Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 9 Dec 2018 06:45:49 +0000 (UTC)
From:      Cy Schubert <cy@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org
Subject:   svn commit: r341759 - in head: contrib/wpa contrib/wpa/hostapd contrib/wpa/hs20/client contrib/wpa/src/ap contrib/wpa/src/common contrib/wpa/src/crypto contrib/wpa/src/drivers contrib/wpa/src/eap_c...
Message-ID:  <201812090645.wB96jnso066329@repo.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: cy
Date: Sun Dec  9 06:45:49 2018
New Revision: 341759
URL: https://svnweb.freebsd.org/changeset/base/341759

Log:
  MFV r341618:
  
  Update wpa 2.6 --> 2.7.

Added:
  head/contrib/wpa/src/ap/dpp_hostapd.c
     - copied unchanged from r341619, vendor/wpa/dist/src/ap/dpp_hostapd.c
  head/contrib/wpa/src/ap/dpp_hostapd.h
     - copied unchanged from r341619, vendor/wpa/dist/src/ap/dpp_hostapd.h
  head/contrib/wpa/src/ap/eth_p_oui.c
     - copied unchanged from r341619, vendor/wpa/dist/src/ap/eth_p_oui.c
  head/contrib/wpa/src/ap/eth_p_oui.h
     - copied unchanged from r341619, vendor/wpa/dist/src/ap/eth_p_oui.h
  head/contrib/wpa/src/ap/fils_hlp.c
     - copied unchanged from r341619, vendor/wpa/dist/src/ap/fils_hlp.c
  head/contrib/wpa/src/ap/fils_hlp.h
     - copied unchanged from r341619, vendor/wpa/dist/src/ap/fils_hlp.h
  head/contrib/wpa/src/ap/gas_query_ap.c
     - copied unchanged from r341619, vendor/wpa/dist/src/ap/gas_query_ap.c
  head/contrib/wpa/src/ap/gas_query_ap.h
     - copied unchanged from r341619, vendor/wpa/dist/src/ap/gas_query_ap.h
  head/contrib/wpa/src/ap/ieee802_11_he.c
     - copied unchanged from r341619, vendor/wpa/dist/src/ap/ieee802_11_he.c
  head/contrib/wpa/src/common/dhcp.h
     - copied, changed from r341619, vendor/wpa/dist/src/common/dhcp.h
  head/contrib/wpa/src/common/dpp.c
     - copied unchanged from r341619, vendor/wpa/dist/src/common/dpp.c
  head/contrib/wpa/src/common/dpp.h
     - copied unchanged from r341619, vendor/wpa/dist/src/common/dpp.h
  head/contrib/wpa/src/common/gas_server.c
     - copied unchanged from r341619, vendor/wpa/dist/src/common/gas_server.c
  head/contrib/wpa/src/common/gas_server.h
     - copied unchanged from r341619, vendor/wpa/dist/src/common/gas_server.h
  head/contrib/wpa/src/crypto/crypto_linux.c
     - copied unchanged from r341619, vendor/wpa/dist/src/crypto/crypto_linux.c
  head/contrib/wpa/src/crypto/crypto_nettle.c
     - copied unchanged from r341619, vendor/wpa/dist/src/crypto/crypto_nettle.c
  head/contrib/wpa/src/crypto/crypto_wolfssl.c
     - copied unchanged from r341619, vendor/wpa/dist/src/crypto/crypto_wolfssl.c
  head/contrib/wpa/src/crypto/fips_prf_wolfssl.c
     - copied unchanged from r341619, vendor/wpa/dist/src/crypto/fips_prf_wolfssl.c
  head/contrib/wpa/src/crypto/sha384-kdf.c
     - copied unchanged from r341619, vendor/wpa/dist/src/crypto/sha384-kdf.c
  head/contrib/wpa/src/crypto/sha384.c
     - copied unchanged from r341619, vendor/wpa/dist/src/crypto/sha384.c
  head/contrib/wpa/src/crypto/sha512-kdf.c
     - copied unchanged from r341619, vendor/wpa/dist/src/crypto/sha512-kdf.c
  head/contrib/wpa/src/crypto/sha512-prf.c
     - copied unchanged from r341619, vendor/wpa/dist/src/crypto/sha512-prf.c
  head/contrib/wpa/src/crypto/sha512.h
     - copied unchanged from r341619, vendor/wpa/dist/src/crypto/sha512.h
  head/contrib/wpa/src/crypto/tls_wolfssl.c
     - copied unchanged from r341619, vendor/wpa/dist/src/crypto/tls_wolfssl.c
  head/contrib/wpa/src/drivers/driver_macsec_linux.c
     - copied unchanged from r341619, vendor/wpa/dist/src/drivers/driver_macsec_linux.c
  head/contrib/wpa/src/drivers/driver_wired_common.c
     - copied unchanged from r341619, vendor/wpa/dist/src/drivers/driver_wired_common.c
  head/contrib/wpa/src/drivers/driver_wired_common.h
     - copied unchanged from r341619, vendor/wpa/dist/src/drivers/driver_wired_common.h
  head/contrib/wpa/src/utils/crc32.c
     - copied unchanged from r341619, vendor/wpa/dist/src/utils/crc32.c
  head/contrib/wpa/src/utils/crc32.h
     - copied unchanged from r341619, vendor/wpa/dist/src/utils/crc32.h
  head/contrib/wpa/src/utils/json.c
     - copied unchanged from r341619, vendor/wpa/dist/src/utils/json.c
  head/contrib/wpa/src/utils/json.h
     - copied unchanged from r341619, vendor/wpa/dist/src/utils/json.h
  head/contrib/wpa/wpa_supplicant/dpp_supplicant.c
     - copied unchanged from r341619, vendor/wpa/dist/wpa_supplicant/dpp_supplicant.c
  head/contrib/wpa/wpa_supplicant/dpp_supplicant.h
     - copied unchanged from r341619, vendor/wpa/dist/wpa_supplicant/dpp_supplicant.h
  head/contrib/wpa/wpa_supplicant/examples/dpp-qrcode.py
     - copied unchanged from r341619, vendor/wpa/dist/wpa_supplicant/examples/dpp-qrcode.py
  head/contrib/wpa/wpa_supplicant/op_classes.c
     - copied unchanged from r341619, vendor/wpa/dist/wpa_supplicant/op_classes.c
  head/contrib/wpa/wpa_supplicant/rrm.c
     - copied unchanged from r341619, vendor/wpa/dist/wpa_supplicant/rrm.c
Deleted:
  head/contrib/wpa/src/ap/peerkey_auth.c
  head/contrib/wpa/src/rsn_supp/peerkey.c
  head/contrib/wpa/src/rsn_supp/peerkey.h
Modified:
  head/contrib/wpa/CONTRIBUTIONS
  head/contrib/wpa/COPYING
  head/contrib/wpa/README
  head/contrib/wpa/hostapd/ChangeLog
  head/contrib/wpa/hostapd/README
  head/contrib/wpa/hostapd/config_file.c
  head/contrib/wpa/hostapd/config_file.h
  head/contrib/wpa/hostapd/ctrl_iface.c
  head/contrib/wpa/hostapd/defconfig
  head/contrib/wpa/hostapd/hlr_auc_gw.c
  head/contrib/wpa/hostapd/hostapd.conf
  head/contrib/wpa/hostapd/hostapd.eap_user_sqlite
  head/contrib/wpa/hostapd/hostapd_cli.c
  head/contrib/wpa/hostapd/main.c
  head/contrib/wpa/hs20/client/est.c
  head/contrib/wpa/hs20/client/oma_dm_client.c
  head/contrib/wpa/hs20/client/osu_client.c
  head/contrib/wpa/hs20/client/osu_client.h
  head/contrib/wpa/src/ap/acs.c
  head/contrib/wpa/src/ap/acs.h
  head/contrib/wpa/src/ap/ap_config.c
  head/contrib/wpa/src/ap/ap_config.h
  head/contrib/wpa/src/ap/ap_drv_ops.c
  head/contrib/wpa/src/ap/ap_drv_ops.h
  head/contrib/wpa/src/ap/ap_mlme.c
  head/contrib/wpa/src/ap/authsrv.c
  head/contrib/wpa/src/ap/beacon.c
  head/contrib/wpa/src/ap/beacon.h
  head/contrib/wpa/src/ap/bss_load.c
  head/contrib/wpa/src/ap/ctrl_iface_ap.c
  head/contrib/wpa/src/ap/ctrl_iface_ap.h
  head/contrib/wpa/src/ap/dfs.c
  head/contrib/wpa/src/ap/dfs.h
  head/contrib/wpa/src/ap/dhcp_snoop.c
  head/contrib/wpa/src/ap/drv_callbacks.c
  head/contrib/wpa/src/ap/eap_user_db.c
  head/contrib/wpa/src/ap/gas_serv.c
  head/contrib/wpa/src/ap/gas_serv.h
  head/contrib/wpa/src/ap/hostapd.c
  head/contrib/wpa/src/ap/hostapd.h
  head/contrib/wpa/src/ap/hs20.c
  head/contrib/wpa/src/ap/hs20.h
  head/contrib/wpa/src/ap/hw_features.c
  head/contrib/wpa/src/ap/ieee802_11.c
  head/contrib/wpa/src/ap/ieee802_11.h
  head/contrib/wpa/src/ap/ieee802_11_auth.c
  head/contrib/wpa/src/ap/ieee802_11_auth.h
  head/contrib/wpa/src/ap/ieee802_11_ht.c
  head/contrib/wpa/src/ap/ieee802_11_shared.c
  head/contrib/wpa/src/ap/ieee802_11_vht.c
  head/contrib/wpa/src/ap/ieee802_1x.c
  head/contrib/wpa/src/ap/ieee802_1x.h
  head/contrib/wpa/src/ap/ndisc_snoop.c
  head/contrib/wpa/src/ap/neighbor_db.c
  head/contrib/wpa/src/ap/neighbor_db.h
  head/contrib/wpa/src/ap/pmksa_cache_auth.c
  head/contrib/wpa/src/ap/pmksa_cache_auth.h
  head/contrib/wpa/src/ap/rrm.c
  head/contrib/wpa/src/ap/rrm.h
  head/contrib/wpa/src/ap/sta_info.c
  head/contrib/wpa/src/ap/sta_info.h
  head/contrib/wpa/src/ap/taxonomy.c
  head/contrib/wpa/src/ap/tkip_countermeasures.c
  head/contrib/wpa/src/ap/vlan_init.c
  head/contrib/wpa/src/ap/wmm.c
  head/contrib/wpa/src/ap/wnm_ap.c
  head/contrib/wpa/src/ap/wnm_ap.h
  head/contrib/wpa/src/ap/wpa_auth.c
  head/contrib/wpa/src/ap/wpa_auth.h
  head/contrib/wpa/src/ap/wpa_auth_ft.c
  head/contrib/wpa/src/ap/wpa_auth_glue.c
  head/contrib/wpa/src/ap/wpa_auth_i.h
  head/contrib/wpa/src/ap/wpa_auth_ie.c
  head/contrib/wpa/src/ap/wpa_auth_ie.h
  head/contrib/wpa/src/ap/wps_hostapd.c
  head/contrib/wpa/src/common/common_module_tests.c
  head/contrib/wpa/src/common/ctrl_iface_common.c
  head/contrib/wpa/src/common/ctrl_iface_common.h
  head/contrib/wpa/src/common/defs.h
  head/contrib/wpa/src/common/gas.c
  head/contrib/wpa/src/common/gas.h
  head/contrib/wpa/src/common/hw_features_common.c
  head/contrib/wpa/src/common/hw_features_common.h
  head/contrib/wpa/src/common/ieee802_11_common.c
  head/contrib/wpa/src/common/ieee802_11_common.h
  head/contrib/wpa/src/common/ieee802_11_defs.h
  head/contrib/wpa/src/common/ieee802_1x_defs.h
  head/contrib/wpa/src/common/privsep_commands.h
  head/contrib/wpa/src/common/qca-vendor.h
  head/contrib/wpa/src/common/sae.c
  head/contrib/wpa/src/common/sae.h
  head/contrib/wpa/src/common/version.h
  head/contrib/wpa/src/common/wpa_common.c
  head/contrib/wpa/src/common/wpa_common.h
  head/contrib/wpa/src/common/wpa_ctrl.h
  head/contrib/wpa/src/common/wpa_helpers.c
  head/contrib/wpa/src/crypto/aes-ctr.c
  head/contrib/wpa/src/crypto/aes-internal-dec.c
  head/contrib/wpa/src/crypto/aes-internal-enc.c
  head/contrib/wpa/src/crypto/aes-siv.c
  head/contrib/wpa/src/crypto/aes.h
  head/contrib/wpa/src/crypto/aes_siv.h
  head/contrib/wpa/src/crypto/aes_wrap.h
  head/contrib/wpa/src/crypto/crypto.h
  head/contrib/wpa/src/crypto/crypto_gnutls.c
  head/contrib/wpa/src/crypto/crypto_internal-modexp.c
  head/contrib/wpa/src/crypto/crypto_libtomcrypt.c
  head/contrib/wpa/src/crypto/crypto_module_tests.c
  head/contrib/wpa/src/crypto/crypto_none.c
  head/contrib/wpa/src/crypto/crypto_openssl.c
  head/contrib/wpa/src/crypto/des-internal.c
  head/contrib/wpa/src/crypto/dh_groups.c
  head/contrib/wpa/src/crypto/ms_funcs.c
  head/contrib/wpa/src/crypto/ms_funcs.h
  head/contrib/wpa/src/crypto/random.c
  head/contrib/wpa/src/crypto/sha1-internal.c
  head/contrib/wpa/src/crypto/sha256-internal.c
  head/contrib/wpa/src/crypto/sha256-kdf.c
  head/contrib/wpa/src/crypto/sha384-prf.c
  head/contrib/wpa/src/crypto/sha384.h
  head/contrib/wpa/src/crypto/tls.h
  head/contrib/wpa/src/crypto/tls_gnutls.c
  head/contrib/wpa/src/crypto/tls_internal.c
  head/contrib/wpa/src/crypto/tls_none.c
  head/contrib/wpa/src/crypto/tls_openssl.c
  head/contrib/wpa/src/drivers/driver.h
  head/contrib/wpa/src/drivers/driver_common.c
  head/contrib/wpa/src/drivers/driver_macsec_qca.c
  head/contrib/wpa/src/drivers/driver_ndis.c
  head/contrib/wpa/src/drivers/driver_nl80211.h
  head/contrib/wpa/src/drivers/driver_nl80211_capa.c
  head/contrib/wpa/src/drivers/driver_nl80211_event.c
  head/contrib/wpa/src/drivers/driver_nl80211_monitor.c
  head/contrib/wpa/src/drivers/driver_nl80211_scan.c
  head/contrib/wpa/src/drivers/driver_privsep.c
  head/contrib/wpa/src/drivers/driver_wired.c
  head/contrib/wpa/src/drivers/drivers.c
  head/contrib/wpa/src/eap_common/eap_eke_common.c
  head/contrib/wpa/src/eap_common/eap_fast_common.c
  head/contrib/wpa/src/eap_common/eap_pwd_common.c
  head/contrib/wpa/src/eap_common/eap_pwd_common.h
  head/contrib/wpa/src/eap_common/eap_sim_common.c
  head/contrib/wpa/src/eap_peer/eap.c
  head/contrib/wpa/src/eap_peer/eap.h
  head/contrib/wpa/src/eap_peer/eap_aka.c
  head/contrib/wpa/src/eap_peer/eap_config.h
  head/contrib/wpa/src/eap_peer/eap_eke.c
  head/contrib/wpa/src/eap_peer/eap_fast.c
  head/contrib/wpa/src/eap_peer/eap_fast_pac.c
  head/contrib/wpa/src/eap_peer/eap_gpsk.c
  head/contrib/wpa/src/eap_peer/eap_i.h
  head/contrib/wpa/src/eap_peer/eap_ikev2.c
  head/contrib/wpa/src/eap_peer/eap_leap.c
  head/contrib/wpa/src/eap_peer/eap_mschapv2.c
  head/contrib/wpa/src/eap_peer/eap_pax.c
  head/contrib/wpa/src/eap_peer/eap_peap.c
  head/contrib/wpa/src/eap_peer/eap_proxy.h
  head/contrib/wpa/src/eap_peer/eap_proxy_dummy.c
  head/contrib/wpa/src/eap_peer/eap_psk.c
  head/contrib/wpa/src/eap_peer/eap_pwd.c
  head/contrib/wpa/src/eap_peer/eap_sake.c
  head/contrib/wpa/src/eap_peer/eap_sim.c
  head/contrib/wpa/src/eap_peer/eap_tls.c
  head/contrib/wpa/src/eap_peer/eap_tls_common.c
  head/contrib/wpa/src/eap_peer/eap_tls_common.h
  head/contrib/wpa/src/eap_peer/eap_ttls.c
  head/contrib/wpa/src/eap_peer/ikev2.c
  head/contrib/wpa/src/eap_peer/tncc.c
  head/contrib/wpa/src/eap_server/eap.h
  head/contrib/wpa/src/eap_server/eap_i.h
  head/contrib/wpa/src/eap_server/eap_server.c
  head/contrib/wpa/src/eap_server/eap_server_aka.c
  head/contrib/wpa/src/eap_server/eap_server_eke.c
  head/contrib/wpa/src/eap_server/eap_server_fast.c
  head/contrib/wpa/src/eap_server/eap_server_gpsk.c
  head/contrib/wpa/src/eap_server/eap_server_gtc.c
  head/contrib/wpa/src/eap_server/eap_server_ikev2.c
  head/contrib/wpa/src/eap_server/eap_server_mschapv2.c
  head/contrib/wpa/src/eap_server/eap_server_pax.c
  head/contrib/wpa/src/eap_server/eap_server_psk.c
  head/contrib/wpa/src/eap_server/eap_server_pwd.c
  head/contrib/wpa/src/eap_server/eap_server_sake.c
  head/contrib/wpa/src/eap_server/eap_server_sim.c
  head/contrib/wpa/src/eap_server/eap_server_tls.c
  head/contrib/wpa/src/eap_server/eap_server_tls_common.c
  head/contrib/wpa/src/eap_server/eap_server_ttls.c
  head/contrib/wpa/src/eap_server/eap_server_wsc.c
  head/contrib/wpa/src/eap_server/eap_tls_common.h
  head/contrib/wpa/src/eap_server/ikev2.c
  head/contrib/wpa/src/eap_server/tncs.c
  head/contrib/wpa/src/eapol_auth/eapol_auth_sm.c
  head/contrib/wpa/src/eapol_auth/eapol_auth_sm.h
  head/contrib/wpa/src/eapol_supp/eapol_supp_sm.c
  head/contrib/wpa/src/eapol_supp/eapol_supp_sm.h
  head/contrib/wpa/src/fst/fst_ctrl_aux.h
  head/contrib/wpa/src/fst/fst_ctrl_iface.c
  head/contrib/wpa/src/fst/fst_group.c
  head/contrib/wpa/src/fst/fst_iface.h
  head/contrib/wpa/src/fst/fst_session.c
  head/contrib/wpa/src/l2_packet/l2_packet.h
  head/contrib/wpa/src/l2_packet/l2_packet_privsep.c
  head/contrib/wpa/src/p2p/p2p.c
  head/contrib/wpa/src/p2p/p2p.h
  head/contrib/wpa/src/p2p/p2p_go_neg.c
  head/contrib/wpa/src/p2p/p2p_group.c
  head/contrib/wpa/src/p2p/p2p_i.h
  head/contrib/wpa/src/p2p/p2p_pd.c
  head/contrib/wpa/src/p2p/p2p_sd.c
  head/contrib/wpa/src/pae/ieee802_1x_cp.c
  head/contrib/wpa/src/pae/ieee802_1x_kay.c
  head/contrib/wpa/src/pae/ieee802_1x_kay.h
  head/contrib/wpa/src/pae/ieee802_1x_kay_i.h
  head/contrib/wpa/src/pae/ieee802_1x_secy_ops.c
  head/contrib/wpa/src/pae/ieee802_1x_secy_ops.h
  head/contrib/wpa/src/radius/radius.c
  head/contrib/wpa/src/radius/radius.h
  head/contrib/wpa/src/radius/radius_client.c
  head/contrib/wpa/src/radius/radius_das.c
  head/contrib/wpa/src/radius/radius_das.h
  head/contrib/wpa/src/radius/radius_server.c
  head/contrib/wpa/src/radius/radius_server.h
  head/contrib/wpa/src/rsn_supp/pmksa_cache.c
  head/contrib/wpa/src/rsn_supp/pmksa_cache.h
  head/contrib/wpa/src/rsn_supp/preauth.c
  head/contrib/wpa/src/rsn_supp/tdls.c
  head/contrib/wpa/src/rsn_supp/wpa.c
  head/contrib/wpa/src/rsn_supp/wpa.h
  head/contrib/wpa/src/rsn_supp/wpa_ft.c
  head/contrib/wpa/src/rsn_supp/wpa_i.h
  head/contrib/wpa/src/rsn_supp/wpa_ie.c
  head/contrib/wpa/src/rsn_supp/wpa_ie.h
  head/contrib/wpa/src/tls/libtommath.c
  head/contrib/wpa/src/tls/rsa.c
  head/contrib/wpa/src/tls/tlsv1_client.c
  head/contrib/wpa/src/tls/tlsv1_client_read.c
  head/contrib/wpa/src/tls/tlsv1_common.c
  head/contrib/wpa/src/tls/tlsv1_cred.c
  head/contrib/wpa/src/tls/tlsv1_server.c
  head/contrib/wpa/src/tls/x509v3.c
  head/contrib/wpa/src/utils/base64.c
  head/contrib/wpa/src/utils/base64.h
  head/contrib/wpa/src/utils/browser-wpadebug.c
  head/contrib/wpa/src/utils/common.c
  head/contrib/wpa/src/utils/common.h
  head/contrib/wpa/src/utils/eloop.h
  head/contrib/wpa/src/utils/http_curl.c
  head/contrib/wpa/src/utils/os.h
  head/contrib/wpa/src/utils/os_none.c
  head/contrib/wpa/src/utils/os_unix.c
  head/contrib/wpa/src/utils/os_win32.c
  head/contrib/wpa/src/utils/trace.c
  head/contrib/wpa/src/utils/utils_module_tests.c
  head/contrib/wpa/src/utils/uuid.c
  head/contrib/wpa/src/utils/uuid.h
  head/contrib/wpa/src/utils/wpa_debug.c
  head/contrib/wpa/src/utils/wpa_debug.h
  head/contrib/wpa/src/utils/wpabuf.c
  head/contrib/wpa/src/utils/xml-utils.c
  head/contrib/wpa/src/wps/wps.c
  head/contrib/wpa/src/wps/wps_common.c
  head/contrib/wpa/src/wps/wps_er.c
  head/contrib/wpa/src/wps/wps_registrar.c
  head/contrib/wpa/wpa_supplicant/Android.mk
  head/contrib/wpa/wpa_supplicant/ChangeLog
  head/contrib/wpa/wpa_supplicant/README
  head/contrib/wpa/wpa_supplicant/README-HS20
  head/contrib/wpa/wpa_supplicant/android.config
  head/contrib/wpa/wpa_supplicant/ap.c
  head/contrib/wpa/wpa_supplicant/ap.h
  head/contrib/wpa/wpa_supplicant/autoscan.c
  head/contrib/wpa/wpa_supplicant/bgscan.c
  head/contrib/wpa/wpa_supplicant/bgscan_learn.c
  head/contrib/wpa/wpa_supplicant/bgscan_simple.c
  head/contrib/wpa/wpa_supplicant/bss.c
  head/contrib/wpa/wpa_supplicant/bss.h
  head/contrib/wpa/wpa_supplicant/config.c
  head/contrib/wpa/wpa_supplicant/config.h
  head/contrib/wpa/wpa_supplicant/config_file.c
  head/contrib/wpa/wpa_supplicant/config_ssid.h
  head/contrib/wpa/wpa_supplicant/ctrl_iface.c
  head/contrib/wpa/wpa_supplicant/ctrl_iface_named_pipe.c
  head/contrib/wpa/wpa_supplicant/ctrl_iface_udp.c
  head/contrib/wpa/wpa_supplicant/ctrl_iface_unix.c
  head/contrib/wpa/wpa_supplicant/dbus/dbus_new.c
  head/contrib/wpa/wpa_supplicant/dbus/dbus_new.h
  head/contrib/wpa/wpa_supplicant/dbus/dbus_new_handlers.c
  head/contrib/wpa/wpa_supplicant/dbus/dbus_new_handlers.h
  head/contrib/wpa/wpa_supplicant/dbus/dbus_new_handlers_p2p.c
  head/contrib/wpa/wpa_supplicant/dbus/dbus_new_handlers_wps.c
  head/contrib/wpa/wpa_supplicant/defconfig
  head/contrib/wpa/wpa_supplicant/driver_i.h
  head/contrib/wpa/wpa_supplicant/events.c
  head/contrib/wpa/wpa_supplicant/examples/wps-ap-cli
  head/contrib/wpa/wpa_supplicant/gas_query.c
  head/contrib/wpa/wpa_supplicant/gas_query.h
  head/contrib/wpa/wpa_supplicant/hs20_supplicant.c
  head/contrib/wpa/wpa_supplicant/hs20_supplicant.h
  head/contrib/wpa/wpa_supplicant/ibss_rsn.c
  head/contrib/wpa/wpa_supplicant/interworking.c
  head/contrib/wpa/wpa_supplicant/interworking.h
  head/contrib/wpa/wpa_supplicant/mbo.c
  head/contrib/wpa/wpa_supplicant/mesh.c
  head/contrib/wpa/wpa_supplicant/mesh_mpm.c
  head/contrib/wpa/wpa_supplicant/mesh_rsn.c
  head/contrib/wpa/wpa_supplicant/notify.c
  head/contrib/wpa/wpa_supplicant/notify.h
  head/contrib/wpa/wpa_supplicant/offchannel.c
  head/contrib/wpa/wpa_supplicant/p2p_supplicant.c
  head/contrib/wpa/wpa_supplicant/preauth_test.c
  head/contrib/wpa/wpa_supplicant/scan.c
  head/contrib/wpa/wpa_supplicant/sme.c
  head/contrib/wpa/wpa_supplicant/sme.h
  head/contrib/wpa/wpa_supplicant/wifi_display.c
  head/contrib/wpa/wpa_supplicant/wmm_ac.c
  head/contrib/wpa/wpa_supplicant/wnm_sta.c
  head/contrib/wpa/wpa_supplicant/wnm_sta.h
  head/contrib/wpa/wpa_supplicant/wpa_cli.c
  head/contrib/wpa/wpa_supplicant/wpa_passphrase.c
  head/contrib/wpa/wpa_supplicant/wpa_priv.c
  head/contrib/wpa/wpa_supplicant/wpa_supplicant.c
  head/contrib/wpa/wpa_supplicant/wpa_supplicant.conf
  head/contrib/wpa/wpa_supplicant/wpa_supplicant_i.h
  head/contrib/wpa/wpa_supplicant/wpa_supplicant_template.conf
  head/contrib/wpa/wpa_supplicant/wpas_glue.c
  head/contrib/wpa/wpa_supplicant/wpas_kay.c
  head/contrib/wpa/wpa_supplicant/wpas_kay.h
  head/contrib/wpa/wpa_supplicant/wps_supplicant.c
  head/usr.sbin/wpa/Makefile.crypto
  head/usr.sbin/wpa/Makefile.inc
  head/usr.sbin/wpa/hostapd/Makefile
  head/usr.sbin/wpa/wpa_cli/Makefile
  head/usr.sbin/wpa/wpa_supplicant/Makefile
Directory Properties:
  head/contrib/wpa/   (props changed)

Modified: head/contrib/wpa/CONTRIBUTIONS
==============================================================================
--- head/contrib/wpa/CONTRIBUTIONS	Sun Dec  9 06:42:06 2018	(r341758)
+++ head/contrib/wpa/CONTRIBUTIONS	Sun Dec  9 06:45:49 2018	(r341759)
@@ -140,7 +140,7 @@ The license terms used for hostap.git files
 
 Modified BSD license (no advertisement clause):
 
-Copyright (c) 2002-2016, Jouni Malinen <j@w1.fi> and contributors
+Copyright (c) 2002-2018, Jouni Malinen <j@w1.fi> and contributors
 All Rights Reserved.
 
 Redistribution and use in source and binary forms, with or without

Modified: head/contrib/wpa/COPYING
==============================================================================
--- head/contrib/wpa/COPYING	Sun Dec  9 06:42:06 2018	(r341758)
+++ head/contrib/wpa/COPYING	Sun Dec  9 06:45:49 2018	(r341759)
@@ -1,7 +1,7 @@
 wpa_supplicant and hostapd
 --------------------------
 
-Copyright (c) 2002-2016, Jouni Malinen <j@w1.fi> and contributors
+Copyright (c) 2002-2018, Jouni Malinen <j@w1.fi> and contributors
 All Rights Reserved.
 
 

Modified: head/contrib/wpa/README
==============================================================================
--- head/contrib/wpa/README	Sun Dec  9 06:42:06 2018	(r341758)
+++ head/contrib/wpa/README	Sun Dec  9 06:45:49 2018	(r341759)
@@ -1,7 +1,7 @@
 wpa_supplicant and hostapd
 --------------------------
 
-Copyright (c) 2002-2016, Jouni Malinen <j@w1.fi> and contributors
+Copyright (c) 2002-2018, Jouni Malinen <j@w1.fi> and contributors
 All Rights Reserved.
 
 These programs are licensed under the BSD license (the one with

Modified: head/contrib/wpa/hostapd/ChangeLog
==============================================================================
--- head/contrib/wpa/hostapd/ChangeLog	Sun Dec  9 06:42:06 2018	(r341758)
+++ head/contrib/wpa/hostapd/ChangeLog	Sun Dec  9 06:45:49 2018	(r341759)
@@ -1,5 +1,60 @@
 ChangeLog for hostapd
 
+2018-12-02 - v2.7
+	* fixed WPA packet number reuse with replayed messages and key
+	  reinstallation
+	  [http://w1.fi/security/2017-1/] (CVE-2017-13082)
+	* added support for FILS (IEEE 802.11ai) shared key authentication
+	* added support for OWE (Opportunistic Wireless Encryption, RFC 8110;
+	  and transition mode defined by WFA)
+	* added support for DPP (Wi-Fi Device Provisioning Protocol)
+	* FT:
+	  - added local generation of PMK-R0/PMK-R1 for FT-PSK
+	    (ft_psk_generate_local=1)
+	  - replaced inter-AP protocol with a cleaner design that is more
+	    easily extensible; this breaks backward compatibility and requires
+	    all APs in the ESS to be updated at the same time to maintain FT
+	    functionality
+	  - added support for wildcard R0KH/R1KH
+	  - replaced r0_key_lifetime (minutes) parameter with
+	    ft_r0_key_lifetime (seconds)
+	  - fixed wpa_psk_file use for FT-PSK
+	  - fixed FT-SAE PMKID matching
+	  - added expiration to PMK-R0 and PMK-R1 cache
+	  - added IEEE VLAN support (including tagged VLANs)
+	  - added support for SHA384 based AKM
+	* SAE
+	  - fixed some PMKSA caching cases with SAE
+	  - added support for configuring SAE password separately of the
+	    WPA2 PSK/passphrase
+	  - added option to require MFP for SAE associations
+	    (sae_require_pmf=1)
+	  - fixed PTK and EAPOL-Key integrity and key-wrap algorithm selection
+	    for SAE;
+	    note: this is not backwards compatible, i.e., both the AP and
+	    station side implementations will need to be update at the same
+	    time to maintain interoperability
+	  - added support for Password Identifier
+	* hostapd_cli: added support for command history and completion
+	* added support for requesting beacon report
+	* large number of other fixes, cleanup, and extensions
+	* added option to configure EAPOL-Key retry limits
+	  (wpa_group_update_count and wpa_pairwise_update_count)
+	* removed all PeerKey functionality
+	* fixed nl80211 AP mode configuration regression with Linux 4.15 and
+	  newer
+	* added support for using wolfSSL cryptographic library
+	* fixed some 20/40 MHz coexistence cases where the BSS could drop to
+	  20 MHz even when 40 MHz would be allowed
+	* Hotspot 2.0
+	  - added support for setting Venue URL ANQP-element (venue_url)
+	  - added support for advertising Hotspot 2.0 operator icons
+	  - added support for Roaming Consortium Selection element
+	  - added support for Terms and Conditions
+	  - added support for OSEN connection in a shared RSN BSS
+	* added support for using OpenSSL 1.1.1
+	* added EAP-pwd server support for salted passwords
+
 2016-10-02 - v2.6
 	* fixed EAP-pwd last fragment validation
 	  [http://w1.fi/security/2015-7/] (CVE-2015-5314)

Modified: head/contrib/wpa/hostapd/README
==============================================================================
--- head/contrib/wpa/hostapd/README	Sun Dec  9 06:42:06 2018	(r341758)
+++ head/contrib/wpa/hostapd/README	Sun Dec  9 06:45:49 2018	(r341759)
@@ -2,7 +2,7 @@ hostapd - user space IEEE 802.11 AP and IEEE 802.1X/WP
 	  Authenticator and RADIUS authentication server
 ================================================================
 
-Copyright (c) 2002-2016, Jouni Malinen <j@w1.fi> and contributors
+Copyright (c) 2002-2018, Jouni Malinen <j@w1.fi> and contributors
 All Rights Reserved.
 
 This program is licensed under the BSD license (the one with
@@ -70,7 +70,7 @@ Requirements
 Current hardware/software requirements:
 - drivers:
 	Host AP driver for Prism2/2.5/3.
-	(http://hostap.epitest.fi/)
+	(http://w1.fi/hostap-driver.html)
 	Please note that station firmware version needs to be 1.7.0 or newer
 	to work in WPA mode.
 
@@ -81,8 +81,7 @@ Current hardware/software requirements:
 	Any wired Ethernet driver for wired IEEE 802.1X authentication
 	(experimental code)
 
-	FreeBSD -current (with some kernel mods that have not yet been
-	committed when hostapd v0.3.0 was released)
+	FreeBSD -current
 	BSD net80211 layer (e.g., Atheros driver)
 
 
@@ -186,24 +185,14 @@ Authenticator and RADIUS encapsulation between the Aut
 the Authentication Server. Other than this, the functionality is similar
 to the case with the co-located Authentication Server.
 
-Authentication Server and Supplicant
-------------------------------------
+Authentication Server
+---------------------
 
 Any RADIUS server supporting EAP should be usable as an IEEE 802.1X
 Authentication Server with hostapd Authenticator. FreeRADIUS
 (http://www.freeradius.org/) has been successfully tested with hostapd
-Authenticator and both Xsupplicant (http://www.open1x.org) and Windows
-XP Supplicants. EAP/TLS was used with Xsupplicant and
-EAP/MD5-Challenge with Windows XP.
+Authenticator.
 
-http://www.missl.cs.umd.edu/wireless/eaptls/ has useful information
-about using EAP/TLS with FreeRADIUS and Xsupplicant (just replace
-Cisco access point with Host AP driver, hostapd daemon, and a Prism2
-card ;-). http://www.freeradius.org/doc/EAP-MD5.html has information
-about using EAP/MD5 with FreeRADIUS, including instructions for WinXP
-configuration. http://www.denobula.com/EAPTLS.pdf has a HOWTO on
-EAP/TLS use with WinXP Supplicant.
-
 Automatic WEP key configuration
 -------------------------------
 
@@ -243,16 +232,15 @@ networks that require some kind of security. Task grou
 of IEEE 802.11 working group (http://www.ieee802.org/11/) has worked
 to address the flaws of the base standard and has in practice
 completed its work in May 2004. The IEEE 802.11i amendment to the IEEE
-802.11 standard was approved in June 2004 and this amendment is likely
-to be published in July 2004.
+802.11 standard was approved in June 2004 and this amendment was
+published in July 2004.
 
 Wi-Fi Alliance (http://www.wi-fi.org/) used a draft version of the
 IEEE 802.11i work (draft 3.0) to define a subset of the security
 enhancements that can be implemented with existing wlan hardware. This
 is called Wi-Fi Protected Access<TM> (WPA). This has now become a
 mandatory component of interoperability testing and certification done
-by Wi-Fi Alliance. Wi-Fi provides information about WPA at its web
-site (http://www.wi-fi.org/OpenSection/protected_access.asp).
+by Wi-Fi Alliance.
 
 IEEE 802.11 standard defined wired equivalent privacy (WEP) algorithm
 for protecting wireless networks. WEP uses RC4 with 40-bit keys,

Modified: head/contrib/wpa/hostapd/config_file.c
==============================================================================
--- head/contrib/wpa/hostapd/config_file.c	Sun Dec  9 06:42:06 2018	(r341758)
+++ head/contrib/wpa/hostapd/config_file.c	Sun Dec  9 06:45:49 2018	(r341759)
@@ -1,6 +1,6 @@
 /*
  * hostapd / Configuration file parser
- * Copyright (c) 2003-2015, Jouni Malinen <j@w1.fi>
+ * Copyright (c) 2003-2018, Jouni Malinen <j@w1.fi>
  *
  * This software may be distributed under the terms of the BSD license.
  * See README for more details.
@@ -14,6 +14,8 @@
 #include "utils/common.h"
 #include "utils/uuid.h"
 #include "common/ieee802_11_defs.h"
+#include "crypto/sha256.h"
+#include "crypto/tls.h"
 #include "drivers/driver.h"
 #include "eap_server/eap.h"
 #include "radius/radius_client.h"
@@ -111,7 +113,7 @@ static int hostapd_config_read_vlan_file(struct hostap
 #endif /* CONFIG_NO_VLAN */
 
 
-static int hostapd_acl_comp(const void *a, const void *b)
+int hostapd_acl_comp(const void *a, const void *b)
 {
 	const struct mac_acl_entry *aa = a;
 	const struct mac_acl_entry *bb = b;
@@ -119,6 +121,44 @@ static int hostapd_acl_comp(const void *a, const void 
 }
 
 
+int hostapd_add_acl_maclist(struct mac_acl_entry **acl, int *num,
+			    int vlan_id, const u8 *addr)
+{
+	struct mac_acl_entry *newacl;
+
+	newacl = os_realloc_array(*acl, *num + 1, sizeof(**acl));
+	if (!newacl) {
+		wpa_printf(MSG_ERROR, "MAC list reallocation failed");
+		return -1;
+	}
+
+	*acl = newacl;
+	os_memcpy((*acl)[*num].addr, addr, ETH_ALEN);
+	os_memset(&(*acl)[*num].vlan_id, 0, sizeof((*acl)[*num].vlan_id));
+	(*acl)[*num].vlan_id.untagged = vlan_id;
+	(*acl)[*num].vlan_id.notempty = !!vlan_id;
+	(*num)++;
+
+	return 0;
+}
+
+
+void hostapd_remove_acl_mac(struct mac_acl_entry **acl, int *num,
+			    const u8 *addr)
+{
+	int i = 0;
+
+	while (i < *num) {
+		if (os_memcmp((*acl)[i].addr, addr, ETH_ALEN) == 0) {
+			os_remove_in_array(*acl, *num, sizeof(**acl), i);
+			(*num)--;
+		} else {
+			i++;
+		}
+	}
+}
+
+
 static int hostapd_config_read_maclist(const char *fname,
 				       struct mac_acl_entry **acl, int *num)
 {
@@ -126,12 +166,8 @@ static int hostapd_config_read_maclist(const char *fna
 	char buf[128], *pos;
 	int line = 0;
 	u8 addr[ETH_ALEN];
-	struct mac_acl_entry *newacl;
 	int vlan_id;
 
-	if (!fname)
-		return 0;
-
 	f = fopen(fname, "r");
 	if (!f) {
 		wpa_printf(MSG_ERROR, "MAC list file '%s' not found.", fname);
@@ -139,7 +175,7 @@ static int hostapd_config_read_maclist(const char *fna
 	}
 
 	while (fgets(buf, sizeof(buf), f)) {
-		int i, rem = 0;
+		int rem = 0;
 
 		line++;
 
@@ -169,16 +205,7 @@ static int hostapd_config_read_maclist(const char *fna
 		}
 
 		if (rem) {
-			i = 0;
-			while (i < *num) {
-				if (os_memcmp((*acl)[i].addr, addr, ETH_ALEN) ==
-				    0) {
-					os_remove_in_array(*acl, *num,
-							   sizeof(**acl), i);
-					(*num)--;
-				} else
-					i++;
-			}
+			hostapd_remove_acl_mac(acl, num, addr);
 			continue;
 		}
 		vlan_id = 0;
@@ -190,31 +217,78 @@ static int hostapd_config_read_maclist(const char *fna
 		if (*pos != '\0')
 			vlan_id = atoi(pos);
 
-		newacl = os_realloc_array(*acl, *num + 1, sizeof(**acl));
-		if (newacl == NULL) {
-			wpa_printf(MSG_ERROR, "MAC list reallocation failed");
+		if (hostapd_add_acl_maclist(acl, num, vlan_id, addr) < 0) {
 			fclose(f);
 			return -1;
 		}
-
-		*acl = newacl;
-		os_memcpy((*acl)[*num].addr, addr, ETH_ALEN);
-		os_memset(&(*acl)[*num].vlan_id, 0,
-			  sizeof((*acl)[*num].vlan_id));
-		(*acl)[*num].vlan_id.untagged = vlan_id;
-		(*acl)[*num].vlan_id.notempty = !!vlan_id;
-		(*num)++;
 	}
 
 	fclose(f);
 
-	qsort(*acl, *num, sizeof(**acl), hostapd_acl_comp);
+	if (*acl)
+		qsort(*acl, *num, sizeof(**acl), hostapd_acl_comp);
 
 	return 0;
 }
 
 
 #ifdef EAP_SERVER
+
+static int hostapd_config_eap_user_salted(struct hostapd_eap_user *user,
+					  const char *hash, size_t len,
+					  char **pos, int line,
+					  const char *fname)
+{
+	char *pos2 = *pos;
+
+	while (*pos2 != '\0' && *pos2 != ' ' && *pos2 != '\t' && *pos2 != '#')
+		pos2++;
+
+	if (pos2 - *pos < (int) (2 * (len + 1))) { /* at least 1 byte of salt */
+		wpa_printf(MSG_ERROR,
+			   "Invalid salted %s hash on line %d in '%s'",
+			   hash, line, fname);
+		return -1;
+	}
+
+	user->password = os_malloc(len);
+	if (!user->password) {
+		wpa_printf(MSG_ERROR,
+			   "Failed to allocate memory for salted %s hash",
+			   hash);
+		return -1;
+	}
+
+	if (hexstr2bin(*pos, user->password, len) < 0) {
+		wpa_printf(MSG_ERROR,
+			   "Invalid salted password on line %d in '%s'",
+			   line, fname);
+		return -1;
+	}
+	user->password_len = len;
+	*pos += 2 * len;
+
+	user->salt_len = (pos2 - *pos) / 2;
+	user->salt = os_malloc(user->salt_len);
+	if (!user->salt) {
+		wpa_printf(MSG_ERROR,
+			   "Failed to allocate memory for salted %s hash",
+			   hash);
+		return -1;
+	}
+
+	if (hexstr2bin(*pos, user->salt, user->salt_len) < 0) {
+		wpa_printf(MSG_ERROR,
+			   "Invalid salt for password on line %d in '%s'",
+			   line, fname);
+		return -1;
+	}
+
+	*pos = pos2;
+	return 0;
+}
+
+
 static int hostapd_config_read_eap_user(const char *fname,
 					struct hostapd_bss_config *conf)
 {
@@ -223,9 +297,6 @@ static int hostapd_config_read_eap_user(const char *fn
 	int line = 0, ret = 0, num_methods;
 	struct hostapd_eap_user *user = NULL, *tail = NULL, *new_user = NULL;
 
-	if (!fname)
-		return 0;
-
 	if (os_strncmp(fname, "sqlite:", 7) == 0) {
 #ifdef CONFIG_SQLITE
 		os_free(conf->eap_user_sqlite);
@@ -312,13 +383,12 @@ static int hostapd_config_read_eap_user(const char *fn
 				goto failed;
 			}
 
-			user->identity = os_malloc(pos - start);
+			user->identity = os_memdup(start, pos - start);
 			if (user->identity == NULL) {
 				wpa_printf(MSG_ERROR, "Failed to allocate "
 					   "memory for EAP identity");
 				goto failed;
 			}
-			os_memcpy(user->identity, start, pos - start);
 			user->identity_len = pos - start;
 
 			if (pos[0] == '"' && pos[1] == '*') {
@@ -436,13 +506,12 @@ static int hostapd_config_read_eap_user(const char *fn
 				goto failed;
 			}
 
-			user->password = os_malloc(pos - start);
+			user->password = os_memdup(start, pos - start);
 			if (user->password == NULL) {
 				wpa_printf(MSG_ERROR, "Failed to allocate "
 					   "memory for EAP password");
 				goto failed;
 			}
-			os_memcpy(user->password, start, pos - start);
 			user->password_len = pos - start;
 
 			pos++;
@@ -471,6 +540,24 @@ static int hostapd_config_read_eap_user(const char *fn
 			user->password_len = 16;
 			user->password_hash = 1;
 			pos = pos2;
+		} else if (os_strncmp(pos, "ssha1:", 6) == 0) {
+			pos += 6;
+			if (hostapd_config_eap_user_salted(user, "sha1", 20,
+							   &pos,
+							   line, fname) < 0)
+				goto failed;
+		} else if (os_strncmp(pos, "ssha256:", 8) == 0) {
+			pos += 8;
+			if (hostapd_config_eap_user_salted(user, "sha256", 32,
+							   &pos,
+							   line, fname) < 0)
+				goto failed;
+		} else if (os_strncmp(pos, "ssha512:", 8) == 0) {
+			pos += 8;
+			if (hostapd_config_eap_user_salted(user, "sha512", 64,
+							   &pos,
+							   line, fname) < 0)
+				goto failed;
 		} else {
 			pos2 = pos;
 			while (*pos2 != '\0' && *pos2 != ' ' &&
@@ -522,19 +609,15 @@ static int hostapd_config_read_eap_user(const char *fn
 	fclose(f);
 
 	if (ret == 0) {
-		user = conf->eap_user;
-		while (user) {
-			struct hostapd_eap_user *prev;
-
-			prev = user;
-			user = user->next;
-			hostapd_config_free_eap_user(prev);
-		}
+		hostapd_config_free_eap_users(conf->eap_user);
 		conf->eap_user = new_user;
+	} else {
+		hostapd_config_free_eap_users(new_user);
 	}
 
 	return ret;
 }
+
 #endif /* EAP_SERVER */
 
 
@@ -684,12 +767,16 @@ static int hostapd_config_parse_key_mgmt(int line, con
 			val |= WPA_KEY_MGMT_PSK;
 		else if (os_strcmp(start, "WPA-EAP") == 0)
 			val |= WPA_KEY_MGMT_IEEE8021X;
-#ifdef CONFIG_IEEE80211R
+#ifdef CONFIG_IEEE80211R_AP
 		else if (os_strcmp(start, "FT-PSK") == 0)
 			val |= WPA_KEY_MGMT_FT_PSK;
 		else if (os_strcmp(start, "FT-EAP") == 0)
 			val |= WPA_KEY_MGMT_FT_IEEE8021X;
-#endif /* CONFIG_IEEE80211R */
+#ifdef CONFIG_SHA384
+		else if (os_strcmp(start, "FT-EAP-SHA384") == 0)
+			val |= WPA_KEY_MGMT_FT_IEEE8021X_SHA384;
+#endif /* CONFIG_SHA384 */
+#endif /* CONFIG_IEEE80211R_AP */
 #ifdef CONFIG_IEEE80211W
 		else if (os_strcmp(start, "WPA-PSK-SHA256") == 0)
 			val |= WPA_KEY_MGMT_PSK_SHA256;
@@ -710,6 +797,30 @@ static int hostapd_config_parse_key_mgmt(int line, con
 		else if (os_strcmp(start, "WPA-EAP-SUITE-B-192") == 0)
 			val |= WPA_KEY_MGMT_IEEE8021X_SUITE_B_192;
 #endif /* CONFIG_SUITEB192 */
+#ifdef CONFIG_FILS
+		else if (os_strcmp(start, "FILS-SHA256") == 0)
+			val |= WPA_KEY_MGMT_FILS_SHA256;
+		else if (os_strcmp(start, "FILS-SHA384") == 0)
+			val |= WPA_KEY_MGMT_FILS_SHA384;
+#ifdef CONFIG_IEEE80211R_AP
+		else if (os_strcmp(start, "FT-FILS-SHA256") == 0)
+			val |= WPA_KEY_MGMT_FT_FILS_SHA256;
+		else if (os_strcmp(start, "FT-FILS-SHA384") == 0)
+			val |= WPA_KEY_MGMT_FT_FILS_SHA384;
+#endif /* CONFIG_IEEE80211R_AP */
+#endif /* CONFIG_FILS */
+#ifdef CONFIG_OWE
+		else if (os_strcmp(start, "OWE") == 0)
+			val |= WPA_KEY_MGMT_OWE;
+#endif /* CONFIG_OWE */
+#ifdef CONFIG_DPP
+		else if (os_strcmp(start, "DPP") == 0)
+			val |= WPA_KEY_MGMT_DPP;
+#endif /* CONFIG_DPP */
+#ifdef CONFIG_HS20
+		else if (os_strcmp(start, "OSEN") == 0)
+			val |= WPA_KEY_MGMT_OSEN;
+#endif /* CONFIG_HS20 */
 		else {
 			wpa_printf(MSG_ERROR, "Line %d: invalid key_mgmt '%s'",
 				   line, start);
@@ -755,17 +866,34 @@ static int hostapd_config_read_wep(struct hostapd_wep_
 {
 	size_t len = os_strlen(val);
 
-	if (keyidx < 0 || keyidx > 3 || wep->key[keyidx] != NULL)
+	if (keyidx < 0 || keyidx > 3)
 		return -1;
 
+	if (len == 0) {
+		int i, set = 0;
+
+		bin_clear_free(wep->key[keyidx], wep->len[keyidx]);
+		wep->key[keyidx] = NULL;
+		wep->len[keyidx] = 0;
+		for (i = 0; i < NUM_WEP_KEYS; i++) {
+			if (wep->key[i])
+				set++;
+		}
+		if (!set)
+			wep->keys_set = 0;
+		return 0;
+	}
+
+	if (wep->key[keyidx] != NULL)
+		return -1;
+
 	if (val[0] == '"') {
 		if (len < 2 || val[len - 1] != '"')
 			return -1;
 		len -= 2;
-		wep->key[keyidx] = os_malloc(len);
+		wep->key[keyidx] = os_memdup(val + 1, len);
 		if (wep->key[keyidx] == NULL)
 			return -1;
-		os_memcpy(wep->key[keyidx], val + 1, len);
 		wep->len[keyidx] = len;
 	} else {
 		if (len & 1)
@@ -978,7 +1106,27 @@ static int hostapd_config_tx_queue(struct hostapd_conf
 }
 
 
-#ifdef CONFIG_IEEE80211R
+#ifdef CONFIG_IEEE80211R_AP
+
+static int rkh_derive_key(const char *pos, u8 *key, size_t key_len)
+{
+	u8 oldkey[16];
+	int ret;
+
+	if (!hexstr2bin(pos, key, key_len))
+		return 0;
+
+	/* Try to use old short key for backwards compatibility */
+	if (hexstr2bin(pos, oldkey, sizeof(oldkey)))
+		return -1;
+
+	ret = hmac_sha256_kdf(oldkey, sizeof(oldkey), "FT OLDKEY", NULL, 0,
+			      key, key_len);
+	os_memset(oldkey, 0, sizeof(oldkey));
+	return ret;
+}
+
+
 static int add_r0kh(struct hostapd_bss_config *bss, char *value)
 {
 	struct ft_remote_r0kh *r0kh;
@@ -1012,7 +1160,7 @@ static int add_r0kh(struct hostapd_bss_config *bss, ch
 	os_memcpy(r0kh->id, pos, r0kh->id_len);
 
 	pos = next;
-	if (hexstr2bin(pos, r0kh->key, sizeof(r0kh->key))) {
+	if (rkh_derive_key(pos, r0kh->key, sizeof(r0kh->key)) < 0) {
 		wpa_printf(MSG_ERROR, "Invalid R0KH key: '%s'", pos);
 		os_free(r0kh);
 		return -1;
@@ -1057,7 +1205,7 @@ static int add_r1kh(struct hostapd_bss_config *bss, ch
 	}
 
 	pos = next;
-	if (hexstr2bin(pos, r1kh->key, sizeof(r1kh->key))) {
+	if (rkh_derive_key(pos, r1kh->key, sizeof(r1kh->key)) < 0) {
 		wpa_printf(MSG_ERROR, "Invalid R1KH key: '%s'", pos);
 		os_free(r1kh);
 		return -1;
@@ -1068,7 +1216,7 @@ static int add_r1kh(struct hostapd_bss_config *bss, ch
 
 	return 0;
 }
-#endif /* CONFIG_IEEE80211R */
+#endif /* CONFIG_IEEE80211R_AP */
 
 
 #ifdef CONFIG_IEEE80211N
@@ -1085,6 +1233,12 @@ static int hostapd_config_ht_capab(struct hostapd_conf
 		conf->ht_capab |= HT_CAP_INFO_SUPP_CHANNEL_WIDTH_SET;
 		conf->secondary_channel = 1;
 	}
+	if (os_strstr(capab, "[HT40+]") && os_strstr(capab, "[HT40-]")) {
+		conf->ht_capab |= HT_CAP_INFO_SUPP_CHANNEL_WIDTH_SET;
+		conf->ht40_plus_minus_allowed = 1;
+	}
+	if (!os_strstr(capab, "[HT40+]") && !os_strstr(capab, "[HT40-]"))
+		conf->secondary_channel = 0;
 	if (os_strstr(capab, "[SMPS-STATIC]")) {
 		conf->ht_capab &= ~HT_CAP_INFO_SMPS_MASK;
 		conf->ht_capab |= HT_CAP_INFO_SMPS_STATIC;
@@ -1307,6 +1461,44 @@ static int parse_venue_name(struct hostapd_bss_config 
 }
 
 
+static int parse_venue_url(struct hostapd_bss_config *bss, char *pos,
+			    int line)
+{
+	char *sep;
+	size_t nlen;
+	struct hostapd_venue_url *url;
+	int ret = -1;
+
+	sep = os_strchr(pos, ':');
+	if (!sep)
+		goto fail;
+	*sep++ = '\0';
+
+	nlen = os_strlen(sep);
+	if (nlen > 254)
+		goto fail;
+
+	url = os_realloc_array(bss->venue_url, bss->venue_url_count + 1,
+			       sizeof(struct hostapd_venue_url));
+	if (!url)
+		goto fail;
+
+	bss->venue_url = url;
+	url = &bss->venue_url[bss->venue_url_count++];
+
+	url->venue_number = atoi(pos);
+	url->url_len = nlen;
+	os_memcpy(url->url, sep, nlen);
+
+	ret = 0;
+fail:
+	if (ret)
+		wpa_printf(MSG_ERROR, "Line %d: Invalid venue_url '%s'",
+			   line, pos);
+	return ret;
+}
+
+
 static int parse_3gpp_cell_net(struct hostapd_bss_config *bss, char *buf,
 			       int line)
 {
@@ -1857,6 +2049,24 @@ static int hs20_parse_osu_nai(struct hostapd_bss_confi
 }
 
 
+static int hs20_parse_osu_nai2(struct hostapd_bss_config *bss,
+			       char *pos, int line)
+{
+	if (bss->last_osu == NULL) {
+		wpa_printf(MSG_ERROR, "Line %d: Unexpected OSU field", line);
+		return -1;
+	}
+
+	os_free(bss->last_osu->osu_nai2);
+	bss->last_osu->osu_nai2 = os_strdup(pos);
+	if (bss->last_osu->osu_nai2 == NULL)
+		return -1;
+	bss->hs20_osu_providers_nai_count++;
+
+	return 0;
+}
+
+
 static int hs20_parse_osu_method_list(struct hostapd_bss_config *bss, char *pos,
 				      int line)
 {
@@ -1916,6 +2126,25 @@ static int hs20_parse_osu_service_desc(struct hostapd_
 	return 0;
 }
 
+
+static int hs20_parse_operator_icon(struct hostapd_bss_config *bss, char *pos,
+				    int line)
+{
+	char **n;
+
+	n = os_realloc_array(bss->hs20_operator_icon,
+			     bss->hs20_operator_icon_count + 1, sizeof(char *));
+	if (!n)
+		return -1;
+	bss->hs20_operator_icon = n;
+	bss->hs20_operator_icon[bss->hs20_operator_icon_count] = os_strdup(pos);
+	if (!bss->hs20_operator_icon[bss->hs20_operator_icon_count])
+		return -1;
+	bss->hs20_operator_icon_count++;
+
+	return 0;
+}
+
 #endif /* CONFIG_HS20 */
 
 
@@ -1986,6 +2215,118 @@ static int parse_wpabuf_hex(int line, const char *name
 }
 
 
+#ifdef CONFIG_FILS
+static int parse_fils_realm(struct hostapd_bss_config *bss, const char *val)
+{
+	struct fils_realm *realm;
+	size_t len;
+
+	len = os_strlen(val);
+	realm = os_zalloc(sizeof(*realm) + len + 1);
+	if (!realm)
+		return -1;
+
+	os_memcpy(realm->realm, val, len);
+	if (fils_domain_name_hash(val, realm->hash) < 0) {
+		os_free(realm);
+		return -1;
+	}
+	dl_list_add_tail(&bss->fils_realms, &realm->list);
+
+	return 0;
+}
+#endif /* CONFIG_FILS */
+
+
+#ifdef EAP_SERVER
+static unsigned int parse_tls_flags(const char *val)
+{
+	unsigned int flags = 0;
+
+	/* Disable TLS v1.3 by default for now to avoid interoperability issue.
+	 * This can be enabled by default once the implementation has been fully
+	 * completed and tested with other implementations. */
+	flags |= TLS_CONN_DISABLE_TLSv1_3;
+
+	if (os_strstr(val, "[ALLOW-SIGN-RSA-MD5]"))
+		flags |= TLS_CONN_ALLOW_SIGN_RSA_MD5;
+	if (os_strstr(val, "[DISABLE-TIME-CHECKS]"))
+		flags |= TLS_CONN_DISABLE_TIME_CHECKS;
+	if (os_strstr(val, "[DISABLE-TLSv1.0]"))
+		flags |= TLS_CONN_DISABLE_TLSv1_0;
+	if (os_strstr(val, "[DISABLE-TLSv1.1]"))
+		flags |= TLS_CONN_DISABLE_TLSv1_1;
+	if (os_strstr(val, "[DISABLE-TLSv1.2]"))
+		flags |= TLS_CONN_DISABLE_TLSv1_2;
+	if (os_strstr(val, "[DISABLE-TLSv1.3]"))
+		flags |= TLS_CONN_DISABLE_TLSv1_3;
+	if (os_strstr(val, "[ENABLE-TLSv1.3]"))
+		flags &= ~TLS_CONN_DISABLE_TLSv1_3;
+	if (os_strstr(val, "[SUITEB]"))
+		flags |= TLS_CONN_SUITEB;
+	if (os_strstr(val, "[SUITEB-NO-ECDH]"))
+		flags |= TLS_CONN_SUITEB_NO_ECDH | TLS_CONN_SUITEB;
+
+	return flags;
+}
+#endif /* EAP_SERVER */
+
+
+#ifdef CONFIG_SAE
+static int parse_sae_password(struct hostapd_bss_config *bss, const char *val)
+{
+	struct sae_password_entry *pw;
+	const char *pos = val, *pos2, *end = NULL;
+
+	pw = os_zalloc(sizeof(*pw));
+	if (!pw)
+		return -1;
+	os_memset(pw->peer_addr, 0xff, ETH_ALEN); /* default to wildcard */
+
+	pos2 = os_strstr(pos, "|mac=");
+	if (pos2) {
+		end = pos2;
+		pos2 += 5;
+		if (hwaddr_aton(pos2, pw->peer_addr) < 0)
+			goto fail;
+		pos = pos2 + ETH_ALEN * 3 - 1;
+	}
+
+	pos2 = os_strstr(pos, "|id=");
+	if (pos2) {
+		if (!end)
+			end = pos2;
+		pos2 += 4;
+		pw->identifier = os_strdup(pos2);
+		if (!pw->identifier)
+			goto fail;
+	}
+
+	if (!end) {
+		pw->password = os_strdup(val);
+		if (!pw->password)
+			goto fail;
+	} else {
+		pw->password = os_malloc(end - val + 1);
+		if (!pw->password)
+			goto fail;
+		os_memcpy(pw->password, val, end - val);
+		pw->password[end - val] = '\0';
+	}
+
+	pw->next = bss->sae_passwords;
+	bss->sae_passwords = pw;
+
+	return 0;
+fail:
+	str_clear_free(pw->password);
+	os_free(pw->identifier);
+	os_free(pw);
+	return -1;
+}
+#endif /* CONFIG_SAE */
+
+
 static int hostapd_config_fill(struct hostapd_config *conf,
 			       struct hostapd_bss_config *bss,
 			       const char *buf, char *pos, int line)
@@ -2001,20 +2342,21 @@ static int hostapd_config_fill(struct hostapd_config *
 		os_strlcpy(bss->wds_bridge, pos, sizeof(bss->wds_bridge));
 	} else if (os_strcmp(buf, "driver") == 0) {
 		int j;
-		/* clear to get error below if setting is invalid */
-		conf->driver = NULL;
+		const struct wpa_driver_ops *driver = NULL;
+
 		for (j = 0; wpa_drivers[j]; j++) {
 			if (os_strcmp(pos, wpa_drivers[j]->name) == 0) {
-				conf->driver = wpa_drivers[j];
+				driver = wpa_drivers[j];
 				break;
 			}
 		}
-		if (conf->driver == NULL) {
+		if (!driver) {
 			wpa_printf(MSG_ERROR,
 				   "Line %d: invalid/unknown driver '%s'",
 				   line, pos);
 			return 1;
 		}
+		conf->driver = driver;
 	} else if (os_strcmp(buf, "driver_params") == 0) {
 		os_free(conf->driver_params);
 		conf->driver_params = os_strdup(pos);
@@ -2058,13 +2400,16 @@ static int hostapd_config_fill(struct hostapd_config *
 	} else if (os_strcmp(buf, "utf8_ssid") == 0) {
 		bss->ssid.utf8_ssid = atoi(pos) > 0;
 	} else if (os_strcmp(buf, "macaddr_acl") == 0) {
-		bss->macaddr_acl = atoi(pos);
-		if (bss->macaddr_acl != ACCEPT_UNLESS_DENIED &&
-		    bss->macaddr_acl != DENY_UNLESS_ACCEPTED &&
-		    bss->macaddr_acl != USE_EXTERNAL_RADIUS_AUTH) {
+		enum macaddr_acl acl = atoi(pos);
+
+		if (acl != ACCEPT_UNLESS_DENIED &&
+		    acl != DENY_UNLESS_ACCEPTED &&
+		    acl != USE_EXTERNAL_RADIUS_AUTH) {
 			wpa_printf(MSG_ERROR, "Line %d: unknown macaddr_acl %d",
-				   line, bss->macaddr_acl);
+				   line, acl);
+			return 1;
 		}
+		bss->macaddr_acl = acl;
 	} else if (os_strcmp(buf, "accept_mac_file") == 0) {
 		if (hostapd_config_read_maclist(pos, &bss->accept_mac,
 						&bss->num_accept_mac)) {
@@ -2091,8 +2436,8 @@ static int hostapd_config_fill(struct hostapd_config *
 		bss->skip_inactivity_poll = atoi(pos);
 	} else if (os_strcmp(buf, "country_code") == 0) {
 		os_memcpy(conf->country, pos, 2);
-		/* FIX: make this configurable */
-		conf->country[2] = ' ';
+	} else if (os_strcmp(buf, "country3") == 0) {
+		conf->country[2] = strtol(pos, NULL, 16);
 	} else if (os_strcmp(buf, "ieee80211d") == 0) {
 		conf->ieee80211d = atoi(pos);
 	} else if (os_strcmp(buf, "ieee80211h") == 0) {
@@ -2100,13 +2445,15 @@ static int hostapd_config_fill(struct hostapd_config *
 	} else if (os_strcmp(buf, "ieee8021x") == 0) {
 		bss->ieee802_1x = atoi(pos);
 	} else if (os_strcmp(buf, "eapol_version") == 0) {
-		bss->eapol_version = atoi(pos);
-		if (bss->eapol_version < 1 || bss->eapol_version > 2) {
+		int eapol_version = atoi(pos);
+
+		if (eapol_version < 1 || eapol_version > 2) {
 			wpa_printf(MSG_ERROR,
 				   "Line %d: invalid EAPOL version (%d): '%s'.",
-				   line, bss->eapol_version, pos);
+				   line, eapol_version, pos);
 			return 1;
 		}
+		bss->eapol_version = eapol_version;
 		wpa_printf(MSG_DEBUG, "eapol_version=%d", bss->eapol_version);
 #ifdef EAP_SERVER
 	} else if (os_strcmp(buf, "eap_authenticator") == 0) {
@@ -2133,6 +2480,8 @@ static int hostapd_config_fill(struct hostapd_config *
 		bss->check_crl = atoi(pos);
 	} else if (os_strcmp(buf, "tls_session_lifetime") == 0) {
 		bss->tls_session_lifetime = atoi(pos);
+	} else if (os_strcmp(buf, "tls_flags") == 0) {
+		bss->tls_flags = parse_tls_flags(pos);
 	} else if (os_strcmp(buf, "ocsp_stapling_response") == 0) {
 		os_free(bss->ocsp_stapling_response);
 		bss->ocsp_stapling_response = os_strdup(pos);
@@ -2207,8 +2556,10 @@ static int hostapd_config_fill(struct hostapd_config *
 	} else if (os_strcmp(buf, "pwd_group") == 0) {
 		bss->pwd_group = atoi(pos);
 #endif /* EAP_SERVER_PWD */
+#ifdef CONFIG_ERP
 	} else if (os_strcmp(buf, "eap_server_erp") == 0) {
 		bss->eap_server_erp = atoi(pos);
+#endif /* CONFIG_ERP */
 #endif /* EAP_SERVER */
 	} else if (os_strcmp(buf, "eap_message") == 0) {
 		char *term;
@@ -2234,24 +2585,25 @@ static int hostapd_config_fill(struct hostapd_config *
 		os_free(bss->erp_domain);
 		bss->erp_domain = os_strdup(pos);
 	} else if (os_strcmp(buf, "wep_key_len_broadcast") == 0) {
-		bss->default_wep_key_len = atoi(pos);
-		if (bss->default_wep_key_len > 13) {
-			wpa_printf(MSG_ERROR, "Line %d: invalid WEP key len %lu (= %lu bits)",
-				   line,
-				   (unsigned long) bss->default_wep_key_len,
-				   (unsigned long)
-				   bss->default_wep_key_len * 8);
+		int val = atoi(pos);
+
+		if (val < 0 || val > 13) {
+			wpa_printf(MSG_ERROR,
+				   "Line %d: invalid WEP key len %d (= %d bits)",
+				   line, val, val * 8);
 			return 1;
 		}
+		bss->default_wep_key_len = val;
 	} else if (os_strcmp(buf, "wep_key_len_unicast") == 0) {
-		bss->individual_wep_key_len = atoi(pos);
-		if (bss->individual_wep_key_len < 0 ||
-		    bss->individual_wep_key_len > 13) {
-			wpa_printf(MSG_ERROR, "Line %d: invalid WEP key len %d (= %d bits)",
-				   line, bss->individual_wep_key_len,
-				   bss->individual_wep_key_len * 8);
+		int val = atoi(pos);
+
+		if (val < 0 || val > 13) {
+			wpa_printf(MSG_ERROR,
+				   "Line %d: invalid WEP key len %d (= %d bits)",
+				   line, val, val * 8);
 			return 1;
 		}
+		bss->individual_wep_key_len = val;
 	} else if (os_strcmp(buf, "wep_rekey_period") == 0) {
 		bss->wep_rekeying_period = atoi(pos);
 		if (bss->wep_rekeying_period < 0) {
@@ -2433,12 +2785,37 @@ static int hostapd_config_fill(struct hostapd_config *
 		bss->wpa = atoi(pos);
 	} else if (os_strcmp(buf, "wpa_group_rekey") == 0) {
 		bss->wpa_group_rekey = atoi(pos);
+		bss->wpa_group_rekey_set = 1;
 	} else if (os_strcmp(buf, "wpa_strict_rekey") == 0) {
 		bss->wpa_strict_rekey = atoi(pos);
 	} else if (os_strcmp(buf, "wpa_gmk_rekey") == 0) {
 		bss->wpa_gmk_rekey = atoi(pos);
 	} else if (os_strcmp(buf, "wpa_ptk_rekey") == 0) {
 		bss->wpa_ptk_rekey = atoi(pos);
+	} else if (os_strcmp(buf, "wpa_group_update_count") == 0) {
+		char *endp;
+		unsigned long val = strtoul(pos, &endp, 0);
+
+		if (*endp || val < 1 || val > (u32) -1) {
+			wpa_printf(MSG_ERROR,
+				   "Line %d: Invalid wpa_group_update_count=%lu; allowed range 1..4294967295",
+				   line, val);
+			return 1;
+		}
+		bss->wpa_group_update_count = (u32) val;
+	} else if (os_strcmp(buf, "wpa_pairwise_update_count") == 0) {
+		char *endp;

*** DIFF OUTPUT TRUNCATED AT 1000 LINES ***



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201812090645.wB96jnso066329>