From owner-dev-commits-src-all@freebsd.org Mon Sep 13 21:13:00 2021 Return-Path: Delivered-To: dev-commits-src-all@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 8C4986A9670; Mon, 13 Sep 2021 21:13:00 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4H7fMc3QlBz3PMh; Mon, 13 Sep 2021 21:13:00 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 56434614F; Mon, 13 Sep 2021 21:13:00 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 18DLD0eI065220; Mon, 13 Sep 2021 21:13:00 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 18DLD06u065219; Mon, 13 Sep 2021 21:13:00 GMT (envelope-from git) Date: Mon, 13 Sep 2021 21:13:00 GMT Message-Id: <202109132113.18DLD06u065219@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Cy Schubert Subject: git: c3ec04ec6fbf - stable/12 - [wpa] Add support for hostapd/wpa_supplicant when WITHOUT_CRYPT=YES is enabled. MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: cy X-Git-Repository: src X-Git-Refname: refs/heads/stable/12 X-Git-Reftype: branch X-Git-Commit: c3ec04ec6fbfe7cdfe521e625f42a7daef567265 Auto-Submitted: auto-generated X-BeenThere: dev-commits-src-all@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: Commit messages for all branches of the src repository List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Sep 2021 21:13:00 -0000 The branch stable/12 has been updated by cy: URL: https://cgit.FreeBSD.org/src/commit/?id=c3ec04ec6fbfe7cdfe521e625f42a7daef567265 commit c3ec04ec6fbfe7cdfe521e625f42a7daef567265 Author: Adrian Chadd AuthorDate: 2021-01-04 20:39:53 +0000 Commit: Cy Schubert CommitDate: 2021-09-13 21:12:02 +0000 [wpa] Add support for hostapd/wpa_supplicant when WITHOUT_CRYPT=YES is enabled. This builds wpa_supplicant / hostpad using internal encryption routines rather than using libcrypt. This has been supported in wpa for years now, however since we use local makefiles for this, we bitrotted dependencies and configuration options. Reviewed by: emaste Differential Revision: https://reviews.freebsd.org/D27958 (cherry picked from commit 7c5a624afae43c44d8e57eb8c5073b9b07f88064) --- share/mk/src.opts.mk | 1 - usr.sbin/wpa/Makefile.crypto | 31 +++++++++++++++++++++++++++++-- usr.sbin/wpa/hostapd/Makefile | 4 ++++ usr.sbin/wpa/wpa_supplicant/Makefile | 2 +- 4 files changed, 34 insertions(+), 4 deletions(-) diff --git a/share/mk/src.opts.mk b/share/mk/src.opts.mk index 58c3ebb4cf0f..4fd16579f863 100644 --- a/share/mk/src.opts.mk +++ b/share/mk/src.opts.mk @@ -519,7 +519,6 @@ MK_LDNS:= no MK_PKGBOOTSTRAP:= no MK_SVN:= no MK_SVNLITE:= no -MK_WIRELESS:= no .endif .if ${MK_LDNS} == "no" diff --git a/usr.sbin/wpa/Makefile.crypto b/usr.sbin/wpa/Makefile.crypto index 8f7965d1dece..71ae76dfb0cc 100644 --- a/usr.sbin/wpa/Makefile.crypto +++ b/usr.sbin/wpa/Makefile.crypto @@ -16,9 +16,13 @@ CONFIG_INTERNAL_RC4=y CONFIG_INTERNAL_SHA1=y NEED_SHA256=y CONFIG_INTERNAL_SHA256=y +NEED_SHA384=y +CONFIG_INTERNAL_SHA384=y +NEED_SHA512=y +CONFIG_INTERNAL_SHA512=y CONFIG_INTERNAL_TLS=y +NEED_DH_GROUPS=y CONFIG_INTERNAL_DH5=y -CONFIG_INTERNAL_DH=y NEED_AES_ENC=true NEED_AES_CBC=true .endif @@ -45,6 +49,7 @@ SRCS+= asn1.c \ tlsv1_client.c \ tlsv1_client_write.c \ tlsv1_client_read.c \ + tlsv1_client_ocsp.c \ x509v3.c NEED_DES=y NEED_MD4=y @@ -123,14 +128,36 @@ SRCS+= sha256-internal.c sha256-prf.c .endif .endif +.if defined(NEED_SHA384) +CFLAGS+=-DCONFIG_SHA384 +SRCS+= sha384.c +.if defined(CONFIG_INTERNAL_SHA384) +SRCS+= sha384-internal.c sha384-prf.c +.endif +.endif + +.if defined(NEED_SHA512) +CFLAGS+=-DCONFIG_SHA512 +SRCS+= sha512.c +.if defined(CONFIG_INTERNAL_SHA512) +SRCS+= sha512-internal.c sha512-prf.c +.endif +.endif + .if defined(NEED_TLS_PRF) SRCS+= sha1-tlsprf.c .endif .if defined(CONFIG_INTERNAL_DH5) +.if defined(NEED_DH_GROUPS) SRCS+= dh_group5.c .endif +.endif -.if defined(CONFIG_INTERNAL_DH) +.if defined(NEED_DH_GROUPS) SRCS+= dh_groups.c .endif + +.if defined(NEED_DH_GROUPS_ALL) +CFLAGS+=-DALL_DH_GROUPS +.endif diff --git a/usr.sbin/wpa/hostapd/Makefile b/usr.sbin/wpa/hostapd/Makefile index f5d48a32046f..101ab80a4587 100644 --- a/usr.sbin/wpa/hostapd/Makefile +++ b/usr.sbin/wpa/hostapd/Makefile @@ -162,6 +162,10 @@ SRCS+= eap_server_gtc.c \ eapol_auth_sm.c TLS_FUNCS=y +# For WPS, EAP modes, etc +NEED_DH_GROUPS=y +NEED_DH_GROUPS_ALL=y + .if !empty(CFLAGS:M*-DCONFIG_WPS) NEED_SIM_COMMON=y .endif diff --git a/usr.sbin/wpa/wpa_supplicant/Makefile b/usr.sbin/wpa/wpa_supplicant/Makefile index 9cc49ac7fcfd..55b594d8b3e8 100644 --- a/usr.sbin/wpa/wpa_supplicant/Makefile +++ b/usr.sbin/wpa/wpa_supplicant/Makefile @@ -13,7 +13,7 @@ PROG= wpa_supplicant SRCS= base64.c bitfield.c blacklist.c bss.c cli.c common.c \ config.c config_file.c \ ctrl_iface.c ctrl_iface_common.c ctrl_iface_unix.c \ - dh_groups.c driver_bsd.c driver_common.c \ + driver_bsd.c driver_common.c \ driver_ndis.c driver_wired.c driver_wired_common.c drivers.c \ eap_register.c eloop.c \ events.c gas.c gas_query.c \