git: c3ec04ec6fbf - stable/12 - [wpa] Add support for hostapd/wpa_supplicant when WITHOUT_CRYPT=YES is enabled.
Cy Schubert
cy at FreeBSD.org
Mon Sep 13 21:13:00 UTC 2021
The branch stable/12 has been updated by cy:
URL: https://cgit.FreeBSD.org/src/commit/?id=c3ec04ec6fbfe7cdfe521e625f42a7daef567265
commit c3ec04ec6fbfe7cdfe521e625f42a7daef567265
Author: Adrian Chadd <adrian at FreeBSD.org>
AuthorDate: 2021-01-04 20:39:53 +0000
Commit: Cy Schubert <cy at FreeBSD.org>
CommitDate: 2021-09-13 21:12:02 +0000
[wpa] Add support for hostapd/wpa_supplicant when WITHOUT_CRYPT=YES
is enabled.
This builds wpa_supplicant / hostpad using internal encryption routines
rather than using libcrypt.
This has been supported in wpa for years now, however since we use
local makefiles for this, we bitrotted dependencies and configuration
options.
Reviewed by: emaste
Differential Revision: https://reviews.freebsd.org/D27958
(cherry picked from commit 7c5a624afae43c44d8e57eb8c5073b9b07f88064)
---
share/mk/src.opts.mk | 1 -
usr.sbin/wpa/Makefile.crypto | 31 +++++++++++++++++++++++++++++--
usr.sbin/wpa/hostapd/Makefile | 4 ++++
usr.sbin/wpa/wpa_supplicant/Makefile | 2 +-
4 files changed, 34 insertions(+), 4 deletions(-)
diff --git a/share/mk/src.opts.mk b/share/mk/src.opts.mk
index 58c3ebb4cf0f..4fd16579f863 100644
--- a/share/mk/src.opts.mk
+++ b/share/mk/src.opts.mk
@@ -519,7 +519,6 @@ MK_LDNS:= no
MK_PKGBOOTSTRAP:= no
MK_SVN:= no
MK_SVNLITE:= no
-MK_WIRELESS:= no
.endif
.if ${MK_LDNS} == "no"
diff --git a/usr.sbin/wpa/Makefile.crypto b/usr.sbin/wpa/Makefile.crypto
index 8f7965d1dece..71ae76dfb0cc 100644
--- a/usr.sbin/wpa/Makefile.crypto
+++ b/usr.sbin/wpa/Makefile.crypto
@@ -16,9 +16,13 @@ CONFIG_INTERNAL_RC4=y
CONFIG_INTERNAL_SHA1=y
NEED_SHA256=y
CONFIG_INTERNAL_SHA256=y
+NEED_SHA384=y
+CONFIG_INTERNAL_SHA384=y
+NEED_SHA512=y
+CONFIG_INTERNAL_SHA512=y
CONFIG_INTERNAL_TLS=y
+NEED_DH_GROUPS=y
CONFIG_INTERNAL_DH5=y
-CONFIG_INTERNAL_DH=y
NEED_AES_ENC=true
NEED_AES_CBC=true
.endif
@@ -45,6 +49,7 @@ SRCS+= asn1.c \
tlsv1_client.c \
tlsv1_client_write.c \
tlsv1_client_read.c \
+ tlsv1_client_ocsp.c \
x509v3.c
NEED_DES=y
NEED_MD4=y
@@ -123,14 +128,36 @@ SRCS+= sha256-internal.c sha256-prf.c
.endif
.endif
+.if defined(NEED_SHA384)
+CFLAGS+=-DCONFIG_SHA384
+SRCS+= sha384.c
+.if defined(CONFIG_INTERNAL_SHA384)
+SRCS+= sha384-internal.c sha384-prf.c
+.endif
+.endif
+
+.if defined(NEED_SHA512)
+CFLAGS+=-DCONFIG_SHA512
+SRCS+= sha512.c
+.if defined(CONFIG_INTERNAL_SHA512)
+SRCS+= sha512-internal.c sha512-prf.c
+.endif
+.endif
+
.if defined(NEED_TLS_PRF)
SRCS+= sha1-tlsprf.c
.endif
.if defined(CONFIG_INTERNAL_DH5)
+.if defined(NEED_DH_GROUPS)
SRCS+= dh_group5.c
.endif
+.endif
-.if defined(CONFIG_INTERNAL_DH)
+.if defined(NEED_DH_GROUPS)
SRCS+= dh_groups.c
.endif
+
+.if defined(NEED_DH_GROUPS_ALL)
+CFLAGS+=-DALL_DH_GROUPS
+.endif
diff --git a/usr.sbin/wpa/hostapd/Makefile b/usr.sbin/wpa/hostapd/Makefile
index f5d48a32046f..101ab80a4587 100644
--- a/usr.sbin/wpa/hostapd/Makefile
+++ b/usr.sbin/wpa/hostapd/Makefile
@@ -162,6 +162,10 @@ SRCS+= eap_server_gtc.c \
eapol_auth_sm.c
TLS_FUNCS=y
+# For WPS, EAP modes, etc
+NEED_DH_GROUPS=y
+NEED_DH_GROUPS_ALL=y
+
.if !empty(CFLAGS:M*-DCONFIG_WPS)
NEED_SIM_COMMON=y
.endif
diff --git a/usr.sbin/wpa/wpa_supplicant/Makefile b/usr.sbin/wpa/wpa_supplicant/Makefile
index 9cc49ac7fcfd..55b594d8b3e8 100644
--- a/usr.sbin/wpa/wpa_supplicant/Makefile
+++ b/usr.sbin/wpa/wpa_supplicant/Makefile
@@ -13,7 +13,7 @@ PROG= wpa_supplicant
SRCS= base64.c bitfield.c blacklist.c bss.c cli.c common.c \
config.c config_file.c \
ctrl_iface.c ctrl_iface_common.c ctrl_iface_unix.c \
- dh_groups.c driver_bsd.c driver_common.c \
+ driver_bsd.c driver_common.c \
driver_ndis.c driver_wired.c driver_wired_common.c drivers.c \
eap_register.c eloop.c \
events.c gas.c gas_query.c \
More information about the dev-commits-src-all
mailing list