From owner-svn-src-all@freebsd.org Thu Dec 6 05:04:31 2018 Return-Path: Delivered-To: svn-src-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 6EB6E130EE07; Thu, 6 Dec 2018 05:04:31 +0000 (UTC) (envelope-from cy@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 09AA77D911; Thu, 6 Dec 2018 05:04:31 +0000 (UTC) (envelope-from cy@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id D8FAD1EF18; Thu, 6 Dec 2018 05:04:30 +0000 (UTC) (envelope-from cy@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id wB654UR3065512; Thu, 6 Dec 2018 05:04:30 GMT (envelope-from cy@FreeBSD.org) Received: (from cy@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id wB654TmJ065503; Thu, 6 Dec 2018 05:04:29 GMT (envelope-from cy@FreeBSD.org) Message-Id: <201812060504.wB654TmJ065503@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: cy set sender to cy@FreeBSD.org using -f From: Cy Schubert Date: Thu, 6 Dec 2018 05:04:29 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-vendor@freebsd.org Subject: svn commit: r341618 - in vendor/wpa/dist: . hostapd hs20/client src/ap src/common src/crypto src/drivers src/eap_common src/eap_peer src/eap_server src/eapol_auth src/eapol_supp src/fst src/l2_pack... X-SVN-Group: vendor X-SVN-Commit-Author: cy X-SVN-Commit-Paths: in vendor/wpa/dist: . hostapd hs20/client src/ap src/common src/crypto src/drivers src/eap_common src/eap_peer src/eap_server src/eapol_auth src/eapol_supp src/fst src/l2_packet src/p2p src/pae src/ra... X-SVN-Commit-Revision: 341618 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: 09AA77D911 X-Spamd-Result: default: False [-0.01 / 15.00]; local_wl_from(0.00)[FreeBSD.org]; NEURAL_HAM_MEDIUM(-0.35)[-0.349,0]; NEURAL_SPAM_LONG(0.04)[0.035,0]; NEURAL_SPAM_SHORT(0.30)[0.301,0]; ASN(0.00)[asn:11403, ipnet:2610:1c1:1::/48, country:US] X-Rspamd-Server: mx1.freebsd.org X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 06 Dec 2018 05:04:32 -0000 Author: cy Date: Thu Dec 6 05:04:28 2018 New Revision: 341618 URL: https://svnweb.freebsd.org/changeset/base/341618 Log: Import wpa_supplicant/hostapd 2.7 Added: vendor/wpa/dist/src/ap/dpp_hostapd.c (contents, props changed) vendor/wpa/dist/src/ap/dpp_hostapd.h (contents, props changed) vendor/wpa/dist/src/ap/eth_p_oui.c (contents, props changed) vendor/wpa/dist/src/ap/eth_p_oui.h (contents, props changed) vendor/wpa/dist/src/ap/fils_hlp.c (contents, props changed) vendor/wpa/dist/src/ap/fils_hlp.h (contents, props changed) vendor/wpa/dist/src/ap/gas_query_ap.c (contents, props changed) vendor/wpa/dist/src/ap/gas_query_ap.h (contents, props changed) vendor/wpa/dist/src/ap/ieee802_11_he.c (contents, props changed) vendor/wpa/dist/src/common/dhcp.h (contents, props changed) vendor/wpa/dist/src/common/dpp.c (contents, props changed) vendor/wpa/dist/src/common/dpp.h (contents, props changed) vendor/wpa/dist/src/common/gas_server.c (contents, props changed) vendor/wpa/dist/src/common/gas_server.h (contents, props changed) vendor/wpa/dist/src/crypto/crypto_linux.c (contents, props changed) vendor/wpa/dist/src/crypto/crypto_nettle.c (contents, props changed) vendor/wpa/dist/src/crypto/crypto_wolfssl.c (contents, props changed) vendor/wpa/dist/src/crypto/fips_prf_wolfssl.c (contents, props changed) vendor/wpa/dist/src/crypto/sha384-kdf.c (contents, props changed) vendor/wpa/dist/src/crypto/sha384.c (contents, props changed) vendor/wpa/dist/src/crypto/sha512-kdf.c (contents, props changed) vendor/wpa/dist/src/crypto/sha512-prf.c (contents, props changed) vendor/wpa/dist/src/crypto/sha512.h (contents, props changed) vendor/wpa/dist/src/crypto/tls_wolfssl.c (contents, props changed) vendor/wpa/dist/src/drivers/driver_macsec_linux.c (contents, props changed) vendor/wpa/dist/src/drivers/driver_wired_common.c (contents, props changed) vendor/wpa/dist/src/drivers/driver_wired_common.h (contents, props changed) vendor/wpa/dist/src/utils/crc32.c (contents, props changed) vendor/wpa/dist/src/utils/crc32.h (contents, props changed) vendor/wpa/dist/src/utils/json.c (contents, props changed) vendor/wpa/dist/src/utils/json.h (contents, props changed) vendor/wpa/dist/wpa_supplicant/dpp_supplicant.c (contents, props changed) vendor/wpa/dist/wpa_supplicant/dpp_supplicant.h (contents, props changed) vendor/wpa/dist/wpa_supplicant/examples/dpp-qrcode.py (contents, props changed) vendor/wpa/dist/wpa_supplicant/op_classes.c (contents, props changed) vendor/wpa/dist/wpa_supplicant/rrm.c (contents, props changed) Deleted: vendor/wpa/dist/src/ap/peerkey_auth.c vendor/wpa/dist/src/rsn_supp/peerkey.c vendor/wpa/dist/src/rsn_supp/peerkey.h Modified: vendor/wpa/dist/CONTRIBUTIONS vendor/wpa/dist/COPYING vendor/wpa/dist/README vendor/wpa/dist/hostapd/Android.mk vendor/wpa/dist/hostapd/ChangeLog vendor/wpa/dist/hostapd/Makefile vendor/wpa/dist/hostapd/README vendor/wpa/dist/hostapd/android.config vendor/wpa/dist/hostapd/config_file.c vendor/wpa/dist/hostapd/config_file.h vendor/wpa/dist/hostapd/ctrl_iface.c vendor/wpa/dist/hostapd/defconfig vendor/wpa/dist/hostapd/hlr_auc_gw.c vendor/wpa/dist/hostapd/hostapd.android.rc vendor/wpa/dist/hostapd/hostapd.conf vendor/wpa/dist/hostapd/hostapd.eap_user_sqlite vendor/wpa/dist/hostapd/hostapd_cli.c vendor/wpa/dist/hostapd/main.c vendor/wpa/dist/hs20/client/est.c vendor/wpa/dist/hs20/client/oma_dm_client.c vendor/wpa/dist/hs20/client/osu_client.c vendor/wpa/dist/hs20/client/osu_client.h vendor/wpa/dist/src/ap/Makefile vendor/wpa/dist/src/ap/acs.c vendor/wpa/dist/src/ap/acs.h vendor/wpa/dist/src/ap/ap_config.c vendor/wpa/dist/src/ap/ap_config.h vendor/wpa/dist/src/ap/ap_drv_ops.c vendor/wpa/dist/src/ap/ap_drv_ops.h vendor/wpa/dist/src/ap/ap_mlme.c vendor/wpa/dist/src/ap/authsrv.c vendor/wpa/dist/src/ap/beacon.c vendor/wpa/dist/src/ap/beacon.h vendor/wpa/dist/src/ap/bss_load.c vendor/wpa/dist/src/ap/ctrl_iface_ap.c vendor/wpa/dist/src/ap/ctrl_iface_ap.h vendor/wpa/dist/src/ap/dfs.c vendor/wpa/dist/src/ap/dfs.h vendor/wpa/dist/src/ap/dhcp_snoop.c vendor/wpa/dist/src/ap/drv_callbacks.c vendor/wpa/dist/src/ap/eap_user_db.c vendor/wpa/dist/src/ap/gas_serv.c vendor/wpa/dist/src/ap/gas_serv.h vendor/wpa/dist/src/ap/hostapd.c vendor/wpa/dist/src/ap/hostapd.h vendor/wpa/dist/src/ap/hs20.c vendor/wpa/dist/src/ap/hs20.h vendor/wpa/dist/src/ap/hw_features.c vendor/wpa/dist/src/ap/ieee802_11.c vendor/wpa/dist/src/ap/ieee802_11.h vendor/wpa/dist/src/ap/ieee802_11_auth.c vendor/wpa/dist/src/ap/ieee802_11_auth.h vendor/wpa/dist/src/ap/ieee802_11_ht.c vendor/wpa/dist/src/ap/ieee802_11_shared.c vendor/wpa/dist/src/ap/ieee802_11_vht.c vendor/wpa/dist/src/ap/ieee802_1x.c vendor/wpa/dist/src/ap/ieee802_1x.h vendor/wpa/dist/src/ap/ndisc_snoop.c vendor/wpa/dist/src/ap/neighbor_db.c vendor/wpa/dist/src/ap/neighbor_db.h vendor/wpa/dist/src/ap/pmksa_cache_auth.c vendor/wpa/dist/src/ap/pmksa_cache_auth.h vendor/wpa/dist/src/ap/rrm.c vendor/wpa/dist/src/ap/rrm.h vendor/wpa/dist/src/ap/sta_info.c vendor/wpa/dist/src/ap/sta_info.h vendor/wpa/dist/src/ap/taxonomy.c vendor/wpa/dist/src/ap/tkip_countermeasures.c vendor/wpa/dist/src/ap/vlan_init.c vendor/wpa/dist/src/ap/wmm.c vendor/wpa/dist/src/ap/wnm_ap.c vendor/wpa/dist/src/ap/wnm_ap.h vendor/wpa/dist/src/ap/wpa_auth.c vendor/wpa/dist/src/ap/wpa_auth.h vendor/wpa/dist/src/ap/wpa_auth_ft.c vendor/wpa/dist/src/ap/wpa_auth_glue.c vendor/wpa/dist/src/ap/wpa_auth_i.h vendor/wpa/dist/src/ap/wpa_auth_ie.c vendor/wpa/dist/src/ap/wpa_auth_ie.h vendor/wpa/dist/src/ap/wps_hostapd.c vendor/wpa/dist/src/common/common_module_tests.c vendor/wpa/dist/src/common/ctrl_iface_common.c vendor/wpa/dist/src/common/ctrl_iface_common.h vendor/wpa/dist/src/common/defs.h vendor/wpa/dist/src/common/gas.c vendor/wpa/dist/src/common/gas.h vendor/wpa/dist/src/common/hw_features_common.c vendor/wpa/dist/src/common/hw_features_common.h vendor/wpa/dist/src/common/ieee802_11_common.c vendor/wpa/dist/src/common/ieee802_11_common.h vendor/wpa/dist/src/common/ieee802_11_defs.h vendor/wpa/dist/src/common/ieee802_1x_defs.h vendor/wpa/dist/src/common/privsep_commands.h vendor/wpa/dist/src/common/qca-vendor.h vendor/wpa/dist/src/common/sae.c vendor/wpa/dist/src/common/sae.h vendor/wpa/dist/src/common/version.h vendor/wpa/dist/src/common/wpa_common.c vendor/wpa/dist/src/common/wpa_common.h vendor/wpa/dist/src/common/wpa_ctrl.h vendor/wpa/dist/src/common/wpa_helpers.c vendor/wpa/dist/src/crypto/Makefile vendor/wpa/dist/src/crypto/aes-ctr.c vendor/wpa/dist/src/crypto/aes-internal-dec.c vendor/wpa/dist/src/crypto/aes-internal-enc.c vendor/wpa/dist/src/crypto/aes-siv.c vendor/wpa/dist/src/crypto/aes.h vendor/wpa/dist/src/crypto/aes_siv.h vendor/wpa/dist/src/crypto/aes_wrap.h vendor/wpa/dist/src/crypto/crypto.h vendor/wpa/dist/src/crypto/crypto_gnutls.c vendor/wpa/dist/src/crypto/crypto_internal-modexp.c vendor/wpa/dist/src/crypto/crypto_libtomcrypt.c vendor/wpa/dist/src/crypto/crypto_module_tests.c vendor/wpa/dist/src/crypto/crypto_none.c vendor/wpa/dist/src/crypto/crypto_openssl.c vendor/wpa/dist/src/crypto/des-internal.c vendor/wpa/dist/src/crypto/dh_groups.c vendor/wpa/dist/src/crypto/ms_funcs.c vendor/wpa/dist/src/crypto/ms_funcs.h vendor/wpa/dist/src/crypto/random.c vendor/wpa/dist/src/crypto/sha1-internal.c vendor/wpa/dist/src/crypto/sha256-internal.c vendor/wpa/dist/src/crypto/sha256-kdf.c vendor/wpa/dist/src/crypto/sha384-prf.c vendor/wpa/dist/src/crypto/sha384.h vendor/wpa/dist/src/crypto/tls.h vendor/wpa/dist/src/crypto/tls_gnutls.c vendor/wpa/dist/src/crypto/tls_internal.c vendor/wpa/dist/src/crypto/tls_none.c vendor/wpa/dist/src/crypto/tls_openssl.c vendor/wpa/dist/src/drivers/driver.h vendor/wpa/dist/src/drivers/driver_atheros.c vendor/wpa/dist/src/drivers/driver_bsd.c vendor/wpa/dist/src/drivers/driver_common.c vendor/wpa/dist/src/drivers/driver_hostap.c vendor/wpa/dist/src/drivers/driver_macsec_qca.c vendor/wpa/dist/src/drivers/driver_ndis.c vendor/wpa/dist/src/drivers/driver_nl80211.c vendor/wpa/dist/src/drivers/driver_nl80211.h vendor/wpa/dist/src/drivers/driver_nl80211_capa.c vendor/wpa/dist/src/drivers/driver_nl80211_event.c vendor/wpa/dist/src/drivers/driver_nl80211_monitor.c vendor/wpa/dist/src/drivers/driver_nl80211_scan.c vendor/wpa/dist/src/drivers/driver_privsep.c vendor/wpa/dist/src/drivers/driver_wext.c vendor/wpa/dist/src/drivers/driver_wired.c vendor/wpa/dist/src/drivers/drivers.c vendor/wpa/dist/src/drivers/drivers.mak vendor/wpa/dist/src/drivers/drivers.mk vendor/wpa/dist/src/drivers/nl80211_copy.h vendor/wpa/dist/src/eap_common/eap_eke_common.c vendor/wpa/dist/src/eap_common/eap_fast_common.c vendor/wpa/dist/src/eap_common/eap_pwd_common.c vendor/wpa/dist/src/eap_common/eap_pwd_common.h vendor/wpa/dist/src/eap_common/eap_sim_common.c vendor/wpa/dist/src/eap_peer/eap.c vendor/wpa/dist/src/eap_peer/eap.h vendor/wpa/dist/src/eap_peer/eap_aka.c vendor/wpa/dist/src/eap_peer/eap_config.h vendor/wpa/dist/src/eap_peer/eap_eke.c vendor/wpa/dist/src/eap_peer/eap_fast.c vendor/wpa/dist/src/eap_peer/eap_fast_pac.c vendor/wpa/dist/src/eap_peer/eap_gpsk.c vendor/wpa/dist/src/eap_peer/eap_i.h vendor/wpa/dist/src/eap_peer/eap_ikev2.c vendor/wpa/dist/src/eap_peer/eap_leap.c vendor/wpa/dist/src/eap_peer/eap_mschapv2.c vendor/wpa/dist/src/eap_peer/eap_pax.c vendor/wpa/dist/src/eap_peer/eap_peap.c vendor/wpa/dist/src/eap_peer/eap_proxy.h vendor/wpa/dist/src/eap_peer/eap_proxy_dummy.c vendor/wpa/dist/src/eap_peer/eap_psk.c vendor/wpa/dist/src/eap_peer/eap_pwd.c vendor/wpa/dist/src/eap_peer/eap_sake.c vendor/wpa/dist/src/eap_peer/eap_sim.c vendor/wpa/dist/src/eap_peer/eap_tls.c vendor/wpa/dist/src/eap_peer/eap_tls_common.c vendor/wpa/dist/src/eap_peer/eap_tls_common.h vendor/wpa/dist/src/eap_peer/eap_ttls.c vendor/wpa/dist/src/eap_peer/ikev2.c vendor/wpa/dist/src/eap_peer/tncc.c vendor/wpa/dist/src/eap_server/eap.h vendor/wpa/dist/src/eap_server/eap_i.h vendor/wpa/dist/src/eap_server/eap_server.c vendor/wpa/dist/src/eap_server/eap_server_aka.c vendor/wpa/dist/src/eap_server/eap_server_eke.c vendor/wpa/dist/src/eap_server/eap_server_fast.c vendor/wpa/dist/src/eap_server/eap_server_gpsk.c vendor/wpa/dist/src/eap_server/eap_server_gtc.c vendor/wpa/dist/src/eap_server/eap_server_ikev2.c vendor/wpa/dist/src/eap_server/eap_server_mschapv2.c vendor/wpa/dist/src/eap_server/eap_server_pax.c vendor/wpa/dist/src/eap_server/eap_server_psk.c vendor/wpa/dist/src/eap_server/eap_server_pwd.c vendor/wpa/dist/src/eap_server/eap_server_sake.c vendor/wpa/dist/src/eap_server/eap_server_sim.c vendor/wpa/dist/src/eap_server/eap_server_tls.c vendor/wpa/dist/src/eap_server/eap_server_tls_common.c vendor/wpa/dist/src/eap_server/eap_server_ttls.c vendor/wpa/dist/src/eap_server/eap_server_wsc.c vendor/wpa/dist/src/eap_server/eap_tls_common.h vendor/wpa/dist/src/eap_server/ikev2.c vendor/wpa/dist/src/eap_server/tncs.c vendor/wpa/dist/src/eapol_auth/eapol_auth_sm.c vendor/wpa/dist/src/eapol_auth/eapol_auth_sm.h vendor/wpa/dist/src/eapol_supp/eapol_supp_sm.c vendor/wpa/dist/src/eapol_supp/eapol_supp_sm.h vendor/wpa/dist/src/fst/fst_ctrl_aux.h vendor/wpa/dist/src/fst/fst_ctrl_iface.c vendor/wpa/dist/src/fst/fst_group.c vendor/wpa/dist/src/fst/fst_iface.h vendor/wpa/dist/src/fst/fst_session.c vendor/wpa/dist/src/l2_packet/l2_packet.h vendor/wpa/dist/src/l2_packet/l2_packet_linux.c vendor/wpa/dist/src/l2_packet/l2_packet_privsep.c vendor/wpa/dist/src/p2p/p2p.c vendor/wpa/dist/src/p2p/p2p.h vendor/wpa/dist/src/p2p/p2p_go_neg.c vendor/wpa/dist/src/p2p/p2p_group.c vendor/wpa/dist/src/p2p/p2p_i.h vendor/wpa/dist/src/p2p/p2p_pd.c vendor/wpa/dist/src/p2p/p2p_sd.c vendor/wpa/dist/src/pae/ieee802_1x_cp.c vendor/wpa/dist/src/pae/ieee802_1x_kay.c vendor/wpa/dist/src/pae/ieee802_1x_kay.h vendor/wpa/dist/src/pae/ieee802_1x_kay_i.h vendor/wpa/dist/src/pae/ieee802_1x_secy_ops.c vendor/wpa/dist/src/pae/ieee802_1x_secy_ops.h vendor/wpa/dist/src/radius/radius.c vendor/wpa/dist/src/radius/radius.h vendor/wpa/dist/src/radius/radius_client.c vendor/wpa/dist/src/radius/radius_das.c vendor/wpa/dist/src/radius/radius_das.h vendor/wpa/dist/src/radius/radius_server.c vendor/wpa/dist/src/radius/radius_server.h vendor/wpa/dist/src/rsn_supp/Makefile vendor/wpa/dist/src/rsn_supp/pmksa_cache.c vendor/wpa/dist/src/rsn_supp/pmksa_cache.h vendor/wpa/dist/src/rsn_supp/preauth.c vendor/wpa/dist/src/rsn_supp/tdls.c vendor/wpa/dist/src/rsn_supp/wpa.c vendor/wpa/dist/src/rsn_supp/wpa.h vendor/wpa/dist/src/rsn_supp/wpa_ft.c vendor/wpa/dist/src/rsn_supp/wpa_i.h vendor/wpa/dist/src/rsn_supp/wpa_ie.c vendor/wpa/dist/src/rsn_supp/wpa_ie.h vendor/wpa/dist/src/tls/libtommath.c vendor/wpa/dist/src/tls/rsa.c vendor/wpa/dist/src/tls/tlsv1_client.c vendor/wpa/dist/src/tls/tlsv1_client_read.c vendor/wpa/dist/src/tls/tlsv1_common.c vendor/wpa/dist/src/tls/tlsv1_cred.c vendor/wpa/dist/src/tls/tlsv1_server.c vendor/wpa/dist/src/tls/x509v3.c vendor/wpa/dist/src/utils/Makefile vendor/wpa/dist/src/utils/base64.c vendor/wpa/dist/src/utils/base64.h vendor/wpa/dist/src/utils/browser-wpadebug.c vendor/wpa/dist/src/utils/common.c vendor/wpa/dist/src/utils/common.h vendor/wpa/dist/src/utils/eloop.h vendor/wpa/dist/src/utils/http_curl.c vendor/wpa/dist/src/utils/os.h vendor/wpa/dist/src/utils/os_none.c vendor/wpa/dist/src/utils/os_unix.c vendor/wpa/dist/src/utils/os_win32.c vendor/wpa/dist/src/utils/trace.c vendor/wpa/dist/src/utils/utils_module_tests.c vendor/wpa/dist/src/utils/uuid.c vendor/wpa/dist/src/utils/uuid.h vendor/wpa/dist/src/utils/wpa_debug.c vendor/wpa/dist/src/utils/wpa_debug.h vendor/wpa/dist/src/utils/wpabuf.c vendor/wpa/dist/src/utils/xml-utils.c vendor/wpa/dist/src/wps/wps.c vendor/wpa/dist/src/wps/wps_common.c vendor/wpa/dist/src/wps/wps_er.c vendor/wpa/dist/src/wps/wps_registrar.c vendor/wpa/dist/wpa_supplicant/Android.mk vendor/wpa/dist/wpa_supplicant/ChangeLog vendor/wpa/dist/wpa_supplicant/Makefile vendor/wpa/dist/wpa_supplicant/README vendor/wpa/dist/wpa_supplicant/README-HS20 vendor/wpa/dist/wpa_supplicant/android.config vendor/wpa/dist/wpa_supplicant/ap.c vendor/wpa/dist/wpa_supplicant/ap.h vendor/wpa/dist/wpa_supplicant/autoscan.c vendor/wpa/dist/wpa_supplicant/bgscan.c vendor/wpa/dist/wpa_supplicant/bgscan_learn.c vendor/wpa/dist/wpa_supplicant/bgscan_simple.c vendor/wpa/dist/wpa_supplicant/bss.c vendor/wpa/dist/wpa_supplicant/bss.h vendor/wpa/dist/wpa_supplicant/config.c vendor/wpa/dist/wpa_supplicant/config.h vendor/wpa/dist/wpa_supplicant/config_file.c vendor/wpa/dist/wpa_supplicant/config_ssid.h vendor/wpa/dist/wpa_supplicant/config_winreg.c vendor/wpa/dist/wpa_supplicant/ctrl_iface.c vendor/wpa/dist/wpa_supplicant/ctrl_iface_named_pipe.c vendor/wpa/dist/wpa_supplicant/ctrl_iface_udp.c vendor/wpa/dist/wpa_supplicant/ctrl_iface_unix.c vendor/wpa/dist/wpa_supplicant/dbus/dbus_new.c vendor/wpa/dist/wpa_supplicant/dbus/dbus_new.h vendor/wpa/dist/wpa_supplicant/dbus/dbus_new_handlers.c vendor/wpa/dist/wpa_supplicant/dbus/dbus_new_handlers.h vendor/wpa/dist/wpa_supplicant/dbus/dbus_new_handlers_p2p.c vendor/wpa/dist/wpa_supplicant/dbus/dbus_new_handlers_wps.c vendor/wpa/dist/wpa_supplicant/defconfig vendor/wpa/dist/wpa_supplicant/doc/docbook/eapol_test.8 vendor/wpa/dist/wpa_supplicant/doc/docbook/eapol_test.sgml vendor/wpa/dist/wpa_supplicant/doc/docbook/wpa_background.8 vendor/wpa/dist/wpa_supplicant/doc/docbook/wpa_background.sgml vendor/wpa/dist/wpa_supplicant/doc/docbook/wpa_cli.8 vendor/wpa/dist/wpa_supplicant/doc/docbook/wpa_cli.sgml vendor/wpa/dist/wpa_supplicant/doc/docbook/wpa_gui.8 vendor/wpa/dist/wpa_supplicant/doc/docbook/wpa_gui.sgml vendor/wpa/dist/wpa_supplicant/doc/docbook/wpa_passphrase.8 vendor/wpa/dist/wpa_supplicant/doc/docbook/wpa_passphrase.sgml vendor/wpa/dist/wpa_supplicant/doc/docbook/wpa_priv.8 vendor/wpa/dist/wpa_supplicant/doc/docbook/wpa_priv.sgml vendor/wpa/dist/wpa_supplicant/doc/docbook/wpa_supplicant.8 vendor/wpa/dist/wpa_supplicant/doc/docbook/wpa_supplicant.conf.5 vendor/wpa/dist/wpa_supplicant/doc/docbook/wpa_supplicant.sgml vendor/wpa/dist/wpa_supplicant/driver_i.h vendor/wpa/dist/wpa_supplicant/events.c vendor/wpa/dist/wpa_supplicant/examples/wps-ap-cli vendor/wpa/dist/wpa_supplicant/gas_query.c vendor/wpa/dist/wpa_supplicant/gas_query.h vendor/wpa/dist/wpa_supplicant/hs20_supplicant.c vendor/wpa/dist/wpa_supplicant/hs20_supplicant.h vendor/wpa/dist/wpa_supplicant/ibss_rsn.c vendor/wpa/dist/wpa_supplicant/interworking.c vendor/wpa/dist/wpa_supplicant/interworking.h vendor/wpa/dist/wpa_supplicant/mbo.c vendor/wpa/dist/wpa_supplicant/mesh.c vendor/wpa/dist/wpa_supplicant/mesh_mpm.c vendor/wpa/dist/wpa_supplicant/mesh_rsn.c vendor/wpa/dist/wpa_supplicant/notify.c vendor/wpa/dist/wpa_supplicant/notify.h vendor/wpa/dist/wpa_supplicant/offchannel.c vendor/wpa/dist/wpa_supplicant/p2p_supplicant.c vendor/wpa/dist/wpa_supplicant/preauth_test.c vendor/wpa/dist/wpa_supplicant/scan.c vendor/wpa/dist/wpa_supplicant/sme.c vendor/wpa/dist/wpa_supplicant/sme.h vendor/wpa/dist/wpa_supplicant/wifi_display.c vendor/wpa/dist/wpa_supplicant/wmm_ac.c vendor/wpa/dist/wpa_supplicant/wnm_sta.c vendor/wpa/dist/wpa_supplicant/wnm_sta.h vendor/wpa/dist/wpa_supplicant/wpa_cli.c vendor/wpa/dist/wpa_supplicant/wpa_passphrase.c vendor/wpa/dist/wpa_supplicant/wpa_priv.c vendor/wpa/dist/wpa_supplicant/wpa_supplicant.c vendor/wpa/dist/wpa_supplicant/wpa_supplicant.conf vendor/wpa/dist/wpa_supplicant/wpa_supplicant_i.h vendor/wpa/dist/wpa_supplicant/wpa_supplicant_template.conf vendor/wpa/dist/wpa_supplicant/wpas_glue.c vendor/wpa/dist/wpa_supplicant/wpas_kay.c vendor/wpa/dist/wpa_supplicant/wpas_kay.h vendor/wpa/dist/wpa_supplicant/wps_supplicant.c Modified: vendor/wpa/dist/CONTRIBUTIONS ============================================================================== --- vendor/wpa/dist/CONTRIBUTIONS Thu Dec 6 04:36:02 2018 (r341617) +++ vendor/wpa/dist/CONTRIBUTIONS Thu Dec 6 05:04:28 2018 (r341618) @@ -140,7 +140,7 @@ The license terms used for hostap.git files Modified BSD license (no advertisement clause): -Copyright (c) 2002-2016, Jouni Malinen and contributors +Copyright (c) 2002-2018, Jouni Malinen and contributors All Rights Reserved. Redistribution and use in source and binary forms, with or without Modified: vendor/wpa/dist/COPYING ============================================================================== --- vendor/wpa/dist/COPYING Thu Dec 6 04:36:02 2018 (r341617) +++ vendor/wpa/dist/COPYING Thu Dec 6 05:04:28 2018 (r341618) @@ -1,7 +1,7 @@ wpa_supplicant and hostapd -------------------------- -Copyright (c) 2002-2016, Jouni Malinen and contributors +Copyright (c) 2002-2018, Jouni Malinen and contributors All Rights Reserved. Modified: vendor/wpa/dist/README ============================================================================== --- vendor/wpa/dist/README Thu Dec 6 04:36:02 2018 (r341617) +++ vendor/wpa/dist/README Thu Dec 6 05:04:28 2018 (r341618) @@ -1,7 +1,7 @@ wpa_supplicant and hostapd -------------------------- -Copyright (c) 2002-2016, Jouni Malinen and contributors +Copyright (c) 2002-2018, Jouni Malinen and contributors All Rights Reserved. These programs are licensed under the BSD license (the one with Modified: vendor/wpa/dist/hostapd/Android.mk ============================================================================== --- vendor/wpa/dist/hostapd/Android.mk Thu Dec 6 04:36:02 2018 (r341617) +++ vendor/wpa/dist/hostapd/Android.mk Thu Dec 6 05:04:28 2018 (r341618) @@ -38,6 +38,9 @@ endif L_CFLAGS += -DCONFIG_CTRL_IFACE_CLIENT_DIR=\"/data/misc/wifi/sockets\" L_CFLAGS += -DCONFIG_CTRL_IFACE_DIR=\"/data/system/hostapd\" +# Use Android specific directory for hostapd_cli command completion history +L_CFLAGS += -DCONFIG_HOSTAPD_CLI_HISTORY_DIR=\"/data/misc/wifi\" + # To force sizeof(enum) = 4 ifeq ($(TARGET_ARCH),arm) L_CFLAGS += -mabi=aapcs-linux @@ -212,11 +215,6 @@ L_CFLAGS += -DCONFIG_RSN_PREAUTH CONFIG_L2_PACKET=y endif -ifdef CONFIG_PEERKEY -L_CFLAGS += -DCONFIG_PEERKEY -OBJS += src/ap/peerkey_auth.c -endif - ifdef CONFIG_HS20 NEED_AES_OMAC1=y CONFIG_PROXYARP=y @@ -244,13 +242,22 @@ NEED_AES_OMAC1=y endif ifdef CONFIG_IEEE80211R -L_CFLAGS += -DCONFIG_IEEE80211R +L_CFLAGS += -DCONFIG_IEEE80211R -DCONFIG_IEEE80211R_AP OBJS += src/ap/wpa_auth_ft.c NEED_SHA256=y NEED_AES_OMAC1=y NEED_AES_UNWRAP=y +NEED_AES_SIV=y +NEED_ETH_P_OUI=y +NEED_SHA256=y +NEED_HMAC_SHA256_KDF=y endif +ifdef NEED_ETH_P_OUI +L_CFLAGS += -DCONFIG_ETH_P_OUI +OBJS += src/ap/eth_p_oui.c +endif + ifdef CONFIG_SAE L_CFLAGS += -DCONFIG_SAE OBJS += src/common/sae.c @@ -258,8 +265,30 @@ NEED_ECC=y NEED_DH_GROUPS=y endif +ifdef CONFIG_OWE +L_CFLAGS += -DCONFIG_OWE +NEED_ECC=y +NEED_HMAC_SHA256_KDF=y +NEED_HMAC_SHA384_KDF=y +NEED_HMAC_SHA512_KDF=y +NEED_SHA256=y +NEED_SHA384=y +NEED_SHA512=y +endif + +ifdef CONFIG_FILS +L_CFLAGS += -DCONFIG_FILS +OBJS += src/ap/fils_hlp.c +NEED_SHA384=y +NEED_AES_SIV=y +ifdef CONFIG_FILS_SK_PFS +L_CFLAGS += -DCONFIG_FILS_SK_PFS +NEED_ECC=y +endif +endif + ifdef CONFIG_WNM -L_CFLAGS += -DCONFIG_WNM +L_CFLAGS += -DCONFIG_WNM -DCONFIG_WNM_AP OBJS += src/ap/wnm_ap.c endif @@ -271,6 +300,10 @@ ifdef CONFIG_IEEE80211AC L_CFLAGS += -DCONFIG_IEEE80211AC endif +ifdef CONFIG_IEEE80211AX +L_CFLAGS += -DCONFIG_IEEE80211AX +endif + ifdef CONFIG_MBO L_CFLAGS += -DCONFIG_MBO OBJS += src/ap/mbo_ap.c @@ -422,6 +455,7 @@ ifdef CONFIG_EAP_PWD L_CFLAGS += -DEAP_SERVER_PWD OBJS += src/eap_server/eap_server_pwd.c src/eap_common/eap_pwd_common.c NEED_SHA256=y +NEED_ECC=y endif ifdef CONFIG_EAP_EKE @@ -499,6 +533,23 @@ endif endif +ifdef CONFIG_DPP +L_CFLAGS += -DCONFIG_DPP +OBJS += src/common/dpp.c +OBJS += src/ap/dpp_hostapd.c +OBJS += src/ap/gas_query_ap.c +NEED_AES_SIV=y +NEED_HMAC_SHA256_KDF=y +NEED_HMAC_SHA384_KDF=y +NEED_HMAC_SHA512_KDF=y +NEED_SHA256=y +NEED_SHA384=y +NEED_SHA512=y +NEED_JSON=y +NEED_GAS=y +NEED_BASE64=y +endif + ifdef CONFIG_EAP_IKEV2 L_CFLAGS += -DEAP_SERVER_IKEV2 OBJS += src/eap_server/eap_server_ikev2.c src/eap_server/ikev2.c @@ -581,25 +632,40 @@ NEED_SHA256=y NEED_TLS_PRF_SHA256=y LIBS += -lcrypto LIBS_h += -lcrypto +ifndef CONFIG_TLS_DEFAULT_CIPHERS +CONFIG_TLS_DEFAULT_CIPHERS = "DEFAULT:!EXP:!LOW" endif +L_CFLAGS += -DTLS_DEFAULT_CIPHERS=\"$(CONFIG_TLS_DEFAULT_CIPHERS)\" +endif ifeq ($(CONFIG_TLS), gnutls) +ifndef CONFIG_CRYPTO +# default to libgcrypt +CONFIG_CRYPTO=gnutls +endif ifdef TLS_FUNCS OBJS += src/crypto/tls_gnutls.c LIBS += -lgnutls -lgpg-error endif -OBJS += src/crypto/crypto_gnutls.c -HOBJS += src/crypto/crypto_gnutls.c +OBJS += src/crypto/crypto_$(CONFIG_CRYPTO).c +HOBJS += src/crypto/crypto_$(CONFIG_CRYPTO).c ifdef NEED_FIPS186_2_PRF OBJS += src/crypto/fips_prf_internal.c OBJS += src/crypto/sha1-internal.c endif +ifeq ($(CONFIG_CRYPTO), gnutls) LIBS += -lgcrypt LIBS_h += -lgcrypt -CONFIG_INTERNAL_SHA256=y CONFIG_INTERNAL_RC4=y CONFIG_INTERNAL_DH_GROUP5=y endif +ifeq ($(CONFIG_CRYPTO), nettle) +LIBS += -lnettle -lgmp +LIBS_p += -lnettle -lgmp +CONFIG_INTERNAL_RC4=y +CONFIG_INTERNAL_DH_GROUP5=y +endif +endif ifeq ($(CONFIG_TLS), internal) ifndef CONFIG_CRYPTO @@ -715,7 +781,13 @@ endif ifdef NEED_AES_EAX AESOBJS += src/crypto/aes-eax.c NEED_AES_CTR=y +NEED_AES_OMAC1=y endif +ifdef NEED_AES_SIV +AESOBJS += src/crypto/aes-siv.c +NEED_AES_CTR=y +NEED_AES_OMAC1=y +endif ifdef NEED_AES_CTR AESOBJS += src/crypto/aes-ctr.c endif @@ -749,8 +821,10 @@ endif SHA1OBJS = ifdef NEED_SHA1 ifneq ($(CONFIG_TLS), openssl) +ifneq ($(CONFIG_TLS), gnutls) SHA1OBJS += src/crypto/sha1.c endif +endif SHA1OBJS += src/crypto/sha1-prf.c ifdef CONFIG_INTERNAL_SHA1 SHA1OBJS += src/crypto/sha1-internal.c @@ -774,8 +848,10 @@ OBJS += $(SHA1OBJS) endif ifneq ($(CONFIG_TLS), openssl) +ifneq ($(CONFIG_TLS), gnutls) OBJS += src/crypto/md5.c endif +endif ifdef NEED_MD5 ifdef CONFIG_INTERNAL_MD5 @@ -811,8 +887,10 @@ endif ifdef NEED_SHA256 L_CFLAGS += -DCONFIG_SHA256 ifneq ($(CONFIG_TLS), openssl) +ifneq ($(CONFIG_TLS), gnutls) OBJS += src/crypto/sha256.c endif +endif OBJS += src/crypto/sha256-prf.c ifdef CONFIG_INTERNAL_SHA256 OBJS += src/crypto/sha256-internal.c @@ -820,11 +898,36 @@ endif ifdef NEED_TLS_PRF_SHA256 OBJS += src/crypto/sha256-tlsprf.c endif +ifdef NEED_HMAC_SHA256_KDF +OBJS += src/crypto/sha256-kdf.c endif +ifdef NEED_HMAC_SHA384_KDF +OBJS += src/crypto/sha384-kdf.c +endif +ifdef NEED_HMAC_SHA512_KDF +OBJS += src/crypto/sha512-kdf.c +endif +endif ifdef NEED_SHA384 L_CFLAGS += -DCONFIG_SHA384 +ifneq ($(CONFIG_TLS), openssl) +ifneq ($(CONFIG_TLS), gnutls) +OBJS += src/crypto/sha384.c +endif +endif OBJS += src/crypto/sha384-prf.c endif +ifdef NEED_SHA512 +L_CFLAGS += -DCONFIG_SHA512 +ifneq ($(CONFIG_TLS), openssl) +ifneq ($(CONFIG_TLS), linux) +ifneq ($(CONFIG_TLS), gnutls) +OBJS += src/crypto/sha512.c +endif +endif +endif +OBJS += src/crypto/sha512-prf.c +endif ifdef CONFIG_INTERNAL_SHA384 L_CFLAGS += -DCONFIG_INTERNAL_SHA384 @@ -881,6 +984,11 @@ ifdef NEED_BASE64 OBJS += src/utils/base64.c endif +ifdef NEED_JSON +OBJS += src/utils/json.c +L_CFLAGS += -DCONFIG_JSON +endif + ifdef NEED_AP_MLME OBJS += src/ap/wmm.c OBJS += src/ap/ap_list.c @@ -897,6 +1005,10 @@ ifdef CONFIG_IEEE80211AC OBJS += src/ap/ieee802_11_vht.c endif +ifdef CONFIG_IEEE80211AX +OBJS += src/ap/ieee802_11_he.c +endif + ifdef CONFIG_P2P_MANAGER L_CFLAGS += -DCONFIG_P2P_MANAGER OBJS += src/ap/p2p_hostapd.c @@ -910,6 +1022,10 @@ endif ifdef CONFIG_INTERWORKING L_CFLAGS += -DCONFIG_INTERWORKING +NEED_GAS=y +endif + +ifdef NEED_GAS OBJS += src/common/gas.c OBJS += src/ap/gas_serv.c endif @@ -935,6 +1051,10 @@ ifdef CONFIG_NO_STDOUT_DEBUG L_CFLAGS += -DCONFIG_NO_STDOUT_DEBUG endif +ifdef CONFIG_DEBUG_SYSLOG +L_CFLAGS += -DCONFIG_DEBUG_SYSLOG +endif + ifdef CONFIG_DEBUG_LINUX_TRACING L_CFLAGS += -DCONFIG_DEBUG_LINUX_TRACING endif @@ -968,6 +1088,7 @@ endif include $(CLEAR_VARS) LOCAL_MODULE := hostapd_cli LOCAL_MODULE_TAGS := debug +LOCAL_PROPRIETARY_MODULE := true LOCAL_SHARED_LIBRARIES := libc libcutils liblog LOCAL_CFLAGS := $(L_CFLAGS) LOCAL_SRC_FILES := $(OBJS_c) @@ -978,6 +1099,7 @@ include $(BUILD_EXECUTABLE) include $(CLEAR_VARS) LOCAL_MODULE := hostapd LOCAL_MODULE_TAGS := optional +LOCAL_PROPRIETARY_MODULE := true ifdef CONFIG_DRIVER_CUSTOM LOCAL_STATIC_LIBRARIES := libCustomWifi endif Modified: vendor/wpa/dist/hostapd/ChangeLog ============================================================================== --- vendor/wpa/dist/hostapd/ChangeLog Thu Dec 6 04:36:02 2018 (r341617) +++ vendor/wpa/dist/hostapd/ChangeLog Thu Dec 6 05:04:28 2018 (r341618) @@ -1,5 +1,60 @@ ChangeLog for hostapd +2018-12-02 - v2.7 + * fixed WPA packet number reuse with replayed messages and key + reinstallation + [http://w1.fi/security/2017-1/] (CVE-2017-13082) + * added support for FILS (IEEE 802.11ai) shared key authentication + * added support for OWE (Opportunistic Wireless Encryption, RFC 8110; + and transition mode defined by WFA) + * added support for DPP (Wi-Fi Device Provisioning Protocol) + * FT: + - added local generation of PMK-R0/PMK-R1 for FT-PSK + (ft_psk_generate_local=1) + - replaced inter-AP protocol with a cleaner design that is more + easily extensible; this breaks backward compatibility and requires + all APs in the ESS to be updated at the same time to maintain FT + functionality + - added support for wildcard R0KH/R1KH + - replaced r0_key_lifetime (minutes) parameter with + ft_r0_key_lifetime (seconds) + - fixed wpa_psk_file use for FT-PSK + - fixed FT-SAE PMKID matching + - added expiration to PMK-R0 and PMK-R1 cache + - added IEEE VLAN support (including tagged VLANs) + - added support for SHA384 based AKM + * SAE + - fixed some PMKSA caching cases with SAE + - added support for configuring SAE password separately of the + WPA2 PSK/passphrase + - added option to require MFP for SAE associations + (sae_require_pmf=1) + - fixed PTK and EAPOL-Key integrity and key-wrap algorithm selection + for SAE; + note: this is not backwards compatible, i.e., both the AP and + station side implementations will need to be update at the same + time to maintain interoperability + - added support for Password Identifier + * hostapd_cli: added support for command history and completion + * added support for requesting beacon report + * large number of other fixes, cleanup, and extensions + * added option to configure EAPOL-Key retry limits + (wpa_group_update_count and wpa_pairwise_update_count) + * removed all PeerKey functionality + * fixed nl80211 AP mode configuration regression with Linux 4.15 and + newer + * added support for using wolfSSL cryptographic library + * fixed some 20/40 MHz coexistence cases where the BSS could drop to + 20 MHz even when 40 MHz would be allowed + * Hotspot 2.0 + - added support for setting Venue URL ANQP-element (venue_url) + - added support for advertising Hotspot 2.0 operator icons + - added support for Roaming Consortium Selection element + - added support for Terms and Conditions + - added support for OSEN connection in a shared RSN BSS + * added support for using OpenSSL 1.1.1 + * added EAP-pwd server support for salted passwords + 2016-10-02 - v2.6 * fixed EAP-pwd last fragment validation [http://w1.fi/security/2015-7/] (CVE-2015-5314) Modified: vendor/wpa/dist/hostapd/Makefile ============================================================================== --- vendor/wpa/dist/hostapd/Makefile Thu Dec 6 04:36:02 2018 (r341617) +++ vendor/wpa/dist/hostapd/Makefile Thu Dec 6 05:04:28 2018 (r341618) @@ -258,11 +258,6 @@ CFLAGS += -DCONFIG_RSN_PREAUTH CONFIG_L2_PACKET=y endif -ifdef CONFIG_PEERKEY -CFLAGS += -DCONFIG_PEERKEY -OBJS += ../src/ap/peerkey_auth.o -endif - ifdef CONFIG_HS20 NEED_AES_OMAC1=y CONFIG_PROXYARP=y @@ -290,13 +285,22 @@ NEED_AES_OMAC1=y endif ifdef CONFIG_IEEE80211R -CFLAGS += -DCONFIG_IEEE80211R +CFLAGS += -DCONFIG_IEEE80211R -DCONFIG_IEEE80211R_AP OBJS += ../src/ap/wpa_auth_ft.o NEED_SHA256=y NEED_AES_OMAC1=y NEED_AES_UNWRAP=y +NEED_AES_SIV=y +NEED_ETH_P_OUI=y +NEED_SHA256=y +NEED_HMAC_SHA256_KDF=y endif +ifdef NEED_ETH_P_OUI +CFLAGS += -DCONFIG_ETH_P_OUI +OBJS += ../src/ap/eth_p_oui.o +endif + ifdef CONFIG_SAE CFLAGS += -DCONFIG_SAE OBJS += ../src/common/sae.o @@ -305,8 +309,30 @@ NEED_DH_GROUPS=y NEED_AP_MLME=y endif +ifdef CONFIG_OWE +CFLAGS += -DCONFIG_OWE +NEED_ECC=y +NEED_HMAC_SHA256_KDF=y +NEED_HMAC_SHA384_KDF=y +NEED_HMAC_SHA512_KDF=y +NEED_SHA256=y +NEED_SHA384=y +NEED_SHA512=y +endif + +ifdef CONFIG_FILS +CFLAGS += -DCONFIG_FILS +OBJS += ../src/ap/fils_hlp.o +NEED_SHA384=y +NEED_AES_SIV=y +ifdef CONFIG_FILS_SK_PFS +CFLAGS += -DCONFIG_FILS_SK_PFS +NEED_ECC=y +endif +endif + ifdef CONFIG_WNM -CFLAGS += -DCONFIG_WNM +CFLAGS += -DCONFIG_WNM -DCONFIG_WNM_AP OBJS += ../src/ap/wnm_ap.o endif @@ -318,6 +344,11 @@ ifdef CONFIG_IEEE80211AC CFLAGS += -DCONFIG_IEEE80211AC endif +ifdef CONFIG_IEEE80211AX +CFLAGS += -DCONFIG_IEEE80211AX +OBJS += ../src/ap/ieee802_11_he.o +endif + ifdef CONFIG_MBO CFLAGS += -DCONFIG_MBO OBJS += ../src/ap/mbo_ap.o @@ -458,6 +489,7 @@ ifdef CONFIG_EAP_PWD CFLAGS += -DEAP_SERVER_PWD OBJS += ../src/eap_server/eap_server_pwd.o ../src/eap_common/eap_pwd_common.o NEED_SHA256=y +NEED_ECC=y endif ifdef CONFIG_EAP_EKE @@ -535,6 +567,23 @@ endif endif +ifdef CONFIG_DPP +CFLAGS += -DCONFIG_DPP +OBJS += ../src/common/dpp.o +OBJS += ../src/ap/dpp_hostapd.o +OBJS += ../src/ap/gas_query_ap.o +NEED_AES_SIV=y +NEED_HMAC_SHA256_KDF=y +NEED_HMAC_SHA384_KDF=y +NEED_HMAC_SHA512_KDF=y +NEED_SHA256=y +NEED_SHA384=y +NEED_SHA512=y +NEED_JSON=y +NEED_GAS=y +NEED_BASE64=y +endif + ifdef CONFIG_EAP_IKEV2 CFLAGS += -DEAP_SERVER_IKEV2 OBJS += ../src/eap_server/eap_server_ikev2.o ../src/eap_server/ikev2.o @@ -602,7 +651,29 @@ CFLAGS += -DCONFIG_TLSV12 NEED_SHA256=y endif +ifeq ($(CONFIG_TLS), wolfssl) +CONFIG_CRYPTO=wolfssl +ifdef TLS_FUNCS +OBJS += ../src/crypto/tls_wolfssl.o +LIBS += -lwolfssl -lm +endif +OBJS += ../src/crypto/crypto_wolfssl.o +HOBJS += ../src/crypto/crypto_wolfssl.o +ifdef NEED_FIPS186_2_PRF +OBJS += ../src/crypto/fips_prf_wolfssl.o +endif +NEED_SHA256=y +NEED_TLS_PRF_SHA256=y +LIBS += -lwolfssl -lm +LIBS_h += -lwolfssl -lm +ifdef CONFIG_TLS_ADD_DL +LIBS += -ldl +LIBS_h += -ldl +endif +endif + ifeq ($(CONFIG_TLS), openssl) +CONFIG_CRYPTO=openssl ifdef TLS_FUNCS OBJS += ../src/crypto/tls_openssl.o OBJS += ../src/crypto/tls_openssl_ocsp.o @@ -617,29 +688,46 @@ NEED_SHA256=y NEED_TLS_PRF_SHA256=y LIBS += -lcrypto LIBS_h += -lcrypto +LIBS_n += -lcrypto ifdef CONFIG_TLS_ADD_DL LIBS += -ldl LIBS_h += -ldl endif +ifndef CONFIG_TLS_DEFAULT_CIPHERS +CONFIG_TLS_DEFAULT_CIPHERS = "DEFAULT:!EXP:!LOW" endif +CFLAGS += -DTLS_DEFAULT_CIPHERS=\"$(CONFIG_TLS_DEFAULT_CIPHERS)\" +endif ifeq ($(CONFIG_TLS), gnutls) +ifndef CONFIG_CRYPTO +# default to libgcrypt +CONFIG_CRYPTO=gnutls +endif ifdef TLS_FUNCS OBJS += ../src/crypto/tls_gnutls.o LIBS += -lgnutls -lgpg-error endif -OBJS += ../src/crypto/crypto_gnutls.o -HOBJS += ../src/crypto/crypto_gnutls.o +OBJS += ../src/crypto/crypto_$(CONFIG_CRYPTO).o +HOBJS += ../src/crypto/crypto_$(CONFIG_CRYPTO).o ifdef NEED_FIPS186_2_PRF OBJS += ../src/crypto/fips_prf_internal.o SHA1OBJS += ../src/crypto/sha1-internal.o endif +ifeq ($(CONFIG_CRYPTO), gnutls) LIBS += -lgcrypt LIBS_h += -lgcrypt -CONFIG_INTERNAL_SHA256=y +LIBS_n += -lgcrypt CONFIG_INTERNAL_RC4=y CONFIG_INTERNAL_DH_GROUP5=y endif +ifeq ($(CONFIG_CRYPTO), nettle) +LIBS += -lnettle -lgmp +LIBS_p += -lnettle -lgmp +CONFIG_INTERNAL_RC4=y +CONFIG_INTERNAL_DH_GROUP5=y +endif +endif ifeq ($(CONFIG_TLS), internal) ifndef CONFIG_CRYPTO @@ -720,6 +808,47 @@ CONFIG_INTERNAL_RC4=y endif endif +ifeq ($(CONFIG_TLS), linux) +OBJS += ../src/crypto/crypto_linux.o +ifdef TLS_FUNCS +OBJS += ../src/crypto/crypto_internal-rsa.o +OBJS += ../src/crypto/tls_internal.o +OBJS += ../src/tls/tlsv1_common.o +OBJS += ../src/tls/tlsv1_record.o +OBJS += ../src/tls/tlsv1_cred.o +OBJS += ../src/tls/tlsv1_server.o +OBJS += ../src/tls/tlsv1_server_write.o +OBJS += ../src/tls/tlsv1_server_read.o +OBJS += ../src/tls/asn1.o +OBJS += ../src/tls/rsa.o +OBJS += ../src/tls/x509v3.o +OBJS += ../src/tls/pkcs1.o +OBJS += ../src/tls/pkcs5.o +OBJS += ../src/tls/pkcs8.o +NEED_SHA256=y +NEED_BASE64=y +NEED_TLS_PRF=y +ifdef CONFIG_TLSV12 +NEED_TLS_PRF_SHA256=y +endif +NEED_MODEXP=y +NEED_CIPHER=y +CFLAGS += -DCONFIG_TLS_INTERNAL +CFLAGS += -DCONFIG_TLS_INTERNAL_SERVER +endif +ifdef NEED_MODEXP +OBJS += ../src/crypto/crypto_internal-modexp.o +OBJS += ../src/tls/bignum.o +CFLAGS += -DCONFIG_INTERNAL_LIBTOMMATH +CFLAGS += -DLTM_FAST +endif +CONFIG_INTERNAL_DH_GROUP5=y +ifdef NEED_FIPS186_2_PRF +OBJS += ../src/crypto/fips_prf_internal.o +OBJS += ../src/crypto/sha1-internal.o +endif +endif + ifeq ($(CONFIG_TLS), none) ifdef TLS_FUNCS OBJS += ../src/crypto/tls_none.o @@ -750,12 +879,20 @@ AESOBJS += ../src/crypto/aes-internal.o ../src/crypto/ endif ifneq ($(CONFIG_TLS), openssl) +ifneq ($(CONFIG_TLS), wolfssl) AESOBJS += ../src/crypto/aes-wrap.o endif +endif ifdef NEED_AES_EAX AESOBJS += ../src/crypto/aes-eax.o NEED_AES_CTR=y +NEED_AES_OMAC1=y endif +ifdef NEED_AES_SIV +AESOBJS += ../src/crypto/aes-siv.o +NEED_AES_CTR=y +NEED_AES_OMAC1=y +endif ifdef NEED_AES_CTR AESOBJS += ../src/crypto/aes-ctr.o endif @@ -763,20 +900,32 @@ ifdef NEED_AES_ENCBLOCK AESOBJS += ../src/crypto/aes-encblock.o endif ifdef NEED_AES_OMAC1 +ifneq ($(CONFIG_TLS), linux) +ifneq ($(CONFIG_TLS), wolfssl) AESOBJS += ../src/crypto/aes-omac1.o endif +endif +endif ifdef NEED_AES_UNWRAP ifneq ($(CONFIG_TLS), openssl) +ifneq ($(CONFIG_TLS), linux) +ifneq ($(CONFIG_TLS), wolfssl) NEED_AES_DEC=y AESOBJS += ../src/crypto/aes-unwrap.o endif endif +endif +endif ifdef NEED_AES_CBC NEED_AES_DEC=y ifneq ($(CONFIG_TLS), openssl) +ifneq ($(CONFIG_TLS), linux) +ifneq ($(CONFIG_TLS), wolfssl) AESOBJS += ../src/crypto/aes-cbc.o endif endif +endif +endif ifdef NEED_AES_DEC ifdef CONFIG_INTERNAL_AES AESOBJS += ../src/crypto/aes-internal-dec.o @@ -788,8 +937,14 @@ endif ifdef NEED_SHA1 ifneq ($(CONFIG_TLS), openssl) +ifneq ($(CONFIG_TLS), linux) +ifneq ($(CONFIG_TLS), gnutls) +ifneq ($(CONFIG_TLS), wolfssl) SHA1OBJS += ../src/crypto/sha1.o endif +endif +endif +endif SHA1OBJS += ../src/crypto/sha1-prf.o ifdef CONFIG_INTERNAL_SHA1 SHA1OBJS += ../src/crypto/sha1-internal.o @@ -798,8 +953,10 @@ SHA1OBJS += ../src/crypto/fips_prf_internal.o endif endif ifneq ($(CONFIG_TLS), openssl) +ifneq ($(CONFIG_TLS), wolfssl) SHA1OBJS += ../src/crypto/sha1-pbkdf2.o endif +endif ifdef NEED_T_PRF SHA1OBJS += ../src/crypto/sha1-tprf.o endif @@ -813,8 +970,14 @@ OBJS += $(SHA1OBJS) endif ifneq ($(CONFIG_TLS), openssl) +ifneq ($(CONFIG_TLS), linux) +ifneq ($(CONFIG_TLS), gnutls) +ifneq ($(CONFIG_TLS), wolfssl) OBJS += ../src/crypto/md5.o endif +endif +endif +endif ifdef NEED_MD5 ifdef CONFIG_INTERNAL_MD5 @@ -830,6 +993,7 @@ endif endif ifdef NEED_DES +CFLAGS += -DCONFIG_DES ifdef CONFIG_INTERNAL_DES OBJS += ../src/crypto/des-internal.o endif @@ -850,8 +1014,14 @@ endif ifdef NEED_SHA256 CFLAGS += -DCONFIG_SHA256 ifneq ($(CONFIG_TLS), openssl) +ifneq ($(CONFIG_TLS), linux) +ifneq ($(CONFIG_TLS), gnutls) +ifneq ($(CONFIG_TLS), wolfssl) OBJS += ../src/crypto/sha256.o endif +endif +endif +endif OBJS += ../src/crypto/sha256-prf.o ifdef CONFIG_INTERNAL_SHA256 OBJS += ../src/crypto/sha256-internal.o @@ -862,11 +1032,39 @@ endif ifdef NEED_HMAC_SHA256_KDF OBJS += ../src/crypto/sha256-kdf.o endif +ifdef NEED_HMAC_SHA384_KDF +OBJS += ../src/crypto/sha384-kdf.o endif +ifdef NEED_HMAC_SHA512_KDF +OBJS += ../src/crypto/sha512-kdf.o +endif +endif ifdef NEED_SHA384 CFLAGS += -DCONFIG_SHA384 +ifneq ($(CONFIG_TLS), openssl) +ifneq ($(CONFIG_TLS), linux) +ifneq ($(CONFIG_TLS), gnutls) +ifneq ($(CONFIG_TLS), wolfssl) +OBJS += ../src/crypto/sha384.o +endif +endif +endif +endif OBJS += ../src/crypto/sha384-prf.o endif +ifdef NEED_SHA512 +CFLAGS += -DCONFIG_SHA512 +ifneq ($(CONFIG_TLS), openssl) +ifneq ($(CONFIG_TLS), linux) +ifneq ($(CONFIG_TLS), gnutls) +ifneq ($(CONFIG_TLS), wolfssl) +OBJS += ../src/crypto/sha512.o +endif +endif +endif +endif +OBJS += ../src/crypto/sha512-prf.o +endif ifdef CONFIG_INTERNAL_SHA384 CFLAGS += -DCONFIG_INTERNAL_SHA384 @@ -902,9 +1100,13 @@ HOBJS += ../src/crypto/random.o HOBJS += ../src/utils/eloop.o HOBJS += $(SHA1OBJS) ifneq ($(CONFIG_TLS), openssl) +ifneq ($(CONFIG_TLS), linux) +ifneq ($(CONFIG_TLS), wolfssl) HOBJS += ../src/crypto/md5.o endif endif +endif +endif ifdef CONFIG_RADIUS_SERVER CFLAGS += -DRADIUS_SERVER @@ -923,6 +1125,11 @@ ifdef NEED_BASE64 OBJS += ../src/utils/base64.o endif +ifdef NEED_JSON +OBJS += ../src/utils/json.o +CFLAGS += -DCONFIG_JSON +endif + ifdef NEED_AP_MLME OBJS += ../src/ap/wmm.o OBJS += ../src/ap/ap_list.o @@ -952,6 +1159,10 @@ endif ifdef CONFIG_INTERWORKING CFLAGS += -DCONFIG_INTERWORKING +NEED_GAS=y +endif + +ifdef NEED_GAS OBJS += ../src/common/gas.o OBJS += ../src/ap/gas_serv.o endif @@ -983,6 +1194,10 @@ ifdef CONFIG_NO_STDOUT_DEBUG CFLAGS += -DCONFIG_NO_STDOUT_DEBUG endif +ifdef CONFIG_DEBUG_SYSLOG +CFLAGS += -DCONFIG_DEBUG_SYSLOG +endif + ifdef CONFIG_DEBUG_LINUX_TRACING CFLAGS += -DCONFIG_DEBUG_LINUX_TRACING endif @@ -1082,22 +1297,23 @@ endif ifdef CONFIG_INTERNAL_MD5 NOBJS += ../src/crypto/md5-internal.o endif -NOBJS += ../src/crypto/crypto_openssl.o ../src/utils/os_$(CONFIG_OS).o +NOBJS += ../src/crypto/crypto_$(CONFIG_CRYPTO).o +NOBJS += ../src/utils/os_$(CONFIG_OS).o NOBJS += ../src/utils/wpa_debug.o NOBJS += ../src/utils/wpabuf.o ifdef CONFIG_WPA_TRACE NOBJS += ../src/utils/trace.o LIBS_n += -lbfd endif -ifdef TLS_FUNCS -LIBS_n += -lcrypto -endif HOBJS += hlr_auc_gw.o ../src/utils/common.o ../src/utils/wpa_debug.o ../src/utils/os_$(CONFIG_OS).o ../src/utils/wpabuf.o ../src/crypto/milenage.o HOBJS += ../src/crypto/aes-encblock.o ifdef CONFIG_INTERNAL_AES HOBJS += ../src/crypto/aes-internal.o HOBJS += ../src/crypto/aes-internal-enc.o +endif +ifeq ($(CONFIG_TLS), linux) +HOBJS += ../src/crypto/crypto_linux.o endif nt_password_hash: $(NOBJS) Modified: vendor/wpa/dist/hostapd/README ============================================================================== --- vendor/wpa/dist/hostapd/README Thu Dec 6 04:36:02 2018 (r341617) +++ vendor/wpa/dist/hostapd/README Thu Dec 6 05:04:28 2018 (r341618) @@ -2,7 +2,7 @@ hostapd - user space IEEE 802.11 AP and IEEE 802.1X/WP Authenticator and RADIUS authentication server ================================================================ -Copyright (c) 2002-2016, Jouni Malinen and contributors +Copyright (c) 2002-2018, Jouni Malinen and contributors All Rights Reserved. This program is licensed under the BSD license (the one with @@ -70,7 +70,7 @@ Requirements Current hardware/software requirements: - drivers: Host AP driver for Prism2/2.5/3. - (http://hostap.epitest.fi/) + (http://w1.fi/hostap-driver.html) Please note that station firmware version needs to be 1.7.0 or newer to work in WPA mode. @@ -81,8 +81,7 @@ Current hardware/software requirements: Any wired Ethernet driver for wired IEEE 802.1X authentication (experimental code) - FreeBSD -current (with some kernel mods that have not yet been - committed when hostapd v0.3.0 was released) + FreeBSD -current BSD net80211 layer (e.g., Atheros driver) @@ -186,24 +185,14 @@ Authenticator and RADIUS encapsulation between the Aut the Authentication Server. Other than this, the functionality is similar to the case with the co-located Authentication Server. -Authentication Server and Supplicant ------------------------------------- +Authentication Server +--------------------- Any RADIUS server supporting EAP should be usable as an IEEE 802.1X Authentication Server with hostapd Authenticator. FreeRADIUS (http://www.freeradius.org/) has been successfully tested with hostapd -Authenticator and both Xsupplicant (http://www.open1x.org) and Windows -XP Supplicants. EAP/TLS was used with Xsupplicant and -EAP/MD5-Challenge with Windows XP. +Authenticator. -http://www.missl.cs.umd.edu/wireless/eaptls/ has useful information -about using EAP/TLS with FreeRADIUS and Xsupplicant (just replace -Cisco access point with Host AP driver, hostapd daemon, and a Prism2 -card ;-). http://www.freeradius.org/doc/EAP-MD5.html has information -about using EAP/MD5 with FreeRADIUS, including instructions for WinXP -configuration. http://www.denobula.com/EAPTLS.pdf has a HOWTO on -EAP/TLS use with WinXP Supplicant. - Automatic WEP key configuration ------------------------------- @@ -243,16 +232,15 @@ networks that require some kind of security. Task grou of IEEE 802.11 working group (http://www.ieee802.org/11/) has worked to address the flaws of the base standard and has in practice completed its work in May 2004. The IEEE 802.11i amendment to the IEEE -802.11 standard was approved in June 2004 and this amendment is likely -to be published in July 2004. +802.11 standard was approved in June 2004 and this amendment was +published in July 2004. Wi-Fi Alliance (http://www.wi-fi.org/) used a draft version of the IEEE 802.11i work (draft 3.0) to define a subset of the security enhancements that can be implemented with existing wlan hardware. This is called Wi-Fi Protected Access (WPA). This has now become a mandatory component of interoperability testing and certification done -by Wi-Fi Alliance. Wi-Fi provides information about WPA at its web -site (http://www.wi-fi.org/OpenSection/protected_access.asp). +by Wi-Fi Alliance. IEEE 802.11 standard defined wired equivalent privacy (WEP) algorithm for protecting wireless networks. WEP uses RC4 with 40-bit keys, Modified: vendor/wpa/dist/hostapd/android.config ============================================================================== --- vendor/wpa/dist/hostapd/android.config Thu Dec 6 04:36:02 2018 (r341617) +++ vendor/wpa/dist/hostapd/android.config Thu Dec 6 05:04:28 2018 (r341618) @@ -44,9 +44,6 @@ CONFIG_DRIVER_NL80211_QCA=y # WPA2/IEEE 802.11i RSN pre-authentication #CONFIG_RSN_PREAUTH=y -# PeerKey handshake for Station to Station Link (IEEE 802.11e DLS) -#CONFIG_PEERKEY=y - # IEEE 802.11w (management frame protection) # This version is an experimental implementation based on IEEE 802.11w/D1.0 # draft and is subject to change since the standard has not yet been finalized. @@ -199,3 +196,17 @@ CONFIG_AP=y # These extentions facilitate efficient use of multiple frequency bands # available to the AP and the devices that may associate with it. #CONFIG_MBO=y + +# Include internal line edit mode in hostapd_cli. +CONFIG_WPA_CLI_EDIT=y + +# Opportunistic Wireless Encryption (OWE) +# Experimental implementation of draft-harkins-owe-07.txt +#CONFIG_OWE=y + +# Wpa_supplicant's random pool is not necessary on Android. Randomness is +# already provided by the entropymixer service which ensures sufficient +# entropy is maintained across reboots. Commit b410eb1913 'Initialize +# /dev/urandom earlier in boot' seeds /dev/urandom with that entropy before +# either wpa_supplicant or hostapd are run. +CONFIG_NO_RANDOM_POOL=y Modified: vendor/wpa/dist/hostapd/config_file.c ============================================================================== --- vendor/wpa/dist/hostapd/config_file.c Thu Dec 6 04:36:02 2018 (r341617) +++ vendor/wpa/dist/hostapd/config_file.c Thu Dec 6 05:04:28 2018 (r341618) @@ -1,6 +1,6 @@ /* * hostapd / Configuration file parser - * Copyright (c) 2003-2015, Jouni Malinen + * Copyright (c) 2003-2018, Jouni Malinen * *** DIFF OUTPUT TRUNCATED AT 1000 LINES ***