Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 12 May 2012 08:22:41 +0000 (UTC)
From:      Bernhard Schmidt <bschmidt@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-9@freebsd.org
Subject:   svn commit: r235328 - in stable/9/usr.sbin/wpa: . hostapd wpa_supplicant
Message-ID:  <201205120822.q4C8MfiJ022953@svn.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: bschmidt
Date: Sat May 12 08:22:41 2012
New Revision: 235328
URL: http://svn.freebsd.org/changeset/base/235328

Log:
  MFC r234711, r234756-234759, r234786:
  
  r234711:
  fix EAP server support after the 0.7.3 import:
  - eap_xxx.c files have been renamed to eap_server_xxx.c
  - additional crypto files are required for some options
  - EAP_MD5 and EAP_GTC is now enabled by default to match vendor config
  - move each file on its own line to hopefully make further diffs easier
    to read
  
  EAP_SERVER is now enabled by default. Fiddling with HOSTAPD_CFLAGS in
  src.conf is no longer required to get a basic WPA-EAP/radius setup
  running. [1]
  
  r234756-234758:
  - Follow up r234711 and do same for the supplicant, one file/option per
    line. While here merge the options which are always enabled.
  - enable EAP_GTC and EAP_OTP to match upstream's default configuration
  - not only the file names have changed from eap_xxx.c to eap_server_xxx.c,
    the defines too
  
  r234759:
  Move crypto stuff into a common Makefile.  While here fix the
  WITHOUT_OPENSSL build by using the wpa's internal crypto support if
  openssl is not available, this allows us to unconditionally enable
  EAP support.
  
  r234786:
  Fix WITHOUT_EXAMPLES build:
  While removing unnecessary entries from .PATH.c I missed that for the
  examples WPA_SUPPLICANT_DISTDIR/HOSTAPD_DISTDIR is explicitly added to
  .PATH.

Added:
  stable/9/usr.sbin/wpa/Makefile.crypto
     - copied unchanged from r234759, head/usr.sbin/wpa/Makefile.crypto
Modified:
  stable/9/usr.sbin/wpa/Makefile.inc
  stable/9/usr.sbin/wpa/hostapd/Makefile
  stable/9/usr.sbin/wpa/wpa_supplicant/Makefile
Directory Properties:
  stable/9/usr.sbin/wpa/   (props changed)
  stable/9/usr.sbin/wpa/wpa_supplicant/   (props changed)

Copied: stable/9/usr.sbin/wpa/Makefile.crypto (from r234759, head/usr.sbin/wpa/Makefile.crypto)
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ stable/9/usr.sbin/wpa/Makefile.crypto	Sat May 12 08:22:41 2012	(r235328, copy of r234759, head/usr.sbin/wpa/Makefile.crypto)
@@ -0,0 +1,121 @@
+# $FreeBSD$
+
+.if ${MK_OPENSSL} != "no" && !defined(RELEASE_CRUNCH)
+SRCS+=	crypto_openssl.c
+DPADD+=	${LIBSSL} ${LIBCRYPTO}
+LDADD+=	-lssl -lcrypto
+.else
+CFLAGS+=-DCONFIG_CRYPTO_INTERNAL
+SRCS+=	crypto_internal.c
+CONFIG_INTERNAL_AES=y
+CONFIG_INTERNAL_DES=y
+CONFIG_INTERNAL_MD4=y
+CONFIG_INTERNAL_MD5=y
+CONFIG_INTERNAL_RC4=y
+CONFIG_INTERNAL_SHA1=y
+CONFIG_INTERNAL_SHA256=y
+CONFIG_INTERNAL_TLS=y
+NEED_AES_ENC=true
+.endif
+
+.if defined(TLS_FUNCS)
+NEED_TLS_PRF=y
+.if defined(CONFIG_INTERNAL_TLS)
+CFLAGS+=-DCONFIG_INTERNAL_LIBTOMMATH \
+	-DCONFIG_TLS_INTERNAL_CLIENT
+SRCS+=	asn1.c \
+	bignum.c \
+	crypto_internal-cipher.c \
+	crypto_internal-modexp.c \
+	crypto_internal-rsa.c \
+	pkcs1.c \
+	pkcs5.c \
+	pkcs8.c \
+	rsa.c \
+	tls_internal.c \
+	tlsv1_common.c \
+	tlsv1_record.c \
+	tlsv1_cred.c \
+	tlsv1_client.c \
+	tlsv1_client_write.c \
+	tlsv1_client_read.c \
+	x509v3.c
+NEED_DES=y
+NEED_MD4=y
+NEED_RC4=y
+.else
+CFLAGS+=-DEAP_TLS_OPENSSL
+SRCS+=	tls_openssl.c
+.endif
+.endif
+
+.if defined(CONFIG_INTERNAL_AES)
+SRCS+=	aes-internal.c \
+	aes-internal-dec.c \
+	aes-internal-enc.c
+.endif
+
+.if defined(NEED_AES_CBC)
+SRCS+=	aes-cbc.c
+.endif
+
+.if defined(NEED_AES_EAX)
+SRCS+=	aes-eax.c
+NEED_AES_CTR=y
+.endif
+
+.if defined(NEED_AES_CTR)
+SRCS+=	aes-ctr.c
+.endif
+
+.if defined(NEED_AES_ENCBLOCK)
+SRCS+=	aes-encblock.c
+.endif
+
+.if defined(NEED_AES_OMAC1)
+SRCS+=	aes-omac1.c
+.endif
+
+.if defined(NEED_DES)
+.if defined(CONFIG_INTERNAL_DES)
+SRCS+=	des-internal.c
+.endif
+.endif
+
+.if defined(NEED_MD4)
+.if defined(CONFIG_INTERNAL_MD4)
+SRCS+=	md4-internal.c
+.endif
+.endif
+
+.if defined(CONFIG_INTERNAL_MD5)
+SRCS+=	md5-internal.c
+.endif
+
+.if defined(NEED_FIPS186_2_PRF)
+.if defined(CONFIG_INTERNAL_SHA1)
+SRCS+=	fips_prf_internal.c
+.else
+SRCS+=	fips_prf_openssl.c
+.endif
+.endif
+
+.if defined(CONFIG_INTERNAL_RC4)
+SRCS+=	rc4.c
+.endif
+
+.if defined(CONFIG_INTERNAL_SHA1)
+SRCS+=	sha1-internal.c
+.endif
+
+.if defined(NEED_SHA256)
+CFLAGS+=-DCONFIG_SHA256
+SRCS+=	sha256.c
+.if defined(CONFIG_INTERNAL_SHA256)
+SRCS+=	sha256-internal.c
+.endif
+.endif
+
+.if defined(NEED_TLS_PRF)
+SRCS+=	sha1-tlsprf.c
+.endif

Modified: stable/9/usr.sbin/wpa/Makefile.inc
==============================================================================
--- stable/9/usr.sbin/wpa/Makefile.inc	Sat May 12 07:52:45 2012	(r235327)
+++ stable/9/usr.sbin/wpa/Makefile.inc	Sat May 12 08:22:41 2012	(r235328)
@@ -7,17 +7,26 @@ WPA_SUPPLICANT_DISTDIR?=${WPA_DISTDIR}/w
 HOSTAPD_DISTDIR?=	${WPA_DISTDIR}/hostapd
 
 .PATH.c:${.CURDIR}/.. \
+	${WPA_DISTDIR}/src/ap \
 	${WPA_DISTDIR}/src/common \
 	${WPA_DISTDIR}/src/crypto \
+	${WPA_DISTDIR}/src/eapol_auth \
 	${WPA_DISTDIR}/src/eap_common \
+	${WPA_DISTDIR}/src/eap_peer \
+	${WPA_DISTDIR}/src/eap_server \
 	${WPA_DISTDIR}/src/eapol_supp \
 	${WPA_DISTDIR}/src/l2_packet \
+	${WPA_DISTDIR}/src/radius \
+	${WPA_DISTDIR}/src/rsn_supp \
+	${WPA_DISTDIR}/src/tls \
 	${WPA_DISTDIR}/src/utils
 
 CFLAGS+=-I${.CURDIR}
+CFLAGS+=-I${HOSTAPD_DISTDIR}
 CFLAGS+=-I${WPA_DISTDIR}/src
 CFLAGS+=-I${WPA_DISTDIR}/src/common
 CFLAGS+=-I${WPA_DISTDIR}/src/crypto
+CFLAGS+=-I${WPA_DISTDIR}/src/drivers
 CFLAGS+=-I${WPA_DISTDIR}/src/l2_packet
 CFLAGS+=-I${WPA_DISTDIR}/src/utils
 

Modified: stable/9/usr.sbin/wpa/hostapd/Makefile
==============================================================================
--- stable/9/usr.sbin/wpa/hostapd/Makefile	Sat May 12 07:52:45 2012	(r235327)
+++ stable/9/usr.sbin/wpa/hostapd/Makefile	Sat May 12 08:22:41 2012	(r235328)
@@ -3,32 +3,58 @@
 .include "${.CURDIR}/../Makefile.inc"
 
 .PATH.c:${HOSTAPD_DISTDIR} \
-	${WPA_DISTDIR}/src/ap \
-	${WPA_DISTDIR}/src/eap_server \
-	${WPA_DISTDIR}/src/eap_common \
-	${WPA_DISTDIR}/src/eapol_auth \
-	${WPA_DISTDIR}/src/drivers \
-	${WPA_DISTDIR}/src/radius \
-	${WPA_DISTDIR}
+	${WPA_DISTDIR}/src/drivers
 
 PROG=	hostapd
-SRCS=	accounting.c aes-wrap.c ap_config.c \
-	ap_drv_ops.c ap_mlme.c authsrv.c \
-	chap.c common.c config_file.c ctrl_iface.c crypto_openssl.c \
-	ctrl_iface_ap.c drivers.c drv_callbacks.c dump_state.c \
-	eap_common.c eap_peap_common.c eap_register.c eap_server.c \
-	eap_server_gtc.c eap_server_identity.c eap_server_md5.c \
-	eap_server_methods.c eap_server_mschapv2.c eap_server_peap.c \
-	eap_server_tls.c eap_server_tls_common.c eap_server_ttls.c \
-	eapol_auth_dump.c eapol_auth_sm.c eloop.c hostapd.c ieee802_11_auth.c \
-	ieee802_11_common.c ieee802_11_ht.c ieee802_1x.c ip_addr.c \
-	md5.c main.c ms_funcs.c peerkey_auth.c pmksa_cache_auth.c \
-	preauth_auth.c radius.c radius_client.c sta_info.c \
-	sha1-pbkdf2.c sha1-tlsprf.c sha1-tprf.c sha1.c \
-	tkip_countermeasures.c utils.c \
-	vlan_init.c wpa_auth.c wpa_auth_glue.c wpa_auth_ie.c wpa_common.c \
-	wpa_debug.c wpabuf.c
-SRCS+=	l2_packet_freebsd.c driver_freebsd.c os_unix.c
+SRCS=	accounting.c \
+	aes-wrap.c \
+	ap_config.c \
+	ap_drv_ops.c \
+	ap_mlme.c \
+	authsrv.c \
+	base64.c \
+	chap.c \
+	common.c \
+	config_file.c \
+	ctrl_iface.c \
+	ctrl_iface_ap.c \
+	drivers.c \
+	drv_callbacks.c \
+	eap_common.c \
+	eap_peap_common.c \
+	eap_register.c \
+	eapol_auth_dump.c \
+	eapol_auth_sm.c \
+	eap_server.c \
+	eap_server_methods.c \
+	eloop.c \
+	hostapd.c \
+	ieee802_11_auth.c \
+	ieee802_11_common.c \
+	ieee802_1x.c \
+	ip_addr.c \
+	main.c \
+	md5.c \
+	ms_funcs.c \
+	os_unix.c \
+	peerkey_auth.c \
+	pmksa_cache_auth.c \
+	preauth_auth.c \
+	radius.c \
+	radius_client.c \
+	sha1-pbkdf2.c \
+	sha1.c \
+	sta_info.c \
+	tkip_countermeasures.c \
+	utils.c \
+	vlan_init.c \
+	wpa_auth.c \
+	wpa_auth_glue.c \
+	wpa_auth_ie.c \
+	wpa_common.c \
+	wpa_debug.c \
+	wpabuf.c
+SRCS+=	l2_packet_freebsd.c driver_freebsd.c
 
 MAN=	hostapd.8 hostapd.conf.5
 
@@ -38,16 +64,17 @@ FILESDIR= ${SHAREDIR}/examples/hostapd
 FILES=	hostapd.conf hostapd.eap_user hostapd.wpa_psk
 .endif
 
-CFLAGS+= -I${HOSTAPD_DISTDIR} -I${WPA_DISTDIR}/src/drivers
-
-CFLAGS+= -DCONFIG_DRIVER_BSD -DHOSTAPD
-CFLAGS+= -DCONFIG_DRIVER_RADIUS_ACL
+CFLAGS+=-DCONFIG_DRIVER_BSD \
+	-DHOSTAPD \
+	-DCONFIG_DRIVER_RADIUS_ACL \
+	-DCONFIG_RSN_PREAUTH \
+	-DCONFIG_PEERKEY
 .if ${MK_INET6} != "no"
 CFLAGS+= -DCONFIG_IPV6
 .endif
 #CFLAGS+= -g
-DPADD+=	${LIBPCAP} ${LIBSSL}
-LDADD+=	-lpcap -lssl
+DPADD+=	${LIBPCAP}
+LDADD+=	-lpcap
 
 # User customizations for wpa_supplicant/hostapd build environment
 CFLAGS+=${HOSTAPD_CFLAGS}
@@ -55,74 +82,63 @@ CFLAGS+=${HOSTAPD_CFLAGS}
 LDADD+=${HOSTAPD_LDADD}
 #LDFLAGS+=${HOSTAPD_LDFLAGS}
 
-.if !empty(CFLAGS:M*-DEAP_SERVER)
-#SRCS+=	eap.c eap_methods.c eap_identity.c
-
-.if ${MK_OPENSSL} != "no" && !defined(RELEASE_CRUNCH)
-
-CFLAGS+=-DEAP_TLS -DEAP_PEAP -DEAP_MSCHAPv2 -DEAP_PSK \
-	-DEAP_TLS_FUNCS -DEAP_TLS_OPENSSL
-SRCS+=	crypto_openssl.c
-SRCS+=	eap_tls.c eap_peap.c eap_peap_common.c eap_mschapv2.c \
-	eap_psk.c eap_psk_common.c \
-	eap_tls_common.c tls_openssl.c ms_funcs.c chap.c
-
-CFLAGS+=-DEAP_TTLS -DEAP_MD5
-SRCS+=	eap_ttls.c eap_md5.c
-
-.if !empty(CFLAGS:M*-DEAP_GTC)
-SRCS+=	eap_gtc.c
-.endif
-
-.if !empty(CFLAGS:M*-DEAP_AKA)
-NEED_SIM_COMMON=	true
-SRCS+=	eap_aka.c
-.endif
-
-.if !empty(CFLAGS:M*-DEAP_SIM)
-NEED_SIM_COMMON=	true
-SRCS+=	eap_sim.c
+CFLAGS+=-DDPKCS12_FUNCS \
+	-DEAP_SERVER \
+	-DEAP_SERVER_GTC \
+	-DEAP_SERVER_IDENTITY \
+	-DEAP_SERVER_MD5 \
+	-DEAP_SERVER_MSCHAPV2 \
+	-DEAP_SERVER_PEAP \
+	-DEAP_SERVER_TLS \
+	-DEAP_SERVER_TTLS \
+	-DEAP_TLS_FUNCS \
+	-DCONFIG_NO_DUMP_STATE
+SRCS+=	dump_state.c \
+	eap_server_gtc.c \
+	eap_server_identity.c \
+	eap_server_md5.c \
+	eap_server_mschapv2.c \
+	eap_server_peap.c \
+	eap_server_tls.c \
+	eap_server_tls_common.c \
+	eap_server_ttls.c
+TLS_FUNCS=y
+NEED_SHA256=y
+
+.if !empty(CFLAGS:M*-DEAP_SERVER_AKA)
+SRCS+=	eap_server_aka.c
+NEED_SIM_COMMON=y
+.endif
+
+.if !empty(CFLAGS:M*-DEAP_SERVER_SIM)
+SRCS+=	eap_server_sim.c
+NEED_SIM_COMMON=y
 .endif
 
 .if defined(NEED_SIM_COMMON)
-SRCS+=	eap_sim_common.c eap_sim_db.c
+SRCS+=	eap_sim_common.c \
+	eap_sim_db.c
+NEED_AES_CBC=y
+NEED_FIPS186_2_PRF=y
 .endif
 
-.if !empty(CFLAGS:M*-DEAP_GPSK)
+.if !empty(CFLAGS:M*-DEAP_SERVER_GPSK)
 CFLAGS+=-DEAP_GPSK_SHA256
-SRCS+=	eap_gpsk.c eap_gpsk_common.c
-NEED_SHA256=	true
-.endif
-
-.if !empty(CFLAGS:M*-DEAP_PAX)
-SRCS+=	eap_pax.c eap_pax_common.c
-.endif
-
-.if !empty(CFLAGS:M*-DEAP_SAKE)
-SRCS+=	eap_sake.c eap_sake_common.c
-.endif
-
-DPADD+= ${LIBSSL} ${LIBCRYPTO}
-LDADD+= -lssl -lcrypto
-.else
-NEED_TLS_NONE=	true
+SRCS+=	eap_server_gpsk.c \
+	eap_gpsk_common.c
+NEED_AES_OMAC1=y
 .endif
 
-.else
-NEED_TLS_NONE=	true
+.if !empty(CFLAGS:M*-DEAP_SERVER_PAX)
+SRCS+=	eap_server_pax.c \
+	eap_pax_common.c
 .endif
 
-.if defined(NEED_SHA256)
-CFLAGS+=-DINTERNAL_SHA256
-SRCS+=	sha256.c
+.if !empty(CFLAGS:M*-DEAP_SERVER_SAKE)
+SRCS+=	eap_server_sake.c \
+	eap_sake_common.c
 .endif
 
-.if defined(NEED_TLS_NONE)
-CFLAGS+= -DEAP_TLS_NONE
-CFLAGS+= -DINTERNAL_AES
-CFLAGS+= -DINTERNAL_SHA1
-CFLAGS+= -DINTERNAL_MD5
-SRCS+=	tls_none.c
-.endif
+.include "${.CURDIR}/../Makefile.crypto"
 
 .include <bsd.prog.mk>

Modified: stable/9/usr.sbin/wpa/wpa_supplicant/Makefile
==============================================================================
--- stable/9/usr.sbin/wpa/wpa_supplicant/Makefile	Sat May 12 07:52:45 2012	(r235327)
+++ stable/9/usr.sbin/wpa/wpa_supplicant/Makefile	Sat May 12 08:22:41 2012	(r235328)
@@ -3,23 +3,44 @@
 .include "${.CURDIR}/../Makefile.inc"
 
 .PATH.c:${WPA_SUPPLICANT_DISTDIR} \
-	${WPA_DISTDIR}/src/drivers \
-	${WPA_DISTDIR}/src/eap_peer \
-	${WPA_DISTDIR}/src/rsn_supp \
-	${WPA_DISTDIR}/src/crypto
+	${WPA_DISTDIR}/src/drivers
 
 PROG=	wpa_supplicant
-SRCS=	aes-cbc.c aes-ctr.c aes-eax.c aes-encblock.c \
-	aes-internal.c aes-omac1.c aes-unwrap.c \
-	aes-wrap.c bss.c blacklist.c common.c config.c ctrl_iface.c \
-	ctrl_iface_unix.c drivers.c eloop.c events.c l2_packet_freebsd.c main.c\
-	md5.c notify.c preauth.c pmksa_cache.c scan.c \
-	sha1-pbkdf2.c sha1-tlsprf.c sha1-tprf.c sha1.c \
-	wpa.c wpa_common.c wpa_debug.c wpa_ie.c wpa_supplicant.c \
-	wpabuf.c wpas_glue.c \
-	driver_ndis.c Packet32.c \
+SRCS=	aes-unwrap.c \
+	base64.c \
+	blacklist.c \
+	bss.c \
+	common.c \
+	config.c \
+	config_file.c \
+	ctrl_iface.c \
+	ctrl_iface_unix.c \
+	driver_ndis.c \
 	driver_wired.c \
-	driver_freebsd.c os_unix.c
+	drivers.c \
+	eap_register.c \
+	eloop.c \
+	events.c \
+	main.c \
+	md5.c \
+	notify.c \
+	os_unix.c \
+	peerkey.c \
+	pmksa_cache.c \
+	preauth.c \
+	scan.c \
+	sha1-pbkdf2.c \
+	sha1.c \
+	wpa.c \
+	wpa_common.c \
+	wpa_debug.c \
+	wpa_ie.c \
+	wpa_supplicant.c \
+	wpabuf.c \
+	wpas_glue.c
+SRCS+=	driver_freebsd.c \
+	l2_packet_freebsd.c \
+	Packet32.c
 
 MAN=	wpa_supplicant.8 wpa_supplicant.conf.5
 
@@ -29,23 +50,19 @@ FILESDIR= ${SHAREDIR}/examples/etc
 FILES=	wpa_supplicant.conf
 .endif
 
-CFLAGS+=-I${WPA_SUPPLICANT_DISTDIR}
-CFLAGS+=-I${WPA_DISTDIR}/src/drivers
-CFLAGS+=-I${WPA_DISTDIR}/src/rsn_supp
-
-CFLAGS+= -DCONFIG_DRIVER_BSD
-CFLAGS+= -DCONFIG_DRIVER_NDIS
-CFLAGS+= -DCONFIG_DRIVER_WIRED
-CFLAGS+= -DCONFIG_TERMINATE_ONLASTIF
-CFLAGS+= -DCONFIG_DEBUG_SYSLOG
+CFLAGS+=-DCONFIG_BACKEND_FILE \
+	-DCONFIG_DEBUG_SYSLOG \
+	-DCONFIG_DRIVER_BSD \
+	-DCONFIG_DRIVER_NDIS \
+	-DCONFIG_DRIVER_WIRED \
+	-DCONFIG_PEERKEY \
+	-DCONFIG_SMARTCARD \
+	-DCONFIG_TERMINATE_ONLASTIF \
+	-DPKCS12_FUNCS
 #CFLAGS+= -g
 DPADD+=	${LIBPCAP}
 LDADD+=	-lpcap
 
-# NB: we only support wpa_supplicant.conf file
-SRCS+=	config_file.c base64.c
-CFLAGS+=-DCONFIG_BACKEND_FILE
-
 # User customizations to the wpa_supplicant build environment
 CFLAGS+=${WPA_SUPPLICANT_CFLAGS}
 #DPADD+=${WPA_SUPPLICANT_DPADD}
@@ -53,43 +70,58 @@ LDADD+=${WPA_SUPPLICANT_LDADD}
 #LDFLAGS+=${WPA_SUPPLICANT_LDFLAGS}
 
 .if ${MK_WPA_SUPPLICANT_EAPOL} != "no"
-SRCS+=	eapol_supp_sm.c eap.c eap_common.c eap_methods.c eap_register.c
-CFLAGS+= -DIEEE8021X_EAPOL
-
-.if ${MK_OPENSSL} != "no" && !defined(RELEASE_CRUNCH)
-CFLAGS+=-DEAP_TLS -DEAP_PEAP -DEAP_MSCHAPv2 -DEAP_LEAP -DEAP_PSK \
-	-DEAP_TLV -DEAP_TLS_FUNCS -DEAP_TLS_OPENSSL
-SRCS+=	chap.c crypto_openssl.c \
+CFLAGS+=-DEAP_GTC \
+	-DEAP_LEAP \
+	-DEAP_MD5 \
+	-DEAP_MSCHAPv2 \
+	-DEAP_OTP \
+	-DEAP_PEAP \
+	-DEAP_PSK \
+	-DEAP_TLS \
+	-DEAP_TTLS \
+	-DIEEE8021X_EAPOL
+SRCS+=	chap.c \
+	eap.c \
+	eap_common.c \
+	eap_gtc.c \
 	eap_leap.c \
+	eap_md5.c \
+	eap_methods.c \
 	eap_mschapv2.c \
-	eap_peap.c eap_peap_common.c \
-	eap_psk.c eap_psk_common.c \
-	eap_tls.c eap_tls_common.c \
-	mschapv2.c ms_funcs.c tls_openssl.c
-
-CFLAGS+=-DEAP_TTLS -DEAP_MD5
-SRCS+=	eap_ttls.c eap_md5.c
-
-.if !empty(CFLAGS:M*-DEAP_GTC)
-SRCS+=	eap_gtc.c
-.endif
-
-.if !empty(CFLAGS:M*-DEAP_OTP)
-SRCS+=	eap_otp.c
+	eap_otp.c \
+	eap_peap.c \
+	eap_peap_common.c \
+	eap_psk.c \
+	eap_psk_common.c \
+	eap_tls.c \
+	eap_tls_common.c \
+	eap_ttls.c \
+	eapol_supp_sm.c \
+	ms_funcs.c \
+	mschapv2.c
+TLS_FUNCS=y
+NEED_AES_EAX=y
+NEED_AES_ENCBLOCK=y
+NEED_AES_OMAC1=y
+NEED_SHA256=y
 .endif
 
 .if !empty(CFLAGS:M*-DEAP_AKA)
-NEED_SIM_COMMON=	true
 SRCS+=	eap_aka.c
+NEED_SIM_COMMON=y
+NEED_AES_CBC=y
 .endif
 
 .if !empty(CFLAGS:M*-DEAP_SIM)
-NEED_SIM_COMMON=	true
 SRCS+=	eap_sim.c
+NEED_SIM_COMMON=y
+NEED_AES_CBC=y
 .endif
 
 .if defined(NEED_SIM_COMMON)
 SRCS+=	eap_sim_common.c
+NEED_FIPS186_2_PRF=y
+.endif
 
 # PC/SC interface for smartcards (USIM, GSM SIM)
 # GSM/UMTS authentication algorithm (for EAP-SIM/EAP-AKA)
@@ -103,52 +135,24 @@ SRCS+=	pcsc_funcs.c
 DPADD+=${LIBPTHREAD}
 LDADD+=-lpcsclite -lpthread
 .endif
-.endif
 
 .if !empty(CFLAGS:M*-DEAP_GPSK)
 CFLAGS+=-DEAP_GPSK_SHA256
-SRCS+=	eap_gpsk.c eap_gpsk_common.c
-NEED_SHA256=	true
+SRCS+=	eap_gpsk.c \
+	eap_gpsk_common.c
+NEED_AES_OMAC1=y
 .endif
 
 .if !empty(CFLAGS:M*-DEAP_PAX)
-SRCS+=	eap_pax.c eap_pax_common.c
+SRCS+=	eap_pax.c \
+	eap_pax_common.c
 .endif
 
 .if !empty(CFLAGS:M*-DEAP_SAKE)
-SRCS+=	eap_sake.c eap_sake_common.c
+SRCS+=	eap_sake.c \
+	eap_sake_common.c
 .endif
 
-# NB: requires patch to openssl
-#CFLAGS+= -DEAP_FAST
-#SRCS+=	eap_fast.c
-
-NEED_LIBSSL=	true
-.else
-CFLAGS+= -DEAP_TLS_NONE
-SRCS+=	tls_none.c
-.endif
-
-.endif
-
-#
-# Configure crypto/cipher support.
-#
-# EAPOL support requires openssl in which case we use their
-# cipher code.  Otherwise we use our internal versions.
-#
-.if !defined(NEED_LIBSSL)
-CFLAGS+= -DINTERNAL_AES
-CFLAGS+= -DINTERNAL_SHA1
-CFLAGS+= -DINTERNAL_MD5
-.else
-DPADD+= ${LIBSSL} ${LIBCRYPTO}
-LDADD+= -lssl -lcrypto
-.endif
-
-.if defined(NEED_SHA256)
-CFLAGS+=-DINTERNAL_SHA256
-SRCS+=	sha256.c
-.endif
+.include "${.CURDIR}/../Makefile.crypto"
 
 .include <bsd.prog.mk>



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201205120822.q4C8MfiJ022953>