src - FreeBSD source tree

diff options


context:
space:
mode:

author	Cy Schubert <cy@FreeBSD.org>	2019-05-01 01:43:17 +0000
committer	Cy Schubert <cy@FreeBSD.org>	2019-05-01 01:43:17 +0000
commit	1a1679562a940b8ec0f2189adb09f150e1405e09 (patch)
tree	3c5aaa9c84a3a27dcbcdd6740d929b6aa6e66f42 /usr.sbin/wpa
parent	27f437a5e77b45fdef388de281cebe2cadd2e2dd (diff)
download	src-1a1679562a940b8ec0f2189adb09f150e1405e09.tar.gz src-1a1679562a940b8ec0f2189adb09f150e1405e09.zip

MFC r341759, r341839, r346591:

The following five MFCs update wpa 2.6 --> 2.8. r341759: MFV r341618: Update wpa 2.6 --> 2.7. r341839: Set default ciphers. Submitted by: jkim@ r346591: Update wpa_supplicant/hostapd 2.7 --> 2.8 Upstream documents the following advisories: - https://w1.fi/security/2019-1/sae-side-channel-attacks.txt - https://w1.fi/security/2019-2/eap-pwd-side-channel-attack.txt - https://w1.fi/security/2019-3/sae-confirm-missing-state-validation.txt - https://w1.fi/security/2019-4/eap-pwd-missing-commit-validation.txt - https://w1.fi/security/2019-5/eap-pwd-message-reassembly-issue-\ with-unexpected-fragment.txt Security: CVE-2019-9494, VU#871675, CVE-2019-9495, CVE-2019-9496, CVE-2019-9497, CVE-2019-9498, CVE-2019-9499 Relnotes: yes

Notes

Notes: svn path=/stable/11/; revision=346981

Diffstat (limited to 'usr.sbin/wpa')

-rw-r--r--

usr.sbin/wpa/Makefile.crypto

-rw-r--r--

usr.sbin/wpa/Makefile.inc

-rw-r--r--

usr.sbin/wpa/hostapd/Makefile

117

-rw-r--r--

usr.sbin/wpa/wpa_cli/Makefile

-rw-r--r--

usr.sbin/wpa/wpa_supplicant/Makefile

5 files changed, 141 insertions, 65 deletions

diff --git a/usr.sbin/wpa/Makefile.crypto b/usr.sbin/wpa/Makefile.crypto
index 5c03f7d21d0e..8f7965d1dece 100644
--- a/usr.sbin/wpa/Makefile.crypto
+++ b/usr.sbin/wpa/Makefile.crypto

@@ -1,7 +1,8 @@

# $FreeBSD$

.if ${MK_OPENSSL} != "no" && !defined(RELEASE_CRUNCH)

-SRCS+= crypto_openssl.c random.c sha1-prf.c sha256-prf.c sha256-tlsprf.c

+SRCS+= crypto_openssl.c random.c sha1-prf.c sha256-prf.c sha256-tlsprf.c \

+ sha512.c

LIBADD+= ssl crypto

CFLAGS+= -DCONFIG_SHA256

.else

@@ -21,6 +22,7 @@ CONFIG_INTERNAL_DH=y

NEED_AES_ENC=true

NEED_AES_CBC=true

.endif

+NEED_AES_OMAC1=true

.if defined(TLS_FUNCS)

NEED_TLS_PRF=y

@@ -49,7 +51,7 @@ NEED_MD4=y

NEED_RC4=y

.else

CFLAGS+=-DEAP_TLS_OPENSSL

-SRCS+= tls_openssl.c

+SRCS+= tls_openssl.c tls_openssl_ocsp.c

.endif

diff --git a/usr.sbin/wpa/Makefile.inc b/usr.sbin/wpa/Makefile.inc
index ebde81533cef..c2e216c4b6c4 100644
--- a/usr.sbin/wpa/Makefile.inc
+++ b/usr.sbin/wpa/Makefile.inc

@@ -7,13 +7,10 @@ WPA_SUPPLICANT_DISTDIR?=${WPA_DISTDIR}/wpa_supplicant

HOSTAPD_DISTDIR?= ${WPA_DISTDIR}/hostapd

.PATH.c:${.CURDIR:H} \

- ${WPA_DISTDIR}/src/ap \

${WPA_DISTDIR}/src/common \

${WPA_DISTDIR}/src/crypto \

${WPA_DISTDIR}/src/eapol_auth \

${WPA_DISTDIR}/src/eap_common \

- ${WPA_DISTDIR}/src/eap_peer \

- ${WPA_DISTDIR}/src/eap_server \

${WPA_DISTDIR}/src/eapol_supp \

${WPA_DISTDIR}/src/l2_packet \

${WPA_DISTDIR}/src/radius \

@@ -35,5 +32,6 @@ CFLAGS+=-I${WPA_DISTDIR}/src/wps

CFLAGS+= -DCONFIG_CTRL_IFACE

CFLAGS+= -DCONFIG_CTRL_IFACE_UNIX

CFLAGS+= -DNEED_AP_MLME

+CFLAGS+= -DTLS_DEFAULT_CIPHERS=\"DEFAULT:!EXP:!LOW\"

.include <bsd.own.mk>

diff --git a/usr.sbin/wpa/hostapd/Makefile b/usr.sbin/wpa/hostapd/Makefile
index 63200fe72d8b..eace6cb74d3a 100644
--- a/usr.sbin/wpa/hostapd/Makefile
+++ b/usr.sbin/wpa/hostapd/Makefile

@@ -4,33 +4,90 @@

.include "../Makefile.inc"

.PATH.c:${HOSTAPD_DISTDIR} \

- ${WPA_DISTDIR}/src/drivers

+ ${WPA_DISTDIR}/src/ap \

+ ${WPA_DISTDIR}/src/eap_server \

+ ${WPA_DISTDIR}/src/eap_peer \

+ ${WPA_DISTDIR}/src/drivers \

+ ${WPA_DISTDIR}/wpa_supplicant

PROG= hostapd

-SRCS= accounting.c aes-omac1.c ap_config.c ap_drv_ops.c ap_list.c \

- ap_mlme.c authsrv.c \

- base64.c beacon.c bss_load.c chap.c common.c config_file.c \

+SRCS= accounting.c \

+ ap_config.c \

+ ap_drv_ops.c \

+ ap_list.c \

+ ap_mlme.c \

+ authsrv.c \

+ base64.c \

+ beacon.c \

+ bss_load.c \

+ chap.c \

+ common.c \

+ config_file.c \

ctrl_iface.c \

- ctrl_iface_ap.c ctrl_iface_common.c dfs.c \

- driver_common.c l2_packet_freebsd.c driver_bsd.c \

- drivers.c drv_callbacks.c eap_common.c eap_peap_common.c \

- eap_register.c eap_server.c eap_server_methods.c eap_user_db.c \

- eapol_auth_dump.c eapol_auth_sm.c eloop.c gas.c gas_serv.c hostapd.c \

- hs20.c http_client.c http_server.c httpread.c \

- hw_features.c hw_features_common.c \

- ieee802_11.c ieee802_11_auth.c ieee802_11_common.c \

- ieee802_11_shared.c ieee802_1x.c \

+ ctrl_iface_ap.c \

+ ctrl_iface_common.c \

+ dfs.c \

+ driver_bsd.c \

+ driver_common.c \

+ drivers.c \

+ drv_callbacks.c \

+ eloop.c \

+ gas.c \

+ gas_serv.c \

+ http_client.c \

+ http_server.c \

+ httpread.c \

+ hostapd.c \

+ hs20.c \

+ hw_features.c \

+ hw_features_common.c \

+ ieee802_11.c \

+ ieee802_11_auth.c \

+ ieee802_11_common.c \

+ ieee802_11_shared.c \

+ ieee802_1x.c \

ip_addr.c \

- main.c ms_funcs.c neighbor_db.c \

- os_unix.c peerkey_auth.c pmksa_cache_auth.c \

- preauth_auth.c radius.c radius_client.c radius_das.c rrm.c sta_info.c \

- tkip_countermeasures.c upnp_xml.c utils.c uuid.c \

- vlan.c vlan_ifconfig.c vlan_init.c wmm.c \

- wpa_auth.c wpa_auth_glue.c wpa_auth_ie.c wpa_common.c wpa_debug.c \

- wpabuf.c wps.c wps_attr_build.c wps_attr_parse.c wps_attr_process.c \

- wps_common.c wps_dev_attr.c wps_enrollee.c wps_hostapd.c \

- wps_registrar.c wps_upnp.c wps_upnp_ap.c wps_upnp_event.c \

- wps_upnp_ssdp.c wps_upnp_web.c

+ l2_packet_freebsd.c \

+ main.c \

+ ms_funcs.c \

+ neighbor_db.c \

+ os_unix.c \

+ pmksa_cache_auth.c \

+ preauth_auth.c \

+ radius.c \

+ radius_client.c \

+ radius_das.c \

+ rrm.c \

+ sta_info.c \

+ tkip_countermeasures.c \

+ upnp_xml.c \

+ utils.c \

+ uuid.c \

+ vlan.c \

+ vlan_ifconfig.c \

+ vlan_init.c \

+ wmm.c \

+ wpa_auth.c \

+ wpa_auth_glue.c \

+ wpa_auth_ie.c \

+ wpa_common.c \

+ wpa_ctrl.c \

+ wpa_debug.c \

+ wpabuf.c \

+ wps.c \

+ wps_attr_build.c \

+ wps_attr_process.c \

+ wps_attr_parse.c \

+ wps_common.c \

+ wps_dev_attr.c \

+ wps_enrollee.c \

+ wps_hostapd.c \

+ wps_registrar.c \

+ wps_upnp.c \

+ wps_upnp_ap.c \

+ wps_upnp_event.c \

+ wps_upnp_ssdp.c \

+ wps_upnp_web.c

MAN= hostapd.8 hostapd.conf.5

@@ -40,7 +97,9 @@ FILESDIR= ${SHAREDIR}/examples/hostapd

FILES= hostapd.conf hostapd.eap_user hostapd.wpa_psk

.endif

-CFLAGS+=-DCONFIG_DRIVER_BSD \

+CFLAGS+=-I${.CURDIR:H}/wpa_supplicant \

+ -I${WPA_DISTDIR}/src/eap_peer \

+ -DCONFIG_DRIVER_BSD \

-DCONFIG_DRIVER_RADIUS_ACL \

-DCONFIG_HS20 \

-DCONFIG_INTERWORKING \

@@ -75,15 +134,23 @@ CFLAGS+=-DDPKCS12_FUNCS \

-DEAP_TLS_FUNCS

SRCS+= eap_server_gtc.c \

+ eap_common.c \

+ eap_peap_common.c \

+ eap_register.c \

+ eap_server.c \

eap_server_identity.c \

eap_server_md5.c \

+ eap_server_methods.c \

eap_server_mschapv2.c \

eap_server_peap.c \

eap_server_tls.c \

eap_server_tls_common.c \

eap_server_ttls.c \

eap_server_wsc.c \

- eap_wsc_common.c

+ eap_user_db.c \

+ eap_wsc_common.c \

+ eapol_auth_dump.c \

+ eapol_auth_sm.c

TLS_FUNCS=y

.if !empty(CFLAGS:M*-DCONFIG_WPS)

diff --git a/usr.sbin/wpa/wpa_cli/Makefile b/usr.sbin/wpa/wpa_cli/Makefile
index e90d69f21acb..f6db85ee989e 100644
--- a/usr.sbin/wpa/wpa_cli/Makefile
+++ b/usr.sbin/wpa/wpa_cli/Makefile

@@ -1,21 +1,41 @@

# $FreeBSD$

+.include <src.opts.mk>

.include "../Makefile.inc"

-.PATH.c:${WPA_SUPPLICANT_DISTDIR}

+.PATH.c:${WPA_SUPPLICANT_DISTDIR} \

+ ${WPA_DISTDIR}/wpa_supplicant \

+ ${WPA_DISTDIR}/src/eap_peer \

+ ${WPA_DISTDIR}/src/drivers

PROG= wpa_cli

-SRCS= cli.c common.c edit.c eloop.c os_unix.c wpa_cli.c \

- wpa_ctrl.c wpa_debug.c

+SRCS= base64.c bitfield.c blacklist.c bss.c cli.c common.c config.c \

+ config_file.c \

+ ctrl_iface.c ctrl_iface_common.c ctrl_iface_unix.c \

+ drivers.c driver_common.c \

+ eap_register.c \

+ edit.c eloop.c events.c hw_features_common.c \

+ ieee802_11_common.c l2_packet_freebsd.c notify.c \

+ op_classes.c \

+ os_unix.c rrm.c scan.c wmm_ac.c \

+ wpa.c wpa_cli.c \

+ wpa_ctrl.c wpa_common.c \

+ wpa_debug.c wpa_ie.c wpa_supplicant.c wpabuf.c wpas_glue.c

MAN= wpa_cli.8

CFLAGS+= -DCONFIG_CTRL_IFACE

CFLAGS+= -DCONFIG_CTRL_IFACE_UNIX

+CFLAGS+= -DCONFIG_TLS=openssl

# enable use of d_type to identify unix domain sockets

CFLAGS+= -D_DIRENT_HAVE_D_TYPE

CFLAGS+= -DCONFIG_WPA_CLI_EDIT=y

-LIBADD+= util

+LIBADD+= pcap util

+TLS_FUNCS=y

+.include "../Makefile.crypto"

.include <bsd.prog.mk>

diff --git a/usr.sbin/wpa/wpa_supplicant/Makefile b/usr.sbin/wpa/wpa_supplicant/Makefile
index bdb8fa9488bf..673e45bec20e 100644
--- a/usr.sbin/wpa/wpa_supplicant/Makefile
+++ b/usr.sbin/wpa/wpa_supplicant/Makefile

@@ -5,41 +5,30 @@

.include "../Makefile.inc"

.PATH.c:${WPA_SUPPLICANT_DISTDIR} \

+ ${WPA_DISTDIR}/src/eap_peer \

${WPA_DISTDIR}/src/drivers

PROG= wpa_supplicant

-SRCS= accounting.c ap_drv_ops.c ap_config.c ap_list.c \

- ap_mlme.c \

- authsrv.c \

- base64.c beacon.c blacklist.c bss.c bss_load.c common.c config.c \

- config_file.c ctrl_iface.c ctrl_iface_common.c \

- ctrl_iface_unix.c dfs.c driver_bsd.c \

- driver_common.c driver_ndis.c driver_wired.c drivers.c \

- eap_register.c eapol_auth_sm.c eap_server_methods.c eap_server.c \

- eap_user_db.c \

- eloop.c events.c gas.c gas_query.c gas_serv.c hostapd.c hs20.c \

- hs20_supplicant.c http_client.c http_server.c httpread.c \

- hw_features.c hw_features_common.c \

- ieee802_11.c ieee802_11_auth.c ieee802_11_common.c \

- ieee802_11_shared.c ieee802_1x.c \

- interworking.c ip_addr.c l2_packet_freebsd.c main.c \

- neighbor_db.c \

- notify.c offchannel.c os_unix.c peerkey.c peerkey_auth.c \

- pmksa_cache.c \

- pmksa_cache_auth.c \

- preauth.c scan.c radius.c radius_client.c radius_das.c rrm.c \

- sta_info.c \

- tkip_countermeasures.c \

- upnp_xml.c utils.c uuid.c vlan.c vlan_ifconfig.c \

- vlan_init.c wmm.c wmm_ac.c \

- wpa.c wpa_auth.c wpa_auth_ft.c wpa_common.c wpa_debug.c \

- wpa_auth_glue.c wpa_auth_ie.c wpa_ft.c \

- wpa_ie.c wpa_supplicant.c wpabuf.c wpas_glue.c wps.c \

- wps_attr_build.c wps_attr_parse.c wps_attr_process.c \

- wps_common.c wps_dev_attr.c wps_enrollee.c wps_hostapd.c \

- wps_registrar.c \

+SRCS= base64.c bitfield.c blacklist.c bss.c cli.c common.c \

+ config.c config_file.c \

+ ctrl_iface.c ctrl_iface_common.c ctrl_iface_unix.c \

+ dh_groups.c driver_bsd.c driver_common.c \

+ driver_ndis.c driver_wired.c driver_wired_common.c drivers.c \

+ eap_register.c eap_wsc.c eap_wsc_common.c eloop.c \

+ events.c gas.c gas_query.c hs20_supplicant.c \

+ http_client.c http_server.c \

+ httpread.c hw_features_common.c \

+ ieee802_11_common.c interworking.c l2_packet_freebsd.c main.c \

+ notify.c offchannel.c op_classes.c os_unix.c pmksa_cache.c preauth.c \

+ rrm.c scan.c upnp_xml.c uuid.c \

+ wmm_ac.c wpa.c wpa_common.c wpa_ctrl.c \

+ wpa_debug.c wpa_ft.c wpa_ie.c wpa_supplicant.c wpabuf.c wpas_glue.c \

+ wps.c wps_attr_build.c wps_attr_parse.c wps_attr_process.c \

+ wps_common.c wps_dev_attr.c wps_enrollee.c wps_registrar.c \

wps_supplicant.c wps_upnp.c wps_upnp_ap.c wps_upnp_event.c \

- wps_upnp_ssdp.c wps_upnp_web.c Packet32.c

+ wps_upnp_ssdp.c wps_upnp_web.c \

+ Packet32.c

MAN= wpa_supplicant.8 wpa_supplicant.conf.5