dl_list_del(&wpa_s->radio_list);
6308 	radio_remove_works(wpa_s, NULL, 0);
6309 	/* If the interface that triggered the external scan was removed, the
6310 	 * external scan is no longer running. */
6311 	if (wpa_s == radio->external_scan_req_interface)
6312 		radio->external_scan_req_interface = NULL;
6313 	wpa_s->radio = NULL;
6314 	if (!dl_list_empty(&radio->ifaces))
6315 		return; /* Interfaces remain for this radio */
6316 
6317 	wpa_printf(MSG_DEBUG, "Remove radio %s", radio->name);
6318 	eloop_cancel_timeout(radio_start_next_work, radio, NULL);
6319 	os_free(radio);
6320 }
6321 
6322 
6323 void radio_work_check_next(struct wpa_supplicant *wpa_s)
6324 {
6325 	struct wpa_radio *radio = wpa_s->radio;
6326 
6327 	if (dl_list_empty(&radio->work))
6328 		return;
6329 	if (wpa_s->ext_work_in_progress) {
6330 		wpa_printf(MSG_DEBUG,
6331 			   "External radio work in progress - delay start of pending item");
6332 		return;
6333 	}
6334 	eloop_cancel_timeout(radio_start_next_work, radio, NULL);
6335 	eloop_register_timeout(0, 0, radio_start_next_work, radio, NULL);
6336 }
6337 
6338 
6339 /**
6340  * radio_add_work - Add a radio work item
6341  * @wpa_s: Pointer to wpa_supplicant data
6342  * @freq: Frequency of the offchannel operation in MHz or 0
6343  * @type: Unique identifier for each type of work
6344  * @next: Force as the next work to be executed
6345  * @cb: Callback function for indicating when radio is available
6346  * @ctx: Context pointer for the work (work->ctx in cb())
6347  * Returns: 0 on success, -1 on failure
6348  *
6349  * This function is used to request time for an operation that requires
6350  * exclusive radio control. Once the radio is available, the registered callback
6351  * function will be called. radio_work_done() must be called once the exclusive
6352  * radio operation has been completed, so that the radio is freed for other
6353  * operations. The special case of deinit=1 is used to free the context data
6354  * during interface removal. That does not allow the callback function to start
6355  * the radio operation, i.e., it must free any resources allocated for the radio
6356  * work and return.
6357  *
6358  * The @freq parameter can be used to indicate a single channel on which the
6359  * offchannel operation will occur. This may allow multiple radio work
6360  * operations to be performed in parallel if they apply for the same channel.
6361  * Setting this to 0 indicates that the work item may use multiple channels or
6362  * requires exclusive control of the radio.
6363  */
6364 int radio_add_work(struct wpa_supplicant *wpa_s, unsigned int freq,
6365 		   const char *type, int next,
6366 		   void (*cb)(struct wpa_radio_work *work, int deinit),
6367 		   void *ctx)
6368 {
6369 	struct wpa_radio *radio = wpa_s->radio;
6370 	struct wpa_radio_work *work;
6371 	int was_empty;
6372 
6373 	work = os_zalloc(sizeof(*work));
6374 	if (work == NULL)
6375 		return -1;
6376 	wpa_dbg(wpa_s, MSG_DEBUG, "Add radio work '%s'@%p", type, work);
6377 	os_get_reltime(&work->time);
6378 	work->freq = freq;
6379 	work->type = type;
6380 	work->wpa_s = wpa_s;
6381 	work->cb = cb;
6382 	work->ctx = ctx;
6383 
6384 	if (freq)
6385 		work->bands = wpas_freq_to_band(freq);
6386 	else if (os_strcmp(type, "scan") == 0 ||
6387 		 os_strcmp(type, "p2p-scan") == 0)
6388 		work->bands = wpas_get_bands(wpa_s,
6389 					     ((struct wpa_driver_scan_params *)
6390 					      ctx)->freqs);
6391 	else
6392 		work->bands = wpas_get_bands(wpa_s, NULL);
6393 
6394 	was_empty = dl_list_empty(&wpa_s->radio->work);
6395 	if (next)
6396 		dl_list_add(&wpa_s->radio->work, &work->list);
6397 	else
6398 		dl_list_add_tail(&wpa_s->radio->work, &work->list);
6399 	if (was_empty) {
6400 		wpa_dbg(wpa_s, MSG_DEBUG, "First radio work item in the queue - schedule start immediately");
6401 		radio_work_check_next(wpa_s);
6402 	} else if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_OFFCHANNEL_SIMULTANEOUS)
6403 		   && radio->num_active_works < MAX_ACTIVE_WORKS) {
6404 		wpa_dbg(wpa_s, MSG_DEBUG,
6405 			"Try to schedule a radio work (num_active_works=%u)",
6406 			radio->num_active_works);
6407 		radio_work_check_next(wpa_s);
6408 	}
6409 
6410 	return 0;
6411 }
6412 
6413 
6414 /**
6415  * radio_work_done - Indicate that a radio work item has been completed
6416  * @work: Completed work
6417  *
6418  * This function is called once the callback function registered with
6419  * radio_add_work() has completed its work.
6420  */
6421 void radio_work_done(struct wpa_radio_work *work)
6422 {
6423 	struct wpa_supplicant *wpa_s = work->wpa_s;
6424 	struct os_reltime now, diff;
6425 	unsigned int started = work->started;
6426 
6427 	os_get_reltime(&now);
6428 	os_reltime_sub(&now, &work->time, &diff);
6429 	wpa_dbg(wpa_s, MSG_DEBUG, "Radio work '%s'@%p %s in %ld.%06ld seconds",
6430 		work->type, work, started ? "done" : "canceled",
6431 		diff.sec, diff.usec);
6432 	radio_work_free(work);
6433 	if (started)
6434 		radio_work_check_next(wpa_s);
6435 }
6436 
6437 
6438 struct wpa_radio_work *
6439 radio_work_pending(struct wpa_supplicant *wpa_s, const char *type)
6440 {
6441 	struct wpa_radio_work *work;
6442 	struct wpa_radio *radio = wpa_s->radio;
6443 
6444 	dl_list_for_each(work, &radio->work, struct wpa_radio_work, list) {
6445 		if (work->wpa_s == wpa_s && os_strcmp(work->type, type) == 0)
6446 			return work;
6447 	}
6448 
6449 	return NULL;
6450 }
6451 
6452 
6453 static int wpas_init_driver(struct wpa_supplicant *wpa_s,
6454 			    const struct wpa_interface *iface)
6455 {
6456 	const char *ifname, *driver, *rn;
6457 
6458 	driver = iface->driver;
6459 next_driver:
6460 	if (wpa_supplicant_set_driver(wpa_s, driver) < 0)
6461 		return -1;
6462 
6463 	wpa_s->drv_priv = wpa_drv_init(wpa_s, wpa_s->ifname);
6464 	if (wpa_s->drv_priv == NULL) {
6465 		const char *pos;
6466 		int level = MSG_ERROR;
6467 
6468 		pos = driver ? os_strchr(driver, ',') : NULL;
6469 		if (pos) {
6470 			wpa_dbg(wpa_s, MSG_DEBUG, "Failed to initialize "
6471 				"driver interface - try next driver wrapper");
6472 			driver = pos + 1;
6473 			goto next_driver;
6474 		}
6475 
6476 #ifdef CONFIG_MATCH_IFACE
6477 		if (wpa_s->matched == WPA_IFACE_MATCHED_NULL)
6478 			level = MSG_DEBUG;
6479 #endif /* CONFIG_MATCH_IFACE */
6480 		wpa_msg(wpa_s, level, "Failed to initialize driver interface");
6481 		return -1;
6482 	}
6483 	if (wpa_drv_set_param(wpa_s, wpa_s->conf->driver_param) < 0) {
6484 		wpa_msg(wpa_s, MSG_ERROR, "Driver interface rejected "
6485 			"driver_param '%s'", wpa_s->conf->driver_param);
6486 		return -1;
6487 	}
6488 
6489 	ifname = wpa_drv_get_ifname(wpa_s);
6490 	if (ifname && os_strcmp(ifname, wpa_s->ifname) != 0) {
6491 		wpa_dbg(wpa_s, MSG_DEBUG, "Driver interface replaced "
6492 			"interface name with '%s'", ifname);
6493 		os_strlcpy(wpa_s->ifname, ifname, sizeof(wpa_s->ifname));
6494 	}
6495 
6496 	rn = wpa_driver_get_radio_name(wpa_s);
6497 	if (rn && rn[0] == '\0')
6498 		rn = NULL;
6499 
6500 	wpa_s->radio = radio_add_interface(wpa_s, rn);
6501 	if (wpa_s->radio == NULL)
6502 		return -1;
6503 
6504 	return 0;
6505 }
6506 
6507 
6508 #ifdef CONFIG_GAS_SERVER
6509 
6510 static void wpas_gas_server_tx_status(struct wpa_supplicant *wpa_s,
6511 				      unsigned int freq, const u8 *dst,
6512 				      const u8 *src, const u8 *bssid,
6513 				      const u8 *data, size_t data_len,
6514 				      enum offchannel_send_action_result result)
6515 {
6516 	wpa_printf(MSG_DEBUG, "GAS: TX status: freq=%u dst=" MACSTR
6517 		   " result=%s",
6518 		   freq, MAC2STR(dst),
6519 		   result == OFFCHANNEL_SEND_ACTION_SUCCESS ? "SUCCESS" :
6520 		   (result == OFFCHANNEL_SEND_ACTION_NO_ACK ? "no-ACK" :
6521 		    "FAILED"));
6522 	gas_server_tx_status(wpa_s->gas_server, dst, data, data_len,
6523 			     result == OFFCHANNEL_SEND_ACTION_SUCCESS);
6524 }
6525 
6526 
6527 static void wpas_gas_server_tx(void *ctx, int freq, const u8 *da,
6528 			       struct wpabuf *buf, unsigned int wait_time)
6529 {
6530 	struct wpa_supplicant *wpa_s = ctx;
6531 	const u8 broadcast[ETH_ALEN] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
6532 
6533 	if (wait_time > wpa_s->max_remain_on_chan)
6534 		wait_time = wpa_s->max_remain_on_chan;
6535 
6536 	offchannel_send_action(wpa_s, freq, da, wpa_s->own_addr, broadcast,
6537 			       wpabuf_head(buf), wpabuf_len(buf),
6538 			       wait_time, wpas_gas_server_tx_status, 0);
6539 }
6540 
6541 #endif /* CONFIG_GAS_SERVER */
6542 
6543 static int wpa_supplicant_init_iface(struct wpa_supplicant *wpa_s,
6544 				     const struct wpa_interface *iface)
6545 {
6546 	struct wpa_driver_capa capa;
6547 	int capa_res;
6548 	u8 dfs_domain;
6549 
6550 	wpa_printf(MSG_DEBUG, "Initializing interface '%s' conf '%s' driver "
6551 		   "'%s' ctrl_interface '%s' bridge '%s'", iface->ifname,
6552 		   iface->confname ? iface->confname : "N/A",
6553 		   iface->driver ? iface->driver : "default",
6554 		   iface->ctrl_interface ? iface->ctrl_interface : "N/A",
6555 		   iface->bridge_ifname ? iface->bridge_ifname : "N/A");
6556 
6557 	if (iface->confname) {
6558 #ifdef CONFIG_BACKEND_FILE
6559 		wpa_s->confname = os_rel2abs_path(iface->confname);
6560 		if (wpa_s->confname == NULL) {
6561 			wpa_printf(MSG_ERROR, "Failed to get absolute path "
6562 				   "for configuration file '%s'.",
6563 				   iface->confname);
6564 			return -1;
6565 		}
6566 		wpa_printf(MSG_DEBUG, "Configuration file '%s' -> '%s'",
6567 			   iface->confname, wpa_s->confname);
6568 #else /* CONFIG_BACKEND_FILE */
6569 		wpa_s->confname = os_strdup(iface->confname);
6570 #endif /* CONFIG_BACKEND_FILE */
6571 		wpa_s->conf = wpa_config_read(wpa_s->confname, NULL);
6572 		if (wpa_s->conf == NULL) {
6573 			wpa_printf(MSG_ERROR, "Failed to read or parse "
6574 				   "configuration '%s'.", wpa_s->confname);
6575 			return -1;
6576 		}
6577 		wpa_s->confanother = os_rel2abs_path(iface->confanother);
6578 		if (wpa_s->confanother &&
6579 		    !wpa_config_read(wpa_s->confanother, wpa_s->conf)) {
6580 			wpa_printf(MSG_ERROR,
6581 				   "Failed to read or parse configuration '%s'.",
6582 				   wpa_s->confanother);
6583 			return -1;
6584 		}
6585 
6586 		/*
6587 		 * Override ctrl_interface and driver_param if set on command
6588 		 * line.
6589 		 */
6590 		if (iface->ctrl_interface) {
6591 			os_free(wpa_s->conf->ctrl_interface);
6592 			wpa_s->conf->ctrl_interface =
6593 				os_strdup(iface->ctrl_interface);
6594 		}
6595 
6596 		if (iface->driver_param) {
6597 			os_free(wpa_s->conf->driver_param);
6598 			wpa_s->conf->driver_param =
6599 				os_strdup(iface->driver_param);
6600 		}
6601 
6602 		if (iface->p2p_mgmt && !iface->ctrl_interface) {
6603 			os_free(wpa_s->conf->ctrl_interface);
6604 			wpa_s->conf->ctrl_interface = NULL;
6605 		}
6606 	} else
6607 		wpa_s->conf = wpa_config_alloc_empty(iface->ctrl_interface,
6608 						     iface->driver_param);
6609 
6610 	if (wpa_s->conf == NULL) {
6611 		wpa_printf(MSG_ERROR, "\nNo configuration found.");
6612 		return -1;
6613 	}
6614 
6615 	if (iface->ifname == NULL) {
6616 		wpa_printf(MSG_ERROR, "\nInterface name is required.");
6617 		return -1;
6618 	}
6619 	if (os_strlen(iface->ifname) >= sizeof(wpa_s->ifname)) {
6620 		wpa_printf(MSG_ERROR, "\nToo long interface name '%s'.",
6621 			   iface->ifname);
6622 		return -1;
6623 	}
6624 	os_strlcpy(wpa_s->ifname, iface->ifname, sizeof(wpa_s->ifname));
6625 #ifdef CONFIG_MATCH_IFACE
6626 	wpa_s->matched = iface->matched;
6627 #endif /* CONFIG_MATCH_IFACE */
6628 
6629 	if (iface->bridge_ifname) {
6630 		if (os_strlen(iface->bridge_ifname) >=
6631 		    sizeof(wpa_s->bridge_ifname)) {
6632 			wpa_printf(MSG_ERROR, "\nToo long bridge interface "
6633 				   "name '%s'.", iface->bridge_ifname);
6634 			return -1;
6635 		}
6636 		os_strlcpy(wpa_s->bridge_ifname, iface->bridge_ifname,
6637 			   sizeof(wpa_s->bridge_ifname));
6638 	}
6639 
6640 	/* RSNA Supplicant Key Management - INITIALIZE */
6641 	eapol_sm_notify_portEnabled(wpa_s->eapol, false);
6642 	eapol_sm_notify_portValid(wpa_s->eapol, false);
6643 
6644 	/* Initialize driver interface and register driver event handler before
6645 	 * L2 receive handler so that association events are processed before
6646 	 * EAPOL-Key packets if both become available for the same select()
6647 	 * call. */
6648 	if (wpas_init_driver(wpa_s, iface) < 0)
6649 		return -1;
6650 
6651 	if (wpa_supplicant_init_wpa(wpa_s) < 0)
6652 		return -1;
6653 
6654 	wpa_sm_set_ifname(wpa_s->wpa, wpa_s->ifname,
6655 			  wpa_s->bridge_ifname[0] ? wpa_s->bridge_ifname :
6656 			  NULL);
6657 	wpa_sm_set_fast_reauth(wpa_s->wpa, wpa_s->conf->fast_reauth);
6658 
6659 	if (wpa_s->conf->dot11RSNAConfigPMKLifetime &&
6660 	    wpa_sm_set_param(wpa_s->wpa, RSNA_PMK_LIFETIME,
6661 			     wpa_s->conf->dot11RSNAConfigPMKLifetime)) {
6662 		wpa_msg(wpa_s, MSG_ERROR, "Invalid WPA parameter value for "
6663 			"dot11RSNAConfigPMKLifetime");
6664 		return -1;
6665 	}
6666 
6667 	if (wpa_s->conf->dot11RSNAConfigPMKReauthThreshold &&
6668 	    wpa_sm_set_param(wpa_s->wpa, RSNA_PMK_REAUTH_THRESHOLD,
6669 			     wpa_s->conf->dot11RSNAConfigPMKReauthThreshold)) {
6670 		wpa_msg(wpa_s, MSG_ERROR, "Invalid WPA parameter value for "
6671 			"dot11RSNAConfigPMKReauthThreshold");
6672 		return -1;
6673 	}
6674 
6675 	if (wpa_s->conf->dot11RSNAConfigSATimeout &&
6676 	    wpa_sm_set_param(wpa_s->wpa, RSNA_SA_TIMEOUT,
6677 			     wpa_s->conf->dot11RSNAConfigSATimeout)) {
6678 		wpa_msg(wpa_s, MSG_ERROR, "Invalid WPA parameter value for "
6679 			"dot11RSNAConfigSATimeout");
6680 		return -1;
6681 	}
6682 
6683 	wpa_s->hw.modes = wpa_drv_get_hw_feature_data(wpa_s,
6684 						      &wpa_s->hw.num_modes,
6685 						      &wpa_s->hw.flags,
6686 						      &dfs_domain);
6687 	if (wpa_s->hw.modes) {
6688 		u16 i;
6689 
6690 		for (i = 0; i < wpa_s->hw.num_modes; i++) {
6691 			if (wpa_s->hw.modes[i].vht_capab) {
6692 				wpa_s->hw_capab = CAPAB_VHT;
6693 				break;
6694 			}
6695 
6696 			if (wpa_s->hw.modes[i].ht_capab &
6697 			    HT_CAP_INFO_SUPP_CHANNEL_WIDTH_SET)
6698 				wpa_s->hw_capab = CAPAB_HT40;
6699 			else if (wpa_s->hw.modes[i].ht_capab &&
6700 				 wpa_s->hw_capab == CAPAB_NO_HT_VHT)
6701 				wpa_s->hw_capab = CAPAB_HT;
6702 		}
6703 	}
6704 
6705 	capa_res = wpa_drv_get_capa(wpa_s, &capa);
6706 	if (capa_res == 0) {
6707 		wpa_s->drv_capa_known = 1;
6708 		wpa_s->drv_flags = capa.flags;
6709 		wpa_s->drv_flags2 = capa.flags2;
6710 		wpa_s->drv_enc = capa.enc;
6711 		wpa_s->drv_rrm_flags = capa.rrm_flags;
6712 		wpa_s->probe_resp_offloads = capa.probe_resp_offloads;
6713 		wpa_s->max_scan_ssids = capa.max_scan_ssids;
6714 		wpa_s->max_sched_scan_ssids = capa.max_sched_scan_ssids;
6715 		wpa_s->max_sched_scan_plans = capa.max_sched_scan_plans;
6716 		wpa_s->max_sched_scan_plan_interval =
6717 			capa.max_sched_scan_plan_interval;
6718 		wpa_s->max_sched_scan_plan_iterations =
6719 			capa.max_sched_scan_plan_iterations;
6720 		wpa_s->sched_scan_supported = capa.sched_scan_supported;
6721 		wpa_s->max_match_sets = capa.max_match_sets;
6722 		wpa_s->max_remain_on_chan = capa.max_remain_on_chan;
6723 		wpa_s->max_stations = capa.max_stations;
6724 		wpa_s->extended_capa = capa.extended_capa;
6725 		wpa_s->extended_capa_mask = capa.extended_capa_mask;
6726 		wpa_s->extended_capa_len = capa.extended_capa_len;
6727 		wpa_s->num_multichan_concurrent =
6728 			capa.num_multichan_concurrent;
6729 		wpa_s->wmm_ac_supported = capa.wmm_ac_supported;
6730 
6731 		if (capa.mac_addr_rand_scan_supported)
6732 			wpa_s->mac_addr_rand_supported |= MAC_ADDR_RAND_SCAN;
6733 		if (wpa_s->sched_scan_supported &&
6734 		    capa.mac_addr_rand_sched_scan_supported)
6735 			wpa_s->mac_addr_rand_supported |=
6736 				(MAC_ADDR_RAND_SCHED_SCAN | MAC_ADDR_RAND_PNO);
6737 
6738 		wpa_drv_get_ext_capa(wpa_s, WPA_IF_STATION);
6739 		if (wpa_s->extended_capa &&
6740 		    wpa_s->extended_capa_len >= 3 &&
6741 		    wpa_s->extended_capa[2] & 0x40)
6742 			wpa_s->multi_bss_support = 1;
6743 	}
6744 	if (wpa_s->max_remain_on_chan == 0)
6745 		wpa_s->max_remain_on_chan = 1000;
6746 
6747 	/*
6748 	 * Only take p2p_mgmt parameters when P2P Device is supported.
6749 	 * Doing it here as it determines whether l2_packet_init() will be done
6750 	 * during wpa_supplicant_driver_init().
6751 	 */
6752 	if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_DEDICATED_P2P_DEVICE)
6753 		wpa_s->p2p_mgmt = iface->p2p_mgmt;
6754 
6755 	if (wpa_s->num_multichan_concurrent == 0)
6756 		wpa_s->num_multichan_concurrent = 1;
6757 
6758 	if (wpa_supplicant_driver_init(wpa_s) < 0)
6759 		return -1;
6760 
6761 #ifdef CONFIG_TDLS
6762 	if (!iface->p2p_mgmt && wpa_tdls_init(wpa_s->wpa))
6763 		return -1;
6764 #endif /* CONFIG_TDLS */
6765 
6766 	if (wpa_s->conf->country[0] && wpa_s->conf->country[1] &&
6767 	    wpa_drv_set_country(wpa_s, wpa_s->conf->country)) {
6768 		wpa_dbg(wpa_s, MSG_DEBUG, "Failed to set country");
6769 		return -1;
6770 	}
6771 
6772 #ifdef CONFIG_FST
6773 	if (wpa_s->conf->fst_group_id) {
6774 		struct fst_iface_cfg cfg;
6775 		struct fst_wpa_obj iface_obj;
6776 
6777 		fst_wpa_supplicant_fill_iface_obj(wpa_s, &iface_obj);
6778 		os_strlcpy(cfg.group_id, wpa_s->conf->fst_group_id,
6779 			   sizeof(cfg.group_id));
6780 		cfg.priority = wpa_s->conf->fst_priority;
6781 		cfg.llt = wpa_s->conf->fst_llt;
6782 
6783 		wpa_s->fst = fst_attach(wpa_s->ifname, wpa_s->own_addr,
6784 					&iface_obj, &cfg);
6785 		if (!wpa_s->fst) {
6786 			wpa_msg(wpa_s, MSG_ERROR,
6787 				"FST: Cannot attach iface %s to group %s",
6788 				wpa_s->ifname, cfg.group_id);
6789 			return -1;
6790 		}
6791 	}
6792 #endif /* CONFIG_FST */
6793 
6794 	if (wpas_wps_init(wpa_s))
6795 		return -1;
6796 
6797 #ifdef CONFIG_GAS_SERVER
6798 	wpa_s->gas_server = gas_server_init(wpa_s, wpas_gas_server_tx);
6799 	if (!wpa_s->gas_server) {
6800 		wpa_printf(MSG_ERROR, "Failed to initialize GAS server");
6801 		return -1;
6802 	}
6803 #endif /* CONFIG_GAS_SERVER */
6804 
6805 #ifdef CONFIG_DPP
6806 	if (wpas_dpp_init(wpa_s) < 0)
6807 		return -1;
6808 #endif /* CONFIG_DPP */
6809 
6810 	if (wpa_supplicant_init_eapol(wpa_s) < 0)
6811 		return -1;
6812 	wpa_sm_set_eapol(wpa_s->wpa, wpa_s->eapol);
6813 
6814 	wpa_s->ctrl_iface = wpa_supplicant_ctrl_iface_init(wpa_s);
6815 	if (wpa_s->ctrl_iface == NULL) {
6816 		wpa_printf(MSG_ERROR,
6817 			   "Failed to initialize control interface '%s'.\n"
6818 			   "You may have another wpa_supplicant process "
6819 			   "already running or the file was\n"
6820 			   "left by an unclean termination of wpa_supplicant "
6821 			   "in which case you will need\n"
6822 			   "to manually remove this file before starting "
6823 			   "wpa_supplicant again.\n",
6824 			   wpa_s->conf->ctrl_interface);
6825 		return -1;
6826 	}
6827 
6828 	wpa_s->gas = gas_query_init(wpa_s);
6829 	if (wpa_s->gas == NULL) {
6830 		wpa_printf(MSG_ERROR, "Failed to initialize GAS query");
6831 		return -1;
6832 	}
6833 
6834 	if ((!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_DEDICATED_P2P_DEVICE) ||
6835 	     wpa_s->p2p_mgmt) &&
6836 	    wpas_p2p_init(wpa_s->global, wpa_s) < 0) {
6837 		wpa_msg(wpa_s, MSG_ERROR, "Failed to init P2P");
6838 		return -1;
6839 	}
6840 
6841 	if (wpa_bss_init(wpa_s) < 0)
6842 		return -1;
6843 
6844 #ifdef CONFIG_PMKSA_CACHE_EXTERNAL
6845 #ifdef CONFIG_MESH
6846 	dl_list_init(&wpa_s->mesh_external_pmksa_cache);
6847 #endif /* CONFIG_MESH */
6848 #endif /* CONFIG_PMKSA_CACHE_EXTERNAL */
6849 
6850 	/*
6851 	 * Set Wake-on-WLAN triggers, if configured.
6852 	 * Note: We don't restore/remove the triggers on shutdown (it doesn't
6853 	 * have effect anyway when the interface is down).
6854 	 */
6855 	if (capa_res == 0 && wpas_set_wowlan_triggers(wpa_s, &capa) < 0)
6856 		return -1;
6857 
6858 #ifdef CONFIG_EAP_PROXY
6859 {
6860 	size_t len;
6861 	wpa_s->mnc_len = eapol_sm_get_eap_proxy_imsi(wpa_s->eapol, -1,
6862 						     wpa_s->imsi, &len);
6863 	if (wpa_s->mnc_len > 0) {
6864 		wpa_s->imsi[len] = '\0';
6865 		wpa_printf(MSG_DEBUG, "eap_proxy: IMSI %s (MNC length %d)",
6866 			   wpa_s->imsi, wpa_s->mnc_len);
6867 	} else {
6868 		wpa_printf(MSG_DEBUG, "eap_proxy: IMSI not available");
6869 	}
6870 }
6871 #endif /* CONFIG_EAP_PROXY */
6872 
6873 	if (pcsc_reader_init(wpa_s) < 0)
6874 		return -1;
6875 
6876 	if (wpas_init_ext_pw(wpa_s) < 0)
6877 		return -1;
6878 
6879 	wpas_rrm_reset(wpa_s);
6880 
6881 	wpas_sched_scan_plans_set(wpa_s, wpa_s->conf->sched_scan_plans);
6882 
6883 #ifdef CONFIG_HS20
6884 	hs20_init(wpa_s);
6885 #endif /* CONFIG_HS20 */
6886 #ifdef CONFIG_MBO
6887 	if (!wpa_s->disable_mbo_oce && wpa_s->conf->oce) {
6888 		if ((wpa_s->conf->oce & OCE_STA) &&
6889 		    (wpa_s->drv_flags & WPA_DRIVER_FLAGS_OCE_STA))
6890 			wpa_s->enable_oce = OCE_STA;
6891 		if ((wpa_s->conf->oce & OCE_STA_CFON) &&
6892 		    (wpa_s->drv_flags & WPA_DRIVER_FLAGS_OCE_STA_CFON)) {
6893 			/* TODO: Need to add STA-CFON support */
6894 			wpa_printf(MSG_ERROR,
6895 				   "OCE STA-CFON feature is not yet supported");
6896 		}
6897 	}
6898 	wpas_mbo_update_non_pref_chan(wpa_s, wpa_s->conf->non_pref_chan);
6899 #endif /* CONFIG_MBO */
6900 
6901 	wpa_supplicant_set_default_scan_ies(wpa_s);
6902 
6903 	return 0;
6904 }
6905 
6906 
6907 static void wpa_supplicant_deinit_iface(struct wpa_supplicant *wpa_s,
6908 					int notify, int terminate)
6909 {
6910 	struct wpa_global *global = wpa_s->global;
6911 	struct wpa_supplicant *iface, *prev;
6912 
6913 	if (wpa_s == wpa_s->parent)
6914 		wpas_p2p_group_remove(wpa_s, "*");
6915 
6916 	iface = global->ifaces;
6917 	while (iface) {
6918 		if (iface->p2pdev == wpa_s)
6919 			iface->p2pdev = iface->parent;
6920 		if (iface == wpa_s || iface->parent != wpa_s) {
6921 			iface = iface->next;
6922 			continue;
6923 		}
6924 		wpa_printf(MSG_DEBUG,
6925 			   "Remove remaining child interface %s from parent %s",
6926 			   iface->ifname, wpa_s->ifname);
6927 		prev = iface;
6928 		iface = iface->next;
6929 		wpa_supplicant_remove_iface(global, prev, terminate);
6930 	}
6931 
6932 	wpa_s->disconnected = 1;
6933 	if (wpa_s->drv_priv) {
6934 		/*
6935 		 * Don't deauthenticate if WoWLAN is enable and not explicitly
6936 		 * been configured to disconnect.
6937 		 */
6938 		if (!wpa_drv_get_wowlan(wpa_s) ||
6939 		    wpa_s->conf->wowlan_disconnect_on_deinit) {
6940 			wpa_supplicant_deauthenticate(
6941 				wpa_s, WLAN_REASON_DEAUTH_LEAVING);
6942 
6943 			wpa_drv_set_countermeasures(wpa_s, 0);
6944 			wpa_clear_keys(wpa_s, NULL);
6945 		} else {
6946 			wpa_msg(wpa_s, MSG_INFO,
6947 				"Do not deauthenticate as part of interface deinit since WoWLAN is enabled");
6948 		}
6949 	}
6950 
6951 	wpa_supplicant_cleanup(wpa_s);
6952 	wpas_p2p_deinit_iface(wpa_s);
6953 
6954 	wpas_ctrl_radio_work_flush(wpa_s);
6955 	radio_remove_interface(wpa_s);
6956 
6957 #ifdef CONFIG_FST
6958 	if (wpa_s->fst) {
6959 		fst_detach(wpa_s->fst);
6960 		wpa_s->fst = NULL;
6961 	}
6962 	if (wpa_s->received_mb_ies) {
6963 		wpabuf_free(wpa_s->received_mb_ies);
6964 		wpa_s->received_mb_ies = NULL;
6965 	}
6966 #endif /* CONFIG_FST */
6967 
6968 	if (wpa_s->drv_priv)
6969 		wpa_drv_deinit(wpa_s);
6970 
6971 	if (notify)
6972 		wpas_notify_iface_removed(wpa_s);
6973 
6974 	if (terminate)
6975 		wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_TERMINATING);
6976 
6977 	wpa_supplicant_ctrl_iface_deinit(wpa_s, wpa_s->ctrl_iface);
6978 	wpa_s->ctrl_iface = NULL;
6979 
6980 #ifdef CONFIG_MESH
6981 	if (wpa_s->ifmsh) {
6982 		wpa_supplicant_mesh_iface_deinit(wpa_s, wpa_s->ifmsh, true);
6983 		wpa_s->ifmsh = NULL;
6984 	}
6985 #endif /* CONFIG_MESH */
6986 
6987 	if (wpa_s->conf != NULL) {
6988 		wpa_config_free(wpa_s->conf);
6989 		wpa_s->conf = NULL;
6990 	}
6991 
6992 	os_free(wpa_s->ssids_from_scan_req);
6993 	os_free(wpa_s->last_scan_freqs);
6994 
6995 	os_free(wpa_s);
6996 }
6997 
6998 
6999 #ifdef CONFIG_MATCH_IFACE
7000 
7001 /**
7002  * wpa_supplicant_match_iface - Match an interface description to a name
7003  * @global: Pointer to global data from wpa_supplicant_init()
7004  * @ifname: Name of the interface to match
7005  * Returns: Pointer to the created interface description or %NULL on failure
7006  */
7007 struct wpa_interface * wpa_supplicant_match_iface(struct wpa_global *global,
7008 						  const char *ifname)
7009 {
7010 	int i;
7011 	struct wpa_interface *iface, *miface;
7012 
7013 	for (i = 0; i < global->params.match_iface_count; i++) {
7014 		miface = &global->params.match_ifaces[i];
7015 		if (!miface->ifname ||
7016 		    fnmatch(miface->ifname, ifname, 0) == 0) {
7017 			iface = os_zalloc(sizeof(*iface));
7018 			if (!iface)
7019 				return NULL;
7020 			*iface = *miface;
7021 			if (!miface->ifname)
7022 				iface->matched = WPA_IFACE_MATCHED_NULL;
7023 			else
7024 				iface->matched = WPA_IFACE_MATCHED;
7025 			iface->ifname = ifname;
7026 			return iface;
7027 		}
7028 	}
7029 
7030 	return NULL;
7031 }
7032 
7033 
7034 /**
7035  * wpa_supplicant_match_existing - Match existing interfaces
7036  * @global: Pointer to global data from wpa_supplicant_init()
7037  * Returns: 0 on success, -1 on failure
7038  */
7039 static int wpa_supplicant_match_existing(struct wpa_global *global)
7040 {
7041 	struct if_nameindex *ifi, *ifp;
7042 	struct wpa_supplicant *wpa_s;
7043 	struct wpa_interface *iface;
7044 
7045 	ifp = if_nameindex();
7046 	if (!ifp) {
7047 		wpa_printf(MSG_ERROR, "if_nameindex: %s", strerror(errno));
7048 		return -1;
7049 	}
7050 
7051 	for (ifi = ifp; ifi->if_name; ifi++) {
7052 		wpa_s = wpa_supplicant_get_iface(global, ifi->if_name);
7053 		if (wpa_s)
7054 			continue;
7055 		iface = wpa_supplicant_match_iface(global, ifi->if_name);
7056 		if (iface) {
7057 			wpa_supplicant_add_iface(global, iface, NULL);
7058 			os_free(iface);
7059 		}
7060 	}
7061 
7062 	if_freenameindex(ifp);
7063 	return 0;
7064 }
7065 
7066 #endif /* CONFIG_MATCH_IFACE */
7067 
7068 
7069 /**
7070  * wpa_supplicant_add_iface - Add a new network interface
7071  * @global: Pointer to global data from wpa_supplicant_init()
7072  * @iface: Interface configuration options
7073  * @parent: Parent interface or %NULL to assign new interface as parent
7074  * Returns: Pointer to the created interface or %NULL on failure
7075  *
7076  * This function is used to add new network interfaces for %wpa_supplicant.
7077  * This can be called before wpa_supplicant_run() to add interfaces before the
7078  * main event loop has been started. In addition, new interfaces can be added
7079  * dynamically while %wpa_supplicant is already running. This could happen,
7080  * e.g., when a hotplug network adapter is inserted.
7081  */
7082 struct wpa_supplicant * wpa_supplicant_add_iface(struct wpa_global *global,
7083 						 struct wpa_interface *iface,
7084 						 struct wpa_supplicant *parent)
7085 {
7086 	struct wpa_supplicant *wpa_s;
7087 	struct wpa_interface t_iface;
7088 	struct wpa_ssid *ssid;
7089 
7090 	if (global == NULL || iface == NULL)
7091 		return NULL;
7092 
7093 	wpa_s = wpa_supplicant_alloc(parent);
7094 	if (wpa_s == NULL)
7095 		return NULL;
7096 
7097 	wpa_s->global = global;
7098 
7099 	t_iface = *iface;
7100 	if (global->params.override_driver) {
7101 		wpa_printf(MSG_DEBUG, "Override interface parameter: driver "
7102 			   "('%s' -> '%s')",
7103 			   iface->driver, global->params.override_driver);
7104 		t_iface.driver = global->params.override_driver;
7105 	}
7106 	if (global->params.override_ctrl_interface) {
7107 		wpa_printf(MSG_DEBUG, "Override interface parameter: "
7108 			   "ctrl_interface ('%s' -> '%s')",
7109 			   iface->ctrl_interface,
7110 			   global->params.override_ctrl_interface);
7111 		t_iface.ctrl_interface =
7112 			global->params.override_ctrl_interface;
7113 	}
7114 	if (wpa_supplicant_init_iface(wpa_s, &t_iface)) {
7115 		wpa_printf(MSG_DEBUG, "Failed to add interface %s",
7116 			   iface->ifname);
7117 		wpa_supplicant_deinit_iface(wpa_s, 0, 0);
7118 		return NULL;
7119 	}
7120 
7121 	if (iface->p2p_mgmt == 0) {
7122 		/* Notify the control interfaces about new iface */
7123 		if (wpas_notify_iface_added(wpa_s)) {
7124 			wpa_supplicant_deinit_iface(wpa_s, 1, 0);
7125 			return NULL;
7126 		}
7127 
7128 		for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next)
7129 			wpas_notify_network_added(wpa_s, ssid);
7130 	}
7131 
7132 	wpa_s->next = global->ifaces;
7133 	global->ifaces = wpa_s;
7134 
7135 	wpa_dbg(wpa_s, MSG_DEBUG, "Added interface %s", wpa_s->ifname);
7136 	wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED);
7137 
7138 #ifdef CONFIG_P2P
7139 	if (wpa_s->global->p2p == NULL &&
7140 	    !wpa_s->global->p2p_disabled && !wpa_s->conf->p2p_disabled &&
7141 	    (wpa_s->drv_flags & WPA_DRIVER_FLAGS_DEDICATED_P2P_DEVICE) &&
7142 	    wpas_p2p_add_p2pdev_interface(
7143 		    wpa_s, wpa_s->global->params.conf_p2p_dev) < 0) {
7144 		wpa_printf(MSG_INFO,
7145 			   "P2P: Failed to enable P2P Device interface");
7146 		/* Try to continue without. P2P will be disabled. */
7147 	}
7148 #endif /* CONFIG_P2P */
7149 
7150 	return wpa_s;
7151 }
7152 
7153 
7154 /**
7155  * wpa_supplicant_remove_iface - Remove a network interface
7156  * @global: Pointer to global data from wpa_supplicant_init()
7157  * @wpa_s: Pointer to the network interface to be removed
7158  * Returns: 0 if interface was removed, -1 if interface was not found
7159  *
7160  * This function can be used to dynamically remove network interfaces from
7161  * %wpa_supplicant, e.g., when a hotplug network adapter is ejected. In
7162  * addition, this function is used to remove all remaining interfaces when
7163  * %wpa_supplicant is terminated.
7164  */
7165 int wpa_supplicant_remove_iface(struct wpa_global *global,
7166 				struct wpa_supplicant *wpa_s,
7167 				int terminate)
7168 {
7169 	struct wpa_supplicant *prev;
7170 #ifdef CONFIG_MESH
7171 	unsigned int mesh_if_created = wpa_s->mesh_if_created;
7172 	char *ifname = NULL;
7173 	struct wpa_supplicant *parent = wpa_s->parent;
7174 #endif /* CONFIG_MESH */
7175 
7176 	/* Remove interface from the global list of interfaces */
7177 	prev = global->ifaces;
7178 	if (prev == wpa_s) {
7179 		global->ifaces = wpa_s->next;
7180 	} else {
7181 		while (prev && prev->next != wpa_s)
7182 			prev = prev->next;
7183 		if (prev == NULL)
7184 			return -1;
7185 		prev->next = wpa_s->next;
7186 	}
7187 
7188 	wpa_dbg(wpa_s, MSG_DEBUG, "Removing interface %s", wpa_s->ifname);
7189 
7190 #ifdef CONFIG_MESH
7191 	if (mesh_if_created) {
7192 		ifname = os_strdup(wpa_s->ifname);
7193 		if (ifname == NULL) {
7194 			wpa_dbg(wpa_s, MSG_ERROR,
7195 				"mesh: Failed to malloc ifname");
7196 			return -1;
7197 		}
7198 	}
7199 #endif /* CONFIG_MESH */
7200 
7201 	if (global->p2p_group_formation == wpa_s)
7202 		global->p2p_group_formation = NULL;
7203 	if (global->p2p_invite_group == wpa_s)
7204 		global->p2p_invite_group = NULL;
7205 	wpa_supplicant_deinit_iface(wpa_s, 1, terminate);
7206 
7207 #ifdef CONFIG_MESH
7208 	if (mesh_if_created) {
7209 		wpa_drv_if_remove(parent, WPA_IF_MESH, ifname);
7210 		os_free(ifname);
7211 	}
7212 #endif /* CONFIG_MESH */
7213 
7214 	return 0;
7215 }
7216 
7217 
7218 /**
7219  * wpa_supplicant_get_eap_mode - Get the current EAP mode
7220  * @wpa_s: Pointer to the network interface
7221  * Returns: Pointer to the eap mode or the string "UNKNOWN" if not found
7222  */
7223 const char * wpa_supplicant_get_eap_mode(struct wpa_supplicant *wpa_s)
7224 {
7225 	const char *eapol_method;
7226 
7227         if (wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt) == 0 &&
7228             wpa_s->key_mgmt != WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
7229 		return "NO-EAP";
7230 	}
7231 
7232 	eapol_method = eapol_sm_get_method_name(wpa_s->eapol);
7233 	if (eapol_method == NULL)
7234 		return "UNKNOWN-EAP";
7235 
7236 	return eapol_method;
7237 }
7238 
7239 
7240 /**
7241  * wpa_supplicant_get_iface - Get a new network interface
7242  * @global: Pointer to global data from wpa_supplicant_init()
7243  * @ifname: Interface name
7244  * Returns: Pointer to the interface or %NULL if not found
7245  */
7246 struct wpa_supplicant * wpa_supplicant_get_iface(struct wpa_global *global,
7247 						 const char *ifname)
7248 {
7249 	struct wpa_supplicant *wpa_s;
7250 
7251 	for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next) {
7252 		if (os_strcmp(wpa_s->ifname, ifname) == 0)
7253 			return wpa_s;
7254 	}
7255 	return NULL;
7256 }
7257 
7258 
7259 #ifndef CONFIG_NO_WPA_MSG
7260 static const char * wpa_supplicant_msg_ifname_cb(void *ctx)
7261 {
7262 	struct wpa_supplicant *wpa_s = ctx;
7263 	if (wpa_s == NULL)
7264 		return NULL;
7265 	return wpa_s->ifname;
7266 }
7267 #endif /* CONFIG_NO_WPA_MSG */
7268 
7269 
7270 #ifndef WPA_SUPPLICANT_CLEANUP_INTERVAL
7271 #define WPA_SUPPLICANT_CLEANUP_INTERVAL 10
7272 #endif /* WPA_SUPPLICANT_CLEANUP_INTERVAL */
7273 
7274 /* Periodic cleanup tasks */
7275 static void wpas_periodic(void *eloop_ctx, void *timeout_ctx)
7276 {
7277 	struct wpa_global *global = eloop_ctx;
7278 	struct wpa_supplicant *wpa_s;
7279 
7280 	eloop_register_timeout(WPA_SUPPLICANT_CLEANUP_INTERVAL, 0,
7281 			       wpas_periodic, global, NULL);
7282 
7283 #ifdef CONFIG_P2P
7284 	if (global->p2p)
7285 		p2p_expire_peers(global->p2p);
7286 #endif /* CONFIG_P2P */
7287 
7288 	for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next) {
7289 		wpa_bss_flush_by_age(wpa_s, wpa_s->conf->bss_expiration_age);
7290 #ifdef CONFIG_AP
7291 		ap_periodic(wpa_s);
7292 #endif /* CONFIG_AP */
7293 	}
7294 }
7295 
7296 
7297 /**
7298  * wpa_supplicant_init - Initialize %wpa_supplicant
7299  * @params: Parameters for %wpa_supplicant
7300  * Returns: Pointer to global %wpa_supplicant data, or %NULL on failure
7301  *
7302  * This function is used to initialize %wpa_supplicant. After successful
7303  * initialization, the returned data pointer can be used to add and remove
7304  * network interfaces, and eventually, to deinitialize %wpa_supplicant.
7305  */
7306 struct wpa_global * wpa_supplicant_init(struct wpa_params *params)
7307 {
7308 	struct wpa_global *global;
7309 	int ret, i;
7310 
7311 	if (params == NULL)
7312 		return NULL;
7313 
7314 #ifndef CONFIG_NO_WPA_MSG
7315 	wpa_msg_register_ifname_cb(wpa_supplicant_msg_ifname_cb);
7316 #endif /* CONFIG_NO_WPA_MSG */
7317 
7318 	if (params->wpa_debug_file_path)
7319 		wpa_debug_open_file(params->wpa_debug_file_path);
7320 	if (!params->wpa_debug_file_path && !params->wpa_debug_syslog)
7321 		wpa_debug_setup_stdout();
7322 	if (params->wpa_debug_syslog)
7323 		wpa_debug_open_syslog();
7324 	if (params->wpa_debug_tracing) {
7325 		ret = wpa_debug_open_linux_tracing();
7326 		if (ret) {
7327 			wpa_printf(MSG_ERROR,
7328 				   "Failed to enable trace logging");
7329 			return NULL;
7330 		}
7331 	}
7332 
7333 	ret = eap_register_methods();
7334 	if (ret) {
7335 		wpa_printf(MSG_ERROR, "Failed to register EAP methods");
7336 		if (ret == -2)
7337 			wpa_printf(MSG_ERROR, "Two or more EAP methods used "
7338 				   "the same EAP type.");
7339 		return NULL;
7340 	}
7341 
7342 	global = os_zalloc(sizeof(*global));
7343 	if (global == NULL)
7344 		return NULL;
7345 	dl_list_init(&global->p2p_srv_bonjour);
7346 	dl_list_init(&global->p2p_srv_upnp);
7347 	global->params.daemonize = params->daemonize;
7348 	global->params.wait_for_monitor = params->wait_for_monitor;
7349 	global->params.dbus_ctrl_interface = params->dbus_ctrl_interface;
7350 	if (params->pid_file)
7351 		global->params.pid_file = os_strdup(params->pid_file);
7352 	if (params->ctrl_interface)
7353 		global->params.ctrl_interface =
7354 			os_strdup(params->ctrl_interface);
7355 	if (params->ctrl_interface_group)
7356 		global->params.ctrl_interface_group =
7357 			os_strdup(params->ctrl_interface_group);
7358 	if (params->override_driver)
7359 		global->params.override_driver =
7360 			os_strdup(params->override_driver);
7361 	if (params->override_ctrl_interface)
7362 		global->params.override_ctrl_interface =
7363 			os_strdup(params->override_ctrl_interface);
7364 #ifdef CONFIG_MATCH_IFACE
7365 	global->params.match_iface_count = params->match_iface_count;
7366 	if (params->match_iface_count) {
7367 		global->params.match_ifaces =
7368 			os_calloc(params->match_iface_count,
7369 				  sizeof(struct wpa_interface));
7370 		os_memcpy(global->params.match_ifaces,
7371 			  params->match_ifaces,
7372 			  params->match_iface_count *
7373 			  sizeof(struct wpa_interface));
7374 	}
7375 #endif /* CONFIG_MATCH_IFACE */
7376 #ifdef CONFIG_P2P
7377 	if (params->conf_p2p_dev)
7378 		global->params.conf_p2p_dev =
7379 			os_strdup(params->conf_p2p_dev);
7380 #endif /* CONFIG_P2P */
7381 	wpa_debug_level = global->params.wpa_debug_level =
7382 		params->wpa_debug_level;
7383 	wpa_debug_show_keys = global->params.wpa_debug_show_keys =
7384 		params->wpa_debug_show_keys;
7385 	wpa_debug_timestamp = global->params.wpa_debug_timestamp =
7386 		params->wpa_debug_timestamp;
7387 
7388 	wpa_printf(MSG_DEBUG, "wpa_supplicant v%s", VERSION_STR);
7389 
7390 	if (eloop_init()) {
7391 		wpa_printf(MSG_ERROR, "Failed to initialize event loop");
7392 		wpa_supplicant_deinit(global);
7393 		return NULL;
7394 	}
7395 
7396 	random_init(params->entropy_file);
7397 
7398 	global->ctrl_iface = wpa_supplicant_global_ctrl_iface_init(global);
7399 	if (global->ctrl_iface == NULL) {
7400 		wpa_supplicant_deinit(global);
7401 		return NULL;
7402 	}
7403 
7404 	if (wpas_notify_supplicant_initialized(global)) {
7405 		wpa_supplicant_deinit(global);
7406 		return NULL;
7407 	}
7408 
7409 	for (i = 0; wpa_drivers[i]; i++)
7410 		global->drv_count++;
7411 	if (global->drv_count == 0) {
7412 		wpa_printf(MSG_ERROR, "No drivers enabled");
7413 		wpa_supplicant_deinit(global);
7414 		return NULL;
7415 	}
7416 	global->drv_priv = os_calloc(global->drv_count, sizeof(void *));
7417 	if (global->drv_priv == NULL) {
7418 		wpa_supplicant_deinit(global);
7419 		return NULL;
7420 	}
7421 
7422 #ifdef CONFIG_WIFI_DISPLAY
7423 	if (wifi_display_init(global) < 0) {
7424 		wpa_printf(MSG_ERROR, "Failed to initialize Wi-Fi Display");
7425 		wpa_supplicant_deinit(global);
7426 		return NULL;
7427 	}
7428 #endif /* CONFIG_WIFI_DISPLAY */
7429 
7430 	eloop_register_timeout(WPA_SUPPLICANT_CLEANUP_INTERVAL, 0,
7431 			       wpas_periodic, global, NULL);
7432 
7433 	return global;
7434 }
7435 
7436 
7437 /**
7438  * wpa_supplicant_run - Run the %wpa_supplicant main event loop
7439  * @global: Pointer to global data from wpa_supplicant_init()
7440  * Returns: 0 after successful event loop run, -1 on failure
7441  *
7442  * This function starts the main event loop and continues running as long as
7443  * there are any remaining events. In most cases, this function is running as
7444  * long as the %wpa_supplicant process in still in use.
7445  */
7446 int wpa_supplicant_run(struct wpa_global *global)
7447 {
7448 	struct wpa_supplicant *wpa_s;
7449 
7450 	if (global->params.daemonize &&
7451 	    (wpa_supplicant_daemon(global->params.pid_file) ||
7452 	     eloop_sock_requeue()))
7453 		return -1;
7454 
7455 #ifdef CONFIG_MATCH_IFACE
7456 	if (wpa_supplicant_match_existing(global))
7457 		return -1;
7458 #endif
7459 
7460 	if (global->params.wait_for_monitor) {
7461 		for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next)
7462 			if (wpa_s->ctrl_iface && !wpa_s->p2p_mgmt)
7463 				wpa_supplicant_ctrl_iface_wait(
7464 					wpa_s->ctrl_iface);
7465 	}
7466 
7467 	eloop_register_signal_terminate(wpa_supplicant_terminate, global);
7468 	eloop_register_signal_reconfig(wpa_supplicant_reconfig, global);
7469 
7470 	eloop_run();
7471 
7472 	return 0;
7473 }
7474 
7475 
7476 /**
7477  * wpa_supplicant_deinit - Deinitialize %wpa_supplicant
7478  * @global: Pointer to global data from wpa_supplicant_init()
7479  *
7480  * This function is called to deinitialize %wpa_supplicant and to free all
7481  * allocated resources. Remaining network interfaces will also be removed.
7482  */
7483 void wpa_supplicant_deinit(struct wpa_global *global)
7484 {
7485 	int i;
7486 
7487 	if (global == NULL)
7488 		return;
7489 
7490 	eloop_cancel_timeout(wpas_periodic, global, NULL);
7491 
7492 #ifdef CONFIG_WIFI_DISPLAY
7493 	wifi_display_deinit(global);
7494 #endif /* CONFIG_WIFI_DISPLAY */
7495 
7496 	while (global->ifaces)
7497 		wpa_supplicant_remove_iface(global, global->ifaces, 1);
7498 
7499 	if (global->ctrl_iface)
7500 		wpa_supplicant_global_ctrl_iface_deinit(global->ctrl_iface);
7501 
7502 	wpas_notify_supplicant_deinitialized(global);
7503 
7504 	eap_peer_unregister_methods();
7505 #ifdef CONFIG_AP
7506 	eap_server_unregister_methods();
7507 #endif /* CONFIG_AP */
7508 
7509 	for (i = 0; wpa_drivers[i] && global->drv_priv; i++) {
7510 		if (!global->drv_priv[i])
7511 			continue;
7512 		wpa_drivers[i]->global_deinit(global->drv_priv[i]);
7513 	}
7514 	os_free(global->drv_priv);
7515 
7516 	random_deinit();
7517 
7518 	eloop_destroy();
7519 
7520 	if (global->params.pid_file) {
7521 		os_daemonize_terminate(global->params.pid_file);
7522 		os_free(global->params.pid_file);
7523 	}
7524 	os_free(global->params.ctrl_interface);
7525 	os_free(global->params.ctrl_interface_group);
7526 	os_free(global->params.override_driver);
7527 	os_free(global->params.override_ctrl_interface);
7528 #ifdef CONFIG_MATCH_IFACE
7529 	os_free(global->params.match_ifaces);
7530 #endif /* CONFIG_MATCH_IFACE */
7531 #ifdef CONFIG_P2P
7532 	os_free(global->params.conf_p2p_dev);
7533 #endif /* CONFIG_P2P */
7534 
7535 	os_free(global->p2p_disallow_freq.range);
7536 	os_free(global->p2p_go_avoid_freq.range);
7537 	os_free(global->add_psk);
7538 
7539 	os_free(global);
7540 	wpa_debug_close_syslog();
7541 	wpa_debug_close_file();
7542 	wpa_debug_close_linux_tracing();
7543 }
7544 
7545 
7546 void wpa_supplicant_update_config(struct wpa_supplicant *wpa_s)
7547 {
7548 	if ((wpa_s->conf->changed_parameters & CFG_CHANGED_COUNTRY) &&
7549 	    wpa_s->conf->country[0] && wpa_s->conf->country[1]) {
7550 		char country[3];
7551 		country[0] = wpa_s->conf->country[0];
7552 		country[1] = wpa_s->conf->country[1];
7553 		country[2] = '\0';
7554 		if (wpa_drv_set_country(wpa_s, country) < 0) {
7555 			wpa_printf(MSG_ERROR, "Failed to set country code "
7556 				   "'%s'", country);
7557 		}
7558 	}
7559 
7560 	if (wpa_s->conf->changed_parameters & CFG_CHANGED_EXT_PW_BACKEND)
7561 		wpas_init_ext_pw(wpa_s);
7562 
7563 	if (wpa_s->conf->changed_parameters & CFG_CHANGED_SCHED_SCAN_PLANS)
7564 		wpas_sched_scan_plans_set(wpa_s, wpa_s->conf->sched_scan_plans);
7565 
7566 	if (wpa_s->conf->changed_parameters & CFG_CHANGED_WOWLAN_TRIGGERS) {
7567 		struct wpa_driver_capa capa;
7568 		int res = wpa_drv_get_capa(wpa_s, &capa);
7569 
7570 		if (res == 0 && wpas_set_wowlan_triggers(wpa_s, &capa) < 0)
7571 			wpa_printf(MSG_ERROR,
7572 				   "Failed to update wowlan_triggers to '%s'",
7573 				   wpa_s->conf->wowlan_triggers);
7574 	}
7575 
7576 	if (wpa_s->conf->changed_parameters & CFG_CHANGED_DISABLE_BTM)
7577 		wpa_supplicant_set_default_scan_ies(wpa_s);
7578 
7579 #ifdef CONFIG_BGSCAN
7580 	/*
7581 	 * We default to global bgscan parameters only when per-network bgscan
7582 	 * parameters aren't set. Only bother resetting bgscan parameters if
7583 	 * this is the case.
7584 	 */
7585 	if ((wpa_s->conf->changed_parameters & CFG_CHANGED_BGSCAN) &&
7586 	    wpa_s->current_ssid && !wpa_s->current_ssid->bgscan &&
7587 	    wpa_s->wpa_state == WPA_COMPLETED)
7588 		wpa_supplicant_reset_bgscan(wpa_s);
7589 #endif /* CONFIG_BGSCAN */
7590 
7591 #ifdef CONFIG_WPS
7592 	wpas_wps_update_config(wpa_s);
7593 #endif /* CONFIG_WPS */
7594 	wpas_p2p_update_config(wpa_s);
7595 	wpa_s->conf->changed_parameters = 0;
7596 }
7597 
7598 
7599 void add_freq(int *freqs, int *num_freqs, int freq)
7600 {
7601 	int i;
7602 
7603 	for (i = 0; i < *num_freqs; i++) {
7604 		if (freqs[i] == freq)
7605 			return;
7606 	}
7607 
7608 	freqs[*num_freqs] = freq;
7609 	(*num_freqs)++;
7610 }
7611 
7612 
7613 static int * get_bss_freqs_in_ess(struct wpa_supplicant *wpa_s)
7614 {
7615 	struct wpa_bss *bss, *cbss;
7616 	const int max_freqs = 10;
7617 	int *freqs;
7618 	int num_freqs = 0;
7619 
7620 	freqs = os_calloc(max_freqs + 1, sizeof(int));
7621 	if (freqs == NULL)
7622 		return NULL;
7623 
7624 	cbss = wpa_s->current_bss;
7625 
7626 	dl_list_for_each(bss, &wpa_s->bss, struct wpa_bss, list) {
7627 		if (bss == cbss)
7628 			continue;
7629 		if (bss->ssid_len == cbss->ssid_len &&
7630 		    os_memcmp(bss->ssid, cbss->ssid, bss->ssid_len) == 0 &&
7631 		    !wpa_bssid_ignore_is_listed(wpa_s, bss->bssid)) {
7632 			add_freq(freqs, &num_freqs, bss->freq);
7633 			if (num_freqs == max_freqs)
7634 				break;
7635 		}
7636 	}
7637 
7638 	if (num_freqs == 0) {
7639 		os_free(freqs);
7640 		freqs = NULL;
7641 	}
7642 
7643 	return freqs;
7644 }
7645 
7646 
7647 void wpas_connection_failed(struct wpa_supplicant *wpa_s, const u8 *bssid)
7648 {
7649 	int timeout;
7650 	int count;
7651 	int *freqs = NULL;
7652 
7653 	wpas_connect_work_done(wpa_s);
7654 
7655 	/*
7656 	 * Remove possible authentication timeout since the connection failed.
7657 	 */
7658 	eloop_cancel_timeout(wpa_supplicant_timeout, wpa_s, NULL);
7659 
7660 	/*
7661 	 * There is no point in ignoring the AP temporarily if this event is
7662 	 * generated based on local request to disconnect.
7663 	 */
7664 	if (wpa_s->own_disconnect_req || wpa_s->own_reconnect_req) {
7665 		wpa_s->own_disconnect_req = 0;
7666 		wpa_dbg(wpa_s, MSG_DEBUG,
7667 			"Ignore connection failure due to local request to disconnect");
7668 		return;
7669 	}
7670 	if (wpa_s->disconnected) {
7671 		wpa_dbg(wpa_s, MSG_DEBUG, "Ignore connection failure "
7672 			"indication since interface has been put into "
7673 			"disconnected state");
7674 		return;
7675 	}
7676 
7677 	/*
7678 	 * Add the failed BSSID into the ignore list and speed up next scan
7679 	 * attempt if there could be other APs that could accept association.
7680 	 */
7681 	count = wpa_bssid_ignore_add(wpa_s, bssid);
7682 	if (count == 1 && wpa_s->current_bss) {
7683 		/*
7684 		 * This BSS was not in the ignore list before. If there is
7685 		 * another BSS available for the same ESS, we should try that
7686 		 * next. Otherwise, we may as well try this one once more
7687 		 * before allowing other, likely worse, ESSes to be considered.
7688 		 */
7689 		freqs = get_bss_freqs_in_ess(wpa_s);
7690 		if (freqs) {
7691 			wpa_dbg(wpa_s, MSG_DEBUG, "Another BSS in this ESS "
7692 				"has been seen; try it next");
7693 			wpa_bssid_ignore_add(wpa_s, bssid);
7694 			/*
7695 			 * On the next scan, go through only the known channels
7696 			 * used in this ESS based on previous scans to speed up
7697 			 * common load balancing use case.
7698 			 */
7699 			os_free(wpa_s->next_scan_freqs);
7700 			wpa_s->next_scan_freqs = freqs;
7701 		}
7702 	}
7703 
7704 	wpa_s->consecutive_conn_failures++;
7705 
7706 	if (wpa_s->consecutive_conn_failures > 3 && wpa_s->current_ssid) {
7707 		wpa_printf(MSG_DEBUG, "Continuous association failures - "
7708 			   "consider temporary network disabling");
7709 		wpas_auth_failed(wpa_s, "CONN_FAILED");
7710 	}
7711 	/*
7712 	 * Multiple consecutive connection failures mean that other APs are
7713 	 * either not available or have already been tried, so we can start
7714 	 * increasing the delay here to avoid constant scanning.
7715 	 */
7716 	switch (wpa_s->consecutive_conn_failures) {
7717 	case 1:
7718 		timeout = 100;
7719 		break;
7720 	case 2:
7721 		timeout = 500;
7722 		break;
7723 	case 3:
7724 		timeout = 1000;
7725 		break;
7726 	case 4:
7727 		timeout = 5000;
7728 		break;
7729 	default:
7730 		timeout = 10000;
7731 		break;
7732 	}
7733 
7734 	wpa_dbg(wpa_s, MSG_DEBUG,
7735 		"Consecutive connection failures: %d --> request scan in %d ms",
7736 		wpa_s->consecutive_conn_failures, timeout);
7737 
7738 	/*
7739 	 * TODO: if more than one possible AP is available in scan results,
7740 	 * could try the other ones before requesting a new scan.
7741 	 */
7742 
7743 	/* speed up the connection attempt with normal scan */
7744 	wpa_s->normal_scans = 0;
7745 	wpa_supplicant_req_scan(wpa_s, timeout / 1000,
7746 				1000 * (timeout % 1000));
7747 }
7748 
7749 
7750 #ifdef CONFIG_FILS
7751 
7752 void fils_pmksa_cache_flush(struct wpa_supplicant *wpa_s)
7753 {
7754 	struct wpa_ssid *ssid = wpa_s->current_ssid;
7755 	const u8 *realm, *username, *rrk;
7756 	size_t realm_len, username_len, rrk_len;
7757 	u16 next_seq_num;
7758 
7759 	/* Clear the PMKSA cache entry if FILS authentication was rejected.
7760 	 * Check for ERP keys existing to limit when this can be done since
7761 	 * the rejection response is not protected and such triggers should
7762 	 * really not allow internal state to be modified unless required to
7763 	 * avoid significant issues in functionality. In addition, drop
7764 	 * externally configure PMKSA entries even without ERP keys since it
7765 	 * is possible for an external component to add PMKSA entries for FILS
7766 	 * authentication without restoring previously generated ERP keys.
7767 	 *
7768 	 * In this case, this is needed to allow recovery from cases where the
7769 	 * AP or authentication server has dropped PMKSAs and ERP keys. */
7770 	if (!ssid || !ssid->eap.erp || !wpa_key_mgmt_fils(ssid->key_mgmt))
7771 		return;
7772 
7773 	if (eapol_sm_get_erp_info(wpa_s->eapol, &ssid->eap,
7774 				  &username, &username_len,
7775 				  &realm, &realm_len, &next_seq_num,
7776 				  &rrk, &rrk_len) != 0 ||
7777 	    !realm) {
7778 		wpa_dbg(wpa_s, MSG_DEBUG,
7779 			"FILS: Drop external PMKSA cache entry");
7780 		wpa_sm_aborted_external_cached(wpa_s->wpa);
7781 		wpa_sm_external_pmksa_cache_flush(wpa_s->wpa, ssid);
7782 		return;
7783 	}
7784 
7785 	wpa_dbg(wpa_s, MSG_DEBUG, "FILS: Drop PMKSA cache entry");
7786 	wpa_sm_aborted_cached(wpa_s->wpa);
7787 	wpa_sm_pmksa_cache_flush(wpa_s->wpa, ssid);
7788 }
7789 
7790 
7791 void fils_connection_failure(struct wpa_supplicant *wpa_s)
7792 {
7793 	struct wpa_ssid *ssid = wpa_s->current_ssid;
7794 	const u8 *realm, *username, *rrk;
7795 	size_t realm_len, username_len, rrk_len;
7796 	u16 next_seq_num;
7797 
7798 	if (!ssid || !ssid->eap.erp || !wpa_key_mgmt_fils(ssid->key_mgmt) ||
7799 	    eapol_sm_get_erp_info(wpa_s->eapol, &ssid->eap,
7800 				  &username, &username_len,
7801 				  &realm, &realm_len, &next_seq_num,
7802 				  &rrk, &rrk_len) != 0 ||
7803 	    !realm)
7804 		return;
7805 
7806 	wpa_hexdump_ascii(MSG_DEBUG,
7807 			  "FILS: Store last connection failure realm",
7808 			  realm, realm_len);
7809 	os_free(wpa_s->last_con_fail_realm);
7810 	wpa_s->last_con_fail_realm = os_malloc(realm_len);
7811 	if (wpa_s->last_con_fail_realm) {
7812 		wpa_s->last_con_fail_realm_len = realm_len;
7813 		os_memcpy(wpa_s->last_con_fail_realm, realm, realm_len);
7814 	}
7815 }
7816 #endif /* CONFIG_FILS */
7817 
7818 
7819 int wpas_driver_bss_selection(struct wpa_supplicant *wpa_s)
7820 {
7821 	return wpa_s->conf->ap_scan == 2 ||
7822 		(wpa_s->drv_flags & WPA_DRIVER_FLAGS_BSS_SELECTION);
7823 }
7824 
7825 
7826 #if defined(CONFIG_CTRL_IFACE) || defined(CONFIG_CTRL_IFACE_DBUS_NEW)
7827 int wpa_supplicant_ctrl_iface_ctrl_rsp_handle(struct wpa_supplicant *wpa_s,
7828 					      struct wpa_ssid *ssid,
7829 					      const char *field,
7830 					      const char *value)
7831 {
7832 #ifdef IEEE8021X_EAPOL
7833 	struct eap_peer_config *eap = &ssid->eap;
7834 
7835 	wpa_printf(MSG_DEBUG, "CTRL_IFACE: response handle field=%s", field);
7836 	wpa_hexdump_ascii_key(MSG_DEBUG, "CTRL_IFACE: response value",
7837 			      (const u8 *) value, os_strlen(value));
7838 
7839 	switch (wpa_supplicant_ctrl_req_from_string(field)) {
7840 	case WPA_CTRL_REQ_EAP_IDENTITY:
7841 		os_free(eap->identity);
7842 		eap->identity = (u8 *) os_strdup(value);
7843 		eap->identity_len = os_strlen(value);
7844 		eap->pending_req_identity = 0;
7845 		if (ssid == wpa_s->current_ssid)
7846 			wpa_s->reassociate = 1;
7847 		break;
7848 	case WPA_CTRL_REQ_EAP_PASSWORD:
7849 		bin_clear_free(eap->password, eap->password_len);
7850 		eap->password = (u8 *) os_strdup(value);
7851 		eap->password_len = os_strlen(value);
7852 		eap->pending_req_password = 0;
7853 		if (ssid == wpa_s->current_ssid)
7854 			wpa_s->reassociate = 1;
7855 		break;
7856 	case WPA_CTRL_REQ_EAP_NEW_PASSWORD:
7857 		bin_clear_free(eap->new_password, eap->new_password_len);
7858 		eap->new_password = (u8 *) os_strdup(value);
7859 		eap->new_password_len = os_strlen(value);
7860 		eap->pending_req_new_password = 0;
7861 		if (ssid == wpa_s->current_ssid)
7862 			wpa_s->reassociate = 1;
7863 		break;
7864 	case WPA_CTRL_REQ_EAP_PIN:
7865 		str_clear_free(eap->cert.pin);
7866 		eap->cert.pin = os_strdup(value);
7867 		eap->pending_req_pin = 0;
7868 		if (ssid == wpa_s->current_ssid)
7869 			wpa_s->reassociate = 1;
7870 		break;
7871 	case WPA_CTRL_REQ_EAP_OTP:
7872 		bin_clear_free(eap->otp, eap->otp_len);
7873 		eap->otp = (u8 *) os_strdup(value);
7874 		eap->otp_len = os_strlen(value);
7875 		os_free(eap->pending_req_otp);
7876 		eap->pending_req_otp = NULL;
7877 		eap->pending_req_otp_len = 0;
7878 		break;
7879 	case WPA_CTRL_REQ_EAP_PASSPHRASE:
7880 		str_clear_free(eap->cert.private_key_passwd);
7881 		eap->cert.private_key_passwd = os_strdup(value);
7882 		eap->pending_req_passphrase = 0;
7883 		if (ssid == wpa_s->current_ssid)
7884 			wpa_s->reassociate = 1;
7885 		break;
7886 	case WPA_CTRL_REQ_SIM:
7887 		str_clear_free(eap->external_sim_resp);
7888 		eap->external_sim_resp = os_strdup(value);
7889 		eap->pending_req_sim = 0;
7890 		break;
7891 	case WPA_CTRL_REQ_PSK_PASSPHRASE:
7892 		if (wpa_config_set(ssid, "psk", value, 0) < 0)
7893 			return -1;
7894 		ssid->mem_only_psk = 1;
7895 		if (ssid->passphrase)
7896 			wpa_config_update_psk(ssid);
7897 		if (wpa_s->wpa_state == WPA_SCANNING && !wpa_s->scanning)
7898 			wpa_supplicant_req_scan(wpa_s, 0, 0);
7899 		break;
7900 	case WPA_CTRL_REQ_EXT_CERT_CHECK:
7901 		if (eap->pending_ext_cert_check != PENDING_CHECK)
7902 			return -1;
7903 		if (os_strcmp(value, "good") == 0)
7904 			eap->pending_ext_cert_check = EXT_CERT_CHECK_GOOD;
7905 		else if (os_strcmp(value, "bad") == 0)
7906 			eap->pending_ext_cert_check = EXT_CERT_CHECK_BAD;
7907 		else
7908 			return -1;
7909 		break;
7910 	default:
7911 		wpa_printf(MSG_DEBUG, "CTRL_IFACE: Unknown field '%s'", field);
7912 		return -1;
7913 	}
7914 
7915 	return 0;
7916 #else /* IEEE8021X_EAPOL */
7917 	wpa_printf(MSG_DEBUG, "CTRL_IFACE: IEEE 802.1X not included");
7918 	return -1;
7919 #endif /* IEEE8021X_EAPOL */
7920 }
7921 #endif /* CONFIG_CTRL_IFACE || CONFIG_CTRL_IFACE_DBUS_NEW */
7922 
7923 
7924 int wpas_network_disabled(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid)
7925 {
7926 #ifdef CONFIG_WEP
7927 	int i;
7928 	unsigned int drv_enc;
7929 #endif /* CONFIG_WEP */
7930 
7931 	if (wpa_s->p2p_mgmt)
7932 		return 1; /* no normal network profiles on p2p_mgmt interface */
7933 
7934 	if (ssid == NULL)
7935 		return 1;
7936 
7937 	if (ssid->disabled)
7938 		return 1;
7939 
7940 #ifdef CONFIG_WEP
7941 	if (wpa_s->drv_capa_known)
7942 		drv_enc = wpa_s->drv_enc;
7943 	else
7944 		drv_enc = (unsigned int) -1;
7945 
7946 	for (i = 0; i < NUM_WEP_KEYS; i++) {
7947 		size_t len = ssid->wep_key_len[i];
7948 		if (len == 0)
7949 			continue;
7950 		if (len == 5 && (drv_enc & WPA_DRIVER_CAPA_ENC_WEP40))
7951 			continue;
7952 		if (len == 13 && (drv_enc & WPA_DRIVER_CAPA_ENC_WEP104))
7953 			continue;
7954 		if (len == 16 && (drv_enc & WPA_DRIVER_CAPA_ENC_WEP128))
7955 			continue;
7956 		return 1; /* invalid WEP key */
7957 	}
7958 #endif /* CONFIG_WEP */
7959 
7960 	if (wpa_key_mgmt_wpa_psk(ssid->key_mgmt) && !ssid->psk_set &&
7961 	    (!ssid->passphrase || ssid->ssid_len != 0) && !ssid->ext_psk &&
7962 	    !(wpa_key_mgmt_sae(ssid->key_mgmt) && ssid->sae_password) &&
7963 	    !ssid->mem_only_psk)
7964 		return 1;
7965 
7966 	return 0;
7967 }
7968 
7969 
7970 int wpas_get_ssid_pmf(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid)
7971 {
7972 	if (ssid == NULL || ssid->ieee80211w == MGMT_FRAME_PROTECTION_DEFAULT) {
7973 		if (wpa_s->conf->pmf == MGMT_FRAME_PROTECTION_OPTIONAL &&
7974 		    !(wpa_s->drv_enc & WPA_DRIVER_CAPA_ENC_BIP)) {
7975 			/*
7976 			 * Driver does not support BIP -- ignore pmf=1 default
7977 			 * since the connection with PMF would fail and the
7978 			 * configuration does not require PMF to be enabled.
7979 			 */
7980 			return NO_MGMT_FRAME_PROTECTION;
7981 		}
7982 
7983 		if (ssid &&
7984 		    (ssid->key_mgmt &
7985 		     ~(WPA_KEY_MGMT_NONE | WPA_KEY_MGMT_WPS |
7986 		       WPA_KEY_MGMT_IEEE8021X_NO_WPA)) == 0) {
7987 			/*
7988 			 * Do not use the default PMF value for non-RSN networks
7989 			 * since PMF is available only with RSN and pmf=2
7990 			 * configuration would otherwise prevent connections to
7991 			 * all open networks.
7992 			 */
7993 			return NO_MGMT_FRAME_PROTECTION;
7994 		}
7995 
7996 		return wpa_s->conf->pmf;
7997 	}
7998 
7999 	return ssid->ieee80211w;
8000 }
8001 
8002 
8003 int pmf_in_use(struct wpa_supplicant *wpa_s, const u8 *addr)
8004 {
8005 	if (wpa_s->current_ssid == NULL ||
8006 	    wpa_s->wpa_state < WPA_4WAY_HANDSHAKE ||
8007 	    os_memcmp(addr, wpa_s->bssid, ETH_ALEN) != 0)
8008 		return 0;
8009 	return wpa_sm_pmf_enabled(wpa_s->wpa);
8010 }
8011 
8012 
8013 int wpas_is_p2p_prioritized(struct wpa_supplicant *wpa_s)
8014 {
8015 	if (wpa_s->global->conc_pref == WPA_CONC_PREF_P2P)
8016 		return 1;
8017 	if (wpa_s->global->conc_pref == WPA_CONC_PREF_STA)
8018 		return 0;
8019 	return -1;
8020 }
8021 
8022 
8023 void wpas_auth_failed(struct wpa_supplicant *wpa_s, char *reason)
8024 {
8025 	struct wpa_ssid *ssid = wpa_s->current_ssid;
8026 	int dur;
8027 	struct os_reltime now;
8028 
8029 	if (ssid == NULL) {
8030 		wpa_printf(MSG_DEBUG, "Authentication failure but no known "
8031 			   "SSID block");
8032 		return;
8033 	}
8034 
8035 	if (ssid->key_mgmt == WPA_KEY_MGMT_WPS)
8036 		return;
8037 
8038 	ssid->auth_failures++;
8039 
8040 #ifdef CONFIG_P2P
8041 	if (ssid->p2p_group &&
8042 	    (wpa_s->p2p_in_provisioning || wpa_s->show_group_started)) {
8043 		/*
8044 		 * Skip the wait time since there is a short timeout on the
8045 		 * connection to a P2P group.
8046 		 */
8047 		return;
8048 	}
8049 #endif /* CONFIG_P2P */
8050 
8051 	if (ssid->auth_failures > 50)
8052 		dur = 300;
8053 	else if (ssid->auth_failures > 10)
8054 		dur = 120;
8055 	else if (ssid->auth_failures > 5)
8056 		dur = 90;
8057 	else if (ssid->auth_failures > 3)
8058 		dur = 60;
8059 	else if (ssid->auth_failures > 2)
8060 		dur = 30;
8061 	else if (ssid->auth_failures > 1)
8062 		dur = 20;
8063 	else
8064 		dur = 10;
8065 
8066 	if (ssid->auth_failures > 1 &&
8067 	    wpa_key_mgmt_wpa_ieee8021x(ssid->key_mgmt))
8068 		dur += os_random() % (ssid->auth_failures * 10);
8069 
8070 	os_get_reltime(&now);
8071 	if (now.sec + dur <= ssid->disabled_until.sec)
8072 		return;
8073 
8074 	ssid->disabled_until.sec = now.sec + dur;
8075 
8076 	wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_TEMP_DISABLED
8077 		"id=%d ssid=\"%s\" auth_failures=%u duration=%d reason=%s",
8078 		ssid->id, wpa_ssid_txt(ssid->ssid, ssid->ssid_len),
8079 		ssid->auth_failures, dur, reason);
8080 }
8081 
8082 
8083 void wpas_clear_temp_disabled(struct wpa_supplicant *wpa_s,
8084 			      struct wpa_ssid *ssid, int clear_failures)
8085 {
8086 	if (ssid == NULL)
8087 		return;
8088 
8089 	if (ssid->disabled_until.sec) {
8090 		wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_REENABLED
8091 			"id=%d ssid=\"%s\"",
8092 			ssid->id, wpa_ssid_txt(ssid->ssid, ssid->ssid_len));
8093 	}
8094 	ssid->disabled_until.sec = 0;
8095 	ssid->disabled_until.usec = 0;
8096 	if (clear_failures)
8097 		ssid->auth_failures = 0;
8098 }
8099 
8100 
8101 int disallowed_bssid(struct wpa_supplicant *wpa_s, const u8 *bssid)
8102 {
8103 	size_t i;
8104 
8105 	if (wpa_s->disallow_aps_bssid == NULL)
8106 		return 0;
8107 
8108 	for (i = 0; i < wpa_s->disallow_aps_bssid_count; i++) {
8109 		if (os_memcmp(wpa_s->disallow_aps_bssid + i * ETH_ALEN,
8110 			      bssid, ETH_ALEN) == 0)
8111 			return 1;
8112 	}
8113 
8114 	return 0;
8115 }
8116 
8117 
8118 int disallowed_ssid(struct wpa_supplicant *wpa_s, const u8 *ssid,
8119 		    size_t ssid_len)
8120 {
8121 	size_t i;
8122 
8123 	if (wpa_s->disallow_aps_ssid == NULL || ssid == NULL)
8124 		return 0;
8125 
8126 	for (i = 0; i < wpa_s->disallow_aps_ssid_count; i++) {
8127 		struct wpa_ssid_value *s = &wpa_s->disallow_aps_ssid[i];
8128 		if (ssid_len == s->ssid_len &&
8129 		    os_memcmp(ssid, s->ssid, ssid_len) == 0)
8130 			return 1;
8131 	}
8132 
8133 	return 0;
8134 }
8135 
8136 
8137 /**
8138  * wpas_request_connection - Request a new connection
8139  * @wpa_s: Pointer to the network interface
8140  *
8141  * This function is used to request a new connection to be found. It will mark
8142  * the interface to allow reassociation and request a new scan to find a
8143  * suitable network to connect to.
8144  */
8145 void wpas_request_connection(struct wpa_supplicant *wpa_s)
8146 {
8147 	wpa_s->normal_scans = 0;
8148 	wpa_s->scan_req = NORMAL_SCAN_REQ;
8149 	wpa_supplicant_reinit_autoscan(wpa_s);
8150 	wpa_s->disconnected = 0;
8151 	wpa_s->reassociate = 1;
8152 	wpa_s->last_owe_group = 0;
8153 
8154 	if (wpa_supplicant_fast_associate(wpa_s) != 1)
8155 		wpa_supplicant_req_scan(wpa_s, 0, 0);
8156 	else
8157 		wpa_s->reattach = 0;
8158 }
8159 
8160 
8161 /**
8162  * wpas_request_disconnection - Request disconnection
8163  * @wpa_s: Pointer to the network interface
8164  *
8165  * This function is used to request disconnection from the currently connected
8166  * network. This will stop any ongoing scans and initiate deauthentication.
8167  */
8168 void wpas_request_disconnection(struct wpa_supplicant *wpa_s)
8169 {
8170 #ifdef CONFIG_SME
8171 	wpa_s->sme.prev_bssid_set = 0;
8172 #endif /* CONFIG_SME */
8173 	wpa_s->reassociate = 0;
8174 	wpa_s->disconnected = 1;
8175 	wpa_supplicant_cancel_sched_scan(wpa_s);
8176 	wpa_supplicant_cancel_scan(wpa_s);
8177 	wpa_supplicant_deauthenticate(wpa_s, WLAN_REASON_DEAUTH_LEAVING);
8178 	eloop_cancel_timeout(wpas_network_reenabled, wpa_s, NULL);
8179 	radio_remove_works(wpa_s, "connect", 0);
8180 	radio_remove_works(wpa_s, "sme-connect", 0);
8181 	wpa_s->roam_in_progress = false;
8182 #ifdef CONFIG_WNM
8183 	wpa_s->bss_trans_mgmt_in_progress = false;
8184 #endif /* CONFIG_WNM */
8185 }
8186 
8187 
8188 void dump_freq_data(struct wpa_supplicant *wpa_s, const char *title,
8189 		    struct wpa_used_freq_data *freqs_data,
8190 		    unsigned int len)
8191 {
8192 	unsigned int i;
8193 
8194 	wpa_dbg(wpa_s, MSG_DEBUG, "Shared frequencies (len=%u): %s",
8195 		len, title);
8196 	for (i = 0; i < len; i++) {
8197 		struct wpa_used_freq_data *cur = &freqs_data[i];
8198 		wpa_dbg(wpa_s, MSG_DEBUG, "freq[%u]: %d, flags=0x%X",
8199 			i, cur->freq, cur->flags);
8200 	}
8201 }
8202 
8203 
8204 /*
8205  * Find the operating frequencies of any of the virtual interfaces that
8206  * are using the same radio as the current interface, and in addition, get
8207  * information about the interface types that are using the frequency.
8208  */
8209 int get_shared_radio_freqs_data(struct wpa_supplicant *wpa_s,
8210 				struct wpa_used_freq_data *freqs_data,
8211 				unsigned int len)
8212 {
8213 	struct wpa_supplicant *ifs;
8214 	u8 bssid[ETH_ALEN];
8215 	int freq;
8216 	unsigned int idx = 0, i;
8217 
8218 	wpa_dbg(wpa_s, MSG_DEBUG,
8219 		"Determining shared radio frequencies (max len %u)", len);
8220 	os_memset(freqs_data, 0, sizeof(struct wpa_used_freq_data) * len);
8221 
8222 	dl_list_for_each(ifs, &wpa_s->radio->ifaces, struct wpa_supplicant,
8223 			 radio_list) {
8224 		if (idx == len)
8225 			break;
8226 
8227 		if (ifs->current_ssid == NULL || ifs->assoc_freq == 0)
8228 			continue;
8229 
8230 		if (ifs->current_ssid->mode == WPAS_MODE_AP ||
8231 		    ifs->current_ssid->mode == WPAS_MODE_P2P_GO ||
8232 		    ifs->current_ssid->mode == WPAS_MODE_MESH)
8233 			freq = ifs->current_ssid->frequency;
8234 		else if (wpa_drv_get_bssid(ifs, bssid) == 0)
8235 			freq = ifs->assoc_freq;
8236 		else
8237 			continue;
8238 
8239 		/* Hold only distinct freqs */
8240 		for (i = 0; i < idx; i++)
8241 			if (freqs_data[i].freq == freq)
8242 				break;
8243 
8244 		if (i == idx)
8245 			freqs_data[idx++].freq = freq;
8246 
8247 		if (ifs->current_ssid->mode == WPAS_MODE_INFRA) {
8248 			freqs_data[i].flags |= ifs->current_ssid->p2p_group ?
8249 				WPA_FREQ_USED_BY_P2P_CLIENT :
8250 				WPA_FREQ_USED_BY_INFRA_STATION;
8251 		}
8252 	}
8253 
8254 	dump_freq_data(wpa_s, "completed iteration", freqs_data, idx);
8255 	return idx;
8256 }
8257 
8258 
8259 /*
8260  * Find the operating frequencies of any of the virtual interfaces that
8261  * are using the same radio as the current interface.
8262  */
8263 int get_shared_radio_freqs(struct wpa_supplicant *wpa_s,
8264 			   int *freq_array, unsigned int len)
8265 {
8266 	struct wpa_used_freq_data *freqs_data;
8267 	int num, i;
8268 
8269 	os_memset(freq_array, 0, sizeof(int) * len);
8270 
8271 	freqs_data = os_calloc(len, sizeof(struct wpa_used_freq_data));
8272 	if (!freqs_data)
8273 		return -1;
8274 
8275 	num = get_shared_radio_freqs_data(wpa_s, freqs_data, len);
8276 	for (i = 0; i < num; i++)
8277 		freq_array[i] = freqs_data[i].freq;
8278 
8279 	os_free(freqs_data);
8280 
8281 	return num;
8282 }
8283 
8284 
8285 struct wpa_supplicant *
8286 wpas_vendor_elem(struct wpa_supplicant *wpa_s, enum wpa_vendor_elem_frame frame)
8287 {
8288 	switch (frame) {
8289 #ifdef CONFIG_P2P
8290 	case VENDOR_ELEM_PROBE_REQ_P2P:
8291 	case VENDOR_ELEM_PROBE_RESP_P2P:
8292 	case VENDOR_ELEM_PROBE_RESP_P2P_GO:
8293 	case VENDOR_ELEM_BEACON_P2P_GO:
8294 	case VENDOR_ELEM_P2P_PD_REQ:
8295 	case VENDOR_ELEM_P2P_PD_RESP:
8296 	case VENDOR_ELEM_P2P_GO_NEG_REQ:
8297 	case VENDOR_ELEM_P2P_GO_NEG_RESP:
8298 	case VENDOR_ELEM_P2P_GO_NEG_CONF:
8299 	case VENDOR_ELEM_P2P_INV_REQ:
8300 	case VENDOR_ELEM_P2P_INV_RESP:
8301 	case VENDOR_ELEM_P2P_ASSOC_REQ:
8302 	case VENDOR_ELEM_P2P_ASSOC_RESP:
8303 		return wpa_s->p2pdev;
8304 #endif /* CONFIG_P2P */
8305 	default:
8306 		return wpa_s;
8307 	}
8308 }
8309 
8310 
8311 void wpas_vendor_elem_update(struct wpa_supplicant *wpa_s)
8312 {
8313 	unsigned int i;
8314 	char buf[30];
8315 
8316 	wpa_printf(MSG_DEBUG, "Update vendor elements");
8317 
8318 	for (i = 0; i < NUM_VENDOR_ELEM_FRAMES; i++) {
8319 		if (wpa_s->vendor_elem[i]) {
8320 			int res;
8321 
8322 			res = os_snprintf(buf, sizeof(buf), "frame[%u]", i);
8323 			if (!os_snprintf_error(sizeof(buf), res)) {
8324 				wpa_hexdump_buf(MSG_DEBUG, buf,
8325 						wpa_s->vendor_elem[i]);
8326 			}
8327 		}
8328 	}
8329 
8330 #ifdef CONFIG_P2P
8331 	if (wpa_s->parent == wpa_s &&
8332 	    wpa_s->global->p2p &&
8333 	    !wpa_s->global->p2p_disabled)
8334 		p2p_set_vendor_elems(wpa_s->global->p2p, wpa_s->vendor_elem);
8335 #endif /* CONFIG_P2P */
8336 }
8337 
8338 
8339 int wpas_vendor_elem_remove(struct wpa_supplicant *wpa_s, int frame,
8340 			    const u8 *elem, size_t len)
8341 {
8342 	u8 *ie, *end;
8343 
8344 	ie = wpabuf_mhead_u8(wpa_s->vendor_elem[frame]);
8345 	end = ie + wpabuf_len(wpa_s->vendor_elem[frame]);
8346 
8347 	for (; ie + 1 < end; ie += 2 + ie[1]) {
8348 		if (ie + len > end)
8349 			break;
8350 		if (os_memcmp(ie, elem, len) != 0)
8351 			continue;
8352 
8353 		if (wpabuf_len(wpa_s->vendor_elem[frame]) == len) {
8354 			wpabuf_free(wpa_s->vendor_elem[frame]);
8355 			wpa_s->vendor_elem[frame] = NULL;
8356 		} else {
8357 			os_memmove(ie, ie + len, end - (ie + len));
8358 			wpa_s->vendor_elem[frame]->used -= len;
8359 		}
8360 		wpas_vendor_elem_update(wpa_s);
8361 		return 0;
8362 	}
8363 
8364 	return -1;
8365 }
8366 
8367 
8368 struct hostapd_hw_modes * get_mode(struct hostapd_hw_modes *modes,
8369 				   u16 num_modes, enum hostapd_hw_mode mode,
8370 				   bool is_6ghz)
8371 {
8372 	u16 i;
8373 
8374 	if (!modes)
8375 		return NULL;
8376 
8377 	for (i = 0; i < num_modes; i++) {
8378 		if (modes[i].mode != mode ||
8379 		    !modes[i].num_channels || !modes[i].channels)
8380 			continue;
8381 		if ((!is_6ghz && !is_6ghz_freq(modes[i].channels[0].freq)) ||
8382 		    (is_6ghz && is_6ghz_freq(modes[i].channels[0].freq)))
8383 			return &modes[i];
8384 	}
8385 
8386 	return NULL;
8387 }
8388 
8389 
8390 struct hostapd_hw_modes * get_mode_with_freq(struct hostapd_hw_modes *modes,
8391 					     u16 num_modes, int freq)
8392 {
8393 	int i, j;
8394 
8395 	for (i = 0; i < num_modes; i++) {
8396 		for (j = 0; j < modes[i].num_channels; j++) {
8397 			if (freq == modes[i].channels[j].freq)
8398 				return &modes[i];
8399 		}
8400 	}
8401 
8402 	return NULL;
8403 }
8404 
8405 
8406 static struct
8407 wpa_bss_tmp_disallowed * wpas_get_disallowed_bss(struct wpa_supplicant *wpa_s,
8408 						 const u8 *bssid)
8409 {
8410 	struct wpa_bss_tmp_disallowed *bss;
8411 
8412 	dl_list_for_each(bss, &wpa_s->bss_tmp_disallowed,
8413 			 struct wpa_bss_tmp_disallowed, list) {
8414 		if (os_memcmp(bssid, bss->bssid, ETH_ALEN) == 0)
8415 			return bss;
8416 	}
8417 
8418 	return NULL;
8419 }
8420 
8421 
8422 static int wpa_set_driver_tmp_disallow_list(struct wpa_supplicant *wpa_s)
8423 {
8424 	struct wpa_bss_tmp_disallowed *tmp;
8425 	unsigned int num_bssid = 0;
8426 	u8 *bssids;
8427 	int ret;
8428 
8429 	bssids = os_malloc(dl_list_len(&wpa_s->bss_tmp_disallowed) * ETH_ALEN);
8430 	if (!bssids)
8431 		return -1;
8432 	dl_list_for_each(tmp, &wpa_s->bss_tmp_disallowed,
8433 			 struct wpa_bss_tmp_disallowed, list) {
8434 		os_memcpy(&bssids[num_bssid * ETH_ALEN], tmp->bssid,
8435 			  ETH_ALEN);
8436 		num_bssid++;
8437 	}
8438 	ret = wpa_drv_set_bssid_tmp_disallow(wpa_s, num_bssid, bssids);
8439 	os_free(bssids);
8440 	return ret;
8441 }
8442 
8443 
8444 static void wpa_bss_tmp_disallow_timeout(void *eloop_ctx, void *timeout_ctx)
8445 {
8446 	struct wpa_supplicant *wpa_s = eloop_ctx;
8447 	struct wpa_bss_tmp_disallowed *tmp, *bss = timeout_ctx;
8448 
8449 	/* Make sure the bss is not already freed */
8450 	dl_list_for_each(tmp, &wpa_s->bss_tmp_disallowed,
8451 			 struct wpa_bss_tmp_disallowed, list) {
8452 		if (bss == tmp) {
8453 			remove_bss_tmp_disallowed_entry(wpa_s, tmp);
8454 			wpa_set_driver_tmp_disallow_list(wpa_s);
8455 			break;
8456 		}
8457 	}
8458 }
8459 
8460 
8461 void wpa_bss_tmp_disallow(struct wpa_supplicant *wpa_s, const u8 *bssid,
8462 			  unsigned int sec, int rssi_threshold)
8463 {
8464 	struct wpa_bss_tmp_disallowed *bss;
8465 
8466 	bss = wpas_get_disallowed_bss(wpa_s, bssid);
8467 	if (bss) {
8468 		eloop_cancel_timeout(wpa_bss_tmp_disallow_timeout, wpa_s, bss);
8469 		goto finish;
8470 	}
8471 
8472 	bss = os_malloc(sizeof(*bss));
8473 	if (!bss) {
8474 		wpa_printf(MSG_DEBUG,
8475 			   "Failed to allocate memory for temp disallow BSS");
8476 		return;
8477 	}
8478 
8479 	os_memcpy(bss->bssid, bssid, ETH_ALEN);
8480 	dl_list_add(&wpa_s->bss_tmp_disallowed, &bss->list);
8481 	wpa_set_driver_tmp_disallow_list(wpa_s);
8482 
8483 finish:
8484 	bss->rssi_threshold = rssi_threshold;
8485 	eloop_register_timeout(sec, 0, wpa_bss_tmp_disallow_timeout,
8486 			       wpa_s, bss);
8487 }
8488 
8489 
8490 int wpa_is_bss_tmp_disallowed(struct wpa_supplicant *wpa_s,
8491 			      struct wpa_bss *bss)
8492 {
8493 	struct wpa_bss_tmp_disallowed *disallowed = NULL, *tmp, *prev;
8494 
8495 	dl_list_for_each_safe(tmp, prev, &wpa_s->bss_tmp_disallowed,
8496 			 struct wpa_bss_tmp_disallowed, list) {
8497 		if (os_memcmp(bss->bssid, tmp->bssid, ETH_ALEN) == 0) {
8498 			disallowed = tmp;
8499 			break;
8500 		}
8501 	}
8502 	if (!disallowed)
8503 		return 0;
8504 
8505 	if (disallowed->rssi_threshold != 0 &&
8506 	    bss->level > disallowed->rssi_threshold) {
8507 		remove_bss_tmp_disallowed_entry(wpa_s, disallowed);
8508 		wpa_set_driver_tmp_disallow_list(wpa_s);
8509 		return 0;
8510 	}
8511 
8512 	return 1;
8513 }
8514 
8515 
8516 int wpas_enable_mac_addr_randomization(struct wpa_supplicant *wpa_s,
8517 				       unsigned int type, const u8 *addr,
8518 				       const u8 *mask)
8519 {
8520 	if ((addr && !mask) || (!addr && mask)) {
8521 		wpa_printf(MSG_INFO,
8522 			   "MAC_ADDR_RAND_SCAN invalid addr/mask combination");
8523 		return -1;
8524 	}
8525 
8526 	if (addr && mask && (!(mask[0] & 0x01) || (addr[0] & 0x01))) {
8527 		wpa_printf(MSG_INFO,
8528 			   "MAC_ADDR_RAND_SCAN cannot allow multicast address");
8529 		return -1;
8530 	}
8531 
8532 	if (type & MAC_ADDR_RAND_SCAN) {
8533 		if (wpas_mac_addr_rand_scan_set(wpa_s, MAC_ADDR_RAND_SCAN,
8534 						addr, mask))
8535 			return -1;
8536 	}
8537 
8538 	if (type & MAC_ADDR_RAND_SCHED_SCAN) {
8539 		if (wpas_mac_addr_rand_scan_set(wpa_s, MAC_ADDR_RAND_SCHED_SCAN,
8540 						addr, mask))
8541 			return -1;
8542 
8543 		if (wpa_s->sched_scanning && !wpa_s->pno)
8544 			wpas_scan_restart_sched_scan(wpa_s);
8545 	}
8546 
8547 	if (type & MAC_ADDR_RAND_PNO) {
8548 		if (wpas_mac_addr_rand_scan_set(wpa_s, MAC_ADDR_RAND_PNO,
8549 						addr, mask))
8550 			return -1;
8551 
8552 		if (wpa_s->pno) {
8553 			wpas_stop_pno(wpa_s);
8554 			wpas_start_pno(wpa_s);
8555 		}
8556 	}
8557 
8558 	return 0;
8559 }
8560 
8561 
8562 int wpas_disable_mac_addr_randomization(struct wpa_supplicant *wpa_s,
8563 					unsigned int type)
8564 {
8565 	wpas_mac_addr_rand_scan_clear(wpa_s, type);
8566 	if (wpa_s->pno) {
8567 		if (type & MAC_ADDR_RAND_PNO) {
8568 			wpas_stop_pno(wpa_s);
8569 			wpas_start_pno(wpa_s);
8570 		}
8571 	} else if (wpa_s->sched_scanning && (type & MAC_ADDR_RAND_SCHED_SCAN)) {
8572 		wpas_scan_restart_sched_scan(wpa_s);
8573 	}
8574 
8575 	return 0;
8576 }
8577 
8578 
8579 int wpa_drv_signal_poll(struct wpa_supplicant *wpa_s,
8580 			struct wpa_signal_info *si)
8581 {
8582 	int res;
8583 
8584 	if (!wpa_s->driver->signal_poll)
8585 		return -1;
8586 
8587 	res = wpa_s->driver->signal_poll(wpa_s->drv_priv, si);
8588 
8589 #ifdef CONFIG_TESTING_OPTIONS
8590 	if (res == 0) {
8591 		struct driver_signal_override *dso;
8592 
8593 		dl_list_for_each(dso, &wpa_s->drv_signal_override,
8594 				 struct driver_signal_override, list) {
8595 			if (os_memcmp(wpa_s->bssid, dso->bssid,
8596 				      ETH_ALEN) != 0)
8597 				continue;
8598 			wpa_printf(MSG_DEBUG,
8599 				   "Override driver signal_poll information: current_signal: %d->%d avg_signal: %d->%d avg_beacon_signal: %d->%d current_noise: %d->%d",
8600 				   si->current_signal,
8601 				   dso->si_current_signal,
8602 				   si->avg_signal,
8603 				   dso->si_avg_signal,
8604 				   si->avg_beacon_signal,
8605 				   dso->si_avg_beacon_signal,
8606 				   si->current_noise,
8607 				   dso->si_current_noise);
8608 			si->current_signal = dso->si_current_signal;
8609 			si->avg_signal = dso->si_avg_signal;
8610 			si->avg_beacon_signal = dso->si_avg_beacon_signal;
8611 			si->current_noise = dso->si_current_noise;
8612 			break;
8613 		}
8614 	}
8615 #endif /* CONFIG_TESTING_OPTIONS */
8616 
8617 	return res;
8618 }
8619 
8620 
8621 struct wpa_scan_results *
8622 wpa_drv_get_scan_results2(struct wpa_supplicant *wpa_s)
8623 {
8624 	struct wpa_scan_results *scan_res;
8625 #ifdef CONFIG_TESTING_OPTIONS
8626 	size_t idx;
8627 #endif /* CONFIG_TESTING_OPTIONS */
8628 
8629 	if (!wpa_s->driver->get_scan_results2)
8630 		return NULL;
8631 
8632 	scan_res = wpa_s->driver->get_scan_results2(wpa_s->drv_priv);
8633 
8634 #ifdef CONFIG_TESTING_OPTIONS
8635 	for (idx = 0; scan_res && idx < scan_res->num; idx++) {
8636 		struct driver_signal_override *dso;
8637 		struct wpa_scan_res *res = scan_res->res[idx];
8638 
8639 		dl_list_for_each(dso, &wpa_s->drv_signal_override,
8640 				 struct driver_signal_override, list) {
8641 			if (os_memcmp(res->bssid, dso->bssid, ETH_ALEN) != 0)
8642 				continue;
8643 			wpa_printf(MSG_DEBUG,
8644 				   "Override driver scan signal level %d->%d for "
8645 				   MACSTR,
8646 				   res->level, dso->scan_level,
8647 				   MAC2STR(res->bssid));
8648 			res->flags |= WPA_SCAN_QUAL_INVALID;
8649 			if (dso->scan_level < 0)
8650 				res->flags |= WPA_SCAN_LEVEL_DBM;
8651 			else
8652 				res->flags &= ~WPA_SCAN_LEVEL_DBM;
8653 			res->level = dso->scan_level;
8654 			break;
8655 		}
8656 	}
8657 #endif /* CONFIG_TESTING_OPTIONS */
8658 
8659 	return scan_res;
8660 }
8661