Date: Sun, 9 Dec 2018 06:45:49 +0000 (UTC) From: Cy Schubert <cy@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r341759 - in head: contrib/wpa contrib/wpa/hostapd contrib/wpa/hs20/client contrib/wpa/src/ap contrib/wpa/src/common contrib/wpa/src/crypto contrib/wpa/src/drivers contrib/wpa/src/eap_c... Message-ID: <201812090645.wB96jnso066329@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: cy Date: Sun Dec 9 06:45:49 2018 New Revision: 341759 URL: https://svnweb.freebsd.org/changeset/base/341759 Log: MFV r341618: Update wpa 2.6 --> 2.7. Added: head/contrib/wpa/src/ap/dpp_hostapd.c - copied unchanged from r341619, vendor/wpa/dist/src/ap/dpp_hostapd.c head/contrib/wpa/src/ap/dpp_hostapd.h - copied unchanged from r341619, vendor/wpa/dist/src/ap/dpp_hostapd.h head/contrib/wpa/src/ap/eth_p_oui.c - copied unchanged from r341619, vendor/wpa/dist/src/ap/eth_p_oui.c head/contrib/wpa/src/ap/eth_p_oui.h - copied unchanged from r341619, vendor/wpa/dist/src/ap/eth_p_oui.h head/contrib/wpa/src/ap/fils_hlp.c - copied unchanged from r341619, vendor/wpa/dist/src/ap/fils_hlp.c head/contrib/wpa/src/ap/fils_hlp.h - copied unchanged from r341619, vendor/wpa/dist/src/ap/fils_hlp.h head/contrib/wpa/src/ap/gas_query_ap.c - copied unchanged from r341619, vendor/wpa/dist/src/ap/gas_query_ap.c head/contrib/wpa/src/ap/gas_query_ap.h - copied unchanged from r341619, vendor/wpa/dist/src/ap/gas_query_ap.h head/contrib/wpa/src/ap/ieee802_11_he.c - copied unchanged from r341619, vendor/wpa/dist/src/ap/ieee802_11_he.c head/contrib/wpa/src/common/dhcp.h - copied, changed from r341619, vendor/wpa/dist/src/common/dhcp.h head/contrib/wpa/src/common/dpp.c - copied unchanged from r341619, vendor/wpa/dist/src/common/dpp.c head/contrib/wpa/src/common/dpp.h - copied unchanged from r341619, vendor/wpa/dist/src/common/dpp.h head/contrib/wpa/src/common/gas_server.c - copied unchanged from r341619, vendor/wpa/dist/src/common/gas_server.c head/contrib/wpa/src/common/gas_server.h - copied unchanged from r341619, vendor/wpa/dist/src/common/gas_server.h head/contrib/wpa/src/crypto/crypto_linux.c - copied unchanged from r341619, vendor/wpa/dist/src/crypto/crypto_linux.c head/contrib/wpa/src/crypto/crypto_nettle.c - copied unchanged from r341619, vendor/wpa/dist/src/crypto/crypto_nettle.c head/contrib/wpa/src/crypto/crypto_wolfssl.c - copied unchanged from r341619, vendor/wpa/dist/src/crypto/crypto_wolfssl.c head/contrib/wpa/src/crypto/fips_prf_wolfssl.c - copied unchanged from r341619, vendor/wpa/dist/src/crypto/fips_prf_wolfssl.c head/contrib/wpa/src/crypto/sha384-kdf.c - copied unchanged from r341619, vendor/wpa/dist/src/crypto/sha384-kdf.c head/contrib/wpa/src/crypto/sha384.c - copied unchanged from r341619, vendor/wpa/dist/src/crypto/sha384.c head/contrib/wpa/src/crypto/sha512-kdf.c - copied unchanged from r341619, vendor/wpa/dist/src/crypto/sha512-kdf.c head/contrib/wpa/src/crypto/sha512-prf.c - copied unchanged from r341619, vendor/wpa/dist/src/crypto/sha512-prf.c head/contrib/wpa/src/crypto/sha512.h - copied unchanged from r341619, vendor/wpa/dist/src/crypto/sha512.h head/contrib/wpa/src/crypto/tls_wolfssl.c - copied unchanged from r341619, vendor/wpa/dist/src/crypto/tls_wolfssl.c head/contrib/wpa/src/drivers/driver_macsec_linux.c - copied unchanged from r341619, vendor/wpa/dist/src/drivers/driver_macsec_linux.c head/contrib/wpa/src/drivers/driver_wired_common.c - copied unchanged from r341619, vendor/wpa/dist/src/drivers/driver_wired_common.c head/contrib/wpa/src/drivers/driver_wired_common.h - copied unchanged from r341619, vendor/wpa/dist/src/drivers/driver_wired_common.h head/contrib/wpa/src/utils/crc32.c - copied unchanged from r341619, vendor/wpa/dist/src/utils/crc32.c head/contrib/wpa/src/utils/crc32.h - copied unchanged from r341619, vendor/wpa/dist/src/utils/crc32.h head/contrib/wpa/src/utils/json.c - copied unchanged from r341619, vendor/wpa/dist/src/utils/json.c head/contrib/wpa/src/utils/json.h - copied unchanged from r341619, vendor/wpa/dist/src/utils/json.h head/contrib/wpa/wpa_supplicant/dpp_supplicant.c - copied unchanged from r341619, vendor/wpa/dist/wpa_supplicant/dpp_supplicant.c head/contrib/wpa/wpa_supplicant/dpp_supplicant.h - copied unchanged from r341619, vendor/wpa/dist/wpa_supplicant/dpp_supplicant.h head/contrib/wpa/wpa_supplicant/examples/dpp-qrcode.py - copied unchanged from r341619, vendor/wpa/dist/wpa_supplicant/examples/dpp-qrcode.py head/contrib/wpa/wpa_supplicant/op_classes.c - copied unchanged from r341619, vendor/wpa/dist/wpa_supplicant/op_classes.c head/contrib/wpa/wpa_supplicant/rrm.c - copied unchanged from r341619, vendor/wpa/dist/wpa_supplicant/rrm.c Deleted: head/contrib/wpa/src/ap/peerkey_auth.c head/contrib/wpa/src/rsn_supp/peerkey.c head/contrib/wpa/src/rsn_supp/peerkey.h Modified: head/contrib/wpa/CONTRIBUTIONS head/contrib/wpa/COPYING head/contrib/wpa/README head/contrib/wpa/hostapd/ChangeLog head/contrib/wpa/hostapd/README head/contrib/wpa/hostapd/config_file.c head/contrib/wpa/hostapd/config_file.h head/contrib/wpa/hostapd/ctrl_iface.c head/contrib/wpa/hostapd/defconfig head/contrib/wpa/hostapd/hlr_auc_gw.c head/contrib/wpa/hostapd/hostapd.conf head/contrib/wpa/hostapd/hostapd.eap_user_sqlite head/contrib/wpa/hostapd/hostapd_cli.c head/contrib/wpa/hostapd/main.c head/contrib/wpa/hs20/client/est.c head/contrib/wpa/hs20/client/oma_dm_client.c head/contrib/wpa/hs20/client/osu_client.c head/contrib/wpa/hs20/client/osu_client.h head/contrib/wpa/src/ap/acs.c head/contrib/wpa/src/ap/acs.h head/contrib/wpa/src/ap/ap_config.c head/contrib/wpa/src/ap/ap_config.h head/contrib/wpa/src/ap/ap_drv_ops.c head/contrib/wpa/src/ap/ap_drv_ops.h head/contrib/wpa/src/ap/ap_mlme.c head/contrib/wpa/src/ap/authsrv.c head/contrib/wpa/src/ap/beacon.c head/contrib/wpa/src/ap/beacon.h head/contrib/wpa/src/ap/bss_load.c head/contrib/wpa/src/ap/ctrl_iface_ap.c head/contrib/wpa/src/ap/ctrl_iface_ap.h head/contrib/wpa/src/ap/dfs.c head/contrib/wpa/src/ap/dfs.h head/contrib/wpa/src/ap/dhcp_snoop.c head/contrib/wpa/src/ap/drv_callbacks.c head/contrib/wpa/src/ap/eap_user_db.c head/contrib/wpa/src/ap/gas_serv.c head/contrib/wpa/src/ap/gas_serv.h head/contrib/wpa/src/ap/hostapd.c head/contrib/wpa/src/ap/hostapd.h head/contrib/wpa/src/ap/hs20.c head/contrib/wpa/src/ap/hs20.h head/contrib/wpa/src/ap/hw_features.c head/contrib/wpa/src/ap/ieee802_11.c head/contrib/wpa/src/ap/ieee802_11.h head/contrib/wpa/src/ap/ieee802_11_auth.c head/contrib/wpa/src/ap/ieee802_11_auth.h head/contrib/wpa/src/ap/ieee802_11_ht.c head/contrib/wpa/src/ap/ieee802_11_shared.c head/contrib/wpa/src/ap/ieee802_11_vht.c head/contrib/wpa/src/ap/ieee802_1x.c head/contrib/wpa/src/ap/ieee802_1x.h head/contrib/wpa/src/ap/ndisc_snoop.c head/contrib/wpa/src/ap/neighbor_db.c head/contrib/wpa/src/ap/neighbor_db.h head/contrib/wpa/src/ap/pmksa_cache_auth.c head/contrib/wpa/src/ap/pmksa_cache_auth.h head/contrib/wpa/src/ap/rrm.c head/contrib/wpa/src/ap/rrm.h head/contrib/wpa/src/ap/sta_info.c head/contrib/wpa/src/ap/sta_info.h head/contrib/wpa/src/ap/taxonomy.c head/contrib/wpa/src/ap/tkip_countermeasures.c head/contrib/wpa/src/ap/vlan_init.c head/contrib/wpa/src/ap/wmm.c head/contrib/wpa/src/ap/wnm_ap.c head/contrib/wpa/src/ap/wnm_ap.h head/contrib/wpa/src/ap/wpa_auth.c head/contrib/wpa/src/ap/wpa_auth.h head/contrib/wpa/src/ap/wpa_auth_ft.c head/contrib/wpa/src/ap/wpa_auth_glue.c head/contrib/wpa/src/ap/wpa_auth_i.h head/contrib/wpa/src/ap/wpa_auth_ie.c head/contrib/wpa/src/ap/wpa_auth_ie.h head/contrib/wpa/src/ap/wps_hostapd.c head/contrib/wpa/src/common/common_module_tests.c head/contrib/wpa/src/common/ctrl_iface_common.c head/contrib/wpa/src/common/ctrl_iface_common.h head/contrib/wpa/src/common/defs.h head/contrib/wpa/src/common/gas.c head/contrib/wpa/src/common/gas.h head/contrib/wpa/src/common/hw_features_common.c head/contrib/wpa/src/common/hw_features_common.h head/contrib/wpa/src/common/ieee802_11_common.c head/contrib/wpa/src/common/ieee802_11_common.h head/contrib/wpa/src/common/ieee802_11_defs.h head/contrib/wpa/src/common/ieee802_1x_defs.h head/contrib/wpa/src/common/privsep_commands.h head/contrib/wpa/src/common/qca-vendor.h head/contrib/wpa/src/common/sae.c head/contrib/wpa/src/common/sae.h head/contrib/wpa/src/common/version.h head/contrib/wpa/src/common/wpa_common.c head/contrib/wpa/src/common/wpa_common.h head/contrib/wpa/src/common/wpa_ctrl.h head/contrib/wpa/src/common/wpa_helpers.c head/contrib/wpa/src/crypto/aes-ctr.c head/contrib/wpa/src/crypto/aes-internal-dec.c head/contrib/wpa/src/crypto/aes-internal-enc.c head/contrib/wpa/src/crypto/aes-siv.c head/contrib/wpa/src/crypto/aes.h head/contrib/wpa/src/crypto/aes_siv.h head/contrib/wpa/src/crypto/aes_wrap.h head/contrib/wpa/src/crypto/crypto.h head/contrib/wpa/src/crypto/crypto_gnutls.c head/contrib/wpa/src/crypto/crypto_internal-modexp.c head/contrib/wpa/src/crypto/crypto_libtomcrypt.c head/contrib/wpa/src/crypto/crypto_module_tests.c head/contrib/wpa/src/crypto/crypto_none.c head/contrib/wpa/src/crypto/crypto_openssl.c head/contrib/wpa/src/crypto/des-internal.c head/contrib/wpa/src/crypto/dh_groups.c head/contrib/wpa/src/crypto/ms_funcs.c head/contrib/wpa/src/crypto/ms_funcs.h head/contrib/wpa/src/crypto/random.c head/contrib/wpa/src/crypto/sha1-internal.c head/contrib/wpa/src/crypto/sha256-internal.c head/contrib/wpa/src/crypto/sha256-kdf.c head/contrib/wpa/src/crypto/sha384-prf.c head/contrib/wpa/src/crypto/sha384.h head/contrib/wpa/src/crypto/tls.h head/contrib/wpa/src/crypto/tls_gnutls.c head/contrib/wpa/src/crypto/tls_internal.c head/contrib/wpa/src/crypto/tls_none.c head/contrib/wpa/src/crypto/tls_openssl.c head/contrib/wpa/src/drivers/driver.h head/contrib/wpa/src/drivers/driver_common.c head/contrib/wpa/src/drivers/driver_macsec_qca.c head/contrib/wpa/src/drivers/driver_ndis.c head/contrib/wpa/src/drivers/driver_nl80211.h head/contrib/wpa/src/drivers/driver_nl80211_capa.c head/contrib/wpa/src/drivers/driver_nl80211_event.c head/contrib/wpa/src/drivers/driver_nl80211_monitor.c head/contrib/wpa/src/drivers/driver_nl80211_scan.c head/contrib/wpa/src/drivers/driver_privsep.c head/contrib/wpa/src/drivers/driver_wired.c head/contrib/wpa/src/drivers/drivers.c head/contrib/wpa/src/eap_common/eap_eke_common.c head/contrib/wpa/src/eap_common/eap_fast_common.c head/contrib/wpa/src/eap_common/eap_pwd_common.c head/contrib/wpa/src/eap_common/eap_pwd_common.h head/contrib/wpa/src/eap_common/eap_sim_common.c head/contrib/wpa/src/eap_peer/eap.c head/contrib/wpa/src/eap_peer/eap.h head/contrib/wpa/src/eap_peer/eap_aka.c head/contrib/wpa/src/eap_peer/eap_config.h head/contrib/wpa/src/eap_peer/eap_eke.c head/contrib/wpa/src/eap_peer/eap_fast.c head/contrib/wpa/src/eap_peer/eap_fast_pac.c head/contrib/wpa/src/eap_peer/eap_gpsk.c head/contrib/wpa/src/eap_peer/eap_i.h head/contrib/wpa/src/eap_peer/eap_ikev2.c head/contrib/wpa/src/eap_peer/eap_leap.c head/contrib/wpa/src/eap_peer/eap_mschapv2.c head/contrib/wpa/src/eap_peer/eap_pax.c head/contrib/wpa/src/eap_peer/eap_peap.c head/contrib/wpa/src/eap_peer/eap_proxy.h head/contrib/wpa/src/eap_peer/eap_proxy_dummy.c head/contrib/wpa/src/eap_peer/eap_psk.c head/contrib/wpa/src/eap_peer/eap_pwd.c head/contrib/wpa/src/eap_peer/eap_sake.c head/contrib/wpa/src/eap_peer/eap_sim.c head/contrib/wpa/src/eap_peer/eap_tls.c head/contrib/wpa/src/eap_peer/eap_tls_common.c head/contrib/wpa/src/eap_peer/eap_tls_common.h head/contrib/wpa/src/eap_peer/eap_ttls.c head/contrib/wpa/src/eap_peer/ikev2.c head/contrib/wpa/src/eap_peer/tncc.c head/contrib/wpa/src/eap_server/eap.h head/contrib/wpa/src/eap_server/eap_i.h head/contrib/wpa/src/eap_server/eap_server.c head/contrib/wpa/src/eap_server/eap_server_aka.c head/contrib/wpa/src/eap_server/eap_server_eke.c head/contrib/wpa/src/eap_server/eap_server_fast.c head/contrib/wpa/src/eap_server/eap_server_gpsk.c head/contrib/wpa/src/eap_server/eap_server_gtc.c head/contrib/wpa/src/eap_server/eap_server_ikev2.c head/contrib/wpa/src/eap_server/eap_server_mschapv2.c head/contrib/wpa/src/eap_server/eap_server_pax.c head/contrib/wpa/src/eap_server/eap_server_psk.c head/contrib/wpa/src/eap_server/eap_server_pwd.c head/contrib/wpa/src/eap_server/eap_server_sake.c head/contrib/wpa/src/eap_server/eap_server_sim.c head/contrib/wpa/src/eap_server/eap_server_tls.c head/contrib/wpa/src/eap_server/eap_server_tls_common.c head/contrib/wpa/src/eap_server/eap_server_ttls.c head/contrib/wpa/src/eap_server/eap_server_wsc.c head/contrib/wpa/src/eap_server/eap_tls_common.h head/contrib/wpa/src/eap_server/ikev2.c head/contrib/wpa/src/eap_server/tncs.c head/contrib/wpa/src/eapol_auth/eapol_auth_sm.c head/contrib/wpa/src/eapol_auth/eapol_auth_sm.h head/contrib/wpa/src/eapol_supp/eapol_supp_sm.c head/contrib/wpa/src/eapol_supp/eapol_supp_sm.h head/contrib/wpa/src/fst/fst_ctrl_aux.h head/contrib/wpa/src/fst/fst_ctrl_iface.c head/contrib/wpa/src/fst/fst_group.c head/contrib/wpa/src/fst/fst_iface.h head/contrib/wpa/src/fst/fst_session.c head/contrib/wpa/src/l2_packet/l2_packet.h head/contrib/wpa/src/l2_packet/l2_packet_privsep.c head/contrib/wpa/src/p2p/p2p.c head/contrib/wpa/src/p2p/p2p.h head/contrib/wpa/src/p2p/p2p_go_neg.c head/contrib/wpa/src/p2p/p2p_group.c head/contrib/wpa/src/p2p/p2p_i.h head/contrib/wpa/src/p2p/p2p_pd.c head/contrib/wpa/src/p2p/p2p_sd.c head/contrib/wpa/src/pae/ieee802_1x_cp.c head/contrib/wpa/src/pae/ieee802_1x_kay.c head/contrib/wpa/src/pae/ieee802_1x_kay.h head/contrib/wpa/src/pae/ieee802_1x_kay_i.h head/contrib/wpa/src/pae/ieee802_1x_secy_ops.c head/contrib/wpa/src/pae/ieee802_1x_secy_ops.h head/contrib/wpa/src/radius/radius.c head/contrib/wpa/src/radius/radius.h head/contrib/wpa/src/radius/radius_client.c head/contrib/wpa/src/radius/radius_das.c head/contrib/wpa/src/radius/radius_das.h head/contrib/wpa/src/radius/radius_server.c head/contrib/wpa/src/radius/radius_server.h head/contrib/wpa/src/rsn_supp/pmksa_cache.c head/contrib/wpa/src/rsn_supp/pmksa_cache.h head/contrib/wpa/src/rsn_supp/preauth.c head/contrib/wpa/src/rsn_supp/tdls.c head/contrib/wpa/src/rsn_supp/wpa.c head/contrib/wpa/src/rsn_supp/wpa.h head/contrib/wpa/src/rsn_supp/wpa_ft.c head/contrib/wpa/src/rsn_supp/wpa_i.h head/contrib/wpa/src/rsn_supp/wpa_ie.c head/contrib/wpa/src/rsn_supp/wpa_ie.h head/contrib/wpa/src/tls/libtommath.c head/contrib/wpa/src/tls/rsa.c head/contrib/wpa/src/tls/tlsv1_client.c head/contrib/wpa/src/tls/tlsv1_client_read.c head/contrib/wpa/src/tls/tlsv1_common.c head/contrib/wpa/src/tls/tlsv1_cred.c head/contrib/wpa/src/tls/tlsv1_server.c head/contrib/wpa/src/tls/x509v3.c head/contrib/wpa/src/utils/base64.c head/contrib/wpa/src/utils/base64.h head/contrib/wpa/src/utils/browser-wpadebug.c head/contrib/wpa/src/utils/common.c head/contrib/wpa/src/utils/common.h head/contrib/wpa/src/utils/eloop.h head/contrib/wpa/src/utils/http_curl.c head/contrib/wpa/src/utils/os.h head/contrib/wpa/src/utils/os_none.c head/contrib/wpa/src/utils/os_unix.c head/contrib/wpa/src/utils/os_win32.c head/contrib/wpa/src/utils/trace.c head/contrib/wpa/src/utils/utils_module_tests.c head/contrib/wpa/src/utils/uuid.c head/contrib/wpa/src/utils/uuid.h head/contrib/wpa/src/utils/wpa_debug.c head/contrib/wpa/src/utils/wpa_debug.h head/contrib/wpa/src/utils/wpabuf.c head/contrib/wpa/src/utils/xml-utils.c head/contrib/wpa/src/wps/wps.c head/contrib/wpa/src/wps/wps_common.c head/contrib/wpa/src/wps/wps_er.c head/contrib/wpa/src/wps/wps_registrar.c head/contrib/wpa/wpa_supplicant/Android.mk head/contrib/wpa/wpa_supplicant/ChangeLog head/contrib/wpa/wpa_supplicant/README head/contrib/wpa/wpa_supplicant/README-HS20 head/contrib/wpa/wpa_supplicant/android.config head/contrib/wpa/wpa_supplicant/ap.c head/contrib/wpa/wpa_supplicant/ap.h head/contrib/wpa/wpa_supplicant/autoscan.c head/contrib/wpa/wpa_supplicant/bgscan.c head/contrib/wpa/wpa_supplicant/bgscan_learn.c head/contrib/wpa/wpa_supplicant/bgscan_simple.c head/contrib/wpa/wpa_supplicant/bss.c head/contrib/wpa/wpa_supplicant/bss.h head/contrib/wpa/wpa_supplicant/config.c head/contrib/wpa/wpa_supplicant/config.h head/contrib/wpa/wpa_supplicant/config_file.c head/contrib/wpa/wpa_supplicant/config_ssid.h head/contrib/wpa/wpa_supplicant/ctrl_iface.c head/contrib/wpa/wpa_supplicant/ctrl_iface_named_pipe.c head/contrib/wpa/wpa_supplicant/ctrl_iface_udp.c head/contrib/wpa/wpa_supplicant/ctrl_iface_unix.c head/contrib/wpa/wpa_supplicant/dbus/dbus_new.c head/contrib/wpa/wpa_supplicant/dbus/dbus_new.h head/contrib/wpa/wpa_supplicant/dbus/dbus_new_handlers.c head/contrib/wpa/wpa_supplicant/dbus/dbus_new_handlers.h head/contrib/wpa/wpa_supplicant/dbus/dbus_new_handlers_p2p.c head/contrib/wpa/wpa_supplicant/dbus/dbus_new_handlers_wps.c head/contrib/wpa/wpa_supplicant/defconfig head/contrib/wpa/wpa_supplicant/driver_i.h head/contrib/wpa/wpa_supplicant/events.c head/contrib/wpa/wpa_supplicant/examples/wps-ap-cli head/contrib/wpa/wpa_supplicant/gas_query.c head/contrib/wpa/wpa_supplicant/gas_query.h head/contrib/wpa/wpa_supplicant/hs20_supplicant.c head/contrib/wpa/wpa_supplicant/hs20_supplicant.h head/contrib/wpa/wpa_supplicant/ibss_rsn.c head/contrib/wpa/wpa_supplicant/interworking.c head/contrib/wpa/wpa_supplicant/interworking.h head/contrib/wpa/wpa_supplicant/mbo.c head/contrib/wpa/wpa_supplicant/mesh.c head/contrib/wpa/wpa_supplicant/mesh_mpm.c head/contrib/wpa/wpa_supplicant/mesh_rsn.c head/contrib/wpa/wpa_supplicant/notify.c head/contrib/wpa/wpa_supplicant/notify.h head/contrib/wpa/wpa_supplicant/offchannel.c head/contrib/wpa/wpa_supplicant/p2p_supplicant.c head/contrib/wpa/wpa_supplicant/preauth_test.c head/contrib/wpa/wpa_supplicant/scan.c head/contrib/wpa/wpa_supplicant/sme.c head/contrib/wpa/wpa_supplicant/sme.h head/contrib/wpa/wpa_supplicant/wifi_display.c head/contrib/wpa/wpa_supplicant/wmm_ac.c head/contrib/wpa/wpa_supplicant/wnm_sta.c head/contrib/wpa/wpa_supplicant/wnm_sta.h head/contrib/wpa/wpa_supplicant/wpa_cli.c head/contrib/wpa/wpa_supplicant/wpa_passphrase.c head/contrib/wpa/wpa_supplicant/wpa_priv.c head/contrib/wpa/wpa_supplicant/wpa_supplicant.c head/contrib/wpa/wpa_supplicant/wpa_supplicant.conf head/contrib/wpa/wpa_supplicant/wpa_supplicant_i.h head/contrib/wpa/wpa_supplicant/wpa_supplicant_template.conf head/contrib/wpa/wpa_supplicant/wpas_glue.c head/contrib/wpa/wpa_supplicant/wpas_kay.c head/contrib/wpa/wpa_supplicant/wpas_kay.h head/contrib/wpa/wpa_supplicant/wps_supplicant.c head/usr.sbin/wpa/Makefile.crypto head/usr.sbin/wpa/Makefile.inc head/usr.sbin/wpa/hostapd/Makefile head/usr.sbin/wpa/wpa_cli/Makefile head/usr.sbin/wpa/wpa_supplicant/Makefile Directory Properties: head/contrib/wpa/ (props changed) Modified: head/contrib/wpa/CONTRIBUTIONS ============================================================================== --- head/contrib/wpa/CONTRIBUTIONS Sun Dec 9 06:42:06 2018 (r341758) +++ head/contrib/wpa/CONTRIBUTIONS Sun Dec 9 06:45:49 2018 (r341759) @@ -140,7 +140,7 @@ The license terms used for hostap.git files Modified BSD license (no advertisement clause): -Copyright (c) 2002-2016, Jouni Malinen <j@w1.fi> and contributors +Copyright (c) 2002-2018, Jouni Malinen <j@w1.fi> and contributors All Rights Reserved. Redistribution and use in source and binary forms, with or without Modified: head/contrib/wpa/COPYING ============================================================================== --- head/contrib/wpa/COPYING Sun Dec 9 06:42:06 2018 (r341758) +++ head/contrib/wpa/COPYING Sun Dec 9 06:45:49 2018 (r341759) @@ -1,7 +1,7 @@ wpa_supplicant and hostapd -------------------------- -Copyright (c) 2002-2016, Jouni Malinen <j@w1.fi> and contributors +Copyright (c) 2002-2018, Jouni Malinen <j@w1.fi> and contributors All Rights Reserved. Modified: head/contrib/wpa/README ============================================================================== --- head/contrib/wpa/README Sun Dec 9 06:42:06 2018 (r341758) +++ head/contrib/wpa/README Sun Dec 9 06:45:49 2018 (r341759) @@ -1,7 +1,7 @@ wpa_supplicant and hostapd -------------------------- -Copyright (c) 2002-2016, Jouni Malinen <j@w1.fi> and contributors +Copyright (c) 2002-2018, Jouni Malinen <j@w1.fi> and contributors All Rights Reserved. These programs are licensed under the BSD license (the one with Modified: head/contrib/wpa/hostapd/ChangeLog ============================================================================== --- head/contrib/wpa/hostapd/ChangeLog Sun Dec 9 06:42:06 2018 (r341758) +++ head/contrib/wpa/hostapd/ChangeLog Sun Dec 9 06:45:49 2018 (r341759) @@ -1,5 +1,60 @@ ChangeLog for hostapd +2018-12-02 - v2.7 + * fixed WPA packet number reuse with replayed messages and key + reinstallation + [http://w1.fi/security/2017-1/] (CVE-2017-13082) + * added support for FILS (IEEE 802.11ai) shared key authentication + * added support for OWE (Opportunistic Wireless Encryption, RFC 8110; + and transition mode defined by WFA) + * added support for DPP (Wi-Fi Device Provisioning Protocol) + * FT: + - added local generation of PMK-R0/PMK-R1 for FT-PSK + (ft_psk_generate_local=1) + - replaced inter-AP protocol with a cleaner design that is more + easily extensible; this breaks backward compatibility and requires + all APs in the ESS to be updated at the same time to maintain FT + functionality + - added support for wildcard R0KH/R1KH + - replaced r0_key_lifetime (minutes) parameter with + ft_r0_key_lifetime (seconds) + - fixed wpa_psk_file use for FT-PSK + - fixed FT-SAE PMKID matching + - added expiration to PMK-R0 and PMK-R1 cache + - added IEEE VLAN support (including tagged VLANs) + - added support for SHA384 based AKM + * SAE + - fixed some PMKSA caching cases with SAE + - added support for configuring SAE password separately of the + WPA2 PSK/passphrase + - added option to require MFP for SAE associations + (sae_require_pmf=1) + - fixed PTK and EAPOL-Key integrity and key-wrap algorithm selection + for SAE; + note: this is not backwards compatible, i.e., both the AP and + station side implementations will need to be update at the same + time to maintain interoperability + - added support for Password Identifier + * hostapd_cli: added support for command history and completion + * added support for requesting beacon report + * large number of other fixes, cleanup, and extensions + * added option to configure EAPOL-Key retry limits + (wpa_group_update_count and wpa_pairwise_update_count) + * removed all PeerKey functionality + * fixed nl80211 AP mode configuration regression with Linux 4.15 and + newer + * added support for using wolfSSL cryptographic library + * fixed some 20/40 MHz coexistence cases where the BSS could drop to + 20 MHz even when 40 MHz would be allowed + * Hotspot 2.0 + - added support for setting Venue URL ANQP-element (venue_url) + - added support for advertising Hotspot 2.0 operator icons + - added support for Roaming Consortium Selection element + - added support for Terms and Conditions + - added support for OSEN connection in a shared RSN BSS + * added support for using OpenSSL 1.1.1 + * added EAP-pwd server support for salted passwords + 2016-10-02 - v2.6 * fixed EAP-pwd last fragment validation [http://w1.fi/security/2015-7/] (CVE-2015-5314) Modified: head/contrib/wpa/hostapd/README ============================================================================== --- head/contrib/wpa/hostapd/README Sun Dec 9 06:42:06 2018 (r341758) +++ head/contrib/wpa/hostapd/README Sun Dec 9 06:45:49 2018 (r341759) @@ -2,7 +2,7 @@ hostapd - user space IEEE 802.11 AP and IEEE 802.1X/WP Authenticator and RADIUS authentication server ================================================================ -Copyright (c) 2002-2016, Jouni Malinen <j@w1.fi> and contributors +Copyright (c) 2002-2018, Jouni Malinen <j@w1.fi> and contributors All Rights Reserved. This program is licensed under the BSD license (the one with @@ -70,7 +70,7 @@ Requirements Current hardware/software requirements: - drivers: Host AP driver for Prism2/2.5/3. - (http://hostap.epitest.fi/) + (http://w1.fi/hostap-driver.html) Please note that station firmware version needs to be 1.7.0 or newer to work in WPA mode. @@ -81,8 +81,7 @@ Current hardware/software requirements: Any wired Ethernet driver for wired IEEE 802.1X authentication (experimental code) - FreeBSD -current (with some kernel mods that have not yet been - committed when hostapd v0.3.0 was released) + FreeBSD -current BSD net80211 layer (e.g., Atheros driver) @@ -186,24 +185,14 @@ Authenticator and RADIUS encapsulation between the Aut the Authentication Server. Other than this, the functionality is similar to the case with the co-located Authentication Server. -Authentication Server and Supplicant ------------------------------------- +Authentication Server +--------------------- Any RADIUS server supporting EAP should be usable as an IEEE 802.1X Authentication Server with hostapd Authenticator. FreeRADIUS (http://www.freeradius.org/) has been successfully tested with hostapd -Authenticator and both Xsupplicant (http://www.open1x.org) and Windows -XP Supplicants. EAP/TLS was used with Xsupplicant and -EAP/MD5-Challenge with Windows XP. +Authenticator. -http://www.missl.cs.umd.edu/wireless/eaptls/ has useful information -about using EAP/TLS with FreeRADIUS and Xsupplicant (just replace -Cisco access point with Host AP driver, hostapd daemon, and a Prism2 -card ;-). http://www.freeradius.org/doc/EAP-MD5.html has information -about using EAP/MD5 with FreeRADIUS, including instructions for WinXP -configuration. http://www.denobula.com/EAPTLS.pdf has a HOWTO on -EAP/TLS use with WinXP Supplicant. - Automatic WEP key configuration ------------------------------- @@ -243,16 +232,15 @@ networks that require some kind of security. Task grou of IEEE 802.11 working group (http://www.ieee802.org/11/) has worked to address the flaws of the base standard and has in practice completed its work in May 2004. The IEEE 802.11i amendment to the IEEE -802.11 standard was approved in June 2004 and this amendment is likely -to be published in July 2004. +802.11 standard was approved in June 2004 and this amendment was +published in July 2004. Wi-Fi Alliance (http://www.wi-fi.org/) used a draft version of the IEEE 802.11i work (draft 3.0) to define a subset of the security enhancements that can be implemented with existing wlan hardware. This is called Wi-Fi Protected Access<TM> (WPA). This has now become a mandatory component of interoperability testing and certification done -by Wi-Fi Alliance. Wi-Fi provides information about WPA at its web -site (http://www.wi-fi.org/OpenSection/protected_access.asp). +by Wi-Fi Alliance. IEEE 802.11 standard defined wired equivalent privacy (WEP) algorithm for protecting wireless networks. WEP uses RC4 with 40-bit keys, Modified: head/contrib/wpa/hostapd/config_file.c ============================================================================== --- head/contrib/wpa/hostapd/config_file.c Sun Dec 9 06:42:06 2018 (r341758) +++ head/contrib/wpa/hostapd/config_file.c Sun Dec 9 06:45:49 2018 (r341759) @@ -1,6 +1,6 @@ /* * hostapd / Configuration file parser - * Copyright (c) 2003-2015, Jouni Malinen <j@w1.fi> + * Copyright (c) 2003-2018, Jouni Malinen <j@w1.fi> * * This software may be distributed under the terms of the BSD license. * See README for more details. @@ -14,6 +14,8 @@ #include "utils/common.h" #include "utils/uuid.h" #include "common/ieee802_11_defs.h" +#include "crypto/sha256.h" +#include "crypto/tls.h" #include "drivers/driver.h" #include "eap_server/eap.h" #include "radius/radius_client.h" @@ -111,7 +113,7 @@ static int hostapd_config_read_vlan_file(struct hostap #endif /* CONFIG_NO_VLAN */ -static int hostapd_acl_comp(const void *a, const void *b) +int hostapd_acl_comp(const void *a, const void *b) { const struct mac_acl_entry *aa = a; const struct mac_acl_entry *bb = b; @@ -119,6 +121,44 @@ static int hostapd_acl_comp(const void *a, const void } +int hostapd_add_acl_maclist(struct mac_acl_entry **acl, int *num, + int vlan_id, const u8 *addr) +{ + struct mac_acl_entry *newacl; + + newacl = os_realloc_array(*acl, *num + 1, sizeof(**acl)); + if (!newacl) { + wpa_printf(MSG_ERROR, "MAC list reallocation failed"); + return -1; + } + + *acl = newacl; + os_memcpy((*acl)[*num].addr, addr, ETH_ALEN); + os_memset(&(*acl)[*num].vlan_id, 0, sizeof((*acl)[*num].vlan_id)); + (*acl)[*num].vlan_id.untagged = vlan_id; + (*acl)[*num].vlan_id.notempty = !!vlan_id; + (*num)++; + + return 0; +} + + +void hostapd_remove_acl_mac(struct mac_acl_entry **acl, int *num, + const u8 *addr) +{ + int i = 0; + + while (i < *num) { + if (os_memcmp((*acl)[i].addr, addr, ETH_ALEN) == 0) { + os_remove_in_array(*acl, *num, sizeof(**acl), i); + (*num)--; + } else { + i++; + } + } +} + + static int hostapd_config_read_maclist(const char *fname, struct mac_acl_entry **acl, int *num) { @@ -126,12 +166,8 @@ static int hostapd_config_read_maclist(const char *fna char buf[128], *pos; int line = 0; u8 addr[ETH_ALEN]; - struct mac_acl_entry *newacl; int vlan_id; - if (!fname) - return 0; - f = fopen(fname, "r"); if (!f) { wpa_printf(MSG_ERROR, "MAC list file '%s' not found.", fname); @@ -139,7 +175,7 @@ static int hostapd_config_read_maclist(const char *fna } while (fgets(buf, sizeof(buf), f)) { - int i, rem = 0; + int rem = 0; line++; @@ -169,16 +205,7 @@ static int hostapd_config_read_maclist(const char *fna } if (rem) { - i = 0; - while (i < *num) { - if (os_memcmp((*acl)[i].addr, addr, ETH_ALEN) == - 0) { - os_remove_in_array(*acl, *num, - sizeof(**acl), i); - (*num)--; - } else - i++; - } + hostapd_remove_acl_mac(acl, num, addr); continue; } vlan_id = 0; @@ -190,31 +217,78 @@ static int hostapd_config_read_maclist(const char *fna if (*pos != '\0') vlan_id = atoi(pos); - newacl = os_realloc_array(*acl, *num + 1, sizeof(**acl)); - if (newacl == NULL) { - wpa_printf(MSG_ERROR, "MAC list reallocation failed"); + if (hostapd_add_acl_maclist(acl, num, vlan_id, addr) < 0) { fclose(f); return -1; } - - *acl = newacl; - os_memcpy((*acl)[*num].addr, addr, ETH_ALEN); - os_memset(&(*acl)[*num].vlan_id, 0, - sizeof((*acl)[*num].vlan_id)); - (*acl)[*num].vlan_id.untagged = vlan_id; - (*acl)[*num].vlan_id.notempty = !!vlan_id; - (*num)++; } fclose(f); - qsort(*acl, *num, sizeof(**acl), hostapd_acl_comp); + if (*acl) + qsort(*acl, *num, sizeof(**acl), hostapd_acl_comp); return 0; } #ifdef EAP_SERVER + +static int hostapd_config_eap_user_salted(struct hostapd_eap_user *user, + const char *hash, size_t len, + char **pos, int line, + const char *fname) +{ + char *pos2 = *pos; + + while (*pos2 != '\0' && *pos2 != ' ' && *pos2 != '\t' && *pos2 != '#') + pos2++; + + if (pos2 - *pos < (int) (2 * (len + 1))) { /* at least 1 byte of salt */ + wpa_printf(MSG_ERROR, + "Invalid salted %s hash on line %d in '%s'", + hash, line, fname); + return -1; + } + + user->password = os_malloc(len); + if (!user->password) { + wpa_printf(MSG_ERROR, + "Failed to allocate memory for salted %s hash", + hash); + return -1; + } + + if (hexstr2bin(*pos, user->password, len) < 0) { + wpa_printf(MSG_ERROR, + "Invalid salted password on line %d in '%s'", + line, fname); + return -1; + } + user->password_len = len; + *pos += 2 * len; + + user->salt_len = (pos2 - *pos) / 2; + user->salt = os_malloc(user->salt_len); + if (!user->salt) { + wpa_printf(MSG_ERROR, + "Failed to allocate memory for salted %s hash", + hash); + return -1; + } + + if (hexstr2bin(*pos, user->salt, user->salt_len) < 0) { + wpa_printf(MSG_ERROR, + "Invalid salt for password on line %d in '%s'", + line, fname); + return -1; + } + + *pos = pos2; + return 0; +} + + static int hostapd_config_read_eap_user(const char *fname, struct hostapd_bss_config *conf) { @@ -223,9 +297,6 @@ static int hostapd_config_read_eap_user(const char *fn int line = 0, ret = 0, num_methods; struct hostapd_eap_user *user = NULL, *tail = NULL, *new_user = NULL; - if (!fname) - return 0; - if (os_strncmp(fname, "sqlite:", 7) == 0) { #ifdef CONFIG_SQLITE os_free(conf->eap_user_sqlite); @@ -312,13 +383,12 @@ static int hostapd_config_read_eap_user(const char *fn goto failed; } - user->identity = os_malloc(pos - start); + user->identity = os_memdup(start, pos - start); if (user->identity == NULL) { wpa_printf(MSG_ERROR, "Failed to allocate " "memory for EAP identity"); goto failed; } - os_memcpy(user->identity, start, pos - start); user->identity_len = pos - start; if (pos[0] == '"' && pos[1] == '*') { @@ -436,13 +506,12 @@ static int hostapd_config_read_eap_user(const char *fn goto failed; } - user->password = os_malloc(pos - start); + user->password = os_memdup(start, pos - start); if (user->password == NULL) { wpa_printf(MSG_ERROR, "Failed to allocate " "memory for EAP password"); goto failed; } - os_memcpy(user->password, start, pos - start); user->password_len = pos - start; pos++; @@ -471,6 +540,24 @@ static int hostapd_config_read_eap_user(const char *fn user->password_len = 16; user->password_hash = 1; pos = pos2; + } else if (os_strncmp(pos, "ssha1:", 6) == 0) { + pos += 6; + if (hostapd_config_eap_user_salted(user, "sha1", 20, + &pos, + line, fname) < 0) + goto failed; + } else if (os_strncmp(pos, "ssha256:", 8) == 0) { + pos += 8; + if (hostapd_config_eap_user_salted(user, "sha256", 32, + &pos, + line, fname) < 0) + goto failed; + } else if (os_strncmp(pos, "ssha512:", 8) == 0) { + pos += 8; + if (hostapd_config_eap_user_salted(user, "sha512", 64, + &pos, + line, fname) < 0) + goto failed; } else { pos2 = pos; while (*pos2 != '\0' && *pos2 != ' ' && @@ -522,19 +609,15 @@ static int hostapd_config_read_eap_user(const char *fn fclose(f); if (ret == 0) { - user = conf->eap_user; - while (user) { - struct hostapd_eap_user *prev; - - prev = user; - user = user->next; - hostapd_config_free_eap_user(prev); - } + hostapd_config_free_eap_users(conf->eap_user); conf->eap_user = new_user; + } else { + hostapd_config_free_eap_users(new_user); } return ret; } + #endif /* EAP_SERVER */ @@ -684,12 +767,16 @@ static int hostapd_config_parse_key_mgmt(int line, con val |= WPA_KEY_MGMT_PSK; else if (os_strcmp(start, "WPA-EAP") == 0) val |= WPA_KEY_MGMT_IEEE8021X; -#ifdef CONFIG_IEEE80211R +#ifdef CONFIG_IEEE80211R_AP else if (os_strcmp(start, "FT-PSK") == 0) val |= WPA_KEY_MGMT_FT_PSK; else if (os_strcmp(start, "FT-EAP") == 0) val |= WPA_KEY_MGMT_FT_IEEE8021X; -#endif /* CONFIG_IEEE80211R */ +#ifdef CONFIG_SHA384 + else if (os_strcmp(start, "FT-EAP-SHA384") == 0) + val |= WPA_KEY_MGMT_FT_IEEE8021X_SHA384; +#endif /* CONFIG_SHA384 */ +#endif /* CONFIG_IEEE80211R_AP */ #ifdef CONFIG_IEEE80211W else if (os_strcmp(start, "WPA-PSK-SHA256") == 0) val |= WPA_KEY_MGMT_PSK_SHA256; @@ -710,6 +797,30 @@ static int hostapd_config_parse_key_mgmt(int line, con else if (os_strcmp(start, "WPA-EAP-SUITE-B-192") == 0) val |= WPA_KEY_MGMT_IEEE8021X_SUITE_B_192; #endif /* CONFIG_SUITEB192 */ +#ifdef CONFIG_FILS + else if (os_strcmp(start, "FILS-SHA256") == 0) + val |= WPA_KEY_MGMT_FILS_SHA256; + else if (os_strcmp(start, "FILS-SHA384") == 0) + val |= WPA_KEY_MGMT_FILS_SHA384; +#ifdef CONFIG_IEEE80211R_AP + else if (os_strcmp(start, "FT-FILS-SHA256") == 0) + val |= WPA_KEY_MGMT_FT_FILS_SHA256; + else if (os_strcmp(start, "FT-FILS-SHA384") == 0) + val |= WPA_KEY_MGMT_FT_FILS_SHA384; +#endif /* CONFIG_IEEE80211R_AP */ +#endif /* CONFIG_FILS */ +#ifdef CONFIG_OWE + else if (os_strcmp(start, "OWE") == 0) + val |= WPA_KEY_MGMT_OWE; +#endif /* CONFIG_OWE */ +#ifdef CONFIG_DPP + else if (os_strcmp(start, "DPP") == 0) + val |= WPA_KEY_MGMT_DPP; +#endif /* CONFIG_DPP */ +#ifdef CONFIG_HS20 + else if (os_strcmp(start, "OSEN") == 0) + val |= WPA_KEY_MGMT_OSEN; +#endif /* CONFIG_HS20 */ else { wpa_printf(MSG_ERROR, "Line %d: invalid key_mgmt '%s'", line, start); @@ -755,17 +866,34 @@ static int hostapd_config_read_wep(struct hostapd_wep_ { size_t len = os_strlen(val); - if (keyidx < 0 || keyidx > 3 || wep->key[keyidx] != NULL) + if (keyidx < 0 || keyidx > 3) return -1; + if (len == 0) { + int i, set = 0; + + bin_clear_free(wep->key[keyidx], wep->len[keyidx]); + wep->key[keyidx] = NULL; + wep->len[keyidx] = 0; + for (i = 0; i < NUM_WEP_KEYS; i++) { + if (wep->key[i]) + set++; + } + if (!set) + wep->keys_set = 0; + return 0; + } + + if (wep->key[keyidx] != NULL) + return -1; + if (val[0] == '"') { if (len < 2 || val[len - 1] != '"') return -1; len -= 2; - wep->key[keyidx] = os_malloc(len); + wep->key[keyidx] = os_memdup(val + 1, len); if (wep->key[keyidx] == NULL) return -1; - os_memcpy(wep->key[keyidx], val + 1, len); wep->len[keyidx] = len; } else { if (len & 1) @@ -978,7 +1106,27 @@ static int hostapd_config_tx_queue(struct hostapd_conf } -#ifdef CONFIG_IEEE80211R +#ifdef CONFIG_IEEE80211R_AP + +static int rkh_derive_key(const char *pos, u8 *key, size_t key_len) +{ + u8 oldkey[16]; + int ret; + + if (!hexstr2bin(pos, key, key_len)) + return 0; + + /* Try to use old short key for backwards compatibility */ + if (hexstr2bin(pos, oldkey, sizeof(oldkey))) + return -1; + + ret = hmac_sha256_kdf(oldkey, sizeof(oldkey), "FT OLDKEY", NULL, 0, + key, key_len); + os_memset(oldkey, 0, sizeof(oldkey)); + return ret; +} + + static int add_r0kh(struct hostapd_bss_config *bss, char *value) { struct ft_remote_r0kh *r0kh; @@ -1012,7 +1160,7 @@ static int add_r0kh(struct hostapd_bss_config *bss, ch os_memcpy(r0kh->id, pos, r0kh->id_len); pos = next; - if (hexstr2bin(pos, r0kh->key, sizeof(r0kh->key))) { + if (rkh_derive_key(pos, r0kh->key, sizeof(r0kh->key)) < 0) { wpa_printf(MSG_ERROR, "Invalid R0KH key: '%s'", pos); os_free(r0kh); return -1; @@ -1057,7 +1205,7 @@ static int add_r1kh(struct hostapd_bss_config *bss, ch } pos = next; - if (hexstr2bin(pos, r1kh->key, sizeof(r1kh->key))) { + if (rkh_derive_key(pos, r1kh->key, sizeof(r1kh->key)) < 0) { wpa_printf(MSG_ERROR, "Invalid R1KH key: '%s'", pos); os_free(r1kh); return -1; @@ -1068,7 +1216,7 @@ static int add_r1kh(struct hostapd_bss_config *bss, ch return 0; } -#endif /* CONFIG_IEEE80211R */ +#endif /* CONFIG_IEEE80211R_AP */ #ifdef CONFIG_IEEE80211N @@ -1085,6 +1233,12 @@ static int hostapd_config_ht_capab(struct hostapd_conf conf->ht_capab |= HT_CAP_INFO_SUPP_CHANNEL_WIDTH_SET; conf->secondary_channel = 1; } + if (os_strstr(capab, "[HT40+]") && os_strstr(capab, "[HT40-]")) { + conf->ht_capab |= HT_CAP_INFO_SUPP_CHANNEL_WIDTH_SET; + conf->ht40_plus_minus_allowed = 1; + } + if (!os_strstr(capab, "[HT40+]") && !os_strstr(capab, "[HT40-]")) + conf->secondary_channel = 0; if (os_strstr(capab, "[SMPS-STATIC]")) { conf->ht_capab &= ~HT_CAP_INFO_SMPS_MASK; conf->ht_capab |= HT_CAP_INFO_SMPS_STATIC; @@ -1307,6 +1461,44 @@ static int parse_venue_name(struct hostapd_bss_config } +static int parse_venue_url(struct hostapd_bss_config *bss, char *pos, + int line) +{ + char *sep; + size_t nlen; + struct hostapd_venue_url *url; + int ret = -1; + + sep = os_strchr(pos, ':'); + if (!sep) + goto fail; + *sep++ = '\0'; + + nlen = os_strlen(sep); + if (nlen > 254) + goto fail; + + url = os_realloc_array(bss->venue_url, bss->venue_url_count + 1, + sizeof(struct hostapd_venue_url)); + if (!url) + goto fail; + + bss->venue_url = url; + url = &bss->venue_url[bss->venue_url_count++]; + + url->venue_number = atoi(pos); + url->url_len = nlen; + os_memcpy(url->url, sep, nlen); + + ret = 0; +fail: + if (ret) + wpa_printf(MSG_ERROR, "Line %d: Invalid venue_url '%s'", + line, pos); + return ret; +} + + static int parse_3gpp_cell_net(struct hostapd_bss_config *bss, char *buf, int line) { @@ -1857,6 +2049,24 @@ static int hs20_parse_osu_nai(struct hostapd_bss_confi } +static int hs20_parse_osu_nai2(struct hostapd_bss_config *bss, + char *pos, int line) +{ + if (bss->last_osu == NULL) { + wpa_printf(MSG_ERROR, "Line %d: Unexpected OSU field", line); + return -1; + } + + os_free(bss->last_osu->osu_nai2); + bss->last_osu->osu_nai2 = os_strdup(pos); + if (bss->last_osu->osu_nai2 == NULL) + return -1; + bss->hs20_osu_providers_nai_count++; + + return 0; +} + + static int hs20_parse_osu_method_list(struct hostapd_bss_config *bss, char *pos, int line) { @@ -1916,6 +2126,25 @@ static int hs20_parse_osu_service_desc(struct hostapd_ return 0; } + +static int hs20_parse_operator_icon(struct hostapd_bss_config *bss, char *pos, + int line) +{ + char **n; + + n = os_realloc_array(bss->hs20_operator_icon, + bss->hs20_operator_icon_count + 1, sizeof(char *)); + if (!n) + return -1; + bss->hs20_operator_icon = n; + bss->hs20_operator_icon[bss->hs20_operator_icon_count] = os_strdup(pos); + if (!bss->hs20_operator_icon[bss->hs20_operator_icon_count]) + return -1; + bss->hs20_operator_icon_count++; + + return 0; +} + #endif /* CONFIG_HS20 */ @@ -1986,6 +2215,118 @@ static int parse_wpabuf_hex(int line, const char *name } +#ifdef CONFIG_FILS +static int parse_fils_realm(struct hostapd_bss_config *bss, const char *val) +{ + struct fils_realm *realm; + size_t len; + + len = os_strlen(val); + realm = os_zalloc(sizeof(*realm) + len + 1); + if (!realm) + return -1; + + os_memcpy(realm->realm, val, len); + if (fils_domain_name_hash(val, realm->hash) < 0) { + os_free(realm); + return -1; + } + dl_list_add_tail(&bss->fils_realms, &realm->list); + + return 0; +} +#endif /* CONFIG_FILS */ + + +#ifdef EAP_SERVER +static unsigned int parse_tls_flags(const char *val) +{ + unsigned int flags = 0; + + /* Disable TLS v1.3 by default for now to avoid interoperability issue. + * This can be enabled by default once the implementation has been fully + * completed and tested with other implementations. */ + flags |= TLS_CONN_DISABLE_TLSv1_3; + + if (os_strstr(val, "[ALLOW-SIGN-RSA-MD5]")) + flags |= TLS_CONN_ALLOW_SIGN_RSA_MD5; + if (os_strstr(val, "[DISABLE-TIME-CHECKS]")) + flags |= TLS_CONN_DISABLE_TIME_CHECKS; + if (os_strstr(val, "[DISABLE-TLSv1.0]")) + flags |= TLS_CONN_DISABLE_TLSv1_0; + if (os_strstr(val, "[DISABLE-TLSv1.1]")) + flags |= TLS_CONN_DISABLE_TLSv1_1; + if (os_strstr(val, "[DISABLE-TLSv1.2]")) + flags |= TLS_CONN_DISABLE_TLSv1_2; + if (os_strstr(val, "[DISABLE-TLSv1.3]")) + flags |= TLS_CONN_DISABLE_TLSv1_3; + if (os_strstr(val, "[ENABLE-TLSv1.3]")) + flags &= ~TLS_CONN_DISABLE_TLSv1_3; + if (os_strstr(val, "[SUITEB]")) + flags |= TLS_CONN_SUITEB; + if (os_strstr(val, "[SUITEB-NO-ECDH]")) + flags |= TLS_CONN_SUITEB_NO_ECDH | TLS_CONN_SUITEB; + + return flags; +} +#endif /* EAP_SERVER */ + + +#ifdef CONFIG_SAE +static int parse_sae_password(struct hostapd_bss_config *bss, const char *val) +{ + struct sae_password_entry *pw; + const char *pos = val, *pos2, *end = NULL; + + pw = os_zalloc(sizeof(*pw)); + if (!pw) + return -1; + os_memset(pw->peer_addr, 0xff, ETH_ALEN); /* default to wildcard */ + + pos2 = os_strstr(pos, "|mac="); + if (pos2) { + end = pos2; + pos2 += 5; + if (hwaddr_aton(pos2, pw->peer_addr) < 0) + goto fail; + pos = pos2 + ETH_ALEN * 3 - 1; + } + + pos2 = os_strstr(pos, "|id="); + if (pos2) { + if (!end) + end = pos2; + pos2 += 4; + pw->identifier = os_strdup(pos2); + if (!pw->identifier) + goto fail; + } + + if (!end) { + pw->password = os_strdup(val); + if (!pw->password) + goto fail; + } else { + pw->password = os_malloc(end - val + 1); + if (!pw->password) + goto fail; + os_memcpy(pw->password, val, end - val); + pw->password[end - val] = '\0'; + } + + pw->next = bss->sae_passwords; + bss->sae_passwords = pw; + + return 0; +fail: + str_clear_free(pw->password); + os_free(pw->identifier); + os_free(pw); + return -1; +} +#endif /* CONFIG_SAE */ + + static int hostapd_config_fill(struct hostapd_config *conf, struct hostapd_bss_config *bss, const char *buf, char *pos, int line) @@ -2001,20 +2342,21 @@ static int hostapd_config_fill(struct hostapd_config * os_strlcpy(bss->wds_bridge, pos, sizeof(bss->wds_bridge)); } else if (os_strcmp(buf, "driver") == 0) { int j; - /* clear to get error below if setting is invalid */ - conf->driver = NULL; + const struct wpa_driver_ops *driver = NULL; + for (j = 0; wpa_drivers[j]; j++) { if (os_strcmp(pos, wpa_drivers[j]->name) == 0) { - conf->driver = wpa_drivers[j]; + driver = wpa_drivers[j]; break; } } - if (conf->driver == NULL) { + if (!driver) { wpa_printf(MSG_ERROR, "Line %d: invalid/unknown driver '%s'", line, pos); return 1; } + conf->driver = driver; } else if (os_strcmp(buf, "driver_params") == 0) { os_free(conf->driver_params); conf->driver_params = os_strdup(pos); @@ -2058,13 +2400,16 @@ static int hostapd_config_fill(struct hostapd_config * } else if (os_strcmp(buf, "utf8_ssid") == 0) { bss->ssid.utf8_ssid = atoi(pos) > 0; } else if (os_strcmp(buf, "macaddr_acl") == 0) { - bss->macaddr_acl = atoi(pos); - if (bss->macaddr_acl != ACCEPT_UNLESS_DENIED && - bss->macaddr_acl != DENY_UNLESS_ACCEPTED && - bss->macaddr_acl != USE_EXTERNAL_RADIUS_AUTH) { + enum macaddr_acl acl = atoi(pos); + + if (acl != ACCEPT_UNLESS_DENIED && + acl != DENY_UNLESS_ACCEPTED && + acl != USE_EXTERNAL_RADIUS_AUTH) { wpa_printf(MSG_ERROR, "Line %d: unknown macaddr_acl %d", - line, bss->macaddr_acl); + line, acl); + return 1; } + bss->macaddr_acl = acl; } else if (os_strcmp(buf, "accept_mac_file") == 0) { if (hostapd_config_read_maclist(pos, &bss->accept_mac, &bss->num_accept_mac)) { @@ -2091,8 +2436,8 @@ static int hostapd_config_fill(struct hostapd_config * bss->skip_inactivity_poll = atoi(pos); } else if (os_strcmp(buf, "country_code") == 0) { os_memcpy(conf->country, pos, 2); - /* FIX: make this configurable */ - conf->country[2] = ' '; + } else if (os_strcmp(buf, "country3") == 0) { + conf->country[2] = strtol(pos, NULL, 16); } else if (os_strcmp(buf, "ieee80211d") == 0) { conf->ieee80211d = atoi(pos); } else if (os_strcmp(buf, "ieee80211h") == 0) { @@ -2100,13 +2445,15 @@ static int hostapd_config_fill(struct hostapd_config * } else if (os_strcmp(buf, "ieee8021x") == 0) { bss->ieee802_1x = atoi(pos); } else if (os_strcmp(buf, "eapol_version") == 0) { - bss->eapol_version = atoi(pos); - if (bss->eapol_version < 1 || bss->eapol_version > 2) { + int eapol_version = atoi(pos); + + if (eapol_version < 1 || eapol_version > 2) { wpa_printf(MSG_ERROR, "Line %d: invalid EAPOL version (%d): '%s'.", - line, bss->eapol_version, pos); + line, eapol_version, pos); return 1; } + bss->eapol_version = eapol_version; wpa_printf(MSG_DEBUG, "eapol_version=%d", bss->eapol_version); #ifdef EAP_SERVER } else if (os_strcmp(buf, "eap_authenticator") == 0) { @@ -2133,6 +2480,8 @@ static int hostapd_config_fill(struct hostapd_config * bss->check_crl = atoi(pos); } else if (os_strcmp(buf, "tls_session_lifetime") == 0) { bss->tls_session_lifetime = atoi(pos); + } else if (os_strcmp(buf, "tls_flags") == 0) { + bss->tls_flags = parse_tls_flags(pos); } else if (os_strcmp(buf, "ocsp_stapling_response") == 0) { os_free(bss->ocsp_stapling_response); bss->ocsp_stapling_response = os_strdup(pos); @@ -2207,8 +2556,10 @@ static int hostapd_config_fill(struct hostapd_config * } else if (os_strcmp(buf, "pwd_group") == 0) { bss->pwd_group = atoi(pos); #endif /* EAP_SERVER_PWD */ +#ifdef CONFIG_ERP } else if (os_strcmp(buf, "eap_server_erp") == 0) { bss->eap_server_erp = atoi(pos); +#endif /* CONFIG_ERP */ #endif /* EAP_SERVER */ } else if (os_strcmp(buf, "eap_message") == 0) { char *term; @@ -2234,24 +2585,25 @@ static int hostapd_config_fill(struct hostapd_config * os_free(bss->erp_domain); bss->erp_domain = os_strdup(pos); } else if (os_strcmp(buf, "wep_key_len_broadcast") == 0) { - bss->default_wep_key_len = atoi(pos); - if (bss->default_wep_key_len > 13) { - wpa_printf(MSG_ERROR, "Line %d: invalid WEP key len %lu (= %lu bits)", - line, - (unsigned long) bss->default_wep_key_len, - (unsigned long) - bss->default_wep_key_len * 8); + int val = atoi(pos); + + if (val < 0 || val > 13) { + wpa_printf(MSG_ERROR, + "Line %d: invalid WEP key len %d (= %d bits)", + line, val, val * 8); return 1; } + bss->default_wep_key_len = val; } else if (os_strcmp(buf, "wep_key_len_unicast") == 0) { - bss->individual_wep_key_len = atoi(pos); - if (bss->individual_wep_key_len < 0 || - bss->individual_wep_key_len > 13) { - wpa_printf(MSG_ERROR, "Line %d: invalid WEP key len %d (= %d bits)", - line, bss->individual_wep_key_len, - bss->individual_wep_key_len * 8); + int val = atoi(pos); + + if (val < 0 || val > 13) { + wpa_printf(MSG_ERROR, + "Line %d: invalid WEP key len %d (= %d bits)", + line, val, val * 8); return 1; } + bss->individual_wep_key_len = val; } else if (os_strcmp(buf, "wep_rekey_period") == 0) { bss->wep_rekeying_period = atoi(pos); if (bss->wep_rekeying_period < 0) { @@ -2433,12 +2785,37 @@ static int hostapd_config_fill(struct hostapd_config * bss->wpa = atoi(pos); } else if (os_strcmp(buf, "wpa_group_rekey") == 0) { bss->wpa_group_rekey = atoi(pos); + bss->wpa_group_rekey_set = 1; } else if (os_strcmp(buf, "wpa_strict_rekey") == 0) { bss->wpa_strict_rekey = atoi(pos); } else if (os_strcmp(buf, "wpa_gmk_rekey") == 0) { bss->wpa_gmk_rekey = atoi(pos); } else if (os_strcmp(buf, "wpa_ptk_rekey") == 0) { bss->wpa_ptk_rekey = atoi(pos); + } else if (os_strcmp(buf, "wpa_group_update_count") == 0) { + char *endp; + unsigned long val = strtoul(pos, &endp, 0); + + if (*endp || val < 1 || val > (u32) -1) { + wpa_printf(MSG_ERROR, + "Line %d: Invalid wpa_group_update_count=%lu; allowed range 1..4294967295", + line, val); + return 1; + } + bss->wpa_group_update_count = (u32) val; + } else if (os_strcmp(buf, "wpa_pairwise_update_count") == 0) { + char *endp; *** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201812090645.wB96jnso066329>