From 167028b750028ae3dac24f5ff96bbb1ba04e8bd7 Mon Sep 17 00:00:00 2001 From: Hauke Mehrtens Date: Sat, 10 Aug 2019 16:49:34 +0200 Subject: [PATCH] hostapd: Update to version 2.9 (2019-08-08) The size of the ipkgs increase a bit (between 0.7% and 1.1%): old 2019-04-21 (2.8): 288264 wpad-basic_2019-04-21-63962824-1_mipsel_24kc.ipk 256188 wpad-mini_2019-04-21-63962824-1_mipsel_24kc.ipk 427475 wpad-openssl_2019-04-21-63962824-1_mipsel_24kc.ipk 423071 wpad-wolfssl_2019-04-21-63962824-1_mipsel_24kc.ipk new 2019-08-08 (2.9): 290217 wpad-basic_2019-08-08-ca8c2bd2-1_mipsel_24kc.ipk 258745 wpad-mini_2019-08-08-ca8c2bd2-1_mipsel_24kc.ipk 431732 wpad-openssl_2019-08-08-ca8c2bd2-1_mipsel_24kc.ipk 427641 wpad-wolfssl_2019-08-08-ca8c2bd2-1_mipsel_24kc.ipk Signed-off-by: Hauke Mehrtens --- package/network/services/hostapd/Makefile | 6 +- .../hostapd/files/hostapd-basic.config | 16 +- .../hostapd/files/hostapd-full.config | 16 +- .../hostapd/files/hostapd-mini.config | 16 +- .../hostapd/files/wpa_supplicant-basic.config | 13 ++ .../hostapd/files/wpa_supplicant-full.config | 13 ++ .../hostapd/files/wpa_supplicant-mini.config | 13 ++ .../hostapd/files/wpa_supplicant-p2p.config | 13 ++ ...ompletion-callback-to-complete-mesh-.patch | 18 +- ...-frequency-as-pri-sec-channel-switch.patch | 2 +- ...rnel-driver-DFS-handler-in-userspace.patch | 6 +- ...annel-attributes-before-running-Mesh.patch | 6 +- ...hannels-to-be-selected-if-dfs-is-ena.patch | 14 +- ...-do-not-allow-pri-sec-channel-switch.patch | 2 +- ...sh-do-not-use-offchan-mgmt-tx-on-DFS.patch | 6 +- ...-fix-channel-switch-error-during-CAC.patch | 12 +- ...18-mesh-make-forwarding-configurable.patch | 28 +-- ...ix-race-condition-in-mesh-mpm-new-pe.patch | 2 +- ...me_memcmp-for-pwd_value-prime-compar.patch | 26 --- ...t_time_memcmp-for-pwd_value-prime-co.patch | 65 ------- ...n2binpad-or-BN_bn2bin_padded-if-avai.patch | 61 ------- ...prf-result-processing-even-if-it-pri.patch | 54 ------ ...ugh-prf-result-processing-even-if-it.patch | 52 ------ ...e-use-of-groups-using-Brainpool-curv.patch | 44 ----- ...re-management-frame-from-unexpected-.patch | 2 +- .../hostapd/patches/110-no_eapol_fix.patch | 2 +- .../hostapd/patches/200-multicall.patch | 48 ++--- .../services/hostapd/patches/300-noscan.patch | 4 +- .../hostapd/patches/301-mesh-noscan.patch | 10 +- .../patches/310-rescan_immediately.patch | 2 +- .../patches/330-nl80211_fix_set_freq.patch | 4 +- .../patches/340-reload_freq_change.patch | 26 +-- .../341-mesh-ctrl-iface-channel-switch.patch | 2 +- .../patches/350-nl80211_del_beacon_bss.patch | 10 +- .../patches/360-ctrl_iface_reload.patch | 4 +- .../hostapd/patches/370-ap_sta_support.patch | 167 +----------------- .../patches/380-disable_ctrl_iface_mib.patch | 30 ++-- .../patches/390-wpa_ie_cap_workaround.patch | 4 +- .../patches/410-limit_debug_messages.patch | 12 +- .../patches/420-indicate-features.patch | 4 +- .../patches/430-hostapd_cli_ifdef.patch | 4 +- ...dd-new-config-params-to-be-used-with.patch | 6 +- ...-use-new-parameters-during-ibss-join.patch | 4 +- .../patches/463-add-mcast_rate-to-11s.patch | 8 +- .../patches/464-fix-mesh-obss-check.patch | 2 +- .../patches/500-lto-jobserver-support.patch | 4 +- .../hostapd/patches/600-ubus_support.patch | 48 ++--- 47 files changed, 272 insertions(+), 639 deletions(-) delete mode 100644 package/network/services/hostapd/patches/066-0001-SAE-Use-const_time_memcmp-for-pwd_value-prime-compar.patch delete mode 100644 package/network/services/hostapd/patches/066-0002-EAP-pwd-Use-const_time_memcmp-for-pwd_value-prime-co.patch delete mode 100644 package/network/services/hostapd/patches/066-0003-OpenSSL-Use-BN_bn2binpad-or-BN_bn2bin_padded-if-avai.patch delete mode 100644 package/network/services/hostapd/patches/066-0004-SAE-Run-through-prf-result-processing-even-if-it-pri.patch delete mode 100644 package/network/services/hostapd/patches/066-0005-EAP-pwd-Run-through-prf-result-processing-even-if-it.patch delete mode 100644 package/network/services/hostapd/patches/066-0006-dragonfly-Disable-use-of-groups-using-Brainpool-curv.patch diff --git a/package/network/services/hostapd/Makefile b/package/network/services/hostapd/Makefile index 1697038ccc67..a723af2c5fba 100644 --- a/package/network/services/hostapd/Makefile +++ b/package/network/services/hostapd/Makefile @@ -11,9 +11,9 @@ PKG_RELEASE:=1 PKG_SOURCE_URL:=http://w1.fi/hostap.git PKG_SOURCE_PROTO:=git -PKG_SOURCE_DATE:=2019-04-21 -PKG_SOURCE_VERSION:=63962824309bb428e5f73d9caae08fcb949fbe36 -PKG_MIRROR_HASH:=b31e09b22284785f84ee4d2dfc2b8fa94cad5d7375d957bf2862a50cb5bc1475 +PKG_SOURCE_DATE:=2019-08-08 +PKG_SOURCE_VERSION:=ca8c2bd28ad53f431d6ee60ef754e98cfdb4c17b +PKG_MIRROR_HASH:=9d9f1c60afa5324ee17219bd3ec61c1a6fa4043b4187da9bb44e59025d3ed31d PKG_MAINTAINER:=Felix Fietkau PKG_LICENSE:=BSD-3-Clause diff --git a/package/network/services/hostapd/files/hostapd-basic.config b/package/network/services/hostapd/files/hostapd-basic.config index 9bf3928b0d3a..3773d08ac366 100644 --- a/package/network/services/hostapd/files/hostapd-basic.config +++ b/package/network/services/hostapd/files/hostapd-basic.config @@ -108,11 +108,18 @@ CONFIG_RSN_PREAUTH=y #CONFIG_EAP_GPSK_SHA256=y # EAP-FAST for the integrated EAP server -# Note: If OpenSSL is used as the TLS library, OpenSSL 1.0 or newer is needed -# for EAP-FAST support. Older OpenSSL releases would need to be patched, e.g., -# with openssl-0.9.8x-tls-extensions.patch, to add the needed functions. #CONFIG_EAP_FAST=y +# EAP-TEAP for the integrated EAP server +# Note: The current EAP-TEAP implementation is experimental and should not be +# enabled for production use. The IETF RFC 7170 that defines EAP-TEAP has number +# of conflicting statements and missing details and the implementation has +# vendor specific workarounds for those and as such, may not interoperate with +# any other implementation. This should not be used for anything else than +# experimentation and interoperability testing until those issues has been +# resolved. +#CONFIG_EAP_TEAP=y + # Wi-Fi Protected Setup (WPS) #CONFIG_WPS=y # Enable UPnP support for external WPS Registrars @@ -376,6 +383,9 @@ CONFIG_TLS=internal # Experimental implementation of draft-harkins-owe-07.txt #CONFIG_OWE=y +# Airtime policy support +#CONFIG_AIRTIME_POLICY=y + # Override default value for the wpa_disable_eapol_key_retries configuration # parameter. See that parameter in hostapd.conf for more details. #CFLAGS += -DDEFAULT_WPA_DISABLE_EAPOL_KEY_RETRIES=1 diff --git a/package/network/services/hostapd/files/hostapd-full.config b/package/network/services/hostapd/files/hostapd-full.config index f2e220004f8a..3099f8c2e9a0 100644 --- a/package/network/services/hostapd/files/hostapd-full.config +++ b/package/network/services/hostapd/files/hostapd-full.config @@ -108,11 +108,18 @@ CONFIG_EAP_TTLS=y #CONFIG_EAP_GPSK_SHA256=y # EAP-FAST for the integrated EAP server -# Note: If OpenSSL is used as the TLS library, OpenSSL 1.0 or newer is needed -# for EAP-FAST support. Older OpenSSL releases would need to be patched, e.g., -# with openssl-0.9.8x-tls-extensions.patch, to add the needed functions. CONFIG_EAP_FAST=y +# EAP-TEAP for the integrated EAP server +# Note: The current EAP-TEAP implementation is experimental and should not be +# enabled for production use. The IETF RFC 7170 that defines EAP-TEAP has number +# of conflicting statements and missing details and the implementation has +# vendor specific workarounds for those and as such, may not interoperate with +# any other implementation. This should not be used for anything else than +# experimentation and interoperability testing until those issues has been +# resolved. +#CONFIG_EAP_TEAP=y + # Wi-Fi Protected Setup (WPS) CONFIG_WPS=y # Enable UPnP support for external WPS Registrars @@ -376,6 +383,9 @@ CONFIG_TAXONOMY=y # Experimental implementation of draft-harkins-owe-07.txt #CONFIG_OWE=y +# Airtime policy support +#CONFIG_AIRTIME_POLICY=y + # Override default value for the wpa_disable_eapol_key_retries configuration # parameter. See that parameter in hostapd.conf for more details. #CFLAGS += -DDEFAULT_WPA_DISABLE_EAPOL_KEY_RETRIES=1 diff --git a/package/network/services/hostapd/files/hostapd-mini.config b/package/network/services/hostapd/files/hostapd-mini.config index b8dd53d52beb..362bb22a05cd 100644 --- a/package/network/services/hostapd/files/hostapd-mini.config +++ b/package/network/services/hostapd/files/hostapd-mini.config @@ -108,11 +108,18 @@ CONFIG_RSN_PREAUTH=y #CONFIG_EAP_GPSK_SHA256=y # EAP-FAST for the integrated EAP server -# Note: If OpenSSL is used as the TLS library, OpenSSL 1.0 or newer is needed -# for EAP-FAST support. Older OpenSSL releases would need to be patched, e.g., -# with openssl-0.9.8x-tls-extensions.patch, to add the needed functions. #CONFIG_EAP_FAST=y +# EAP-TEAP for the integrated EAP server +# Note: The current EAP-TEAP implementation is experimental and should not be +# enabled for production use. The IETF RFC 7170 that defines EAP-TEAP has number +# of conflicting statements and missing details and the implementation has +# vendor specific workarounds for those and as such, may not interoperate with +# any other implementation. This should not be used for anything else than +# experimentation and interoperability testing until those issues has been +# resolved. +#CONFIG_EAP_TEAP=y + # Wi-Fi Protected Setup (WPS) #CONFIG_WPS=y # Enable UPnP support for external WPS Registrars @@ -376,6 +383,9 @@ CONFIG_TLS=internal # Experimental implementation of draft-harkins-owe-07.txt #CONFIG_OWE=y +# Airtime policy support +#CONFIG_AIRTIME_POLICY=y + # Override default value for the wpa_disable_eapol_key_retries configuration # parameter. See that parameter in hostapd.conf for more details. #CFLAGS += -DDEFAULT_WPA_DISABLE_EAPOL_KEY_RETRIES=1 diff --git a/package/network/services/hostapd/files/wpa_supplicant-basic.config b/package/network/services/hostapd/files/wpa_supplicant-basic.config index c93cf783a3fa..14f6e80896d7 100644 --- a/package/network/services/hostapd/files/wpa_supplicant-basic.config +++ b/package/network/services/hostapd/files/wpa_supplicant-basic.config @@ -111,6 +111,16 @@ CONFIG_DRIVER_WIRED=y # EAP-FAST #CONFIG_EAP_FAST=y +# EAP-TEAP +# Note: The current EAP-TEAP implementation is experimental and should not be +# enabled for production use. The IETF RFC 7170 that defines EAP-TEAP has number +# of conflicting statements and missing details and the implementation has +# vendor specific workarounds for those and as such, may not interoperate with +# any other implementation. This should not be used for anything else than +# experimentation and interoperability testing until those issues has been +# resolved. +#CONFIG_EAP_TEAP=y + # EAP-GTC #CONFIG_EAP_GTC=y @@ -120,6 +130,9 @@ CONFIG_DRIVER_WIRED=y # EAP-SIM (enable CONFIG_PCSC, if EAP-SIM is used) #CONFIG_EAP_SIM=y +# Enable SIM simulator (Milenage) for EAP-SIM +#CONFIG_SIM_SIMULATOR=y + # EAP-PSK (experimental; this is _not_ needed for WPA-PSK) #CONFIG_EAP_PSK=y diff --git a/package/network/services/hostapd/files/wpa_supplicant-full.config b/package/network/services/hostapd/files/wpa_supplicant-full.config index 10b4d15ea284..5f48d59eebaa 100644 --- a/package/network/services/hostapd/files/wpa_supplicant-full.config +++ b/package/network/services/hostapd/files/wpa_supplicant-full.config @@ -111,6 +111,16 @@ CONFIG_EAP_TTLS=y # EAP-FAST CONFIG_EAP_FAST=y +# EAP-TEAP +# Note: The current EAP-TEAP implementation is experimental and should not be +# enabled for production use. The IETF RFC 7170 that defines EAP-TEAP has number +# of conflicting statements and missing details and the implementation has +# vendor specific workarounds for those and as such, may not interoperate with +# any other implementation. This should not be used for anything else than +# experimentation and interoperability testing until those issues has been +# resolved. +#CONFIG_EAP_TEAP=y + # EAP-GTC CONFIG_EAP_GTC=y @@ -120,6 +130,9 @@ CONFIG_EAP_OTP=y # EAP-SIM (enable CONFIG_PCSC, if EAP-SIM is used) #CONFIG_EAP_SIM=y +# Enable SIM simulator (Milenage) for EAP-SIM +#CONFIG_SIM_SIMULATOR=y + # EAP-PSK (experimental; this is _not_ needed for WPA-PSK) #CONFIG_EAP_PSK=y diff --git a/package/network/services/hostapd/files/wpa_supplicant-mini.config b/package/network/services/hostapd/files/wpa_supplicant-mini.config index 9ffcf7e2e43e..9b1f03433f9f 100644 --- a/package/network/services/hostapd/files/wpa_supplicant-mini.config +++ b/package/network/services/hostapd/files/wpa_supplicant-mini.config @@ -111,6 +111,16 @@ CONFIG_DRIVER_WIRED=y # EAP-FAST #CONFIG_EAP_FAST=y +# EAP-TEAP +# Note: The current EAP-TEAP implementation is experimental and should not be +# enabled for production use. The IETF RFC 7170 that defines EAP-TEAP has number +# of conflicting statements and missing details and the implementation has +# vendor specific workarounds for those and as such, may not interoperate with +# any other implementation. This should not be used for anything else than +# experimentation and interoperability testing until those issues has been +# resolved. +#CONFIG_EAP_TEAP=y + # EAP-GTC #CONFIG_EAP_GTC=y @@ -120,6 +130,9 @@ CONFIG_DRIVER_WIRED=y # EAP-SIM (enable CONFIG_PCSC, if EAP-SIM is used) #CONFIG_EAP_SIM=y +# Enable SIM simulator (Milenage) for EAP-SIM +#CONFIG_SIM_SIMULATOR=y + # EAP-PSK (experimental; this is _not_ needed for WPA-PSK) #CONFIG_EAP_PSK=y diff --git a/package/network/services/hostapd/files/wpa_supplicant-p2p.config b/package/network/services/hostapd/files/wpa_supplicant-p2p.config index e2eb57bb38bc..03b9a6b65405 100644 --- a/package/network/services/hostapd/files/wpa_supplicant-p2p.config +++ b/package/network/services/hostapd/files/wpa_supplicant-p2p.config @@ -111,6 +111,16 @@ CONFIG_EAP_TTLS=y # EAP-FAST CONFIG_EAP_FAST=y +# EAP-TEAP +# Note: The current EAP-TEAP implementation is experimental and should not be +# enabled for production use. The IETF RFC 7170 that defines EAP-TEAP has number +# of conflicting statements and missing details and the implementation has +# vendor specific workarounds for those and as such, may not interoperate with +# any other implementation. This should not be used for anything else than +# experimentation and interoperability testing until those issues has been +# resolved. +#CONFIG_EAP_TEAP=y + # EAP-GTC CONFIG_EAP_GTC=y @@ -120,6 +130,9 @@ CONFIG_EAP_OTP=y # EAP-SIM (enable CONFIG_PCSC, if EAP-SIM is used) #CONFIG_EAP_SIM=y +# Enable SIM simulator (Milenage) for EAP-SIM +#CONFIG_SIM_SIMULATOR=y + # EAP-PSK (experimental; this is _not_ needed for WPA-PSK) #CONFIG_EAP_PSK=y diff --git a/package/network/services/hostapd/patches/004-mesh-use-setup-completion-callback-to-complete-mesh-.patch b/package/network/services/hostapd/patches/004-mesh-use-setup-completion-callback-to-complete-mesh-.patch index ead1bcac90dc..3d99b3bfb98a 100644 --- a/package/network/services/hostapd/patches/004-mesh-use-setup-completion-callback-to-complete-mesh-.patch +++ b/package/network/services/hostapd/patches/004-mesh-use-setup-completion-callback-to-complete-mesh-.patch @@ -25,7 +25,7 @@ Signed-off-by: Peter Oh --- a/src/ap/hostapd.c +++ b/src/ap/hostapd.c -@@ -414,6 +414,8 @@ static void hostapd_free_hapd_data(struc +@@ -423,6 +423,8 @@ static void hostapd_free_hapd_data(struc #ifdef CONFIG_MESH wpabuf_free(hapd->mesh_pending_auth); hapd->mesh_pending_auth = NULL; @@ -34,7 +34,7 @@ Signed-off-by: Peter Oh #endif /* CONFIG_MESH */ hostapd_clean_rrm(hapd); -@@ -1980,6 +1982,13 @@ dfs_offload: +@@ -2049,6 +2051,13 @@ dfs_offload: if (hapd->setup_complete_cb) hapd->setup_complete_cb(hapd->setup_complete_cb_ctx); @@ -48,7 +48,7 @@ Signed-off-by: Peter Oh wpa_printf(MSG_DEBUG, "%s: Setup of interface done.", iface->bss[0]->conf->iface); if (iface->interfaces && iface->interfaces->terminate_on_error > 0) -@@ -2123,7 +2132,7 @@ int hostapd_setup_interface(struct hosta +@@ -2192,7 +2201,7 @@ int hostapd_setup_interface(struct hosta ret = setup_interface(iface); if (ret) { wpa_printf(MSG_ERROR, "%s: Unable to setup interface.", @@ -79,16 +79,16 @@ Signed-off-by: Peter Oh } if (ifmsh->mconf->security != MESH_CONF_SEC_NONE && -@@ -208,7 +209,7 @@ static int wpas_mesh_complete(struct wpa - wpa_printf(MSG_ERROR, +@@ -209,7 +210,7 @@ static int wpas_mesh_complete(struct wpa "mesh: RSN initialization failed - deinit mesh"); wpa_supplicant_mesh_deinit(wpa_s); + wpa_drv_leave_mesh(wpa_s); - return -1; + return; } if (ssid->key_mgmt & WPA_KEY_MGMT_SAE) { -@@ -234,8 +235,6 @@ static int wpas_mesh_complete(struct wpa +@@ -235,8 +236,6 @@ static int wpas_mesh_complete(struct wpa if (!ret) wpa_supplicant_set_state(wpa_s, WPA_COMPLETED); @@ -97,7 +97,7 @@ Signed-off-by: Peter Oh } -@@ -262,6 +261,7 @@ static int wpa_supplicant_mesh_init(stru +@@ -263,6 +262,7 @@ static int wpa_supplicant_mesh_init(stru if (!ifmsh) return -ENOMEM; @@ -105,7 +105,7 @@ Signed-off-by: Peter Oh ifmsh->drv_flags = wpa_s->drv_flags; ifmsh->num_bss = 1; ifmsh->bss = os_calloc(wpa_s->ifmsh->num_bss, -@@ -279,6 +279,8 @@ static int wpa_supplicant_mesh_init(stru +@@ -280,6 +280,8 @@ static int wpa_supplicant_mesh_init(stru bss->drv_priv = wpa_s->drv_priv; bss->iface = ifmsh; bss->mesh_sta_free_cb = mesh_mpm_free_sta; @@ -114,7 +114,7 @@ Signed-off-by: Peter Oh frequency = ssid->frequency; if (frequency != freq->freq && frequency == freq->freq + freq->sec_channel_offset * 20) { -@@ -517,7 +519,6 @@ int wpa_supplicant_join_mesh(struct wpa_ +@@ -521,7 +523,6 @@ int wpa_supplicant_join_mesh(struct wpa_ goto out; } diff --git a/package/network/services/hostapd/patches/005-mesh-update-ssid-frequency-as-pri-sec-channel-switch.patch b/package/network/services/hostapd/patches/005-mesh-update-ssid-frequency-as-pri-sec-channel-switch.patch index 703c81d04c4e..4d77f2d2064a 100644 --- a/package/network/services/hostapd/patches/005-mesh-update-ssid-frequency-as-pri-sec-channel-switch.patch +++ b/package/network/services/hostapd/patches/005-mesh-update-ssid-frequency-as-pri-sec-channel-switch.patch @@ -16,7 +16,7 @@ Signed-off-by: Peter Oh --- a/wpa_supplicant/mesh.c +++ b/wpa_supplicant/mesh.c -@@ -286,6 +286,7 @@ static int wpa_supplicant_mesh_init(stru +@@ -287,6 +287,7 @@ static int wpa_supplicant_mesh_init(stru frequency == freq->freq + freq->sec_channel_offset * 20) { wpa_printf(MSG_DEBUG, "mesh: pri/sec channels switched"); frequency = freq->freq; diff --git a/package/network/services/hostapd/patches/006-mesh-inform-kernel-driver-DFS-handler-in-userspace.patch b/package/network/services/hostapd/patches/006-mesh-inform-kernel-driver-DFS-handler-in-userspace.patch index fb7772d48140..76c43da8e255 100644 --- a/package/network/services/hostapd/patches/006-mesh-inform-kernel-driver-DFS-handler-in-userspace.patch +++ b/package/network/services/hostapd/patches/006-mesh-inform-kernel-driver-DFS-handler-in-userspace.patch @@ -16,7 +16,7 @@ Signed-off-by: Peter Oh --- a/src/drivers/driver.h +++ b/src/drivers/driver.h -@@ -1436,6 +1436,7 @@ struct wpa_driver_mesh_join_params { +@@ -1477,6 +1477,7 @@ struct wpa_driver_mesh_join_params { #define WPA_DRIVER_MESH_FLAG_SAE_AUTH 0x00000004 #define WPA_DRIVER_MESH_FLAG_AMPE 0x00000008 unsigned int flags; @@ -26,7 +26,7 @@ Signed-off-by: Peter Oh /** --- a/src/drivers/driver_nl80211.c +++ b/src/drivers/driver_nl80211.c -@@ -9544,6 +9544,9 @@ static int nl80211_join_mesh(struct i802 +@@ -9624,6 +9624,9 @@ static int nl80211_join_mesh(struct i802 wpa_printf(MSG_DEBUG, " * flags=%08X", params->flags); @@ -38,7 +38,7 @@ Signed-off-by: Peter Oh goto fail; --- a/wpa_supplicant/mesh.c +++ b/wpa_supplicant/mesh.c -@@ -308,6 +308,7 @@ static int wpa_supplicant_mesh_init(stru +@@ -309,6 +309,7 @@ static int wpa_supplicant_mesh_init(stru conf->country[0] = wpa_s->conf->country[0]; conf->country[1] = wpa_s->conf->country[1]; conf->country[2] = ' '; diff --git a/package/network/services/hostapd/patches/007-mesh-apply-channel-attributes-before-running-Mesh.patch b/package/network/services/hostapd/patches/007-mesh-apply-channel-attributes-before-running-Mesh.patch index 443fad944ce5..f04fcc49e82b 100644 --- a/package/network/services/hostapd/patches/007-mesh-apply-channel-attributes-before-running-Mesh.patch +++ b/package/network/services/hostapd/patches/007-mesh-apply-channel-attributes-before-running-Mesh.patch @@ -13,7 +13,7 @@ Signed-off-by: Peter Oh --- a/wpa_supplicant/mesh.c +++ b/wpa_supplicant/mesh.c -@@ -248,7 +248,7 @@ static int wpa_supplicant_mesh_init(stru +@@ -249,7 +249,7 @@ static int wpa_supplicant_mesh_init(stru struct mesh_conf *mconf; int basic_rates_erp[] = { 10, 20, 55, 60, 110, 120, 240, -1 }; int rate_len; @@ -22,7 +22,7 @@ Signed-off-by: Peter Oh if (!wpa_s->conf->user_mpm) { /* not much for us to do here */ -@@ -385,6 +385,13 @@ static int wpa_supplicant_mesh_init(stru +@@ -386,6 +386,13 @@ static int wpa_supplicant_mesh_init(stru conf->basic_rates[rate_len] = -1; } @@ -36,7 +36,7 @@ Signed-off-by: Peter Oh if (wpa_drv_init_mesh(wpa_s)) { wpa_msg(wpa_s, MSG_ERROR, "Failed to init mesh in driver"); return -1; -@@ -396,8 +403,6 @@ static int wpa_supplicant_mesh_init(stru +@@ -397,8 +404,6 @@ static int wpa_supplicant_mesh_init(stru return -1; } diff --git a/package/network/services/hostapd/patches/011-mesh-Allow-DFS-channels-to-be-selected-if-dfs-is-ena.patch b/package/network/services/hostapd/patches/011-mesh-Allow-DFS-channels-to-be-selected-if-dfs-is-ena.patch index e3afc97f825e..37f7f635ea25 100644 --- a/package/network/services/hostapd/patches/011-mesh-Allow-DFS-channels-to-be-selected-if-dfs-is-ena.patch +++ b/package/network/services/hostapd/patches/011-mesh-Allow-DFS-channels-to-be-selected-if-dfs-is-ena.patch @@ -13,7 +13,7 @@ Signed-off-by: Peter Oh --- a/wpa_supplicant/wpa_supplicant.c +++ b/wpa_supplicant/wpa_supplicant.c -@@ -2148,6 +2148,8 @@ void ibss_mesh_setup_freq(struct wpa_sup +@@ -2153,6 +2153,8 @@ void ibss_mesh_setup_freq(struct wpa_sup struct hostapd_freq_params vht_freq; int chwidth, seg0, seg1; u32 vht_caps = 0; @@ -22,7 +22,7 @@ Signed-off-by: Peter Oh freq->freq = ssid->frequency; -@@ -2224,8 +2226,11 @@ void ibss_mesh_setup_freq(struct wpa_sup +@@ -2232,8 +2234,11 @@ void ibss_mesh_setup_freq(struct wpa_sup return; /* Check primary channel flags */ @@ -35,7 +35,7 @@ Signed-off-by: Peter Oh freq->channel = pri_chan->chan; -@@ -2256,8 +2261,11 @@ void ibss_mesh_setup_freq(struct wpa_sup +@@ -2264,8 +2269,11 @@ void ibss_mesh_setup_freq(struct wpa_sup return; /* Check secondary channel flags */ @@ -48,7 +48,7 @@ Signed-off-by: Peter Oh if (ht40 == -1) { if (!(pri_chan->flag & HOSTAPD_CHAN_HT40MINUS)) -@@ -2348,8 +2356,11 @@ skip_ht40: +@@ -2356,8 +2364,11 @@ skip_ht40: return; /* Back to HT configuration if channel not usable */ @@ -60,8 +60,8 @@ Signed-off-by: Peter Oh + return; } - chwidth = VHT_CHANWIDTH_80MHZ; -@@ -2369,10 +2380,11 @@ skip_ht40: + chwidth = CHANWIDTH_80MHZ; +@@ -2377,10 +2388,11 @@ skip_ht40: if (!chan) continue; @@ -75,4 +75,4 @@ Signed-off-by: Peter Oh + continue; /* Found a suitable second segment for 80+80 */ - chwidth = VHT_CHANWIDTH_80P80MHZ; + chwidth = CHANWIDTH_80P80MHZ; diff --git a/package/network/services/hostapd/patches/013-mesh-do-not-allow-pri-sec-channel-switch.patch b/package/network/services/hostapd/patches/013-mesh-do-not-allow-pri-sec-channel-switch.patch index a09a91d7ebdc..778273e67c88 100644 --- a/package/network/services/hostapd/patches/013-mesh-do-not-allow-pri-sec-channel-switch.patch +++ b/package/network/services/hostapd/patches/013-mesh-do-not-allow-pri-sec-channel-switch.patch @@ -19,7 +19,7 @@ Signed-off-by: Peter Oh --- a/wpa_supplicant/mesh.c +++ b/wpa_supplicant/mesh.c -@@ -385,6 +385,7 @@ static int wpa_supplicant_mesh_init(stru +@@ -386,6 +386,7 @@ static int wpa_supplicant_mesh_init(stru conf->basic_rates[rate_len] = -1; } diff --git a/package/network/services/hostapd/patches/015-mesh-do-not-use-offchan-mgmt-tx-on-DFS.patch b/package/network/services/hostapd/patches/015-mesh-do-not-use-offchan-mgmt-tx-on-DFS.patch index f1922552f679..8bac9082d740 100644 --- a/package/network/services/hostapd/patches/015-mesh-do-not-use-offchan-mgmt-tx-on-DFS.patch +++ b/package/network/services/hostapd/patches/015-mesh-do-not-use-offchan-mgmt-tx-on-DFS.patch @@ -17,7 +17,7 @@ Signed-off-by: Peter Oh --- a/src/drivers/driver_nl80211.c +++ b/src/drivers/driver_nl80211.c -@@ -7411,6 +7411,10 @@ static int wpa_driver_nl80211_send_actio +@@ -7462,6 +7462,10 @@ static int wpa_driver_nl80211_send_actio int ret = -1; u8 *buf; struct ieee80211_hdr *hdr; @@ -28,7 +28,7 @@ Signed-off-by: Peter Oh wpa_printf(MSG_DEBUG, "nl80211: Send Action frame (ifindex=%d, " "freq=%u MHz wait=%d ms no_cck=%d)", -@@ -7435,6 +7439,21 @@ static int wpa_driver_nl80211_send_actio +@@ -7486,6 +7490,21 @@ static int wpa_driver_nl80211_send_actio os_memset(bss->rand_addr, 0, ETH_ALEN); } @@ -50,7 +50,7 @@ Signed-off-by: Peter Oh if (is_ap_interface(drv->nlmode) && (!(drv->capa.flags & WPA_DRIVER_FLAGS_OFFCHANNEL_TX) || (int) freq == bss->freq || drv->device_ap_sme || -@@ -7446,7 +7465,7 @@ static int wpa_driver_nl80211_send_actio +@@ -7497,7 +7516,7 @@ static int wpa_driver_nl80211_send_actio ret = nl80211_send_frame_cmd(bss, freq, wait_time, buf, 24 + data_len, &drv->send_action_cookie, diff --git a/package/network/services/hostapd/patches/016-mesh-fix-channel-switch-error-during-CAC.patch b/package/network/services/hostapd/patches/016-mesh-fix-channel-switch-error-during-CAC.patch index 1a8b291949f7..f2baf1d8b793 100644 --- a/package/network/services/hostapd/patches/016-mesh-fix-channel-switch-error-during-CAC.patch +++ b/package/network/services/hostapd/patches/016-mesh-fix-channel-switch-error-during-CAC.patch @@ -24,7 +24,7 @@ Signed-off-by: Peter Oh #include "ap/sta_info.h" #include "ap/hostapd.h" #include "ap/ieee802_11.h" -@@ -204,6 +205,30 @@ static void wpas_mesh_complete_cb(void * +@@ -204,6 +205,32 @@ static void wpas_mesh_complete_cb(void * return; } @@ -41,11 +41,13 @@ Signed-off-by: Peter Oh + ifmsh->conf->channel, + ifmsh->conf->ieee80211n, + ifmsh->conf->ieee80211ac, ++ ifmsh->conf->ieee80211ax, + ifmsh->conf->secondary_channel, -+ ifmsh->conf->vht_oper_chwidth, -+ ifmsh->conf->vht_oper_centr_freq_seg0_idx, -+ ifmsh->conf->vht_oper_centr_freq_seg1_idx, -+ ifmsh->conf->vht_capab)) { ++ hostapd_get_oper_chwidth(ifmsh->conf), ++ hostapd_get_oper_centr_freq_seg0_idx(ifmsh->conf), ++ hostapd_get_oper_centr_freq_seg1_idx(ifmsh->conf), ++ ifmsh->current_mode->vht_capab, ++ &ifmsh->current_mode->he_capab[IEEE80211_MODE_AP])) { + wpa_printf(MSG_ERROR, "Error updating mesh frequency params."); + wpa_supplicant_mesh_deinit(wpa_s); + return; diff --git a/package/network/services/hostapd/patches/018-mesh-make-forwarding-configurable.patch b/package/network/services/hostapd/patches/018-mesh-make-forwarding-configurable.patch index 9584417b5703..af94fed4b89e 100644 --- a/package/network/services/hostapd/patches/018-mesh-make-forwarding-configurable.patch +++ b/package/network/services/hostapd/patches/018-mesh-make-forwarding-configurable.patch @@ -23,7 +23,7 @@ Signed-off-by: Daniel Golle --- a/src/ap/ap_config.h +++ b/src/ap/ap_config.h -@@ -50,6 +50,7 @@ struct mesh_conf { +@@ -51,6 +51,7 @@ struct mesh_conf { int dot11MeshRetryTimeout; /* msec */ int dot11MeshConfirmTimeout; /* msec */ int dot11MeshHoldingTimeout; /* msec */ @@ -31,7 +31,7 @@ Signed-off-by: Daniel Golle }; #define MAX_STA_COUNT 2007 -@@ -645,6 +646,7 @@ struct hostapd_bss_config { +@@ -666,6 +667,7 @@ struct hostapd_bss_config { #define MESH_ENABLED BIT(0) int mesh; @@ -41,7 +41,7 @@ Signed-off-by: Daniel Golle --- a/src/drivers/driver.h +++ b/src/drivers/driver.h -@@ -1409,6 +1409,7 @@ struct wpa_driver_mesh_bss_params { +@@ -1450,6 +1450,7 @@ struct wpa_driver_mesh_bss_params { #define WPA_DRIVER_MESH_CONF_FLAG_MAX_PEER_LINKS 0x00000004 #define WPA_DRIVER_MESH_CONF_FLAG_HT_OP_MODE 0x00000008 #define WPA_DRIVER_MESH_CONF_FLAG_RSSI_THRESHOLD 0x00000010 @@ -49,7 +49,7 @@ Signed-off-by: Daniel Golle /* * TODO: Other mesh configuration parameters would go here. * See NL80211_MESHCONF_* for all the mesh config parameters. -@@ -1418,6 +1419,7 @@ struct wpa_driver_mesh_bss_params { +@@ -1459,6 +1460,7 @@ struct wpa_driver_mesh_bss_params { int peer_link_timeout; int max_peer_links; int rssi_threshold; @@ -59,7 +59,7 @@ Signed-off-by: Daniel Golle --- a/src/drivers/driver_nl80211.c +++ b/src/drivers/driver_nl80211.c -@@ -9512,6 +9512,9 @@ static int nl80211_put_mesh_config(struc +@@ -9592,6 +9592,9 @@ static int nl80211_put_mesh_config(struc if (((params->flags & WPA_DRIVER_MESH_CONF_FLAG_AUTO_PLINKS) && nla_put_u8(msg, NL80211_MESHCONF_AUTO_OPEN_PLINKS, params->auto_plinks)) || @@ -79,7 +79,7 @@ Signed-off-by: Daniel Golle { INT_RANGE(mesh_rssi_threshold, -255, 1) }, #else /* CONFIG_MESH */ { INT_RANGE(mode, 0, 4) }, -@@ -2868,6 +2869,7 @@ void wpa_config_set_network_defaults(str +@@ -2869,6 +2870,7 @@ void wpa_config_set_network_defaults(str ssid->dot11MeshRetryTimeout = DEFAULT_MESH_RETRY_TIMEOUT; ssid->dot11MeshConfirmTimeout = DEFAULT_MESH_CONFIRM_TIMEOUT; ssid->dot11MeshHoldingTimeout = DEFAULT_MESH_HOLDING_TIMEOUT; @@ -87,7 +87,7 @@ Signed-off-by: Daniel Golle ssid->mesh_rssi_threshold = DEFAULT_MESH_RSSI_THRESHOLD; #endif /* CONFIG_MESH */ #ifdef CONFIG_HT_OVERRIDES -@@ -4088,6 +4090,7 @@ struct wpa_config * wpa_config_alloc_emp +@@ -4089,6 +4091,7 @@ struct wpa_config * wpa_config_alloc_emp config->user_mpm = DEFAULT_USER_MPM; config->max_peer_links = DEFAULT_MAX_PEER_LINKS; config->mesh_max_inactivity = DEFAULT_MESH_MAX_INACTIVITY; @@ -95,7 +95,7 @@ Signed-off-by: Daniel Golle config->dot11RSNASAERetransPeriod = DEFAULT_DOT11_RSNA_SAE_RETRANS_PERIOD; config->fast_reauth = DEFAULT_FAST_REAUTH; -@@ -4725,6 +4728,7 @@ static const struct global_parse_data gl +@@ -4726,6 +4729,7 @@ static const struct global_parse_data gl { INT(user_mpm), 0 }, { INT_RANGE(max_peer_links, 0, 255), 0 }, { INT(mesh_max_inactivity), 0 }, @@ -113,7 +113,7 @@ Signed-off-by: Daniel Golle /* * The default dot11RSNASAERetransPeriod is defined as 40 ms in the standard, * but use 1000 ms in practice to avoid issues on low power CPUs. -@@ -1326,6 +1327,14 @@ struct wpa_config { +@@ -1327,6 +1328,14 @@ struct wpa_config { int mesh_max_inactivity; /** @@ -138,7 +138,7 @@ Signed-off-by: Daniel Golle INT(frequency); INT(fixed_freq); #ifdef CONFIG_ACS -@@ -1471,6 +1472,9 @@ static void wpa_config_write_global(FILE +@@ -1472,6 +1473,9 @@ static void wpa_config_write_global(FILE fprintf(f, "mesh_max_inactivity=%d\n", config->mesh_max_inactivity); @@ -150,7 +150,7 @@ Signed-off-by: Daniel Golle fprintf(f, "dot11RSNASAERetransPeriod=%d\n", --- a/wpa_supplicant/config_ssid.h +++ b/wpa_supplicant/config_ssid.h -@@ -514,6 +514,11 @@ struct wpa_ssid { +@@ -516,6 +516,11 @@ struct wpa_ssid { int dot11MeshConfirmTimeout; /* msec */ int dot11MeshHoldingTimeout; /* msec */ @@ -172,7 +172,7 @@ Signed-off-by: Daniel Golle conf->dot11MeshMaxRetries = ssid->dot11MeshMaxRetries; conf->dot11MeshRetryTimeout = ssid->dot11MeshRetryTimeout; conf->dot11MeshConfirmTimeout = ssid->dot11MeshConfirmTimeout; -@@ -325,6 +326,7 @@ static int wpa_supplicant_mesh_init(stru +@@ -328,6 +329,7 @@ static int wpa_supplicant_mesh_init(stru bss->conf->start_disabled = 1; bss->conf->mesh = MESH_ENABLED; bss->conf->ap_max_inactivity = wpa_s->conf->mesh_max_inactivity; @@ -180,7 +180,7 @@ Signed-off-by: Daniel Golle if (ieee80211_is_dfs(ssid->frequency, wpa_s->hw.modes, wpa_s->hw.num_modes) && wpa_s->conf->country[0]) { -@@ -543,6 +545,10 @@ int wpa_supplicant_join_mesh(struct wpa_ +@@ -549,6 +551,10 @@ int wpa_supplicant_join_mesh(struct wpa_ } params->conf.peer_link_timeout = wpa_s->conf->mesh_max_inactivity; @@ -193,7 +193,7 @@ Signed-off-by: Daniel Golle if (wpa_supplicant_mesh_init(wpa_s, ssid, ¶ms->freq)) { --- a/wpa_supplicant/mesh_mpm.c +++ b/wpa_supplicant/mesh_mpm.c -@@ -295,9 +295,9 @@ static void mesh_mpm_send_plink_action(s +@@ -305,9 +305,9 @@ static void mesh_mpm_send_plink_action(s info = (bss->num_plinks > 63 ? 63 : bss->num_plinks) << 1; /* TODO: Add Connected to Mesh Gate/AS subfields */ wpabuf_put_u8(buf, info); diff --git a/package/network/services/hostapd/patches/051-wpa_supplicant-fix-race-condition-in-mesh-mpm-new-pe.patch b/package/network/services/hostapd/patches/051-wpa_supplicant-fix-race-condition-in-mesh-mpm-new-pe.patch index 46bd1dc2ffb4..cca8d474889f 100644 --- a/package/network/services/hostapd/patches/051-wpa_supplicant-fix-race-condition-in-mesh-mpm-new-pe.patch +++ b/package/network/services/hostapd/patches/051-wpa_supplicant-fix-race-condition-in-mesh-mpm-new-pe.patch @@ -14,7 +14,7 @@ Signed-off-by: Felix Fietkau --- a/wpa_supplicant/mesh_mpm.c +++ b/wpa_supplicant/mesh_mpm.c -@@ -685,11 +685,12 @@ static struct sta_info * mesh_mpm_add_pe +@@ -710,11 +710,12 @@ static struct sta_info * mesh_mpm_add_pe } sta = ap_get_sta(data, addr); diff --git a/package/network/services/hostapd/patches/066-0001-SAE-Use-const_time_memcmp-for-pwd_value-prime-compar.patch b/package/network/services/hostapd/patches/066-0001-SAE-Use-const_time_memcmp-for-pwd_value-prime-compar.patch deleted file mode 100644 index d637a52826a9..000000000000 --- a/package/network/services/hostapd/patches/066-0001-SAE-Use-const_time_memcmp-for-pwd_value-prime-compar.patch +++ /dev/null @@ -1,26 +0,0 @@ -From e43f08991f00820c1f711ca254021d5f83b5cd7d Mon Sep 17 00:00:00 2001 -From: Jouni Malinen -Date: Thu, 25 Apr 2019 18:52:34 +0300 -Subject: [PATCH 1/6] SAE: Use const_time_memcmp() for pwd_value >= prime - comparison - -This reduces timing and memory access pattern differences for an -operation that could depend on the used password. - -Signed-off-by: Jouni Malinen -(cherry picked from commit 8e14b030e558d23f65d761895c07089404e61cf1) ---- - src/common/sae.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - ---- a/src/common/sae.c -+++ b/src/common/sae.c -@@ -317,7 +317,7 @@ static int sae_test_pwd_seed_ecc(struct - wpa_hexdump_key(MSG_DEBUG, "SAE: pwd-value", - pwd_value, sae->tmp->prime_len); - -- if (os_memcmp(pwd_value, prime, sae->tmp->prime_len) >= 0) -+ if (const_time_memcmp(pwd_value, prime, sae->tmp->prime_len) >= 0) - return 0; - - x_cand = crypto_bignum_init_set(pwd_value, sae->tmp->prime_len); diff --git a/package/network/services/hostapd/patches/066-0002-EAP-pwd-Use-const_time_memcmp-for-pwd_value-prime-co.patch b/package/network/services/hostapd/patches/066-0002-EAP-pwd-Use-const_time_memcmp-for-pwd_value-prime-co.patch deleted file mode 100644 index 41b677417391..000000000000 --- a/package/network/services/hostapd/patches/066-0002-EAP-pwd-Use-const_time_memcmp-for-pwd_value-prime-co.patch +++ /dev/null @@ -1,65 +0,0 @@ -From 20d7bd83c43fb24c4cf84d3045254d3ee1957166 Mon Sep 17 00:00:00 2001 -From: Jouni Malinen -Date: Thu, 25 Apr 2019 19:07:05 +0300 -Subject: [PATCH 2/6] EAP-pwd: Use const_time_memcmp() for pwd_value >= prime - comparison - -This reduces timing and memory access pattern differences for an -operation that could depend on the used password. - -Signed-off-by: Jouni Malinen -(cherry picked from commit 7958223fdcfe82479e6ed71019a84f6d4cbf799c) ---- - src/eap_common/eap_pwd_common.c | 13 ++++++++----- - 1 file changed, 8 insertions(+), 5 deletions(-) - ---- a/src/eap_common/eap_pwd_common.c -+++ b/src/eap_common/eap_pwd_common.c -@@ -144,6 +144,7 @@ int compute_password_element(EAP_PWD_gro - u8 qnr_bin[MAX_ECC_PRIME_LEN]; - u8 qr_or_qnr_bin[MAX_ECC_PRIME_LEN]; - u8 x_bin[MAX_ECC_PRIME_LEN]; -+ u8 prime_bin[MAX_ECC_PRIME_LEN]; - struct crypto_bignum *tmp1 = NULL, *tmp2 = NULL, *pm1 = NULL; - struct crypto_hash *hash; - unsigned char pwe_digest[SHA256_MAC_LEN], *prfbuf = NULL, ctr; -@@ -161,6 +162,11 @@ int compute_password_element(EAP_PWD_gro - os_memset(x_bin, 0, sizeof(x_bin)); - - prime = crypto_ec_get_prime(grp->group); -+ primebitlen = crypto_ec_prime_len_bits(grp->group); -+ primebytelen = crypto_ec_prime_len(grp->group); -+ if (crypto_bignum_to_bin(prime, prime_bin, sizeof(prime_bin), -+ primebytelen) < 0) -+ return -1; - grp->pwe = crypto_ec_point_init(grp->group); - tmp1 = crypto_bignum_init(); - pm1 = crypto_bignum_init(); -@@ -170,8 +176,6 @@ int compute_password_element(EAP_PWD_gro - goto fail; - } - -- primebitlen = crypto_ec_prime_len_bits(grp->group); -- primebytelen = crypto_ec_prime_len(grp->group); - if ((prfbuf = os_malloc(primebytelen)) == NULL) { - wpa_printf(MSG_INFO, "EAP-pwd: unable to malloc space for prf " - "buffer"); -@@ -237,6 +241,8 @@ int compute_password_element(EAP_PWD_gro - if (primebitlen % 8) - buf_shift_right(prfbuf, primebytelen, - 8 - primebitlen % 8); -+ if (const_time_memcmp(prfbuf, prime_bin, primebytelen) >= 0) -+ continue; - - crypto_bignum_deinit(x_candidate, 1); - x_candidate = crypto_bignum_init_set(prfbuf, primebytelen); -@@ -246,9 +252,6 @@ int compute_password_element(EAP_PWD_gro - goto fail; - } - -- if (crypto_bignum_cmp(x_candidate, prime) >= 0) -- continue; -- - wpa_hexdump_key(MSG_DEBUG, "EAP-pwd: x_candidate", - prfbuf, primebytelen); - const_time_select_bin(found, x_bin, prfbuf, primebytelen, diff --git a/package/network/services/hostapd/patches/066-0003-OpenSSL-Use-BN_bn2binpad-or-BN_bn2bin_padded-if-avai.patch b/package/network/services/hostapd/patches/066-0003-OpenSSL-Use-BN_bn2binpad-or-BN_bn2bin_padded-if-avai.patch deleted file mode 100644 index edf462754b6d..000000000000 --- a/package/network/services/hostapd/patches/066-0003-OpenSSL-Use-BN_bn2binpad-or-BN_bn2bin_padded-if-avai.patch +++ /dev/null @@ -1,61 +0,0 @@ -From ee34d8cfbd0fbf7ba7429531d4bee1c43b074d8b Mon Sep 17 00:00:00 2001 -From: Jouni Malinen -Date: Thu, 25 Apr 2019 19:23:05 +0300 -Subject: [PATCH 3/6] OpenSSL: Use BN_bn2binpad() or BN_bn2bin_padded() if - available - -This converts crypto_bignum_to_bin() to use the OpenSSL/BoringSSL -functions BN_bn2binpad()/BN_bn2bin_padded(), when available, to avoid -differences in runtime and memory access patterns depending on the -leading bytes of the BIGNUM value. - -OpenSSL 1.0.2 and LibreSSL do not include such functions, so those cases -are still using the previous implementation where the BN_num_bytes() -call may result in different memory access pattern. - -Signed-off-by: Jouni Malinen -(cherry picked from commit 1e237903f5b5d3117342daf006c5878cdb45e3d3) ---- - src/crypto/crypto_openssl.c | 16 ++++++++++++++++ - 1 file changed, 16 insertions(+) - ---- a/src/crypto/crypto_openssl.c -+++ b/src/crypto/crypto_openssl.c -@@ -1295,7 +1295,13 @@ void crypto_bignum_deinit(struct crypto_ - int crypto_bignum_to_bin(const struct crypto_bignum *a, - u8 *buf, size_t buflen, size_t padlen) - { -+#ifdef OPENSSL_IS_BORINGSSL -+#else /* OPENSSL_IS_BORINGSSL */ -+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) -+#else - int num_bytes, offset; -+#endif -+#endif /* OPENSSL_IS_BORINGSSL */ - - if (TEST_FAIL()) - return -1; -@@ -1303,6 +1309,14 @@ int crypto_bignum_to_bin(const struct cr - if (padlen > buflen) - return -1; - -+#ifdef OPENSSL_IS_BORINGSSL -+ if (BN_bn2bin_padded(buf, padlen, (const BIGNUM *) a) == 0) -+ return -1; -+ return padlen; -+#else /* OPENSSL_IS_BORINGSSL */ -+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) -+ return BN_bn2binpad((const BIGNUM *) a, buf, padlen); -+#else - num_bytes = BN_num_bytes((const BIGNUM *) a); - if ((size_t) num_bytes > buflen) - return -1; -@@ -1315,6 +1329,8 @@ int crypto_bignum_to_bin(const struct cr - BN_bn2bin((const BIGNUM *) a, buf + offset); - - return num_bytes + offset; -+#endif -+#endif /* OPENSSL_IS_BORINGSSL */ - } - - diff --git a/package/network/services/hostapd/patches/066-0004-SAE-Run-through-prf-result-processing-even-if-it-pri.patch b/package/network/services/hostapd/patches/066-0004-SAE-Run-through-prf-result-processing-even-if-it-pri.patch deleted file mode 100644 index 7337cb35bd1b..000000000000 --- a/package/network/services/hostapd/patches/066-0004-SAE-Run-through-prf-result-processing-even-if-it-pri.patch +++ /dev/null @@ -1,54 +0,0 @@ -From a25b48118d75f3c2d7cb1b2c3b4cffb13091a34c Mon Sep 17 00:00:00 2001 -From: Jouni Malinen -Date: Mon, 24 Jun 2019 23:01:06 +0300 -Subject: [PATCH 4/6] SAE: Run through prf result processing even if it >= - prime - -This reduces differences in timing and memory access within the -hunting-and-pecking loop for ECC groups that have a prime that is not -close to a power of two (e.g., Brainpool curves). - -Signed-off-by: Jouni Malinen -(cherry picked from commit 147bf7b88a9c231322b5b574263071ca6dbb0503) ---- - src/common/sae.c | 15 ++++++++++++--- - 1 file changed, 12 insertions(+), 3 deletions(-) - ---- a/src/common/sae.c -+++ b/src/common/sae.c -@@ -304,6 +304,8 @@ static int sae_test_pwd_seed_ecc(struct - struct crypto_bignum *y_sqr, *x_cand; - int res; - size_t bits; -+ int cmp_prime; -+ unsigned int in_range; - - wpa_hexdump_key(MSG_DEBUG, "SAE: pwd-seed", pwd_seed, SHA256_MAC_LEN); - -@@ -317,8 +319,13 @@ static int sae_test_pwd_seed_ecc(struct - wpa_hexdump_key(MSG_DEBUG, "SAE: pwd-value", - pwd_value, sae->tmp->prime_len); - -- if (const_time_memcmp(pwd_value, prime, sae->tmp->prime_len) >= 0) -- return 0; -+ cmp_prime = const_time_memcmp(pwd_value, prime, sae->tmp->prime_len); -+ /* Create a const_time mask for selection based on prf result -+ * being smaller than prime. */ -+ in_range = const_time_fill_msb((unsigned int) cmp_prime); -+ /* The algorithm description would skip the next steps if -+ * cmp_prime >= 0 (reutnr 0 here), but go through them regardless to -+ * minimize externally observable differences in behavior. */ - - x_cand = crypto_bignum_init_set(pwd_value, sae->tmp->prime_len); - if (!x_cand) -@@ -330,7 +337,9 @@ static int sae_test_pwd_seed_ecc(struct - - res = is_quadratic_residue_blind(sae, prime, bits, qr, qnr, y_sqr); - crypto_bignum_deinit(y_sqr, 1); -- return res; -+ if (res < 0) -+ return res; -+ return const_time_select_int(in_range, res, 0); - } - - diff --git a/package/network/services/hostapd/patches/066-0005-EAP-pwd-Run-through-prf-result-processing-even-if-it.patch b/package/network/services/hostapd/patches/066-0005-EAP-pwd-Run-through-prf-result-processing-even-if-it.patch deleted file mode 100644 index 1eb47c5314ed..000000000000 --- a/package/network/services/hostapd/patches/066-0005-EAP-pwd-Run-through-prf-result-processing-even-if-it.patch +++ /dev/null @@ -1,52 +0,0 @@ -From 00a6cc73da61b03c146b6c341d0d1e572bcef432 Mon Sep 17 00:00:00 2001 -From: Jouni Malinen -Date: Mon, 24 Jun 2019 23:02:51 +0300 -Subject: [PATCH 5/6] EAP-pwd: Run through prf result processing even if it >= - prime - -This reduces differences in timing and memory access within the -hunting-and-pecking loop for ECC groups that have a prime that is not -close to a power of two (e.g., Brainpool curves). - -Signed-off-by: Jouni Malinen -(cherry picked from commit cd803299ca485eb857e37c88f973fccfbb8600e5) ---- - src/eap_common/eap_pwd_common.c | 13 ++++++++++--- - 1 file changed, 10 insertions(+), 3 deletions(-) - ---- a/src/eap_common/eap_pwd_common.c -+++ b/src/eap_common/eap_pwd_common.c -@@ -155,6 +155,8 @@ int compute_password_element(EAP_PWD_gro - struct crypto_bignum *x_candidate = NULL; - const struct crypto_bignum *prime; - u8 mask, found_ctr = 0, is_odd = 0; -+ int cmp_prime; -+ unsigned int in_range; - - if (grp->pwe) - return -1; -@@ -241,8 +243,13 @@ int compute_password_element(EAP_PWD_gro - if (primebitlen % 8) - buf_shift_right(prfbuf, primebytelen, - 8 - primebitlen % 8); -- if (const_time_memcmp(prfbuf, prime_bin, primebytelen) >= 0) -- continue; -+ cmp_prime = const_time_memcmp(prfbuf, prime_bin, primebytelen); -+ /* Create a const_time mask for selection based on prf result -+ * being smaller than prime. */ -+ in_range = const_time_fill_msb((unsigned int) cmp_prime); -+ /* The algorithm description would skip the next steps if -+ * cmp_prime >= 0, but go through them regardless to minimize -+ * externally observable differences in behavior. */ - - crypto_bignum_deinit(x_candidate, 1); - x_candidate = crypto_bignum_init_set(prfbuf, primebytelen); -@@ -306,7 +313,7 @@ int compute_password_element(EAP_PWD_gro - goto fail; - mask = const_time_eq(res, check); - found_ctr = const_time_select_u8(found, found_ctr, ctr); -- found |= mask; -+ found |= mask & in_range; - } - if (found == 0) { - wpa_printf(MSG_INFO, diff --git a/package/network/services/hostapd/patches/066-0006-dragonfly-Disable-use-of-groups-using-Brainpool-curv.patch b/package/network/services/hostapd/patches/066-0006-dragonfly-Disable-use-of-groups-using-Brainpool-curv.patch deleted file mode 100644 index 28555bb7153b..000000000000 --- a/package/network/services/hostapd/patches/066-0006-dragonfly-Disable-use-of-groups-using-Brainpool-curv.patch +++ /dev/null @@ -1,44 +0,0 @@ -From 558518ed63202e5358116ab7e0afd5e85490f2ef Mon Sep 17 00:00:00 2001 -From: Jouni Malinen -Date: Sat, 27 Jul 2019 23:19:17 +0300 -Subject: [PATCH 6/6] dragonfly: Disable use of groups using Brainpool curves - -Disable groups that use Brainpool curves for now since they leak more -timing information due to the prime not being close to a power of two. -This removes use of groups 28, 29, and 30 from SAE and EAP-pwd. - -Signed-off-by: Jouni Malinen -(cherry picked from commit 876c5eaa6dae1a87a17603fc489a44c29eedc2e3) ---- - src/common/sae.c | 6 ++++-- - src/eap_common/eap_pwd_common.c | 3 +-- - 2 files changed, 5 insertions(+), 4 deletions(-) - ---- a/src/common/sae.c -+++ b/src/common/sae.c -@@ -28,9 +28,11 @@ static int sae_suitable_group(int group) - * purposes: FFC groups whose prime is >= 3072 bits and ECC groups - * defined over a prime field whose prime is >= 256 bits. Furthermore, - * ECC groups defined over a characteristic 2 finite field and ECC -- * groups with a co-factor greater than 1 are not suitable. */ -+ * groups with a co-factor greater than 1 are not suitable. Disable -+ * groups that use Brainpool curves as well for now since they leak more -+ * timing information due to the prime not being close to a power of -+ * two. */ - return group == 19 || group == 20 || group == 21 || -- group == 28 || group == 29 || group == 30 || - group == 15 || group == 16 || group == 17 || group == 18; - #endif /* CONFIG_TESTING_OPTIONS */ - } ---- a/src/eap_common/eap_pwd_common.c -+++ b/src/eap_common/eap_pwd_common.c -@@ -89,8 +89,7 @@ static int eap_pwd_suitable_group(u16 nu - { - /* Do not allow ECC groups with prime under 256 bits based on guidance - * for the similar design in SAE. */ -- return num == 19 || num == 20 || num == 21 || -- num == 28 || num == 29 || num == 30; -+ return num == 19 || num == 20 || num == 21; - } - - diff --git a/package/network/services/hostapd/patches/067-0001-AP-Silently-ignore-management-frame-from-unexpected-.patch b/package/network/services/hostapd/patches/067-0001-AP-Silently-ignore-management-frame-from-unexpected-.patch index d90e915e18af..25ee2c9f859e 100644 --- a/package/network/services/hostapd/patches/067-0001-AP-Silently-ignore-management-frame-from-unexpected-.patch +++ b/package/network/services/hostapd/patches/067-0001-AP-Silently-ignore-management-frame-from-unexpected-.patch @@ -45,7 +45,7 @@ Signed-off-by: Jouni Malinen hostapd_logger(hapd, addr, HOSTAPD_MODULE_IEEE80211, --- a/src/ap/ieee802_11.c +++ b/src/ap/ieee802_11.c -@@ -4463,6 +4463,18 @@ int ieee802_11_mgmt(struct hostapd_data +@@ -4626,6 +4626,18 @@ int ieee802_11_mgmt(struct hostapd_data fc = le_to_host16(mgmt->frame_control); stype = WLAN_FC_GET_STYPE(fc); diff --git a/package/network/services/hostapd/patches/110-no_eapol_fix.patch b/package/network/services/hostapd/patches/110-no_eapol_fix.patch index 81b66f8ada55..b912c3991b24 100644 --- a/package/network/services/hostapd/patches/110-no_eapol_fix.patch +++ b/package/network/services/hostapd/patches/110-no_eapol_fix.patch @@ -1,6 +1,6 @@ --- a/wpa_supplicant/wpa_supplicant.c +++ b/wpa_supplicant/wpa_supplicant.c -@@ -296,9 +296,10 @@ void wpa_supplicant_cancel_auth_timeout( +@@ -297,9 +297,10 @@ void wpa_supplicant_cancel_auth_timeout( */ void wpa_supplicant_initiate_eapol(struct wpa_supplicant *wpa_s) { diff --git a/package/network/services/hostapd/patches/200-multicall.patch b/package/network/services/hostapd/patches/200-multicall.patch index 78f9ae9d5c25..1c4efed6321c 100644 --- a/package/network/services/hostapd/patches/200-multicall.patch +++ b/package/network/services/hostapd/patches/200-multicall.patch @@ -18,7 +18,7 @@ OBJS += ../src/ap/vlan_init.o OBJS += ../src/ap/vlan_ifconfig.o OBJS += ../src/ap/vlan.o -@@ -360,10 +362,14 @@ CFLAGS += -DCONFIG_MBO +@@ -366,10 +368,14 @@ CFLAGS += -DCONFIG_MBO OBJS += ../src/ap/mbo_ap.o endif @@ -36,7 +36,7 @@ LIBS += $(DRV_AP_LIBS) ifdef CONFIG_L2_PACKET -@@ -1286,6 +1292,12 @@ install: $(addprefix $(DESTDIR)$(BINDIR) +@@ -1316,6 +1322,12 @@ install: $(addprefix $(DESTDIR)$(BINDIR) BCHECK=../src/drivers/build.hostapd @@ -49,7 +49,7 @@ hostapd: $(BCHECK) $(OBJS) $(Q)$(CC) $(LDFLAGS) -o hostapd $(OBJS) $(LIBS) @$(E) " LD " $@ -@@ -1328,6 +1340,12 @@ ifeq ($(CONFIG_TLS), linux) +@@ -1358,6 +1370,12 @@ ifeq ($(CONFIG_TLS), linux) HOBJS += ../src/crypto/crypto_linux.o endif @@ -72,7 +72,7 @@ ifndef CONFIG_NO_GITVER # Add VERSION_STR postfix for builds from a git repository -@@ -362,7 +363,9 @@ endif +@@ -363,7 +364,9 @@ endif ifdef CONFIG_IBSS_RSN NEED_RSN_AUTHENTICATOR=y CFLAGS += -DCONFIG_IBSS_RSN @@ -82,7 +82,7 @@ OBJS += ibss_rsn.o endif -@@ -870,6 +873,10 @@ ifdef CONFIG_DYNAMIC_EAP_METHODS +@@ -892,6 +895,10 @@ ifdef CONFIG_DYNAMIC_EAP_METHODS CFLAGS += -DCONFIG_DYNAMIC_EAP_METHODS LIBS += -ldl -rdynamic endif @@ -93,7 +93,7 @@ endif ifdef CONFIG_AP -@@ -877,9 +884,11 @@ NEED_EAP_COMMON=y +@@ -899,9 +906,11 @@ NEED_EAP_COMMON=y NEED_RSN_AUTHENTICATOR=y CFLAGS += -DCONFIG_AP OBJS += ap.o @@ -105,7 +105,7 @@ OBJS += ../src/ap/hostapd.o OBJS += ../src/ap/wpa_auth_glue.o OBJS += ../src/ap/utils.o -@@ -961,6 +970,12 @@ endif +@@ -983,6 +992,12 @@ endif ifdef CONFIG_HS20 OBJS += ../src/ap/hs20.o endif @@ -118,7 +118,7 @@ endif ifdef CONFIG_MBO -@@ -969,7 +984,9 @@ CFLAGS += -DCONFIG_MBO +@@ -991,7 +1006,9 @@ CFLAGS += -DCONFIG_MBO endif ifdef NEED_RSN_AUTHENTICATOR @@ -128,7 +128,7 @@ NEED_AES_WRAP=y OBJS += ../src/ap/wpa_auth.o OBJS += ../src/ap/wpa_auth_ie.o -@@ -1872,6 +1889,12 @@ wpa_priv: $(BCHECK) $(OBJS_priv) +@@ -1899,6 +1916,12 @@ wpa_priv: $(BCHECK) $(OBJS_priv) $(OBJS_c) $(OBJS_t) $(OBJS_t2) $(OBJS) $(BCHECK) $(EXTRA_progs): .config @@ -141,7 +141,7 @@ wpa_supplicant: $(BCHECK) $(OBJS) $(EXTRA_progs) $(Q)$(LDO) $(LDFLAGS) -o wpa_supplicant $(OBJS) $(LIBS) $(EXTRALIBS) @$(E) " LD " $@ -@@ -1972,6 +1995,12 @@ endif +@@ -1999,6 +2022,12 @@ endif $(Q)sed -e 's|\@BINDIR\@|$(BINDIR)|g' $< >$@ @$(E) " sed" $< @@ -156,7 +156,7 @@ wpa_cli.exe: wpa_cli --- a/src/drivers/driver.h +++ b/src/drivers/driver.h -@@ -5551,8 +5551,8 @@ union wpa_event_data { +@@ -5657,8 +5657,8 @@ union wpa_event_data { * Driver wrapper code should call this function whenever an event is received * from the driver. */ @@ -167,7 +167,7 @@ /** * wpa_supplicant_event_global - Report a driver event for wpa_supplicant -@@ -5564,7 +5564,7 @@ void wpa_supplicant_event(void *ctx, enu +@@ -5670,7 +5670,7 @@ void wpa_supplicant_event(void *ctx, enu * Same as wpa_supplicant_event(), but we search for the interface in * wpa_global. */ @@ -178,8 +178,8 @@ /* --- a/src/ap/drv_callbacks.c +++ b/src/ap/drv_callbacks.c -@@ -1581,8 +1581,8 @@ static void hostapd_event_wds_sta_interf - } +@@ -1669,8 +1669,8 @@ err: + #endif /* CONFIG_OWE */ -void wpa_supplicant_event(void *ctx, enum wpa_event_type event, @@ -189,7 +189,7 @@ { struct hostapd_data *hapd = ctx; #ifndef CONFIG_NO_STDOUT_DEBUG -@@ -1816,7 +1816,7 @@ void wpa_supplicant_event(void *ctx, enu +@@ -1915,7 +1915,7 @@ void wpa_supplicant_event(void *ctx, enu } @@ -231,7 +231,7 @@ os_memset(&global, 0, sizeof(global)); --- a/wpa_supplicant/events.c +++ b/wpa_supplicant/events.c -@@ -4176,8 +4176,8 @@ static void wpas_event_assoc_reject(stru +@@ -4184,8 +4184,8 @@ static void wpas_event_assoc_reject(stru } @@ -242,7 +242,7 @@ { struct wpa_supplicant *wpa_s = ctx; int resched; -@@ -4951,7 +4951,7 @@ void wpa_supplicant_event(void *ctx, enu +@@ -4967,7 +4967,7 @@ void wpa_supplicant_event(void *ctx, enu } @@ -253,7 +253,7 @@ struct wpa_supplicant *wpa_s; --- a/wpa_supplicant/wpa_supplicant.c +++ b/wpa_supplicant/wpa_supplicant.c -@@ -6087,7 +6087,6 @@ struct wpa_interface * wpa_supplicant_ma +@@ -6097,7 +6097,6 @@ struct wpa_interface * wpa_supplicant_ma return NULL; } @@ -261,7 +261,7 @@ /** * wpa_supplicant_match_existing - Match existing interfaces * @global: Pointer to global data from wpa_supplicant_init() -@@ -6124,6 +6123,11 @@ static int wpa_supplicant_match_existing +@@ -6134,6 +6133,11 @@ static int wpa_supplicant_match_existing #endif /* CONFIG_MATCH_IFACE */ @@ -273,7 +273,7 @@ /** * wpa_supplicant_add_iface - Add a new network interface -@@ -6380,6 +6384,8 @@ struct wpa_global * wpa_supplicant_init( +@@ -6390,6 +6394,8 @@ struct wpa_global * wpa_supplicant_init( #ifndef CONFIG_NO_WPA_MSG wpa_msg_register_ifname_cb(wpa_supplicant_msg_ifname_cb); #endif /* CONFIG_NO_WPA_MSG */ @@ -296,7 +296,7 @@ #ifdef CONFIG_WPS static int gen_uuid(const char *txt_addr) -@@ -677,6 +682,8 @@ int main(int argc, char *argv[]) +@@ -682,6 +687,8 @@ int main(int argc, char *argv[]) return -1; #endif /* CONFIG_DPP */ @@ -320,7 +320,7 @@ { --- a/wpa_supplicant/eapol_test.c +++ b/wpa_supplicant/eapol_test.c -@@ -29,7 +29,12 @@ +@@ -30,7 +30,12 @@ #include "ctrl_iface.h" #include "pcsc_funcs.h" #include "wpas_glue.h" @@ -333,7 +333,7 @@ const struct wpa_driver_ops *const wpa_drivers[] = { NULL }; -@@ -1296,6 +1301,10 @@ static void usage(void) +@@ -1292,6 +1297,10 @@ static void usage(void) "option several times.\n"); } @@ -344,7 +344,7 @@ int main(int argc, char *argv[]) { -@@ -1316,6 +1325,8 @@ int main(int argc, char *argv[]) +@@ -1312,6 +1321,8 @@ int main(int argc, char *argv[]) if (os_program_init()) return -1; diff --git a/package/network/services/hostapd/patches/300-noscan.patch b/package/network/services/hostapd/patches/300-noscan.patch index 73e6a4ede23d..4c3728bc8f57 100644 --- a/package/network/services/hostapd/patches/300-noscan.patch +++ b/package/network/services/hostapd/patches/300-noscan.patch @@ -1,6 +1,6 @@ --- a/hostapd/config_file.c +++ b/hostapd/config_file.c -@@ -3390,6 +3390,10 @@ static int hostapd_config_fill(struct ho +@@ -3411,6 +3411,10 @@ static int hostapd_config_fill(struct ho bss->ieee80211w = 1; #endif /* CONFIG_OCV */ #ifdef CONFIG_IEEE80211N @@ -13,7 +13,7 @@ } else if (os_strcmp(buf, "ht_capab") == 0) { --- a/src/ap/ap_config.h +++ b/src/ap/ap_config.h -@@ -803,6 +803,8 @@ struct hostapd_config { +@@ -934,6 +934,8 @@ struct hostapd_config { int ht_op_mode_fixed; u16 ht_capab; diff --git a/package/network/services/hostapd/patches/301-mesh-noscan.patch b/package/network/services/hostapd/patches/301-mesh-noscan.patch index 7f2374424cd4..18db9bc9c02d 100644 --- a/package/network/services/hostapd/patches/301-mesh-noscan.patch +++ b/package/network/services/hostapd/patches/301-mesh-noscan.patch @@ -20,7 +20,7 @@ INT(fixed_freq); --- a/wpa_supplicant/mesh.c +++ b/wpa_supplicant/mesh.c -@@ -358,6 +358,8 @@ static int wpa_supplicant_mesh_init(stru +@@ -361,6 +361,8 @@ static int wpa_supplicant_mesh_init(stru frequency); goto out_free; } @@ -31,8 +31,8 @@ if (conf->hw_mode == HOSTAPD_MODE_IEEE80211A && ssid->vht) { --- a/wpa_supplicant/wpa_supplicant.c +++ b/wpa_supplicant/wpa_supplicant.c -@@ -2139,12 +2139,12 @@ void ibss_mesh_setup_freq(struct wpa_sup - { +@@ -2144,12 +2144,12 @@ void ibss_mesh_setup_freq(struct wpa_sup + int ieee80211_mode = wpas_mode_to_ieee80211_mode(ssid->mode); enum hostapd_hw_mode hw_mode; struct hostapd_hw_modes *mode = NULL; - int ht40plus[] = { 36, 44, 52, 60, 100, 108, 116, 124, 132, 149, 157, @@ -46,7 +46,7 @@ unsigned int j, k; struct hostapd_freq_params vht_freq; int chwidth, seg0, seg1; -@@ -2214,7 +2214,7 @@ void ibss_mesh_setup_freq(struct wpa_sup +@@ -2222,7 +2222,7 @@ void ibss_mesh_setup_freq(struct wpa_sup return; /* Setup higher BW only for 5 GHz */ @@ -57,7 +57,7 @@ for (chan_idx = 0; chan_idx < mode->num_channels; chan_idx++) { --- a/wpa_supplicant/config_ssid.h +++ b/wpa_supplicant/config_ssid.h -@@ -916,6 +916,8 @@ struct wpa_ssid { +@@ -918,6 +918,8 @@ struct wpa_ssid { */ int no_auto_peer; diff --git a/package/network/services/hostapd/patches/310-rescan_immediately.patch b/package/network/services/hostapd/patches/310-rescan_immediately.patch index 0bf93a6ec22d..f69bb388a6b0 100644 --- a/package/network/services/hostapd/patches/310-rescan_immediately.patch +++ b/package/network/services/hostapd/patches/310-rescan_immediately.patch @@ -1,6 +1,6 @@ --- a/wpa_supplicant/wpa_supplicant.c +++ b/wpa_supplicant/wpa_supplicant.c -@@ -4465,7 +4465,7 @@ wpa_supplicant_alloc(struct wpa_supplica +@@ -4475,7 +4475,7 @@ wpa_supplicant_alloc(struct wpa_supplica if (wpa_s == NULL) return NULL; wpa_s->scan_req = INITIAL_SCAN_REQ; diff --git a/package/network/services/hostapd/patches/330-nl80211_fix_set_freq.patch b/package/network/services/hostapd/patches/330-nl80211_fix_set_freq.patch index 0ab114f86f35..13343e22e633 100644 --- a/package/network/services/hostapd/patches/330-nl80211_fix_set_freq.patch +++ b/package/network/services/hostapd/patches/330-nl80211_fix_set_freq.patch @@ -1,7 +1,7 @@ --- a/src/drivers/driver_nl80211.c +++ b/src/drivers/driver_nl80211.c -@@ -4434,7 +4434,7 @@ static int nl80211_set_channel(struct i8 - freq->freq, freq->ht_enabled, freq->vht_enabled, +@@ -4431,7 +4431,7 @@ static int nl80211_set_channel(struct i8 + freq->freq, freq->ht_enabled, freq->vht_enabled, freq->he_enabled, freq->bandwidth, freq->center_freq1, freq->center_freq2); - msg = nl80211_drv_msg(drv, 0, set_chan ? NL80211_CMD_SET_CHANNEL : diff --git a/package/network/services/hostapd/patches/340-reload_freq_change.patch b/package/network/services/hostapd/patches/340-reload_freq_change.patch index 81c20970e746..369586769c5c 100644 --- a/package/network/services/hostapd/patches/340-reload_freq_change.patch +++ b/package/network/services/hostapd/patches/340-reload_freq_change.patch @@ -1,6 +1,6 @@ --- a/src/ap/hostapd.c +++ b/src/ap/hostapd.c -@@ -103,6 +103,25 @@ static void hostapd_reload_bss(struct ho +@@ -108,6 +108,26 @@ static void hostapd_reload_bss(struct ho #endif /* CONFIG_NO_RADIUS */ ssid = &hapd->conf->ssid; @@ -9,10 +9,11 @@ + hapd->iconf->channel, + hapd->iconf->ieee80211n, + hapd->iconf->ieee80211ac, ++ hapd->iconf->ieee80211ax, + hapd->iconf->secondary_channel, -+ hapd->iconf->vht_oper_chwidth, -+ hapd->iconf->vht_oper_centr_freq_seg0_idx, -+ hapd->iconf->vht_oper_centr_freq_seg1_idx); ++ hostapd_get_oper_chwidth(hapd->iconf), ++ hostapd_get_oper_centr_freq_seg0_idx(hapd->iconf), ++ hostapd_get_oper_centr_freq_seg1_idx(hapd->iconf)); + + if (hapd->iface->current_mode) { + if (hostapd_prepare_rates(hapd->iface, hapd->iface->current_mode)) { @@ -26,7 +27,7 @@ if (!ssid->wpa_psk_set && ssid->wpa_psk && !ssid->wpa_psk->next && ssid->wpa_passphrase_set && ssid->wpa_passphrase) { /* -@@ -200,6 +219,7 @@ int hostapd_reload_config(struct hostapd +@@ -205,6 +225,7 @@ int hostapd_reload_config(struct hostapd struct hostapd_data *hapd = iface->bss[0]; struct hostapd_config *newconf, *oldconf; size_t j; @@ -34,7 +35,7 @@ if (iface->config_fname == NULL) { /* Only in-memory config in use - assume it has been updated */ -@@ -250,21 +270,20 @@ int hostapd_reload_config(struct hostapd +@@ -255,24 +276,20 @@ int hostapd_reload_config(struct hostapd } iface->conf = newconf; @@ -59,11 +60,14 @@ - hapd->iconf->ieee80211ac = oldconf->ieee80211ac; - hapd->iconf->ht_capab = oldconf->ht_capab; - hapd->iconf->vht_capab = oldconf->vht_capab; -- hapd->iconf->vht_oper_chwidth = oldconf->vht_oper_chwidth; -- hapd->iconf->vht_oper_centr_freq_seg0_idx = -- oldconf->vht_oper_centr_freq_seg0_idx; -- hapd->iconf->vht_oper_centr_freq_seg1_idx = -- oldconf->vht_oper_centr_freq_seg1_idx; +- hostapd_set_oper_chwidth(hapd->iconf, +- hostapd_get_oper_chwidth(oldconf)); +- hostapd_set_oper_centr_freq_seg0_idx( +- hapd->iconf, +- hostapd_get_oper_centr_freq_seg0_idx(oldconf)); +- hostapd_set_oper_centr_freq_seg1_idx( +- hapd->iconf, +- hostapd_get_oper_centr_freq_seg1_idx(oldconf)); hapd->conf = newconf->bss[j]; hostapd_reload_bss(hapd); } diff --git a/package/network/services/hostapd/patches/341-mesh-ctrl-iface-channel-switch.patch b/package/network/services/hostapd/patches/341-mesh-ctrl-iface-channel-switch.patch index e3b19a3d35c4..70fb01b8e52c 100644 --- a/package/network/services/hostapd/patches/341-mesh-ctrl-iface-channel-switch.patch +++ b/package/network/services/hostapd/patches/341-mesh-ctrl-iface-channel-switch.patch @@ -1,6 +1,6 @@ --- a/wpa_supplicant/ap.c +++ b/wpa_supplicant/ap.c -@@ -1373,15 +1373,35 @@ int ap_switch_channel(struct wpa_supplic +@@ -1378,15 +1378,35 @@ int ap_switch_channel(struct wpa_supplic #ifdef CONFIG_CTRL_IFACE diff --git a/package/network/services/hostapd/patches/350-nl80211_del_beacon_bss.patch b/package/network/services/hostapd/patches/350-nl80211_del_beacon_bss.patch index 8343595ecc00..c3ce2b474d95 100644 --- a/package/network/services/hostapd/patches/350-nl80211_del_beacon_bss.patch +++ b/package/network/services/hostapd/patches/350-nl80211_del_beacon_bss.patch @@ -1,6 +1,6 @@ --- a/src/drivers/driver_nl80211.c +++ b/src/drivers/driver_nl80211.c -@@ -2722,10 +2722,15 @@ static int wpa_driver_nl80211_del_beacon +@@ -2721,10 +2721,15 @@ static int wpa_driver_nl80211_del_beacon struct nl_msg *msg; struct wpa_driver_nl80211_data *drv = bss->drv; @@ -18,7 +18,7 @@ return send_and_recv_msgs(drv, msg, NULL, NULL); } -@@ -5036,7 +5041,7 @@ static void nl80211_teardown_ap(struct i +@@ -5042,7 +5047,7 @@ static void nl80211_teardown_ap(struct i nl80211_mgmt_unsubscribe(bss, "AP teardown"); nl80211_put_wiphy_data_ap(bss); @@ -27,7 +27,7 @@ } -@@ -7302,8 +7307,6 @@ static int wpa_driver_nl80211_if_remove( +@@ -7353,8 +7358,6 @@ static int wpa_driver_nl80211_if_remove( } else { wpa_printf(MSG_DEBUG, "nl80211: First BSS - reassign context"); nl80211_teardown_ap(bss); @@ -36,7 +36,7 @@ nl80211_destroy_bss(bss); if (!bss->added_if) i802_set_iface_flags(bss, 0); -@@ -7693,7 +7696,6 @@ static int wpa_driver_nl80211_deinit_ap( +@@ -7744,7 +7747,6 @@ static int wpa_driver_nl80211_deinit_ap( if (!is_ap_interface(drv->nlmode)) return -1; wpa_driver_nl80211_del_beacon(bss); @@ -44,7 +44,7 @@ /* * If the P2P GO interface was dynamically added, then it is -@@ -7713,7 +7715,6 @@ static int wpa_driver_nl80211_stop_ap(vo +@@ -7764,7 +7766,6 @@ static int wpa_driver_nl80211_stop_ap(vo if (!is_ap_interface(drv->nlmode)) return -1; wpa_driver_nl80211_del_beacon(bss); diff --git a/package/network/services/hostapd/patches/360-ctrl_iface_reload.patch b/package/network/services/hostapd/patches/360-ctrl_iface_reload.patch index c0108c7ce0ea..1706abb0adfd 100644 --- a/package/network/services/hostapd/patches/360-ctrl_iface_reload.patch +++ b/package/network/services/hostapd/patches/360-ctrl_iface_reload.patch @@ -78,7 +78,7 @@ #ifdef CONFIG_IEEE80211W #ifdef NEED_AP_MLME -@@ -3172,6 +3229,8 @@ static int hostapd_ctrl_iface_receive_pr +@@ -3195,6 +3252,8 @@ static int hostapd_ctrl_iface_receive_pr } else if (os_strncmp(buf, "VENDOR ", 7) == 0) { reply_len = hostapd_ctrl_iface_vendor(hapd, buf + 7, reply, reply_size); @@ -89,7 +89,7 @@ #ifdef RADIUS_SERVER --- a/src/ap/ctrl_iface_ap.c +++ b/src/ap/ctrl_iface_ap.c -@@ -872,7 +872,13 @@ int hostapd_parse_csa_settings(const cha +@@ -874,7 +874,13 @@ int hostapd_parse_csa_settings(const cha int hostapd_ctrl_iface_stop_ap(struct hostapd_data *hapd) { diff --git a/package/network/services/hostapd/patches/370-ap_sta_support.patch b/package/network/services/hostapd/patches/370-ap_sta_support.patch index 79dc3f56e87a..5916619fa503 100644 --- a/package/network/services/hostapd/patches/370-ap_sta_support.patch +++ b/package/network/services/hostapd/patches/370-ap_sta_support.patch @@ -110,7 +110,7 @@ break; --- a/wpa_supplicant/wpa_supplicant.c +++ b/wpa_supplicant/wpa_supplicant.c -@@ -126,6 +126,55 @@ static void wpas_update_fils_connect_par +@@ -127,6 +127,55 @@ static void wpas_update_fils_connect_par #endif /* CONFIG_FILS && IEEE8021X_EAPOL */ @@ -166,7 +166,7 @@ /* Configure default/group WEP keys for static WEP */ int wpa_set_wep_keys(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid) { -@@ -940,12 +989,16 @@ void wpa_supplicant_set_state(struct wpa +@@ -941,12 +990,16 @@ void wpa_supplicant_set_state(struct wpa sme_sched_obss_scan(wpa_s, 1); @@ -183,7 +183,7 @@ wpa_s->new_connection = 1; wpa_drv_set_operstate(wpa_s, 0); #ifndef IEEE8021X_EAPOL -@@ -2035,6 +2088,8 @@ void wpa_supplicant_associate(struct wpa +@@ -2039,6 +2092,8 @@ void wpa_supplicant_associate(struct wpa wpa_ssid_txt(ssid->ssid, ssid->ssid_len), ssid->id); wpas_notify_mesh_group_started(wpa_s, ssid); @@ -192,7 +192,7 @@ #else /* CONFIG_MESH */ wpa_msg(wpa_s, MSG_ERROR, "mesh mode support not included in the build"); -@@ -5707,6 +5762,16 @@ static int wpa_supplicant_init_iface(str +@@ -5717,6 +5772,16 @@ static int wpa_supplicant_init_iface(str sizeof(wpa_s->bridge_ifname)); } @@ -209,7 +209,7 @@ /* RSNA Supplicant Key Management - INITIALIZE */ eapol_sm_notify_portEnabled(wpa_s->eapol, FALSE); eapol_sm_notify_portValid(wpa_s->eapol, FALSE); -@@ -6034,6 +6099,11 @@ static void wpa_supplicant_deinit_iface( +@@ -6044,6 +6109,11 @@ static void wpa_supplicant_deinit_iface( if (terminate) wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_TERMINATING); @@ -246,7 +246,7 @@ --- a/hostapd/ctrl_iface.c +++ b/hostapd/ctrl_iface.c -@@ -2385,6 +2385,11 @@ static int hostapd_ctrl_iface_chan_switc +@@ -2408,6 +2408,11 @@ static int hostapd_ctrl_iface_chan_switc if (ret) return ret; @@ -260,7 +260,7 @@ /* Save CHAN_SWITCH VHT config */ --- a/src/ap/beacon.c +++ b/src/ap/beacon.c -@@ -1397,11 +1397,6 @@ int ieee802_11_set_beacon(struct hostapd +@@ -1403,11 +1403,6 @@ int ieee802_11_set_beacon(struct hostapd struct wpabuf *beacon, *proberesp, *assocresp; int res, ret = -1; @@ -272,156 +272,3 @@ hapd->beacon_set_done = 1; if (ieee802_11_build_ap_params(hapd, ¶ms) < 0) ---- a/src/drivers/driver.h -+++ b/src/drivers/driver.h -@@ -4544,6 +4544,13 @@ enum wpa_event_type { - EVENT_CH_SWITCH, - - /** -+ * EVENT_CH_SWITCH - AP or GO will switch channels soon -+ * -+ * Described in wpa_event_data.ch_switch -+ * */ -+ EVENT_CH_SWITCH_STARTED, -+ -+ /** - * EVENT_WNM - Request WNM operation - * - * This event can be used to request a WNM operation to be performed. -@@ -5381,6 +5388,7 @@ union wpa_event_data { - - /** - * struct ch_switch -+ * @count: countdown until channel switch - * @freq: Frequency of new channel in MHz - * @ht_enabled: Whether this is an HT channel - * @ch_offset: Secondary channel offset -@@ -5389,6 +5397,7 @@ union wpa_event_data { - * @cf2: Center frequency 2 - */ - struct ch_switch { -+ int count; - int freq; - int ht_enabled; - int ch_offset; ---- a/src/drivers/driver_nl80211_event.c -+++ b/src/drivers/driver_nl80211_event.c -@@ -534,7 +534,8 @@ static int calculate_chan_offset(int wid - static void mlme_event_ch_switch(struct wpa_driver_nl80211_data *drv, - struct nlattr *ifindex, struct nlattr *freq, - struct nlattr *type, struct nlattr *bw, -- struct nlattr *cf1, struct nlattr *cf2) -+ struct nlattr *cf1, struct nlattr *cf2, -+ struct nlattr *count) - { - struct i802_bss *bss; - union wpa_event_data data; -@@ -592,11 +593,15 @@ static void mlme_event_ch_switch(struct - data.ch_switch.cf1 = nla_get_u32(cf1); - if (cf2) - data.ch_switch.cf2 = nla_get_u32(cf2); -+ if (count) -+ data.ch_switch.count = nla_get_u32(count); - - bss->freq = data.ch_switch.freq; - drv->assoc_freq = data.ch_switch.freq; - -- wpa_supplicant_event(bss->ctx, EVENT_CH_SWITCH, &data); -+ wpa_supplicant_event(bss->ctx, -+ count ? EVENT_CH_SWITCH_STARTED : EVENT_CH_SWITCH, -+ &data); - } - - -@@ -2508,6 +2513,7 @@ static void do_process_drv_event(struct - tb[NL80211_ATTR_PMK], - tb[NL80211_ATTR_PMKID]); - break; -+ case NL80211_CMD_CH_SWITCH_STARTED_NOTIFY: - case NL80211_CMD_CH_SWITCH_NOTIFY: - mlme_event_ch_switch(drv, - tb[NL80211_ATTR_IFINDEX], -@@ -2515,7 +2521,8 @@ static void do_process_drv_event(struct - tb[NL80211_ATTR_WIPHY_CHANNEL_TYPE], - tb[NL80211_ATTR_CHANNEL_WIDTH], - tb[NL80211_ATTR_CENTER_FREQ1], -- tb[NL80211_ATTR_CENTER_FREQ2]); -+ tb[NL80211_ATTR_CENTER_FREQ2], -+ tb[NL80211_ATTR_CH_SWITCH_COUNT]); - break; - case NL80211_CMD_DISCONNECT: - mlme_event_disconnect(drv, tb[NL80211_ATTR_REASON_CODE], ---- a/wpa_supplicant/events.c -+++ b/wpa_supplicant/events.c -@@ -4176,6 +4176,60 @@ static void wpas_event_assoc_reject(stru - } - - -+static void -+supplicant_ch_switch_started(struct wpa_supplicant *wpa_s, -+ union wpa_event_data *data) -+{ -+ char buf[256]; -+ size_t len = sizeof(buf); -+ char *cmd = NULL; -+ int width = 20; -+ int ret; -+ -+ if (!wpa_s->hostapd) -+ return; -+ -+ wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_CHANNEL_SWITCH -+ "count=%d freq=%d ht_enabled=%d ch_offset=%d ch_width=%s cf1=%d cf2=%d", -+ data->ch_switch.count, -+ data->ch_switch.freq, -+ data->ch_switch.ht_enabled, -+ data->ch_switch.ch_offset, -+ channel_width_to_string(data->ch_switch.ch_width), -+ data->ch_switch.cf1, -+ data->ch_switch.cf2); -+ -+ switch (data->ch_switch.ch_width) { -+ case CHAN_WIDTH_20_NOHT: -+ case CHAN_WIDTH_20: -+ width = 20; -+ break; -+ case CHAN_WIDTH_40: -+ width = 40; -+ break; -+ case CHAN_WIDTH_80: -+ width = 80; -+ break; -+ case CHAN_WIDTH_160: -+ case CHAN_WIDTH_80P80: -+ width = 160; -+ break; -+ } -+ -+ asprintf(&cmd, "CHAN_SWITCH %d %d sec_channel_offset=%d center_freq1=%d center_freq2=%d, bandwidth=%d auto-ht\n", -+ data->ch_switch.count - 1, -+ data->ch_switch.freq, -+ data->ch_switch.ch_offset, -+ data->ch_switch.cf1, -+ data->ch_switch.cf2, -+ width); -+ ret = wpa_ctrl_request(wpa_s->hostapd, cmd, os_strlen(cmd), buf, &len, NULL); -+ free(cmd); -+ -+ if (ret < 0) -+ wpa_printf(MSG_ERROR, "\nFailed to reload hostapd AP interfaces\n"); -+} -+ - void supplicant_event(void *ctx, enum wpa_event_type event, - union wpa_event_data *data) - { -@@ -4461,6 +4515,10 @@ void supplicant_event(void *ctx, enum wp - data->rx_from_unknown.wds); - break; - #endif /* CONFIG_AP */ -+ case EVENT_CH_SWITCH_STARTED: -+ supplicant_ch_switch_started(wpa_s, data); -+ break; -+ - case EVENT_CH_SWITCH: - if (!data || !wpa_s->current_ssid) - break; diff --git a/package/network/services/hostapd/patches/380-disable_ctrl_iface_mib.patch b/package/network/services/hostapd/patches/380-disable_ctrl_iface_mib.patch index 86f8ba48c3f4..7f16d3a12a0e 100644 --- a/package/network/services/hostapd/patches/380-disable_ctrl_iface_mib.patch +++ b/package/network/services/hostapd/patches/380-disable_ctrl_iface_mib.patch @@ -12,7 +12,7 @@ else --- a/hostapd/ctrl_iface.c +++ b/hostapd/ctrl_iface.c -@@ -2997,6 +2997,7 @@ static int hostapd_ctrl_iface_receive_pr +@@ -3020,6 +3020,7 @@ static int hostapd_ctrl_iface_receive_pr reply_size); } else if (os_strcmp(buf, "STATUS-DRIVER") == 0) { reply_len = hostapd_drv_status(hapd, reply, reply_size); @@ -20,7 +20,7 @@ } else if (os_strcmp(buf, "MIB") == 0) { reply_len = ieee802_11_get_mib(hapd, reply, reply_size); if (reply_len >= 0) { -@@ -3038,6 +3039,7 @@ static int hostapd_ctrl_iface_receive_pr +@@ -3061,6 +3062,7 @@ static int hostapd_ctrl_iface_receive_pr } else if (os_strncmp(buf, "STA-NEXT ", 9) == 0) { reply_len = hostapd_ctrl_iface_sta_next(hapd, buf + 9, reply, reply_size); @@ -30,7 +30,7 @@ reply_len = -1; --- a/wpa_supplicant/Makefile +++ b/wpa_supplicant/Makefile -@@ -935,6 +935,9 @@ ifdef CONFIG_FILS +@@ -957,6 +957,9 @@ ifdef CONFIG_FILS OBJS += ../src/ap/fils_hlp.o endif ifdef CONFIG_CTRL_IFACE @@ -51,7 +51,7 @@ if (wpa_s->ap_iface) { pos += ap_ctrl_iface_wpa_get_status(wpa_s, pos, end - pos, -@@ -9968,6 +9968,7 @@ char * wpa_supplicant_ctrl_iface_process +@@ -9962,6 +9962,7 @@ char * wpa_supplicant_ctrl_iface_process reply_len = -1; } else if (os_strncmp(buf, "NOTE ", 5) == 0) { wpa_printf(MSG_INFO, "NOTE: %s", buf + 5); @@ -59,7 +59,7 @@ } else if (os_strcmp(buf, "MIB") == 0) { reply_len = wpa_sm_get_mib(wpa_s->wpa, reply, reply_size); if (reply_len >= 0) { -@@ -9980,6 +9981,7 @@ char * wpa_supplicant_ctrl_iface_process +@@ -9974,6 +9975,7 @@ char * wpa_supplicant_ctrl_iface_process reply_size - reply_len); #endif /* CONFIG_MACSEC */ } @@ -67,7 +67,7 @@ } else if (os_strncmp(buf, "STATUS", 6) == 0) { reply_len = wpa_supplicant_ctrl_iface_status( wpa_s, buf + 6, reply, reply_size); -@@ -10461,6 +10463,7 @@ char * wpa_supplicant_ctrl_iface_process +@@ -10458,6 +10460,7 @@ char * wpa_supplicant_ctrl_iface_process reply_len = wpa_supplicant_ctrl_iface_bss( wpa_s, buf + 4, reply, reply_size); #ifdef CONFIG_AP @@ -75,7 +75,7 @@ } else if (os_strcmp(buf, "STA-FIRST") == 0) { reply_len = ap_ctrl_iface_sta_first(wpa_s, reply, reply_size); } else if (os_strncmp(buf, "STA ", 4) == 0) { -@@ -10469,12 +10472,15 @@ char * wpa_supplicant_ctrl_iface_process +@@ -10466,12 +10469,15 @@ char * wpa_supplicant_ctrl_iface_process } else if (os_strncmp(buf, "STA-NEXT ", 9) == 0) { reply_len = ap_ctrl_iface_sta_next(wpa_s, buf + 9, reply, reply_size); @@ -109,7 +109,7 @@ #ifdef CONFIG_P2P_MANAGER static int p2p_manager_disconnect(struct hostapd_data *hapd, u16 stype, -@@ -761,12 +763,12 @@ int hostapd_ctrl_iface_status(struct hos +@@ -763,12 +765,12 @@ int hostapd_ctrl_iface_status(struct hos return len; len += ret; } @@ -126,7 +126,7 @@ if (os_snprintf_error(buflen - len, ret)) --- a/src/ap/ieee802_1x.c +++ b/src/ap/ieee802_1x.c -@@ -2579,6 +2579,7 @@ static const char * bool_txt(Boolean val +@@ -2706,6 +2706,7 @@ static const char * bool_txt(Boolean val return val ? "TRUE" : "FALSE"; } @@ -134,7 +134,7 @@ int ieee802_1x_get_mib(struct hostapd_data *hapd, char *buf, size_t buflen) { -@@ -2765,6 +2766,7 @@ int ieee802_1x_get_mib_sta(struct hostap +@@ -2892,6 +2893,7 @@ int ieee802_1x_get_mib_sta(struct hostap return len; } @@ -144,7 +144,7 @@ static void ieee802_1x_wnm_notif_send(void *eloop_ctx, void *timeout_ctx) --- a/src/ap/wpa_auth.c +++ b/src/ap/wpa_auth.c -@@ -4112,6 +4112,7 @@ static const char * wpa_bool_txt(int val +@@ -4116,6 +4116,7 @@ static const char * wpa_bool_txt(int val return val ? "TRUE" : "FALSE"; } @@ -152,7 +152,7 @@ #define RSN_SUITE "%02x-%02x-%02x-%d" #define RSN_SUITE_ARG(s) \ -@@ -4256,7 +4257,7 @@ int wpa_get_mib_sta(struct wpa_state_mac +@@ -4264,7 +4265,7 @@ int wpa_get_mib_sta(struct wpa_state_mac return len; } @@ -163,7 +163,7 @@ { --- a/src/rsn_supp/wpa.c +++ b/src/rsn_supp/wpa.c -@@ -2481,6 +2481,8 @@ static u32 wpa_key_mgmt_suite(struct wpa +@@ -2502,6 +2502,8 @@ static u32 wpa_key_mgmt_suite(struct wpa } @@ -172,7 +172,7 @@ #define RSN_SUITE "%02x-%02x-%02x-%d" #define RSN_SUITE_ARG(s) \ ((s) >> 24) & 0xff, ((s) >> 16) & 0xff, ((s) >> 8) & 0xff, (s) & 0xff -@@ -2564,6 +2566,7 @@ int wpa_sm_get_mib(struct wpa_sm *sm, ch +@@ -2585,6 +2587,7 @@ int wpa_sm_get_mib(struct wpa_sm *sm, ch return (int) len; } @@ -182,7 +182,7 @@ --- a/wpa_supplicant/ap.c +++ b/wpa_supplicant/ap.c -@@ -1231,7 +1231,7 @@ int wpas_ap_wps_nfc_report_handover(stru +@@ -1236,7 +1236,7 @@ int wpas_ap_wps_nfc_report_handover(stru #endif /* CONFIG_WPS */ diff --git a/package/network/services/hostapd/patches/390-wpa_ie_cap_workaround.patch b/package/network/services/hostapd/patches/390-wpa_ie_cap_workaround.patch index 92b3d9b046f2..c879c3fb8439 100644 --- a/package/network/services/hostapd/patches/390-wpa_ie_cap_workaround.patch +++ b/package/network/services/hostapd/patches/390-wpa_ie_cap_workaround.patch @@ -1,6 +1,6 @@ --- a/src/common/wpa_common.c +++ b/src/common/wpa_common.c -@@ -2079,6 +2079,31 @@ u32 wpa_akm_to_suite(int akm) +@@ -2089,6 +2089,31 @@ u32 wpa_akm_to_suite(int akm) } @@ -32,7 +32,7 @@ int wpa_compare_rsn_ie(int ft_initial_assoc, const u8 *ie1, size_t ie1len, const u8 *ie2, size_t ie2len) -@@ -2086,8 +2111,19 @@ int wpa_compare_rsn_ie(int ft_initial_as +@@ -2096,8 +2121,19 @@ int wpa_compare_rsn_ie(int ft_initial_as if (ie1 == NULL || ie2 == NULL) return -1; diff --git a/package/network/services/hostapd/patches/410-limit_debug_messages.patch b/package/network/services/hostapd/patches/410-limit_debug_messages.patch index b821832e0b8d..3947eb86118b 100644 --- a/package/network/services/hostapd/patches/410-limit_debug_messages.patch +++ b/package/network/services/hostapd/patches/410-limit_debug_messages.patch @@ -1,6 +1,6 @@ --- a/src/utils/wpa_debug.c +++ b/src/utils/wpa_debug.c -@@ -205,7 +205,7 @@ void wpa_debug_close_linux_tracing(void) +@@ -206,7 +206,7 @@ void wpa_debug_close_linux_tracing(void) * * Note: New line '\n' is added to the end of the text when printing to stdout. */ @@ -9,7 +9,7 @@ { va_list ap; -@@ -252,8 +252,8 @@ void wpa_printf(int level, const char *f +@@ -253,8 +253,8 @@ void wpa_printf(int level, const char *f } @@ -20,7 +20,7 @@ { size_t i; -@@ -379,20 +379,8 @@ static void _wpa_hexdump(int level, cons +@@ -380,20 +380,8 @@ static void _wpa_hexdump(int level, cons #endif /* CONFIG_ANDROID_LOG */ } @@ -43,7 +43,7 @@ { size_t i, llen; const u8 *pos = buf; -@@ -505,20 +493,6 @@ static void _wpa_hexdump_ascii(int level +@@ -506,20 +494,6 @@ static void _wpa_hexdump_ascii(int level } @@ -64,7 +64,7 @@ #ifdef CONFIG_DEBUG_FILE static char *last_path = NULL; #endif /* CONFIG_DEBUG_FILE */ -@@ -634,7 +608,7 @@ void wpa_msg_register_ifname_cb(wpa_msg_ +@@ -635,7 +609,7 @@ void wpa_msg_register_ifname_cb(wpa_msg_ } @@ -73,7 +73,7 @@ { va_list ap; char *buf; -@@ -672,7 +646,7 @@ void wpa_msg(void *ctx, int level, const +@@ -673,7 +647,7 @@ void wpa_msg(void *ctx, int level, const } diff --git a/package/network/services/hostapd/patches/420-indicate-features.patch b/package/network/services/hostapd/patches/420-indicate-features.patch index fe5e2d89a301..1f8b049f362f 100644 --- a/package/network/services/hostapd/patches/420-indicate-features.patch +++ b/package/network/services/hostapd/patches/420-indicate-features.patch @@ -8,7 +8,7 @@ #include "crypto/random.h" #include "crypto/tls.h" #include "common/version.h" -@@ -685,7 +686,7 @@ int main(int argc, char *argv[]) +@@ -690,7 +691,7 @@ int main(int argc, char *argv[]) wpa_supplicant_event = hostapd_wpa_event; wpa_supplicant_event_global = hostapd_wpa_event_global; for (;;) { @@ -17,7 +17,7 @@ if (c < 0) break; switch (c) { -@@ -722,6 +723,8 @@ int main(int argc, char *argv[]) +@@ -727,6 +728,8 @@ int main(int argc, char *argv[]) break; #endif /* CONFIG_DEBUG_LINUX_TRACING */ case 'v': diff --git a/package/network/services/hostapd/patches/430-hostapd_cli_ifdef.patch b/package/network/services/hostapd/patches/430-hostapd_cli_ifdef.patch index 3cb07d16d7cc..ca053bcdf6c4 100644 --- a/package/network/services/hostapd/patches/430-hostapd_cli_ifdef.patch +++ b/package/network/services/hostapd/patches/430-hostapd_cli_ifdef.patch @@ -32,7 +32,7 @@ static int hostapd_cli_cmd_disassoc_imminent(struct wpa_ctrl *ctrl, int argc, -@@ -1531,15 +1527,12 @@ static const struct hostapd_cli_cmd host +@@ -1538,15 +1534,12 @@ static const struct hostapd_cli_cmd host { "disassociate", hostapd_cli_cmd_disassociate, hostapd_complete_stations, " = disassociate a station" }, @@ -48,7 +48,7 @@ { "wps_pin", hostapd_cli_cmd_wps_pin, NULL, " [timeout] [addr] = add WPS Enrollee PIN" }, { "wps_check_pin", hostapd_cli_cmd_wps_check_pin, NULL, -@@ -1564,7 +1557,6 @@ static const struct hostapd_cli_cmd host +@@ -1571,7 +1564,6 @@ static const struct hostapd_cli_cmd host " = configure AP" }, { "wps_get_status", hostapd_cli_cmd_wps_get_status, NULL, "= show current WPS status" }, diff --git a/package/network/services/hostapd/patches/460-wpa_supplicant-add-new-config-params-to-be-used-with.patch b/package/network/services/hostapd/patches/460-wpa_supplicant-add-new-config-params-to-be-used-with.patch index a0869e9c1c9c..7ead342fd88b 100644 --- a/package/network/services/hostapd/patches/460-wpa_supplicant-add-new-config-params-to-be-used-with.patch +++ b/package/network/services/hostapd/patches/460-wpa_supplicant-add-new-config-params-to-be-used-with.patch @@ -22,7 +22,7 @@ Signed-hostap: Antonio Quartulli #include "common/defs.h" #include "common/ieee802_11_defs.h" #include "common/wpa_common.h" -@@ -791,6 +792,9 @@ struct wpa_driver_associate_params { +@@ -819,6 +820,9 @@ struct wpa_driver_associate_params { * responsible for selecting with which BSS to associate. */ const u8 *bssid; @@ -162,7 +162,7 @@ Signed-hostap: Antonio Quartulli #define DEFAULT_EAP_WORKAROUND ((unsigned int) -1) -@@ -788,6 +790,9 @@ struct wpa_ssid { +@@ -790,6 +792,9 @@ struct wpa_ssid { */ void *parent_cred; @@ -174,7 +174,7 @@ Signed-hostap: Antonio Quartulli * macsec_policy - Determines the policy for MACsec secure session --- a/wpa_supplicant/wpa_supplicant.c +++ b/wpa_supplicant/wpa_supplicant.c -@@ -3258,6 +3258,12 @@ static void wpas_start_assoc_cb(struct w +@@ -3267,6 +3267,12 @@ static void wpas_start_assoc_cb(struct w params.beacon_int = ssid->beacon_int; else params.beacon_int = wpa_s->conf->beacon_int; diff --git a/package/network/services/hostapd/patches/461-driver_nl80211-use-new-parameters-during-ibss-join.patch b/package/network/services/hostapd/patches/461-driver_nl80211-use-new-parameters-during-ibss-join.patch index efae01a40af9..54ac6a7e3ca8 100644 --- a/package/network/services/hostapd/patches/461-driver_nl80211-use-new-parameters-during-ibss-join.patch +++ b/package/network/services/hostapd/patches/461-driver_nl80211-use-new-parameters-during-ibss-join.patch @@ -10,7 +10,7 @@ Signed-hostap: Antonio Quartulli --- a/src/drivers/driver_nl80211.c +++ b/src/drivers/driver_nl80211.c -@@ -5295,7 +5295,7 @@ static int wpa_driver_nl80211_ibss(struc +@@ -5323,7 +5323,7 @@ static int wpa_driver_nl80211_ibss(struc struct wpa_driver_associate_params *params) { struct nl_msg *msg; @@ -19,7 +19,7 @@ Signed-hostap: Antonio Quartulli int count = 0; wpa_printf(MSG_DEBUG, "nl80211: Join IBSS (ifindex=%d)", drv->ifindex); -@@ -5322,6 +5322,37 @@ retry: +@@ -5350,6 +5350,37 @@ retry: nl80211_put_beacon_int(msg, params->beacon_int)) goto fail; diff --git a/package/network/services/hostapd/patches/463-add-mcast_rate-to-11s.patch b/package/network/services/hostapd/patches/463-add-mcast_rate-to-11s.patch index 041412654eb3..b1c0a591880f 100644 --- a/package/network/services/hostapd/patches/463-add-mcast_rate-to-11s.patch +++ b/package/network/services/hostapd/patches/463-add-mcast_rate-to-11s.patch @@ -19,7 +19,7 @@ Tested-by: Simon Wunderlich --- a/src/drivers/driver.h +++ b/src/drivers/driver.h -@@ -1443,6 +1443,7 @@ struct wpa_driver_mesh_join_params { +@@ -1484,6 +1484,7 @@ struct wpa_driver_mesh_join_params { #define WPA_DRIVER_MESH_FLAG_AMPE 0x00000008 unsigned int flags; u8 handle_dfs; @@ -29,7 +29,7 @@ Tested-by: Simon Wunderlich /** --- a/src/drivers/driver_nl80211.c +++ b/src/drivers/driver_nl80211.c -@@ -9532,6 +9532,18 @@ static int nl80211_put_mesh_id(struct nl +@@ -9612,6 +9612,18 @@ static int nl80211_put_mesh_id(struct nl } @@ -48,7 +48,7 @@ Tested-by: Simon Wunderlich static int nl80211_put_mesh_config(struct nl_msg *msg, struct wpa_driver_mesh_bss_params *params) { -@@ -9593,6 +9605,7 @@ static int nl80211_join_mesh(struct i802 +@@ -9673,6 +9685,7 @@ static int nl80211_join_mesh(struct i802 nl80211_put_basic_rates(msg, params->basic_rates) || nl80211_put_mesh_id(msg, params->meshid, params->meshid_len) || nl80211_put_beacon_int(msg, params->beacon_int) || @@ -58,7 +58,7 @@ Tested-by: Simon Wunderlich --- a/wpa_supplicant/mesh.c +++ b/wpa_supplicant/mesh.c -@@ -491,6 +491,7 @@ int wpa_supplicant_join_mesh(struct wpa_ +@@ -494,6 +494,7 @@ int wpa_supplicant_join_mesh(struct wpa_ params->meshid = ssid->ssid; params->meshid_len = ssid->ssid_len; diff --git a/package/network/services/hostapd/patches/464-fix-mesh-obss-check.patch b/package/network/services/hostapd/patches/464-fix-mesh-obss-check.patch index 5b7dc391e0cf..566a6d74da18 100644 --- a/package/network/services/hostapd/patches/464-fix-mesh-obss-check.patch +++ b/package/network/services/hostapd/patches/464-fix-mesh-obss-check.patch @@ -1,6 +1,6 @@ --- a/wpa_supplicant/wpa_supplicant.c +++ b/wpa_supplicant/wpa_supplicant.c -@@ -2212,11 +2212,13 @@ void ibss_mesh_setup_freq(struct wpa_sup +@@ -2217,11 +2217,13 @@ void ibss_mesh_setup_freq(struct wpa_sup for (j = 0; j < wpa_s->last_scan_res_used; j++) { struct wpa_bss *bss = wpa_s->last_scan_res[j]; diff --git a/package/network/services/hostapd/patches/500-lto-jobserver-support.patch b/package/network/services/hostapd/patches/500-lto-jobserver-support.patch index 31c578537d63..1edfb8e804dd 100644 --- a/package/network/services/hostapd/patches/500-lto-jobserver-support.patch +++ b/package/network/services/hostapd/patches/500-lto-jobserver-support.patch @@ -1,6 +1,6 @@ --- a/hostapd/Makefile +++ b/hostapd/Makefile -@@ -1302,14 +1302,14 @@ hostapd_multi.a: $(BCHECK) $(OBJS) +@@ -1332,14 +1332,14 @@ hostapd_multi.a: $(BCHECK) $(OBJS) @$(AR) cr $@ hostapd_multi.o $(OBJS) hostapd: $(BCHECK) $(OBJS) @@ -19,7 +19,7 @@ NOBJS = nt_password_hash.o ../src/crypto/ms_funcs.o $(SHA1OBJS) --- a/wpa_supplicant/Makefile +++ b/wpa_supplicant/Makefile -@@ -1905,23 +1905,23 @@ wpa_supplicant_multi.a: .config $(BCHECK +@@ -1932,23 +1932,23 @@ wpa_supplicant_multi.a: .config $(BCHECK @$(AR) cr $@ wpa_supplicant_multi.o $(OBJS) wpa_supplicant: $(BCHECK) $(OBJS) $(EXTRA_progs) diff --git a/package/network/services/hostapd/patches/600-ubus_support.patch b/package/network/services/hostapd/patches/600-ubus_support.patch index 508f09624dfd..8f6bf90dc41c 100644 --- a/package/network/services/hostapd/patches/600-ubus_support.patch +++ b/package/network/services/hostapd/patches/600-ubus_support.patch @@ -14,7 +14,7 @@ CFLAGS += -O0 -fprofile-arcs -ftest-coverage --- a/src/ap/hostapd.h +++ b/src/ap/hostapd.h -@@ -13,6 +13,7 @@ +@@ -17,6 +17,7 @@ #include "utils/list.h" #include "ap_config.h" #include "drivers/driver.h" @@ -22,7 +22,7 @@ #define OCE_STA_CFON_ENABLED(hapd) \ ((hapd->conf->oce & OCE_STA_CFON) && \ -@@ -141,6 +142,7 @@ struct hostapd_data { +@@ -145,6 +146,7 @@ struct hostapd_data { struct hostapd_iface *iface; struct hostapd_config *iconf; struct hostapd_bss_config *conf; @@ -32,7 +32,7 @@ unsigned int disabled:1; --- a/src/ap/hostapd.c +++ b/src/ap/hostapd.c -@@ -374,6 +374,7 @@ static void hostapd_free_hapd_data(struc +@@ -380,6 +380,7 @@ static void hostapd_free_hapd_data(struc hapd->beacon_set_done = 0; wpa_printf(MSG_DEBUG, "%s(%s)", __func__, hapd->conf->iface); @@ -40,7 +40,7 @@ iapp_deinit(hapd->iapp); hapd->iapp = NULL; accounting_deinit(hapd); -@@ -1314,6 +1315,8 @@ static int hostapd_setup_bss(struct host +@@ -1377,6 +1378,8 @@ static int hostapd_setup_bss(struct host if (hapd->driver && hapd->driver->set_operstate) hapd->driver->set_operstate(hapd->drv_priv, 1); @@ -49,7 +49,7 @@ return 0; } -@@ -1828,6 +1831,7 @@ static int hostapd_setup_interface_compl +@@ -1891,6 +1894,7 @@ static int hostapd_setup_interface_compl if (err) goto fail; @@ -57,7 +57,7 @@ wpa_printf(MSG_DEBUG, "Completing interface initialization"); if (iface->conf->channel) { #ifdef NEED_AP_MLME -@@ -2020,6 +2024,7 @@ dfs_offload: +@@ -2087,6 +2091,7 @@ dfs_offload: fail: wpa_printf(MSG_ERROR, "Interface initialization failed"); @@ -65,7 +65,7 @@ hostapd_set_state(iface, HAPD_IFACE_DISABLED); wpa_msg(hapd->msg_ctx, MSG_INFO, AP_EVENT_DISABLED); #ifdef CONFIG_FST -@@ -2489,6 +2494,7 @@ void hostapd_interface_deinit_free(struc +@@ -2562,6 +2567,7 @@ void hostapd_interface_deinit_free(struc (unsigned int) iface->conf->num_bss); driver = iface->bss[0]->driver; drv_priv = iface->bss[0]->drv_priv; @@ -75,7 +75,7 @@ __func__, driver, drv_priv); --- a/src/ap/ieee802_11.c +++ b/src/ap/ieee802_11.c -@@ -2029,7 +2029,7 @@ static void handle_auth(struct hostapd_d +@@ -2032,7 +2032,7 @@ static void handle_auth(struct hostapd_d u16 auth_alg, auth_transaction, status_code; u16 resp = WLAN_STATUS_SUCCESS; struct sta_info *sta = NULL; @@ -84,7 +84,7 @@ u16 fc; const u8 *challenge = NULL; u32 session_timeout, acct_interim_interval; -@@ -2040,6 +2040,11 @@ static void handle_auth(struct hostapd_d +@@ -2043,6 +2043,11 @@ static void handle_auth(struct hostapd_d char *identity = NULL; char *radius_cui = NULL; u16 seq_ctrl; @@ -96,7 +96,7 @@ if (len < IEEE80211_HDRLEN + sizeof(mgmt->u.auth)) { wpa_printf(MSG_INFO, "handle_auth - too short payload (len=%lu)", -@@ -2201,6 +2206,13 @@ static void handle_auth(struct hostapd_d +@@ -2204,6 +2209,13 @@ static void handle_auth(struct hostapd_d resp = WLAN_STATUS_UNSPECIFIED_FAILURE; goto fail; } @@ -110,7 +110,7 @@ if (res == HOSTAPD_ACL_PENDING) return; -@@ -3699,7 +3711,7 @@ static void handle_assoc(struct hostapd_ +@@ -3862,7 +3874,7 @@ static void handle_assoc(struct hostapd_ u16 capab_info, listen_interval, seq_ctrl, fc; u16 resp = WLAN_STATUS_SUCCESS, reply_res; const u8 *pos; @@ -119,7 +119,7 @@ struct sta_info *sta; u8 *tmp = NULL; struct hostapd_sta_wpa_psk_short *psk = NULL; -@@ -3708,6 +3720,11 @@ static void handle_assoc(struct hostapd_ +@@ -3871,6 +3883,11 @@ static void handle_assoc(struct hostapd_ #ifdef CONFIG_FILS int delay_assoc = 0; #endif /* CONFIG_FILS */ @@ -131,7 +131,7 @@ if (len < IEEE80211_HDRLEN + (reassoc ? sizeof(mgmt->u.reassoc_req) : sizeof(mgmt->u.assoc_req))) { -@@ -3887,6 +3904,14 @@ static void handle_assoc(struct hostapd_ +@@ -4050,6 +4067,14 @@ static void handle_assoc(struct hostapd_ } #endif /* CONFIG_MBO */ @@ -146,7 +146,7 @@ /* * sta->capability is used in check_assoc_ies() for RRM enabled * capability element. -@@ -4114,6 +4139,7 @@ static void handle_disassoc(struct hosta +@@ -4277,6 +4302,7 @@ static void handle_disassoc(struct hosta wpa_printf(MSG_DEBUG, "disassocation: STA=" MACSTR " reason_code=%d", MAC2STR(mgmt->sa), le_to_host16(mgmt->u.disassoc.reason_code)); @@ -154,7 +154,7 @@ sta = ap_get_sta(hapd, mgmt->sa); if (sta == NULL) { -@@ -4179,6 +4205,8 @@ static void handle_deauth(struct hostapd +@@ -4342,6 +4368,8 @@ static void handle_deauth(struct hostapd " reason_code=%d", MAC2STR(mgmt->sa), le_to_host16(mgmt->u.deauth.reason_code)); @@ -165,7 +165,7 @@ wpa_msg(hapd->msg_ctx, MSG_DEBUG, "Station " MACSTR " trying " --- a/src/ap/beacon.c +++ b/src/ap/beacon.c -@@ -744,6 +744,12 @@ void handle_probe_req(struct hostapd_dat +@@ -746,6 +746,12 @@ void handle_probe_req(struct hostapd_dat struct hostapd_sta_wpa_psk_short *psk = NULL; char *identity = NULL; char *radius_cui = NULL; @@ -178,7 +178,7 @@ if (len < IEEE80211_HDRLEN) return; -@@ -921,6 +927,12 @@ void handle_probe_req(struct hostapd_dat +@@ -923,6 +929,12 @@ void handle_probe_req(struct hostapd_dat } #endif /* CONFIG_P2P */ @@ -219,7 +219,7 @@ wpabuf_free(sta->p2p_ie); --- a/src/ap/sta_info.c +++ b/src/ap/sta_info.c -@@ -423,6 +423,7 @@ void ap_handle_timer(void *eloop_ctx, vo +@@ -424,6 +424,7 @@ void ap_handle_timer(void *eloop_ctx, vo HOSTAPD_LEVEL_INFO, "deauthenticated due to " "local deauth request"); ap_free_sta(hapd, sta); @@ -227,7 +227,7 @@ return; } -@@ -577,6 +578,7 @@ skip_poll: +@@ -578,6 +579,7 @@ skip_poll: hapd, sta, WLAN_REASON_PREV_AUTH_NOT_VALID); ap_free_sta(hapd, sta); @@ -235,7 +235,7 @@ break; } } -@@ -1273,6 +1275,7 @@ void ap_sta_set_authorized(struct hostap +@@ -1284,6 +1286,7 @@ void ap_sta_set_authorized(struct hostap buf, ip_addr, keyid_buf); } else { wpa_msg(hapd->msg_ctx, MSG_INFO, AP_STA_DISCONNECTED "%s", buf); @@ -245,7 +245,7 @@ hapd->msg_ctx_parent != hapd->msg_ctx) --- a/src/ap/wpa_auth_glue.c +++ b/src/ap/wpa_auth_glue.c -@@ -181,6 +181,7 @@ static void hostapd_wpa_auth_psk_failure +@@ -185,6 +185,7 @@ static void hostapd_wpa_auth_psk_failure struct hostapd_data *hapd = ctx; wpa_msg(hapd->msg_ctx, MSG_INFO, AP_STA_POSSIBLE_PSK_MISMATCH MACSTR, MAC2STR(addr)); @@ -268,7 +268,7 @@ ifdef CONFIG_CODE_COVERAGE CFLAGS += -O0 -fprofile-arcs -ftest-coverage LIBS += -lgcov -@@ -923,6 +929,9 @@ endif +@@ -945,6 +951,9 @@ endif ifdef CONFIG_IEEE80211AX OBJS += ../src/ap/ieee802_11_he.o endif @@ -280,7 +280,7 @@ CFLAGS += -DCONFIG_WNM_AP --- a/wpa_supplicant/wpa_supplicant.c +++ b/wpa_supplicant/wpa_supplicant.c -@@ -6288,6 +6288,8 @@ struct wpa_supplicant * wpa_supplicant_a +@@ -6298,6 +6298,8 @@ struct wpa_supplicant * wpa_supplicant_a } #endif /* CONFIG_P2P */ @@ -289,7 +289,7 @@ return wpa_s; } -@@ -6314,6 +6316,8 @@ int wpa_supplicant_remove_iface(struct w +@@ -6324,6 +6326,8 @@ int wpa_supplicant_remove_iface(struct w struct wpa_supplicant *parent = wpa_s->parent; #endif /* CONFIG_MESH */ -- 2.30.2