Ilan Peer | 27 Jul 21:24 2015

[PATCH 00/17] Re-post of "Support for new regulatory flags and P2P

This patch set is based on the series posted in which originated
from the "Support for new regulatory flags and P2P
GO Channel". This includes:

1. Removed support for Indoor indication based P2P Device type.
   If needed this support can be added in the future.
2. Fixes for the original patch set.
3. Fixes for failures in hwsim testing, mostly for the case of
   multi channel support.
4. Additional tests for the P2P GO channel changes support.

Hwsim test results:

1. Single channel + long: No issues, including long.
2. Multi channel + long : couple of P2PS tests are failing due to
   "no common channels". I'm currently WIP adding support for channel
   handling for P2PS use cases, and will handle this failures.

I intend to follow-up on this patch set, by also adding P2P GO
CSA support and support for ECSA.

Andrei Otcheretianski (1):
  Share freq-to-channel conversion function

Arik Nemtsov (1):
  wpa_supplicant: refactor channel list update event

Ilan Peer (15):
  P2P: Move a GO from its operating frequency
(Continue reading)

James Rowe | 25 Jul 00:50 2015

Support for Native 802.11 Wifi on Windows?

I've recently been trying my hand at porting libdrc to windows (a library that uses wpa_supplicant and hostapd to connect a Wii U gamepad to a PC) but I've been running into issues using wpa_supplicant on Windows. I've tried both Windows 7 with the driver that comes with the wifi usb drive, and also on a Windows 8.1 machine with the native NDIS 6.4 windows driver. I've compiled wpa_supplicant through cygwin using ndis / winpcap and also ndis / ndisuio. The former version couldn't seem to find my device ID, so I recompiled with NDISUIO support instead and it was able to tell me my device ID. When I finally ran it, it complained about just about every function failing and returning error code 31 (ERROR_GEN_FAILURE) and eventually it dumped out this 

The driver seems to use Native 802.11 OIDs. These are not yet fully supported.

I went back and tried to use the winpcap version of the code as well, but it too failed with a message about native 802.11. What will it take to support native 802.11 OIDs? I'm guessing that it needs a new driver for it that uses the newer windows APIs, but I wanted some more knowledgeable opinions on the matter before I just jump into this.

HostAP mailing list
HostAP <at>
Jate Sujjavanich | 24 Jul 23:54 2015

wpa_supplicant in FIPS 140-2 mode

Anybody have any information about running wpa_supplicant in FIPS mode?

I have been trying to run wpa_supplicant 2.0 with OpenSSL 1.0.0 with a FIPS certified cryptographic module. I patched wpa_supplicant so that it puts itself into FIPS mode.

I received a warning about use of the md5 algorithm within tls_prf_sha1_md5. The code generates a pseudorandom key from an xor of a sha1 and md5 sum of the key. I have come across some discussion whether it is valid to use md5. That may have been 2009.

I moved from version 2.0 to 2.4 of wpa_supplicant after I noticed changes that could improve FIPS mode operation.

I am still receiving the warning which I believe has to do with tls_prf_sha1_md5. I have not yet traced the call.

EAP: EAP entering state RECEIVED
OpenSSL: EVP_DigestInit_ex failed: error:060A80A3:digital envelope routines:FIPS
_DIGESTINIT:disabled for fips
EAP: Received EAP-Success

It appears to authenticate, but I receive this message along with a termination.

RSN: encrypted key data - hexdump(len=56): 07 73 60 d5 92 11 39 10 38 63 08 1f c
a 53 af 88 0c 93 ee 03 2d 9e f5 a9 6a d2 38 cd 3d 6e c9 80 ba 5e 4d 6d bb d8 7d
41 25 ef db 92 d1 15 a4 1f 4d 0d bf 5f 9a fd 65 3b
aes_misc.c(82): OpenSSL internal error, assertion failed: Low level API call to
cipher AES forbidden in FIPS mode!

Two patches in master since the release of 2.4 which I think might affect FIPS compatibility are:

5650d3 (OpenSSL: Add option to disable use of TLSv1.0)
    I think that I may have read that the version of TLS affects the use of md5. Althought it may have been SSLv3.

65a7b2 (OpenSSL: Implement AES-128 CBC using EVP API)
    This seems like it might be related to the "cipher AES forbidden in FIPS mode" error message.

I'm hoping that someone has more insight onto these details of wpa_supplicant. It's pretty new to me.

- Jate S.
HostAP mailing list
HostAP <at>
Ben Greear | 24 Jul 19:16 2015

MACsec support with IEEE 802.1X-2010 driver requirements?

I am trying to understand what it would take to support MACsec in, say,
Intel NICs.

Is this something that requires specific hardware support?

Any idea how much work this would involve assuming it can be done at all?



Ben Greear <greearb <at>>
Candela Technologies Inc
Yury Shvedov | 23 Jul 17:14 2015

Windows + 802.1x


I'm using part of hostapd code in my project to perform wpa/wpa2/802.1x
authentication. It works good in scheme  Client <---> Authenticator
<---> FreeRadius until Client runs under Windows. With Windows after
successful 802.1x authentication, my (partly hostapd's) authenticator
sends 4-way response messages, but Windows doesn't respond. Android and
iOS clients works well.
Have someone faced with this issue withing hostapd developing?


Kind Regards
Yury Shvedov
WiMark Systems
Pereida Garcia Cesar | 23 Jul 14:34 2015

Modifying EAP-Response/Identity


I am using the eapol_test tool for developing a new EAP method. I've read through the documentation but I can't find an answer to my issue.

Is it possible to modify the identity (I need to concatenate a string) of the configuration file before replying to the EAP-Request/Identity? If so, when/which method should be used to modify before sending the EAP-Response/Identity?

Another quick question, after an EAP-Failure is received from the server, are the state machines maintained for a period of time?


- Cesar Pereida
HostAP mailing list
HostAP <at>
Nathan Royce | 18 Jul 15:50 2015

ACS Failure


$ sudo hostapd test.conf
Configuration file: test.conf
ACS: Automatic channel selection started, this may take a bit
wlan1: interface state UNINITIALIZED->ACS
ACS: Unable to collect survey data
ACS: All study options have failed
Interface initialization failed
wlan1: interface state ACS->DISABLED
ACS: Possibly channel configuration is invalid, please report this along with your config file.
ACS: Failed to start
hostapd_free_hapd_data: Interface wlan1 wasn't started
nl80211: deinit ifname=wlan1 disabled_11b_rates=0
wlan1: interface state DISABLED->DISABLED
wlan1: interface state DISABLED->DISABLED
hostapd_free_hapd_data: Interface wlan1 wasn't started

driver: ath9k_htc
My understanding is that survey is not implemented, but I was curious about the following output from "event".

$ iw event
wlan1 (phy #1): scan started
wlan1 (phy #1): scan finished: 2412 2417 2422 2427 2432 2437 2442 2447 2452 2457 2462,
(repeated 3 more times)
With the scan happening, it makes me think maybe survey is implemented.
On the other hand, "$ iw dev wlan1 survey dump" doesn't output anything in "event".
It's like maybe hostapd is using a scan as a fallback.

Changing "channel=" to anything but auto (0) works. 		 	   		  
Johannes Berg | 17 Jul 22:24 2015

[PATCH] hwsim tests: work around iw scan getting stuck

From: Johannes Berg <johannes.berg <at>>

On recent kernels, it seems that something changed (scheduler?)
that makes hwsim send the scan done event so quickly that iw isn't
scheduled back in to listen for it, causing iw to get stuck.

Work around this by using the scan trigger command (it'll be quick
enough so that we don't really need to wait) and the scan trigger
and dump commands where the results are required (and use a small
sleep there instead of waiting for the scan results.)

I'll try to fix this separately in iw later.

Signed-off-by: Johannes Berg <johannes.berg <at>>
 tests/hwsim/ | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/tests/hwsim/ b/tests/hwsim/
index e6895c55c28c..8a8aa9f98d5e 100644
--- a/tests/hwsim/
+++ b/tests/hwsim/
 <at>  <at>  -17,7 +17,7  <at>  <at>  from test_ap_csa import csa_supported

 def clear_scan_cache(ifname):['ifconfig', ifname, 'up'])
-['iw', ifname, 'scan', 'freq', '2412', 'flush'])
+['iw', ifname, 'scan', 'trigger', 'freq', '2412', 'flush'])
     time.sleep(0.1)['ifconfig', ifname, 'down'])

 <at>  <at>  -144,7 +144,9  <at>  <at>  def test_ap_ht40_scan_not_affected(dev, apdev):
     hostapd.add_ap(apdev[1]['ifname'], params)['ifconfig', apdev[0]['ifname'], 'up'])
-['iw', apdev[0]['ifname'], 'scan', 'freq', '2462'],
+['iw', apdev[0]['ifname'], 'scan', 'trigger', 'freq', '2462'])
+    time.sleep(0.5)
+['iw', apdev[0]['ifname'], 'scan', 'dump'],
                     stdout=open('/dev/null', 'w'))
     time.sleep(0.1)['ifconfig', apdev[0]['ifname'], 'down'])

Johannes Berg | 17 Jul 15:19 2015

[PATCH] hwsim tests: kernel check: catch RTNL assertions

From: Johannes Berg <johannes.berg <at>>

Catch RTNL assertions made by ASSERT_RTNL() in the kernel
message checks.

Change-Id: Id34beaddc9a24dfc76c63b584e948c08bda296fd
Signed-off-by: Johannes Berg <johannes.berg <at>>
 tests/hwsim/ | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tests/hwsim/ b/tests/hwsim/
index 9c83833b0b35..15e585646c12 100644
--- a/tests/hwsim/
+++ b/tests/hwsim/
 <at>  <at>  -22,7 +22,7  <at>  <at>  lockdep_messages = [
   'suspicious RCU usage',
 lockdep = r'(\[\s*)?INFO: (%s)' % ('|'.join(lockdep_messages), )
-issue = re.compile('(\[[0-9 .]*\] )?(WARNING:|BUG:|%s).*' % lockdep)
+issue = re.compile('(\[[0-9 .]*\] )?(WARNING:|BUG:|%s|RTNL: assertion failed).*' % lockdep)

 def check_kernel(logfile):
     for line in open(logfile, 'r'):

Atul Joshi | 16 Jul 07:53 2015

Peer sync before sending P2P action frame


When handling P2P-INVITE or P2P-CONNECT for sending a p2p-invitation-req or p2p-go-negotiation-req, the sender needs to ensure that the peer device is in the listen state.

P2P specification suggests to send a Probe request and wait for Probe response to ensure this before sending the above requests..

Is the wpa_supplciant responsible for ensuring that or is it the responsibility of the underlying driver (mac80211/vendor specific) /device to ensure that peer’s listen state is ensured before sending the request over the air?

I looked through the supplicant code but could not find a place where it is done.. Have I  missed something?




Member of the CSR plc group of companies. CSR plc registered in England and Wales, registered number 4187346, registered office Churchill House, Cambridge Business Park, Cowley Road, Cambridge, CB4 0WZ, United Kingdom
More information can be found at Keep up to date with CSR on our technical blog or CSR people blog, YouTube, Facebook or follow us on Twitter at
You can now access the wide range of products powered by aptX.
HostAP mailing list
HostAP <at>
volker.obhof.w | 14 Jul 15:22 2015

Associated with specific BSSID

Which function have I to use to start association with a specific BSSID in wpa_supplicant?

Kommanditgesellschaft, Sitz: Bruchsal, RG Mannheim HRA 230970
Komplementärin: SEW-EURODRIVE Verwaltungs-GmbH, Sitz: Bruchsal, RG Mannheim HRB 230207

Gesellschafter: Jürgen Blickle, Rainer Blickle
Geschäftsführer: Jürgen Blickle (Vorsitzender), Johann Soder, Dr. Jürgen Zanghellini
HostAP mailing list
HostAP <at>