CyberLeo.Net >> Repos - FreeBSD/FreeBSD.git/commit

MFV r346563:

Update wpa 2.8 --> 2.9

hostapd:
* SAE changes
  - disable use of groups using Brainpool curves
  - improved protection against side channel attacks
  [https://w1.fi/security/2019-6/]
* EAP-pwd changes
  - disable use of groups using Brainpool curves
  - improved protection against side channel attacks
  [https://w1.fi/security/2019-6/]
* fixed FT-EAP initial mobility domain association using PMKSA caching
* added configuration of airtime policy
* fixed FILS to and RSNE into (Re)Association Response frames
* fixed DPP bootstrapping URI parser of channel list
* added support for regulatory WMM limitation (for ETSI)
* added support for MACsec Key Agreement using IEEE 802.1X/PSK
* added experimental support for EAP-TEAP server (RFC 7170)
* added experimental support for EAP-TLS server with TLS v1.3
* added support for two server certificates/keys (RSA/ECC)
* added AKMSuiteSelector into "STA <addr>" control interface data to
  determine with AKM was used for an association
* added eap_sim_id parameter to allow EAP-SIM/AKA server pseudonym and
  fast reauthentication use to be disabled
* fixed an ECDH operation corner case with OpenSSL

wpa_supplicant:
* SAE changes
  - disable use of groups using Brainpool curves
  - improved protection against side channel attacks
  [https://w1.fi/security/2019-6/]
* EAP-pwd changes
  - disable use of groups using Brainpool curves
  - allow the set of groups to be configured (eap_pwd_groups)
  - improved protection against side channel attacks
  [https://w1.fi/security/2019-6/]
* fixed FT-EAP initial mobility domain association using PMKSA caching
  (disabled by default for backwards compatibility; can be enabled
  with ft_eap_pmksa_caching=1)
* fixed a regression in OpenSSL 1.1+ engine loading
* added validation of RSNE in (Re)Association Response frames
* fixed DPP bootstrapping URI parser of channel list
* extended EAP-SIM/AKA fast re-authentication to allow use with FILS
* extended ca_cert_blob to support PEM format
* improved robustness of P2P Action frame scheduling
* added support for EAP-SIM/AKA using anonymous@realm identity
* fixed Hotspot 2.0 credential selection based on roaming consortium
  to ignore credentials without a specific EAP method
* added experimental support for EAP-TEAP peer (RFC 7170)
* added experimental support for EAP-TLS peer with TLS v1.3
* fixed a regression in WMM parameter configuration for a TDLS peer
* fixed a regression in operation with drivers that offload 802.1X
  4-way handshake
* fixed an ECDH operation corner case with OpenSSL

MFC after: 1 week
Security: https://w1.fi/security/2019-6/\
sae-eap-pwd-side-channel-attack-update.txt

author	cy <cy@FreeBSD.org>
	Thu, 22 Aug 2019 18:52:30 +0000 (18:52 +0000)
committer	cy <cy@FreeBSD.org>
	Thu, 22 Aug 2019 18:52:30 +0000 (18:52 +0000)
commit	53d87406a66ba1a3f905f17ee5dc5649e33da79b
tree	51c78e9d3ccf0c7602df579df9826dddbb43d149	tree \| snapshot
parent	2ac84bb44b251b3718f413fd588a26a16e10312c	commit \| diff
parent	fcc72eb421afeb28ca26f0a73fa6da8f696f31dc	commit \| diff

contrib/wpa/hostapd/ChangeLog	diff1 \|	diff2 \|	blob \| history
contrib/wpa/hostapd/config_file.c	diff1 \|	diff2 \|	blob \| history
contrib/wpa/hostapd/ctrl_iface.c	diff1 \|	diff2 \|	blob \| history
contrib/wpa/hostapd/defconfig	diff1 \|	diff2 \|	blob \| history
contrib/wpa/hostapd/eap_register.c	diff1 \|	diff2 \|	blob \| history
contrib/wpa/hostapd/hostapd.conf	diff1 \|	diff2 \|	blob \| history
contrib/wpa/hostapd/hostapd_cli.c	diff1 \|	diff2 \|	blob \| history
contrib/wpa/hostapd/main.c	diff1 \|	diff2 \|	blob \| history
contrib/wpa/hs20/client/osu_client.c	diff1 \|	diff2 \|	blob \| history
contrib/wpa/src/ap/accounting.c	diff1 \|	diff2 \|	blob \| history
contrib/wpa/src/ap/acs.c	diff1 \|	diff2 \|	blob \| history
contrib/wpa/src/ap/airtime_policy.c	\|	diff2 \|	blob \| history
contrib/wpa/src/ap/airtime_policy.h	\|	diff2 \|	blob \| history
contrib/wpa/src/ap/ap_config.c	diff1 \|	diff2 \|	blob \| history
contrib/wpa/src/ap/ap_config.h	diff1 \|	diff2 \|	blob \| history
contrib/wpa/src/ap/ap_drv_ops.c	diff1 \|	diff2 \|	blob \| history
contrib/wpa/src/ap/ap_drv_ops.h	diff1 \|	diff2 \|	blob \| history
contrib/wpa/src/ap/authsrv.c	diff1 \|	diff2 \|	blob \| history
contrib/wpa/src/ap/beacon.c	diff1 \|	diff2 \|	blob \| history
contrib/wpa/src/ap/ctrl_iface_ap.c	diff1 \|	diff2 \|	blob \| history
contrib/wpa/src/ap/dfs.c	diff1 \|	diff2 \|	blob \| history
contrib/wpa/src/ap/dpp_hostapd.c	diff1 \|	diff2 \|	blob \| history
contrib/wpa/src/ap/dpp_hostapd.h	diff1 \|	diff2 \|	blob \| history
contrib/wpa/src/ap/drv_callbacks.c	diff1 \|	diff2 \|	blob \| history
contrib/wpa/src/ap/gas_serv.c	diff1 \|	diff2 \|	blob \| history
contrib/wpa/src/ap/gas_serv.h	diff1 \|	diff2 \|	blob \| history
contrib/wpa/src/ap/hostapd.c	diff1 \|	diff2 \|	blob \| history
contrib/wpa/src/ap/hostapd.h	diff1 \|	diff2 \|	blob \| history
contrib/wpa/src/ap/hw_features.c	diff1 \|	diff2 \|	blob \| history
contrib/wpa/src/ap/ieee802_11.c	diff1 \|	diff2 \|	blob \| history
contrib/wpa/src/ap/ieee802_11.h	diff1 \|	diff2 \|	blob \| history
contrib/wpa/src/ap/ieee802_11_he.c	diff1 \|	diff2 \|	blob \| history
contrib/wpa/src/ap/ieee802_11_vht.c	diff1 \|	diff2 \|	blob \| history
contrib/wpa/src/ap/ieee802_1x.c	diff1 \|	diff2 \|	blob \| history
contrib/wpa/src/ap/ieee802_1x.h	diff1 \|	diff2 \|	blob \| history
contrib/wpa/src/ap/neighbor_db.c	diff1 \|	diff2 \|	blob \| history
contrib/wpa/src/ap/sta_info.c	diff1 \|	diff2 \|	blob \| history
contrib/wpa/src/ap/sta_info.h	diff1 \|	diff2 \|	blob \| history
contrib/wpa/src/ap/wmm.c	diff1 \|	diff2 \|	blob \| history
contrib/wpa/src/ap/wpa_auth.c	diff1 \|	diff2 \|	blob \| history
contrib/wpa/src/ap/wpa_auth.h	diff1 \|	diff2 \|	blob \| history
contrib/wpa/src/ap/wpa_auth_ft.c	diff1 \|	diff2 \|	blob \| history
contrib/wpa/src/ap/wpa_auth_glue.c	diff1 \|	diff2 \|	blob \| history
contrib/wpa/src/ap/wpa_auth_ie.c	diff1 \|	diff2 \|	blob \| history
contrib/wpa/src/ap/wpa_auth_kay.c	\|	diff2 \|	blob \| history
contrib/wpa/src/ap/wpa_auth_kay.h	\|	diff2 \|	blob \| history
contrib/wpa/src/common/dpp.c	diff1 \|	diff2 \|	blob \| history
contrib/wpa/src/common/dpp.h	diff1 \|	diff2 \|	blob \| history
contrib/wpa/src/common/dragonfly.c	\|	diff2 \|	blob \| history
contrib/wpa/src/common/dragonfly.h	\|	diff2 \|	blob \| history
contrib/wpa/src/common/hw_features_common.c	diff1 \|	diff2 \|	blob \| history
contrib/wpa/src/common/hw_features_common.h	diff1 \|	diff2 \|	blob \| history
contrib/wpa/src/common/ieee802_11_common.c	diff1 \|	diff2 \|	blob \| history
contrib/wpa/src/common/ieee802_11_common.h	diff1 \|	diff2 \|	blob \| history
contrib/wpa/src/common/ieee802_11_defs.h	diff1 \|	diff2 \|	blob \| history
contrib/wpa/src/common/qca-vendor.h	diff1 \|	diff2 \|	blob \| history
contrib/wpa/src/common/sae.c	diff1 \|	diff2 \|	blob \| history
contrib/wpa/src/common/sae.h	diff1 \|	diff2 \|	blob \| history
contrib/wpa/src/common/version.h	diff1 \|	diff2 \|	blob \| history
contrib/wpa/src/common/wpa_common.c	diff1 \|	diff2 \|	blob \| history
contrib/wpa/src/common/wpa_ctrl.h	diff1 \|	diff2 \|	blob \| history
contrib/wpa/src/crypto/aes_i.h	diff1 \|	diff2 \|	blob \| history
contrib/wpa/src/crypto/crypto.h	diff1 \|	diff2 \|	blob \| history
contrib/wpa/src/crypto/crypto_openssl.c	diff1 \|	diff2 \|	blob \| history
contrib/wpa/src/crypto/crypto_wolfssl.c	diff1 \|	diff2 \|	blob \| history
contrib/wpa/src/crypto/sha1-internal.c	diff1 \|	diff2 \|	blob \| history
contrib/wpa/src/crypto/sha1-prf.c	diff1 \|	diff2 \|	blob \| history
contrib/wpa/src/crypto/sha1-tlsprf.c	diff1 \|	diff2 \|	blob \| history
contrib/wpa/src/crypto/sha1-tprf.c	diff1 \|	diff2 \|	blob \| history
contrib/wpa/src/crypto/sha1.c	diff1 \|	diff2 \|	blob \| history
contrib/wpa/src/crypto/sha256-kdf.c	diff1 \|	diff2 \|	blob \| history
contrib/wpa/src/crypto/sha256-prf.c	diff1 \|	diff2 \|	blob \| history
contrib/wpa/src/crypto/sha256-tlsprf.c	diff1 \|	diff2 \|	blob \| history
contrib/wpa/src/crypto/sha256.h	diff1 \|	diff2 \|	blob \| history
contrib/wpa/src/crypto/sha384-kdf.c	diff1 \|	diff2 \|	blob \| history
contrib/wpa/src/crypto/sha384-prf.c	diff1 \|	diff2 \|	blob \| history
contrib/wpa/src/crypto/sha512-kdf.c	diff1 \|	diff2 \|	blob \| history
contrib/wpa/src/crypto/sha512-prf.c	diff1 \|	diff2 \|	blob \| history
contrib/wpa/src/crypto/tls.h	diff1 \|	diff2 \|	blob \| history
contrib/wpa/src/crypto/tls_openssl.c	diff1 \|	diff2 \|	blob \| history
contrib/wpa/src/crypto/tls_wolfssl.c	diff1 \|	diff2 \|	blob \| history
contrib/wpa/src/drivers/driver.h	diff1 \|	diff2 \|	blob \| history
contrib/wpa/src/drivers/driver_atheros.c	\|	diff2 \|	blob \| history
contrib/wpa/src/drivers/driver_bsd.c	diff1 \|	diff2 \|	blob \| history
contrib/wpa/src/drivers/driver_common.c	diff1 \|	diff2 \|	blob \| history
contrib/wpa/src/drivers/driver_hostap.c	\|	diff2 \|	blob \| history
contrib/wpa/src/drivers/driver_macsec_linux.c	diff1 \|	diff2 \|	blob \| history
contrib/wpa/src/drivers/driver_macsec_qca.c	diff1 \|	diff2 \|	blob \| history
contrib/wpa/src/drivers/driver_ndis.c	diff1 \|	diff2 \|	blob \| history
contrib/wpa/src/drivers/driver_nl80211.h	diff1 \|	diff2 \|	blob \| history
contrib/wpa/src/drivers/driver_nl80211_capa.c	diff1 \|	diff2 \|	blob \| history
contrib/wpa/src/drivers/driver_nl80211_event.c	diff1 \|	diff2 \|	blob \| history
contrib/wpa/src/drivers/driver_privsep.c	diff1 \|	diff2 \|	blob \| history
contrib/wpa/src/drivers/nl80211_copy.h	\|	diff2 \|	blob \| history
contrib/wpa/src/eap_common/eap_defs.h	diff1 \|	diff2 \|	blob \| history
contrib/wpa/src/eap_common/eap_pwd_common.c	diff1 \|	diff2 \|	blob \| history
contrib/wpa/src/eap_common/eap_sim_common.c	diff1 \|	diff2 \|	blob \| history
contrib/wpa/src/eap_common/eap_sim_common.h	diff1 \|	diff2 \|	blob \| history
contrib/wpa/src/eap_common/eap_teap_common.c	\|	diff2 \|	blob \| history
contrib/wpa/src/eap_common/eap_teap_common.h	\|	diff2 \|	blob \| history
contrib/wpa/src/eap_peer/eap.c	diff1 \|	diff2 \|	blob \| history
contrib/wpa/src/eap_peer/eap.h	diff1 \|	diff2 \|	blob \| history
contrib/wpa/src/eap_peer/eap_aka.c	diff1 \|	diff2 \|	blob \| history
contrib/wpa/src/eap_peer/eap_config.h	diff1 \|	diff2 \|	blob \| history
contrib/wpa/src/eap_peer/eap_eke.c	diff1 \|	diff2 \|	blob \| history
contrib/wpa/src/eap_peer/eap_leap.c	diff1 \|	diff2 \|	blob \| history
contrib/wpa/src/eap_peer/eap_methods.h	diff1 \|	diff2 \|	blob \| history
contrib/wpa/src/eap_peer/eap_peap.c	diff1 \|	diff2 \|	blob \| history
contrib/wpa/src/eap_peer/eap_pwd.c	diff1 \|	diff2 \|	blob \| history
contrib/wpa/src/eap_peer/eap_sim.c	diff1 \|	diff2 \|	blob \| history
contrib/wpa/src/eap_peer/eap_teap.c	\|	diff2 \|	blob \| history
contrib/wpa/src/eap_peer/eap_teap_pac.c	\|	diff2 \|	blob \| history
contrib/wpa/src/eap_peer/eap_teap_pac.h	\|	diff2 \|	blob \| history
contrib/wpa/src/eap_peer/eap_tls.c	diff1 \|	diff2 \|	blob \| history
contrib/wpa/src/eap_peer/eap_tls_common.c	diff1 \|	diff2 \|	blob \| history
contrib/wpa/src/eap_peer/eap_tls_common.h	diff1 \|	diff2 \|	blob \| history
contrib/wpa/src/eap_server/eap.h	diff1 \|	diff2 \|	blob \| history
contrib/wpa/src/eap_server/eap_i.h	diff1 \|	diff2 \|	blob \| history
contrib/wpa/src/eap_server/eap_methods.h	diff1 \|	diff2 \|	blob \| history
contrib/wpa/src/eap_server/eap_server.c	diff1 \|	diff2 \|	blob \| history
contrib/wpa/src/eap_server/eap_server_aka.c	diff1 \|	diff2 \|	blob \| history
contrib/wpa/src/eap_server/eap_server_pax.c	diff1 \|	diff2 \|	blob \| history
contrib/wpa/src/eap_server/eap_server_peap.c	diff1 \|	diff2 \|	blob \| history
contrib/wpa/src/eap_server/eap_server_pwd.c	diff1 \|	diff2 \|	blob \| history
contrib/wpa/src/eap_server/eap_server_sim.c	diff1 \|	diff2 \|	blob \| history
contrib/wpa/src/eap_server/eap_server_teap.c	\|	diff2 \|	blob \| history
contrib/wpa/src/eap_server/eap_server_tls.c	diff1 \|	diff2 \|	blob \| history
contrib/wpa/src/eap_server/eap_server_tls_common.c	diff1 \|	diff2 \|	blob \| history
contrib/wpa/src/eap_server/eap_tls_common.h	diff1 \|	diff2 \|	blob \| history
contrib/wpa/src/eapol_auth/eapol_auth_sm.c	diff1 \|	diff2 \|	blob \| history
contrib/wpa/src/eapol_auth/eapol_auth_sm.h	diff1 \|	diff2 \|	blob \| history
contrib/wpa/src/eapol_supp/eapol_supp_sm.c	diff1 \|	diff2 \|	blob \| history
contrib/wpa/src/eapol_supp/eapol_supp_sm.h	diff1 \|	diff2 \|	blob \| history
contrib/wpa/src/p2p/p2p.c	diff1 \|	diff2 \|	blob \| history
contrib/wpa/src/p2p/p2p_go_neg.c	diff1 \|	diff2 \|	blob \| history
contrib/wpa/src/p2p/p2p_i.h	diff1 \|	diff2 \|	blob \| history
contrib/wpa/src/pae/ieee802_1x_kay.c	diff1 \|	diff2 \|	blob \| history
contrib/wpa/src/radius/radius_server.c	diff1 \|	diff2 \|	blob \| history
contrib/wpa/src/radius/radius_server.h	diff1 \|	diff2 \|	blob \| history
contrib/wpa/src/rsn_supp/wpa.c	diff1 \|	diff2 \|	blob \| history
contrib/wpa/src/rsn_supp/wpa.h	diff1 \|	diff2 \|	blob \| history
contrib/wpa/src/rsn_supp/wpa_ft.c	diff1 \|	diff2 \|	blob \| history
contrib/wpa/src/rsn_supp/wpa_i.h	diff1 \|	diff2 \|	blob \| history
contrib/wpa/src/tls/asn1.c	diff1 \|	diff2 \|	blob \| history
contrib/wpa/src/tls/libtommath.c	diff1 \|	diff2 \|	blob \| history
contrib/wpa/src/tls/x509v3.c	diff1 \|	diff2 \|	blob \| history
contrib/wpa/src/utils/common.c	diff1 \|	diff2 \|	blob \| history
contrib/wpa/src/utils/common.h	diff1 \|	diff2 \|	blob \| history
contrib/wpa/src/utils/trace.c	diff1 \|	diff2 \|	blob \| history
contrib/wpa/src/utils/wpa_debug.c	diff1 \|	diff2 \|	blob \| history
contrib/wpa/src/wps/wps.h	diff1 \|	diff2 \|	blob \| history
contrib/wpa/wpa_supplicant/Android.mk	diff1 \|	diff2 \|	blob \| history
contrib/wpa/wpa_supplicant/ChangeLog	diff1 \|	diff2 \|	blob \| history
contrib/wpa/wpa_supplicant/README-DPP	diff1 \|	diff2 \|	blob \| history
contrib/wpa/wpa_supplicant/ap.c	diff1 \|	diff2 \|	blob \| history
contrib/wpa/wpa_supplicant/ap.h	diff1 \|	diff2 \|	blob \| history
contrib/wpa/wpa_supplicant/bss.c	diff1 \|	diff2 \|	blob \| history
contrib/wpa/wpa_supplicant/config.c	diff1 \|	diff2 \|	blob \| history
contrib/wpa/wpa_supplicant/config.h	diff1 \|	diff2 \|	blob \| history
contrib/wpa/wpa_supplicant/config_file.c	diff1 \|	diff2 \|	blob \| history
contrib/wpa/wpa_supplicant/config_ssid.h	diff1 \|	diff2 \|	blob \| history
contrib/wpa/wpa_supplicant/ctrl_iface.c	diff1 \|	diff2 \|	blob \| history
contrib/wpa/wpa_supplicant/dbus/dbus_new_helpers.c	diff1 \|	diff2 \|	blob \| history
contrib/wpa/wpa_supplicant/defconfig	diff1 \|	diff2 \|	blob \| history
contrib/wpa/wpa_supplicant/dpp_supplicant.c	diff1 \|	diff2 \|	blob \| history
contrib/wpa/wpa_supplicant/dpp_supplicant.h	diff1 \|	diff2 \|	blob \| history
contrib/wpa/wpa_supplicant/driver_i.h	diff1 \|	diff2 \|	blob \| history
contrib/wpa/wpa_supplicant/eap_register.c	diff1 \|	diff2 \|	blob \| history
contrib/wpa/wpa_supplicant/eapol_test.c	diff1 \|	diff2 \|	blob \| history
contrib/wpa/wpa_supplicant/events.c	diff1 \|	diff2 \|	blob \| history
contrib/wpa/wpa_supplicant/ibss_rsn.c	diff1 \|	diff2 \|	blob \| history
contrib/wpa/wpa_supplicant/interworking.c	diff1 \|	diff2 \|	blob \| history
contrib/wpa/wpa_supplicant/mesh.c	diff1 \|	diff2 \|	blob \| history
contrib/wpa/wpa_supplicant/mesh_mpm.c	diff1 \|	diff2 \|	blob \| history
contrib/wpa/wpa_supplicant/notify.c	diff1 \|	diff2 \|	blob \| history
contrib/wpa/wpa_supplicant/notify.h	diff1 \|	diff2 \|	blob \| history
contrib/wpa/wpa_supplicant/op_classes.c	diff1 \|	diff2 \|	blob \| history
contrib/wpa/wpa_supplicant/p2p_supplicant.c	diff1 \|	diff2 \|	blob \| history
contrib/wpa/wpa_supplicant/preauth_test.c	diff1 \|	diff2 \|	blob \| history
contrib/wpa/wpa_supplicant/rrm.c	diff1 \|	diff2 \|	blob \| history
contrib/wpa/wpa_supplicant/sme.c	diff1 \|	diff2 \|	blob \| history
contrib/wpa/wpa_supplicant/wnm_sta.c	diff1 \|	diff2 \|	blob \| history
contrib/wpa/wpa_supplicant/wpa_cli.c	diff1 \|	diff2 \|	blob \| history
contrib/wpa/wpa_supplicant/wpa_supplicant.c	diff1 \|	diff2 \|	blob \| history
contrib/wpa/wpa_supplicant/wpa_supplicant.conf	diff1 \|	diff2 \|	blob \| history
contrib/wpa/wpa_supplicant/wpa_supplicant_i.h	diff1 \|	diff2 \|	blob \| history
contrib/wpa/wpa_supplicant/wpas_glue.c	diff1 \|	diff2 \|	blob \| history