From owner-svn-src-stable-9@FreeBSD.ORG Sat May 12 08:22:42 2012 Return-Path: Delivered-To: svn-src-stable-9@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 0DFF1106564A; Sat, 12 May 2012 08:22:42 +0000 (UTC) (envelope-from bschmidt@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id E95668FC0C; Sat, 12 May 2012 08:22:41 +0000 (UTC) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.4/8.14.4) with ESMTP id q4C8MfOf022957; Sat, 12 May 2012 08:22:41 GMT (envelope-from bschmidt@svn.freebsd.org) Received: (from bschmidt@localhost) by svn.freebsd.org (8.14.4/8.14.4/Submit) id q4C8MfiJ022953; Sat, 12 May 2012 08:22:41 GMT (envelope-from bschmidt@svn.freebsd.org) Message-Id: <201205120822.q4C8MfiJ022953@svn.freebsd.org> From: Bernhard Schmidt Date: Sat, 12 May 2012 08:22:41 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-9@freebsd.org X-SVN-Group: stable-9 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r235328 - in stable/9/usr.sbin/wpa: . hostapd wpa_supplicant X-BeenThere: svn-src-stable-9@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: SVN commit messages for only the 9-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 12 May 2012 08:22:42 -0000 Author: bschmidt Date: Sat May 12 08:22:41 2012 New Revision: 235328 URL: http://svn.freebsd.org/changeset/base/235328 Log: MFC r234711, r234756-234759, r234786: r234711: fix EAP server support after the 0.7.3 import: - eap_xxx.c files have been renamed to eap_server_xxx.c - additional crypto files are required for some options - EAP_MD5 and EAP_GTC is now enabled by default to match vendor config - move each file on its own line to hopefully make further diffs easier to read EAP_SERVER is now enabled by default. Fiddling with HOSTAPD_CFLAGS in src.conf is no longer required to get a basic WPA-EAP/radius setup running. [1] r234756-234758: - Follow up r234711 and do same for the supplicant, one file/option per line. While here merge the options which are always enabled. - enable EAP_GTC and EAP_OTP to match upstream's default configuration - not only the file names have changed from eap_xxx.c to eap_server_xxx.c, the defines too r234759: Move crypto stuff into a common Makefile. While here fix the WITHOUT_OPENSSL build by using the wpa's internal crypto support if openssl is not available, this allows us to unconditionally enable EAP support. r234786: Fix WITHOUT_EXAMPLES build: While removing unnecessary entries from .PATH.c I missed that for the examples WPA_SUPPLICANT_DISTDIR/HOSTAPD_DISTDIR is explicitly added to .PATH. Added: stable/9/usr.sbin/wpa/Makefile.crypto - copied unchanged from r234759, head/usr.sbin/wpa/Makefile.crypto Modified: stable/9/usr.sbin/wpa/Makefile.inc stable/9/usr.sbin/wpa/hostapd/Makefile stable/9/usr.sbin/wpa/wpa_supplicant/Makefile Directory Properties: stable/9/usr.sbin/wpa/ (props changed) stable/9/usr.sbin/wpa/wpa_supplicant/ (props changed) Copied: stable/9/usr.sbin/wpa/Makefile.crypto (from r234759, head/usr.sbin/wpa/Makefile.crypto) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ stable/9/usr.sbin/wpa/Makefile.crypto Sat May 12 08:22:41 2012 (r235328, copy of r234759, head/usr.sbin/wpa/Makefile.crypto) @@ -0,0 +1,121 @@ +# $FreeBSD$ + +.if ${MK_OPENSSL} != "no" && !defined(RELEASE_CRUNCH) +SRCS+= crypto_openssl.c +DPADD+= ${LIBSSL} ${LIBCRYPTO} +LDADD+= -lssl -lcrypto +.else +CFLAGS+=-DCONFIG_CRYPTO_INTERNAL +SRCS+= crypto_internal.c +CONFIG_INTERNAL_AES=y +CONFIG_INTERNAL_DES=y +CONFIG_INTERNAL_MD4=y +CONFIG_INTERNAL_MD5=y +CONFIG_INTERNAL_RC4=y +CONFIG_INTERNAL_SHA1=y +CONFIG_INTERNAL_SHA256=y +CONFIG_INTERNAL_TLS=y +NEED_AES_ENC=true +.endif + +.if defined(TLS_FUNCS) +NEED_TLS_PRF=y +.if defined(CONFIG_INTERNAL_TLS) +CFLAGS+=-DCONFIG_INTERNAL_LIBTOMMATH \ + -DCONFIG_TLS_INTERNAL_CLIENT +SRCS+= asn1.c \ + bignum.c \ + crypto_internal-cipher.c \ + crypto_internal-modexp.c \ + crypto_internal-rsa.c \ + pkcs1.c \ + pkcs5.c \ + pkcs8.c \ + rsa.c \ + tls_internal.c \ + tlsv1_common.c \ + tlsv1_record.c \ + tlsv1_cred.c \ + tlsv1_client.c \ + tlsv1_client_write.c \ + tlsv1_client_read.c \ + x509v3.c +NEED_DES=y +NEED_MD4=y +NEED_RC4=y +.else +CFLAGS+=-DEAP_TLS_OPENSSL +SRCS+= tls_openssl.c +.endif +.endif + +.if defined(CONFIG_INTERNAL_AES) +SRCS+= aes-internal.c \ + aes-internal-dec.c \ + aes-internal-enc.c +.endif + +.if defined(NEED_AES_CBC) +SRCS+= aes-cbc.c +.endif + +.if defined(NEED_AES_EAX) +SRCS+= aes-eax.c +NEED_AES_CTR=y +.endif + +.if defined(NEED_AES_CTR) +SRCS+= aes-ctr.c +.endif + +.if defined(NEED_AES_ENCBLOCK) +SRCS+= aes-encblock.c +.endif + +.if defined(NEED_AES_OMAC1) +SRCS+= aes-omac1.c +.endif + +.if defined(NEED_DES) +.if defined(CONFIG_INTERNAL_DES) +SRCS+= des-internal.c +.endif +.endif + +.if defined(NEED_MD4) +.if defined(CONFIG_INTERNAL_MD4) +SRCS+= md4-internal.c +.endif +.endif + +.if defined(CONFIG_INTERNAL_MD5) +SRCS+= md5-internal.c +.endif + +.if defined(NEED_FIPS186_2_PRF) +.if defined(CONFIG_INTERNAL_SHA1) +SRCS+= fips_prf_internal.c +.else +SRCS+= fips_prf_openssl.c +.endif +.endif + +.if defined(CONFIG_INTERNAL_RC4) +SRCS+= rc4.c +.endif + +.if defined(CONFIG_INTERNAL_SHA1) +SRCS+= sha1-internal.c +.endif + +.if defined(NEED_SHA256) +CFLAGS+=-DCONFIG_SHA256 +SRCS+= sha256.c +.if defined(CONFIG_INTERNAL_SHA256) +SRCS+= sha256-internal.c +.endif +.endif + +.if defined(NEED_TLS_PRF) +SRCS+= sha1-tlsprf.c +.endif Modified: stable/9/usr.sbin/wpa/Makefile.inc ============================================================================== --- stable/9/usr.sbin/wpa/Makefile.inc Sat May 12 07:52:45 2012 (r235327) +++ stable/9/usr.sbin/wpa/Makefile.inc Sat May 12 08:22:41 2012 (r235328) @@ -7,17 +7,26 @@ WPA_SUPPLICANT_DISTDIR?=${WPA_DISTDIR}/w HOSTAPD_DISTDIR?= ${WPA_DISTDIR}/hostapd .PATH.c:${.CURDIR}/.. \ + ${WPA_DISTDIR}/src/ap \ ${WPA_DISTDIR}/src/common \ ${WPA_DISTDIR}/src/crypto \ + ${WPA_DISTDIR}/src/eapol_auth \ ${WPA_DISTDIR}/src/eap_common \ + ${WPA_DISTDIR}/src/eap_peer \ + ${WPA_DISTDIR}/src/eap_server \ ${WPA_DISTDIR}/src/eapol_supp \ ${WPA_DISTDIR}/src/l2_packet \ + ${WPA_DISTDIR}/src/radius \ + ${WPA_DISTDIR}/src/rsn_supp \ + ${WPA_DISTDIR}/src/tls \ ${WPA_DISTDIR}/src/utils CFLAGS+=-I${.CURDIR} +CFLAGS+=-I${HOSTAPD_DISTDIR} CFLAGS+=-I${WPA_DISTDIR}/src CFLAGS+=-I${WPA_DISTDIR}/src/common CFLAGS+=-I${WPA_DISTDIR}/src/crypto +CFLAGS+=-I${WPA_DISTDIR}/src/drivers CFLAGS+=-I${WPA_DISTDIR}/src/l2_packet CFLAGS+=-I${WPA_DISTDIR}/src/utils Modified: stable/9/usr.sbin/wpa/hostapd/Makefile ============================================================================== --- stable/9/usr.sbin/wpa/hostapd/Makefile Sat May 12 07:52:45 2012 (r235327) +++ stable/9/usr.sbin/wpa/hostapd/Makefile Sat May 12 08:22:41 2012 (r235328) @@ -3,32 +3,58 @@ .include "${.CURDIR}/../Makefile.inc" .PATH.c:${HOSTAPD_DISTDIR} \ - ${WPA_DISTDIR}/src/ap \ - ${WPA_DISTDIR}/src/eap_server \ - ${WPA_DISTDIR}/src/eap_common \ - ${WPA_DISTDIR}/src/eapol_auth \ - ${WPA_DISTDIR}/src/drivers \ - ${WPA_DISTDIR}/src/radius \ - ${WPA_DISTDIR} + ${WPA_DISTDIR}/src/drivers PROG= hostapd -SRCS= accounting.c aes-wrap.c ap_config.c \ - ap_drv_ops.c ap_mlme.c authsrv.c \ - chap.c common.c config_file.c ctrl_iface.c crypto_openssl.c \ - ctrl_iface_ap.c drivers.c drv_callbacks.c dump_state.c \ - eap_common.c eap_peap_common.c eap_register.c eap_server.c \ - eap_server_gtc.c eap_server_identity.c eap_server_md5.c \ - eap_server_methods.c eap_server_mschapv2.c eap_server_peap.c \ - eap_server_tls.c eap_server_tls_common.c eap_server_ttls.c \ - eapol_auth_dump.c eapol_auth_sm.c eloop.c hostapd.c ieee802_11_auth.c \ - ieee802_11_common.c ieee802_11_ht.c ieee802_1x.c ip_addr.c \ - md5.c main.c ms_funcs.c peerkey_auth.c pmksa_cache_auth.c \ - preauth_auth.c radius.c radius_client.c sta_info.c \ - sha1-pbkdf2.c sha1-tlsprf.c sha1-tprf.c sha1.c \ - tkip_countermeasures.c utils.c \ - vlan_init.c wpa_auth.c wpa_auth_glue.c wpa_auth_ie.c wpa_common.c \ - wpa_debug.c wpabuf.c -SRCS+= l2_packet_freebsd.c driver_freebsd.c os_unix.c +SRCS= accounting.c \ + aes-wrap.c \ + ap_config.c \ + ap_drv_ops.c \ + ap_mlme.c \ + authsrv.c \ + base64.c \ + chap.c \ + common.c \ + config_file.c \ + ctrl_iface.c \ + ctrl_iface_ap.c \ + drivers.c \ + drv_callbacks.c \ + eap_common.c \ + eap_peap_common.c \ + eap_register.c \ + eapol_auth_dump.c \ + eapol_auth_sm.c \ + eap_server.c \ + eap_server_methods.c \ + eloop.c \ + hostapd.c \ + ieee802_11_auth.c \ + ieee802_11_common.c \ + ieee802_1x.c \ + ip_addr.c \ + main.c \ + md5.c \ + ms_funcs.c \ + os_unix.c \ + peerkey_auth.c \ + pmksa_cache_auth.c \ + preauth_auth.c \ + radius.c \ + radius_client.c \ + sha1-pbkdf2.c \ + sha1.c \ + sta_info.c \ + tkip_countermeasures.c \ + utils.c \ + vlan_init.c \ + wpa_auth.c \ + wpa_auth_glue.c \ + wpa_auth_ie.c \ + wpa_common.c \ + wpa_debug.c \ + wpabuf.c +SRCS+= l2_packet_freebsd.c driver_freebsd.c MAN= hostapd.8 hostapd.conf.5 @@ -38,16 +64,17 @@ FILESDIR= ${SHAREDIR}/examples/hostapd FILES= hostapd.conf hostapd.eap_user hostapd.wpa_psk .endif -CFLAGS+= -I${HOSTAPD_DISTDIR} -I${WPA_DISTDIR}/src/drivers - -CFLAGS+= -DCONFIG_DRIVER_BSD -DHOSTAPD -CFLAGS+= -DCONFIG_DRIVER_RADIUS_ACL +CFLAGS+=-DCONFIG_DRIVER_BSD \ + -DHOSTAPD \ + -DCONFIG_DRIVER_RADIUS_ACL \ + -DCONFIG_RSN_PREAUTH \ + -DCONFIG_PEERKEY .if ${MK_INET6} != "no" CFLAGS+= -DCONFIG_IPV6 .endif #CFLAGS+= -g -DPADD+= ${LIBPCAP} ${LIBSSL} -LDADD+= -lpcap -lssl +DPADD+= ${LIBPCAP} +LDADD+= -lpcap # User customizations for wpa_supplicant/hostapd build environment CFLAGS+=${HOSTAPD_CFLAGS} @@ -55,74 +82,63 @@ CFLAGS+=${HOSTAPD_CFLAGS} LDADD+=${HOSTAPD_LDADD} #LDFLAGS+=${HOSTAPD_LDFLAGS} -.if !empty(CFLAGS:M*-DEAP_SERVER) -#SRCS+= eap.c eap_methods.c eap_identity.c - -.if ${MK_OPENSSL} != "no" && !defined(RELEASE_CRUNCH) - -CFLAGS+=-DEAP_TLS -DEAP_PEAP -DEAP_MSCHAPv2 -DEAP_PSK \ - -DEAP_TLS_FUNCS -DEAP_TLS_OPENSSL -SRCS+= crypto_openssl.c -SRCS+= eap_tls.c eap_peap.c eap_peap_common.c eap_mschapv2.c \ - eap_psk.c eap_psk_common.c \ - eap_tls_common.c tls_openssl.c ms_funcs.c chap.c - -CFLAGS+=-DEAP_TTLS -DEAP_MD5 -SRCS+= eap_ttls.c eap_md5.c - -.if !empty(CFLAGS:M*-DEAP_GTC) -SRCS+= eap_gtc.c -.endif - -.if !empty(CFLAGS:M*-DEAP_AKA) -NEED_SIM_COMMON= true -SRCS+= eap_aka.c -.endif - -.if !empty(CFLAGS:M*-DEAP_SIM) -NEED_SIM_COMMON= true -SRCS+= eap_sim.c +CFLAGS+=-DDPKCS12_FUNCS \ + -DEAP_SERVER \ + -DEAP_SERVER_GTC \ + -DEAP_SERVER_IDENTITY \ + -DEAP_SERVER_MD5 \ + -DEAP_SERVER_MSCHAPV2 \ + -DEAP_SERVER_PEAP \ + -DEAP_SERVER_TLS \ + -DEAP_SERVER_TTLS \ + -DEAP_TLS_FUNCS \ + -DCONFIG_NO_DUMP_STATE +SRCS+= dump_state.c \ + eap_server_gtc.c \ + eap_server_identity.c \ + eap_server_md5.c \ + eap_server_mschapv2.c \ + eap_server_peap.c \ + eap_server_tls.c \ + eap_server_tls_common.c \ + eap_server_ttls.c +TLS_FUNCS=y +NEED_SHA256=y + +.if !empty(CFLAGS:M*-DEAP_SERVER_AKA) +SRCS+= eap_server_aka.c +NEED_SIM_COMMON=y +.endif + +.if !empty(CFLAGS:M*-DEAP_SERVER_SIM) +SRCS+= eap_server_sim.c +NEED_SIM_COMMON=y .endif .if defined(NEED_SIM_COMMON) -SRCS+= eap_sim_common.c eap_sim_db.c +SRCS+= eap_sim_common.c \ + eap_sim_db.c +NEED_AES_CBC=y +NEED_FIPS186_2_PRF=y .endif -.if !empty(CFLAGS:M*-DEAP_GPSK) +.if !empty(CFLAGS:M*-DEAP_SERVER_GPSK) CFLAGS+=-DEAP_GPSK_SHA256 -SRCS+= eap_gpsk.c eap_gpsk_common.c -NEED_SHA256= true -.endif - -.if !empty(CFLAGS:M*-DEAP_PAX) -SRCS+= eap_pax.c eap_pax_common.c -.endif - -.if !empty(CFLAGS:M*-DEAP_SAKE) -SRCS+= eap_sake.c eap_sake_common.c -.endif - -DPADD+= ${LIBSSL} ${LIBCRYPTO} -LDADD+= -lssl -lcrypto -.else -NEED_TLS_NONE= true +SRCS+= eap_server_gpsk.c \ + eap_gpsk_common.c +NEED_AES_OMAC1=y .endif -.else -NEED_TLS_NONE= true +.if !empty(CFLAGS:M*-DEAP_SERVER_PAX) +SRCS+= eap_server_pax.c \ + eap_pax_common.c .endif -.if defined(NEED_SHA256) -CFLAGS+=-DINTERNAL_SHA256 -SRCS+= sha256.c +.if !empty(CFLAGS:M*-DEAP_SERVER_SAKE) +SRCS+= eap_server_sake.c \ + eap_sake_common.c .endif -.if defined(NEED_TLS_NONE) -CFLAGS+= -DEAP_TLS_NONE -CFLAGS+= -DINTERNAL_AES -CFLAGS+= -DINTERNAL_SHA1 -CFLAGS+= -DINTERNAL_MD5 -SRCS+= tls_none.c -.endif +.include "${.CURDIR}/../Makefile.crypto" .include Modified: stable/9/usr.sbin/wpa/wpa_supplicant/Makefile ============================================================================== --- stable/9/usr.sbin/wpa/wpa_supplicant/Makefile Sat May 12 07:52:45 2012 (r235327) +++ stable/9/usr.sbin/wpa/wpa_supplicant/Makefile Sat May 12 08:22:41 2012 (r235328) @@ -3,23 +3,44 @@ .include "${.CURDIR}/../Makefile.inc" .PATH.c:${WPA_SUPPLICANT_DISTDIR} \ - ${WPA_DISTDIR}/src/drivers \ - ${WPA_DISTDIR}/src/eap_peer \ - ${WPA_DISTDIR}/src/rsn_supp \ - ${WPA_DISTDIR}/src/crypto + ${WPA_DISTDIR}/src/drivers PROG= wpa_supplicant -SRCS= aes-cbc.c aes-ctr.c aes-eax.c aes-encblock.c \ - aes-internal.c aes-omac1.c aes-unwrap.c \ - aes-wrap.c bss.c blacklist.c common.c config.c ctrl_iface.c \ - ctrl_iface_unix.c drivers.c eloop.c events.c l2_packet_freebsd.c main.c\ - md5.c notify.c preauth.c pmksa_cache.c scan.c \ - sha1-pbkdf2.c sha1-tlsprf.c sha1-tprf.c sha1.c \ - wpa.c wpa_common.c wpa_debug.c wpa_ie.c wpa_supplicant.c \ - wpabuf.c wpas_glue.c \ - driver_ndis.c Packet32.c \ +SRCS= aes-unwrap.c \ + base64.c \ + blacklist.c \ + bss.c \ + common.c \ + config.c \ + config_file.c \ + ctrl_iface.c \ + ctrl_iface_unix.c \ + driver_ndis.c \ driver_wired.c \ - driver_freebsd.c os_unix.c + drivers.c \ + eap_register.c \ + eloop.c \ + events.c \ + main.c \ + md5.c \ + notify.c \ + os_unix.c \ + peerkey.c \ + pmksa_cache.c \ + preauth.c \ + scan.c \ + sha1-pbkdf2.c \ + sha1.c \ + wpa.c \ + wpa_common.c \ + wpa_debug.c \ + wpa_ie.c \ + wpa_supplicant.c \ + wpabuf.c \ + wpas_glue.c +SRCS+= driver_freebsd.c \ + l2_packet_freebsd.c \ + Packet32.c MAN= wpa_supplicant.8 wpa_supplicant.conf.5 @@ -29,23 +50,19 @@ FILESDIR= ${SHAREDIR}/examples/etc FILES= wpa_supplicant.conf .endif -CFLAGS+=-I${WPA_SUPPLICANT_DISTDIR} -CFLAGS+=-I${WPA_DISTDIR}/src/drivers -CFLAGS+=-I${WPA_DISTDIR}/src/rsn_supp - -CFLAGS+= -DCONFIG_DRIVER_BSD -CFLAGS+= -DCONFIG_DRIVER_NDIS -CFLAGS+= -DCONFIG_DRIVER_WIRED -CFLAGS+= -DCONFIG_TERMINATE_ONLASTIF -CFLAGS+= -DCONFIG_DEBUG_SYSLOG +CFLAGS+=-DCONFIG_BACKEND_FILE \ + -DCONFIG_DEBUG_SYSLOG \ + -DCONFIG_DRIVER_BSD \ + -DCONFIG_DRIVER_NDIS \ + -DCONFIG_DRIVER_WIRED \ + -DCONFIG_PEERKEY \ + -DCONFIG_SMARTCARD \ + -DCONFIG_TERMINATE_ONLASTIF \ + -DPKCS12_FUNCS #CFLAGS+= -g DPADD+= ${LIBPCAP} LDADD+= -lpcap -# NB: we only support wpa_supplicant.conf file -SRCS+= config_file.c base64.c -CFLAGS+=-DCONFIG_BACKEND_FILE - # User customizations to the wpa_supplicant build environment CFLAGS+=${WPA_SUPPLICANT_CFLAGS} #DPADD+=${WPA_SUPPLICANT_DPADD} @@ -53,43 +70,58 @@ LDADD+=${WPA_SUPPLICANT_LDADD} #LDFLAGS+=${WPA_SUPPLICANT_LDFLAGS} .if ${MK_WPA_SUPPLICANT_EAPOL} != "no" -SRCS+= eapol_supp_sm.c eap.c eap_common.c eap_methods.c eap_register.c -CFLAGS+= -DIEEE8021X_EAPOL - -.if ${MK_OPENSSL} != "no" && !defined(RELEASE_CRUNCH) -CFLAGS+=-DEAP_TLS -DEAP_PEAP -DEAP_MSCHAPv2 -DEAP_LEAP -DEAP_PSK \ - -DEAP_TLV -DEAP_TLS_FUNCS -DEAP_TLS_OPENSSL -SRCS+= chap.c crypto_openssl.c \ +CFLAGS+=-DEAP_GTC \ + -DEAP_LEAP \ + -DEAP_MD5 \ + -DEAP_MSCHAPv2 \ + -DEAP_OTP \ + -DEAP_PEAP \ + -DEAP_PSK \ + -DEAP_TLS \ + -DEAP_TTLS \ + -DIEEE8021X_EAPOL +SRCS+= chap.c \ + eap.c \ + eap_common.c \ + eap_gtc.c \ eap_leap.c \ + eap_md5.c \ + eap_methods.c \ eap_mschapv2.c \ - eap_peap.c eap_peap_common.c \ - eap_psk.c eap_psk_common.c \ - eap_tls.c eap_tls_common.c \ - mschapv2.c ms_funcs.c tls_openssl.c - -CFLAGS+=-DEAP_TTLS -DEAP_MD5 -SRCS+= eap_ttls.c eap_md5.c - -.if !empty(CFLAGS:M*-DEAP_GTC) -SRCS+= eap_gtc.c -.endif - -.if !empty(CFLAGS:M*-DEAP_OTP) -SRCS+= eap_otp.c + eap_otp.c \ + eap_peap.c \ + eap_peap_common.c \ + eap_psk.c \ + eap_psk_common.c \ + eap_tls.c \ + eap_tls_common.c \ + eap_ttls.c \ + eapol_supp_sm.c \ + ms_funcs.c \ + mschapv2.c +TLS_FUNCS=y +NEED_AES_EAX=y +NEED_AES_ENCBLOCK=y +NEED_AES_OMAC1=y +NEED_SHA256=y .endif .if !empty(CFLAGS:M*-DEAP_AKA) -NEED_SIM_COMMON= true SRCS+= eap_aka.c +NEED_SIM_COMMON=y +NEED_AES_CBC=y .endif .if !empty(CFLAGS:M*-DEAP_SIM) -NEED_SIM_COMMON= true SRCS+= eap_sim.c +NEED_SIM_COMMON=y +NEED_AES_CBC=y .endif .if defined(NEED_SIM_COMMON) SRCS+= eap_sim_common.c +NEED_FIPS186_2_PRF=y +.endif # PC/SC interface for smartcards (USIM, GSM SIM) # GSM/UMTS authentication algorithm (for EAP-SIM/EAP-AKA) @@ -103,52 +135,24 @@ SRCS+= pcsc_funcs.c DPADD+=${LIBPTHREAD} LDADD+=-lpcsclite -lpthread .endif -.endif .if !empty(CFLAGS:M*-DEAP_GPSK) CFLAGS+=-DEAP_GPSK_SHA256 -SRCS+= eap_gpsk.c eap_gpsk_common.c -NEED_SHA256= true +SRCS+= eap_gpsk.c \ + eap_gpsk_common.c +NEED_AES_OMAC1=y .endif .if !empty(CFLAGS:M*-DEAP_PAX) -SRCS+= eap_pax.c eap_pax_common.c +SRCS+= eap_pax.c \ + eap_pax_common.c .endif .if !empty(CFLAGS:M*-DEAP_SAKE) -SRCS+= eap_sake.c eap_sake_common.c +SRCS+= eap_sake.c \ + eap_sake_common.c .endif -# NB: requires patch to openssl -#CFLAGS+= -DEAP_FAST -#SRCS+= eap_fast.c - -NEED_LIBSSL= true -.else -CFLAGS+= -DEAP_TLS_NONE -SRCS+= tls_none.c -.endif - -.endif - -# -# Configure crypto/cipher support. -# -# EAPOL support requires openssl in which case we use their -# cipher code. Otherwise we use our internal versions. -# -.if !defined(NEED_LIBSSL) -CFLAGS+= -DINTERNAL_AES -CFLAGS+= -DINTERNAL_SHA1 -CFLAGS+= -DINTERNAL_MD5 -.else -DPADD+= ${LIBSSL} ${LIBCRYPTO} -LDADD+= -lssl -lcrypto -.endif - -.if defined(NEED_SHA256) -CFLAGS+=-DINTERNAL_SHA256 -SRCS+= sha256.c -.endif +.include "${.CURDIR}/../Makefile.crypto" .include