/src/hostap/wpa_supplicant/config.c

Source (jump to first uncovered line)
/*
 * WPA Supplicant / Configuration parser and common functions
 * Copyright (c) 2003-2019, Jouni Malinen <j@w1.fi>
 *
 * This software may be distributed under the terms of the BSD license.
 * See README for more details.
 */

#include "includes.h"

#include "common.h"
#include "utils/uuid.h"
#include "utils/ip_addr.h"
#include "common/ieee802_1x_defs.h"
#include "common/sae.h"
#include "crypto/sha1.h"
#include "rsn_supp/wpa.h"
#include "eap_peer/eap.h"
#include "p2p/p2p.h"
#include "fst/fst.h"
#include "config.h"


#if !defined(CONFIG_CTRL_IFACE) && defined(CONFIG_NO_CONFIG_WRITE)
#define NO_CONFIG_WRITE
#endif

/*
 * Structure for network configuration parsing. This data is used to implement
 * a generic parser for each network block variable. The table of configuration
 * variables is defined below in this file (ssid_fields[]).
 */
struct parse_data {
  /* Configuration variable name */
  char *name;

  /* Parser function for this variable. The parser functions return 0 or 1
   * to indicate success. Value 0 indicates that the parameter value may
   * have changed while value 1 means that the value did not change.
   * Error cases (failure to parse the string) are indicated by returning
   * -1. */
  int (*parser)(const struct parse_data *data, struct wpa_ssid *ssid,
          int line, const char *value);

#ifndef NO_CONFIG_WRITE
  /* Writer function (i.e., to get the variable in text format from
   * internal presentation). */
  char * (*writer)(const struct parse_data *data, struct wpa_ssid *ssid);
#endif /* NO_CONFIG_WRITE */

  /* Variable specific parameters for the parser. */
  void *param1, *param2, *param3, *param4;

  /* 0 = this variable can be included in debug output and ctrl_iface
   * 1 = this variable contains key/private data and it must not be
   *     included in debug output unless explicitly requested. In
   *     addition, this variable will not be readable through the
   *     ctrl_iface.
   */
  int key_data;
};


static int wpa_config_parse_str(const struct parse_data *data,
        struct wpa_ssid *ssid,
        int line, const char *value)
{
  size_t res_len, *dst_len, prev_len;
  char **dst, *tmp;

  if (os_strcmp(value, "NULL") == 0) {
    wpa_printf(MSG_DEBUG, "Unset configuration string '%s'",
         data->name);
    tmp = NULL;
    res_len = 0;
    goto set;
  }

  tmp = wpa_config_parse_string(value, &res_len);
  if (tmp == NULL) {
    wpa_printf(MSG_ERROR, "Line %d: failed to parse %s '%s'.",
         line, data->name,
         data->key_data ? "[KEY DATA REMOVED]" : value);
    return -1;
  }

  if (data->key_data) {
    wpa_hexdump_ascii_key(MSG_MSGDUMP, data->name,
              (u8 *) tmp, res_len);
  } else {
    wpa_hexdump_ascii(MSG_MSGDUMP, data->name,
          (u8 *) tmp, res_len);
  }

  if (data->param3 && res_len < (size_t) data->param3) {
    wpa_printf(MSG_ERROR, "Line %d: too short %s (len=%lu "
         "min_len=%ld)", line, data->name,
         (unsigned long) res_len, (long) data->param3);
    os_free(tmp);
    return -1;
  }

  if (data->param4 && res_len > (size_t) data->param4) {
    wpa_printf(MSG_ERROR, "Line %d: too long %s (len=%lu "
         "max_len=%ld)", line, data->name,
         (unsigned long) res_len, (long) data->param4);
    os_free(tmp);
    return -1;
  }

set:
  dst = (char **) (((u8 *) ssid) + (long) data->param1);
  dst_len = (size_t *) (((u8 *) ssid) + (long) data->param2);

  if (data->param2)
    prev_len = *dst_len;
  else if (*dst)
    prev_len = os_strlen(*dst);
  else
    prev_len = 0;
  if ((*dst == NULL && tmp == NULL) ||
      (*dst && tmp && prev_len == res_len &&
       os_memcmp(*dst, tmp, res_len) == 0)) {
    /* No change to the previously configured value */
    os_free(tmp);
    return 1;
  }

  os_free(*dst);
  *dst = tmp;
  if (data->param2)
    *dst_len = res_len;

  return 0;
}


#ifndef NO_CONFIG_WRITE
static char * wpa_config_write_string_ascii(const u8 *value, size_t len)
{
  char *buf;

  buf = os_malloc(len + 3);
  if (buf == NULL)
    return NULL;
  buf[0] = '"';
  os_memcpy(buf + 1, value, len);
  buf[len + 1] = '"';
  buf[len + 2] = '\0';

  return buf;
}


static char * wpa_config_write_string_hex(const u8 *value, size_t len)
{
  char *buf;

  buf = os_zalloc(2 * len + 1);
  if (buf == NULL)
    return NULL;
  wpa_snprintf_hex(buf, 2 * len + 1, value, len);

  return buf;
}


static char * wpa_config_write_string(const u8 *value, size_t len)
{
  if (value == NULL)
    return NULL;

  if (is_hex(value, len))
    return wpa_config_write_string_hex(value, len);
  else
    return wpa_config_write_string_ascii(value, len);
}


static char * wpa_config_write_str(const struct parse_data *data,
           struct wpa_ssid *ssid)
{
  size_t len;
  char **src;

  src = (char **) (((u8 *) ssid) + (long) data->param1);
  if (*src == NULL)
    return NULL;

  if (data->param2)
    len = *((size_t *) (((u8 *) ssid) + (long) data->param2));
  else
    len = os_strlen(*src);

  return wpa_config_write_string((const u8 *) *src, len);
}
#endif /* NO_CONFIG_WRITE */


static int wpa_config_parse_int(const struct parse_data *data,
        struct wpa_ssid *ssid,
        int line, const char *value)
{
  int val, *dst;
  char *end;

  dst = (int *) (((u8 *) ssid) + (long) data->param1);
  val = strtol(value, &end, 0);
  if (*end) {
    wpa_printf(MSG_ERROR, "Line %d: invalid number \"%s\"",
         line, value);
    return -1;
  }

  if (*dst == val)
    return 1;
  *dst = val;
  wpa_printf(MSG_MSGDUMP, "%s=%d (0x%x)", data->name, *dst, *dst);

  if (data->param3 && *dst < (long) data->param3) {
    wpa_printf(MSG_ERROR, "Line %d: too small %s (value=%d "
         "min_value=%ld)", line, data->name, *dst,
         (long) data->param3);
    *dst = (long) data->param3;
    return -1;
  }

  if (data->param4 && *dst > (long) data->param4) {
    wpa_printf(MSG_ERROR, "Line %d: too large %s (value=%d "
         "max_value=%ld)", line, data->name, *dst,
         (long) data->param4);
    *dst = (long) data->param4;
    return -1;
  }

  return 0;
}


#ifndef NO_CONFIG_WRITE
static char * wpa_config_write_int(const struct parse_data *data,
           struct wpa_ssid *ssid)
{
  int *src, res;
  char *value;

  src = (int *) (((u8 *) ssid) + (long) data->param1);

  value = os_malloc(20);
  if (value == NULL)
    return NULL;
  res = os_snprintf(value, 20, "%d", *src);
  if (os_snprintf_error(20, res)) {
    os_free(value);
    return NULL;
  }
  value[20 - 1] = '\0';
  return value;
}
#endif /* NO_CONFIG_WRITE */


static int wpa_config_parse_addr_list(const struct parse_data *data,
              int line, const char *value,
              u8 **list, size_t *num, char *name,
              u8 abort_on_error, u8 masked)
{
  const char *pos;
  u8 *buf, *n, addr[2 * ETH_ALEN];
  size_t count;

  buf = NULL;
  count = 0;

  pos = value;
  while (pos && *pos) {
    while (*pos == ' ')
      pos++;

    if (hwaddr_masked_aton(pos, addr, &addr[ETH_ALEN], masked)) {
      if (abort_on_error || count == 0) {
        wpa_printf(MSG_ERROR,
             "Line %d: Invalid %s address '%s'",
             line, name, value);
        os_free(buf);
        return -1;
      }
      /* continue anyway since this could have been from a
       * truncated configuration file line */
      wpa_printf(MSG_INFO,
           "Line %d: Ignore likely truncated %s address '%s'",
           line, name, pos);
    } else {
      n = os_realloc_array(buf, count + 1, 2 * ETH_ALEN);
      if (n == NULL) {
        os_free(buf);
        return -1;
      }
      buf = n;
      os_memmove(buf + 2 * ETH_ALEN, buf,
           count * 2 * ETH_ALEN);
      os_memcpy(buf, addr, 2 * ETH_ALEN);
      count++;
      wpa_printf(MSG_MSGDUMP,
           "%s: addr=" MACSTR " mask=" MACSTR,
           name, MAC2STR(addr),
           MAC2STR(&addr[ETH_ALEN]));
    }

    pos = os_strchr(pos, ' ');
  }

  os_free(*list);
  *list = buf;
  *num = count;

  return 0;
}


#ifndef NO_CONFIG_WRITE
static char * wpa_config_write_addr_list(const struct parse_data *data,
           const u8 *list, size_t num, char *name)
{
  char *value, *end, *pos;
  int res;
  size_t i;

  if (list == NULL || num == 0)
    return NULL;

  value = os_malloc(2 * 20 * num);
  if (value == NULL)
    return NULL;
  pos = value;
  end = value + 2 * 20 * num;

  for (i = num; i > 0; i--) {
    const u8 *a = list + (i - 1) * 2 * ETH_ALEN;
    const u8 *m = a + ETH_ALEN;

    if (i < num)
      *pos++ = ' ';
    res = hwaddr_mask_txt(pos, end - pos, a, m);
    if (res < 0) {
      os_free(value);
      return NULL;
    }
    pos += res;
  }

  return value;
}
#endif /* NO_CONFIG_WRITE */

static int wpa_config_parse_bssid(const struct parse_data *data,
          struct wpa_ssid *ssid, int line,
          const char *value)
{
  if (value[0] == '\0' || os_strcmp(value, "\"\"") == 0 ||
      os_strcmp(value, "any") == 0) {
    ssid->bssid_set = 0;
    wpa_printf(MSG_MSGDUMP, "BSSID any");
    return 0;
  }
  if (hwaddr_aton(value, ssid->bssid)) {
    wpa_printf(MSG_ERROR, "Line %d: Invalid BSSID '%s'.",
         line, value);
    return -1;
  }
  ssid->bssid_set = 1;
  wpa_hexdump(MSG_MSGDUMP, "BSSID", ssid->bssid, ETH_ALEN);
  return 0;
}


#ifndef NO_CONFIG_WRITE
static char * wpa_config_write_bssid(const struct parse_data *data,
             struct wpa_ssid *ssid)
{
  char *value;
  int res;

  if (!ssid->bssid_set)
    return NULL;

  value = os_malloc(20);
  if (value == NULL)
    return NULL;
  res = os_snprintf(value, 20, MACSTR, MAC2STR(ssid->bssid));
  if (os_snprintf_error(20, res)) {
    os_free(value);
    return NULL;
  }
  value[20 - 1] = '\0';
  return value;
}
#endif /* NO_CONFIG_WRITE */


static int wpa_config_parse_bssid_hint(const struct parse_data *data,
               struct wpa_ssid *ssid, int line,
               const char *value)
{
  if (value[0] == '\0' || os_strcmp(value, "\"\"") == 0 ||
      os_strcmp(value, "any") == 0) {
    ssid->bssid_hint_set = 0;
    wpa_printf(MSG_MSGDUMP, "BSSID hint any");
    return 0;
  }
  if (hwaddr_aton(value, ssid->bssid_hint)) {
    wpa_printf(MSG_ERROR, "Line %d: Invalid BSSID hint '%s'.",
         line, value);
    return -1;
  }
  ssid->bssid_hint_set = 1;
  wpa_hexdump(MSG_MSGDUMP, "BSSID hint", ssid->bssid_hint, ETH_ALEN);
  return 0;
}


#ifndef NO_CONFIG_WRITE
static char * wpa_config_write_bssid_hint(const struct parse_data *data,
            struct wpa_ssid *ssid)
{
  char *value;
  int res;

  if (!ssid->bssid_hint_set)
    return NULL;

  value = os_malloc(20);
  if (!value)
    return NULL;
  res = os_snprintf(value, 20, MACSTR, MAC2STR(ssid->bssid_hint));
  if (os_snprintf_error(20, res)) {
    os_free(value);
    return NULL;
  }
  return value;
}
#endif /* NO_CONFIG_WRITE */


static int wpa_config_parse_bssid_ignore(const struct parse_data *data,
           struct wpa_ssid *ssid, int line,
           const char *value)
{
  return wpa_config_parse_addr_list(data, line, value,
            &ssid->bssid_ignore,
            &ssid->num_bssid_ignore,
            "bssid_ignore", 1, 1);
}


/* deprecated alias for bssid_ignore for backwards compatibility */
static int wpa_config_parse_bssid_blacklist(const struct parse_data *data,
              struct wpa_ssid *ssid, int line,
              const char *value)
{
  return wpa_config_parse_addr_list(data, line, value,
            &ssid->bssid_ignore,
            &ssid->num_bssid_ignore,
            "bssid_ignore", 1, 1);
}


#ifndef NO_CONFIG_WRITE

static char * wpa_config_write_bssid_ignore(const struct parse_data *data,
              struct wpa_ssid *ssid)
{
  return wpa_config_write_addr_list(data, ssid->bssid_ignore,
            ssid->num_bssid_ignore,
            "bssid_ignore");
}


/* deprecated alias for bssid_ignore for backwards compatibility */
static char * wpa_config_write_bssid_blacklist(const struct parse_data *data,
                 struct wpa_ssid *ssid)
{
  return wpa_config_write_addr_list(data, ssid->bssid_ignore,
            ssid->num_bssid_ignore,
            "bssid_ignore");
}

#endif /* NO_CONFIG_WRITE */


static int wpa_config_parse_bssid_accept(const struct parse_data *data,
           struct wpa_ssid *ssid, int line,
           const char *value)
{
  return wpa_config_parse_addr_list(data, line, value,
            &ssid->bssid_accept,
            &ssid->num_bssid_accept,
            "bssid_accept", 1, 1);
}


/* deprecated alias for bssid_accept for backwards compatibility */
static int wpa_config_parse_bssid_whitelist(const struct parse_data *data,
              struct wpa_ssid *ssid, int line,
              const char *value)
{
  return wpa_config_parse_addr_list(data, line, value,
            &ssid->bssid_accept,
            &ssid->num_bssid_accept,
            "bssid_accept", 1, 1);
}


#ifndef NO_CONFIG_WRITE

static char * wpa_config_write_bssid_accept(const struct parse_data *data,
              struct wpa_ssid *ssid)
{
  return wpa_config_write_addr_list(data, ssid->bssid_accept,
            ssid->num_bssid_accept,
            "bssid_accept");
}


/* deprecated alias for bssid_accept for backwards compatibility */
static char * wpa_config_write_bssid_whitelist(const struct parse_data *data,
                 struct wpa_ssid *ssid)
{
  return wpa_config_write_addr_list(data, ssid->bssid_accept,
            ssid->num_bssid_accept,
            "bssid_accept");
}

#endif /* NO_CONFIG_WRITE */


#ifndef NO_CONFIG_WRITE
#endif /* NO_CONFIG_WRITE */


static int wpa_config_parse_psk(const struct parse_data *data,
        struct wpa_ssid *ssid, int line,
        const char *value)
{
#ifdef CONFIG_EXT_PASSWORD
  if (os_strncmp(value, "ext:", 4) == 0) {
    str_clear_free(ssid->passphrase);
    ssid->passphrase = NULL;
    ssid->psk_set = 0;
    os_free(ssid->ext_psk);
    ssid->ext_psk = os_strdup(value + 4);
    if (ssid->ext_psk == NULL)
      return -1;
    wpa_printf(MSG_DEBUG, "PSK: External password '%s'",
         ssid->ext_psk);
    return 0;
  }
#endif /* CONFIG_EXT_PASSWORD */

  if (*value == '"') {
#ifndef CONFIG_NO_PBKDF2
    const char *pos;
    size_t len;

    value++;
    pos = os_strrchr(value, '"');
    if (pos)
      len = pos - value;
    else
      len = os_strlen(value);
    if (len < 8 || len > 63) {
      wpa_printf(MSG_ERROR, "Line %d: Invalid passphrase "
           "length %lu (expected: 8..63) '%s'.",
           line, (unsigned long) len, value);
      return -1;
    }
    wpa_hexdump_ascii_key(MSG_MSGDUMP, "PSK (ASCII passphrase)",
              (u8 *) value, len);
    if (has_ctrl_char((u8 *) value, len)) {
      wpa_printf(MSG_ERROR,
           "Line %d: Invalid passphrase character",
           line);
      return -1;
    }
    if (ssid->passphrase && os_strlen(ssid->passphrase) == len &&
        os_memcmp(ssid->passphrase, value, len) == 0) {
      /* No change to the previously configured value */
      return 1;
    }
    ssid->psk_set = 0;
    str_clear_free(ssid->passphrase);
    ssid->passphrase = dup_binstr(value, len);
    if (ssid->passphrase == NULL)
      return -1;
    return 0;
#else /* CONFIG_NO_PBKDF2 */
    wpa_printf(MSG_ERROR, "Line %d: ASCII passphrase not "
         "supported.", line);
    return -1;
#endif /* CONFIG_NO_PBKDF2 */
  }

  if (hexstr2bin(value, ssid->psk, PMK_LEN) ||
      value[PMK_LEN * 2] != '\0') {
    wpa_printf(MSG_ERROR, "Line %d: Invalid PSK '%s'.",
         line, value);
    return -1;
  }

  str_clear_free(ssid->passphrase);
  ssid->passphrase = NULL;

  ssid->psk_set = 1;
  wpa_hexdump_key(MSG_MSGDUMP, "PSK", ssid->psk, PMK_LEN);
  return 0;
}


#ifndef NO_CONFIG_WRITE
static char * wpa_config_write_psk(const struct parse_data *data,
           struct wpa_ssid *ssid)
{
#ifdef CONFIG_EXT_PASSWORD
  if (ssid->ext_psk) {
    size_t len = 4 + os_strlen(ssid->ext_psk) + 1;
    char *buf = os_malloc(len);
    int res;

    if (buf == NULL)
      return NULL;
    res = os_snprintf(buf, len, "ext:%s", ssid->ext_psk);
    if (os_snprintf_error(len, res)) {
      os_free(buf);
      buf = NULL;
    }
    return buf;
  }
#endif /* CONFIG_EXT_PASSWORD */

  if (ssid->passphrase)
    return wpa_config_write_string_ascii(
      (const u8 *) ssid->passphrase,
      os_strlen(ssid->passphrase));

  if (ssid->psk_set)
    return wpa_config_write_string_hex(ssid->psk, PMK_LEN);

  return NULL;
}
#endif /* NO_CONFIG_WRITE */


static int wpa_config_parse_proto(const struct parse_data *data,
          struct wpa_ssid *ssid, int line,
          const char *value)
{
  int val = 0, last, errors = 0;
  char *start, *end, *buf;

  buf = os_strdup(value);
  if (buf == NULL)
    return -1;
  start = buf;

  while (*start != '\0') {
    while (*start == ' ' || *start == '\t')
      start++;
    if (*start == '\0')
      break;
    end = start;
    while (*end != ' ' && *end != '\t' && *end != '\0')
      end++;
    last = *end == '\0';
    *end = '\0';
    if (os_strcmp(start, "WPA") == 0)
      val |= WPA_PROTO_WPA;
    else if (os_strcmp(start, "RSN") == 0 ||
       os_strcmp(start, "WPA2") == 0)
      val |= WPA_PROTO_RSN;
    else if (os_strcmp(start, "OSEN") == 0)
      val |= WPA_PROTO_OSEN;
    else {
      wpa_printf(MSG_ERROR, "Line %d: invalid proto '%s'",
           line, start);
      errors++;
    }

    if (last)
      break;
    start = end + 1;
  }
  os_free(buf);

  if (val == 0) {
    wpa_printf(MSG_ERROR,
         "Line %d: no proto values configured.", line);
    errors++;
  }

  if (!errors && ssid->proto == val)
    return 1;
  wpa_printf(MSG_MSGDUMP, "proto: 0x%x", val);
  ssid->proto = val;
  return errors ? -1 : 0;
}


#ifndef NO_CONFIG_WRITE
static char * wpa_config_write_proto(const struct parse_data *data,
             struct wpa_ssid *ssid)
{
  int ret;
  char *buf, *pos, *end;

  pos = buf = os_zalloc(20);
  if (buf == NULL)
    return NULL;
  end = buf + 20;

  if (ssid->proto & WPA_PROTO_WPA) {
    ret = os_snprintf(pos, end - pos, "%sWPA",
          pos == buf ? "" : " ");
    if (os_snprintf_error(end - pos, ret))
      return buf;
    pos += ret;
  }

  if (ssid->proto & WPA_PROTO_RSN) {
    ret = os_snprintf(pos, end - pos, "%sRSN",
          pos == buf ? "" : " ");
    if (os_snprintf_error(end - pos, ret))
      return buf;
    pos += ret;
  }

  if (ssid->proto & WPA_PROTO_OSEN) {
    ret = os_snprintf(pos, end - pos, "%sOSEN",
          pos == buf ? "" : " ");
    if (os_snprintf_error(end - pos, ret))
      return buf;
    pos += ret;
  }

  if (pos == buf) {
    os_free(buf);
    buf = NULL;
  }

  return buf;
}
#endif /* NO_CONFIG_WRITE */


static int wpa_config_parse_key_mgmt(const struct parse_data *data,
             struct wpa_ssid *ssid, int line,
             const char *value)
{
  int val = 0, last, errors = 0;
  char *start, *end, *buf;

  buf = os_strdup(value);
  if (buf == NULL)
    return -1;
  start = buf;

  while (*start != '\0') {
    while (*start == ' ' || *start == '\t')
      start++;
    if (*start == '\0')
      break;
    end = start;
    while (*end != ' ' && *end != '\t' && *end != '\0')
      end++;
    last = *end == '\0';
    *end = '\0';
    if (os_strcmp(start, "WPA-PSK") == 0)
      val |= WPA_KEY_MGMT_PSK;
    else if (os_strcmp(start, "WPA-EAP") == 0)
      val |= WPA_KEY_MGMT_IEEE8021X;
    else if (os_strcmp(start, "IEEE8021X") == 0)
      val |= WPA_KEY_MGMT_IEEE8021X_NO_WPA;
    else if (os_strcmp(start, "NONE") == 0)
      val |= WPA_KEY_MGMT_NONE;
    else if (os_strcmp(start, "WPA-NONE") == 0)
      val |= WPA_KEY_MGMT_WPA_NONE;
#ifdef CONFIG_IEEE80211R
    else if (os_strcmp(start, "FT-PSK") == 0)
      val |= WPA_KEY_MGMT_FT_PSK;
    else if (os_strcmp(start, "FT-EAP") == 0)
      val |= WPA_KEY_MGMT_FT_IEEE8021X;
#ifdef CONFIG_SHA384
    else if (os_strcmp(start, "FT-EAP-SHA384") == 0)
      val |= WPA_KEY_MGMT_FT_IEEE8021X_SHA384;
#endif /* CONFIG_SHA384 */
#endif /* CONFIG_IEEE80211R */
    else if (os_strcmp(start, "WPA-PSK-SHA256") == 0)
      val |= WPA_KEY_MGMT_PSK_SHA256;
    else if (os_strcmp(start, "WPA-EAP-SHA256") == 0)
      val |= WPA_KEY_MGMT_IEEE8021X_SHA256;
#ifdef CONFIG_WPS
    else if (os_strcmp(start, "WPS") == 0)
      val |= WPA_KEY_MGMT_WPS;
#endif /* CONFIG_WPS */
#ifdef CONFIG_SAE
    else if (os_strcmp(start, "SAE") == 0)
      val |= WPA_KEY_MGMT_SAE;
    else if (os_strcmp(start, "SAE-EXT-KEY") == 0)
      val |= WPA_KEY_MGMT_SAE_EXT_KEY;
    else if (os_strcmp(start, "FT-SAE") == 0)
      val |= WPA_KEY_MGMT_FT_SAE;
    else if (os_strcmp(start, "FT-SAE-EXT-KEY") == 0)
      val |= WPA_KEY_MGMT_FT_SAE_EXT_KEY;
#endif /* CONFIG_SAE */
#ifdef CONFIG_HS20
    else if (os_strcmp(start, "OSEN") == 0)
      val |= WPA_KEY_MGMT_OSEN;
#endif /* CONFIG_HS20 */
#ifdef CONFIG_SUITEB
    else if (os_strcmp(start, "WPA-EAP-SUITE-B") == 0)
      val |= WPA_KEY_MGMT_IEEE8021X_SUITE_B;
#endif /* CONFIG_SUITEB */
#ifdef CONFIG_SUITEB192
    else if (os_strcmp(start, "WPA-EAP-SUITE-B-192") == 0)
      val |= WPA_KEY_MGMT_IEEE8021X_SUITE_B_192;
#endif /* CONFIG_SUITEB192 */
#ifdef CONFIG_FILS
    else if (os_strcmp(start, "FILS-SHA256") == 0)
      val |= WPA_KEY_MGMT_FILS_SHA256;
    else if (os_strcmp(start, "FILS-SHA384") == 0)
      val |= WPA_KEY_MGMT_FILS_SHA384;
#ifdef CONFIG_IEEE80211R
    else if (os_strcmp(start, "FT-FILS-SHA256") == 0)
      val |= WPA_KEY_MGMT_FT_FILS_SHA256;
    else if (os_strcmp(start, "FT-FILS-SHA384") == 0)
      val |= WPA_KEY_MGMT_FT_FILS_SHA384;
#endif /* CONFIG_IEEE80211R */
#endif /* CONFIG_FILS */
#ifdef CONFIG_OWE
    else if (os_strcmp(start, "OWE") == 0)
      val |= WPA_KEY_MGMT_OWE;
#endif /* CONFIG_OWE */
#ifdef CONFIG_DPP
    else if (os_strcmp(start, "DPP") == 0)
      val |= WPA_KEY_MGMT_DPP;
#endif /* CONFIG_DPP */
    else {
      wpa_printf(MSG_ERROR, "Line %d: invalid key_mgmt '%s'",
           line, start);
      errors++;
    }

    if (last)
      break;
    start = end + 1;
  }
  os_free(buf);

  if (val == 0) {
    wpa_printf(MSG_ERROR,
         "Line %d: no key_mgmt values configured.", line);
    errors++;
  }

  if (!errors && ssid->key_mgmt == val)
    return 1;
  wpa_printf(MSG_MSGDUMP, "key_mgmt: 0x%x", val);
  ssid->key_mgmt = val;
  return errors ? -1 : 0;
}


#ifndef NO_CONFIG_WRITE
static char * wpa_config_write_key_mgmt(const struct parse_data *data,
          struct wpa_ssid *ssid)
{
  char *buf, *pos, *end;
  int ret;

  pos = buf = os_zalloc(100);
  if (buf == NULL)
    return NULL;
  end = buf + 100;

  if (ssid->key_mgmt & WPA_KEY_MGMT_PSK) {
    ret = os_snprintf(pos, end - pos, "%sWPA-PSK",
          pos == buf ? "" : " ");
    if (os_snprintf_error(end - pos, ret)) {
      end[-1] = '\0';
      return buf;
    }
    pos += ret;
  }

  if (ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X) {
    ret = os_snprintf(pos, end - pos, "%sWPA-EAP",
          pos == buf ? "" : " ");
    if (os_snprintf_error(end - pos, ret)) {
      end[-1] = '\0';
      return buf;
    }
    pos += ret;
  }

  if (ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
    ret = os_snprintf(pos, end - pos, "%sIEEE8021X",
          pos == buf ? "" : " ");
    if (os_snprintf_error(end - pos, ret)) {
      end[-1] = '\0';
      return buf;
    }
    pos += ret;
  }

  if (ssid->key_mgmt & WPA_KEY_MGMT_NONE) {
    ret = os_snprintf(pos, end - pos, "%sNONE",
          pos == buf ? "" : " ");
    if (os_snprintf_error(end - pos, ret)) {
      end[-1] = '\0';
      return buf;
    }
    pos += ret;
  }

  if (ssid->key_mgmt & WPA_KEY_MGMT_WPA_NONE) {
    ret = os_snprintf(pos, end - pos, "%sWPA-NONE",
          pos == buf ? "" : " ");
    if (os_snprintf_error(end - pos, ret)) {
      end[-1] = '\0';
      return buf;
    }
    pos += ret;
  }

#ifdef CONFIG_IEEE80211R
  if (ssid->key_mgmt & WPA_KEY_MGMT_FT_PSK) {
    ret = os_snprintf(pos, end - pos, "%sFT-PSK",
          pos == buf ? "" : " ");
    if (os_snprintf_error(end - pos, ret)) {
      end[-1] = '\0';
      return buf;
    }
    pos += ret;
  }

  if (ssid->key_mgmt & WPA_KEY_MGMT_FT_IEEE8021X) {
    ret = os_snprintf(pos, end - pos, "%sFT-EAP",
          pos == buf ? "" : " ");
    if (os_snprintf_error(end - pos, ret)) {
      end[-1] = '\0';
      return buf;
    }
    pos += ret;
  }

#ifdef CONFIG_SHA384
  if (ssid->key_mgmt & WPA_KEY_MGMT_FT_IEEE8021X_SHA384) {
    ret = os_snprintf(pos, end - pos, "%sFT-EAP-SHA384",
          pos == buf ? "" : " ");
    if (os_snprintf_error(end - pos, ret)) {
      end[-1] = '\0';
      return buf;
    }
    pos += ret;
  }
#endif /* CONFIG_SHA384 */
#endif /* CONFIG_IEEE80211R */

  if (ssid->key_mgmt & WPA_KEY_MGMT_PSK_SHA256) {
    ret = os_snprintf(pos, end - pos, "%sWPA-PSK-SHA256",
          pos == buf ? "" : " ");
    if (os_snprintf_error(end - pos, ret)) {
      end[-1] = '\0';
      return buf;
    }
    pos += ret;
  }

  if (ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_SHA256) {
    ret = os_snprintf(pos, end - pos, "%sWPA-EAP-SHA256",
          pos == buf ? "" : " ");
    if (os_snprintf_error(end - pos, ret)) {
      end[-1] = '\0';
      return buf;
    }
    pos += ret;
  }

#ifdef CONFIG_WPS
  if (ssid->key_mgmt & WPA_KEY_MGMT_WPS) {
    ret = os_snprintf(pos, end - pos, "%sWPS",
          pos == buf ? "" : " ");
    if (os_snprintf_error(end - pos, ret)) {
      end[-1] = '\0';
      return buf;
    }
    pos += ret;
  }
#endif /* CONFIG_WPS */

#ifdef CONFIG_SAE
  if (ssid->key_mgmt & WPA_KEY_MGMT_SAE) {
    ret = os_snprintf(pos, end - pos, "%sSAE",
          pos == buf ? "" : " ");
    if (os_snprintf_error(end - pos, ret)) {
      end[-1] = '\0';
      return buf;
    }
    pos += ret;
  }

  if (ssid->key_mgmt & WPA_KEY_MGMT_SAE_EXT_KEY) {
    ret = os_snprintf(pos, end - pos, "%sSAE-EXT-KEY",
          pos == buf ? "" : " ");
    if (os_snprintf_error(end - pos, ret)) {
      end[-1] = '\0';
      return buf;
    }
    pos += ret;
  }

  if (ssid->key_mgmt & WPA_KEY_MGMT_FT_SAE) {
    ret = os_snprintf(pos, end - pos, "%sFT-SAE",
          pos == buf ? "" : " ");
    if (os_snprintf_error(end - pos, ret)) {
      end[-1] = '\0';
      return buf;
    }
    pos += ret;
  }

  if (ssid->key_mgmt & WPA_KEY_MGMT_FT_SAE_EXT_KEY) {
    ret = os_snprintf(pos, end - pos, "%sFT-SAE-EXT-KEY",
          pos == buf ? "" : " ");
    if (os_snprintf_error(end - pos, ret)) {
      end[-1] = '\0';
      return buf;
    }
    pos += ret;
  }
#endif /* CONFIG_SAE */

#ifdef CONFIG_HS20
  if (ssid->key_mgmt & WPA_KEY_MGMT_OSEN) {
    ret = os_snprintf(pos, end - pos, "%sOSEN",
          pos == buf ? "" : " ");
    if (os_snprintf_error(end - pos, ret)) {
      end[-1] = '\0';
      return buf;
    }
    pos += ret;
  }
#endif /* CONFIG_HS20 */

#ifdef CONFIG_SUITEB
  if (ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_SUITE_B) {
    ret = os_snprintf(pos, end - pos, "%sWPA-EAP-SUITE-B",
          pos == buf ? "" : " ");
    if (os_snprintf_error(end - pos, ret)) {
      end[-1] = '\0';
      return buf;
    }
    pos += ret;
  }
#endif /* CONFIG_SUITEB */

#ifdef CONFIG_SUITEB192
  if (ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_SUITE_B_192) {
    ret = os_snprintf(pos, end - pos, "%sWPA-EAP-SUITE-B-192",
          pos == buf ? "" : " ");
    if (os_snprintf_error(end - pos, ret)) {
      end[-1] = '\0';
      return buf;
    }
    pos += ret;
  }
#endif /* CONFIG_SUITEB192 */

#ifdef CONFIG_FILS
  if (ssid->key_mgmt & WPA_KEY_MGMT_FILS_SHA256) {
    ret = os_snprintf(pos, end - pos, "%sFILS-SHA256",
          pos == buf ? "" : " ");
    if (os_snprintf_error(end - pos, ret)) {
      end[-1] = '\0';
      return buf;
    }
    pos += ret;
  }
  if (ssid->key_mgmt & WPA_KEY_MGMT_FILS_SHA384) {
    ret = os_snprintf(pos, end - pos, "%sFILS-SHA384",
          pos == buf ? "" : " ");
    if (os_snprintf_error(end - pos, ret)) {
      end[-1] = '\0';
      return buf;
    }
    pos += ret;
  }
#ifdef CONFIG_IEEE80211R
  if (ssid->key_mgmt & WPA_KEY_MGMT_FT_FILS_SHA256) {
    ret = os_snprintf(pos, end - pos, "%sFT-FILS-SHA256",
          pos == buf ? "" : " ");
    if (os_snprintf_error(end - pos, ret)) {
      end[-1] = '\0';
      return buf;
    }
    pos += ret;
  }
  if (ssid->key_mgmt & WPA_KEY_MGMT_FT_FILS_SHA384) {
    ret = os_snprintf(pos, end - pos, "%sFT-FILS-SHA384",
          pos == buf ? "" : " ");
    if (os_snprintf_error(end - pos, ret)) {
      end[-1] = '\0';
      return buf;
    }
    pos += ret;
  }
#endif /* CONFIG_IEEE80211R */
#endif /* CONFIG_FILS */

#ifdef CONFIG_DPP
  if (ssid->key_mgmt & WPA_KEY_MGMT_DPP) {
    ret = os_snprintf(pos, end - pos, "%sDPP",
          pos == buf ? "" : " ");
    if (os_snprintf_error(end - pos, ret)) {
      end[-1] = '\0';
      return buf;
    }
    pos += ret;
  }
#endif /* CONFIG_DPP */

#ifdef CONFIG_OWE
  if (ssid->key_mgmt & WPA_KEY_MGMT_OWE) {
    ret = os_snprintf(pos, end - pos, "%sOWE",
          pos == buf ? "" : " ");
    if (os_snprintf_error(end - pos, ret)) {
      end[-1] = '\0';
      return buf;
    }
    pos += ret;
  }
#endif /* CONFIG_OWE */

  if (pos == buf) {
    os_free(buf);
    buf = NULL;
  }

  return buf;
}
#endif /* NO_CONFIG_WRITE */


static int wpa_config_parse_cipher(int line, const char *value)
{
#ifdef CONFIG_NO_WPA
  return -1;
#else /* CONFIG_NO_WPA */
  int val = wpa_parse_cipher(value);
  if (val < 0) {
    wpa_printf(MSG_ERROR, "Line %d: invalid cipher '%s'.",
         line, value);
    return -1;
  }
  if (val == 0) {
    wpa_printf(MSG_ERROR, "Line %d: no cipher values configured.",
         line);
    return -1;
  }
  return val;
#endif /* CONFIG_NO_WPA */
}


#ifndef NO_CONFIG_WRITE
static char * wpa_config_write_cipher(int cipher)
{
#ifdef CONFIG_NO_WPA
  return NULL;
#else /* CONFIG_NO_WPA */
  char *buf = os_zalloc(50);
  if (buf == NULL)
    return NULL;

  if (wpa_write_ciphers(buf, buf + 50, cipher, " ") < 0) {
    os_free(buf);
    return NULL;
  }

  return buf;
#endif /* CONFIG_NO_WPA */
}
#endif /* NO_CONFIG_WRITE */


static int wpa_config_parse_pairwise(const struct parse_data *data,
             struct wpa_ssid *ssid, int line,
             const char *value)
{
  int val;
  val = wpa_config_parse_cipher(line, value);
  if (val == -1)
    return -1;
  if (val & ~WPA_ALLOWED_PAIRWISE_CIPHERS) {
    wpa_printf(MSG_ERROR, "Line %d: not allowed pairwise cipher "
         "(0x%x).", line, val);
    return -1;
  }

  if (ssid->pairwise_cipher == val)
    return 1;
  wpa_printf(MSG_MSGDUMP, "pairwise: 0x%x", val);
  ssid->pairwise_cipher = val;
  return 0;
}


#ifndef NO_CONFIG_WRITE
static char * wpa_config_write_pairwise(const struct parse_data *data,
          struct wpa_ssid *ssid)
{
  return wpa_config_write_cipher(ssid->pairwise_cipher);
}
#endif /* NO_CONFIG_WRITE */


static int wpa_config_parse_group(const struct parse_data *data,
          struct wpa_ssid *ssid, int line,
          const char *value)
{
  int val;
  val = wpa_config_parse_cipher(line, value);
  if (val == -1)
    return -1;

  /*
   * Backwards compatibility - filter out WEP ciphers that were previously
   * allowed.
   */
  val &= ~(WPA_CIPHER_WEP104 | WPA_CIPHER_WEP40);

  if (val & ~WPA_ALLOWED_GROUP_CIPHERS) {
    wpa_printf(MSG_ERROR, "Line %d: not allowed group cipher "
         "(0x%x).", line, val);
    return -1;
  }

  if (ssid->group_cipher == val)
    return 1;
  wpa_printf(MSG_MSGDUMP, "group: 0x%x", val);
  ssid->group_cipher = val;
  return 0;
}


#ifndef NO_CONFIG_WRITE
static char * wpa_config_write_group(const struct parse_data *data,
             struct wpa_ssid *ssid)
{
  return wpa_config_write_cipher(ssid->group_cipher);
}
#endif /* NO_CONFIG_WRITE */


static int wpa_config_parse_group_mgmt(const struct parse_data *data,
               struct wpa_ssid *ssid, int line,
               const char *value)
{
  int val;

  val = wpa_config_parse_cipher(line, value);
  if (val == -1)
    return -1;

  if (val & ~WPA_ALLOWED_GROUP_MGMT_CIPHERS) {
    wpa_printf(MSG_ERROR,
         "Line %d: not allowed group management cipher (0x%x).",
         line, val);
    return -1;
  }

  if (ssid->group_mgmt_cipher == val)
    return 1;
  wpa_printf(MSG_MSGDUMP, "group_mgmt: 0x%x", val);
  ssid->group_mgmt_cipher = val;
  return 0;
}


#ifndef NO_CONFIG_WRITE
static char * wpa_config_write_group_mgmt(const struct parse_data *data,
            struct wpa_ssid *ssid)
{
  return wpa_config_write_cipher(ssid->group_mgmt_cipher);
}
#endif /* NO_CONFIG_WRITE */


static int wpa_config_parse_auth_alg(const struct parse_data *data,
             struct wpa_ssid *ssid, int line,
             const char *value)
{
  int val = 0, last, errors = 0;
  char *start, *end, *buf;

  buf = os_strdup(value);
  if (buf == NULL)
    return -1;
  start = buf;

  while (*start != '\0') {
    while (*start == ' ' || *start == '\t')
      start++;
    if (*start == '\0')
      break;
    end = start;
    while (*end != ' ' && *end != '\t' && *end != '\0')
      end++;
    last = *end == '\0';
    *end = '\0';
    if (os_strcmp(start, "OPEN") == 0)
      val |= WPA_AUTH_ALG_OPEN;
    else if (os_strcmp(start, "SHARED") == 0)
      val |= WPA_AUTH_ALG_SHARED;
    else if (os_strcmp(start, "LEAP") == 0)
      val |= WPA_AUTH_ALG_LEAP;
    else {
      wpa_printf(MSG_ERROR, "Line %d: invalid auth_alg '%s'",
           line, start);
      errors++;
    }

    if (last)
      break;
    start = end + 1;
  }
  os_free(buf);

  if (val == 0) {
    wpa_printf(MSG_ERROR,
         "Line %d: no auth_alg values configured.", line);
    errors++;
  }

  if (!errors && ssid->auth_alg == val)
    return 1;
  wpa_printf(MSG_MSGDUMP, "auth_alg: 0x%x", val);
  ssid->auth_alg = val;
  return errors ? -1 : 0;
}


#ifndef NO_CONFIG_WRITE
static char * wpa_config_write_auth_alg(const struct parse_data *data,
          struct wpa_ssid *ssid)
{
  char *buf, *pos, *end;
  int ret;

  pos = buf = os_zalloc(30);
  if (buf == NULL)
    return NULL;
  end = buf + 30;

  if (ssid->auth_alg & WPA_AUTH_ALG_OPEN) {
    ret = os_snprintf(pos, end - pos, "%sOPEN",
          pos == buf ? "" : " ");
    if (os_snprintf_error(end - pos, ret)) {
      end[-1] = '\0';
      return buf;
    }
    pos += ret;
  }

  if (ssid->auth_alg & WPA_AUTH_ALG_SHARED) {
    ret = os_snprintf(pos, end - pos, "%sSHARED",
          pos == buf ? "" : " ");
    if (os_snprintf_error(end - pos, ret)) {
      end[-1] = '\0';
      return buf;
    }
    pos += ret;
  }

  if (ssid->auth_alg & WPA_AUTH_ALG_LEAP) {
    ret = os_snprintf(pos, end - pos, "%sLEAP",
          pos == buf ? "" : " ");
    if (os_snprintf_error(end - pos, ret)) {
      end[-1] = '\0';
      return buf;
    }
    pos += ret;
  }

  if (pos == buf) {
    os_free(buf);
    buf = NULL;
  }

  return buf;
}
#endif /* NO_CONFIG_WRITE */


static int * wpa_config_parse_int_array(const char *value)
{
  int *freqs;
  size_t used, len;
  const char *pos;

  used = 0;
  len = 10;
  freqs = os_calloc(len + 1, sizeof(int));
  if (freqs == NULL)
    return NULL;

  pos = value;
  while (pos) {
    while (*pos == ' ')
      pos++;
    if (used == len) {
      int *n;
      size_t i;
      n = os_realloc_array(freqs, len * 2 + 1, sizeof(int));
      if (n == NULL) {
        os_free(freqs);
        return NULL;
      }
      for (i = len; i <= len * 2; i++)
        n[i] = 0;
      freqs = n;
      len *= 2;
    }

    freqs[used] = atoi(pos);
    if (freqs[used] == 0)
      break;
    used++;
    pos = os_strchr(pos + 1, ' ');
  }

  return freqs;
}


static int wpa_config_parse_scan_freq(const struct parse_data *data,
              struct wpa_ssid *ssid, int line,
              const char *value)
{
  int *freqs;

  freqs = wpa_config_parse_int_array(value);
  if (freqs == NULL)
    return -1;
  if (freqs[0] == 0) {
    os_free(freqs);
    freqs = NULL;
  }
  os_free(ssid->scan_freq);
  ssid->scan_freq = freqs;

  return 0;
}


static int wpa_config_parse_freq_list(const struct parse_data *data,
              struct wpa_ssid *ssid, int line,
              const char *value)
{
  int *freqs;

  freqs = wpa_config_parse_int_array(value);
  if (freqs == NULL)
    return -1;
  if (freqs[0] == 0) {
    os_free(freqs);
    freqs = NULL;
  }
  os_free(ssid->freq_list);
  ssid->freq_list = freqs;

  return 0;
}


#ifndef NO_CONFIG_WRITE
static char * wpa_config_write_freqs(const struct parse_data *data,
             const int *freqs)
{
  char *buf, *pos, *end;
  int i, ret;
  size_t count;

  if (freqs == NULL)
    return NULL;

  count = 0;
  for (i = 0; freqs[i]; i++)
    count++;

  pos = buf = os_zalloc(10 * count + 1);
  if (buf == NULL)
    return NULL;
  end = buf + 10 * count + 1;

  for (i = 0; freqs[i]; i++) {
    ret = os_snprintf(pos, end - pos, "%s%u",
          i == 0 ? "" : " ", freqs[i]);
    if (os_snprintf_error(end - pos, ret)) {
      end[-1] = '\0';
      return buf;
    }
    pos += ret;
  }

  return buf;
}


static char * wpa_config_write_scan_freq(const struct parse_data *data,
           struct wpa_ssid *ssid)
{
  return wpa_config_write_freqs(data, ssid->scan_freq);
}


static char * wpa_config_write_freq_list(const struct parse_data *data,
           struct wpa_ssid *ssid)
{
  return wpa_config_write_freqs(data, ssid->freq_list);
}
#endif /* NO_CONFIG_WRITE */


#ifdef IEEE8021X_EAPOL
static int wpa_config_parse_eap(const struct parse_data *data,
        struct wpa_ssid *ssid, int line,
        const char *value)
{
  int last, errors = 0;
  char *start, *end, *buf;
  struct eap_method_type *methods = NULL, *tmp;
  size_t num_methods = 0;

  buf = os_strdup(value);
  if (buf == NULL)
    return -1;
  start = buf;

  while (*start != '\0') {
    while (*start == ' ' || *start == '\t')
      start++;
    if (*start == '\0')
      break;
    end = start;
    while (*end != ' ' && *end != '\t' && *end != '\0')
      end++;
    last = *end == '\0';
    *end = '\0';
    tmp = methods;
    methods = os_realloc_array(methods, num_methods + 1,
             sizeof(*methods));
    if (methods == NULL) {
      os_free(tmp);
      os_free(buf);
      return -1;
    }
    methods[num_methods].method = eap_peer_get_type(
      start, &methods[num_methods].vendor);
    if (methods[num_methods].vendor == EAP_VENDOR_IETF &&
        methods[num_methods].method == EAP_TYPE_NONE) {
      wpa_printf(MSG_ERROR, "Line %d: unknown EAP method "
           "'%s'", line, start);
      wpa_printf(MSG_ERROR, "You may need to add support for"
           " this EAP method during wpa_supplicant\n"
           "build time configuration.\n"
           "See README for more information.");
      errors++;
    } else if (methods[num_methods].vendor == EAP_VENDOR_IETF &&
         methods[num_methods].method == EAP_TYPE_LEAP)
      ssid->leap++;
    else
      ssid->non_leap++;
    num_methods++;
    if (last)
      break;
    start = end + 1;
  }
  os_free(buf);

  tmp = methods;
  methods = os_realloc_array(methods, num_methods + 1, sizeof(*methods));
  if (methods == NULL) {
    os_free(tmp);
    return -1;
  }
  methods[num_methods].vendor = EAP_VENDOR_IETF;
  methods[num_methods].method = EAP_TYPE_NONE;
  num_methods++;

  if (!errors && ssid->eap.eap_methods) {
    struct eap_method_type *prev_m;
    size_t i, j, prev_methods, match = 0;

    prev_m = ssid->eap.eap_methods;
    for (i = 0; prev_m[i].vendor != EAP_VENDOR_IETF ||
           prev_m[i].method != EAP_TYPE_NONE; i++) {
      /* Count the methods */
    }
    prev_methods = i + 1;

    for (i = 0; prev_methods == num_methods && i < prev_methods;
         i++) {
      for (j = 0; j < num_methods; j++) {
        if (prev_m[i].vendor == methods[j].vendor &&
            prev_m[i].method == methods[j].method) {
          match++;
          break;
        }
      }
    }
    if (match == num_methods) {
      os_free(methods);
      return 1;
    }
  }
  wpa_hexdump(MSG_MSGDUMP, "eap methods",
        (u8 *) methods, num_methods * sizeof(*methods));
  os_free(ssid->eap.eap_methods);
  ssid->eap.eap_methods = methods;
  return errors ? -1 : 0;
}


#ifndef NO_CONFIG_WRITE
static char * wpa_config_write_eap(const struct parse_data *data,
           struct wpa_ssid *ssid)
{
  int i, ret;
  char *buf, *pos, *end;
  const struct eap_method_type *eap_methods = ssid->eap.eap_methods;
  const char *name;

  if (eap_methods == NULL)
    return NULL;

  pos = buf = os_zalloc(100);
  if (buf == NULL)
    return NULL;
  end = buf + 100;

  for (i = 0; eap_methods[i].vendor != EAP_VENDOR_IETF ||
         eap_methods[i].method != EAP_TYPE_NONE; i++) {
    name = eap_get_name(eap_methods[i].vendor,
            eap_methods[i].method);
    if (name) {
      ret = os_snprintf(pos, end - pos, "%s%s",
            pos == buf ? "" : " ", name);
      if (os_snprintf_error(end - pos, ret))
        break;
      pos += ret;
    }
  }

  end[-1] = '\0';

  return buf;
}
#endif /* NO_CONFIG_WRITE */


static int wpa_config_parse_password(const struct parse_data *data,
             struct wpa_ssid *ssid, int line,
             const char *value)
{
  u8 *hash;

  if (os_strcmp(value, "NULL") == 0) {
    if (!ssid->eap.password)
      return 1; /* Already unset */
    wpa_printf(MSG_DEBUG, "Unset configuration string 'password'");
    bin_clear_free(ssid->eap.password, ssid->eap.password_len);
    ssid->eap.password = NULL;
    ssid->eap.password_len = 0;
    return 0;
  }

#ifdef CONFIG_EXT_PASSWORD
  if (os_strncmp(value, "ext:", 4) == 0) {
    char *name = os_strdup(value + 4);
    if (!name)
      return -1;
    bin_clear_free(ssid->eap.password, ssid->eap.password_len);
    ssid->eap.password = (u8 *) name;
    ssid->eap.password_len = os_strlen(name);
    ssid->eap.flags &= ~EAP_CONFIG_FLAGS_PASSWORD_NTHASH;
    ssid->eap.flags |= EAP_CONFIG_FLAGS_EXT_PASSWORD;
    return 0;
  }
#endif /* CONFIG_EXT_PASSWORD */

  if (os_strncmp(value, "hash:", 5) != 0) {
    char *tmp;
    size_t res_len;

    tmp = wpa_config_parse_string(value, &res_len);
    if (!tmp) {
      wpa_printf(MSG_ERROR,
           "Line %d: failed to parse password.", line);
      return -1;
    }
    wpa_hexdump_ascii_key(MSG_MSGDUMP, data->name,
              (u8 *) tmp, res_len);

    bin_clear_free(ssid->eap.password, ssid->eap.password_len);
    ssid->eap.password = (u8 *) tmp;
    ssid->eap.password_len = res_len;
    ssid->eap.flags &= ~EAP_CONFIG_FLAGS_PASSWORD_NTHASH;
    ssid->eap.flags &= ~EAP_CONFIG_FLAGS_EXT_PASSWORD;

    return 0;
  }


  /* NtPasswordHash: hash:<32 hex digits> */
  if (os_strlen(value + 5) != 2 * 16) {
    wpa_printf(MSG_ERROR,
         "Line %d: Invalid password hash length (expected 32 hex digits)",
         line);
    return -1;
  }

  hash = os_malloc(16);
  if (!hash)
    return -1;

  if (hexstr2bin(value + 5, hash, 16)) {
    os_free(hash);
    wpa_printf(MSG_ERROR, "Line %d: Invalid password hash", line);
    return -1;
  }

  wpa_hexdump_key(MSG_MSGDUMP, data->name, hash, 16);

  if (ssid->eap.password && ssid->eap.password_len == 16 &&
      os_memcmp(ssid->eap.password, hash, 16) == 0 &&
      (ssid->eap.flags & EAP_CONFIG_FLAGS_PASSWORD_NTHASH)) {
    bin_clear_free(hash, 16);
    return 1;
  }
  bin_clear_free(ssid->eap.password, ssid->eap.password_len);
  ssid->eap.password = hash;
  ssid->eap.password_len = 16;
  ssid->eap.flags |= EAP_CONFIG_FLAGS_PASSWORD_NTHASH;
  ssid->eap.flags &= ~EAP_CONFIG_FLAGS_EXT_PASSWORD;

  return 0;
}


static int wpa_config_parse_machine_password(const struct parse_data *data,
               struct wpa_ssid *ssid, int line,
               const char *value)
{
  u8 *hash;

  if (os_strcmp(value, "NULL") == 0) {
    if (!ssid->eap.machine_password)
      return 1; /* Already unset */
    wpa_printf(MSG_DEBUG,
         "Unset configuration string 'machine_password'");
    bin_clear_free(ssid->eap.machine_password,
             ssid->eap.machine_password_len);
    ssid->eap.machine_password = NULL;
    ssid->eap.machine_password_len = 0;
    return 0;
  }

#ifdef CONFIG_EXT_PASSWORD
  if (os_strncmp(value, "ext:", 4) == 0) {
    char *name = os_strdup(value + 4);

    if (!name)
      return -1;
    bin_clear_free(ssid->eap.machine_password,
             ssid->eap.machine_password_len);
    ssid->eap.machine_password = (u8 *) name;
    ssid->eap.machine_password_len = os_strlen(name);
    ssid->eap.flags &= ~EAP_CONFIG_FLAGS_MACHINE_PASSWORD_NTHASH;
    ssid->eap.flags |= EAP_CONFIG_FLAGS_EXT_MACHINE_PASSWORD;
    return 0;
  }
#endif /* CONFIG_EXT_PASSWORD */

  if (os_strncmp(value, "hash:", 5) != 0) {
    char *tmp;
    size_t res_len;

    tmp = wpa_config_parse_string(value, &res_len);
    if (!tmp) {
      wpa_printf(MSG_ERROR,
           "Line %d: failed to parse machine_password.",
           line);
      return -1;
    }
    wpa_hexdump_ascii_key(MSG_MSGDUMP, data->name,
              (u8 *) tmp, res_len);

    bin_clear_free(ssid->eap.machine_password,
             ssid->eap.machine_password_len);
    ssid->eap.machine_password = (u8 *) tmp;
    ssid->eap.machine_password_len = res_len;
    ssid->eap.flags &= ~EAP_CONFIG_FLAGS_MACHINE_PASSWORD_NTHASH;
    ssid->eap.flags &= ~EAP_CONFIG_FLAGS_EXT_MACHINE_PASSWORD;

    return 0;
  }


  /* NtPasswordHash: hash:<32 hex digits> */
  if (os_strlen(value + 5) != 2 * 16) {
    wpa_printf(MSG_ERROR,
         "Line %d: Invalid machine_password hash length (expected 32 hex digits)",
         line);
    return -1;
  }

  hash = os_malloc(16);
  if (!hash)
    return -1;

  if (hexstr2bin(value + 5, hash, 16)) {
    os_free(hash);
    wpa_printf(MSG_ERROR, "Line %d: Invalid machine_password hash",
         line);
    return -1;
  }

  wpa_hexdump_key(MSG_MSGDUMP, data->name, hash, 16);

  if (ssid->eap.machine_password &&
      ssid->eap.machine_password_len == 16 &&
      os_memcmp(ssid->eap.machine_password, hash, 16) == 0 &&
      (ssid->eap.flags & EAP_CONFIG_FLAGS_MACHINE_PASSWORD_NTHASH)) {
    bin_clear_free(hash, 16);
    return 1;
  }
  bin_clear_free(ssid->eap.machine_password,
           ssid->eap.machine_password_len);
  ssid->eap.machine_password = hash;
  ssid->eap.machine_password_len = 16;
  ssid->eap.flags |= EAP_CONFIG_FLAGS_MACHINE_PASSWORD_NTHASH;
  ssid->eap.flags &= ~EAP_CONFIG_FLAGS_EXT_MACHINE_PASSWORD;

  return 0;
}


#ifndef NO_CONFIG_WRITE

static char * wpa_config_write_password(const struct parse_data *data,
          struct wpa_ssid *ssid)
{
  char *buf;

  if (!ssid->eap.password)
    return NULL;

#ifdef CONFIG_EXT_PASSWORD
  if (ssid->eap.flags & EAP_CONFIG_FLAGS_EXT_PASSWORD) {
    buf = os_zalloc(4 + ssid->eap.password_len + 1);
    if (!buf)
      return NULL;
    os_memcpy(buf, "ext:", 4);
    os_memcpy(buf + 4, ssid->eap.password, ssid->eap.password_len);
    return buf;
  }
#endif /* CONFIG_EXT_PASSWORD */

  if (!(ssid->eap.flags & EAP_CONFIG_FLAGS_PASSWORD_NTHASH)) {
    return wpa_config_write_string(
      ssid->eap.password, ssid->eap.password_len);
  }

  buf = os_malloc(5 + 32 + 1);
  if (!buf)
    return NULL;

  os_memcpy(buf, "hash:", 5);
  wpa_snprintf_hex(buf + 5, 32 + 1, ssid->eap.password, 16);

  return buf;
}


static char * wpa_config_write_machine_password(const struct parse_data *data,
            struct wpa_ssid *ssid)
{
  char *buf;

  if (!ssid->eap.machine_password)
    return NULL;

#ifdef CONFIG_EXT_PASSWORD
  if (ssid->eap.flags & EAP_CONFIG_FLAGS_EXT_MACHINE_PASSWORD) {
    buf = os_zalloc(4 + ssid->eap.machine_password_len + 1);
    if (!buf)
      return NULL;
    os_memcpy(buf, "ext:", 4);
    os_memcpy(buf + 4, ssid->eap.machine_password,
        ssid->eap.machine_password_len);
    return buf;
  }
#endif /* CONFIG_EXT_PASSWORD */

  if (!(ssid->eap.flags & EAP_CONFIG_FLAGS_MACHINE_PASSWORD_NTHASH)) {
    return wpa_config_write_string(
      ssid->eap.machine_password,
      ssid->eap.machine_password_len);
  }

  buf = os_malloc(5 + 32 + 1);
  if (!buf)
    return NULL;

  os_memcpy(buf, "hash:", 5);
  wpa_snprintf_hex(buf + 5, 32 + 1, ssid->eap.machine_password, 16);

  return buf;
}

#endif /* NO_CONFIG_WRITE */
#endif /* IEEE8021X_EAPOL */


#ifdef CONFIG_WEP

static int wpa_config_parse_wep_key(u8 *key, size_t *len, int line,
            const char *value, int idx)
{
  char *buf, title[20];
  int res;

  buf = wpa_config_parse_string(value, len);
  if (buf == NULL) {
    wpa_printf(MSG_ERROR, "Line %d: Invalid WEP key %d '%s'.",
         line, idx, value);
    return -1;
  }
  if (*len > MAX_WEP_KEY_LEN) {
    wpa_printf(MSG_ERROR, "Line %d: Too long WEP key %d '%s'.",
         line, idx, value);
    os_free(buf);
    return -1;
  }
  if (*len && *len != 5 && *len != 13 && *len != 16) {
    wpa_printf(MSG_ERROR, "Line %d: Invalid WEP key length %u - "
         "this network block will be ignored",
         line, (unsigned int) *len);
  }
  os_memcpy(key, buf, *len);
  str_clear_free(buf);
  res = os_snprintf(title, sizeof(title), "wep_key%d", idx);
  if (!os_snprintf_error(sizeof(title), res))
    wpa_hexdump_key(MSG_MSGDUMP, title, key, *len);
  return 0;
}


static int wpa_config_parse_wep_key0(const struct parse_data *data,
             struct wpa_ssid *ssid, int line,
             const char *value)
{
  return wpa_config_parse_wep_key(ssid->wep_key[0],
          &ssid->wep_key_len[0], line,
          value, 0);
}


static int wpa_config_parse_wep_key1(const struct parse_data *data,
             struct wpa_ssid *ssid, int line,
             const char *value)
{
  return wpa_config_parse_wep_key(ssid->wep_key[1],
          &ssid->wep_key_len[1], line,
          value, 1);
}


static int wpa_config_parse_wep_key2(const struct parse_data *data,
             struct wpa_ssid *ssid, int line,
             const char *value)
{
  return wpa_config_parse_wep_key(ssid->wep_key[2],
          &ssid->wep_key_len[2], line,
          value, 2);
}


static int wpa_config_parse_wep_key3(const struct parse_data *data,
             struct wpa_ssid *ssid, int line,
             const char *value)
{
  return wpa_config_parse_wep_key(ssid->wep_key[3],
          &ssid->wep_key_len[3], line,
          value, 3);
}


#ifndef NO_CONFIG_WRITE
static char * wpa_config_write_wep_key(struct wpa_ssid *ssid, int idx)
{
  if (ssid->wep_key_len[idx] == 0)
    return NULL;
  return wpa_config_write_string(ssid->wep_key[idx],
               ssid->wep_key_len[idx]);
}


static char * wpa_config_write_wep_key0(const struct parse_data *data,
          struct wpa_ssid *ssid)
{
  return wpa_config_write_wep_key(ssid, 0);
}


static char * wpa_config_write_wep_key1(const struct parse_data *data,
          struct wpa_ssid *ssid)
{
  return wpa_config_write_wep_key(ssid, 1);
}


static char * wpa_config_write_wep_key2(const struct parse_data *data,
          struct wpa_ssid *ssid)
{
  return wpa_config_write_wep_key(ssid, 2);
}


static char * wpa_config_write_wep_key3(const struct parse_data *data,
          struct wpa_ssid *ssid)
{
  return wpa_config_write_wep_key(ssid, 3);
}
#endif /* NO_CONFIG_WRITE */

#endif /* CONFIG_WEP */


#ifdef CONFIG_P2P

static int wpa_config_parse_go_p2p_dev_addr(const struct parse_data *data,
              struct wpa_ssid *ssid, int line,
              const char *value)
{
  if (value[0] == '\0' || os_strcmp(value, "\"\"") == 0 ||
      os_strcmp(value, "any") == 0) {
    os_memset(ssid->go_p2p_dev_addr, 0, ETH_ALEN);
    wpa_printf(MSG_MSGDUMP, "GO P2P Device Address any");
    return 0;
  }
  if (hwaddr_aton(value, ssid->go_p2p_dev_addr)) {
    wpa_printf(MSG_ERROR, "Line %d: Invalid GO P2P Device Address '%s'.",
         line, value);
    return -1;
  }
  ssid->bssid_set = 1;
  wpa_printf(MSG_MSGDUMP, "GO P2P Device Address " MACSTR,
       MAC2STR(ssid->go_p2p_dev_addr));
  return 0;
}


#ifndef NO_CONFIG_WRITE
static char * wpa_config_write_go_p2p_dev_addr(const struct parse_data *data,
                 struct wpa_ssid *ssid)
{
  char *value;
  int res;

  if (is_zero_ether_addr(ssid->go_p2p_dev_addr))
    return NULL;

  value = os_malloc(20);
  if (value == NULL)
    return NULL;
  res = os_snprintf(value, 20, MACSTR, MAC2STR(ssid->go_p2p_dev_addr));
  if (os_snprintf_error(20, res)) {
    os_free(value);
    return NULL;
  }
  value[20 - 1] = '\0';
  return value;
}
#endif /* NO_CONFIG_WRITE */


static int wpa_config_parse_p2p_client_list(const struct parse_data *data,
              struct wpa_ssid *ssid, int line,
              const char *value)
{
  return wpa_config_parse_addr_list(data, line, value,
            &ssid->p2p_client_list,
            &ssid->num_p2p_clients,
            "p2p_client_list", 0, 0);
}


#ifndef NO_CONFIG_WRITE
static char * wpa_config_write_p2p_client_list(const struct parse_data *data,
                 struct wpa_ssid *ssid)
{
  return wpa_config_write_addr_list(data, ssid->p2p_client_list,
            ssid->num_p2p_clients,
            "p2p_client_list");
}
#endif /* NO_CONFIG_WRITE */


static int wpa_config_parse_psk_list(const struct parse_data *data,
             struct wpa_ssid *ssid, int line,
             const char *value)
{
  struct psk_list_entry *p;
  const char *pos;

  p = os_zalloc(sizeof(*p));
  if (p == NULL)
    return -1;

  pos = value;
  if (os_strncmp(pos, "P2P-", 4) == 0) {
    p->p2p = 1;
    pos += 4;
  }

  if (hwaddr_aton(pos, p->addr)) {
    wpa_printf(MSG_ERROR, "Line %d: Invalid psk_list address '%s'",
         line, pos);
    os_free(p);
    return -1;
  }
  pos += 17;
  if (*pos != '-') {
    wpa_printf(MSG_ERROR, "Line %d: Invalid psk_list '%s'",
         line, pos);
    os_free(p);
    return -1;
  }
  pos++;

  if (hexstr2bin(pos, p->psk, PMK_LEN) || pos[PMK_LEN * 2] != '\0') {
    wpa_printf(MSG_ERROR, "Line %d: Invalid psk_list PSK '%s'",
         line, pos);
    os_free(p);
    return -1;
  }

  dl_list_add(&ssid->psk_list, &p->list);

  return 0;
}


#ifndef NO_CONFIG_WRITE
static char * wpa_config_write_psk_list(const struct parse_data *data,
          struct wpa_ssid *ssid)
{
  return NULL;
}
#endif /* NO_CONFIG_WRITE */

#endif /* CONFIG_P2P */


#ifdef CONFIG_MESH

static int wpa_config_parse_mesh_basic_rates(const struct parse_data *data,
               struct wpa_ssid *ssid, int line,
               const char *value)
{
  int *rates = wpa_config_parse_int_array(value);

  if (rates == NULL) {
    wpa_printf(MSG_ERROR, "Line %d: Invalid mesh_basic_rates '%s'",
         line, value);
    return -1;
  }
  if (rates[0] == 0) {
    os_free(rates);
    rates = NULL;
  }

  os_free(ssid->mesh_basic_rates);
  ssid->mesh_basic_rates = rates;

  return 0;
}


#ifndef NO_CONFIG_WRITE

static char * wpa_config_write_mesh_basic_rates(const struct parse_data *data,
            struct wpa_ssid *ssid)
{
  return wpa_config_write_freqs(data, ssid->mesh_basic_rates);
}

#endif /* NO_CONFIG_WRITE */

#endif /* CONFIG_MESH */


#ifdef CONFIG_MACSEC

static int wpa_config_parse_mka_cak(const struct parse_data *data,
            struct wpa_ssid *ssid, int line,
            const char *value)
{
  size_t len;

  len = os_strlen(value);
  if (len > 2 * MACSEC_CAK_MAX_LEN ||
      (len != 2 * 16 && len != 2 * 32) ||
      hexstr2bin(value, ssid->mka_cak, len / 2)) {
    wpa_printf(MSG_ERROR, "Line %d: Invalid MKA-CAK '%s'.",
         line, value);
    return -1;
  }
  ssid->mka_cak_len = len / 2;
  ssid->mka_psk_set |= MKA_PSK_SET_CAK;

  wpa_hexdump_key(MSG_MSGDUMP, "MKA-CAK", ssid->mka_cak,
      ssid->mka_cak_len);
  return 0;
}


static int wpa_config_parse_mka_ckn(const struct parse_data *data,
            struct wpa_ssid *ssid, int line,
            const char *value)
{
  size_t len;

  len = os_strlen(value);
  if (len > 2 * MACSEC_CKN_MAX_LEN || /* too long */
      len < 2 || /* too short */
      len % 2 != 0 /* not an integral number of bytes */) {
    wpa_printf(MSG_ERROR, "Line %d: Invalid MKA-CKN '%s'.",
         line, value);
    return -1;
  }
  ssid->mka_ckn_len = len / 2;
  if (hexstr2bin(value, ssid->mka_ckn, ssid->mka_ckn_len)) {
    wpa_printf(MSG_ERROR, "Line %d: Invalid MKA-CKN '%s'.",
         line, value);
    return -1;
  }

  ssid->mka_psk_set |= MKA_PSK_SET_CKN;

  wpa_hexdump_key(MSG_MSGDUMP, "MKA-CKN", ssid->mka_ckn,
      ssid->mka_ckn_len);
  return 0;
}


#ifndef NO_CONFIG_WRITE

static char * wpa_config_write_mka_cak(const struct parse_data *data,
               struct wpa_ssid *ssid)
{
  if (!(ssid->mka_psk_set & MKA_PSK_SET_CAK))
    return NULL;

  return wpa_config_write_string_hex(ssid->mka_cak, ssid->mka_cak_len);
}


static char * wpa_config_write_mka_ckn(const struct parse_data *data,
               struct wpa_ssid *ssid)
{
  if (!(ssid->mka_psk_set & MKA_PSK_SET_CKN))
    return NULL;
  return wpa_config_write_string_hex(ssid->mka_ckn, ssid->mka_ckn_len);
}

#endif /* NO_CONFIG_WRITE */

#endif /* CONFIG_MACSEC */


#ifdef CONFIG_OCV

static int wpa_config_parse_ocv(const struct parse_data *data,
        struct wpa_ssid *ssid, int line,
        const char *value)
{
  char *end;

  ssid->ocv = strtol(value, &end, 0);
  if (*end || ssid->ocv < 0 || ssid->ocv > 1) {
    wpa_printf(MSG_ERROR, "Line %d: Invalid ocv value '%s'.",
         line, value);
    return -1;
  }
  if (ssid->ocv && ssid->ieee80211w == NO_MGMT_FRAME_PROTECTION)
    ssid->ieee80211w = MGMT_FRAME_PROTECTION_OPTIONAL;
  return 0;
}


#ifndef NO_CONFIG_WRITE
static char * wpa_config_write_ocv(const struct parse_data *data,
           struct wpa_ssid *ssid)
{
  char *value = os_malloc(20);

  if (!value)
    return NULL;
  os_snprintf(value, 20, "%d", ssid->ocv);
  value[20 - 1] = '\0';
  return value;
}
#endif /* NO_CONFIG_WRITE */

#endif /* CONFIG_OCV */


static int wpa_config_parse_peerkey(const struct parse_data *data,
            struct wpa_ssid *ssid, int line,
            const char *value)
{
  wpa_printf(MSG_INFO, "NOTE: Obsolete peerkey parameter ignored");
  return 0;
}


#ifndef NO_CONFIG_WRITE
static char * wpa_config_write_peerkey(const struct parse_data *data,
               struct wpa_ssid *ssid)
{
  return NULL;
}
#endif /* NO_CONFIG_WRITE */


static int wpa_config_parse_mac_value(const struct parse_data *data,
              struct wpa_ssid *ssid, int line,
              const char *value)
{
  u8 mac_value[ETH_ALEN];

  if (hwaddr_aton(value, mac_value) == 0) {
    if (os_memcmp(mac_value, ssid->mac_value, ETH_ALEN) == 0)
      return 1;
    os_memcpy(ssid->mac_value, mac_value, ETH_ALEN);
    return 0;
  }

  wpa_printf(MSG_ERROR, "Line %d: Invalid MAC address '%s'",
       line, value);
  return -1;
}


#ifndef NO_CONFIG_WRITE
static char * wpa_config_write_mac_value(const struct parse_data *data,
           struct wpa_ssid *ssid)
{
  const size_t size = 3 * ETH_ALEN;
  char *value;
  int res;

  if (ssid->mac_addr != WPAS_MAC_ADDR_STYLE_DEDICATED_PER_ESS)
    return NULL;

  value = os_malloc(size);
  if (!value)
    return NULL;
  res = os_snprintf(value, size, MACSTR, MAC2STR(ssid->mac_value));
  if (os_snprintf_error(size, res)) {
    os_free(value);
    return NULL;
  }
  value[size - 1] = '\0';
  return value;
}
#endif /* NO_CONFIG_WRITE */


/* Helper macros for network block parser */

#ifdef OFFSET
#undef OFFSET
#endif /* OFFSET */
/* OFFSET: Get offset of a variable within the wpa_ssid structure */
#define OFFSET(v) ((void *) &((struct wpa_ssid *) 0)->v)

/* STR: Define a string variable for an ASCII string; f = field name */
#ifdef NO_CONFIG_WRITE
#define _STR(f) #f, wpa_config_parse_str, OFFSET(f)
#define _STRe(f, m) #f, wpa_config_parse_str, OFFSET(eap.m)
#else /* NO_CONFIG_WRITE */
#define _STR(f) #f, wpa_config_parse_str, wpa_config_write_str, OFFSET(f)
#define _STRe(f, m) #f, wpa_config_parse_str, wpa_config_write_str, \
    OFFSET(eap.m)
#endif /* NO_CONFIG_WRITE */
#define STR(f) _STR(f), NULL, NULL, NULL, 0
#define STRe(f, m) _STRe(f, m), NULL, NULL, NULL, 0
#define STR_KEY(f) _STR(f), NULL, NULL, NULL, 1
#define STR_KEYe(f, m) _STRe(f, m), NULL, NULL, NULL, 1

/* STR_LEN: Define a string variable with a separate variable for storing the
 * data length. Unlike STR(), this can be used to store arbitrary binary data
 * (i.e., even nul termination character). */
#define _STR_LEN(f) _STR(f), OFFSET(f ## _len)
#define _STR_LENe(f, m) _STRe(f, m), OFFSET(eap.m ## _len)
#define STR_LEN(f) _STR_LEN(f), NULL, NULL, 0
#define STR_LENe(f, m) _STR_LENe(f, m), NULL, NULL, 0
#define STR_LEN_KEY(f) _STR_LEN(f), NULL, NULL, 1

/* STR_RANGE: Like STR_LEN(), but with minimum and maximum allowed length
 * explicitly specified. */
#define _STR_RANGE(f, min, max) _STR_LEN(f), (void *) (min), (void *) (max)
#define STR_RANGE(f, min, max) _STR_RANGE(f, min, max), 0
#define STR_RANGE_KEY(f, min, max) _STR_RANGE(f, min, max), 1

#ifdef NO_CONFIG_WRITE
#define _INT(f) #f, wpa_config_parse_int, OFFSET(f), (void *) 0
#define _INTe(f, m) #f, wpa_config_parse_int, OFFSET(eap.m), (void *) 0
#else /* NO_CONFIG_WRITE */
#define _INT(f) #f, wpa_config_parse_int, wpa_config_write_int, \
  OFFSET(f), (void *) 0
#define _INTe(f, m) #f, wpa_config_parse_int, wpa_config_write_int, \
  OFFSET(eap.m), (void *) 0
#endif /* NO_CONFIG_WRITE */

/* INT: Define an integer variable */
#define INT(f) _INT(f), NULL, NULL, 0
#define INTe(f, m) _INTe(f, m), NULL, NULL, 0

/* INT_RANGE: Define an integer variable with allowed value range */
#define INT_RANGE(f, min, max) _INT(f), (void *) (min), (void *) (max), 0

/* FUNC: Define a configuration variable that uses a custom function for
 * parsing and writing the value. */
#ifdef NO_CONFIG_WRITE
#define _FUNC(f) #f, wpa_config_parse_ ## f, NULL, NULL, NULL, NULL
#else /* NO_CONFIG_WRITE */
#define _FUNC(f) #f, wpa_config_parse_ ## f, wpa_config_write_ ## f, \
  NULL, NULL, NULL, NULL
#endif /* NO_CONFIG_WRITE */
#define FUNC(f) _FUNC(f), 0
#define FUNC_KEY(f) _FUNC(f), 1

/*
 * Table of network configuration variables. This table is used to parse each
 * network configuration variable, e.g., each line in wpa_supplicant.conf file
 * that is inside a network block.
 *
 * This table is generated using the helper macros defined above and with
 * generous help from the C pre-processor. The field name is stored as a string
 * into .name and for STR and INT types, the offset of the target buffer within
 * struct wpa_ssid is stored in .param1. .param2 (if not NULL) is similar
 * offset to the field containing the length of the configuration variable.
 * .param3 and .param4 can be used to mark the allowed range (length for STR
 * and value for INT).
 *
 * For each configuration line in wpa_supplicant.conf, the parser goes through
 * this table and select the entry that matches with the field name. The parser
 * function (.parser) is then called to parse the actual value of the field.
 *
 * This kind of mechanism makes it easy to add new configuration parameters,
 * since only one line needs to be added into this table and into the
 * struct wpa_ssid definition if the new variable is either a string or
 * integer. More complex types will need to use their own parser and writer
 * functions.
 */
static const struct parse_data ssid_fields[] = {
  { STR_RANGE(ssid, 0, SSID_MAX_LEN) },
  { INT_RANGE(scan_ssid, 0, 1) },
  { FUNC(bssid) },
  { FUNC(bssid_hint) },
  { FUNC(bssid_ignore) },
  { FUNC(bssid_accept) },
  { FUNC(bssid_blacklist) }, /* deprecated alias for bssid_ignore */
  { FUNC(bssid_whitelist) }, /* deprecated alias for bssid_accept */
  { FUNC_KEY(psk) },
  { INT(mem_only_psk) },
  { STR_KEY(sae_password) },
  { STR(sae_password_id) },
  { FUNC(proto) },
  { FUNC(key_mgmt) },
  { INT(bg_scan_period) },
  { FUNC(pairwise) },
  { FUNC(group) },
  { FUNC(group_mgmt) },
  { FUNC(auth_alg) },
  { FUNC(scan_freq) },
  { FUNC(freq_list) },
  { INT_RANGE(ht, 0, 1) },
  { INT_RANGE(vht, 0, 1) },
  { INT_RANGE(ht40, -1, 1) },
  { INT_RANGE(max_oper_chwidth, CONF_OPER_CHWIDTH_USE_HT,
        CONF_OPER_CHWIDTH_80P80MHZ) },
  { INT(vht_center_freq1) },
  { INT(vht_center_freq2) },
#ifdef IEEE8021X_EAPOL
  { FUNC(eap) },
  { STR_LENe(identity, identity) },
  { STR_LENe(anonymous_identity, anonymous_identity) },
  { STR_LENe(imsi_identity, imsi_identity) },
  { STR_LENe(machine_identity, machine_identity) },
  { FUNC_KEY(password) },
  { FUNC_KEY(machine_password) },
  { STRe(ca_cert, cert.ca_cert) },
  { STRe(ca_path, cert.ca_path) },
  { STRe(client_cert, cert.client_cert) },
  { STRe(private_key, cert.private_key) },
  { STR_KEYe(private_key_passwd, cert.private_key_passwd) },
  { STRe(subject_match, cert.subject_match) },
  { STRe(check_cert_subject, cert.check_cert_subject) },
  { STRe(altsubject_match, cert.altsubject_match) },
  { STRe(domain_suffix_match, cert.domain_suffix_match) },
  { STRe(domain_match, cert.domain_match) },
  { STRe(ca_cert2, phase2_cert.ca_cert) },
  { STRe(ca_path2, phase2_cert.ca_path) },
  { STRe(client_cert2, phase2_cert.client_cert) },
  { STRe(private_key2, phase2_cert.private_key) },
  { STR_KEYe(private_key2_passwd, phase2_cert.private_key_passwd) },
  { STRe(subject_match2, phase2_cert.subject_match) },
  { STRe(check_cert_subject2, phase2_cert.check_cert_subject) },
  { STRe(altsubject_match2, phase2_cert.altsubject_match) },
  { STRe(domain_suffix_match2, phase2_cert.domain_suffix_match) },
  { STRe(domain_match2, phase2_cert.domain_match) },
  { STRe(phase1, phase1) },
  { STRe(phase2, phase2) },
  { STRe(machine_phase2, machine_phase2) },
  { STRe(pcsc, pcsc) },
  { STR_KEYe(pin, cert.pin) },
  { STRe(engine_id, cert.engine_id) },
  { STRe(key_id, cert.key_id) },
  { STRe(cert_id, cert.cert_id) },
  { STRe(ca_cert_id, cert.ca_cert_id) },
  { STR_KEYe(pin2, phase2_cert.pin) },
  { STRe(engine_id2, phase2_cert.engine_id) },
  { STRe(key_id2, phase2_cert.key_id) },
  { STRe(cert_id2, phase2_cert.cert_id) },
  { STRe(ca_cert_id2, phase2_cert.ca_cert_id) },
  { INTe(engine, cert.engine) },
  { INTe(engine2, phase2_cert.engine) },
  { STRe(machine_ca_cert, machine_cert.ca_cert) },
  { STRe(machine_ca_path, machine_cert.ca_path) },
  { STRe(machine_client_cert, machine_cert.client_cert) },
  { STRe(machine_private_key, machine_cert.private_key) },
  { STR_KEYe(machine_private_key_passwd,
       machine_cert.private_key_passwd) },
  { STRe(machine_subject_match, machine_cert.subject_match) },
  { STRe(machine_check_cert_subject, machine_cert.check_cert_subject) },
  { STRe(machine_altsubject_match, machine_cert.altsubject_match) },
  { STRe(machine_domain_suffix_match,
         machine_cert.domain_suffix_match) },
  { STRe(machine_domain_match, machine_cert.domain_match) },
  { STR_KEYe(machine_pin, machine_cert.pin) },
  { STRe(machine_engine_id, machine_cert.engine_id) },
  { STRe(machine_key_id, machine_cert.key_id) },
  { STRe(machine_cert_id, machine_cert.cert_id) },
  { STRe(machine_ca_cert_id, machine_cert.ca_cert_id) },
  { INTe(machine_engine, machine_cert.engine) },
  { INTe(machine_ocsp, machine_cert.ocsp) },
  { INT(eapol_flags) },
  { INTe(sim_num, sim_num) },
  { STRe(imsi_privacy_cert, imsi_privacy_cert) },
  { STRe(imsi_privacy_attr, imsi_privacy_attr) },
  { STRe(openssl_ciphers, openssl_ciphers) },
  { INTe(erp, erp) },
#endif /* IEEE8021X_EAPOL */
#ifdef CONFIG_WEP
  { FUNC_KEY(wep_key0) },
  { FUNC_KEY(wep_key1) },
  { FUNC_KEY(wep_key2) },
  { FUNC_KEY(wep_key3) },
  { INT(wep_tx_keyidx) },
#endif /* CONFIG_WEP */
  { INT(priority) },
#ifdef IEEE8021X_EAPOL
  { INT(eap_workaround) },
  { STRe(pac_file, pac_file) },
  { INTe(fragment_size, fragment_size) },
  { INTe(ocsp, cert.ocsp) },
  { INTe(ocsp2, phase2_cert.ocsp) },
#endif /* IEEE8021X_EAPOL */
#ifdef CONFIG_MESH
  { INT_RANGE(mode, 0, 5) },
  { INT_RANGE(no_auto_peer, 0, 1) },
  { INT_RANGE(mesh_fwding, 0, 1) },
  { INT_RANGE(mesh_rssi_threshold, -255, 1) },
#else /* CONFIG_MESH */
  { INT_RANGE(mode, 0, 4) },
#endif /* CONFIG_MESH */
  { INT_RANGE(proactive_key_caching, 0, 1) },
  { INT_RANGE(disabled, 0, 2) },
  { STR(id_str) },
  { INT_RANGE(ieee80211w, 0, 2) },
#ifdef CONFIG_OCV
  { FUNC(ocv) },
#endif /* CONFIG_OCV */
  { FUNC(peerkey) /* obsolete - removed */ },
  { INT_RANGE(mixed_cell, 0, 1) },
  { INT_RANGE(frequency, 0, 70200) },
  { INT_RANGE(fixed_freq, 0, 1) },
  { INT_RANGE(enable_edmg, 0, 1) },
  { INT_RANGE(edmg_channel, 9, 13) },
#ifdef CONFIG_ACS
  { INT_RANGE(acs, 0, 1) },
#endif /* CONFIG_ACS */
#ifdef CONFIG_MESH
  { FUNC(mesh_basic_rates) },
  { INT(dot11MeshMaxRetries) },
  { INT(dot11MeshRetryTimeout) },
  { INT(dot11MeshConfirmTimeout) },
  { INT(dot11MeshHoldingTimeout) },
#endif /* CONFIG_MESH */
  { INT(wpa_ptk_rekey) },
  { INT_RANGE(wpa_deny_ptk0_rekey, 0, 2) },
  { INT(group_rekey) },
  { STR(bgscan) },
  { INT_RANGE(ignore_broadcast_ssid, 0, 2) },
#ifdef CONFIG_P2P
  { FUNC(go_p2p_dev_addr) },
  { FUNC(p2p_client_list) },
  { FUNC(psk_list) },
#endif /* CONFIG_P2P */
#ifdef CONFIG_HT_OVERRIDES
  { INT_RANGE(disable_ht, 0, 1) },
  { INT_RANGE(disable_ht40, -1, 1) },
  { INT_RANGE(disable_sgi, 0, 1) },
  { INT_RANGE(disable_ldpc, 0, 1) },
  { INT_RANGE(ht40_intolerant, 0, 1) },
  { INT_RANGE(tx_stbc, -1, 1) },
  { INT_RANGE(rx_stbc, -1, 3) },
  { INT_RANGE(disable_max_amsdu, -1, 1) },
  { INT_RANGE(ampdu_factor, -1, 3) },
  { INT_RANGE(ampdu_density, -1, 7) },
  { STR(ht_mcs) },
#endif /* CONFIG_HT_OVERRIDES */
#ifdef CONFIG_VHT_OVERRIDES
  { INT_RANGE(disable_vht, 0, 1) },
  { INT(vht_capa) },
  { INT(vht_capa_mask) },
  { INT_RANGE(vht_rx_mcs_nss_1, -1, 3) },
  { INT_RANGE(vht_rx_mcs_nss_2, -1, 3) },
  { INT_RANGE(vht_rx_mcs_nss_3, -1, 3) },
  { INT_RANGE(vht_rx_mcs_nss_4, -1, 3) },
  { INT_RANGE(vht_rx_mcs_nss_5, -1, 3) },
  { INT_RANGE(vht_rx_mcs_nss_6, -1, 3) },
  { INT_RANGE(vht_rx_mcs_nss_7, -1, 3) },
  { INT_RANGE(vht_rx_mcs_nss_8, -1, 3) },
  { INT_RANGE(vht_tx_mcs_nss_1, -1, 3) },
  { INT_RANGE(vht_tx_mcs_nss_2, -1, 3) },
  { INT_RANGE(vht_tx_mcs_nss_3, -1, 3) },
  { INT_RANGE(vht_tx_mcs_nss_4, -1, 3) },
  { INT_RANGE(vht_tx_mcs_nss_5, -1, 3) },
  { INT_RANGE(vht_tx_mcs_nss_6, -1, 3) },
  { INT_RANGE(vht_tx_mcs_nss_7, -1, 3) },
  { INT_RANGE(vht_tx_mcs_nss_8, -1, 3) },
#endif /* CONFIG_VHT_OVERRIDES */
#ifdef CONFIG_HE_OVERRIDES
  { INT_RANGE(disable_he, 0, 1)},
#endif /* CONFIG_HE_OVERRIDES */
  { INT(ap_max_inactivity) },
  { INT(dtim_period) },
  { INT(beacon_int) },
#ifdef CONFIG_MACSEC
  { INT_RANGE(macsec_policy, 0, 1) },
  { INT_RANGE(macsec_integ_only, 0, 1) },
  { INT_RANGE(macsec_replay_protect, 0, 1) },
  { INT(macsec_replay_window) },
  { INT_RANGE(macsec_offload, 0, 2) },
  { INT_RANGE(macsec_port, 1, 65534) },
  { INT_RANGE(mka_priority, 0, 255) },
  { INT_RANGE(macsec_csindex, 0, 1) },
  { FUNC_KEY(mka_cak) },
  { FUNC_KEY(mka_ckn) },
#endif /* CONFIG_MACSEC */
#ifdef CONFIG_HS20
  { INT(update_identifier) },
  { STR_RANGE(roaming_consortium_selection, 0, MAX_ROAMING_CONS_OI_LEN) },
#endif /* CONFIG_HS20 */
  { INT_RANGE(mac_addr, 0, 3) },
  { FUNC_KEY(mac_value) },
  { INT_RANGE(pbss, 0, 2) },
  { INT_RANGE(wps_disabled, 0, 1) },
  { INT_RANGE(fils_dh_group, 0, 65535) },
#ifdef CONFIG_DPP
  { STR(dpp_connector) },
  { STR_LEN(dpp_netaccesskey) },
  { INT(dpp_netaccesskey_expiry) },
  { STR_LEN(dpp_csign) },
  { STR_LEN(dpp_pp_key) },
  { INT_RANGE(dpp_pfs, 0, 2) },
  { INT_RANGE(dpp_connector_privacy, 0, 1) },
#endif /* CONFIG_DPP */
  { INT_RANGE(owe_group, 0, 65535) },
  { INT_RANGE(owe_only, 0, 1) },
  { INT_RANGE(owe_ptk_workaround, 0, 1) },
  { INT_RANGE(multi_ap_backhaul_sta, 0, 1) },
  { INT_RANGE(ft_eap_pmksa_caching, 0, 1) },
  { INT_RANGE(beacon_prot, 0, 1) },
  { INT_RANGE(transition_disable, 0, 255) },
  { INT_RANGE(sae_pk, 0, 2) },
  { INT_RANGE(disable_eht, 0, 1)},
  { INT_RANGE(enable_4addr_mode, 0, 1)},
};

#undef OFFSET
#undef _STR
#undef STR
#undef STR_KEY
#undef _STR_LEN
#undef STR_LEN
#undef STR_LEN_KEY
#undef _STR_RANGE
#undef STR_RANGE
#undef STR_RANGE_KEY
#undef _INT
#undef INT
#undef INT_RANGE
#undef _FUNC
#undef FUNC
#undef FUNC_KEY
#define NUM_SSID_FIELDS ARRAY_SIZE(ssid_fields)


/**
 * wpa_config_add_prio_network - Add a network to priority lists
 * @config: Configuration data from wpa_config_read()
 * @ssid: Pointer to the network configuration to be added to the list
 * Returns: 0 on success, -1 on failure
 *
 * This function is used to add a network block to the priority list of
 * networks. This must be called for each network when reading in the full
 * configuration. In addition, this can be used indirectly when updating
 * priorities by calling wpa_config_update_prio_list().
 */
int wpa_config_add_prio_network(struct wpa_config *config,
        struct wpa_ssid *ssid)
{
  size_t prio;
  struct wpa_ssid *prev, **nlist;

  /*
   * Add to an existing priority list if one is available for the
   * configured priority level for this network.
   */
  for (prio = 0; prio < config->num_prio; prio++) {
    prev = config->pssid[prio];
    if (prev->priority == ssid->priority) {
      while (prev->pnext)
        prev = prev->pnext;
      prev->pnext = ssid;
      return 0;
    }
  }

  /* First network for this priority - add a new priority list */
  nlist = os_realloc_array(config->pssid, config->num_prio + 1,
         sizeof(struct wpa_ssid *));
  if (nlist == NULL)
    return -1;

  for (prio = 0; prio < config->num_prio; prio++) {
    if (nlist[prio]->priority < ssid->priority) {
      os_memmove(&nlist[prio + 1], &nlist[prio],
           (config->num_prio - prio) *
           sizeof(struct wpa_ssid *));
      break;
    }
  }

  nlist[prio] = ssid;
  config->num_prio++;
  config->pssid = nlist;

  return 0;
}


/**
 * wpa_config_update_prio_list - Update network priority list
 * @config: Configuration data from wpa_config_read()
 * Returns: 0 on success, -1 on failure
 *
 * This function is called to update the priority list of networks in the
 * configuration when a network is being added or removed. This is also called
 * if a priority for a network is changed.
 */
int wpa_config_update_prio_list(struct wpa_config *config)
{
  struct wpa_ssid *ssid;
  int ret = 0;

  os_free(config->pssid);
  config->pssid = NULL;
  config->num_prio = 0;

  ssid = config->ssid;
  while (ssid) {
    ssid->pnext = NULL;
    if (wpa_config_add_prio_network(config, ssid) < 0)
      ret = -1;
    ssid = ssid->next;
  }

  return ret;
}


#ifdef IEEE8021X_EAPOL

static void eap_peer_config_free_cert(struct eap_peer_cert_config *cert)
{
  os_free(cert->ca_cert);
  os_free(cert->ca_path);
  os_free(cert->client_cert);
  os_free(cert->private_key);
  str_clear_free(cert->private_key_passwd);
  os_free(cert->subject_match);
  os_free(cert->check_cert_subject);
  os_free(cert->altsubject_match);
  os_free(cert->domain_suffix_match);
  os_free(cert->domain_match);
  str_clear_free(cert->pin);
  os_free(cert->engine_id);
  os_free(cert->key_id);
  os_free(cert->cert_id);
  os_free(cert->ca_cert_id);
}


static void eap_peer_config_free(struct eap_peer_config *eap)
{
  os_free(eap->eap_methods);
  bin_clear_free(eap->identity, eap->identity_len);
  os_free(eap->anonymous_identity);
  os_free(eap->imsi_identity);
  os_free(eap->imsi_privacy_cert);
  os_free(eap->imsi_privacy_attr);
  os_free(eap->machine_identity);
  bin_clear_free(eap->password, eap->password_len);
  bin_clear_free(eap->machine_password, eap->machine_password_len);
  eap_peer_config_free_cert(&eap->cert);
  eap_peer_config_free_cert(&eap->phase2_cert);
  eap_peer_config_free_cert(&eap->machine_cert);
  os_free(eap->phase1);
  os_free(eap->phase2);
  os_free(eap->machine_phase2);
  os_free(eap->pcsc);
  os_free(eap->otp);
  os_free(eap->pending_req_otp);
  os_free(eap->pac_file);
  bin_clear_free(eap->new_password, eap->new_password_len);
  str_clear_free(eap->external_sim_resp);
  os_free(eap->openssl_ciphers);
}

#endif /* IEEE8021X_EAPOL */


/**
 * wpa_config_free_ssid - Free network/ssid configuration data
 * @ssid: Configuration data for the network
 *
 * This function frees all resources allocated for the network configuration
 * data.
 */
void wpa_config_free_ssid(struct wpa_ssid *ssid)
{
  struct psk_list_entry *psk;

  os_free(ssid->ssid);
  str_clear_free(ssid->passphrase);
  os_free(ssid->ext_psk);
  str_clear_free(ssid->sae_password);
  os_free(ssid->sae_password_id);
#ifdef IEEE8021X_EAPOL
  eap_peer_config_free(&ssid->eap);
#endif /* IEEE8021X_EAPOL */
  os_free(ssid->id_str);
  os_free(ssid->scan_freq);
  os_free(ssid->freq_list);
  os_free(ssid->bgscan);
  os_free(ssid->p2p_client_list);
  os_free(ssid->bssid_ignore);
  os_free(ssid->bssid_accept);
#ifdef CONFIG_HT_OVERRIDES
  os_free(ssid->ht_mcs);
#endif /* CONFIG_HT_OVERRIDES */
#ifdef CONFIG_MESH
  os_free(ssid->mesh_basic_rates);
#endif /* CONFIG_MESH */
#ifdef CONFIG_HS20
  os_free(ssid->roaming_consortium_selection);
#endif /* CONFIG_HS20 */
  os_free(ssid->dpp_connector);
  bin_clear_free(ssid->dpp_netaccesskey, ssid->dpp_netaccesskey_len);
  os_free(ssid->dpp_csign);
  os_free(ssid->dpp_pp_key);
  while ((psk = dl_list_first(&ssid->psk_list, struct psk_list_entry,
            list))) {
    dl_list_del(&psk->list);
    bin_clear_free(psk, sizeof(*psk));
  }
#ifdef CONFIG_SAE
  sae_deinit_pt(ssid->pt);
#endif /* CONFIG_SAE */
  bin_clear_free(ssid, sizeof(*ssid));
}


void wpa_config_free_cred(struct wpa_cred *cred)
{
  size_t i;

  os_free(cred->realm);
  str_clear_free(cred->username);
  str_clear_free(cred->password);
  os_free(cred->ca_cert);
  os_free(cred->client_cert);
  os_free(cred->private_key);
  str_clear_free(cred->private_key_passwd);
  os_free(cred->engine_id);
  os_free(cred->ca_cert_id);
  os_free(cred->cert_id);
  os_free(cred->key_id);
  os_free(cred->imsi);
  str_clear_free(cred->milenage);
  for (i = 0; i < cred->num_domain; i++)
    os_free(cred->domain[i]);
  os_free(cred->domain);
  os_free(cred->domain_suffix_match);
  os_free(cred->eap_method);
  os_free(cred->phase1);
  os_free(cred->phase2);
  os_free(cred->excluded_ssid);
  os_free(cred->roaming_partner);
  os_free(cred->provisioning_sp);
  for (i = 0; i < cred->num_req_conn_capab; i++)
    os_free(cred->req_conn_capab_port[i]);
  os_free(cred->req_conn_capab_port);
  os_free(cred->req_conn_capab_proto);
  os_free(cred->imsi_privacy_cert);
  os_free(cred->imsi_privacy_attr);
  os_free(cred);
}


void wpa_config_flush_blobs(struct wpa_config *config)
{
#ifndef CONFIG_NO_CONFIG_BLOBS
  struct wpa_config_blob *blob, *prev;

  blob = config->blobs;
  config->blobs = NULL;
  while (blob) {
    prev = blob;
    blob = blob->next;
    wpa_config_free_blob(prev);
  }
#endif /* CONFIG_NO_CONFIG_BLOBS */
}


/**
 * wpa_config_free - Free configuration data
 * @config: Configuration data from wpa_config_read()
 *
 * This function frees all resources allocated for the configuration data by
 * wpa_config_read().
 */
void wpa_config_free(struct wpa_config *config)
{
  struct wpa_ssid *ssid, *prev = NULL;
  struct wpa_cred *cred, *cprev;
  int i;

  ssid = config->ssid;
  while (ssid) {
    prev = ssid;
    ssid = ssid->next;
    wpa_config_free_ssid(prev);
  }

  cred = config->cred;
  while (cred) {
    cprev = cred;
    cred = cred->next;
    wpa_config_free_cred(cprev);
  }

  wpa_config_flush_blobs(config);

  wpabuf_free(config->wps_vendor_ext_m1);
  for (i = 0; i < MAX_WPS_VENDOR_EXT; i++)
    wpabuf_free(config->wps_vendor_ext[i]);
  os_free(config->ctrl_interface);
  os_free(config->ctrl_interface_group);
  os_free(config->opensc_engine_path);
  os_free(config->pkcs11_engine_path);
  os_free(config->pkcs11_module_path);
  os_free(config->openssl_ciphers);
  os_free(config->pcsc_reader);
  str_clear_free(config->pcsc_pin);
  os_free(config->driver_param);
  os_free(config->device_name);
  os_free(config->manufacturer);
  os_free(config->model_name);
  os_free(config->model_number);
  os_free(config->serial_number);
  os_free(config->config_methods);
  os_free(config->p2p_ssid_postfix);
  os_free(config->pssid);
  os_free(config->p2p_pref_chan);
  os_free(config->p2p_no_go_freq.range);
  os_free(config->autoscan);
  os_free(config->freq_list);
  os_free(config->initial_freq_list);
  wpabuf_free(config->wps_nfc_dh_pubkey);
  wpabuf_free(config->wps_nfc_dh_privkey);
  wpabuf_free(config->wps_nfc_dev_pw);
  os_free(config->ext_password_backend);
  os_free(config->sae_groups);
  wpabuf_free(config->ap_vendor_elements);
  wpabuf_free(config->ap_assocresp_elements);
  os_free(config->osu_dir);
  os_free(config->bgscan);
  os_free(config->wowlan_triggers);
  os_free(config->fst_group_id);
  os_free(config->sched_scan_plans);
#ifdef CONFIG_MBO
  os_free(config->non_pref_chan);
#endif /* CONFIG_MBO */
  os_free(config->dpp_name);
  os_free(config->dpp_mud_url);
  os_free(config->dpp_extra_conf_req_name);
  os_free(config->dpp_extra_conf_req_value);

  os_free(config);
}


/**
 * wpa_config_foreach_network - Iterate over each configured network
 * @config: Configuration data from wpa_config_read()
 * @func: Callback function to process each network
 * @arg: Opaque argument to pass to callback function
 *
 * Iterate over the set of configured networks calling the specified
 * function for each item. We guard against callbacks removing the
 * supplied network.
 */
void wpa_config_foreach_network(struct wpa_config *config,
        void (*func)(void *, struct wpa_ssid *),
        void *arg)
{
  struct wpa_ssid *ssid, *next;

  ssid = config->ssid;
  while (ssid) {
    next = ssid->next;
    func(arg, ssid);
    ssid = next;
  }
}


/**
 * wpa_config_get_network - Get configured network based on id
 * @config: Configuration data from wpa_config_read()
 * @id: Unique network id to search for
 * Returns: Network configuration or %NULL if not found
 */
struct wpa_ssid * wpa_config_get_network(struct wpa_config *config, int id)
{
  struct wpa_ssid *ssid;

  ssid = config->ssid;
  while (ssid) {
    if (id == ssid->id)
      break;
    ssid = ssid->next;
  }

  return ssid;
}


/**
 * wpa_config_add_network - Add a new network with empty configuration
 * @config: Configuration data from wpa_config_read()
 * Returns: The new network configuration or %NULL if operation failed
 */
struct wpa_ssid * wpa_config_add_network(struct wpa_config *config)
{
  int id;
  struct wpa_ssid *ssid, *last = NULL;

  id = -1;
  ssid = config->ssid;
  while (ssid) {
    if (ssid->id > id)
      id = ssid->id;
    last = ssid;
    ssid = ssid->next;
  }
  id++;

  ssid = os_zalloc(sizeof(*ssid));
  if (ssid == NULL)
    return NULL;
  ssid->id = id;
  dl_list_init(&ssid->psk_list);
  if (last)
    last->next = ssid;
  else
    config->ssid = ssid;

  wpa_config_update_prio_list(config);

  return ssid;
}


/**
 * wpa_config_remove_network - Remove a configured network based on id
 * @config: Configuration data from wpa_config_read()
 * @id: Unique network id to search for
 * Returns: 0 on success, or -1 if the network was not found
 */
int wpa_config_remove_network(struct wpa_config *config, int id)
{
  struct wpa_ssid *ssid, *prev = NULL;

  ssid = config->ssid;
  while (ssid) {
    if (id == ssid->id)
      break;
    prev = ssid;
    ssid = ssid->next;
  }

  if (ssid == NULL)
    return -1;

  if (prev)
    prev->next = ssid->next;
  else
    config->ssid = ssid->next;

  wpa_config_update_prio_list(config);
  wpa_config_free_ssid(ssid);
  return 0;
}


/**
 * wpa_config_set_network_defaults - Set network default values
 * @ssid: Pointer to network configuration data
 */
void wpa_config_set_network_defaults(struct wpa_ssid *ssid)
{
  ssid->proto = DEFAULT_PROTO;
  ssid->pairwise_cipher = DEFAULT_PAIRWISE;
  ssid->group_cipher = DEFAULT_GROUP;
  ssid->key_mgmt = DEFAULT_KEY_MGMT;
  ssid->wpa_deny_ptk0_rekey = PTK0_REKEY_ALLOW_ALWAYS;
  ssid->bg_scan_period = DEFAULT_BG_SCAN_PERIOD;
  ssid->ht = 1;
  ssid->vht = 1;
  ssid->he = 1;
#ifdef IEEE8021X_EAPOL
  ssid->eapol_flags = DEFAULT_EAPOL_FLAGS;
  ssid->eap_workaround = DEFAULT_EAP_WORKAROUND;
  ssid->eap.fragment_size = DEFAULT_FRAGMENT_SIZE;
  ssid->eap.sim_num = DEFAULT_USER_SELECTED_SIM;
#endif /* IEEE8021X_EAPOL */
#ifdef CONFIG_MESH
  ssid->dot11MeshMaxRetries = DEFAULT_MESH_MAX_RETRIES;
  ssid->dot11MeshRetryTimeout = DEFAULT_MESH_RETRY_TIMEOUT;
  ssid->dot11MeshConfirmTimeout = DEFAULT_MESH_CONFIRM_TIMEOUT;
  ssid->dot11MeshHoldingTimeout = DEFAULT_MESH_HOLDING_TIMEOUT;
  ssid->mesh_fwding = DEFAULT_MESH_FWDING;
  ssid->mesh_rssi_threshold = DEFAULT_MESH_RSSI_THRESHOLD;
#endif /* CONFIG_MESH */
#ifdef CONFIG_HT_OVERRIDES
  ssid->disable_ht = DEFAULT_DISABLE_HT;
  ssid->disable_ht40 = DEFAULT_DISABLE_HT40;
  ssid->disable_sgi = DEFAULT_DISABLE_SGI;
  ssid->disable_ldpc = DEFAULT_DISABLE_LDPC;
  ssid->tx_stbc = DEFAULT_TX_STBC;
  ssid->rx_stbc = DEFAULT_RX_STBC;
  ssid->disable_max_amsdu = DEFAULT_DISABLE_MAX_AMSDU;
  ssid->ampdu_factor = DEFAULT_AMPDU_FACTOR;
  ssid->ampdu_density = DEFAULT_AMPDU_DENSITY;
#endif /* CONFIG_HT_OVERRIDES */
#ifdef CONFIG_VHT_OVERRIDES
  ssid->vht_rx_mcs_nss_1 = -1;
  ssid->vht_rx_mcs_nss_2 = -1;
  ssid->vht_rx_mcs_nss_3 = -1;
  ssid->vht_rx_mcs_nss_4 = -1;
  ssid->vht_rx_mcs_nss_5 = -1;
  ssid->vht_rx_mcs_nss_6 = -1;
  ssid->vht_rx_mcs_nss_7 = -1;
  ssid->vht_rx_mcs_nss_8 = -1;
  ssid->vht_tx_mcs_nss_1 = -1;
  ssid->vht_tx_mcs_nss_2 = -1;
  ssid->vht_tx_mcs_nss_3 = -1;
  ssid->vht_tx_mcs_nss_4 = -1;
  ssid->vht_tx_mcs_nss_5 = -1;
  ssid->vht_tx_mcs_nss_6 = -1;
  ssid->vht_tx_mcs_nss_7 = -1;
  ssid->vht_tx_mcs_nss_8 = -1;
#endif /* CONFIG_VHT_OVERRIDES */
  ssid->proactive_key_caching = -1;
  ssid->ieee80211w = MGMT_FRAME_PROTECTION_DEFAULT;
  ssid->sae_pwe = DEFAULT_SAE_PWE;
#ifdef CONFIG_MACSEC
  ssid->mka_priority = DEFAULT_PRIO_NOT_KEY_SERVER;
#endif /* CONFIG_MACSEC */
  ssid->mac_addr = WPAS_MAC_ADDR_STYLE_NOT_SET;
  ssid->max_oper_chwidth = DEFAULT_MAX_OPER_CHWIDTH;
}


static const char *removed_fields[] = {
  "dh_file",
  "dh_file2",
  "machine_dh_file",
  NULL
};

static bool removed_field(const char *field)
{
  int i;

  for (i = 0; removed_fields[i]; i++) {
    if (os_strcmp(field, removed_fields[i]) == 0)
      return true;
  }

  return false;
}


/**
 * wpa_config_set - Set a variable in network configuration
 * @ssid: Pointer to network configuration data
 * @var: Variable name, e.g., "ssid"
 * @value: Variable value
 * @line: Line number in configuration file or 0 if not used
 * Returns: 0 on success with possible change in the value, 1 on success with
 * no change to previously configured value, or -1 on failure
 *
 * This function can be used to set network configuration variables based on
 * both the configuration file and management interface input. The value
 * parameter must be in the same format as the text-based configuration file is
 * using. For example, strings are using double quotation marks.
 */
int wpa_config_set(struct wpa_ssid *ssid, const char *var, const char *value,
       int line)
{
  size_t i;
  int ret = 0;

  if (ssid == NULL || var == NULL || value == NULL)
    return -1;

  for (i = 0; i < NUM_SSID_FIELDS; i++) {
    const struct parse_data *field = &ssid_fields[i];
    if (os_strcmp(var, field->name) != 0)
      continue;

    ret = field->parser(field, ssid, line, value);
    if (ret < 0) {
      if (line) {
        wpa_printf(MSG_ERROR, "Line %d: failed to "
             "parse %s '%s'.", line, var, value);
      }
      ret = -1;
    }
#ifdef CONFIG_SAE
    if (os_strcmp(var, "ssid") == 0 ||
        os_strcmp(var, "psk") == 0 ||
        os_strcmp(var, "sae_password") == 0 ||
        os_strcmp(var, "sae_password_id") == 0) {
      sae_deinit_pt(ssid->pt);
      ssid->pt = NULL;
    }
#endif /* CONFIG_SAE */
    break;
  }
  if (i == NUM_SSID_FIELDS) {
    if (removed_field(var)) {
      wpa_printf(MSG_INFO,
           "Line %d: Ignore removed configuration field '%s'",
           line, var);
      return ret;
    }
    if (line) {
      wpa_printf(MSG_ERROR, "Line %d: unknown network field "
           "'%s'.", line, var);
    }
    ret = -1;
  }
  ssid->was_recently_reconfigured = true;

  return ret;
}


int wpa_config_set_quoted(struct wpa_ssid *ssid, const char *var,
        const char *value)
{
  size_t len;
  char *buf;
  int ret;

  len = os_strlen(value);
  buf = os_malloc(len + 3);
  if (buf == NULL)
    return -1;
  buf[0] = '"';
  os_memcpy(buf + 1, value, len);
  buf[len + 1] = '"';
  buf[len + 2] = '\0';
  ret = wpa_config_set(ssid, var, buf, 0);
  os_free(buf);
  return ret;
}


/**
 * wpa_config_get_all - Get all options from network configuration
 * @ssid: Pointer to network configuration data
 * @get_keys: Determines if keys/passwords will be included in returned list
 *  (if they may be exported)
 * Returns: %NULL terminated list of all set keys and their values in the form
 * of [key1, val1, key2, val2, ... , NULL]
 *
 * This function can be used to get list of all configured network properties.
 * The caller is responsible for freeing the returned list and all its
 * elements.
 */
char ** wpa_config_get_all(struct wpa_ssid *ssid, int get_keys)
{
#ifdef NO_CONFIG_WRITE
  return NULL;
#else /* NO_CONFIG_WRITE */
  const struct parse_data *field;
  char *key, *value;
  size_t i;
  char **props;
  int fields_num;

  get_keys = get_keys && ssid->export_keys;

  props = os_calloc(2 * NUM_SSID_FIELDS + 1, sizeof(char *));
  if (!props)
    return NULL;

  fields_num = 0;
  for (i = 0; i < NUM_SSID_FIELDS; i++) {
    field = &ssid_fields[i];
    if (field->key_data && !get_keys)
      continue;
    value = field->writer(field, ssid);
    if (value == NULL)
      continue;
    if (os_strlen(value) == 0) {
      os_free(value);
      continue;
    }

    key = os_strdup(field->name);
    if (key == NULL) {
      os_free(value);
      goto err;
    }

    props[fields_num * 2] = key;
    props[fields_num * 2 + 1] = value;

    fields_num++;
  }

  return props;

err:
  for (i = 0; props[i]; i++)
    os_free(props[i]);
  os_free(props);
  return NULL;
#endif /* NO_CONFIG_WRITE */
}


#ifndef NO_CONFIG_WRITE
/**
 * wpa_config_get - Get a variable in network configuration
 * @ssid: Pointer to network configuration data
 * @var: Variable name, e.g., "ssid"
 * Returns: Value of the variable or %NULL on failure
 *
 * This function can be used to get network configuration variables. The
 * returned value is a copy of the configuration variable in text format, i.e,.
 * the same format that the text-based configuration file and wpa_config_set()
 * are using for the value. The caller is responsible for freeing the returned
 * value.
 */
char * wpa_config_get(struct wpa_ssid *ssid, const char *var)
{
  size_t i;

  if (ssid == NULL || var == NULL)
    return NULL;

  for (i = 0; i < NUM_SSID_FIELDS; i++) {
    const struct parse_data *field = &ssid_fields[i];
    if (os_strcmp(var, field->name) == 0) {
      char *ret = field->writer(field, ssid);

      if (ret && has_newline(ret)) {
        wpa_printf(MSG_ERROR,
             "Found newline in value for %s; not returning it",
             var);
        os_free(ret);
        ret = NULL;
      }

      return ret;
    }
  }

  return NULL;
}


/**
 * wpa_config_get_no_key - Get a variable in network configuration (no keys)
 * @ssid: Pointer to network configuration data
 * @var: Variable name, e.g., "ssid"
 * Returns: Value of the variable or %NULL on failure
 *
 * This function can be used to get network configuration variable like
 * wpa_config_get(). The only difference is that this functions does not expose
 * key/password material from the configuration. In case a key/password field
 * is requested, the returned value is an empty string or %NULL if the variable
 * is not set or "*" if the variable is set (regardless of its value). The
 * returned value is a copy of the configuration variable in text format, i.e,.
 * the same format that the text-based configuration file and wpa_config_set()
 * are using for the value. The caller is responsible for freeing the returned
 * value.
 */
char * wpa_config_get_no_key(struct wpa_ssid *ssid, const char *var)
{
  size_t i;

  if (ssid == NULL || var == NULL)
    return NULL;

  for (i = 0; i < NUM_SSID_FIELDS; i++) {
    const struct parse_data *field = &ssid_fields[i];
    if (os_strcmp(var, field->name) == 0) {
      char *res = field->writer(field, ssid);
      if (field->key_data) {
        if (res && res[0]) {
          wpa_printf(MSG_DEBUG, "Do not allow "
               "key_data field to be "
               "exposed");
          str_clear_free(res);
          return os_strdup("*");
        }

        os_free(res);
        return NULL;
      }
      return res;
    }
  }

  return NULL;
}
#endif /* NO_CONFIG_WRITE */


/**
 * wpa_config_update_psk - Update WPA PSK based on passphrase and SSID
 * @ssid: Pointer to network configuration data
 *
 * This function must be called to update WPA PSK when either SSID or the
 * passphrase has changed for the network configuration.
 */
void wpa_config_update_psk(struct wpa_ssid *ssid)
{
#ifndef CONFIG_NO_PBKDF2
  if (pbkdf2_sha1(ssid->passphrase, ssid->ssid, ssid->ssid_len, 4096,
      ssid->psk, PMK_LEN) != 0) {
    wpa_printf(MSG_ERROR, "Error in pbkdf2_sha1()");
    return;
  }
  wpa_hexdump_key(MSG_MSGDUMP, "PSK (from passphrase)",
      ssid->psk, PMK_LEN);
  ssid->psk_set = 1;
#endif /* CONFIG_NO_PBKDF2 */
}


static int wpa_config_set_cred_req_conn_capab(struct wpa_cred *cred,
                const char *value)
{
  u8 *proto;
  int **port;
  int *ports, *nports;
  const char *pos;
  unsigned int num_ports;

  proto = os_realloc_array(cred->req_conn_capab_proto,
         cred->num_req_conn_capab + 1, sizeof(u8));
  if (proto == NULL)
    return -1;
  cred->req_conn_capab_proto = proto;

  port = os_realloc_array(cred->req_conn_capab_port,
        cred->num_req_conn_capab + 1, sizeof(int *));
  if (port == NULL)
    return -1;
  cred->req_conn_capab_port = port;

  proto[cred->num_req_conn_capab] = atoi(value);

  pos = os_strchr(value, ':');
  if (pos == NULL) {
    port[cred->num_req_conn_capab] = NULL;
    cred->num_req_conn_capab++;
    return 0;
  }
  pos++;

  ports = NULL;
  num_ports = 0;

  while (*pos) {
    nports = os_realloc_array(ports, num_ports + 1, sizeof(int));
    if (nports == NULL) {
      os_free(ports);
      return -1;
    }
    ports = nports;
    ports[num_ports++] = atoi(pos);

    pos = os_strchr(pos, ',');
    if (pos == NULL)
      break;
    pos++;
  }

  nports = os_realloc_array(ports, num_ports + 1, sizeof(int));
  if (nports == NULL) {
    os_free(ports);
    return -1;
  }
  ports = nports;
  ports[num_ports] = -1;

  port[cred->num_req_conn_capab] = ports;
  cred->num_req_conn_capab++;
  return 0;
}


static int
wpa_config_set_cred_ois(u8 cred_ois[MAX_ROAMING_CONS][MAX_ROAMING_CONS_OI_LEN],
      size_t cred_ois_len[MAX_ROAMING_CONS],
      unsigned int *cred_num_ois,
      const char *value)
{
  u8 ois[MAX_ROAMING_CONS][MAX_ROAMING_CONS_OI_LEN];
  size_t ois_len[MAX_ROAMING_CONS];
  unsigned int num_ois = 0;
  const char *pos, *end;
  size_t len;

  len = os_strlen(value);
  if (len / 2 < 3) {
    wpa_printf(MSG_ERROR,
         "Invalid organisation identifier (OI) list: %s",
         value);
    return -1;
  }

  os_memset(ois, 0, sizeof(ois));
  os_memset(ois_len, 0, sizeof(ois_len));

  for (pos = value;;) {
    end = os_strchr(pos, ',');
    len = end ? (size_t) (end - pos) : os_strlen(pos);
    if (!end && len == 0)
      break;
    if (len / 2 < 3 || (len & 1) != 0 ||
        len / 2 > MAX_ROAMING_CONS_OI_LEN ||
        hexstr2bin(pos,
             ois[num_ois],
             len / 2) < 0) {
      wpa_printf(MSG_INFO,
           "Invalid organisation identifier (OI) entry: %s",
           pos);
      return -1;
    }
    ois_len[num_ois] = len / 2;
    num_ois++;

    if (!end)
      break;

    if (num_ois >= MAX_ROAMING_CONS) {
      wpa_printf(MSG_INFO,
           "Too many OIs");
      return -1;
    }

    pos = end + 1;
  }

  os_memcpy(cred_ois, ois, sizeof(ois));
  os_memcpy(cred_ois_len, ois_len, sizeof(ois_len));
  *cred_num_ois = num_ois;

  return 0;
}


int wpa_config_set_cred(struct wpa_cred *cred, const char *var,
      const char *value, int line)
{
  char *val;
  size_t len;
  int res;

  if (os_strcmp(var, "temporary") == 0) {
    cred->temporary = atoi(value);
    return 0;
  }

  if (os_strcmp(var, "priority") == 0) {
    cred->priority = atoi(value);
    return 0;
  }

  if (os_strcmp(var, "sp_priority") == 0) {
    int prio = atoi(value);
    if (prio < 0 || prio > 255)
      return -1;
    cred->sp_priority = prio;
    return 0;
  }

  if (os_strcmp(var, "pcsc") == 0) {
    cred->pcsc = atoi(value);
    return 0;
  }

  if (os_strcmp(var, "eap") == 0) {
    struct eap_method_type method;
    method.method = eap_peer_get_type(value, &method.vendor);
    if (method.vendor == EAP_VENDOR_IETF &&
        method.method == EAP_TYPE_NONE) {
      wpa_printf(MSG_ERROR, "Line %d: unknown EAP type '%s' "
           "for a credential", line, value);
      return -1;
    }
    os_free(cred->eap_method);
    cred->eap_method = os_malloc(sizeof(*cred->eap_method));
    if (cred->eap_method == NULL)
      return -1;
    os_memcpy(cred->eap_method, &method, sizeof(method));
    return 0;
  }

  if (os_strcmp(var, "password") == 0 &&
      os_strncmp(value, "ext:", 4) == 0) {
    if (has_newline(value))
      return -1;
    str_clear_free(cred->password);
    cred->password = os_strdup(value);
    cred->ext_password = 1;
    return 0;
  }

  if (os_strcmp(var, "update_identifier") == 0) {
    cred->update_identifier = atoi(value);
    return 0;
  }

  if (os_strcmp(var, "min_dl_bandwidth_home") == 0) {
    cred->min_dl_bandwidth_home = atoi(value);
    return 0;
  }

  if (os_strcmp(var, "min_ul_bandwidth_home") == 0) {
    cred->min_ul_bandwidth_home = atoi(value);
    return 0;
  }

  if (os_strcmp(var, "min_dl_bandwidth_roaming") == 0) {
    cred->min_dl_bandwidth_roaming = atoi(value);
    return 0;
  }

  if (os_strcmp(var, "min_ul_bandwidth_roaming") == 0) {
    cred->min_ul_bandwidth_roaming = atoi(value);
    return 0;
  }

  if (os_strcmp(var, "max_bss_load") == 0) {
    cred->max_bss_load = atoi(value);
    return 0;
  }

  if (os_strcmp(var, "req_conn_capab") == 0)
    return wpa_config_set_cred_req_conn_capab(cred, value);

  if (os_strcmp(var, "ocsp") == 0) {
    cred->ocsp = atoi(value);
    return 0;
  }

  if (os_strcmp(var, "sim_num") == 0) {
    cred->sim_num = atoi(value);
    return 0;
  }

  if (os_strcmp(var, "engine") == 0) {
    cred->engine = atoi(value);
    return 0;
  }

  val = wpa_config_parse_string(value, &len);
  if (val == NULL ||
      (os_strcmp(var, "excluded_ssid") != 0 &&
       os_strcmp(var, "roaming_consortium") != 0 &&
       os_strcmp(var, "required_roaming_consortium") != 0 &&
       has_newline(val))) {
    wpa_printf(MSG_ERROR, "Line %d: invalid field '%s' string "
         "value '%s'.", line, var, value);
    os_free(val);
    return -1;
  }

  if (os_strcmp(var, "realm") == 0) {
    os_free(cred->realm);
    cred->realm = val;
    return 0;
  }

  if (os_strcmp(var, "username") == 0) {
    str_clear_free(cred->username);
    cred->username = val;
    return 0;
  }

  if (os_strcmp(var, "password") == 0) {
    str_clear_free(cred->password);
    cred->password = val;
    cred->ext_password = 0;
    return 0;
  }

  if (os_strcmp(var, "ca_cert") == 0) {
    os_free(cred->ca_cert);
    cred->ca_cert = val;
    return 0;
  }

  if (os_strcmp(var, "client_cert") == 0) {
    os_free(cred->client_cert);
    cred->client_cert = val;
    return 0;
  }

  if (os_strcmp(var, "private_key") == 0) {
    os_free(cred->private_key);
    cred->private_key = val;
    return 0;
  }

  if (os_strcmp(var, "private_key_passwd") == 0) {
    str_clear_free(cred->private_key_passwd);
    cred->private_key_passwd = val;
    return 0;
  }

  if (os_strcmp(var, "engine_id") == 0) {
    os_free(cred->engine_id);
    cred->engine_id = val;
    return 0;
  }

  if (os_strcmp(var, "ca_cert_id") == 0) {
    os_free(cred->ca_cert_id);
    cred->ca_cert_id = val;
    return 0;
  }

  if (os_strcmp(var, "cert_id") == 0) {
    os_free(cred->cert_id);
    cred->cert_id = val;
    return 0;
  }

  if (os_strcmp(var, "key_id") == 0) {
    os_free(cred->key_id);
    cred->key_id = val;
    return 0;
  }

  if (os_strcmp(var, "imsi") == 0) {
    os_free(cred->imsi);
    cred->imsi = val;
    return 0;
  }

  if (os_strcmp(var, "milenage") == 0) {
    str_clear_free(cred->milenage);
    cred->milenage = val;
    return 0;
  }

  if (os_strcmp(var, "domain_suffix_match") == 0) {
    os_free(cred->domain_suffix_match);
    cred->domain_suffix_match = val;
    return 0;
  }

  if (os_strcmp(var, "domain") == 0) {
    char **new_domain;
    new_domain = os_realloc_array(cred->domain,
                cred->num_domain + 1,
                sizeof(char *));
    if (new_domain == NULL) {
      os_free(val);
      return -1;
    }
    new_domain[cred->num_domain++] = val;
    cred->domain = new_domain;
    return 0;
  }

  if (os_strcmp(var, "phase1") == 0) {
    os_free(cred->phase1);
    cred->phase1 = val;
    return 0;
  }

  if (os_strcmp(var, "phase2") == 0) {
    os_free(cred->phase2);
    cred->phase2 = val;
    return 0;
  }

  if (os_strcmp(var, "roaming_consortium") == 0) {
    if (len < 3 || len > sizeof(cred->home_ois[0])) {
      wpa_printf(MSG_ERROR, "Line %d: invalid "
           "roaming_consortium length %d (3..15 "
           "expected)", line, (int) len);
      os_free(val);
      return -1;
    }
    wpa_printf(MSG_WARNING,
         "Line %d: option roaming_consortium is deprecated and will be removed in the future",
         line);
    os_memcpy(cred->home_ois[0], val, len);
    cred->home_ois_len[0] = len;
    cred->num_home_ois = 1;
    os_free(val);
    return 0;
  }

  if (os_strcmp(var, "required_roaming_consortium") == 0) {
    if (len < 3 || len > sizeof(cred->required_home_ois[0])) {
      wpa_printf(MSG_ERROR, "Line %d: invalid "
           "required_roaming_consortium length %d "
           "(3..15 expected)", line, (int) len);
      os_free(val);
      return -1;
    }
    wpa_printf(MSG_WARNING,
         "Line %d: option required_roaming_consortium is deprecated and will be removed in the future",
         line);
    os_memcpy(cred->required_home_ois[0], val, len);
    cred->required_home_ois_len[0] = len;
    cred->num_required_home_ois = 1;
    os_free(val);
    return 0;
  }

  if (os_strcmp(var, "home_ois") == 0) {
    res = wpa_config_set_cred_ois(cred->home_ois,
                cred->home_ois_len,
                &cred->num_home_ois,
                val);
    if (res < 0)
      wpa_printf(MSG_ERROR, "Line %d: invalid home_ois",
           line);
    os_free(val);
    return res;
  }

  if (os_strcmp(var, "required_home_ois") == 0) {
    res = wpa_config_set_cred_ois(cred->required_home_ois,
                cred->required_home_ois_len,
                &cred->num_required_home_ois,
                val);
    if (res < 0)
      wpa_printf(MSG_ERROR,
           "Line %d: invalid required_home_ois", line);
    os_free(val);
    return res;
  }

  if (os_strcmp(var, "roaming_consortiums") == 0) {
    res = wpa_config_set_cred_ois(cred->roaming_consortiums,
                cred->roaming_consortiums_len,
                &cred->num_roaming_consortiums,
                val);
    if (res < 0)
      wpa_printf(MSG_ERROR,
           "Line %d: invalid roaming_consortiums",
           line);
    os_free(val);
    return res;
  }

  if (os_strcmp(var, "excluded_ssid") == 0) {
    struct excluded_ssid *e;

    if (len > SSID_MAX_LEN) {
      wpa_printf(MSG_ERROR, "Line %d: invalid "
           "excluded_ssid length %d", line, (int) len);
      os_free(val);
      return -1;
    }

    e = os_realloc_array(cred->excluded_ssid,
             cred->num_excluded_ssid + 1,
             sizeof(struct excluded_ssid));
    if (e == NULL) {
      os_free(val);
      return -1;
    }
    cred->excluded_ssid = e;

    e = &cred->excluded_ssid[cred->num_excluded_ssid++];
    os_memcpy(e->ssid, val, len);
    e->ssid_len = len;

    os_free(val);

    return 0;
  }

  if (os_strcmp(var, "roaming_partner") == 0) {
    struct roaming_partner *p;
    char *pos;

    p = os_realloc_array(cred->roaming_partner,
             cred->num_roaming_partner + 1,
             sizeof(struct roaming_partner));
    if (p == NULL) {
      os_free(val);
      return -1;
    }
    cred->roaming_partner = p;

    p = &cred->roaming_partner[cred->num_roaming_partner];

    pos = os_strchr(val, ',');
    if (pos == NULL) {
      os_free(val);
      return -1;
    }
    *pos++ = '\0';
    if (pos - val - 1 >= (int) sizeof(p->fqdn)) {
      os_free(val);
      return -1;
    }
    os_memcpy(p->fqdn, val, pos - val);

    p->exact_match = atoi(pos);

    pos = os_strchr(pos, ',');
    if (pos == NULL) {
      os_free(val);
      return -1;
    }
    *pos++ = '\0';

    p->priority = atoi(pos);

    pos = os_strchr(pos, ',');
    if (pos == NULL) {
      os_free(val);
      return -1;
    }
    *pos++ = '\0';

    if (os_strlen(pos) >= sizeof(p->country)) {
      os_free(val);
      return -1;
    }
    os_memcpy(p->country, pos, os_strlen(pos) + 1);

    cred->num_roaming_partner++;
    os_free(val);

    return 0;
  }

  if (os_strcmp(var, "provisioning_sp") == 0) {
    os_free(cred->provisioning_sp);
    cred->provisioning_sp = val;
    return 0;
  }

  if (os_strcmp(var, "imsi_privacy_cert") == 0) {
    os_free(cred->imsi_privacy_cert);
    cred->imsi_privacy_cert = val;
    return 0;
  }

  if (os_strcmp(var, "imsi_privacy_attr") == 0) {
    os_free(cred->imsi_privacy_attr);
    cred->imsi_privacy_attr = val;
    return 0;
  }

  if (line) {
    wpa_printf(MSG_ERROR, "Line %d: unknown cred field '%s'.",
         line, var);
  }

  os_free(val);

  return -1;
}


static char * alloc_int_str(int val)
{
  const unsigned int bufsize = 20;
  char *buf;
  int res;

  buf = os_malloc(bufsize);
  if (buf == NULL)
    return NULL;
  res = os_snprintf(buf, bufsize, "%d", val);
  if (os_snprintf_error(bufsize, res)) {
    os_free(buf);
    buf = NULL;
  }
  return buf;
}


static char * alloc_strdup(const char *str)
{
  if (str == NULL)
    return NULL;
  return os_strdup(str);
}


char * wpa_config_get_cred_no_key(struct wpa_cred *cred, const char *var)
{
  if (os_strcmp(var, "temporary") == 0)
    return alloc_int_str(cred->temporary);

  if (os_strcmp(var, "priority") == 0)
    return alloc_int_str(cred->priority);

  if (os_strcmp(var, "sp_priority") == 0)
    return alloc_int_str(cred->sp_priority);

  if (os_strcmp(var, "pcsc") == 0)
    return alloc_int_str(cred->pcsc);

  if (os_strcmp(var, "eap") == 0) {
    if (!cred->eap_method)
      return NULL;
    return alloc_strdup(eap_get_name(cred->eap_method[0].vendor,
             cred->eap_method[0].method));
  }

  if (os_strcmp(var, "update_identifier") == 0)
    return alloc_int_str(cred->update_identifier);

  if (os_strcmp(var, "min_dl_bandwidth_home") == 0)
    return alloc_int_str(cred->min_dl_bandwidth_home);

  if (os_strcmp(var, "min_ul_bandwidth_home") == 0)
    return alloc_int_str(cred->min_ul_bandwidth_home);

  if (os_strcmp(var, "min_dl_bandwidth_roaming") == 0)
    return alloc_int_str(cred->min_dl_bandwidth_roaming);

  if (os_strcmp(var, "min_ul_bandwidth_roaming") == 0)
    return alloc_int_str(cred->min_ul_bandwidth_roaming);

  if (os_strcmp(var, "max_bss_load") == 0)
    return alloc_int_str(cred->max_bss_load);

  if (os_strcmp(var, "req_conn_capab") == 0) {
    unsigned int i;
    char *buf, *end, *pos;
    int ret;

    if (!cred->num_req_conn_capab)
      return NULL;

    buf = os_malloc(4000);
    if (buf == NULL)
      return NULL;
    pos = buf;
    end = pos + 4000;
    for (i = 0; i < cred->num_req_conn_capab; i++) {
      int *ports;

      ret = os_snprintf(pos, end - pos, "%s%u",
            i > 0 ? "\n" : "",
            cred->req_conn_capab_proto[i]);
      if (os_snprintf_error(end - pos, ret))
        return buf;
      pos += ret;

      ports = cred->req_conn_capab_port[i];
      if (ports) {
        int j;
        for (j = 0; ports[j] != -1; j++) {
          ret = os_snprintf(pos, end - pos,
                "%s%d",
                j > 0 ? "," : ":",
                ports[j]);
          if (os_snprintf_error(end - pos, ret))
            return buf;
          pos += ret;
        }
      }
    }

    return buf;
  }

  if (os_strcmp(var, "ocsp") == 0)
    return alloc_int_str(cred->ocsp);

  if (os_strcmp(var, "realm") == 0)
    return alloc_strdup(cred->realm);

  if (os_strcmp(var, "username") == 0)
    return alloc_strdup(cred->username);

  if (os_strcmp(var, "password") == 0) {
    if (!cred->password)
      return NULL;
    return alloc_strdup("*");
  }

  if (os_strcmp(var, "ca_cert") == 0)
    return alloc_strdup(cred->ca_cert);

  if (os_strcmp(var, "client_cert") == 0)
    return alloc_strdup(cred->client_cert);

  if (os_strcmp(var, "private_key") == 0)
    return alloc_strdup(cred->private_key);

  if (os_strcmp(var, "private_key_passwd") == 0) {
    if (!cred->private_key_passwd)
      return NULL;
    return alloc_strdup("*");
  }

  if (os_strcmp(var, "imsi") == 0)
    return alloc_strdup(cred->imsi);

  if (os_strcmp(var, "imsi_privacy_cert") == 0)
    return alloc_strdup(cred->imsi_privacy_cert);

  if (os_strcmp(var, "imsi_privacy_attr") == 0)
    return alloc_strdup(cred->imsi_privacy_attr);

  if (os_strcmp(var, "milenage") == 0) {
    if (!(cred->milenage))
      return NULL;
    return alloc_strdup("*");
  }

  if (os_strcmp(var, "domain_suffix_match") == 0)
    return alloc_strdup(cred->domain_suffix_match);

  if (os_strcmp(var, "domain") == 0) {
    unsigned int i;
    char *buf, *end, *pos;
    int ret;

    if (!cred->num_domain)
      return NULL;

    buf = os_malloc(4000);
    if (buf == NULL)
      return NULL;
    pos = buf;
    end = pos + 4000;

    for (i = 0; i < cred->num_domain; i++) {
      ret = os_snprintf(pos, end - pos, "%s%s",
            i > 0 ? "\n" : "", cred->domain[i]);
      if (os_snprintf_error(end - pos, ret))
        return buf;
      pos += ret;
    }

    return buf;
  }

  if (os_strcmp(var, "phase1") == 0)
    return alloc_strdup(cred->phase1);

  if (os_strcmp(var, "phase2") == 0)
    return alloc_strdup(cred->phase2);

  if (os_strcmp(var, "roaming_consortium") == 0) {
    size_t buflen;
    char *buf;

    if (!cred->num_home_ois || !cred->home_ois_len[0])
      return NULL;
    buflen = cred->home_ois_len[0] * 2 + 1;
    buf = os_malloc(buflen);
    if (buf == NULL)
      return NULL;
    wpa_snprintf_hex(buf, buflen, cred->home_ois[0],
         cred->home_ois_len[0]);
    return buf;
  }

  if (os_strcmp(var, "required_roaming_consortium") == 0) {
    size_t buflen;
    char *buf;

    if (!cred->num_required_home_ois ||
        !cred->required_home_ois_len[0])
      return NULL;
    buflen = cred->required_home_ois_len[0] * 2 + 1;
    buf = os_malloc(buflen);
    if (buf == NULL)
      return NULL;
    wpa_snprintf_hex(buf, buflen, cred->required_home_ois[0],
         cred->required_home_ois_len[0]);
    return buf;
  }

  if (os_strcmp(var, "home_ois") == 0) {
    size_t buflen;
    char *buf, *pos;
    size_t i;

    if (!cred->num_home_ois)
      return NULL;
    buflen = cred->num_home_ois * MAX_ROAMING_CONS_OI_LEN * 2 + 1;
    buf = os_malloc(buflen);
    if (!buf)
      return NULL;
    pos = buf;
    for (i = 0; i < cred->num_home_ois; i++) {
      if (i > 0)
        *pos++ = ',';
      pos += wpa_snprintf_hex(
        pos, buf + buflen - pos,
        cred->home_ois[i],
        cred->home_ois_len[i]);
    }
    *pos = '\0';
    return buf;
  }

  if (os_strcmp(var, "required_home_ois") == 0) {
    size_t buflen;
    char *buf, *pos;
    size_t i;

    if (!cred->num_required_home_ois)
      return NULL;
    buflen = cred->num_required_home_ois *
      MAX_ROAMING_CONS_OI_LEN * 2 + 1;
    buf = os_malloc(buflen);
    if (!buf)
      return NULL;
    pos = buf;
    for (i = 0; i < cred->num_required_home_ois; i++) {
      if (i > 0)
        *pos++ = ',';
      pos += wpa_snprintf_hex(
        pos, buf + buflen - pos,
        cred->required_home_ois[i],
        cred->required_home_ois_len[i]);
    }
    *pos = '\0';
    return buf;
  }

  if (os_strcmp(var, "roaming_consortiums") == 0) {
    size_t buflen;
    char *buf, *pos;
    size_t i;

    if (!cred->num_roaming_consortiums)
      return NULL;
    buflen = cred->num_roaming_consortiums *
      MAX_ROAMING_CONS_OI_LEN * 2 + 1;
    buf = os_malloc(buflen);
    if (!buf)
      return NULL;
    pos = buf;
    for (i = 0; i < cred->num_roaming_consortiums; i++) {
      if (i > 0)
        *pos++ = ',';
      pos += wpa_snprintf_hex(
        pos, buf + buflen - pos,
        cred->roaming_consortiums[i],
        cred->roaming_consortiums_len[i]);
    }
    *pos = '\0';
    return buf;
  }

  if (os_strcmp(var, "excluded_ssid") == 0) {
    unsigned int i;
    char *buf, *end, *pos;

    if (!cred->num_excluded_ssid)
      return NULL;

    buf = os_malloc(4000);
    if (buf == NULL)
      return NULL;
    pos = buf;
    end = pos + 4000;

    for (i = 0; i < cred->num_excluded_ssid; i++) {
      struct excluded_ssid *e;
      int ret;

      e = &cred->excluded_ssid[i];
      ret = os_snprintf(pos, end - pos, "%s%s",
            i > 0 ? "\n" : "",
            wpa_ssid_txt(e->ssid, e->ssid_len));
      if (os_snprintf_error(end - pos, ret))
        return buf;
      pos += ret;
    }

    return buf;
  }

  if (os_strcmp(var, "roaming_partner") == 0) {
    unsigned int i;
    char *buf, *end, *pos;

    if (!cred->num_roaming_partner)
      return NULL;

    buf = os_malloc(4000);
    if (buf == NULL)
      return NULL;
    pos = buf;
    end = pos + 4000;

    for (i = 0; i < cred->num_roaming_partner; i++) {
      struct roaming_partner *p;
      int ret;

      p = &cred->roaming_partner[i];
      ret = os_snprintf(pos, end - pos, "%s%s,%d,%u,%s",
            i > 0 ? "\n" : "",
            p->fqdn, p->exact_match, p->priority,
            p->country);
      if (os_snprintf_error(end - pos, ret))
        return buf;
      pos += ret;
    }

    return buf;
  }

  if (os_strcmp(var, "provisioning_sp") == 0)
    return alloc_strdup(cred->provisioning_sp);

  return NULL;
}


struct wpa_cred * wpa_config_get_cred(struct wpa_config *config, int id)
{
  struct wpa_cred *cred;

  cred = config->cred;
  while (cred) {
    if (id == cred->id)
      break;
    cred = cred->next;
  }

  return cred;
}


struct wpa_cred * wpa_config_add_cred(struct wpa_config *config)
{
  int id;
  struct wpa_cred *cred, *last = NULL;

  id = -1;
  cred = config->cred;
  while (cred) {
    if (cred->id > id)
      id = cred->id;
    last = cred;
    cred = cred->next;
  }
  id++;

  cred = os_zalloc(sizeof(*cred));
  if (cred == NULL)
    return NULL;
  cred->id = id;
  cred->sim_num = DEFAULT_USER_SELECTED_SIM;
  if (last)
    last->next = cred;
  else
    config->cred = cred;

  return cred;
}


int wpa_config_remove_cred(struct wpa_config *config, int id)
{
  struct wpa_cred *cred, *prev = NULL;

  cred = config->cred;
  while (cred) {
    if (id == cred->id)
      break;
    prev = cred;
    cred = cred->next;
  }

  if (cred == NULL)
    return -1;

  if (prev)
    prev->next = cred->next;
  else
    config->cred = cred->next;

  wpa_config_free_cred(cred);
  return 0;
}


#ifndef CONFIG_NO_CONFIG_BLOBS
/**
 * wpa_config_get_blob - Get a named configuration blob
 * @config: Configuration data from wpa_config_read()
 * @name: Name of the blob
 * Returns: Pointer to blob data or %NULL if not found
 */
const struct wpa_config_blob * wpa_config_get_blob(struct wpa_config *config,
               const char *name)
{
  struct wpa_config_blob *blob = config->blobs;

  while (blob) {
    if (os_strcmp(blob->name, name) == 0)
      return blob;
    blob = blob->next;
  }
  return NULL;
}


/**
 * wpa_config_set_blob - Set or add a named configuration blob
 * @config: Configuration data from wpa_config_read()
 * @blob: New value for the blob
 *
 * Adds a new configuration blob or replaces the current value of an existing
 * blob.
 */
void wpa_config_set_blob(struct wpa_config *config,
       struct wpa_config_blob *blob)
{
  wpa_config_remove_blob(config, blob->name);
  blob->next = config->blobs;
  config->blobs = blob;
}


/**
 * wpa_config_free_blob - Free blob data
 * @blob: Pointer to blob to be freed
 */
void wpa_config_free_blob(struct wpa_config_blob *blob)
{
  if (blob) {
    os_free(blob->name);
    bin_clear_free(blob->data, blob->len);
    os_free(blob);
  }
}


/**
 * wpa_config_remove_blob - Remove a named configuration blob
 * @config: Configuration data from wpa_config_read()
 * @name: Name of the blob to remove
 * Returns: 0 if blob was removed or -1 if blob was not found
 */
int wpa_config_remove_blob(struct wpa_config *config, const char *name)
{
  struct wpa_config_blob *pos = config->blobs, *prev = NULL;

  while (pos) {
    if (os_strcmp(pos->name, name) == 0) {
      if (prev)
        prev->next = pos->next;
      else
        config->blobs = pos->next;
      wpa_config_free_blob(pos);
      return 0;
    }
    prev = pos;
    pos = pos->next;
  }

  return -1;
}
#endif /* CONFIG_NO_CONFIG_BLOBS */


/**
 * wpa_config_alloc_empty - Allocate an empty configuration
 * @ctrl_interface: Control interface parameters, e.g., path to UNIX domain
 * socket
 * @driver_param: Driver parameters
 * Returns: Pointer to allocated configuration data or %NULL on failure
 */
struct wpa_config * wpa_config_alloc_empty(const char *ctrl_interface,
             const char *driver_param)
{
#define ecw2cw(ecw) ((1 << (ecw)) - 1)

  struct wpa_config *config;
  const int aCWmin = 4, aCWmax = 10;
  const struct hostapd_wmm_ac_params ac_bk =
    { aCWmin, aCWmax, 7, 0, 0 }; /* background traffic */
  const struct hostapd_wmm_ac_params ac_be =
    { aCWmin, aCWmax, 3, 0, 0 }; /* best effort traffic */
  const struct hostapd_wmm_ac_params ac_vi = /* video traffic */
    { aCWmin - 1, aCWmin, 2, 3008 / 32, 0 };
  const struct hostapd_wmm_ac_params ac_vo = /* voice traffic */
    { aCWmin - 2, aCWmin - 1, 2, 1504 / 32, 0 };
  const struct hostapd_tx_queue_params txq_bk =
    { 7, ecw2cw(aCWmin), ecw2cw(aCWmax), 0 };
  const struct hostapd_tx_queue_params txq_be =
    { 3, ecw2cw(aCWmin), 4 * (ecw2cw(aCWmin) + 1) - 1, 0 };
  const struct hostapd_tx_queue_params txq_vi =
    { 1, (ecw2cw(aCWmin) + 1) / 2 - 1, ecw2cw(aCWmin), 30 };
  const struct hostapd_tx_queue_params txq_vo =
    { 1, (ecw2cw(aCWmin) + 1) / 4 - 1,
      (ecw2cw(aCWmin) + 1) / 2 - 1, 15 };

#undef ecw2cw

  config = os_zalloc(sizeof(*config));
  if (config == NULL)
    return NULL;
  config->eapol_version = DEFAULT_EAPOL_VERSION;
  config->ap_scan = DEFAULT_AP_SCAN;
  config->user_mpm = DEFAULT_USER_MPM;
  config->max_peer_links = DEFAULT_MAX_PEER_LINKS;
  config->mesh_max_inactivity = DEFAULT_MESH_MAX_INACTIVITY;
  config->mesh_fwding = DEFAULT_MESH_FWDING;
  config->dot11RSNASAERetransPeriod =
    DEFAULT_DOT11_RSNA_SAE_RETRANS_PERIOD;
  config->fast_reauth = DEFAULT_FAST_REAUTH;
  config->p2p_go_intent = DEFAULT_P2P_GO_INTENT;
  config->p2p_intra_bss = DEFAULT_P2P_INTRA_BSS;
  config->p2p_go_freq_change_policy = DEFAULT_P2P_GO_FREQ_MOVE;
  config->p2p_go_max_inactivity = DEFAULT_P2P_GO_MAX_INACTIVITY;
  config->p2p_optimize_listen_chan = DEFAULT_P2P_OPTIMIZE_LISTEN_CHAN;
  config->p2p_go_ctwindow = DEFAULT_P2P_GO_CTWINDOW;
  config->bss_max_count = DEFAULT_BSS_MAX_COUNT;
  config->bss_expiration_age = DEFAULT_BSS_EXPIRATION_AGE;
  config->bss_expiration_scan_count = DEFAULT_BSS_EXPIRATION_SCAN_COUNT;
  config->max_num_sta = DEFAULT_MAX_NUM_STA;
  config->ap_isolate = DEFAULT_AP_ISOLATE;
  config->access_network_type = DEFAULT_ACCESS_NETWORK_TYPE;
  config->scan_cur_freq = DEFAULT_SCAN_CUR_FREQ;
  config->scan_res_valid_for_connect = DEFAULT_SCAN_RES_VALID_FOR_CONNECT;
  config->wmm_ac_params[0] = ac_be;
  config->wmm_ac_params[1] = ac_bk;
  config->wmm_ac_params[2] = ac_vi;
  config->wmm_ac_params[3] = ac_vo;
  config->tx_queue[0] = txq_vo;
  config->tx_queue[1] = txq_vi;
  config->tx_queue[2] = txq_be;
  config->tx_queue[3] = txq_bk;
  config->p2p_search_delay = DEFAULT_P2P_SEARCH_DELAY;
  config->rand_addr_lifetime = DEFAULT_RAND_ADDR_LIFETIME;
  config->key_mgmt_offload = DEFAULT_KEY_MGMT_OFFLOAD;
  config->cert_in_cb = DEFAULT_CERT_IN_CB;
  config->wpa_rsc_relaxation = DEFAULT_WPA_RSC_RELAXATION;
  config->extended_key_id = DEFAULT_EXTENDED_KEY_ID;

#ifdef CONFIG_MBO
  config->mbo_cell_capa = DEFAULT_MBO_CELL_CAPA;
  config->disassoc_imminent_rssi_threshold =
    DEFAULT_DISASSOC_IMMINENT_RSSI_THRESHOLD;
  config->oce = DEFAULT_OCE_SUPPORT;
#endif /* CONFIG_MBO */

  if (ctrl_interface)
    config->ctrl_interface = os_strdup(ctrl_interface);
  if (driver_param)
    config->driver_param = os_strdup(driver_param);
  config->gas_rand_addr_lifetime = DEFAULT_RAND_ADDR_LIFETIME;

  return config;
}


#ifndef CONFIG_NO_STDOUT_DEBUG
/**
 * wpa_config_debug_dump_networks - Debug dump of configured networks
 * @config: Configuration data from wpa_config_read()
 */
void wpa_config_debug_dump_networks(struct wpa_config *config)
{
  size_t prio;
  struct wpa_ssid *ssid;

  for (prio = 0; prio < config->num_prio; prio++) {
    ssid = config->pssid[prio];
    wpa_printf(MSG_DEBUG, "Priority group %d",
         ssid->priority);
    while (ssid) {
      wpa_printf(MSG_DEBUG, "   id=%d ssid='%s'",
           ssid->id,
           wpa_ssid_txt(ssid->ssid, ssid->ssid_len));
      ssid = ssid->pnext;
    }
  }
}
#endif /* CONFIG_NO_STDOUT_DEBUG */


/**
 * Structure for global configuration parsing. This data is used to implement a
 * generic parser for the global interface configuration. The table of variables
 * is defined below in this file (global_fields[]).
 */
struct global_parse_data {
  /* Configuration variable name */
  char *name;

  /* Parser function for this variable. The parser functions return 0 or 1
   * to indicate success. Value 0 indicates that the parameter value may
   * have changed while value 1 means that the value did not change.
   * Error cases (failure to parse the string) are indicated by returning
   * -1. */
  int (*parser)(const struct global_parse_data *data,
          struct wpa_config *config, int line, const char *value);

  /* Getter function to print the variable in text format to buf. */
  int (*get)(const char *name, struct wpa_config *config, long offset,
       char *buf, size_t buflen, int pretty_print);

  /* Variable specific parameters for the parser. */
  void *param1, *param2, *param3;

  /* Indicates which configuration variable has changed. */
  unsigned int changed_flag;
};


static int wpa_global_config_parse_int(const struct global_parse_data *data,
               struct wpa_config *config, int line,
               const char *pos)
{
  int val, *dst;
  char *end;
  bool same;

  dst = (int *) (((u8 *) config) + (long) data->param1);
  val = strtol(pos, &end, 0);
  if (*end) {
    wpa_printf(MSG_ERROR, "Line %d: invalid number \"%s\"",
         line, pos);
    return -1;
  }
  same = *dst == val;
  *dst = val;

  wpa_printf(MSG_DEBUG, "%s=%d", data->name, *dst);

  if (data->param2 && *dst < (long) data->param2) {
    wpa_printf(MSG_ERROR, "Line %d: too small %s (value=%d "
         "min_value=%ld)", line, data->name, *dst,
         (long) data->param2);
    *dst = (long) data->param2;
    return -1;
  }

  if (data->param3 && *dst > (long) data->param3) {
    wpa_printf(MSG_ERROR, "Line %d: too large %s (value=%d "
         "max_value=%ld)", line, data->name, *dst,
         (long) data->param3);
    *dst = (long) data->param3;
    return -1;
  }

  return same;
}


static int wpa_global_config_parse_str(const struct global_parse_data *data,
               struct wpa_config *config, int line,
               const char *pos)
{
  size_t len, prev_len;
  char **dst, *tmp;

  len = os_strlen(pos);
  if (data->param2 && len < (size_t) data->param2) {
    wpa_printf(MSG_ERROR, "Line %d: too short %s (len=%lu "
         "min_len=%ld)", line, data->name,
         (unsigned long) len, (long) data->param2);
    return -1;
  }

  if (data->param3 && len > (size_t) data->param3) {
    wpa_printf(MSG_ERROR, "Line %d: too long %s (len=%lu "
         "max_len=%ld)", line, data->name,
         (unsigned long) len, (long) data->param3);
    return -1;
  }

  if (has_newline(pos)) {
    wpa_printf(MSG_ERROR, "Line %d: invalid %s value with newline",
         line, data->name);
    return -1;
  }

  dst = (char **) (((u8 *) config) + (long) data->param1);
  if (*dst)
    prev_len = os_strlen(*dst);
  else
    prev_len = 0;

  /* No change to the previously configured value */
  if (*dst && prev_len == len && os_memcmp(*dst, pos, len) == 0)
    return 1;

  tmp = os_strdup(pos);
  if (tmp == NULL)
    return -1;

  os_free(*dst);
  *dst = tmp;
  wpa_printf(MSG_DEBUG, "%s='%s'", data->name, *dst);

  return 0;
}


static int wpa_config_process_bgscan(const struct global_parse_data *data,
             struct wpa_config *config, int line,
             const char *pos)
{
  size_t len;
  char *tmp;
  int res;

  tmp = wpa_config_parse_string(pos, &len);
  if (tmp == NULL) {
    wpa_printf(MSG_ERROR, "Line %d: failed to parse %s",
         line, data->name);
    return -1;
  }

  res = wpa_global_config_parse_str(data, config, line, tmp);
  os_free(tmp);
  return res;
}


static int wpa_global_config_parse_bin(const struct global_parse_data *data,
               struct wpa_config *config, int line,
               const char *pos)
{
  struct wpabuf **dst, *tmp;

  tmp = wpabuf_parse_bin(pos);
  if (!tmp)
    return -1;

  dst = (struct wpabuf **) (((u8 *) config) + (long) data->param1);
  if (wpabuf_cmp(*dst, tmp) == 0) {
    wpabuf_free(tmp);
    return 1;
  }
  wpabuf_free(*dst);
  *dst = tmp;
  wpa_printf(MSG_DEBUG, "%s", data->name);

  return 0;
}


static int wpa_config_process_freq_list(const struct global_parse_data *data,
          struct wpa_config *config, int line,
          const char *value)
{
  int *freqs;

  freqs = wpa_config_parse_int_array(value);
  if (freqs == NULL)
    return -1;
  if (freqs[0] == 0) {
    os_free(freqs);
    freqs = NULL;
  }
  os_free(config->freq_list);
  config->freq_list = freqs;
  return 0;
}


static int
wpa_config_process_initial_freq_list(const struct global_parse_data *data,
             struct wpa_config *config, int line,
             const char *value)
{
  int *freqs;

  freqs = wpa_config_parse_int_array(value);
  if (!freqs)
    return -1;
  if (freqs[0] == 0) {
    os_free(freqs);
    freqs = NULL;
  }
  os_free(config->initial_freq_list);
  config->initial_freq_list = freqs;
  return 0;
}


#ifdef CONFIG_P2P
static int wpa_global_config_parse_ipv4(const struct global_parse_data *data,
          struct wpa_config *config, int line,
          const char *pos)
{
  u32 *dst;
  struct hostapd_ip_addr addr;

  if (hostapd_parse_ip_addr(pos, &addr) < 0)
    return -1;
  if (addr.af != AF_INET)
    return -1;

  dst = (u32 *) (((u8 *) config) + (long) data->param1);
  if (os_memcmp(dst, &addr.u.v4.s_addr, 4) == 0)
    return 1;
  os_memcpy(dst, &addr.u.v4.s_addr, 4);
  wpa_printf(MSG_DEBUG, "%s = 0x%x", data->name,
       WPA_GET_BE32((u8 *) dst));

  return 0;
}
#endif /* CONFIG_P2P */


static int wpa_config_process_country(const struct global_parse_data *data,
              struct wpa_config *config, int line,
              const char *pos)
{
  if (!pos[0] || !pos[1]) {
    wpa_printf(MSG_DEBUG, "Invalid country set");
    return -1;
  }
  if (pos[0] == config->country[0] && pos[1] == config->country[1])
    return 1;
  config->country[0] = pos[0];
  config->country[1] = pos[1];
  wpa_printf(MSG_DEBUG, "country='%c%c'",
       config->country[0], config->country[1]);
  return 0;
}


static int wpa_config_process_load_dynamic_eap(
  const struct global_parse_data *data, struct wpa_config *config,
  int line, const char *so)
{
  int ret;
  wpa_printf(MSG_DEBUG, "load_dynamic_eap=%s", so);
  ret = eap_peer_method_load(so);
  if (ret == -2) {
    wpa_printf(MSG_DEBUG, "This EAP type was already loaded - not "
         "reloading.");
  } else if (ret) {
    wpa_printf(MSG_ERROR, "Line %d: Failed to load dynamic EAP "
         "method '%s'.", line, so);
    return -1;
  }

  return 0;
}


#ifdef CONFIG_WPS

static int wpa_config_process_uuid(const struct global_parse_data *data,
           struct wpa_config *config, int line,
           const char *pos)
{
  char buf[40];
  if (uuid_str2bin(pos, config->uuid)) {
    wpa_printf(MSG_ERROR, "Line %d: invalid UUID", line);
    return -1;
  }
  uuid_bin2str(config->uuid, buf, sizeof(buf));
  wpa_printf(MSG_DEBUG, "uuid=%s", buf);
  return 0;
}


static int wpa_config_process_device_type(
  const struct global_parse_data *data,
  struct wpa_config *config, int line, const char *pos)
{
  return wps_dev_type_str2bin(pos, config->device_type);
}


static int wpa_config_process_os_version(const struct global_parse_data *data,
           struct wpa_config *config, int line,
           const char *pos)
{
  if (hexstr2bin(pos, config->os_version, 4)) {
    wpa_printf(MSG_ERROR, "Line %d: invalid os_version", line);
    return -1;
  }
  wpa_printf(MSG_DEBUG, "os_version=%08x",
       WPA_GET_BE32(config->os_version));
  return 0;
}


static int wpa_config_process_wps_vendor_ext_m1(
  const struct global_parse_data *data,
  struct wpa_config *config, int line, const char *pos)
{
  struct wpabuf *tmp;
  int len = os_strlen(pos) / 2;
  u8 *p;

  if (!len) {
    wpa_printf(MSG_ERROR, "Line %d: "
         "invalid wps_vendor_ext_m1", line);
    return -1;
  }

  tmp = wpabuf_alloc(len);
  if (tmp) {
    p = wpabuf_put(tmp, len);

    if (hexstr2bin(pos, p, len)) {
      wpa_printf(MSG_ERROR, "Line %d: "
           "invalid wps_vendor_ext_m1", line);
      wpabuf_free(tmp);
      return -1;
    }

    wpabuf_free(config->wps_vendor_ext_m1);
    config->wps_vendor_ext_m1 = tmp;
  } else {
    wpa_printf(MSG_ERROR, "Can not allocate "
         "memory for wps_vendor_ext_m1");
    return -1;
  }

  return 0;
}

#endif /* CONFIG_WPS */

#ifdef CONFIG_P2P
static int wpa_config_process_sec_device_type(
  const struct global_parse_data *data,
  struct wpa_config *config, int line, const char *pos)
{
  int idx;

  if (config->num_sec_device_types >= MAX_SEC_DEVICE_TYPES) {
    wpa_printf(MSG_ERROR, "Line %d: too many sec_device_type "
         "items", line);
    return -1;
  }

  idx = config->num_sec_device_types;

  if (wps_dev_type_str2bin(pos, config->sec_device_type[idx]))
    return -1;

  config->num_sec_device_types++;
  return 0;
}


static int wpa_config_process_p2p_pref_chan(
  const struct global_parse_data *data,
  struct wpa_config *config, int line, const char *pos)
{
  struct p2p_channel *pref = NULL, *n;
  size_t num = 0;
  const char *pos2;
  u8 op_class, chan;

  /* format: class:chan,class:chan,... */

  while (*pos) {
    op_class = atoi(pos);
    pos2 = os_strchr(pos, ':');
    if (pos2 == NULL)
      goto fail;
    pos2++;
    chan = atoi(pos2);

    n = os_realloc_array(pref, num + 1,
             sizeof(struct p2p_channel));
    if (n == NULL)
      goto fail;
    pref = n;
    pref[num].op_class = op_class;
    pref[num].chan = chan;
    num++;

    pos = os_strchr(pos2, ',');
    if (pos == NULL)
      break;
    pos++;
  }

  os_free(config->p2p_pref_chan);
  config->p2p_pref_chan = pref;
  config->num_p2p_pref_chan = num;
  wpa_hexdump(MSG_DEBUG, "P2P: Preferred class/channel pairs",
        (u8 *) config->p2p_pref_chan,
        config->num_p2p_pref_chan * sizeof(struct p2p_channel));

  return 0;

fail:
  os_free(pref);
  wpa_printf(MSG_ERROR, "Line %d: Invalid p2p_pref_chan list", line);
  return -1;
}


static int wpa_config_process_p2p_no_go_freq(
  const struct global_parse_data *data,
  struct wpa_config *config, int line, const char *pos)
{
  int ret;

  ret = freq_range_list_parse(&config->p2p_no_go_freq, pos);
  if (ret < 0) {
    wpa_printf(MSG_ERROR, "Line %d: Invalid p2p_no_go_freq", line);
    return -1;
  }

  wpa_printf(MSG_DEBUG, "P2P: p2p_no_go_freq with %u items",
       config->p2p_no_go_freq.num);

  return 0;
}


static int wpa_config_process_p2p_device_persistent_mac_addr(
  const struct global_parse_data *data,
  struct wpa_config *config, int line, const char *pos)
{
  if (hwaddr_aton2(pos, config->p2p_device_persistent_mac_addr) < 0) {
    wpa_printf(MSG_ERROR,
         "Line %d: Invalid p2p_device_persistent_mac_addr '%s'",
         line, pos);
    return -1;
  }

  return 0;
}

#endif /* CONFIG_P2P */


static int wpa_config_process_hessid(
  const struct global_parse_data *data,
  struct wpa_config *config, int line, const char *pos)
{
  if (hwaddr_aton2(pos, config->hessid) < 0) {
    wpa_printf(MSG_ERROR, "Line %d: Invalid hessid '%s'",
         line, pos);
    return -1;
  }

  return 0;
}


static int wpa_config_process_sae_groups(
  const struct global_parse_data *data,
  struct wpa_config *config, int line, const char *pos)
{
  int *groups = wpa_config_parse_int_array(pos);
  if (groups == NULL) {
    wpa_printf(MSG_ERROR, "Line %d: Invalid sae_groups '%s'",
         line, pos);
    return -1;
  }

  os_free(config->sae_groups);
  config->sae_groups = groups;

  return 0;
}


static int wpa_config_process_ap_vendor_elements(
  const struct global_parse_data *data,
  struct wpa_config *config, int line, const char *pos)
{
  struct wpabuf *tmp;

  if (!*pos) {
    wpabuf_free(config->ap_vendor_elements);
    config->ap_vendor_elements = NULL;
    return 0;
  }

  tmp = wpabuf_parse_bin(pos);
  if (!tmp) {
    wpa_printf(MSG_ERROR, "Line %d: invalid ap_vendor_elements",
         line);
    return -1;
  }
  wpabuf_free(config->ap_vendor_elements);
  config->ap_vendor_elements = tmp;

  return 0;
}


static int wpa_config_process_ap_assocresp_elements(
  const struct global_parse_data *data,
  struct wpa_config *config, int line, const char *pos)
{
  struct wpabuf *tmp;

  if (!*pos) {
    wpabuf_free(config->ap_assocresp_elements);
    config->ap_assocresp_elements = NULL;
    return 0;
  }

  tmp = wpabuf_parse_bin(pos);
  if (!tmp) {
    wpa_printf(MSG_ERROR, "Line %d: invalid ap_assocresp_elements",
         line);
    return -1;
  }
  wpabuf_free(config->ap_assocresp_elements);
  config->ap_assocresp_elements = tmp;

  return 0;
}


#ifdef CONFIG_CTRL_IFACE
static int wpa_config_process_no_ctrl_interface(
  const struct global_parse_data *data,
  struct wpa_config *config, int line, const char *pos)
{
  wpa_printf(MSG_DEBUG, "no_ctrl_interface -> ctrl_interface=NULL");
  os_free(config->ctrl_interface);
  config->ctrl_interface = NULL;
  return 0;
}
#endif /* CONFIG_CTRL_IFACE */


static int wpa_config_get_int(const char *name, struct wpa_config *config,
            long offset, char *buf, size_t buflen,
            int pretty_print)
{
  int *val = (int *) (((u8 *) config) + (long) offset);

  if (pretty_print)
    return os_snprintf(buf, buflen, "%s=%d\n", name, *val);
  return os_snprintf(buf, buflen, "%d", *val);
}


static int wpa_config_get_str(const char *name, struct wpa_config *config,
            long offset, char *buf, size_t buflen,
            int pretty_print)
{
  char **val = (char **) (((u8 *) config) + (long) offset);
  int res;

  if (pretty_print)
    res = os_snprintf(buf, buflen, "%s=%s\n", name,
          *val ? *val : "null");
  else if (!*val)
    return -1;
  else
    res = os_snprintf(buf, buflen, "%s", *val);
  if (os_snprintf_error(buflen, res))
    res = -1;

  return res;
}


#ifdef CONFIG_P2P
static int wpa_config_get_ipv4(const char *name, struct wpa_config *config,
             long offset, char *buf, size_t buflen,
             int pretty_print)
{
  void *val = ((u8 *) config) + (long) offset;
  int res;
  char addr[INET_ADDRSTRLEN];

  if (!val || !inet_ntop(AF_INET, val, addr, sizeof(addr)))
    return -1;

  if (pretty_print)
    res = os_snprintf(buf, buflen, "%s=%s\n", name, addr);
  else
    res = os_snprintf(buf, buflen, "%s", addr);

  if (os_snprintf_error(buflen, res))
    res = -1;

  return res;
}
#endif /* CONFIG_P2P */


#ifdef OFFSET
#undef OFFSET
#endif /* OFFSET */
/* OFFSET: Get offset of a variable within the wpa_config structure */
#define OFFSET(v) ((void *) &((struct wpa_config *) 0)->v)

#define FUNC(f) #f, wpa_config_process_ ## f, NULL, OFFSET(f), NULL, NULL
#define FUNC_NO_VAR(f) #f, wpa_config_process_ ## f, NULL, NULL, NULL, NULL
#define _INT(f) #f, wpa_global_config_parse_int, wpa_config_get_int, OFFSET(f)
#define INT(f) _INT(f), NULL, NULL
#define INT_RANGE(f, min, max) _INT(f), (void *) min, (void *) max
#define _STR(f) #f, wpa_global_config_parse_str, wpa_config_get_str, OFFSET(f)
#define STR(f) _STR(f), NULL, NULL
#define STR_RANGE(f, min, max) _STR(f), (void *) min, (void *) max
#define BIN(f) #f, wpa_global_config_parse_bin, NULL, OFFSET(f), NULL, NULL
#define IPV4(f) #f, wpa_global_config_parse_ipv4, wpa_config_get_ipv4,  \
  OFFSET(f), NULL, NULL

static const struct global_parse_data global_fields[] = {
#ifdef CONFIG_CTRL_IFACE
  { STR(ctrl_interface), 0 },
  { FUNC_NO_VAR(no_ctrl_interface), 0 },
  { STR(ctrl_interface_group), 0 } /* deprecated */,
#endif /* CONFIG_CTRL_IFACE */
#ifdef CONFIG_MACSEC
  { INT_RANGE(eapol_version, 1, 3), 0 },
#else /* CONFIG_MACSEC */
  { INT_RANGE(eapol_version, 1, 2), 0 },
#endif /* CONFIG_MACSEC */
  { INT(ap_scan), 0 },
  { FUNC(bgscan), CFG_CHANGED_BGSCAN },
#ifdef CONFIG_MESH
  { INT(user_mpm), 0 },
  { INT_RANGE(max_peer_links, 0, 255), 0 },
  { INT(mesh_max_inactivity), 0 },
  { INT_RANGE(mesh_fwding, 0, 1), 0 },
  { INT(dot11RSNASAERetransPeriod), 0 },
#endif /* CONFIG_MESH */
  { INT(disable_scan_offload), 0 },
  { INT(fast_reauth), 0 },
  { STR(opensc_engine_path), 0 },
  { STR(pkcs11_engine_path), 0 },
  { STR(pkcs11_module_path), 0 },
  { STR(openssl_ciphers), 0 },
  { STR(pcsc_reader), 0 },
  { STR(pcsc_pin), 0 },
  { INT(external_sim), 0 },
  { STR(driver_param), 0 },
  { INT(dot11RSNAConfigPMKLifetime), 0 },
  { INT(dot11RSNAConfigPMKReauthThreshold), 0 },
  { INT(dot11RSNAConfigSATimeout), 0 },
#ifndef CONFIG_NO_CONFIG_WRITE
  { INT(update_config), 0 },
#endif /* CONFIG_NO_CONFIG_WRITE */
  { FUNC_NO_VAR(load_dynamic_eap), 0 },
#ifdef CONFIG_WPS
  { FUNC(uuid), CFG_CHANGED_UUID },
  { INT_RANGE(auto_uuid, 0, 1), 0 },
  { STR_RANGE(device_name, 0, WPS_DEV_NAME_MAX_LEN),
    CFG_CHANGED_DEVICE_NAME },
  { STR_RANGE(manufacturer, 0, 64), CFG_CHANGED_WPS_STRING },
  { STR_RANGE(model_name, 0, 32), CFG_CHANGED_WPS_STRING },
  { STR_RANGE(model_number, 0, 32), CFG_CHANGED_WPS_STRING },
  { STR_RANGE(serial_number, 0, 32), CFG_CHANGED_WPS_STRING },
  { FUNC(device_type), CFG_CHANGED_DEVICE_TYPE },
  { FUNC(os_version), CFG_CHANGED_OS_VERSION },
  { STR(config_methods), CFG_CHANGED_CONFIG_METHODS },
  { INT_RANGE(wps_cred_processing, 0, 2), 0 },
  { INT_RANGE(wps_cred_add_sae, 0, 1), 0 },
  { FUNC(wps_vendor_ext_m1), CFG_CHANGED_VENDOR_EXTENSION },
#endif /* CONFIG_WPS */
#ifdef CONFIG_P2P
  { FUNC(sec_device_type), CFG_CHANGED_SEC_DEVICE_TYPE },
  { INT(p2p_listen_reg_class), CFG_CHANGED_P2P_LISTEN_CHANNEL },
  { INT(p2p_listen_channel), CFG_CHANGED_P2P_LISTEN_CHANNEL },
  { INT(p2p_oper_reg_class), CFG_CHANGED_P2P_OPER_CHANNEL },
  { INT(p2p_oper_channel), CFG_CHANGED_P2P_OPER_CHANNEL },
  { INT_RANGE(p2p_go_intent, 0, 15), 0 },
  { STR(p2p_ssid_postfix), CFG_CHANGED_P2P_SSID_POSTFIX },
  { INT_RANGE(persistent_reconnect, 0, 1), 0 },
  { INT_RANGE(p2p_intra_bss, 0, 1), CFG_CHANGED_P2P_INTRA_BSS },
  { INT(p2p_group_idle), 0 },
  { INT_RANGE(p2p_go_freq_change_policy, 0, P2P_GO_FREQ_MOVE_MAX), 0 },
  { INT_RANGE(p2p_passphrase_len, 8, 63),
    CFG_CHANGED_P2P_PASSPHRASE_LEN },
  { FUNC(p2p_pref_chan), CFG_CHANGED_P2P_PREF_CHAN },
  { FUNC(p2p_no_go_freq), CFG_CHANGED_P2P_PREF_CHAN },
  { INT_RANGE(p2p_add_cli_chan, 0, 1), 0 },
  { INT_RANGE(p2p_optimize_listen_chan, 0, 1), 0 },
  { INT(p2p_go_ht40), 0 },
  { INT(p2p_go_vht), 0 },
  { INT(p2p_go_he), 0 },
  { INT(p2p_go_edmg), 0 },
  { INT(p2p_disabled), 0 },
  { INT_RANGE(p2p_go_ctwindow, 0, 127), 0 },
  { INT(p2p_no_group_iface), 0 },
  { INT_RANGE(p2p_ignore_shared_freq, 0, 1), 0 },
  { IPV4(ip_addr_go), 0 },
  { IPV4(ip_addr_mask), 0 },
  { IPV4(ip_addr_start), 0 },
  { IPV4(ip_addr_end), 0 },
  { INT_RANGE(p2p_cli_probe, 0, 1), 0 },
  { INT(p2p_device_random_mac_addr), 0 },
  { FUNC(p2p_device_persistent_mac_addr), 0 },
  { INT(p2p_interface_random_mac_addr), 0 },
  { INT(p2p_6ghz_disable), 0 },
#endif /* CONFIG_P2P */
  { FUNC(country), CFG_CHANGED_COUNTRY },
  { INT(bss_max_count), 0 },
  { INT(bss_expiration_age), 0 },
  { INT(bss_expiration_scan_count), 0 },
  { INT_RANGE(filter_ssids, 0, 1), 0 },
  { INT_RANGE(filter_rssi, -100, 0), 0 },
  { INT(max_num_sta), 0 },
  { INT_RANGE(ap_isolate, 0, 1), 0 },
  { INT_RANGE(disassoc_low_ack, 0, 1), 0 },
#ifdef CONFIG_HS20
  { INT_RANGE(hs20, 0, 1), 0 },
#endif /* CONFIG_HS20 */
  { INT_RANGE(interworking, 0, 1), 0 },
  { FUNC(hessid), 0 },
  { INT_RANGE(access_network_type, 0, 15), 0 },
  { INT_RANGE(go_interworking, 0, 1), 0 },
  { INT_RANGE(go_access_network_type, 0, 15), 0 },
  { INT_RANGE(go_internet, 0, 1), 0 },
  { INT_RANGE(go_venue_group, 0, 255), 0 },
  { INT_RANGE(go_venue_type, 0, 255), 0 },
  { INT_RANGE(pbc_in_m1, 0, 1), 0 },
  { STR(autoscan), 0 },
  { INT_RANGE(wps_nfc_dev_pw_id, 0x10, 0xffff),
    CFG_CHANGED_NFC_PASSWORD_TOKEN },
  { BIN(wps_nfc_dh_pubkey), CFG_CHANGED_NFC_PASSWORD_TOKEN },
  { BIN(wps_nfc_dh_privkey), CFG_CHANGED_NFC_PASSWORD_TOKEN },
  { BIN(wps_nfc_dev_pw), CFG_CHANGED_NFC_PASSWORD_TOKEN },
  { STR(ext_password_backend), CFG_CHANGED_EXT_PW_BACKEND },
  { INT(p2p_go_max_inactivity), 0 },
  { INT_RANGE(auto_interworking, 0, 1), 0 },
  { INT(okc), 0 },
  { INT(pmf), 0 },
  { INT_RANGE(sae_check_mfp, 0, 1), 0 },
  { FUNC(sae_groups), 0 },
  { INT_RANGE(sae_pwe, 0, 3), 0 },
  { INT_RANGE(sae_pmkid_in_assoc, 0, 1), 0 },
  { INT(dtim_period), 0 },
  { INT(beacon_int), 0 },
  { FUNC(ap_assocresp_elements), 0 },
  { FUNC(ap_vendor_elements), 0 },
  { INT_RANGE(ignore_old_scan_res, 0, 1), 0 },
  { FUNC(freq_list), 0 },
  { FUNC(initial_freq_list), 0},
  { INT(scan_cur_freq), 0 },
  { INT(scan_res_valid_for_connect), 0},
  { INT(sched_scan_interval), 0 },
  { INT(sched_scan_start_delay), 0 },
  { INT(tdls_external_control), 0},
  { STR(osu_dir), 0 },
  { STR(wowlan_triggers), CFG_CHANGED_WOWLAN_TRIGGERS },
  { INT(p2p_search_delay), 0},
  { INT_RANGE(mac_addr, 0, 2), 0 },
  { INT(rand_addr_lifetime), 0 },
  { INT_RANGE(preassoc_mac_addr, 0, 2), 0 },
  { INT(key_mgmt_offload), 0},
  { INT(passive_scan), 0 },
  { INT(reassoc_same_bss_optim), 0 },
  { INT(wps_priority), 0},
#ifdef CONFIG_FST
  { STR_RANGE(fst_group_id, 1, FST_MAX_GROUP_ID_LEN), 0 },
  { INT_RANGE(fst_priority, 1, FST_MAX_PRIO_VALUE), 0 },
  { INT_RANGE(fst_llt, 1, FST_MAX_LLT_MS), 0 },
#endif /* CONFIG_FST */
  { INT_RANGE(cert_in_cb, 0, 1), 0 },
  { INT_RANGE(wpa_rsc_relaxation, 0, 1), 0 },
  { STR(sched_scan_plans), CFG_CHANGED_SCHED_SCAN_PLANS },
#ifdef CONFIG_MBO
  { STR(non_pref_chan), 0 },
  { INT_RANGE(mbo_cell_capa, MBO_CELL_CAPA_AVAILABLE,
        MBO_CELL_CAPA_NOT_SUPPORTED), 0 },
  { INT_RANGE(disassoc_imminent_rssi_threshold, -120, 0), 0 },
  { INT_RANGE(oce, 0, 3), 0 },
#endif /* CONFIG_MBO */
  { INT(gas_address3), 0 },
  { INT_RANGE(ftm_responder, 0, 1), 0 },
  { INT_RANGE(ftm_initiator, 0, 1), 0 },
  { INT(gas_rand_addr_lifetime), 0 },
  { INT_RANGE(gas_rand_mac_addr, 0, 2), 0 },
#ifdef CONFIG_DPP
  { INT_RANGE(dpp_config_processing, 0, 2), 0 },
  { STR(dpp_name), 0 },
  { STR(dpp_mud_url), 0 },
  { STR(dpp_extra_conf_req_name), 0 },
  { STR(dpp_extra_conf_req_value), 0 },
  { INT_RANGE(dpp_connector_privacy_default, 0, 1), 0 },
#endif /* CONFIG_DPP */
  { INT_RANGE(coloc_intf_reporting, 0, 1), 0 },
#ifdef CONFIG_WNM
  { INT_RANGE(disable_btm, 0, 1), CFG_CHANGED_DISABLE_BTM },
  { INT_RANGE(extended_key_id, 0, 1), 0 },
#endif /* CONFIG_WNM */
  { INT_RANGE(wowlan_disconnect_on_deinit, 0, 1), 0},
#ifdef CONFIG_PASN
#ifdef CONFIG_TESTING_OPTIONS
  { INT_RANGE(force_kdk_derivation, 0, 1), 0 },
  { INT_RANGE(pasn_corrupt_mic, 0, 1), 0 },
#endif /* CONFIG_TESTING_OPTIONS */
#endif /* CONFIG_PASN */
};

#undef FUNC
#undef _INT
#undef INT
#undef INT_RANGE
#undef _STR
#undef STR
#undef STR_RANGE
#undef BIN
#undef IPV4
#define NUM_GLOBAL_FIELDS ARRAY_SIZE(global_fields)


int wpa_config_dump_values(struct wpa_config *config, char *buf, size_t buflen)
{
  int result = 0;
  size_t i;

  for (i = 0; i < NUM_GLOBAL_FIELDS; i++) {
    const struct global_parse_data *field = &global_fields[i];
    int tmp;

    if (!field->get)
      continue;

    tmp = field->get(field->name, config, (long) field->param1,
         buf, buflen, 1);
    if (tmp < 0)
      return -1;
    buf += tmp;
    buflen -= tmp;
    result += tmp;
  }
  return result;
}


int wpa_config_get_value(const char *name, struct wpa_config *config,
       char *buf, size_t buflen)
{
  size_t i;

  for (i = 0; i < NUM_GLOBAL_FIELDS; i++) {
    const struct global_parse_data *field = &global_fields[i];

    if (os_strcmp(name, field->name) != 0)
      continue;
    if (!field->get)
      break;
    return field->get(name, config, (long) field->param1,
          buf, buflen, 0);
  }

  return -1;
}


int wpa_config_get_num_global_field_names(void)
{
  return NUM_GLOBAL_FIELDS;
}


const char * wpa_config_get_global_field_name(unsigned int i, int *no_var)
{
  if (i >= NUM_GLOBAL_FIELDS)
    return NULL;

  if (no_var)
    *no_var = !global_fields[i].param1;
  return global_fields[i].name;
}


/**
 * wpa_config_process_global - Set a variable in global configuration
 * @config: Pointer to global configuration data
 * @pos: Name and value in the format "{name}={value}"
 * @line: Line number in configuration file or 0 if not used
 * Returns: 0 on success with a possible change in value, 1 on success with no
 * change to previously configured value, or -1 on failure
 *
 * This function can be used to set global configuration variables based on
 * both the configuration file and management interface input. The value
 * parameter must be in the same format as the text-based configuration file is
 * using. For example, strings are using double quotation marks.
 */
int wpa_config_process_global(struct wpa_config *config, char *pos, int line)
{
  size_t i;
  int ret = 0;

  for (i = 0; i < NUM_GLOBAL_FIELDS; i++) {
    const struct global_parse_data *field = &global_fields[i];
    size_t flen = os_strlen(field->name);
    if (os_strncmp(pos, field->name, flen) != 0 ||
        pos[flen] != '=')
      continue;

    ret = field->parser(field, config, line, pos + flen + 1);
    if (ret < 0) {
      wpa_printf(MSG_ERROR, "Line %d: failed to "
           "parse '%s'.", line, pos);
      ret = -1;
    }
    if (ret == 1)
      break;
    if (field->changed_flag == CFG_CHANGED_NFC_PASSWORD_TOKEN)
      config->wps_nfc_pw_from_config = 1;
    config->changed_parameters |= field->changed_flag;
    break;
  }
  if (i == NUM_GLOBAL_FIELDS) {
#ifdef CONFIG_AP
    if (os_strncmp(pos, "tx_queue_", 9) == 0) {
      char *tmp = os_strchr(pos, '=');

      if (!tmp) {
        if (line < 0)
          wpa_printf(MSG_ERROR,
               "Line %d: invalid line %s",
               line, pos);
        return -1;
      }
      *tmp++ = '\0';
      if (hostapd_config_tx_queue(config->tx_queue, pos,
                tmp)) {
        wpa_printf(MSG_ERROR,
             "Line %d: invalid TX queue item",
             line);
        return -1;
      }
    }

    if (os_strncmp(pos, "wmm_ac_", 7) == 0) {
      char *tmp = os_strchr(pos, '=');
      if (tmp == NULL) {
        if (line < 0)
          return -1;
        wpa_printf(MSG_ERROR, "Line %d: invalid line "
             "'%s'", line, pos);
        return -1;
      }
      *tmp++ = '\0';
      if (hostapd_config_wmm_ac(config->wmm_ac_params, pos,
              tmp)) {
        wpa_printf(MSG_ERROR, "Line %d: invalid WMM "
             "AC item", line);
        return -1;
      }
      return ret;
    }
#endif /* CONFIG_AP */
    if (line < 0)
      return -1;
    wpa_printf(MSG_ERROR, "Line %d: unknown global field '%s'.",
         line, pos);
    ret = -1;
  }

  return ret;
}

Coverage Report

Created: 2023-03-26 06:22