Date: Tue, 21 Apr 2015 01:45:12 +0000 (UTC) From: Rui Paulo <rpaulo@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r281806 - in head: contrib/wpa contrib/wpa/hostapd contrib/wpa/hs20 contrib/wpa/patches contrib/wpa/src/ap contrib/wpa/src/common contrib/wpa/src/crypto contrib/wpa/src/drivers contrib/... Message-ID: <201504210145.t3L1jCLp063432@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: rpaulo Date: Tue Apr 21 01:45:11 2015 New Revision: 281806 URL: https://svnweb.freebsd.org/changeset/base/281806 Log: Merge wpa_supplicant/hostapd 2.4. Major changes are: SAE, Suite B, RFC 7268, EAP-PKE, ACS, and tons of bug fixes. Relnotes: yes Added: head/contrib/wpa/CONTRIBUTIONS - copied unchanged from r281682, vendor/wpa/dist/CONTRIBUTIONS head/contrib/wpa/hostapd/hapd_module_tests.c - copied unchanged from r281682, vendor/wpa/dist/hostapd/hapd_module_tests.c head/contrib/wpa/hostapd/wps-ap-nfc.py - copied unchanged from r281682, vendor/wpa/dist/hostapd/wps-ap-nfc.py head/contrib/wpa/hs20/ - copied from r281682, vendor/wpa/dist/hs20/ head/contrib/wpa/patches/openssl-0.9.8za-tls-extensions.patch - copied unchanged from r281682, vendor/wpa/dist/patches/openssl-0.9.8za-tls-extensions.patch head/contrib/wpa/src/ap/acs.c - copied unchanged from r281682, vendor/wpa/dist/src/ap/acs.c head/contrib/wpa/src/ap/acs.h - copied unchanged from r281682, vendor/wpa/dist/src/ap/acs.h head/contrib/wpa/src/ap/bss_load.c - copied unchanged from r281682, vendor/wpa/dist/src/ap/bss_load.c head/contrib/wpa/src/ap/bss_load.h - copied unchanged from r281682, vendor/wpa/dist/src/ap/bss_load.h head/contrib/wpa/src/ap/dfs.c - copied unchanged from r281682, vendor/wpa/dist/src/ap/dfs.c head/contrib/wpa/src/ap/dfs.h - copied unchanged from r281682, vendor/wpa/dist/src/ap/dfs.h head/contrib/wpa/src/ap/dhcp_snoop.c - copied unchanged from r281682, vendor/wpa/dist/src/ap/dhcp_snoop.c head/contrib/wpa/src/ap/dhcp_snoop.h - copied unchanged from r281682, vendor/wpa/dist/src/ap/dhcp_snoop.h head/contrib/wpa/src/ap/ndisc_snoop.c - copied unchanged from r281682, vendor/wpa/dist/src/ap/ndisc_snoop.c head/contrib/wpa/src/ap/ndisc_snoop.h - copied unchanged from r281682, vendor/wpa/dist/src/ap/ndisc_snoop.h head/contrib/wpa/src/ap/x_snoop.c - copied unchanged from r281682, vendor/wpa/dist/src/ap/x_snoop.c head/contrib/wpa/src/ap/x_snoop.h - copied unchanged from r281682, vendor/wpa/dist/src/ap/x_snoop.h head/contrib/wpa/src/common/common_module_tests.c - copied unchanged from r281682, vendor/wpa/dist/src/common/common_module_tests.c head/contrib/wpa/src/common/hw_features_common.c - copied unchanged from r281682, vendor/wpa/dist/src/common/hw_features_common.c head/contrib/wpa/src/common/hw_features_common.h - copied unchanged from r281682, vendor/wpa/dist/src/common/hw_features_common.h head/contrib/wpa/src/common/ieee802_1x_defs.h - copied unchanged from r281682, vendor/wpa/dist/src/common/ieee802_1x_defs.h head/contrib/wpa/src/common/qca-vendor-attr.h - copied unchanged from r281682, vendor/wpa/dist/src/common/qca-vendor-attr.h head/contrib/wpa/src/common/qca-vendor.h - copied unchanged from r281682, vendor/wpa/dist/src/common/qca-vendor.h head/contrib/wpa/src/common/sae.c - copied unchanged from r281682, vendor/wpa/dist/src/common/sae.c head/contrib/wpa/src/common/sae.h - copied unchanged from r281682, vendor/wpa/dist/src/common/sae.h head/contrib/wpa/src/common/tnc.h - copied unchanged from r281682, vendor/wpa/dist/src/common/tnc.h head/contrib/wpa/src/common/wpa_helpers.c - copied unchanged from r281682, vendor/wpa/dist/src/common/wpa_helpers.c head/contrib/wpa/src/common/wpa_helpers.h - copied unchanged from r281682, vendor/wpa/dist/src/common/wpa_helpers.h head/contrib/wpa/src/crypto/aes-siv.c - copied unchanged from r281682, vendor/wpa/dist/src/crypto/aes-siv.c head/contrib/wpa/src/crypto/aes_siv.h - copied unchanged from r281682, vendor/wpa/dist/src/crypto/aes_siv.h head/contrib/wpa/src/crypto/crypto_module_tests.c - copied unchanged from r281682, vendor/wpa/dist/src/crypto/crypto_module_tests.c head/contrib/wpa/src/crypto/sha256-kdf.c - copied unchanged from r281682, vendor/wpa/dist/src/crypto/sha256-kdf.c head/contrib/wpa/src/crypto/sha384.h - copied unchanged from r281682, vendor/wpa/dist/src/crypto/sha384.h head/contrib/wpa/src/drivers/driver_macsec_qca.c - copied unchanged from r281682, vendor/wpa/dist/src/drivers/driver_macsec_qca.c head/contrib/wpa/src/drivers/driver_nl80211.h - copied unchanged from r281682, vendor/wpa/dist/src/drivers/driver_nl80211.h head/contrib/wpa/src/drivers/driver_nl80211_android.c - copied unchanged from r281682, vendor/wpa/dist/src/drivers/driver_nl80211_android.c head/contrib/wpa/src/drivers/driver_nl80211_capa.c - copied unchanged from r281682, vendor/wpa/dist/src/drivers/driver_nl80211_capa.c head/contrib/wpa/src/drivers/driver_nl80211_event.c - copied unchanged from r281682, vendor/wpa/dist/src/drivers/driver_nl80211_event.c head/contrib/wpa/src/drivers/driver_nl80211_monitor.c - copied unchanged from r281682, vendor/wpa/dist/src/drivers/driver_nl80211_monitor.c head/contrib/wpa/src/drivers/driver_nl80211_scan.c - copied unchanged from r281682, vendor/wpa/dist/src/drivers/driver_nl80211_scan.c head/contrib/wpa/src/drivers/driver_openbsd.c - copied unchanged from r281682, vendor/wpa/dist/src/drivers/driver_openbsd.c head/contrib/wpa/src/drivers/linux_defines.h - copied unchanged from r281682, vendor/wpa/dist/src/drivers/linux_defines.h head/contrib/wpa/src/eap_common/eap_eke_common.c - copied unchanged from r281682, vendor/wpa/dist/src/eap_common/eap_eke_common.c head/contrib/wpa/src/eap_common/eap_eke_common.h - copied unchanged from r281682, vendor/wpa/dist/src/eap_common/eap_eke_common.h head/contrib/wpa/src/eap_peer/eap_eke.c - copied unchanged from r281682, vendor/wpa/dist/src/eap_peer/eap_eke.c head/contrib/wpa/src/eap_peer/eap_proxy.h - copied unchanged from r281682, vendor/wpa/dist/src/eap_peer/eap_proxy.h head/contrib/wpa/src/eap_peer/eap_proxy_dummy.c - copied unchanged from r281682, vendor/wpa/dist/src/eap_peer/eap_proxy_dummy.c head/contrib/wpa/src/eap_server/eap_server_eke.c - copied unchanged from r281682, vendor/wpa/dist/src/eap_server/eap_server_eke.c head/contrib/wpa/src/pae/ - copied from r281682, vendor/wpa/dist/src/pae/ head/contrib/wpa/src/utils/bitfield.c - copied unchanged from r281682, vendor/wpa/dist/src/utils/bitfield.c head/contrib/wpa/src/utils/bitfield.h - copied unchanged from r281682, vendor/wpa/dist/src/utils/bitfield.h head/contrib/wpa/src/utils/browser-android.c - copied unchanged from r281682, vendor/wpa/dist/src/utils/browser-android.c head/contrib/wpa/src/utils/browser-system.c - copied unchanged from r281682, vendor/wpa/dist/src/utils/browser-system.c head/contrib/wpa/src/utils/browser-wpadebug.c - copied unchanged from r281682, vendor/wpa/dist/src/utils/browser-wpadebug.c head/contrib/wpa/src/utils/browser.c - copied unchanged from r281682, vendor/wpa/dist/src/utils/browser.c head/contrib/wpa/src/utils/browser.h - copied unchanged from r281682, vendor/wpa/dist/src/utils/browser.h head/contrib/wpa/src/utils/http-utils.h - copied unchanged from r281682, vendor/wpa/dist/src/utils/http-utils.h head/contrib/wpa/src/utils/http_curl.c - copied unchanged from r281682, vendor/wpa/dist/src/utils/http_curl.c head/contrib/wpa/src/utils/platform.h - copied unchanged from r281682, vendor/wpa/dist/src/utils/platform.h head/contrib/wpa/src/utils/utils_module_tests.c - copied unchanged from r281682, vendor/wpa/dist/src/utils/utils_module_tests.c head/contrib/wpa/src/utils/xml-utils.c - copied unchanged from r281682, vendor/wpa/dist/src/utils/xml-utils.c head/contrib/wpa/src/utils/xml-utils.h - copied unchanged from r281682, vendor/wpa/dist/src/utils/xml-utils.h head/contrib/wpa/src/utils/xml_libxml2.c - copied unchanged from r281682, vendor/wpa/dist/src/utils/xml_libxml2.c head/contrib/wpa/src/wps/wps_module_tests.c - copied unchanged from r281682, vendor/wpa/dist/src/wps/wps_module_tests.c head/contrib/wpa/wpa_supplicant/eap_proxy_dummy.mak - copied unchanged from r281682, vendor/wpa/dist/wpa_supplicant/eap_proxy_dummy.mak head/contrib/wpa/wpa_supplicant/eap_proxy_dummy.mk - copied unchanged from r281682, vendor/wpa/dist/wpa_supplicant/eap_proxy_dummy.mk head/contrib/wpa/wpa_supplicant/examples/p2p-nfc.py - copied unchanged from r281682, vendor/wpa/dist/wpa_supplicant/examples/p2p-nfc.py head/contrib/wpa/wpa_supplicant/mesh.c - copied unchanged from r281682, vendor/wpa/dist/wpa_supplicant/mesh.c head/contrib/wpa/wpa_supplicant/mesh.h - copied unchanged from r281682, vendor/wpa/dist/wpa_supplicant/mesh.h head/contrib/wpa/wpa_supplicant/mesh_mpm.c - copied unchanged from r281682, vendor/wpa/dist/wpa_supplicant/mesh_mpm.c head/contrib/wpa/wpa_supplicant/mesh_mpm.h - copied unchanged from r281682, vendor/wpa/dist/wpa_supplicant/mesh_mpm.h head/contrib/wpa/wpa_supplicant/mesh_rsn.c - copied unchanged from r281682, vendor/wpa/dist/wpa_supplicant/mesh_rsn.c head/contrib/wpa/wpa_supplicant/mesh_rsn.h - copied unchanged from r281682, vendor/wpa/dist/wpa_supplicant/mesh_rsn.h head/contrib/wpa/wpa_supplicant/wmm_ac.c - copied unchanged from r281682, vendor/wpa/dist/wpa_supplicant/wmm_ac.c head/contrib/wpa/wpa_supplicant/wmm_ac.h - copied unchanged from r281682, vendor/wpa/dist/wpa_supplicant/wmm_ac.h head/contrib/wpa/wpa_supplicant/wpas_kay.c - copied unchanged from r281682, vendor/wpa/dist/wpa_supplicant/wpas_kay.c head/contrib/wpa/wpa_supplicant/wpas_kay.h - copied unchanged from r281682, vendor/wpa/dist/wpa_supplicant/wpas_kay.h head/contrib/wpa/wpa_supplicant/wpas_module_tests.c - copied unchanged from r281682, vendor/wpa/dist/wpa_supplicant/wpas_module_tests.c Deleted: head/contrib/wpa/hostapd/dump_state.c head/contrib/wpa/hostapd/dump_state.h head/contrib/wpa/patches/openssl-0.9.8-tls-extensions.patch head/contrib/wpa/patches/openssl-0.9.8d-tls-extensions.patch head/contrib/wpa/patches/openssl-0.9.8e-tls-extensions.patch head/contrib/wpa/patches/openssl-0.9.8g-tls-extensions.patch head/contrib/wpa/patches/openssl-0.9.8h-tls-extensions.patch head/contrib/wpa/patches/openssl-0.9.8i-tls-extensions.patch head/contrib/wpa/patches/openssl-0.9.8x-tls-extensions.patch head/contrib/wpa/patches/openssl-0.9.9-session-ticket.patch head/contrib/wpa/src/crypto/crypto_nss.c head/contrib/wpa/src/crypto/fips_prf_cryptoapi.c head/contrib/wpa/src/crypto/fips_prf_gnutls.c head/contrib/wpa/src/crypto/fips_prf_nss.c head/contrib/wpa/src/crypto/tls_nss.c head/contrib/wpa/src/utils/eloop_none.c Modified: head/contrib/wpa/COPYING head/contrib/wpa/README head/contrib/wpa/hostapd/ChangeLog head/contrib/wpa/hostapd/README head/contrib/wpa/hostapd/README-WPS head/contrib/wpa/hostapd/config_file.c head/contrib/wpa/hostapd/ctrl_iface.c head/contrib/wpa/hostapd/defconfig head/contrib/wpa/hostapd/eap_register.c head/contrib/wpa/hostapd/hlr_auc_gw.c head/contrib/wpa/hostapd/hostapd.8 head/contrib/wpa/hostapd/hostapd.conf head/contrib/wpa/hostapd/hostapd.eap_user head/contrib/wpa/hostapd/hostapd.eap_user_sqlite head/contrib/wpa/hostapd/hostapd_cli.c head/contrib/wpa/hostapd/main.c head/contrib/wpa/src/ap/accounting.c head/contrib/wpa/src/ap/ap_config.c head/contrib/wpa/src/ap/ap_config.h head/contrib/wpa/src/ap/ap_drv_ops.c head/contrib/wpa/src/ap/ap_drv_ops.h head/contrib/wpa/src/ap/ap_list.c head/contrib/wpa/src/ap/ap_list.h head/contrib/wpa/src/ap/ap_mlme.c head/contrib/wpa/src/ap/authsrv.c head/contrib/wpa/src/ap/beacon.c head/contrib/wpa/src/ap/beacon.h head/contrib/wpa/src/ap/ctrl_iface_ap.c head/contrib/wpa/src/ap/ctrl_iface_ap.h head/contrib/wpa/src/ap/drv_callbacks.c head/contrib/wpa/src/ap/eap_user_db.c head/contrib/wpa/src/ap/gas_serv.c head/contrib/wpa/src/ap/gas_serv.h head/contrib/wpa/src/ap/hostapd.c head/contrib/wpa/src/ap/hostapd.h head/contrib/wpa/src/ap/hs20.c head/contrib/wpa/src/ap/hs20.h head/contrib/wpa/src/ap/hw_features.c head/contrib/wpa/src/ap/hw_features.h head/contrib/wpa/src/ap/iapp.c head/contrib/wpa/src/ap/ieee802_11.c head/contrib/wpa/src/ap/ieee802_11.h head/contrib/wpa/src/ap/ieee802_11_auth.c head/contrib/wpa/src/ap/ieee802_11_ht.c head/contrib/wpa/src/ap/ieee802_11_shared.c head/contrib/wpa/src/ap/ieee802_11_vht.c head/contrib/wpa/src/ap/ieee802_1x.c head/contrib/wpa/src/ap/ieee802_1x.h head/contrib/wpa/src/ap/p2p_hostapd.c head/contrib/wpa/src/ap/peerkey_auth.c head/contrib/wpa/src/ap/pmksa_cache_auth.c head/contrib/wpa/src/ap/pmksa_cache_auth.h head/contrib/wpa/src/ap/sta_info.c head/contrib/wpa/src/ap/sta_info.h head/contrib/wpa/src/ap/tkip_countermeasures.c head/contrib/wpa/src/ap/vlan_init.c head/contrib/wpa/src/ap/vlan_init.h head/contrib/wpa/src/ap/wmm.c head/contrib/wpa/src/ap/wmm.h head/contrib/wpa/src/ap/wnm_ap.c head/contrib/wpa/src/ap/wnm_ap.h head/contrib/wpa/src/ap/wpa_auth.c head/contrib/wpa/src/ap/wpa_auth.h head/contrib/wpa/src/ap/wpa_auth_ft.c head/contrib/wpa/src/ap/wpa_auth_glue.c head/contrib/wpa/src/ap/wpa_auth_i.h head/contrib/wpa/src/ap/wpa_auth_ie.c head/contrib/wpa/src/ap/wpa_auth_ie.h head/contrib/wpa/src/ap/wps_hostapd.c head/contrib/wpa/src/ap/wps_hostapd.h head/contrib/wpa/src/common/defs.h head/contrib/wpa/src/common/eapol_common.h head/contrib/wpa/src/common/ieee802_11_common.c head/contrib/wpa/src/common/ieee802_11_common.h head/contrib/wpa/src/common/ieee802_11_defs.h head/contrib/wpa/src/common/privsep_commands.h head/contrib/wpa/src/common/version.h head/contrib/wpa/src/common/wpa_common.c head/contrib/wpa/src/common/wpa_common.h head/contrib/wpa/src/common/wpa_ctrl.c head/contrib/wpa/src/common/wpa_ctrl.h head/contrib/wpa/src/crypto/aes-ccm.c head/contrib/wpa/src/crypto/aes-eax.c head/contrib/wpa/src/crypto/aes-gcm.c head/contrib/wpa/src/crypto/aes-omac1.c head/contrib/wpa/src/crypto/aes-unwrap.c head/contrib/wpa/src/crypto/aes-wrap.c head/contrib/wpa/src/crypto/aes_wrap.h head/contrib/wpa/src/crypto/crypto.h head/contrib/wpa/src/crypto/crypto_internal-rsa.c head/contrib/wpa/src/crypto/crypto_openssl.c head/contrib/wpa/src/crypto/dh_groups.c head/contrib/wpa/src/crypto/dh_groups.h head/contrib/wpa/src/crypto/md5.c head/contrib/wpa/src/crypto/milenage.c head/contrib/wpa/src/crypto/ms_funcs.c head/contrib/wpa/src/crypto/random.c head/contrib/wpa/src/crypto/sha1-internal.c head/contrib/wpa/src/crypto/sha1-prf.c head/contrib/wpa/src/crypto/sha1.c head/contrib/wpa/src/crypto/sha256-prf.c head/contrib/wpa/src/crypto/sha256.h head/contrib/wpa/src/crypto/tls.h head/contrib/wpa/src/crypto/tls_gnutls.c head/contrib/wpa/src/crypto/tls_internal.c head/contrib/wpa/src/crypto/tls_none.c head/contrib/wpa/src/crypto/tls_openssl.c head/contrib/wpa/src/crypto/tls_schannel.c head/contrib/wpa/src/drivers/driver.h head/contrib/wpa/src/drivers/driver_bsd.c head/contrib/wpa/src/drivers/driver_common.c head/contrib/wpa/src/drivers/driver_ndis.c head/contrib/wpa/src/drivers/driver_privsep.c head/contrib/wpa/src/drivers/driver_wired.c head/contrib/wpa/src/drivers/drivers.c head/contrib/wpa/src/eap_common/eap_common.c head/contrib/wpa/src/eap_common/eap_common.h head/contrib/wpa/src/eap_common/eap_defs.h head/contrib/wpa/src/eap_common/eap_fast_common.c head/contrib/wpa/src/eap_common/eap_fast_common.h head/contrib/wpa/src/eap_common/eap_gpsk_common.c head/contrib/wpa/src/eap_common/eap_gpsk_common.h head/contrib/wpa/src/eap_common/eap_ikev2_common.c head/contrib/wpa/src/eap_common/eap_ikev2_common.h head/contrib/wpa/src/eap_common/eap_pax_common.c head/contrib/wpa/src/eap_common/eap_pax_common.h head/contrib/wpa/src/eap_common/eap_pwd_common.c head/contrib/wpa/src/eap_common/eap_pwd_common.h head/contrib/wpa/src/eap_common/eap_sim_common.c head/contrib/wpa/src/eap_common/eap_sim_common.h head/contrib/wpa/src/eap_common/ikev2_common.c head/contrib/wpa/src/eap_common/ikev2_common.h head/contrib/wpa/src/eap_peer/eap.c head/contrib/wpa/src/eap_peer/eap.h head/contrib/wpa/src/eap_peer/eap_aka.c head/contrib/wpa/src/eap_peer/eap_config.h head/contrib/wpa/src/eap_peer/eap_fast.c head/contrib/wpa/src/eap_peer/eap_fast_pac.c head/contrib/wpa/src/eap_peer/eap_gpsk.c head/contrib/wpa/src/eap_peer/eap_i.h head/contrib/wpa/src/eap_peer/eap_ikev2.c head/contrib/wpa/src/eap_peer/eap_leap.c head/contrib/wpa/src/eap_peer/eap_methods.c head/contrib/wpa/src/eap_peer/eap_methods.h head/contrib/wpa/src/eap_peer/eap_mschapv2.c head/contrib/wpa/src/eap_peer/eap_pax.c head/contrib/wpa/src/eap_peer/eap_peap.c head/contrib/wpa/src/eap_peer/eap_psk.c head/contrib/wpa/src/eap_peer/eap_pwd.c head/contrib/wpa/src/eap_peer/eap_sake.c head/contrib/wpa/src/eap_peer/eap_sim.c head/contrib/wpa/src/eap_peer/eap_tls.c head/contrib/wpa/src/eap_peer/eap_tls_common.c head/contrib/wpa/src/eap_peer/eap_tls_common.h head/contrib/wpa/src/eap_peer/eap_tnc.c head/contrib/wpa/src/eap_peer/eap_ttls.c head/contrib/wpa/src/eap_peer/eap_vendor_test.c head/contrib/wpa/src/eap_peer/eap_wsc.c head/contrib/wpa/src/eap_peer/ikev2.c head/contrib/wpa/src/eap_peer/mschapv2.c head/contrib/wpa/src/eap_peer/tncc.c head/contrib/wpa/src/eap_server/eap.h head/contrib/wpa/src/eap_server/eap_i.h head/contrib/wpa/src/eap_server/eap_methods.h head/contrib/wpa/src/eap_server/eap_server.c head/contrib/wpa/src/eap_server/eap_server_aka.c head/contrib/wpa/src/eap_server/eap_server_fast.c head/contrib/wpa/src/eap_server/eap_server_gpsk.c head/contrib/wpa/src/eap_server/eap_server_gtc.c head/contrib/wpa/src/eap_server/eap_server_identity.c head/contrib/wpa/src/eap_server/eap_server_ikev2.c head/contrib/wpa/src/eap_server/eap_server_md5.c head/contrib/wpa/src/eap_server/eap_server_methods.c head/contrib/wpa/src/eap_server/eap_server_mschapv2.c head/contrib/wpa/src/eap_server/eap_server_pax.c head/contrib/wpa/src/eap_server/eap_server_peap.c head/contrib/wpa/src/eap_server/eap_server_psk.c head/contrib/wpa/src/eap_server/eap_server_pwd.c head/contrib/wpa/src/eap_server/eap_server_sake.c head/contrib/wpa/src/eap_server/eap_server_sim.c head/contrib/wpa/src/eap_server/eap_server_tls.c head/contrib/wpa/src/eap_server/eap_server_tls_common.c head/contrib/wpa/src/eap_server/eap_server_tnc.c head/contrib/wpa/src/eap_server/eap_server_ttls.c head/contrib/wpa/src/eap_server/eap_server_wsc.c head/contrib/wpa/src/eap_server/eap_sim_db.c head/contrib/wpa/src/eap_server/eap_tls_common.h head/contrib/wpa/src/eap_server/ikev2.c head/contrib/wpa/src/eap_server/tncs.c head/contrib/wpa/src/eapol_auth/eapol_auth_dump.c head/contrib/wpa/src/eapol_auth/eapol_auth_sm.c head/contrib/wpa/src/eapol_auth/eapol_auth_sm.h head/contrib/wpa/src/eapol_auth/eapol_auth_sm_i.h head/contrib/wpa/src/eapol_supp/eapol_supp_sm.c head/contrib/wpa/src/eapol_supp/eapol_supp_sm.h head/contrib/wpa/src/l2_packet/l2_packet.h head/contrib/wpa/src/l2_packet/l2_packet_freebsd.c head/contrib/wpa/src/l2_packet/l2_packet_ndis.c head/contrib/wpa/src/l2_packet/l2_packet_none.c head/contrib/wpa/src/l2_packet/l2_packet_privsep.c head/contrib/wpa/src/p2p/p2p.c head/contrib/wpa/src/p2p/p2p.h head/contrib/wpa/src/p2p/p2p_build.c head/contrib/wpa/src/p2p/p2p_dev_disc.c head/contrib/wpa/src/p2p/p2p_go_neg.c head/contrib/wpa/src/p2p/p2p_group.c head/contrib/wpa/src/p2p/p2p_i.h head/contrib/wpa/src/p2p/p2p_invitation.c head/contrib/wpa/src/p2p/p2p_parse.c head/contrib/wpa/src/p2p/p2p_pd.c head/contrib/wpa/src/p2p/p2p_sd.c head/contrib/wpa/src/p2p/p2p_utils.c head/contrib/wpa/src/radius/radius.c head/contrib/wpa/src/radius/radius.h head/contrib/wpa/src/radius/radius_client.c head/contrib/wpa/src/radius/radius_das.c head/contrib/wpa/src/radius/radius_das.h head/contrib/wpa/src/radius/radius_server.c head/contrib/wpa/src/radius/radius_server.h head/contrib/wpa/src/rsn_supp/peerkey.c head/contrib/wpa/src/rsn_supp/peerkey.h head/contrib/wpa/src/rsn_supp/pmksa_cache.c head/contrib/wpa/src/rsn_supp/pmksa_cache.h head/contrib/wpa/src/rsn_supp/preauth.c head/contrib/wpa/src/rsn_supp/preauth.h head/contrib/wpa/src/rsn_supp/tdls.c head/contrib/wpa/src/rsn_supp/wpa.c head/contrib/wpa/src/rsn_supp/wpa.h head/contrib/wpa/src/rsn_supp/wpa_ft.c head/contrib/wpa/src/rsn_supp/wpa_i.h head/contrib/wpa/src/rsn_supp/wpa_ie.c head/contrib/wpa/src/rsn_supp/wpa_ie.h head/contrib/wpa/src/tls/asn1.c head/contrib/wpa/src/tls/asn1.h head/contrib/wpa/src/tls/libtommath.c head/contrib/wpa/src/tls/pkcs1.c head/contrib/wpa/src/tls/pkcs1.h head/contrib/wpa/src/tls/rsa.c head/contrib/wpa/src/tls/rsa.h head/contrib/wpa/src/tls/tlsv1_client.c head/contrib/wpa/src/tls/tlsv1_client_read.c head/contrib/wpa/src/tls/tlsv1_client_write.c head/contrib/wpa/src/tls/tlsv1_common.c head/contrib/wpa/src/tls/tlsv1_common.h head/contrib/wpa/src/tls/tlsv1_record.c head/contrib/wpa/src/tls/tlsv1_server.c head/contrib/wpa/src/tls/tlsv1_server.h head/contrib/wpa/src/tls/tlsv1_server_i.h head/contrib/wpa/src/tls/tlsv1_server_read.c head/contrib/wpa/src/tls/tlsv1_server_write.c head/contrib/wpa/src/tls/x509v3.c head/contrib/wpa/src/utils/base64.c head/contrib/wpa/src/utils/build_config.h head/contrib/wpa/src/utils/common.c head/contrib/wpa/src/utils/common.h head/contrib/wpa/src/utils/edit.c head/contrib/wpa/src/utils/edit_readline.c head/contrib/wpa/src/utils/edit_simple.c head/contrib/wpa/src/utils/eloop.c head/contrib/wpa/src/utils/eloop.h head/contrib/wpa/src/utils/eloop_win.c head/contrib/wpa/src/utils/ext_password_test.c head/contrib/wpa/src/utils/ip_addr.c head/contrib/wpa/src/utils/ip_addr.h head/contrib/wpa/src/utils/list.h head/contrib/wpa/src/utils/os.h head/contrib/wpa/src/utils/os_internal.c head/contrib/wpa/src/utils/os_none.c head/contrib/wpa/src/utils/os_unix.c head/contrib/wpa/src/utils/os_win32.c head/contrib/wpa/src/utils/pcsc_funcs.c head/contrib/wpa/src/utils/pcsc_funcs.h head/contrib/wpa/src/utils/radiotap.c head/contrib/wpa/src/utils/radiotap.h head/contrib/wpa/src/utils/radiotap_iter.h head/contrib/wpa/src/utils/trace.c head/contrib/wpa/src/utils/trace.h head/contrib/wpa/src/utils/uuid.c head/contrib/wpa/src/utils/wpa_debug.c head/contrib/wpa/src/utils/wpa_debug.h head/contrib/wpa/src/utils/wpabuf.c head/contrib/wpa/src/utils/wpabuf.h head/contrib/wpa/src/wps/http_client.c head/contrib/wpa/src/wps/http_server.c head/contrib/wpa/src/wps/httpread.c head/contrib/wpa/src/wps/ndef.c head/contrib/wpa/src/wps/wps.c head/contrib/wpa/src/wps/wps.h head/contrib/wpa/src/wps/wps_attr_build.c head/contrib/wpa/src/wps/wps_attr_parse.c head/contrib/wpa/src/wps/wps_attr_parse.h head/contrib/wpa/src/wps/wps_attr_process.c head/contrib/wpa/src/wps/wps_common.c head/contrib/wpa/src/wps/wps_defs.h head/contrib/wpa/src/wps/wps_dev_attr.c head/contrib/wpa/src/wps/wps_dev_attr.h head/contrib/wpa/src/wps/wps_enrollee.c head/contrib/wpa/src/wps/wps_er.c head/contrib/wpa/src/wps/wps_er.h head/contrib/wpa/src/wps/wps_er_ssdp.c head/contrib/wpa/src/wps/wps_i.h head/contrib/wpa/src/wps/wps_registrar.c head/contrib/wpa/src/wps/wps_upnp.c head/contrib/wpa/src/wps/wps_upnp_ap.c head/contrib/wpa/src/wps/wps_upnp_i.h head/contrib/wpa/src/wps/wps_upnp_ssdp.c head/contrib/wpa/src/wps/wps_upnp_web.c head/contrib/wpa/src/wps/wps_validate.c head/contrib/wpa/wpa_supplicant/ChangeLog head/contrib/wpa/wpa_supplicant/README head/contrib/wpa/wpa_supplicant/README-HS20 head/contrib/wpa/wpa_supplicant/README-P2P head/contrib/wpa/wpa_supplicant/README-WPS head/contrib/wpa/wpa_supplicant/ap.c head/contrib/wpa/wpa_supplicant/ap.h head/contrib/wpa/wpa_supplicant/bgscan.c head/contrib/wpa/wpa_supplicant/bgscan.h head/contrib/wpa/wpa_supplicant/bgscan_learn.c head/contrib/wpa/wpa_supplicant/bgscan_simple.c head/contrib/wpa/wpa_supplicant/bss.c head/contrib/wpa/wpa_supplicant/bss.h head/contrib/wpa/wpa_supplicant/config.c head/contrib/wpa/wpa_supplicant/config.h head/contrib/wpa/wpa_supplicant/config_file.c head/contrib/wpa/wpa_supplicant/config_none.c head/contrib/wpa/wpa_supplicant/config_ssid.h head/contrib/wpa/wpa_supplicant/ctrl_iface.c head/contrib/wpa/wpa_supplicant/ctrl_iface.h head/contrib/wpa/wpa_supplicant/ctrl_iface_named_pipe.c head/contrib/wpa/wpa_supplicant/ctrl_iface_udp.c head/contrib/wpa/wpa_supplicant/ctrl_iface_unix.c head/contrib/wpa/wpa_supplicant/dbus/Makefile head/contrib/wpa/wpa_supplicant/dbus/dbus_common.c head/contrib/wpa/wpa_supplicant/dbus/dbus_dict_helpers.c head/contrib/wpa/wpa_supplicant/dbus/dbus_dict_helpers.h head/contrib/wpa/wpa_supplicant/dbus/dbus_new.c head/contrib/wpa/wpa_supplicant/dbus/dbus_new.h head/contrib/wpa/wpa_supplicant/dbus/dbus_new_handlers.c head/contrib/wpa/wpa_supplicant/dbus/dbus_new_handlers.h head/contrib/wpa/wpa_supplicant/dbus/dbus_new_handlers_p2p.c head/contrib/wpa/wpa_supplicant/dbus/dbus_new_handlers_p2p.h head/contrib/wpa/wpa_supplicant/dbus/dbus_new_handlers_wps.c head/contrib/wpa/wpa_supplicant/dbus/dbus_new_helpers.c head/contrib/wpa/wpa_supplicant/dbus/dbus_new_helpers.h head/contrib/wpa/wpa_supplicant/dbus/dbus_new_introspect.c head/contrib/wpa/wpa_supplicant/dbus/dbus_old.c head/contrib/wpa/wpa_supplicant/dbus/dbus_old.h head/contrib/wpa/wpa_supplicant/dbus/dbus_old_handlers.c head/contrib/wpa/wpa_supplicant/dbus/dbus_old_handlers.h head/contrib/wpa/wpa_supplicant/dbus/dbus_old_handlers_wps.c head/contrib/wpa/wpa_supplicant/defconfig head/contrib/wpa/wpa_supplicant/driver_i.h head/contrib/wpa/wpa_supplicant/eap_register.c head/contrib/wpa/wpa_supplicant/eapol_test.c head/contrib/wpa/wpa_supplicant/events.c head/contrib/wpa/wpa_supplicant/examples/p2p-action.sh head/contrib/wpa/wpa_supplicant/examples/wps-ap-cli head/contrib/wpa/wpa_supplicant/examples/wps-nfc.py head/contrib/wpa/wpa_supplicant/gas_query.c head/contrib/wpa/wpa_supplicant/gas_query.h head/contrib/wpa/wpa_supplicant/hs20_supplicant.c head/contrib/wpa/wpa_supplicant/hs20_supplicant.h head/contrib/wpa/wpa_supplicant/ibss_rsn.c head/contrib/wpa/wpa_supplicant/ibss_rsn.h head/contrib/wpa/wpa_supplicant/interworking.c head/contrib/wpa/wpa_supplicant/interworking.h head/contrib/wpa/wpa_supplicant/main.c head/contrib/wpa/wpa_supplicant/main_none.c head/contrib/wpa/wpa_supplicant/notify.c head/contrib/wpa/wpa_supplicant/notify.h head/contrib/wpa/wpa_supplicant/offchannel.c head/contrib/wpa/wpa_supplicant/p2p_supplicant.c head/contrib/wpa/wpa_supplicant/p2p_supplicant.h head/contrib/wpa/wpa_supplicant/preauth_test.c head/contrib/wpa/wpa_supplicant/scan.c head/contrib/wpa/wpa_supplicant/scan.h head/contrib/wpa/wpa_supplicant/sme.c head/contrib/wpa/wpa_supplicant/sme.h head/contrib/wpa/wpa_supplicant/tests/test_wpa.c head/contrib/wpa/wpa_supplicant/todo.txt head/contrib/wpa/wpa_supplicant/wifi_display.c head/contrib/wpa/wpa_supplicant/wifi_display.h head/contrib/wpa/wpa_supplicant/wnm_sta.c head/contrib/wpa/wpa_supplicant/wnm_sta.h head/contrib/wpa/wpa_supplicant/wpa_cli.c head/contrib/wpa/wpa_supplicant/wpa_priv.c head/contrib/wpa/wpa_supplicant/wpa_supplicant.c head/contrib/wpa/wpa_supplicant/wpa_supplicant.conf head/contrib/wpa/wpa_supplicant/wpa_supplicant_i.h head/contrib/wpa/wpa_supplicant/wpa_supplicant_template.conf head/contrib/wpa/wpa_supplicant/wpas_glue.c head/contrib/wpa/wpa_supplicant/wps_supplicant.c head/contrib/wpa/wpa_supplicant/wps_supplicant.h head/usr.sbin/wpa/hostapd/Makefile head/usr.sbin/wpa/wpa_passphrase/Makefile head/usr.sbin/wpa/wpa_supplicant/Makefile Directory Properties: head/contrib/wpa/ (props changed) Copied: head/contrib/wpa/CONTRIBUTIONS (from r281682, vendor/wpa/dist/CONTRIBUTIONS) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/contrib/wpa/CONTRIBUTIONS Tue Apr 21 01:45:11 2015 (r281806, copy of r281682, vendor/wpa/dist/CONTRIBUTIONS) @@ -0,0 +1,143 @@ +Contributions to hostap.git +--------------------------- + +This software is distributed under a permissive open source license to +allow it to be used in any projects, whether open source or proprietary. +Contributions to the project are welcome and it is important to maintain +clear record of contributions and terms under which they are licensed. +To help with this, following procedure is used to allow acceptance and +recording of the terms. + +All contributions are expected to be licensed under the modified BSD +license (see below). Acknowledgment of the terms is tracked through +inclusion of Signed-off-by tag in the contributions at the end of the +commit log message. This tag indicates that the contributor agrees with +the Developer Certificate of Origin (DCO) version 1.1 terms (see below; +also available from http://developercertificate.org/). + + +The current requirements for contributions to hostap.git +-------------------------------------------------------- + +To indicate your acceptance of Developer's Certificate of Origin 1.1 +terms, please add the following line to the end of the commit message +for each contribution you make to the project: + +Signed-off-by: Your Name <your@email.example.org> + +using your real name. Pseudonyms or anonymous contributions cannot +unfortunately be accepted. + + +History of license and contributions terms +------------------------------------------ + +Until February 11, 2012, in case of most files in hostap.git, "under the +open source license indicated in the file" means that the contribution +is licensed both under GPL v2 and modified BSD license (see below) and +the choice between these licenses is given to anyone who redistributes +or uses the software. As such, the contribution has to be licensed under +both options to allow this choice. + +As of February 11, 2012, the project has chosen to use only the BSD +license option for future distribution. As such, the GPL v2 license +option is no longer used and the contributions are not required to be +licensed until GPL v2. In case of most files in hostap.git, "under the +open source license indicated in the file" means that the contribution +is licensed under the modified BSD license (see below). + +Until February 13, 2014, the project used an extended version of the DCO +that included the identical items (a) through (d) from DCO 1.1 and an +additional item (e): + +(e) The contribution can be licensed under the modified BSD license + as shown below even in case of files that are currently licensed + under other terms. + +This was used during the period when some of the files included the old +license terms. Acceptance of this extended DCO version was indicated +with a Signed-hostap tag in the commit message. This additional item (e) +was used to collect explicit approval to license the contribution with +only the modified BSD license (see below), i.e., without the GPL v2 +option. This was done to allow simpler licensing terms to be used in the +future. It should be noted that the modified BSD license is compatible +with GNU GPL and as such, this possible move to simpler licensing option +does not prevent use of this software in GPL projects. + + +===[ start quote from http://developercertificate.org/ ]======================= + +Developer Certificate of Origin +Version 1.1 + +Copyright (C) 2004, 2006 The Linux Foundation and its contributors. +660 York Street, Suite 102, +San Francisco, CA 94110 USA + +Everyone is permitted to copy and distribute verbatim copies of this +license document, but changing it is not allowed. + + +Developer's Certificate of Origin 1.1 + +By making a contribution to this project, I certify that: + +(a) The contribution was created in whole or in part by me and I + have the right to submit it under the open source license + indicated in the file; or + +(b) The contribution is based upon previous work that, to the best + of my knowledge, is covered under an appropriate open source + license and I have the right under that license to submit that + work with modifications, whether created in whole or in part + by me, under the same open source license (unless I am + permitted to submit under a different license), as indicated + in the file; or + +(c) The contribution was provided directly to me by some other + person who certified (a), (b) or (c) and I have not modified + it. + +(d) I understand and agree that this project and the contribution + are public and that a record of the contribution (including all + personal information I submit with it, including my sign-off) is + maintained indefinitely and may be redistributed consistent with + this project or the open source license(s) involved. + +===[ end quote from http://developercertificate.org/ ]========================= + + +The license terms used for hostap.git files +------------------------------------------- + +Modified BSD license (no advertisement clause): + +Copyright (c) 2002-2015, Jouni Malinen <j@w1.fi> and contributors +All Rights Reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are +met: + +1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + +2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + +3. Neither the name(s) of the above-listed copyright holder(s) nor the + names of its contributors may be used to endorse or promote products + derived from this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR +A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. Modified: head/contrib/wpa/COPYING ============================================================================== --- head/contrib/wpa/COPYING Tue Apr 21 01:37:14 2015 (r281805) +++ head/contrib/wpa/COPYING Tue Apr 21 01:45:11 2015 (r281806) @@ -1,7 +1,7 @@ wpa_supplicant and hostapd -------------------------- -Copyright (c) 2002-2012, Jouni Malinen <j@w1.fi> and contributors +Copyright (c) 2002-2015, Jouni Malinen <j@w1.fi> and contributors All Rights Reserved. Modified: head/contrib/wpa/README ============================================================================== --- head/contrib/wpa/README Tue Apr 21 01:37:14 2015 (r281805) +++ head/contrib/wpa/README Tue Apr 21 01:45:11 2015 (r281806) @@ -1,7 +1,7 @@ wpa_supplicant and hostapd -------------------------- -Copyright (c) 2002-2012, Jouni Malinen <j@w1.fi> and contributors +Copyright (c) 2002-2015, Jouni Malinen <j@w1.fi> and contributors All Rights Reserved. These programs are licensed under the BSD license (the one with Modified: head/contrib/wpa/hostapd/ChangeLog ============================================================================== --- head/contrib/wpa/hostapd/ChangeLog Tue Apr 21 01:37:14 2015 (r281805) +++ head/contrib/wpa/hostapd/ChangeLog Tue Apr 21 01:45:11 2015 (r281806) @@ -1,5 +1,191 @@ ChangeLog for hostapd +2015-03-15 - v2.4 + * allow OpenSSL cipher configuration to be set for internal EAP server + (openssl_ciphers parameter) + * fixed number of small issues based on hwsim test case failures and + static analyzer reports + * fixed Accounting-Request to not include duplicated Acct-Session-Id + * add support for Acct-Multi-Session-Id in RADIUS Accounting messages + * add support for PMKSA caching with SAE + * add support for generating BSS Load element (bss_load_update_period) + * fixed channel switch from VHT to HT + * add INTERFACE-ENABLED and INTERFACE-DISABLED ctrl_iface events + * add support for learning STA IPv4/IPv6 addresses and configuring + ProxyARP support + * dropped support for the madwifi driver interface + * add support for Suite B (128-bit and 192-bit level) key management and + cipher suites + * fixed a regression with driver=wired + * extend EAPOL-Key msg 1/4 retry workaround for changing SNonce + * add BSS_TM_REQ ctrl_iface command to send BSS Transition Management + Request frames and BSS-TM-RESP event to indicate response to such + frame + * add support for EAP Re-Authentication Protocol (ERP) + * fixed AP IE in EAPOL-Key 3/4 when both WPA and FT was enabled + * fixed a regression in HT 20/40 coex Action frame parsing + * set stdout to be line-buffered + * add support for vendor specific VHT extension to enable 256 QAM rates + (VHT-MCS 8 and 9) on 2.4 GHz band + * RADIUS DAS: + - extend Disconnect-Request processing to allow matching of multiple + sessions + - support Acct-Multi-Session-Id as an identifier + - allow PMKSA cache entry to be removed without association + * expire hostapd STA entry if kernel does not have a matching entry + * allow chanlist to be used to specify a subset of channels for ACS + * improve ACS behavior on 2.4 GHz band and allow channel bias to be + configured with acs_chan_bias parameter + * do not reply to a Probe Request frame that includes DSS Parameter Set + element in which the channel does not match the current operating + channel + * add UPDATE_BEACON ctrl_iface command; this can be used to force Beacon + frame contents to be updated and to start beaconing on an interface + that used start_disabled=1 + * fixed some RADIUS server failover cases + +2014-10-09 - v2.3 + * fixed number of minor issues identified in static analyzer warnings + * fixed DFS and channel switch operation for multi-BSS cases + * started to use constant time comparison for various password and hash + values to reduce possibility of any externally measurable timing + differences + * extended explicit clearing of freed memory and expired keys to avoid + keeping private data in memory longer than necessary + * added support for number of new RADIUS attributes from RFC 7268 + (Mobility-Domain-Id, WLAN-HESSID, WLAN-Pairwise-Cipher, + WLAN-Group-Cipher, WLAN-AKM-Suite, WLAN-Group-Mgmt-Pairwise-Cipher) + * fixed GET_CONFIG wpa_pairwise_cipher value + * added code to clear bridge FDB entry on station disconnection + * fixed PMKSA cache timeout from Session-Timeout for WPA/WPA2 cases + * fixed OKC PMKSA cache entry fetch to avoid a possible infinite loop + in case the first entry does not match + * fixed hostapd_cli action script execution to use more robust mechanism + (CVE-2014-3686) + +2014-06-04 - v2.2 + * fixed SAE confirm-before-commit validation to avoid a potential + segmentation fault in an unexpected message sequence that could be + triggered remotely + * extended VHT support + - Operating Mode Notification + - Power Constraint element (local_pwr_constraint) + - Spectrum management capability (spectrum_mgmt_required=1) + - fix VHT80 segment picking in ACS + - fix vht_capab 'Maximum A-MPDU Length Exponent' handling + - fix VHT20 + * fixed HT40 co-ex scan for some pri/sec channel switches + * extended HT40 co-ex support to allow dynamic channel width changes + during the lifetime of the BSS + * fixed HT40 co-ex support to check for overlapping 20 MHz BSS + * fixed MSCHAP UTF-8 to UCS-2 conversion for three-byte encoding; + this fixes password with include UTF-8 characters that use + three-byte encoding EAP methods that use NtPasswordHash + * reverted TLS certificate validation step change in v2.1 that rejected + any AAA server certificate with id-kp-clientAuth even if + id-kp-serverAuth EKU was included + * fixed STA validation step for WPS ER commands to prevent a potential + crash if an ER sends an unexpected PutWLANResponse to a station that + is disassociated, but not fully removed + * enforce full EAP authentication after RADIUS Disconnect-Request by + removing the PMKSA cache entry + * added support for NAS-IP-Address, NAS-identifier, and NAS-IPv6-Address + in RADIUS Disconnect-Request + * added mechanism for removing addresses for MAC ACLs by prefixing an + entry with "-" + * Interworking/Hotspot 2.0 enhancements + - support Hotspot 2.0 Release 2 + * OSEN network for online signup connection + * subscription remediation (based on RADIUS server request or + control interface HS20_WNM_NOTIF for testing purposes) + * Hotspot 2.0 release number indication in WFA RADIUS VSA + * deauthentication request (based on RADIUS server request or + control interface WNM_DEAUTH_REQ for testing purposes) + * Session Info URL RADIUS AVP to trigger ESS Disassociation Imminent + * hs20_icon config parameter to configure icon files for OSU + * osu_* config parameters for OSU Providers list + - do not use Interworking filtering rules on Probe Request if + Interworking is disabled to avoid interop issues + * added/fixed nl80211 functionality + - AP interface teardown optimization + - support vendor specific driver command + (VENDOR <vendor id> <sub command id> [<hex formatted data>]) + * fixed PMF protection of Deauthentication frame when this is triggered + by session timeout + * internal TLS implementation enhancements/fixes + - add SHA256-based cipher suites + - add DHE-RSA cipher suites + - fix X.509 validation of PKCS#1 signature to check for extra data + * RADIUS server functionality + - add minimal RADIUS accounting server support (hostapd-as-server); + this is mainly to enable testing coverage with hwsim scripts + - allow authentication log to be written into SQLite databse + - added option for TLS protocol testing of an EAP peer by simulating + various misbehaviors/known attacks + - MAC ACL support for testing purposes + * fixed PTK derivation for CCMP-256 and GCMP-256 + * extended WPS per-station PSK to support ER case + * added option to configure the management group cipher + (group_mgmt_cipher=AES-128-CMAC (default), BIP-GMAC-128, BIP-GMAC-256, + BIP-CMAC-256) + * fixed AP mode default TXOP Limit values for AC_VI and AC_VO (these + were rounded incorrectly) + * added support for postponing FT response in case PMK-R1 needs to be + pulled from R0KH + * added option to advertise 40 MHz intolerant HT capability with + ht_capab=[40-INTOLERANT] + * remove WPS 1.0 only support, i.e., WSC 2.0 support is now enabled + whenever CONFIG_WPS=y is set + * EAP-pwd fixes + - fix possible segmentation fault on EAP method deinit if an invalid + group is negotiated + * fixed RADIUS client retransmit/failover behavior + - there was a potential ctash due to freed memory being accessed + - failover to a backup server mechanism did not work properly + * fixed a possible crash on double DISABLE command when multiple BSSes + are enabled + * fixed a memory leak in SAE random number generation + * fixed GTK rekeying when the station uses FT protocol + * fixed off-by-one bounds checking in printf_encode() + - this could result in deinial of service in some EAP server cases + * various bug fixes + +2014-02-04 - v2.1 + * added support for simultaneous authentication of equals (SAE) for + stronger password-based authentication with WPA2-Personal + * added nl80211 functionality + - VHT configuration for nl80211 + - support split wiphy dump + - driver-based MAC ACL + - QoS Mapping configuration + * added fully automated regression testing with mac80211_hwsim + * allow ctrl_iface group to be specified on command line (-G<group>) + * allow single hostapd process to control independent WPS interfaces + (wps_independent=1) instead of synchronized operations through all + configured interfaces within a process + * avoid processing received management frames multiple times when using + nl80211 with multiple BSSes + * added support for DFS (processing radar detection events, CAC, channel + re-selection) + * added EAP-EKE server + * added automatic channel selection (ACS) + * added option for using per-BSS (vif) configuration files with + -b<phyname>:<config file name> + * extended global control interface ADD/REMOVE commands to allow BSSes + of a radio to be removed individually without having to add/remove all + other BSSes of the radio at the same time + * added support for sending debug info to Linux tracing (-T on command + line) + * replace dump_file functionality with same information being available + through the hostapd control interface + * added support for using Protected Dual of Public Action frames for + GAS/ANQP exchanges when PMF is enabled + * added support for WPS+NFC updates + - improved protocol + - option to fetch and report alternative carrier records for external + NFC operations + * various bug fixes + 2013-01-12 - v2.0 * added AP-STA-DISCONNECTED ctrl_iface event * improved debug logging (human readable event names, interface name Modified: head/contrib/wpa/hostapd/README ============================================================================== --- head/contrib/wpa/hostapd/README Tue Apr 21 01:37:14 2015 (r281805) +++ head/contrib/wpa/hostapd/README Tue Apr 21 01:45:11 2015 (r281806) @@ -2,7 +2,7 @@ hostapd - user space IEEE 802.11 AP and Authenticator and RADIUS authentication server ================================================================ -Copyright (c) 2002-2012, Jouni Malinen <j@w1.fi> and contributors +Copyright (c) 2002-2015, Jouni Malinen <j@w1.fi> and contributors All Rights Reserved. This program is licensed under the BSD license (the one with @@ -74,12 +74,6 @@ Current hardware/software requirements: Please note that station firmware version needs to be 1.7.0 or newer to work in WPA mode. - madwifi driver for cards based on Atheros chip set (ar521x) - (http://sourceforge.net/projects/madwifi/) - Please note that you will need to add the correct path for - madwifi driver root directory in .config (see defconfig file for - an example: CFLAGS += -I<path>) - mac80211-based drivers that support AP mode (with driver=nl80211). This includes drivers for Atheros (ath9k) and Broadcom (b43) chipsets. Modified: head/contrib/wpa/hostapd/README-WPS ============================================================================== --- head/contrib/wpa/hostapd/README-WPS Tue Apr 21 01:37:14 2015 (r281805) +++ head/contrib/wpa/hostapd/README-WPS Tue Apr 21 01:45:11 2015 (r281806) @@ -58,12 +58,10 @@ hostapd configuration WPS is an optional component that needs to be enabled in hostapd build configuration (.config). Here is an example configuration that -includes WPS support and uses madwifi driver interface: +includes WPS support and uses nl80211 driver interface: -CONFIG_DRIVER_MADWIFI=y -CFLAGS += -I/usr/src/madwifi-0.9.3 +CONFIG_DRIVER_NL80211=y CONFIG_WPS=y -CONFIG_WPS2=y CONFIG_WPS_UPNP=y Following parameter can be used to enable support for NFC config method: @@ -75,8 +73,8 @@ Following section shows an example runti (hostapd.conf) that enables WPS: # Configure the driver and network interface -driver=madwifi -interface=ath0 +driver=nl80211 +interface=wlan0 # WPA2-Personal configuration for the AP ssid=wps-test @@ -338,3 +336,17 @@ If the NFC tag contains a password token internal Registrar. This allows station Enrollee from which the password token was received to run through WPS protocol to provision the credential. + +"nfc_get_handover_sel <NDEF> <WPS>" command can be used to build the +contents of a Handover Select Message for connection handover when this +does not depend on the contents of the Handover Request Message. The +first argument selects the format of the output data and the second +argument selects which type of connection handover is requested (WPS = +Wi-Fi handover as specified in WSC 2.0). + +"nfc_report_handover <INIT/RESP> WPS <carrier from handover request> +<carrier from handover select>" is used to report completed NFC +connection handover. The first parameter indicates whether the local +device initiated or responded to the connection handover and the carrier +records are the selected carrier from the handover request and select +messages as a hexdump. Modified: head/contrib/wpa/hostapd/config_file.c ============================================================================== --- head/contrib/wpa/hostapd/config_file.c Tue Apr 21 01:37:14 2015 (r281805) +++ head/contrib/wpa/hostapd/config_file.c Tue Apr 21 01:45:11 2015 (r281806) @@ -1,6 +1,6 @@ /* * hostapd / Configuration file parser - * Copyright (c) 2003-2012, Jouni Malinen <j@w1.fi> + * Copyright (c) 2003-2015, Jouni Malinen <j@w1.fi> * * This software may be distributed under the terms of the BSD license. * See README for more details. @@ -22,7 +22,12 @@ #include "config_file.h" -extern struct wpa_driver_ops *wpa_drivers[]; +#ifndef CONFIG_NO_RADIUS +#ifdef EAP_SERVER +static struct hostapd_radius_attr * +hostapd_parse_radius_attr(const char *value); +#endif /* EAP_SERVER */ +#endif /* CONFIG_NO_RADIUS */ #ifndef CONFIG_NO_VLAN @@ -83,7 +88,7 @@ static int hostapd_config_read_vlan_file return -1; } - vlan = os_malloc(sizeof(*vlan)); + vlan = os_zalloc(sizeof(*vlan)); if (vlan == NULL) { wpa_printf(MSG_ERROR, "Out of memory while reading " "VLAN interfaces from '%s'", fname); @@ -91,14 +96,10 @@ static int hostapd_config_read_vlan_file return -1; } - os_memset(vlan, 0, sizeof(*vlan)); vlan->vlan_id = vlan_id; os_strlcpy(vlan->ifname, pos, sizeof(vlan->ifname)); - if (bss->vlan_tail) - bss->vlan_tail->next = vlan; - else - bss->vlan = vlan; - bss->vlan_tail = vlan; + vlan->next = bss->vlan; + bss->vlan = vlan; } fclose(f); @@ -136,6 +137,8 @@ static int hostapd_config_read_maclist(c } while (fgets(buf, sizeof(buf), f)) { + int i, rem = 0; + line++; if (buf[0] == '#') @@ -150,14 +153,32 @@ static int hostapd_config_read_maclist(c } if (buf[0] == '\0') continue; + pos = buf; + if (buf[0] == '-') { + rem = 1; + pos++; + } - if (hwaddr_aton(buf, addr)) { + if (hwaddr_aton(pos, addr)) { wpa_printf(MSG_ERROR, "Invalid MAC address '%s' at " - "line %d in '%s'", buf, line, fname); + "line %d in '%s'", pos, line, fname); fclose(f); return -1; } + if (rem) { + i = 0; + while (i < *num) { + if (os_memcmp((*acl)[i].addr, addr, ETH_ALEN) == + 0) { + os_remove_in_array(*acl, *num, + sizeof(**acl), i); + (*num)--; + } else + i++; + } + continue; + } vlan_id = 0; pos = buf; while (*pos != '\0' && *pos != ' ' && *pos != '\t') @@ -195,7 +216,7 @@ static int hostapd_config_read_eap_user( FILE *f; char buf[512], *pos, *start, *pos2; int line = 0, ret = 0, num_methods; - struct hostapd_eap_user *user, *tail = NULL; + struct hostapd_eap_user *user = NULL, *tail = NULL, *new_user = NULL; if (!fname) return 0; @@ -229,6 +250,28 @@ static int hostapd_config_read_eap_user( if (buf[0] == '\0') continue; +#ifndef CONFIG_NO_RADIUS + if (user && os_strncmp(buf, "radius_accept_attr=", 19) == 0) { + struct hostapd_radius_attr *attr, *a; + attr = hostapd_parse_radius_attr(buf + 19); + if (attr == NULL) { + wpa_printf(MSG_ERROR, "Invalid radius_auth_req_attr: %s", + buf + 19); + user = NULL; /* already in the BSS list */ + goto failed; + } + if (user->accept_attr == NULL) { + user->accept_attr = attr; + } else { + a = user->accept_attr; + while (a->next) + a = a->next; + a->next = attr; + } + continue; + } +#endif /* CONFIG_NO_RADIUS */ + user = NULL; if (buf[0] != '"' && buf[0] != '*') { @@ -323,6 +366,10 @@ static int hostapd_config_read_eap_user( EAP_TTLS_AUTH_MSCHAPV2; goto skip_eap; } + if (os_strcmp(start, "MACACL") == 0) { + user->macacl = 1; + goto skip_eap; + } wpa_printf(MSG_ERROR, "Unsupported EAP type " "'%s' on line %d in '%s'", start, line, fname); @@ -337,7 +384,7 @@ static int hostapd_config_read_eap_user( break; start = pos3; } - if (num_methods == 0 && user->ttls_auth == 0) { + if (num_methods == 0 && user->ttls_auth == 0 && !user->macacl) { wpa_printf(MSG_ERROR, "No EAP types configured on " "line %d in '%s'", line, fname); goto failed; @@ -447,7 +494,7 @@ static int hostapd_config_read_eap_user( done: if (tail == NULL) { - tail = conf->eap_user = user; + tail = new_user = user; } else { tail->next = user; tail = user; @@ -455,17 +502,26 @@ static int hostapd_config_read_eap_user( continue; failed: - if (user) { - os_free(user->password); - os_free(user->identity); - os_free(user); - } + if (user) + hostapd_config_free_eap_user(user); ret = -1; break; } fclose(f); + if (ret == 0) { + user = conf->eap_user; + while (user) { + struct hostapd_eap_user *prev; + + prev = user; + user = user->next; + hostapd_config_free_eap_user(prev); + } + conf->eap_user = new_user; + } + return ret; } #endif /* EAP_SERVER */ @@ -636,6 +692,14 @@ static int hostapd_config_parse_key_mgmt else if (os_strcmp(start, "FT-SAE") == 0) val |= WPA_KEY_MGMT_FT_SAE; #endif /* CONFIG_SAE */ +#ifdef CONFIG_SUITEB + else if (os_strcmp(start, "WPA-EAP-SUITE-B") == 0) + val |= WPA_KEY_MGMT_IEEE8021X_SUITE_B; +#endif /* CONFIG_SUITEB */ +#ifdef CONFIG_SUITEB192 + else if (os_strcmp(start, "WPA-EAP-SUITE-B-192") == 0) + val |= WPA_KEY_MGMT_IEEE8021X_SUITE_B_192; +#endif /* CONFIG_SUITEB192 */ else { wpa_printf(MSG_ERROR, "Line %d: invalid key_mgmt '%s'", line, start); @@ -661,49 +725,12 @@ static int hostapd_config_parse_key_mgmt static int hostapd_config_parse_cipher(int line, const char *value) { - int val = 0, last; - char *start, *end, *buf; - - buf = os_strdup(value); - if (buf == NULL) + int val = wpa_parse_cipher(value); + if (val < 0) { + wpa_printf(MSG_ERROR, "Line %d: invalid cipher '%s'.", + line, value); return -1; - start = buf; - - while (*start != '\0') { - while (*start == ' ' || *start == '\t') - start++; - if (*start == '\0') - break; - end = start; - while (*end != ' ' && *end != '\t' && *end != '\0') - end++; - last = *end == '\0'; - *end = '\0'; - if (os_strcmp(start, "CCMP") == 0) - val |= WPA_CIPHER_CCMP; - else if (os_strcmp(start, "GCMP") == 0) - val |= WPA_CIPHER_GCMP; - else if (os_strcmp(start, "TKIP") == 0) - val |= WPA_CIPHER_TKIP; - else if (os_strcmp(start, "WEP104") == 0) - val |= WPA_CIPHER_WEP104; - else if (os_strcmp(start, "WEP40") == 0) - val |= WPA_CIPHER_WEP40; - else if (os_strcmp(start, "NONE") == 0) - val |= WPA_CIPHER_NONE; - else { - wpa_printf(MSG_ERROR, "Line %d: invalid cipher '%s'.", - line, start); - os_free(buf); - return -1; - } - - if (last) - break; - start = end + 1; } - os_free(buf); - if (val == 0) { wpa_printf(MSG_ERROR, "Line %d: no cipher values configured.", line); @@ -748,14 +775,14 @@ static int hostapd_config_read_wep(struc } -static int hostapd_parse_rates(int **rate_list, char *val) +static int hostapd_parse_intlist(int **int_list, char *val) { int *list; int count; char *pos, *end; - os_free(*rate_list); - *rate_list = NULL; + os_free(*int_list); + *int_list = NULL; pos = val; count = 0; @@ -782,37 +809,39 @@ static int hostapd_parse_rates(int **rat } list[count] = -1; - *rate_list = list; + *int_list = list; return 0; } static int hostapd_config_bss(struct hostapd_config *conf, const char *ifname) { - struct hostapd_bss_config *bss; + struct hostapd_bss_config **all, *bss; if (*ifname == '\0') return -1; - bss = os_realloc_array(conf->bss, conf->num_bss + 1, - sizeof(struct hostapd_bss_config)); - if (bss == NULL) { + all = os_realloc_array(conf->bss, conf->num_bss + 1, + sizeof(struct hostapd_bss_config *)); + if (all == NULL) { wpa_printf(MSG_ERROR, "Failed to allocate memory for " "multi-BSS entry"); return -1; } - conf->bss = bss; + conf->bss = all; - bss = &(conf->bss[conf->num_bss]); - os_memset(bss, 0, sizeof(*bss)); + bss = os_zalloc(sizeof(*bss)); + if (bss == NULL) + return -1; bss->radius = os_zalloc(sizeof(*bss->radius)); if (bss->radius == NULL) { wpa_printf(MSG_ERROR, "Failed to allocate memory for " "multi-BSS RADIUS data"); + os_free(bss); return -1; } - conf->num_bss++; + conf->bss[conf->num_bss++] = bss; conf->last_bss = bss; hostapd_config_defaults_bss(bss); @@ -1060,8 +1089,8 @@ static int hostapd_config_ht_capab(struc conf->ht_capab |= HT_CAP_INFO_MAX_AMSDU_SIZE; if (os_strstr(capab, "[DSSS_CCK-40]")) conf->ht_capab |= HT_CAP_INFO_DSSS_CCK40MHZ; - if (os_strstr(capab, "[PSMP]")) - conf->ht_capab |= HT_CAP_INFO_PSMP_SUPP; + if (os_strstr(capab, "[40-INTOLERANT]")) + conf->ht_capab |= HT_CAP_INFO_40MHZ_INTOLERANT; if (os_strstr(capab, "[LSIG-TXOP-PROT]")) conf->ht_capab |= HT_CAP_INFO_LSIG_TXOP_PROTECT_SUPPORT; @@ -1082,8 +1111,6 @@ static int hostapd_config_vht_capab(stru conf->vht_capab |= VHT_CAP_SUPP_CHAN_WIDTH_160MHZ; if (os_strstr(capab, "[VHT160-80PLUS80]")) conf->vht_capab |= VHT_CAP_SUPP_CHAN_WIDTH_160_80PLUS80MHZ; - if (os_strstr(capab, "[VHT160-80PLUS80]")) - conf->vht_capab |= VHT_CAP_SUPP_CHAN_WIDTH_160_80PLUS80MHZ; if (os_strstr(capab, "[RXLDPC]")) conf->vht_capab |= VHT_CAP_RXLDPC; if (os_strstr(capab, "[SHORT-GI-80]")) @@ -1101,15 +1128,15 @@ static int hostapd_config_vht_capab(stru if (os_strstr(capab, "[RX-STBC-1234]")) conf->vht_capab |= VHT_CAP_RXSTBC_4; if (os_strstr(capab, "[SU-BEAMFORMER]")) - conf->vht_capab |= VHT_CAP_MU_BEAMFORMER_CAPABLE; + conf->vht_capab |= VHT_CAP_SU_BEAMFORMER_CAPABLE; if (os_strstr(capab, "[SU-BEAMFORMEE]")) - conf->vht_capab |= VHT_CAP_MU_BEAMFORMEE_CAPABLE; + conf->vht_capab |= VHT_CAP_SU_BEAMFORMEE_CAPABLE; if (os_strstr(capab, "[BF-ANTENNA-2]") && - (conf->vht_capab & VHT_CAP_MU_BEAMFORMER_CAPABLE)) - conf->vht_capab |= VHT_CAP_BEAMFORMER_ANTENNAS_MAX; + (conf->vht_capab & VHT_CAP_SU_BEAMFORMEE_CAPABLE)) + conf->vht_capab |= (1 << VHT_CAP_BEAMFORMEE_STS_OFFSET); if (os_strstr(capab, "[SOUNDING-DIMENSION-2]") && - (conf->vht_capab & VHT_CAP_MU_BEAMFORMER_CAPABLE)) - conf->vht_capab |= VHT_CAP_SOUNDING_DIMENTION_MAX; + (conf->vht_capab & VHT_CAP_SU_BEAMFORMER_CAPABLE)) + conf->vht_capab |= (1 << VHT_CAP_SOUNDING_DIMENSION_OFFSET); if (os_strstr(capab, "[MU-BEAMFORMER]")) conf->vht_capab |= VHT_CAP_MU_BEAMFORMER_CAPABLE; if (os_strstr(capab, "[MU-BEAMFORMEE]")) @@ -1118,8 +1145,20 @@ static int hostapd_config_vht_capab(stru conf->vht_capab |= VHT_CAP_VHT_TXOP_PS; if (os_strstr(capab, "[HTC-VHT]")) conf->vht_capab |= VHT_CAP_HTC_VHT; - if (os_strstr(capab, "[MAX-A-MPDU-LEN-EXP0]")) - conf->vht_capab |= VHT_CAP_MAX_A_MPDU_LENGTH_EXPONENT; + if (os_strstr(capab, "[MAX-A-MPDU-LEN-EXP7]")) + conf->vht_capab |= VHT_CAP_MAX_A_MPDU_LENGTH_EXPONENT_MAX; + else if (os_strstr(capab, "[MAX-A-MPDU-LEN-EXP6]")) + conf->vht_capab |= VHT_CAP_MAX_A_MPDU_LENGTH_EXPONENT_6; + else if (os_strstr(capab, "[MAX-A-MPDU-LEN-EXP5]")) + conf->vht_capab |= VHT_CAP_MAX_A_MPDU_LENGTH_EXPONENT_5; + else if (os_strstr(capab, "[MAX-A-MPDU-LEN-EXP4]")) + conf->vht_capab |= VHT_CAP_MAX_A_MPDU_LENGTH_EXPONENT_4; + else if (os_strstr(capab, "[MAX-A-MPDU-LEN-EXP3]")) + conf->vht_capab |= VHT_CAP_MAX_A_MPDU_LENGTH_EXPONENT_3; + else if (os_strstr(capab, "[MAX-A-MPDU-LEN-EXP2]")) + conf->vht_capab |= VHT_CAP_MAX_A_MPDU_LENGTH_EXPONENT_2; + else if (os_strstr(capab, "[MAX-A-MPDU-LEN-EXP1]")) + conf->vht_capab |= VHT_CAP_MAX_A_MPDU_LENGTH_EXPONENT_1; if (os_strstr(capab, "[VHT-LINK-ADAPT2]") && (conf->vht_capab & VHT_CAP_HTC_VHT)) conf->vht_capab |= VHT_CAP_VHT_LINK_ADAPTATION_VHT_UNSOL_MFB; @@ -1135,141 +1174,6 @@ static int hostapd_config_vht_capab(stru #endif /* CONFIG_IEEE80211AC */ -static int hostapd_config_check_bss(struct hostapd_bss_config *bss, - struct hostapd_config *conf) -{ - if (bss->ieee802_1x && !bss->eap_server && - !bss->radius->auth_servers) { - wpa_printf(MSG_ERROR, "Invalid IEEE 802.1X configuration (no " - "EAP authenticator configured)."); - return -1; - } - - if (bss->wpa && bss->wpa_psk_radius != PSK_RADIUS_IGNORED && - bss->macaddr_acl != USE_EXTERNAL_RADIUS_AUTH) { - wpa_printf(MSG_ERROR, "WPA-PSK using RADIUS enabled, but no " - "RADIUS checking (macaddr_acl=2) enabled."); - return -1; - } - - if (bss->wpa && (bss->wpa_key_mgmt & WPA_KEY_MGMT_PSK) && - bss->ssid.wpa_psk == NULL && bss->ssid.wpa_passphrase == NULL && - bss->ssid.wpa_psk_file == NULL && - (bss->wpa_psk_radius != PSK_RADIUS_REQUIRED || - bss->macaddr_acl != USE_EXTERNAL_RADIUS_AUTH)) { - wpa_printf(MSG_ERROR, "WPA-PSK enabled, but PSK or passphrase " - "is not configured."); - return -1; - } - - if (hostapd_mac_comp_empty(bss->bssid) != 0) { - size_t i; - - for (i = 0; i < conf->num_bss; i++) { - if ((&conf->bss[i] != bss) && - (hostapd_mac_comp(conf->bss[i].bssid, - bss->bssid) == 0)) { - wpa_printf(MSG_ERROR, "Duplicate BSSID " MACSTR - " on interface '%s' and '%s'.", - MAC2STR(bss->bssid), - conf->bss[i].iface, bss->iface); - return -1; - } - } - } - -#ifdef CONFIG_IEEE80211R - if (wpa_key_mgmt_ft(bss->wpa_key_mgmt) && - (bss->nas_identifier == NULL || - os_strlen(bss->nas_identifier) < 1 || - os_strlen(bss->nas_identifier) > FT_R0KH_ID_MAX_LEN)) { - wpa_printf(MSG_ERROR, "FT (IEEE 802.11r) requires " - "nas_identifier to be configured as a 1..48 octet " - "string"); - return -1; - } -#endif /* CONFIG_IEEE80211R */ - -#ifdef CONFIG_IEEE80211N - if (conf->ieee80211n && conf->hw_mode == HOSTAPD_MODE_IEEE80211B) { - bss->disable_11n = 1; - wpa_printf(MSG_ERROR, "HT (IEEE 802.11n) in 11b mode is not " - "allowed, disabling HT capabilites"); - } - - if (conf->ieee80211n && - bss->ssid.security_policy == SECURITY_STATIC_WEP) { - bss->disable_11n = 1; - wpa_printf(MSG_ERROR, "HT (IEEE 802.11n) with WEP is not " - "allowed, disabling HT capabilities"); - } - - if (conf->ieee80211n && bss->wpa && - !(bss->wpa_pairwise & WPA_CIPHER_CCMP) && - !(bss->rsn_pairwise & (WPA_CIPHER_CCMP | WPA_CIPHER_GCMP))) { - bss->disable_11n = 1; - wpa_printf(MSG_ERROR, "HT (IEEE 802.11n) with WPA/WPA2 " - "requires CCMP/GCMP to be enabled, disabling HT " - "capabilities"); - } -#endif /* CONFIG_IEEE80211N */ - -#ifdef CONFIG_WPS2 - if (bss->wps_state && bss->ignore_broadcast_ssid) { - wpa_printf(MSG_INFO, "WPS: ignore_broadcast_ssid " - "configuration forced WPS to be disabled"); - bss->wps_state = 0; - } - - if (bss->wps_state && bss->ssid.wep.keys_set && bss->wpa == 0) { - wpa_printf(MSG_INFO, "WPS: WEP configuration forced WPS to be " - "disabled"); - bss->wps_state = 0; - } - - if (bss->wps_state && bss->wpa && - (!(bss->wpa & 2) || - !(bss->rsn_pairwise & WPA_CIPHER_CCMP))) { - wpa_printf(MSG_INFO, "WPS: WPA/TKIP configuration without " - "WPA2/CCMP forced WPS to be disabled"); - bss->wps_state = 0; - } -#endif /* CONFIG_WPS2 */ - -#ifdef CONFIG_HS20 - if (bss->hs20 && - (!(bss->wpa & 2) || - !(bss->rsn_pairwise & (WPA_CIPHER_CCMP | WPA_CIPHER_GCMP)))) { - wpa_printf(MSG_ERROR, "HS 2.0: WPA2-Enterprise/CCMP " - "configuration is required for Hotspot 2.0 " - "functionality"); - return -1; - } -#endif /* CONFIG_HS20 */ - - return 0; -} - - -static int hostapd_config_check(struct hostapd_config *conf) -{ - size_t i; - - if (conf->ieee80211d && (!conf->country[0] || !conf->country[1])) { - wpa_printf(MSG_ERROR, "Cannot enable IEEE 802.11d without " - "setting the country_code"); - return -1; - } - - for (i = 0; i < conf->num_bss; i++) { - if (hostapd_config_check_bss(&conf->bss[i], conf)) - return -1; - } - - return 0; -} - - #ifdef CONFIG_INTERWORKING static int parse_roaming_consortium(struct hostapd_bss_config *bss, char *pos, int line) @@ -1306,26 +1210,34 @@ static int parse_roaming_consortium(stru static int parse_lang_string(struct hostapd_lang_string **array, unsigned int *count, char *pos) { - char *sep; - size_t clen, nlen; + char *sep, *str = NULL; + size_t clen, nlen, slen; struct hostapd_lang_string *ls; + int ret = -1; + + if (*pos == '"' || (*pos == 'P' && pos[1] == '"')) { + str = wpa_config_parse_string(pos, &slen); + if (!str) + return -1; + pos = str; + } sep = os_strchr(pos, ':'); if (sep == NULL) - return -1; + goto fail; *sep++ = '\0'; clen = os_strlen(pos); - if (clen < 2) - return -1; + if (clen < 2 || clen > sizeof(ls->lang)) + goto fail; nlen = os_strlen(sep); if (nlen > 252) - return -1; *** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201504210145.t3L1jCLp063432>