head 1.1; branch 1.1.1; access; symbols netbsd-11-0-RC5:1.1.1.2 netbsd-11-0-RC4:1.1.1.2 netbsd-11-0-RC3:1.1.1.2 netbsd-11-0-RC2:1.1.1.2 netbsd-11-0-RC1:1.1.1.2 perseant-exfatfs-base-20250801:1.1.1.2 netbsd-11:1.1.1.2.0.2 netbsd-11-base:1.1.1.2 netbsd-10-1-RELEASE:1.1.1.1 v2_11:1.1.1.2 perseant-exfatfs-base-20240630:1.1.1.1 perseant-exfatfs:1.1.1.1.0.58 perseant-exfatfs-base:1.1.1.1 netbsd-8-3-RELEASE:1.1.1.1 netbsd-9-4-RELEASE:1.1.1.1 netbsd-10-0-RELEASE:1.1.1.1 netbsd-10-0-RC6:1.1.1.1 netbsd-10-0-RC5:1.1.1.1 netbsd-10-0-RC4:1.1.1.1 netbsd-10-0-RC3:1.1.1.1 netbsd-10-0-RC2:1.1.1.1 netbsd-10-0-RC1:1.1.1.1 netbsd-10:1.1.1.1.0.56 netbsd-10-base:1.1.1.1 netbsd-9-3-RELEASE:1.1.1.1 cjep_sun2x-base1:1.1.1.1 cjep_sun2x:1.1.1.1.0.54 cjep_sun2x-base:1.1.1.1 cjep_staticlib_x-base1:1.1.1.1 netbsd-9-2-RELEASE:1.1.1.1 cjep_staticlib_x:1.1.1.1.0.52 cjep_staticlib_x-base:1.1.1.1 v2_9:1.1.1.1 netbsd-9-1-RELEASE:1.1.1.1 phil-wifi-20200421:1.1.1.1 phil-wifi-20200411:1.1.1.1 is-mlppp:1.1.1.1.0.50 is-mlppp-base:1.1.1.1 phil-wifi-20200406:1.1.1.1 netbsd-8-2-RELEASE:1.1.1.1 netbsd-9-0-RELEASE:1.1.1.1 netbsd-9-0-RC2:1.1.1.1 netbsd-9-0-RC1:1.1.1.1 phil-wifi-20191119:1.1.1.1 netbsd-9:1.1.1.1.0.48 netbsd-9-base:1.1.1.1 phil-wifi-20190609:1.1.1.1 netbsd-8-1-RELEASE:1.1.1.1 netbsd-8-1-RC1:1.1.1.1 pgoyette-compat-merge-20190127:1.1.1.1 pgoyette-compat-20190127:1.1.1.1 pgoyette-compat-20190118:1.1.1.1 v2_7:1.1.1.1 pgoyette-compat-1226:1.1.1.1 pgoyette-compat-1126:1.1.1.1 pgoyette-compat-1020:1.1.1.1 pgoyette-compat-0930:1.1.1.1 pgoyette-compat-0906:1.1.1.1 netbsd-7-2-RELEASE:1.1.1.1 pgoyette-compat-0728:1.1.1.1 netbsd-8-0-RELEASE:1.1.1.1 phil-wifi:1.1.1.1.0.46 phil-wifi-base:1.1.1.1 pgoyette-compat-0625:1.1.1.1 netbsd-8-0-RC2:1.1.1.1 pgoyette-compat-0521:1.1.1.1 pgoyette-compat-0502:1.1.1.1 pgoyette-compat-0422:1.1.1.1 netbsd-8-0-RC1:1.1.1.1 pgoyette-compat-0415:1.1.1.1 pgoyette-compat-0407:1.1.1.1 pgoyette-compat-0330:1.1.1.1 pgoyette-compat-0322:1.1.1.1 pgoyette-compat-0315:1.1.1.1 netbsd-7-1-2-RELEASE:1.1.1.1 pgoyette-compat:1.1.1.1.0.44 pgoyette-compat-base:1.1.1.1 netbsd-7-1-1-RELEASE:1.1.1.1 matt-nb8-mediatek:1.1.1.1.0.42 matt-nb8-mediatek-base:1.1.1.1 perseant-stdc-iso10646:1.1.1.1.0.40 perseant-stdc-iso10646-base:1.1.1.1 netbsd-8:1.1.1.1.0.38 netbsd-8-base:1.1.1.1 prg-localcount2-base3:1.1.1.1 prg-localcount2-base2:1.1.1.1 prg-localcount2-base1:1.1.1.1 prg-localcount2:1.1.1.1.0.36 prg-localcount2-base:1.1.1.1 pgoyette-localcount-20170426:1.1.1.1 bouyer-socketcan-base1:1.1.1.1 pgoyette-localcount-20170320:1.1.1.1 netbsd-7-1:1.1.1.1.0.34 netbsd-7-1-RELEASE:1.1.1.1 netbsd-7-1-RC2:1.1.1.1 netbsd-7-nhusb-base-20170116:1.1.1.1 bouyer-socketcan:1.1.1.1.0.32 bouyer-socketcan-base:1.1.1.1 pgoyette-localcount-20170107:1.1.1.1 netbsd-7-1-RC1:1.1.1.1 v2_6:1.1.1.1 pgoyette-localcount-20161104:1.1.1.1 netbsd-7-0-2-RELEASE:1.1.1.1 localcount-20160914:1.1.1.1 netbsd-7-nhusb:1.1.1.1.0.30 netbsd-7-nhusb-base:1.1.1.1 pgoyette-localcount-20160806:1.1.1.1 pgoyette-localcount-20160726:1.1.1.1 pgoyette-localcount:1.1.1.1.0.28 pgoyette-localcount-base:1.1.1.1 netbsd-7-0-1-RELEASE:1.1.1.1 netbsd-7-0:1.1.1.1.0.26 netbsd-7-0-RELEASE:1.1.1.1 netbsd-7-0-RC3:1.1.1.1 netbsd-7-0-RC2:1.1.1.1 netbsd-7-0-RC1:1.1.1.1 v2_4:1.1.1.1 v2_3:1.1.1.1 netbsd-6-0-6-RELEASE:1.1.1.1 netbsd-6-1-5-RELEASE:1.1.1.1 netbsd-7:1.1.1.1.0.24 netbsd-7-base:1.1.1.1 yamt-pagecache-base9:1.1.1.1 yamt-pagecache-tag8:1.1.1.1 netbsd-6-1-4-RELEASE:1.1.1.1 netbsd-6-0-5-RELEASE:1.1.1.1 tls-earlyentropy:1.1.1.1.0.22 tls-earlyentropy-base:1.1.1.1 riastradh-xf86-video-intel-2-7-1-pre-2-21-15:1.1.1.1 riastradh-drm2-base3:1.1.1.1 netbsd-6-1-3-RELEASE:1.1.1.1 netbsd-6-0-4-RELEASE:1.1.1.1 v2_0:1.1.1.1 netbsd-6-1-2-RELEASE:1.1.1.1 netbsd-6-0-3-RELEASE:1.1.1.1 netbsd-6-1-1-RELEASE:1.1.1.1 riastradh-drm2-base2:1.1.1.1 riastradh-drm2-base1:1.1.1.1 riastradh-drm2:1.1.1.1.0.16 v1_1:1.1.1.1 riastradh-drm2-base:1.1.1.1 netbsd-6-1:1.1.1.1.0.20 netbsd-6-0-2-RELEASE:1.1.1.1 netbsd-6-1-RELEASE:1.1.1.1 netbsd-6-1-RC4:1.1.1.1 netbsd-6-1-RC3:1.1.1.1 agc-symver:1.1.1.1.0.18 agc-symver-base:1.1.1.1 netbsd-6-1-RC2:1.1.1.1 netbsd-6-1-RC1:1.1.1.1 yamt-pagecache-base8:1.1.1.1 netbsd-6-0-1-RELEASE:1.1.1.1 yamt-pagecache-base7:1.1.1.1 matt-nb6-plus-nbase:1.1.1.1 yamt-pagecache-base6:1.1.1.1 netbsd-6-0:1.1.1.1.0.14 netbsd-6-0-RELEASE:1.1.1.1 v1_0:1.1.1.1 netbsd-6-0-RC2:1.1.1.1 tls-maxphys:1.1.1.1.0.12 tls-maxphys-base:1.1.1.1 matt-nb6-plus:1.1.1.1.0.10 matt-nb6-plus-base:1.1.1.1 netbsd-6-0-RC1:1.1.1.1 yamt-pagecache-base5:1.1.1.1 yamt-pagecache-base4:1.1.1.1 netbsd-6:1.1.1.1.0.8 netbsd-6-base:1.1.1.1 yamt-pagecache-base3:1.1.1.1 yamt-pagecache-base2:1.1.1.1 yamt-pagecache:1.1.1.1.0.6 yamt-pagecache-base:1.1.1.1 v0_7_3:1.1.1.1 cherry-xenmp:1.1.1.1.0.4 cherry-xenmp-base:1.1.1.1 bouyer-quota2-nbase:1.1.1.1 bouyer-quota2:1.1.1.1.0.2 bouyer-quota2-base:1.1.1.1 matt-mips64-premerge-20101231:1.1.1.1 v0_7_2:1.1.1.1 MALINEN:1.1.1; locks; strict; comment @# @; 1.1 date 2010.08.04.10.22.38; author christos; state Exp; branches 1.1.1.1; next ; 1.1.1.1 date 2010.08.04.10.22.38; author christos; state Exp; branches 1.1.1.1.58.1; next 1.1.1.2; 1.1.1.2 date 2024.09.18.15.02.55; author christos; state Exp; branches; next ; commitid VitRusbKkuz5DiqF; 1.1.1.1.58.1 date 2025.08.02.05.24.25; author perseant; state Exp; branches; next ; commitid 23j6GFaDws3O875G; desc @@ 1.1 log @Initial revision @ text @# Makefile for Microsoft nmake to build wpa_supplicant # This can be run in Visual Studio 2005 Command Prompt # Note: Make sure that cl.exe is configured to include Platform SDK # include and lib directories (vsvars32.bat) all: wpa_supplicant.exe wpa_cli.exe wpa_passphrase.exe wpasvc.exe win_if_list.exe # Root directory for WinPcap developer's pack # (http://www.winpcap.org/install/bin/WpdPack_3_1.zip) WINPCAPDIR=C:\dev\WpdPack # Root directory for OpenSSL # (http://www.openssl.org/source/openssl-0.9.8a.tar.gz) # Build and installed following instructions in INSTALL.W32 # Note: If EAP-FAST is included in the build, OpenSSL needs to be patched to # support it (openssl-tls-extensions.patch) # Alternatively, see README-Windows.txt for information about binary # installation package for OpenSSL. OPENSSLDIR=C:\dev\openssl CC = cl OBJDIR = objs CFLAGS = /DCONFIG_NATIVE_WINDOWS CFLAGS = $(CFLAGS) /DCONFIG_NDIS_EVENTS_INTEGRATED CFLAGS = $(CFLAGS) /DCONFIG_ANSI_C_EXTRA CFLAGS = $(CFLAGS) /DCONFIG_WINPCAP CFLAGS = $(CFLAGS) /DIEEE8021X_EAPOL CFLAGS = $(CFLAGS) /DPKCS12_FUNCS CFLAGS = $(CFLAGS) /DEAP_MD5 CFLAGS = $(CFLAGS) /DEAP_TLS CFLAGS = $(CFLAGS) /DEAP_MSCHAPv2 CFLAGS = $(CFLAGS) /DEAP_PEAP CFLAGS = $(CFLAGS) /DEAP_TTLS CFLAGS = $(CFLAGS) /DEAP_GTC CFLAGS = $(CFLAGS) /DEAP_OTP CFLAGS = $(CFLAGS) /DEAP_SIM CFLAGS = $(CFLAGS) /DEAP_LEAP CFLAGS = $(CFLAGS) /DEAP_PSK CFLAGS = $(CFLAGS) /DEAP_AKA #CFLAGS = $(CFLAGS) /DEAP_FAST CFLAGS = $(CFLAGS) /DEAP_PAX CFLAGS = $(CFLAGS) /DEAP_TNC CFLAGS = $(CFLAGS) /DPCSC_FUNCS CFLAGS = $(CFLAGS) /DCONFIG_CTRL_IFACE CFLAGS = $(CFLAGS) /DCONFIG_CTRL_IFACE_NAMED_PIPE CFLAGS = $(CFLAGS) /DCONFIG_DRIVER_NDIS CFLAGS = $(CFLAGS) /I..\src /I..\src\utils CFLAGS = $(CFLAGS) /I. CFLAGS = $(CFLAGS) /DWIN32 CFLAGS = $(CFLAGS) /Fo$(OBJDIR)\\ /c CFLAGS = $(CFLAGS) /W3 #CFLAGS = $(CFLAGS) /WX # VS 2005 complains about lot of deprecated string functions; let's ignore them # at least for now since snprintf and strncpy can be used in a safe way CFLAGS = $(CFLAGS) /D_CRT_SECURE_NO_DEPRECATE OBJS = \ $(OBJDIR)\os_win32.obj \ $(OBJDIR)\eloop_win.obj \ $(OBJDIR)\sha1.obj \ $(OBJDIR)\sha1-tlsprf.obj \ $(OBJDIR)\sha1-pbkdf2.obj \ $(OBJDIR)\md5.obj \ $(OBJDIR)\aes-cbc.obj \ $(OBJDIR)\aes-ctr.obj \ $(OBJDIR)\aes-eax.obj \ $(OBJDIR)\aes-encblock.obj \ $(OBJDIR)\aes-omac1.obj \ $(OBJDIR)\aes-unwrap.obj \ $(OBJDIR)\aes-wrap.obj \ $(OBJDIR)\common.obj \ $(OBJDIR)\wpa_debug.obj \ $(OBJDIR)\wpabuf.obj \ $(OBJDIR)\wpa_supplicant.obj \ $(OBJDIR)\wpa.obj \ $(OBJDIR)\wpa_common.obj \ $(OBJDIR)\wpa_ie.obj \ $(OBJDIR)\preauth.obj \ $(OBJDIR)\pmksa_cache.obj \ $(OBJDIR)\eapol_supp_sm.obj \ $(OBJDIR)\eap.obj \ $(OBJDIR)\eap_common.obj \ $(OBJDIR)\chap.obj \ $(OBJDIR)\eap_methods.obj \ $(OBJDIR)\eap_md5.obj \ $(OBJDIR)\eap_tls.obj \ $(OBJDIR)\eap_tls_common.obj \ $(OBJDIR)\eap_mschapv2.obj \ $(OBJDIR)\mschapv2.obj \ $(OBJDIR)\eap_peap.obj \ $(OBJDIR)\eap_peap_common.obj \ $(OBJDIR)\eap_ttls.obj \ $(OBJDIR)\eap_gtc.obj \ $(OBJDIR)\eap_otp.obj \ $(OBJDIR)\eap_leap.obj \ $(OBJDIR)\eap_sim.obj \ $(OBJDIR)\eap_sim_common.obj \ $(OBJDIR)\eap_aka.obj \ $(OBJDIR)\eap_pax.obj \ $(OBJDIR)\eap_pax_common.obj \ $(OBJDIR)\eap_psk.obj \ $(OBJDIR)\eap_psk_common.obj \ $(OBJDIR)\eap_tnc.obj \ $(OBJDIR)\tncc.obj \ $(OBJDIR)\base64.obj \ $(OBJDIR)\ctrl_iface.obj \ $(OBJDIR)\ctrl_iface_named_pipe.obj \ $(OBJDIR)\driver_ndis.obj \ $(OBJDIR)\driver_ndis_.obj \ $(OBJDIR)\scan_helpers.obj \ $(OBJDIR)\events.obj \ $(OBJDIR)\blacklist.obj \ $(OBJDIR)\scan.obj \ $(OBJDIR)\wpas_glue.obj \ $(OBJDIR)\eap_register.obj \ $(OBJDIR)\config.obj \ $(OBJDIR)\l2_packet_winpcap.obj \ $(OBJDIR)\tls_openssl.obj \ $(OBJDIR)\ms_funcs.obj \ $(OBJDIR)\crypto_openssl.obj \ $(OBJDIR)\fips_prf_openssl.obj \ $(OBJDIR)\pcsc_funcs.obj \ $(OBJDIR)\notify.obj \ $(OBJDIR)\ndis_events.obj # OBJS = $(OBJS) $(OBJDIR)\eap_fast.obj OBJS_t = $(OBJS) \ $(OBJDIR)\eapol_test.obj \ $(OBJDIR)\radius.obj \ $(OBJDIR)\radius_client.obj \ $(OBJDIR)\config_file.obj $(OBJDIR)\base64.obj OBJS_t2 = $(OBJS) \ $(OBJDIR)\preauth_test.obj \ $(OBJDIR)\config_file.obj $(OBJDIR)\base64.obj OBJS2 = $(OBJDIR)\drivers.obj \ $(OBJDIR)\config_file.obj \ $(OBJS2) $(OBJDIR)\main.obj OBJS3 = $(OBJDIR)\drivers.obj \ $(OBJDIR)\config_winreg.obj \ $(OBJS3) $(OBJDIR)\main_winsvc.obj OBJS_c = \ $(OBJDIR)\os_win32.obj \ $(OBJDIR)\wpa_cli.obj \ $(OBJDIR)\wpa_ctrl.obj \ $(OBJDIR)\common.obj OBJS_p = \ $(OBJDIR)\os_win32.obj \ $(OBJDIR)\common.obj \ $(OBJDIR)\wpa_debug.obj \ $(OBJDIR)\wpabuf.obj \ $(OBJDIR)\sha1.obj \ $(OBJDIR)\md5.obj \ $(OBJDIR)\crypto_openssl.obj \ $(OBJDIR)\sha1-pbkdf2.obj \ $(OBJDIR)\wpa_passphrase.obj LIBS = wbemuuid.lib libcmt.lib kernel32.lib uuid.lib ole32.lib oleaut32.lib \ ws2_32.lib Advapi32.lib Crypt32.lib Winscard.lib \ Packet.lib wpcap.lib \ libeay32.lib ssleay32.lib # If using Win32 OpenSSL binary installation from Shining Light Productions, # replace the last line with this for dynamic libraries # libeay32MT.lib ssleay32MT.lib # and this for static libraries # libeay32MT.lib ssleay32MT.lib Gdi32.lib User32.lib CFLAGS = $(CFLAGS) /I"$(WINPCAPDIR)/Include" /I"$(OPENSSLDIR)\include" LFLAGS = /libpath:"$(WINPCAPDIR)\Lib" /libpath:"$(OPENSSLDIR)\lib" wpa_supplicant.exe: $(OBJDIR) $(OBJS) $(OBJS2) link.exe /out:wpa_supplicant.exe $(LFLAGS) $(OBJS) $(OBJS2) $(LIBS) wpasvc.exe: $(OBJDIR) $(OBJS) $(OBJS3) link.exe /out:wpasvc.exe $(LFLAGS) $(OBJS) $(OBJS3) $(LIBS) wpa_cli.exe: $(OBJDIR) $(OBJS_c) link.exe /out:wpa_cli.exe $(LFLAGS) $(OBJS_c) $(LIBS) wpa_passphrase.exe: $(OBJDIR) $(OBJS_p) link.exe /out:wpa_passphrase.exe $(LFLAGS) $(OBJS_p) $(LIBS) eapol_test.exe: $(OBJDIR) $(OBJS_t) link.exe /out:eapol_test.exe $(LFLAGS) $(OBJS_t) $(LIBS) preauth_test.exe: $(OBJDIR) $(OBJS_t2) link.exe /out:preauth_test.exe $(LFLAGS) $(OBJS_t2) $(LIBS) win_if_list.exe: $(OBJDIR) $(OBJDIR)\win_if_list.obj link.exe /out:win_if_list.exe $(LFLAGS) $(OBJDIR)\win_if_list.obj $(LIBS) {..\src\utils}.c{$(OBJDIR)}.obj:: $(CC) $(CFLAGS) $< {..\src\common}.c{$(OBJDIR)}.obj:: $(CC) $(CFLAGS) $< {..\src\rsn_supp}.c{$(OBJDIR)}.obj:: $(CC) $(CFLAGS) $< {..\src\eapol_supp}.c{$(OBJDIR)}.obj:: $(CC) $(CFLAGS) $< {..\src\crypto}.c{$(OBJDIR)}.obj:: $(CC) $(CFLAGS) $< {..\src\eap_peer}.c{$(OBJDIR)}.obj:: $(CC) $(CFLAGS) $< {..\src\eap_common}.c{$(OBJDIR)}.obj:: $(CC) $(CFLAGS) $< {..\src\drivers}.c{$(OBJDIR)}.obj:: $(CC) $(CFLAGS) $< {..\src\l2_packet}.c{$(OBJDIR)}.obj:: $(CC) $(CFLAGS) $< {.\}.c{$(OBJDIR)}.obj:: $(CC) $(CFLAGS) $< {.\}.cpp{$(OBJDIR)}.obj:: $(CC) $(CFLAGS) $< $(OBJDIR): if not exist "$(OBJDIR)" mkdir "$(OBJDIR)" clean: erase $(OBJDIR)\*.obj wpa_supplicant.exe @ 1.1.1.1 log @Import wpa_supplicant and hostapd @ text @@ 1.1.1.1.58.1 log @Sync with HEAD @ text @d117 1 a117 1 $(OBJDIR)\bssid_ignore.obj \ @ 1.1.1.2 log @Import wpa_supplicant hand hostapd 2.11. Previous was 2.9 1. Changes for hostapd: 2024-07-20 - v2.11 * Wi-Fi Easy Connect - add support for DPP release 3 - allow Configurator parameters to be provided during config exchange * HE/IEEE 802.11ax/Wi-Fi 6 - various fixes * EHT/IEEE 802.11be/Wi-Fi 7 - add preliminary support * SAE: add support for fetching the password from a RADIUS server * support OpenSSL 3.0 API changes * support background radar detection and CAC with some additional drivers * support RADIUS ACL/PSK check during 4-way handshake (wpa_psk_radius=3) * EAP-SIM/AKA: support IMSI privacy * improve 4-way handshake operations - use Secure=1 in message 3 during PTK rekeying * OCV: do not check Frequency Segment 1 Channel Number for 160 MHz cases to avoid interoperability issues * support new SAE AKM suites with variable length keys * support new AKM for 802.1X/EAP with SHA384 * extend PASN support for secure ranging * FT: Use SHA256 to derive PMKID for AKM 00-0F-AC:3 (FT-EAP) - this is based on additional details being added in the IEEE 802.11 standard - the new implementation is not backwards compatible * improved ACS to cover additional channel types/bandwidths * extended Multiple BSSID support * fix beacon protection with FT protocol (incorrect BIGTK was provided) * support unsynchronized service discovery (USD) * add preliminary support for RADIUS/TLS * add support for explicit SSID protection in 4-way handshake (a mitigation for CVE-2023-52424; disabled by default for now, can be enabled with ssid_protection=1) * fix SAE H2E rejected groups validation to avoid downgrade attacks * use stricter validation for some RADIUS messages * a large number of other fixes, cleanup, and extensions 2022-01-16 - v2.10 * SAE changes - improved protection against side channel attacks [https://w1.fi/security/2022-1/] - added option send SAE Confirm immediately (sae_config_immediate=1) after SAE Commit - added support for the hash-to-element mechanism (sae_pwe=1 or sae_pwe=2) - fixed PMKSA caching with OKC - added support for SAE-PK * EAP-pwd changes - improved protection against side channel attacks [https://w1.fi/security/2022-1/] * fixed WPS UPnP SUBSCRIBE handling of invalid operations [https://w1.fi/security/2020-1/] * fixed PMF disconnection protection bypass [https://w1.fi/security/2019-7/] * added support for using OpenSSL 3.0 * fixed various issues in experimental support for EAP-TEAP server * added configuration (max_auth_rounds, max_auth_rounds_short) to increase the maximum number of EAP message exchanges (mainly to support cases with very large certificates) for the EAP server * added support for DPP release 2 (Wi-Fi Device Provisioning Protocol) * extended HE (IEEE 802.11ax) support, including 6 GHz support * removed obsolete IAPP functionality * fixed EAP-FAST server with TLS GCM/CCM ciphers * dropped support for libnl 1.1 * added support for nl80211 control port for EAPOL frame TX/RX * fixed OWE key derivation with groups 20 and 21; this breaks backwards compatibility for these groups while the default group 19 remains backwards compatible; owe_ptk_workaround=1 can be used to enabled a a workaround for the group 20/21 backwards compatibility * added support for Beacon protection * added support for Extended Key ID for pairwise keys * removed WEP support from the default build (CONFIG_WEP=y can be used to enable it, if really needed) * added a build option to remove TKIP support (CONFIG_NO_TKIP=y) * added support for Transition Disable mechanism to allow the AP to automatically disable transition mode to improve security * added support for PASN * added EAP-TLS server support for TLS 1.3 (disabled by default for now) * a large number of other fixes, cleanup, and extensions 2. Changes for wpa_supplicant 2024-07-20 - v2.11 * Wi-Fi Easy Connect - add support for DPP release 3 - allow Configurator parameters to be provided during config exchange * MACsec - add support for GCM-AES-256 cipher suite - remove incorrect EAP Session-Id length constraint - add hardware offload support for additional drivers * HE/IEEE 802.11ax/Wi-Fi 6 - support BSS color updates - various fixes * EHT/IEEE 802.11be/Wi-Fi 7 - add preliminary support * support OpenSSL 3.0 API changes * improve EAP-TLS support for TLSv1.3 * EAP-SIM/AKA: support IMSI privacy * improve mitigation against DoS attacks when PMF is used * improve 4-way handshake operations - discard unencrypted EAPOL frames in additional cases - use Secure=1 in message 2 during PTK rekeying * OCV: do not check Frequency Segment 1 Channel Number for 160 MHz cases to avoid interoperability issues * support new SAE AKM suites with variable length keys * support new AKM for 802.1X/EAP with SHA384 * improve cross-AKM roaming with driver-based SME/BSS selection * PASN - extend support for secure ranging - allow PASN implementation to be used with external programs for Wi-Fi Aware * FT: Use SHA256 to derive PMKID for AKM 00-0F-AC:3 (FT-EAP) - this is based on additional details being added in the IEEE 802.11 standard - the new implementation is not backwards compatible, but PMKSA caching with FT-EAP was, and still is, disabled by default * support a pregenerated MAC (mac_addr=3) as an alternative mechanism for using per-network random MAC addresses * EAP-PEAP: require Phase 2 authentication by default (phase2_auth=1) to improve security for still unfortunately common invalid configurations that do not set ca_cert * extend SCS support for QoS Characteristics * extend MSCS support * support unsynchronized service discovery (USD) * add support for explicit SSID protection in 4-way handshake (a mitigation for CVE-2023-52424; disabled by default for now, can be enabled with ssid_protection=1) - in addition, verify SSID after key setup when beacon protection is used * fix SAE H2E rejected groups validation to avoid downgrade attacks * a large number of other fixes, cleanup, and extensions 2022-01-16 - v2.10 * SAE changes - improved protection against side channel attacks [https://w1.fi/security/2022-1/] - added support for the hash-to-element mechanism (sae_pwe=1 or sae_pwe=2); this is currently disabled by default, but will likely get enabled by default in the future - fixed PMKSA caching with OKC - added support for SAE-PK * EAP-pwd changes - improved protection against side channel attacks [https://w1.fi/security/2022-1/] * fixed P2P provision discovery processing of a specially constructed invalid frame [https://w1.fi/security/2021-1/] * fixed P2P group information processing of a specially constructed invalid frame [https://w1.fi/security/2020-2/] * fixed PMF disconnection protection bypass in AP mode [https://w1.fi/security/2019-7/] * added support for using OpenSSL 3.0 * increased the maximum number of EAP message exchanges (mainly to support cases with very large certificates) * fixed various issues in experimental support for EAP-TEAP peer * added support for DPP release 2 (Wi-Fi Device Provisioning Protocol) * a number of MKA/MACsec fixes and extensions * added support for SAE (WPA3-Personal) AP mode configuration * added P2P support for EDMG (IEEE 802.11ay) channels * fixed EAP-FAST peer with TLS GCM/CCM ciphers * improved throughput estimation and BSS selection * dropped support for libnl 1.1 * added support for nl80211 control port for EAPOL frame TX/RX * fixed OWE key derivation with groups 20 and 21; this breaks backwards compatibility for these groups while the default group 19 remains backwards compatible * added support for Beacon protection * added support for Extended Key ID for pairwise keys * removed WEP support from the default build (CONFIG_WEP=y can be used to enable it, if really needed) * added a build option to remove TKIP support (CONFIG_NO_TKIP=y) * added support for Transition Disable mechanism to allow the AP to automatically disable transition mode to improve security * extended D-Bus interface * added support for PASN * added a file-based backend for external password storage to allow secret information to be moved away from the main configuration file without requiring external tools * added EAP-TLS peer support for TLS 1.3 (disabled by default for now) * added support for SCS, MSCS, DSCP policy * changed driver interface selection to default to automatic fallback to other compiled in options * a large number of other fixes, cleanup, and extensions @ text @d117 1 a117 1 $(OBJDIR)\bssid_ignore.obj \ @