Date: Tue, 23 Jul 2024 19:53:24 GMT From: Cy Schubert <cy@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org Subject: git: a90b9d015907 - main - wpa: Import 2.11 Message-ID: <202407231953.46NJrOdw084993@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by cy: URL: https://cgit.FreeBSD.org/src/commit/?id=a90b9d0159070121c221b966469c3e36d912bf82 commit a90b9d0159070121c221b966469c3e36d912bf82 Merge: dcfa6669a33f 6377230b3cf4 Author: Cy Schubert <cy@FreeBSD.org> AuthorDate: 2024-07-21 18:59:44 +0000 Commit: Cy Schubert <cy@FreeBSD.org> CommitDate: 2024-07-23 19:49:40 +0000 wpa: Import 2.11 Following is a changelog of new features and fixes to wpa: hostapd: * Wi-Fi Easy Connect - add support for DPP release 3 - allow Configurator parameters to be provided during config exchange * HE/IEEE 802.11ax/Wi-Fi 6 - various fixes * EHT/IEEE 802.11be/Wi-Fi 7 - add preliminary support * SAE: add support for fetching the password from a RADIUS server * support OpenSSL 3.0 API changes * support background radar detection and CAC with some additional drivers * support RADIUS ACL/PSK check during 4-way handshake (wpa_psk_radius=3) * EAP-SIM/AKA: support IMSI privacy * improve 4-way handshake operations - use Secure=1 in message 3 during PTK rekeying * OCV: do not check Frequency Segment 1 Channel Number for 160 MHz cases to avoid interoperability issues * support new SAE AKM suites with variable length keys * support new AKM for 802.1X/EAP with SHA384 * extend PASN support for secure ranging * FT: Use SHA256 to derive PMKID for AKM 00-0F-AC:3 (FT-EAP) - this is based on additional details being added in the IEEE 802.11 standard - the new implementation is not backwards compatible * improved ACS to cover additional channel types/bandwidths * extended Multiple BSSID support * fix beacon protection with FT protocol (incorrect BIGTK was provided) * support unsynchronized service discovery (USD) * add preliminary support for RADIUS/TLS * add support for explicit SSID protection in 4-way handshake (a mitigation for CVE-2023-52424; disabled by default for now, can be enabled with ssid_protection=1) * fix SAE H2E rejected groups validation to avoid downgrade attacks * use stricter validation for some RADIUS messages * a large number of other fixes, cleanup, and extensions wpa_supplicant: * Wi-Fi Easy Connect - add support for DPP release 3 - allow Configurator parameters to be provided during config exchange * MACsec - add support for GCM-AES-256 cipher suite - remove incorrect EAP Session-Id length constraint - add hardware offload support for additional drivers * HE/IEEE 802.11ax/Wi-Fi 6 - support BSS color updates - various fixes * EHT/IEEE 802.11be/Wi-Fi 7 - add preliminary support * support OpenSSL 3.0 API changes * improve EAP-TLS support for TLSv1.3 * EAP-SIM/AKA: support IMSI privacy * improve mitigation against DoS attacks when PMF is used * improve 4-way handshake operations - discard unencrypted EAPOL frames in additional cases - use Secure=1 in message 2 during PTK rekeying * OCV: do not check Frequency Segment 1 Channel Number for 160 MHz cases to avoid interoperability issues * support new SAE AKM suites with variable length keys * support new AKM for 802.1X/EAP with SHA384 * improve cross-AKM roaming with driver-based SME/BSS selection * PASN - extend support for secure ranging - allow PASN implementation to be used with external programs for Wi-Fi Aware * FT: Use SHA256 to derive PMKID for AKM 00-0F-AC:3 (FT-EAP) - this is based on additional details being added in the IEEE 802.11 standard - the new implementation is not backwards compatible, but PMKSA caching with FT-EAP was, and still is, disabled by default * support a pregenerated MAC (mac_addr=3) as an alternative mechanism for using per-network random MAC addresses * EAP-PEAP: require Phase 2 authentication by default (phase2_auth=1) to improve security for still unfortunately common invalid configurations that do not set ca_cert * extend SCS support for QoS Characteristics * extend MSCS support * support unsynchronized service discovery (USD) * add support for explicit SSID protection in 4-way handshake (a mitigation for CVE-2023-52424; disabled by default for now, can be enabled with ssid_protection=1) - in addition, verify SSID after key setup when beacon protection is used * fix SAE H2E rejected groups validation to avoid downgrade attacks * a large number of other fixes, cleanup, and extensions MFC after: 2 months Merge commit '6377230b3cf4f238dcd0dc2d76ff25943d3040e5' contrib/wpa/CONTRIBUTIONS | 2 +- contrib/wpa/README | 2 +- contrib/wpa/hostapd/Android.mk | 28 +- contrib/wpa/hostapd/ChangeLog | 37 + contrib/wpa/hostapd/Makefile | 30 +- contrib/wpa/hostapd/README | 2 +- contrib/wpa/hostapd/android.config | 6 + contrib/wpa/hostapd/config_file.c | 481 +- contrib/wpa/hostapd/config_file.h | 7 +- contrib/wpa/hostapd/ctrl_iface.c | 1460 +++-- contrib/wpa/hostapd/defconfig | 21 +- contrib/wpa/hostapd/hostapd.conf | 356 +- contrib/wpa/hostapd/hostapd.eap_user | 4 +- contrib/wpa/hostapd/hostapd_cli.c | 217 +- contrib/wpa/hostapd/logwatch/hostapd | 65 - contrib/wpa/hostapd/main.c | 142 +- contrib/wpa/hs20/client/Android.mk | 10 + contrib/wpa/hs20/client/est.c | 37 +- contrib/wpa/hs20/client/osu_client.c | 115 +- contrib/wpa/hs20/client/spp_client.c | 1 - contrib/wpa/src/Makefile | 2 +- contrib/wpa/src/ap/acs.c | 568 +- contrib/wpa/src/ap/acs.h | 3 + contrib/wpa/src/ap/airtime_policy.c | 2 +- contrib/wpa/src/ap/ap_config.c | 205 +- contrib/wpa/src/ap/ap_config.h | 226 +- contrib/wpa/src/ap/ap_drv_ops.c | 359 +- contrib/wpa/src/ap/ap_drv_ops.h | 84 +- contrib/wpa/src/ap/ap_list.c | 6 +- contrib/wpa/src/ap/ap_mlme.c | 4 +- contrib/wpa/src/ap/authsrv.c | 94 + contrib/wpa/src/ap/beacon.c | 1212 +++- contrib/wpa/src/ap/beacon.h | 4 + contrib/wpa/src/ap/bss_load.c | 2 +- contrib/wpa/src/ap/comeback_token.c | 139 + contrib/wpa/src/ap/comeback_token.h | 21 + contrib/wpa/src/ap/ctrl_iface_ap.c | 599 +- contrib/wpa/src/ap/ctrl_iface_ap.h | 17 + contrib/wpa/src/ap/dfs.c | 608 +- contrib/wpa/src/ap/dpp_hostapd.c | 1417 ++++- contrib/wpa/src/ap/dpp_hostapd.h | 5 + contrib/wpa/src/ap/drv_callbacks.c | 881 ++- contrib/wpa/src/ap/fils_hlp.c | 10 +- contrib/wpa/src/ap/gas_query_ap.c | 10 +- contrib/wpa/src/ap/gas_serv.c | 11 +- contrib/wpa/src/ap/gas_serv.h | 2 +- contrib/wpa/src/ap/hostapd.c | 1441 ++++- contrib/wpa/src/ap/hostapd.h | 169 +- contrib/wpa/src/ap/hw_features.c | 233 +- contrib/wpa/src/ap/hw_features.h | 12 + contrib/wpa/src/ap/ieee802_11.c | 4030 ++++++++----- contrib/wpa/src/ap/ieee802_11.h | 83 +- contrib/wpa/src/ap/ieee802_11_auth.c | 162 +- contrib/wpa/src/ap/ieee802_11_auth.h | 5 +- contrib/wpa/src/ap/ieee802_11_eht.c | 1405 +++++ contrib/wpa/src/ap/ieee802_11_he.c | 87 +- contrib/wpa/src/ap/ieee802_11_ht.c | 5 +- contrib/wpa/src/ap/ieee802_11_shared.c | 215 +- contrib/wpa/src/ap/ieee802_11_vht.c | 32 +- contrib/wpa/src/ap/ieee802_1x.c | 233 +- contrib/wpa/src/ap/ieee802_1x.h | 2 +- contrib/wpa/src/ap/nan_usd_ap.c | 267 + contrib/wpa/src/ap/nan_usd_ap.h | 46 + contrib/wpa/src/ap/ndisc_snoop.c | 1 + contrib/wpa/src/ap/neighbor_db.c | 74 +- contrib/wpa/src/ap/neighbor_db.h | 1 + contrib/wpa/src/ap/pmksa_cache_auth.c | 32 +- contrib/wpa/src/ap/pmksa_cache_auth.h | 4 + contrib/wpa/src/ap/preauth_auth.c | 4 +- contrib/wpa/src/ap/rrm.c | 121 + contrib/wpa/src/ap/rrm.h | 2 + contrib/wpa/src/ap/sta_info.c | 469 +- contrib/wpa/src/ap/sta_info.h | 96 +- contrib/wpa/src/ap/utils.c | 14 +- contrib/wpa/src/ap/wmm.c | 7 - contrib/wpa/src/ap/wnm_ap.c | 216 +- contrib/wpa/src/ap/wpa_auth.c | 2459 ++++++-- contrib/wpa/src/ap/wpa_auth.h | 103 +- contrib/wpa/src/ap/wpa_auth_ft.c | 615 +- contrib/wpa/src/ap/wpa_auth_glue.c | 269 +- contrib/wpa/src/ap/wpa_auth_i.h | 47 +- contrib/wpa/src/ap/wpa_auth_ie.c | 95 +- contrib/wpa/src/ap/wpa_auth_kay.c | 45 +- contrib/wpa/src/ap/wps_hostapd.c | 5 +- contrib/wpa/src/ap/x_snoop.c | 5 + contrib/wpa/src/build.rules | 2 +- contrib/wpa/src/common/brcm_vendor.h | 8 +- contrib/wpa/src/common/common_module_tests.c | 2 +- contrib/wpa/src/common/defs.h | 67 +- contrib/wpa/src/common/dpp.c | 883 ++- contrib/wpa/src/common/dpp.h | 132 +- contrib/wpa/src/common/dpp_crypto.c | 239 +- contrib/wpa/src/common/dpp_i.h | 19 +- contrib/wpa/src/common/dpp_pkex.c | 59 +- contrib/wpa/src/common/dpp_reconfig.c | 18 +- contrib/wpa/src/common/dpp_tcp.c | 916 ++- contrib/wpa/src/common/dragonfly.c | 9 +- contrib/wpa/src/common/gas_server.c | 79 +- contrib/wpa/src/common/gas_server.h | 5 +- contrib/wpa/src/common/hw_features_common.c | 303 +- contrib/wpa/src/common/hw_features_common.h | 12 +- contrib/wpa/src/common/ieee802_11_common.c | 1090 +++- contrib/wpa/src/common/ieee802_11_common.h | 89 +- contrib/wpa/src/common/ieee802_11_defs.h | 722 ++- contrib/wpa/src/common/nan.h | 98 + contrib/wpa/src/common/nan_de.c | 1395 +++++ contrib/wpa/src/common/nan_de.h | 145 + contrib/wpa/src/common/ocv.c | 5 +- contrib/wpa/src/common/ptksa_cache.c | 74 +- contrib/wpa/src/common/ptksa_cache.h | 47 +- contrib/wpa/src/common/qca-vendor.h | 6323 +++++++++++++++++++- contrib/wpa/src/common/sae.c | 139 +- contrib/wpa/src/common/sae.h | 14 +- contrib/wpa/src/common/version.h | 2 +- contrib/wpa/src/common/wpa_common.c | 995 ++- contrib/wpa/src/common/wpa_common.h | 134 +- contrib/wpa/src/common/wpa_ctrl.c | 16 +- contrib/wpa/src/common/wpa_ctrl.h | 36 + contrib/wpa/src/crypto/crypto.h | 117 +- contrib/wpa/src/crypto/crypto_gnutls.c | 5 + contrib/wpa/src/crypto/crypto_internal.c | 5 + contrib/wpa/src/crypto/crypto_libtomcrypt.c | 5 + contrib/wpa/src/crypto/crypto_linux.c | 5 + contrib/wpa/src/crypto/crypto_module_tests.c | 281 + contrib/wpa/src/crypto/crypto_nettle.c | 5 + contrib/wpa/src/crypto/crypto_none.c | 5 + contrib/wpa/src/crypto/crypto_openssl.c | 2622 +++++++- contrib/wpa/src/crypto/crypto_wolfssl.c | 2043 ++++++- contrib/wpa/src/crypto/fips_prf_internal.c | 11 +- contrib/wpa/src/crypto/fips_prf_openssl.c | 15 + contrib/wpa/src/crypto/sha1-pbkdf2.c | 3 + contrib/wpa/src/crypto/sha256-internal.c | 3 - contrib/wpa/src/crypto/sha256.c | 21 +- contrib/wpa/src/crypto/sha384.c | 6 +- contrib/wpa/src/crypto/sha512-internal.c | 3 - contrib/wpa/src/crypto/sha512.c | 6 +- contrib/wpa/src/crypto/tls.h | 18 +- contrib/wpa/src/crypto/tls_gnutls.c | 1 + contrib/wpa/src/crypto/tls_internal.c | 11 +- contrib/wpa/src/crypto/tls_none.c | 1 + contrib/wpa/src/crypto/tls_openssl.c | 564 +- contrib/wpa/src/crypto/tls_openssl_ocsp.c | 26 +- contrib/wpa/src/crypto/tls_wolfssl.c | 284 +- contrib/wpa/src/drivers/driver.h | 964 ++- contrib/wpa/src/drivers/driver_atheros.c | 31 +- contrib/wpa/src/drivers/driver_bsd.c | 16 +- contrib/wpa/src/drivers/driver_common.c | 44 + contrib/wpa/src/drivers/driver_hostap.c | 20 +- contrib/wpa/src/drivers/driver_macsec_linux.c | 76 +- contrib/wpa/src/drivers/driver_macsec_qca.c | 4 +- contrib/wpa/src/drivers/driver_ndis.c | 8 +- contrib/wpa/src/drivers/driver_nl80211.c | 3443 ++++++++--- contrib/wpa/src/drivers/driver_nl80211.h | 113 +- contrib/wpa/src/drivers/driver_nl80211_capa.c | 354 +- contrib/wpa/src/drivers/driver_nl80211_event.c | 1291 +++- contrib/wpa/src/drivers/driver_nl80211_scan.c | 127 +- contrib/wpa/src/drivers/driver_roboswitch.c | 2 +- contrib/wpa/src/drivers/driver_wext.c | 11 +- contrib/wpa/src/drivers/driver_wired.c | 2 +- contrib/wpa/src/drivers/linux_ioctl.c | 11 +- contrib/wpa/src/drivers/ndis_events.c | 5 +- contrib/wpa/src/drivers/netlink.c | 6 +- contrib/wpa/src/drivers/nl80211_copy.h | 626 +- contrib/wpa/src/eap_common/eap_defs.h | 2 +- contrib/wpa/src/eap_common/eap_pwd_common.c | 23 +- contrib/wpa/src/eap_common/eap_sake_common.c | 19 +- contrib/wpa/src/eap_peer/eap.c | 44 + contrib/wpa/src/eap_peer/eap_aka.c | 198 +- contrib/wpa/src/eap_peer/eap_config.h | 46 +- contrib/wpa/src/eap_peer/eap_fast.c | 14 +- contrib/wpa/src/eap_peer/eap_i.h | 9 + contrib/wpa/src/eap_peer/eap_mschapv2.c | 30 +- contrib/wpa/src/eap_peer/eap_peap.c | 40 +- contrib/wpa/src/eap_peer/eap_pwd.c | 33 +- contrib/wpa/src/eap_peer/eap_sim.c | 202 +- contrib/wpa/src/eap_peer/eap_teap.c | 61 +- contrib/wpa/src/eap_peer/eap_tls.c | 15 +- contrib/wpa/src/eap_peer/eap_tls_common.c | 27 +- contrib/wpa/src/eap_peer/eap_tls_common.h | 5 + contrib/wpa/src/eap_peer/eap_ttls.c | 32 +- contrib/wpa/src/eap_peer/eap_wsc.c | 14 +- contrib/wpa/src/eap_server/eap.h | 12 + contrib/wpa/src/eap_server/eap_i.h | 7 + contrib/wpa/src/eap_server/eap_server_aka.c | 126 +- contrib/wpa/src/eap_server/eap_server_eke.c | 1 + contrib/wpa/src/eap_server/eap_server_fast.c | 14 +- contrib/wpa/src/eap_server/eap_server_mschapv2.c | 28 +- contrib/wpa/src/eap_server/eap_server_peap.c | 18 + contrib/wpa/src/eap_server/eap_server_pwd.c | 33 +- contrib/wpa/src/eap_server/eap_server_sim.c | 133 +- contrib/wpa/src/eap_server/eap_server_teap.c | 39 +- contrib/wpa/src/eap_server/eap_server_tls.c | 10 +- contrib/wpa/src/eap_server/eap_server_tls_common.c | 18 +- contrib/wpa/src/eap_server/eap_server_ttls.c | 3 +- contrib/wpa/src/eap_server/eap_tls_common.h | 2 + contrib/wpa/src/eapol_auth/eapol_auth_sm.c | 26 +- contrib/wpa/src/eapol_auth/eapol_auth_sm.h | 5 +- contrib/wpa/src/eapol_auth/eapol_auth_sm_i.h | 4 + contrib/wpa/src/eapol_supp/eapol_supp_sm.c | 17 +- contrib/wpa/src/eapol_supp/eapol_supp_sm.h | 18 +- contrib/wpa/src/fst/fst_group.c | 12 +- contrib/wpa/src/fst/fst_iface.c | 2 +- contrib/wpa/src/fst/fst_session.c | 6 +- contrib/wpa/src/l2_packet/l2_packet_freebsd.c | 9 +- contrib/wpa/src/l2_packet/l2_packet_linux.c | 4 +- contrib/wpa/src/p2p/p2p.c | 123 +- contrib/wpa/src/p2p/p2p.h | 12 +- contrib/wpa/src/p2p/p2p_build.c | 20 +- contrib/wpa/src/p2p/p2p_dev_disc.c | 10 +- contrib/wpa/src/p2p/p2p_go_neg.c | 121 +- contrib/wpa/src/p2p/p2p_group.c | 14 +- contrib/wpa/src/p2p/p2p_i.h | 19 +- contrib/wpa/src/p2p/p2p_invitation.c | 31 +- contrib/wpa/src/p2p/p2p_parse.c | 27 +- contrib/wpa/src/p2p/p2p_pd.c | 43 +- contrib/wpa/src/p2p/p2p_sd.c | 23 +- contrib/wpa/src/p2p/p2p_utils.c | 84 +- contrib/wpa/src/pae/ieee802_1x_cp.c | 15 +- contrib/wpa/src/pae/ieee802_1x_kay.c | 74 +- contrib/wpa/src/pae/ieee802_1x_kay.h | 5 +- contrib/wpa/src/pae/ieee802_1x_secy_ops.c | 20 + contrib/wpa/src/pae/ieee802_1x_secy_ops.h | 1 + contrib/wpa/src/pasn/Makefile | 16 + contrib/wpa/src/pasn/pasn_common.c | 232 + contrib/wpa/src/pasn/pasn_common.h | 228 + contrib/wpa/src/pasn/pasn_initiator.c | 1406 +++++ contrib/wpa/src/pasn/pasn_responder.c | 1032 ++++ contrib/wpa/src/radius/radius.c | 297 +- contrib/wpa/src/radius/radius.h | 35 +- contrib/wpa/src/radius/radius_client.c | 789 ++- contrib/wpa/src/radius/radius_client.h | 27 +- contrib/wpa/src/radius/radius_das.c | 10 + contrib/wpa/src/radius/radius_server.c | 15 + contrib/wpa/src/rsn_supp/pmksa_cache.c | 260 +- contrib/wpa/src/rsn_supp/pmksa_cache.h | 105 +- contrib/wpa/src/rsn_supp/preauth.c | 19 +- contrib/wpa/src/rsn_supp/tdls.c | 332 +- contrib/wpa/src/rsn_supp/wpa.c | 2190 +++++-- contrib/wpa/src/rsn_supp/wpa.h | 88 +- contrib/wpa/src/rsn_supp/wpa_ft.c | 328 +- contrib/wpa/src/rsn_supp/wpa_i.h | 65 +- contrib/wpa/src/rsn_supp/wpa_ie.c | 36 +- contrib/wpa/src/tls/libtommath.c | 8 - contrib/wpa/src/tls/pkcs1.c | 6 +- contrib/wpa/src/tls/tlsv1_client_read.c | 3 +- contrib/wpa/src/tls/tlsv1_common.c | 6 +- contrib/wpa/src/tls/tlsv1_common.h | 3 +- contrib/wpa/src/tls/tlsv1_server_write.c | 2 +- contrib/wpa/src/utils/browser.c | 10 + contrib/wpa/src/utils/common.c | 15 +- contrib/wpa/src/utils/common.h | 38 + contrib/wpa/src/utils/crc32.c | 2 +- contrib/wpa/src/utils/crc32.h | 2 +- contrib/wpa/src/utils/http-utils.h | 1 + contrib/wpa/src/utils/http_curl.c | 73 +- contrib/wpa/src/utils/ip_addr.c | 19 + contrib/wpa/src/utils/ip_addr.h | 2 + contrib/wpa/src/utils/os.h | 42 +- contrib/wpa/src/utils/os_unix.c | 195 +- contrib/wpa/src/utils/trace.c | 6 +- contrib/wpa/src/utils/wpa_debug.c | 10 +- contrib/wpa/src/utils/wpa_debug.h | 1 + contrib/wpa/src/utils/wpabuf.h | 6 + contrib/wpa/src/wps/ndef.c | 6 + contrib/wpa/src/wps/wps.c | 5 +- contrib/wpa/src/wps/wps.h | 5 + contrib/wpa/src/wps/wps_attr_parse.c | 13 +- contrib/wpa/src/wps/wps_enrollee.c | 6 +- contrib/wpa/src/wps/wps_er.c | 4 +- contrib/wpa/src/wps/wps_i.h | 1 + contrib/wpa/src/wps/wps_registrar.c | 15 +- contrib/wpa/wpa_supplicant/Android.mk | 228 +- contrib/wpa/wpa_supplicant/ChangeLog | 50 + contrib/wpa/wpa_supplicant/Makefile | 308 +- contrib/wpa/wpa_supplicant/README | 4 +- contrib/wpa/wpa_supplicant/README-HS20 | 33 +- contrib/wpa/wpa_supplicant/README-NAN-USD | 147 + contrib/wpa/wpa_supplicant/README-WPS | 24 +- contrib/wpa/wpa_supplicant/android.config | 15 + contrib/wpa/wpa_supplicant/ap.c | 293 +- contrib/wpa/wpa_supplicant/ap.h | 24 +- contrib/wpa/wpa_supplicant/bgscan.h | 2 +- contrib/wpa/wpa_supplicant/bgscan_learn.c | 10 +- contrib/wpa/wpa_supplicant/bgscan_simple.c | 64 +- contrib/wpa/wpa_supplicant/bss.c | 563 +- contrib/wpa/wpa_supplicant/bss.h | 29 + contrib/wpa/wpa_supplicant/bssid_ignore.c | 30 +- contrib/wpa/wpa_supplicant/config.c | 487 +- contrib/wpa/wpa_supplicant/config.h | 150 +- contrib/wpa/wpa_supplicant/config_file.c | 108 +- contrib/wpa/wpa_supplicant/config_none.c | 3 +- contrib/wpa/wpa_supplicant/config_ssid.h | 114 +- contrib/wpa/wpa_supplicant/config_winreg.c | 5 +- contrib/wpa/wpa_supplicant/ctrl_iface.c | 1707 +++++- contrib/wpa/wpa_supplicant/ctrl_iface.h | 2 + contrib/wpa/wpa_supplicant/ctrl_iface_unix.c | 3 + .../wpa/wpa_supplicant/dbus/dbus_dict_helpers.c | 100 + .../wpa/wpa_supplicant/dbus/dbus_dict_helpers.h | 9 + contrib/wpa/wpa_supplicant/dbus/dbus_new.c | 142 +- contrib/wpa/wpa_supplicant/dbus/dbus_new.h | 24 + .../wpa/wpa_supplicant/dbus/dbus_new_handlers.c | 784 ++- .../wpa/wpa_supplicant/dbus/dbus_new_handlers.h | 7 + .../wpa_supplicant/dbus/dbus_new_handlers_p2p.c | 94 +- contrib/wpa/wpa_supplicant/dbus/dbus_new_helpers.c | 209 +- contrib/wpa/wpa_supplicant/dbus/dbus_new_helpers.h | 5 + .../wpa/wpa_supplicant/dbus/dbus_new_introspect.c | 2 +- contrib/wpa/wpa_supplicant/defconfig | 53 + .../wpa_supplicant/doc/docbook/wpa_supplicant.sgml | 48 +- contrib/wpa/wpa_supplicant/dpp_supplicant.c | 2184 ++++++- contrib/wpa/wpa_supplicant/dpp_supplicant.h | 5 + contrib/wpa/wpa_supplicant/driver_i.h | 124 +- contrib/wpa/wpa_supplicant/eapol_test.c | 146 +- contrib/wpa/wpa_supplicant/events.c | 1741 +++++- contrib/wpa/wpa_supplicant/examples/dpp-nfc.py | 10 +- contrib/wpa/wpa_supplicant/gas_query.c | 56 +- contrib/wpa/wpa_supplicant/hs20_supplicant.c | 17 +- contrib/wpa/wpa_supplicant/ibss_rsn.c | 32 +- contrib/wpa/wpa_supplicant/ibss_rsn.h | 3 +- contrib/wpa/wpa_supplicant/interworking.c | 124 +- contrib/wpa/wpa_supplicant/main.c | 2 + contrib/wpa/wpa_supplicant/mbo.c | 25 +- contrib/wpa/wpa_supplicant/mesh.c | 16 +- contrib/wpa/wpa_supplicant/mesh_mpm.c | 74 +- contrib/wpa/wpa_supplicant/mesh_rsn.c | 27 +- contrib/wpa/wpa_supplicant/nan_usd.c | 513 ++ contrib/wpa/wpa_supplicant/nan_usd.h | 46 + contrib/wpa/wpa_supplicant/notify.c | 103 +- contrib/wpa/wpa_supplicant/notify.h | 14 +- contrib/wpa/wpa_supplicant/offchannel.c | 10 +- contrib/wpa/wpa_supplicant/op_classes.c | 150 +- contrib/wpa/wpa_supplicant/p2p_supplicant.c | 483 +- contrib/wpa/wpa_supplicant/p2p_supplicant.h | 13 +- contrib/wpa/wpa_supplicant/p2p_supplicant_sd.c | 14 +- contrib/wpa/wpa_supplicant/pasn_supplicant.c | 1712 ++---- contrib/wpa/wpa_supplicant/preauth_test.c | 8 +- contrib/wpa/wpa_supplicant/robust_av.c | 341 +- contrib/wpa/wpa_supplicant/rrm.c | 132 +- contrib/wpa/wpa_supplicant/scan.c | 774 ++- contrib/wpa/wpa_supplicant/scan.h | 30 +- contrib/wpa/wpa_supplicant/sme.c | 948 ++- contrib/wpa/wpa_supplicant/sme.h | 14 +- .../systemd/wpa_supplicant-nl80211.service.arg.in | 2 +- .../systemd/wpa_supplicant.service.arg.in | 2 +- contrib/wpa/wpa_supplicant/utils/log2pcap.py | 9 +- contrib/wpa/wpa_supplicant/wmm_ac.c | 6 +- contrib/wpa/wpa_supplicant/wnm_sta.c | 532 +- contrib/wpa/wpa_supplicant/wnm_sta.h | 30 +- contrib/wpa/wpa_supplicant/wpa_cli.c | 144 +- contrib/wpa/wpa_supplicant/wpa_passphrase.c | 25 +- contrib/wpa/wpa_supplicant/wpa_priv.c | 11 +- contrib/wpa/wpa_supplicant/wpa_supplicant.c | 1679 ++++-- contrib/wpa/wpa_supplicant/wpa_supplicant.conf | 109 +- contrib/wpa/wpa_supplicant/wpa_supplicant_i.h | 286 +- .../wpa_supplicant/wpa_supplicant_template.conf | 2 + contrib/wpa/wpa_supplicant/wpas_glue.c | 159 +- contrib/wpa/wpa_supplicant/wpas_glue.h | 2 + contrib/wpa/wpa_supplicant/wpas_kay.c | 53 +- contrib/wpa/wpa_supplicant/wpas_module_tests.c | 3 + contrib/wpa/wpa_supplicant/wps_supplicant.c | 166 +- contrib/wpa/wpa_supplicant/wps_supplicant.h | 13 + share/mk/src.libnames.mk | 4 + usr.sbin/wpa/Makefile.inc | 1 - usr.sbin/wpa/hostapd/Makefile | 3 +- usr.sbin/wpa/src/Makefile | 1 + usr.sbin/wpa/src/pasn/Makefile | 20 + usr.sbin/wpa/wpa_supplicant/Makefile | 2 +- 366 files changed, 66259 insertions(+), 12716 deletions(-) diff --cc contrib/wpa/src/ap/comeback_token.c index 000000000000,8d9f21b1eae0..8d9f21b1eae0 mode 000000,100644..100644 --- a/contrib/wpa/src/ap/comeback_token.c +++ b/contrib/wpa/src/ap/comeback_token.c diff --cc contrib/wpa/src/ap/comeback_token.h index 000000000000,d5de9e684b49..d5de9e684b49 mode 000000,100644..100644 --- a/contrib/wpa/src/ap/comeback_token.h +++ b/contrib/wpa/src/ap/comeback_token.h diff --cc contrib/wpa/src/ap/hostapd.c index a5cabc01f163,a05de030d91f..6ecf6ca7834e --- a/contrib/wpa/src/ap/hostapd.c +++ b/contrib/wpa/src/ap/hostapd.c @@@ -1697,21 -2142,8 +2142,22 @@@ static void hostapd_set_6ghz_sec_chan(s static int setup_interface2(struct hostapd_iface *iface) { iface->wait_channel_update = 0; + iface->is_no_ir = false; +#ifdef __FreeBSD + /* XXX hostapd_get_hw_features() is an inline that always returns -1 + * because MLME will not build under FreeBSD due to its use of + * Linux definitions. Normally FreeBSD would uncondionally execute the + * "Not all drivers support..." block. Instead we #ifdef out the entire + * block of code instead of maintaining the fallacy that + * hostapd_get_hw_features() returns anything meaninful. + * + * Ideally WANT_AP_MLME should be taught about FreeBSD data structures + * and defintions. Instead we do this to enable channel selection in + * hostapd.conf. + */ + iface->freq = iface->conf->channel; +#else if (hostapd_get_hw_features(iface)) { /* Not all drivers support this yet, so continue without hw * feature data. */ diff --cc contrib/wpa/src/ap/ieee802_11_eht.c index 000000000000,b935ee889a89..b935ee889a89 mode 000000,100644..100644 --- a/contrib/wpa/src/ap/ieee802_11_eht.c +++ b/contrib/wpa/src/ap/ieee802_11_eht.c diff --cc contrib/wpa/src/ap/nan_usd_ap.c index 000000000000,52a967a4ec41..52a967a4ec41 mode 000000,100644..100644 --- a/contrib/wpa/src/ap/nan_usd_ap.c +++ b/contrib/wpa/src/ap/nan_usd_ap.c diff --cc contrib/wpa/src/ap/nan_usd_ap.h index 000000000000,58ff5fc4808b..58ff5fc4808b mode 000000,100644..100644 --- a/contrib/wpa/src/ap/nan_usd_ap.h +++ b/contrib/wpa/src/ap/nan_usd_ap.h diff --cc contrib/wpa/src/common/nan.h index 000000000000,19ab7468711e..19ab7468711e mode 000000,100644..100644 --- a/contrib/wpa/src/common/nan.h +++ b/contrib/wpa/src/common/nan.h diff --cc contrib/wpa/src/common/nan_de.c index 000000000000,12fad3112bdc..12fad3112bdc mode 000000,100644..100644 --- a/contrib/wpa/src/common/nan_de.c +++ b/contrib/wpa/src/common/nan_de.c diff --cc contrib/wpa/src/common/nan_de.h index 000000000000,62235064b075..62235064b075 mode 000000,100644..100644 --- a/contrib/wpa/src/common/nan_de.h +++ b/contrib/wpa/src/common/nan_de.h diff --cc contrib/wpa/src/l2_packet/l2_packet_freebsd.c index 156a09a32a84,481c8ca4d5d6..504456360e4b --- a/contrib/wpa/src/l2_packet/l2_packet_freebsd.c +++ b/contrib/wpa/src/l2_packet/l2_packet_freebsd.c @@@ -96,12 -94,14 +99,14 @@@ static void l2_packet_receive(int sock ethhdr = (struct l2_ethhdr *) packet; if (l2->l2_hdr) { buf = (unsigned char *) ethhdr; - len = hdr.caplen; + len = hdr->caplen; } else { buf = (unsigned char *) (ethhdr + 1); - len = hdr.caplen - sizeof(*ethhdr); + len = hdr->caplen - sizeof(*ethhdr); - /* handle 8021Q encapsulated frames */ - if (ethhdr->h_proto == htons(ETH_P_8021Q)) { + + /* Handle IEEE 802.1Q encapsulated frames */ + if (len >= ETHER_VLAN_ENCAP_LEN && + ethhdr->h_proto == htons(ETH_P_8021Q)) { buf += ETHER_VLAN_ENCAP_LEN; len -= ETHER_VLAN_ENCAP_LEN; } diff --cc contrib/wpa/src/pasn/Makefile index 000000000000,a5b2c6b3f672..a5b2c6b3f672 mode 000000,100644..100644 --- a/contrib/wpa/src/pasn/Makefile +++ b/contrib/wpa/src/pasn/Makefile diff --cc contrib/wpa/src/pasn/pasn_common.c index 000000000000,e2c668136300..e2c668136300 mode 000000,100644..100644 --- a/contrib/wpa/src/pasn/pasn_common.c +++ b/contrib/wpa/src/pasn/pasn_common.c diff --cc contrib/wpa/src/pasn/pasn_common.h index 000000000000,36710c2b70e9..36710c2b70e9 mode 000000,100644..100644 --- a/contrib/wpa/src/pasn/pasn_common.h +++ b/contrib/wpa/src/pasn/pasn_common.h diff --cc contrib/wpa/src/pasn/pasn_initiator.c index 000000000000,d273067b7078..d273067b7078 mode 000000,100644..100644 --- a/contrib/wpa/src/pasn/pasn_initiator.c +++ b/contrib/wpa/src/pasn/pasn_initiator.c diff --cc contrib/wpa/src/pasn/pasn_responder.c index 000000000000,b99136492fa6..b99136492fa6 mode 000000,100644..100644 --- a/contrib/wpa/src/pasn/pasn_responder.c +++ b/contrib/wpa/src/pasn/pasn_responder.c diff --cc contrib/wpa/wpa_supplicant/README-NAN-USD index 000000000000,72c379fc976a..72c379fc976a mode 000000,100644..100644 --- a/contrib/wpa/wpa_supplicant/README-NAN-USD +++ b/contrib/wpa/wpa_supplicant/README-NAN-USD diff --cc contrib/wpa/wpa_supplicant/main.c index 7ab3a60442a5,000000000000..e13abc407a93 mode 100644,000000..100644 --- a/contrib/wpa/wpa_supplicant/main.c +++ b/contrib/wpa/wpa_supplicant/main.c @@@ -1,408 -1,0 +1,410 @@@ +/* + * WPA Supplicant / main() function for UNIX like OSes and MinGW + * Copyright (c) 2003-2013, Jouni Malinen <j@w1.fi> + * + * This software may be distributed under the terms of the BSD license. + * See README for more details. + */ + +#include "includes.h" +#ifdef __linux__ +#include <fcntl.h> +#endif /* __linux__ */ + +#include "common.h" ++#include "crypto/crypto.h" +#include "fst/fst.h" +#include "wpa_supplicant_i.h" +#include "driver_i.h" +#include "p2p_supplicant.h" + + +static void usage(void) +{ + int i; + printf("%s\n\n%s\n" + "usage:\n" + " wpa_supplicant [-BddhKLqq" +#ifdef CONFIG_DEBUG_SYSLOG + "s" +#endif /* CONFIG_DEBUG_SYSLOG */ + "t" +#ifdef CONFIG_CTRL_IFACE_DBUS_NEW + "u" +#endif /* CONFIG_CTRL_IFACE_DBUS_NEW */ + "vW] [-P<pid file>] " + "[-g<global ctrl>] \\\n" + " [-G<group>] \\\n" + " -i<ifname> -c<config file> [-C<ctrl>] [-D<driver>] " + "[-p<driver_param>] \\\n" + " [-b<br_ifname>] [-e<entropy file>]" +#ifdef CONFIG_DEBUG_FILE + " [-f<debug file>]" +#endif /* CONFIG_DEBUG_FILE */ + " \\\n" + " [-o<override driver>] [-O<override ctrl>] \\\n" + " [-N -i<ifname> -c<conf> [-C<ctrl>] " + "[-D<driver>] \\\n" +#ifdef CONFIG_P2P + " [-m<P2P Device config file>] \\\n" +#endif /* CONFIG_P2P */ + " [-p<driver_param>] [-b<br_ifname>] [-I<config file>] " + "...]\n" + "\n" + "drivers:\n", + wpa_supplicant_version, wpa_supplicant_license); + + for (i = 0; wpa_drivers[i]; i++) { + printf(" %s = %s\n", + wpa_drivers[i]->name, + wpa_drivers[i]->desc); + } + +#ifndef CONFIG_NO_STDOUT_DEBUG + printf("options:\n" + " -b = optional bridge interface name\n" + " -B = run daemon in the background\n" + " -c = Configuration file\n" + " -C = ctrl_interface parameter (only used if -c is not)\n" + " -d = increase debugging verbosity (-dd even more)\n" + " -D = driver name (can be multiple drivers: bsd,wired)\n" + " -e = entropy file\n" +#ifdef CONFIG_DEBUG_FILE + " -f = log output to debug file instead of stdout\n" +#endif /* CONFIG_DEBUG_FILE */ + " -g = global ctrl_interface\n" + " -G = global ctrl_interface group\n" + " -h = show this help text\n" + " -i = interface name\n" + " -I = additional configuration file\n" + " -K = include keys (passwords, etc.) in debug output\n" + " -L = show license (BSD)\n" +#ifdef CONFIG_P2P + " -m = Configuration file for the P2P Device interface\n" +#endif /* CONFIG_P2P */ +#ifdef CONFIG_MATCH_IFACE + " -M = start describing new matching interface\n" +#endif /* CONFIG_MATCH_IFACE */ + " -N = start describing new interface\n" + " -o = override driver parameter for new interfaces\n" + " -O = override ctrl_interface parameter for new interfaces\n" + " -p = driver parameters\n" + " -P = PID file\n" + " -q = decrease debugging verbosity (-qq even less)\n" +#ifdef CONFIG_DEBUG_SYSLOG + " -s = log output to syslog instead of stdout\n" +#endif /* CONFIG_DEBUG_SYSLOG */ + " -t = include timestamp in debug messages\n" +#ifdef CONFIG_DEBUG_LINUX_TRACING + " -T = record to Linux tracing in addition to logging\n" + " (records all messages regardless of debug verbosity)\n" +#endif /* CONFIG_DEBUG_LINUX_TRACING */ +#ifdef CONFIG_CTRL_IFACE_DBUS_NEW + " -u = enable DBus control interface\n" +#endif /* CONFIG_CTRL_IFACE_DBUS_NEW */ + " -v = show version\n" + " -W = wait for a control interface monitor before starting\n"); + + printf("example:\n" + " wpa_supplicant -Dbsd -iwlan0 -c/etc/wpa_supplicant.conf\n"); +#endif /* CONFIG_NO_STDOUT_DEBUG */ +} + + +static void license(void) +{ +#ifndef CONFIG_NO_STDOUT_DEBUG + printf("%s\n\n%s%s%s%s%s\n", + wpa_supplicant_version, + wpa_supplicant_full_license1, + wpa_supplicant_full_license2, + wpa_supplicant_full_license3, + wpa_supplicant_full_license4, + wpa_supplicant_full_license5); +#endif /* CONFIG_NO_STDOUT_DEBUG */ +} + + +static void wpa_supplicant_fd_workaround(int start) +{ +#ifdef __linux__ + static int fd[3] = { -1, -1, -1 }; + int i; + /* When started from pcmcia-cs scripts, wpa_supplicant might start with + * fd 0, 1, and 2 closed. This will cause some issues because many + * places in wpa_supplicant are still printing out to stdout. As a + * workaround, make sure that fd's 0, 1, and 2 are not used for other + * sockets. */ + if (start) { + for (i = 0; i < 3; i++) { + fd[i] = open("/dev/null", O_RDWR); + if (fd[i] > 2) { + close(fd[i]); + fd[i] = -1; + break; + } + } + } else { + for (i = 0; i < 3; i++) { + if (fd[i] >= 0) { + close(fd[i]); + fd[i] = -1; + } + } + } +#endif /* __linux__ */ +} + + +#ifdef CONFIG_MATCH_IFACE +static int wpa_supplicant_init_match(struct wpa_global *global) +{ + /* + * The assumption is that the first driver is the primary driver and + * will handle the arrival / departure of interfaces. + */ + if (wpa_drivers[0]->global_init && !global->drv_priv[0]) { + global->drv_priv[0] = wpa_drivers[0]->global_init(global); + if (!global->drv_priv[0]) { + wpa_printf(MSG_ERROR, + "Failed to initialize driver '%s'", + wpa_drivers[0]->name); + return -1; + } + } + + return 0; +} +#endif /* CONFIG_MATCH_IFACE */ + + +int main(int argc, char *argv[]) +{ + int c, i; + struct wpa_interface *ifaces, *iface; + int iface_count, exitcode = -1; + struct wpa_params params; + struct wpa_global *global; + + if (os_program_init()) + return -1; + + os_memset(¶ms, 0, sizeof(params)); + params.wpa_debug_level = MSG_INFO; + + iface = ifaces = os_zalloc(sizeof(struct wpa_interface)); + if (ifaces == NULL) + return -1; + iface_count = 1; + + wpa_supplicant_fd_workaround(1); + + for (;;) { + c = getopt(argc, argv, + "b:Bc:C:D:de:f:g:G:hi:I:KLMm:No:O:p:P:qsTtuvW"); + if (c < 0) + break; + switch (c) { + case 'b': + iface->bridge_ifname = optarg; + break; + case 'B': + params.daemonize++; + break; + case 'c': + iface->confname = optarg; + break; + case 'C': + iface->ctrl_interface = optarg; + break; + case 'D': + iface->driver = optarg; + break; + case 'd': +#ifdef CONFIG_NO_STDOUT_DEBUG + printf("Debugging disabled with " + "CONFIG_NO_STDOUT_DEBUG=y build time " + "option.\n"); + goto out; +#else /* CONFIG_NO_STDOUT_DEBUG */ + params.wpa_debug_level--; + break; +#endif /* CONFIG_NO_STDOUT_DEBUG */ + case 'e': + params.entropy_file = optarg; + break; +#ifdef CONFIG_DEBUG_FILE + case 'f': + params.wpa_debug_file_path = optarg; + break; +#endif /* CONFIG_DEBUG_FILE */ + case 'g': + params.ctrl_interface = optarg; + break; + case 'G': + params.ctrl_interface_group = optarg; + break; + case 'h': + usage(); + exitcode = 0; + goto out; + case 'i': + iface->ifname = optarg; + break; + case 'I': + iface->confanother = optarg; + break; + case 'K': + params.wpa_debug_show_keys++; + break; + case 'L': + license(); + exitcode = 0; + goto out; +#ifdef CONFIG_P2P + case 'm': + params.conf_p2p_dev = optarg; + break; +#endif /* CONFIG_P2P */ + case 'o': + params.override_driver = optarg; + break; + case 'O': + params.override_ctrl_interface = optarg; + break; + case 'p': + iface->driver_param = optarg; + break; + case 'P': + os_free(params.pid_file); + params.pid_file = os_rel2abs_path(optarg); + break; + case 'q': + params.wpa_debug_level++; + break; +#ifdef CONFIG_DEBUG_SYSLOG + case 's': + params.wpa_debug_syslog++; + break; +#endif /* CONFIG_DEBUG_SYSLOG */ +#ifdef CONFIG_DEBUG_LINUX_TRACING + case 'T': + params.wpa_debug_tracing++; + break; +#endif /* CONFIG_DEBUG_LINUX_TRACING */ + case 't': + params.wpa_debug_timestamp++; + break; +#ifdef CONFIG_CTRL_IFACE_DBUS_NEW + case 'u': + params.dbus_ctrl_interface = 1; + break; +#endif /* CONFIG_CTRL_IFACE_DBUS_NEW */ + case 'v': + printf("%s\n", wpa_supplicant_version); + exitcode = 0; + goto out; + case 'W': + params.wait_for_monitor++; + break; +#ifdef CONFIG_MATCH_IFACE + case 'M': + params.match_iface_count++; + iface = os_realloc_array(params.match_ifaces, + params.match_iface_count, + sizeof(struct wpa_interface)); + if (!iface) + goto out; + params.match_ifaces = iface; + iface = ¶ms.match_ifaces[params.match_iface_count - + 1]; + os_memset(iface, 0, sizeof(*iface)); + break; +#endif /* CONFIG_MATCH_IFACE */ + case 'N': + iface_count++; + iface = os_realloc_array(ifaces, iface_count, + sizeof(struct wpa_interface)); + if (iface == NULL) + goto out; + ifaces = iface; + iface = &ifaces[iface_count - 1]; + os_memset(iface, 0, sizeof(*iface)); + break; + default: + usage(); + exitcode = 0; + goto out; + } + } + + exitcode = 0; + global = wpa_supplicant_init(¶ms); + if (global == NULL) { + wpa_printf(MSG_ERROR, "Failed to initialize wpa_supplicant"); + exitcode = -1; + goto out; + } else { + wpa_printf(MSG_INFO, "Successfully initialized " + "wpa_supplicant"); + } + + if (fst_global_init()) { + wpa_printf(MSG_ERROR, "Failed to initialize FST"); + exitcode = -1; + goto out; + } + +#if defined(CONFIG_FST) && defined(CONFIG_CTRL_IFACE) + if (!fst_global_add_ctrl(fst_ctrl_cli)) + wpa_printf(MSG_WARNING, "Failed to add CLI FST ctrl"); +#endif + + for (i = 0; exitcode == 0 && i < iface_count; i++) { + struct wpa_supplicant *wpa_s; + + if ((ifaces[i].confname == NULL && + ifaces[i].ctrl_interface == NULL) || + ifaces[i].ifname == NULL) { + if (iface_count == 1 && (params.ctrl_interface || +#ifdef CONFIG_MATCH_IFACE + params.match_iface_count || +#endif /* CONFIG_MATCH_IFACE */ + params.dbus_ctrl_interface)) + break; + usage(); + exitcode = -1; + break; + } + wpa_s = wpa_supplicant_add_iface(global, &ifaces[i], NULL); + if (wpa_s == NULL) { + exitcode = -1; + break; + } + } + +#ifdef CONFIG_MATCH_IFACE + if (exitcode == 0) *** 1265 LINES SKIPPED ***
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202407231953.46NJrOdw084993>