206b73d042
Update wpa 2.8 --> 2.9 hostapd: * SAE changes - disable use of groups using Brainpool curves - improved protection against side channel attacks [https://w1.fi/security/2019-6/] * EAP-pwd changes - disable use of groups using Brainpool curves - improved protection against side channel attacks [https://w1.fi/security/2019-6/] * fixed FT-EAP initial mobility domain association using PMKSA caching * added configuration of airtime policy * fixed FILS to and RSNE into (Re)Association Response frames * fixed DPP bootstrapping URI parser of channel list * added support for regulatory WMM limitation (for ETSI) * added support for MACsec Key Agreement using IEEE 802.1X/PSK * added experimental support for EAP-TEAP server (RFC 7170) * added experimental support for EAP-TLS server with TLS v1.3 * added support for two server certificates/keys (RSA/ECC) * added AKMSuiteSelector into "STA <addr>" control interface data to determine with AKM was used for an association * added eap_sim_id parameter to allow EAP-SIM/AKA server pseudonym and fast reauthentication use to be disabled * fixed an ECDH operation corner case with OpenSSL wpa_supplicant: * SAE changes - disable use of groups using Brainpool curves - improved protection against side channel attacks [https://w1.fi/security/2019-6/] * EAP-pwd changes - disable use of groups using Brainpool curves - allow the set of groups to be configured (eap_pwd_groups) - improved protection against side channel attacks [https://w1.fi/security/2019-6/] * fixed FT-EAP initial mobility domain association using PMKSA caching (disabled by default for backwards compatibility; can be enabled with ft_eap_pmksa_caching=1) * fixed a regression in OpenSSL 1.1+ engine loading * added validation of RSNE in (Re)Association Response frames * fixed DPP bootstrapping URI parser of channel list * extended EAP-SIM/AKA fast re-authentication to allow use with FILS * extended ca_cert_blob to support PEM format * improved robustness of P2P Action frame scheduling * added support for EAP-SIM/AKA using anonymous@realm identity * fixed Hotspot 2.0 credential selection based on roaming consortium to ignore credentials without a specific EAP method * added experimental support for EAP-TEAP peer (RFC 7170) * added experimental support for EAP-TLS peer with TLS v1.3 * fixed a regression in WMM parameter configuration for a TDLS peer * fixed a regression in operation with drivers that offload 802.1X 4-way handshake * fixed an ECDH operation corner case with OpenSSL MFC after: 1 week Security: https://w1.fi/security/2019-6/\ sae-eap-pwd-side-channel-attack-update.txt |
||
|---|---|---|
| .. | ||
| eap_aka.c | ||
| eap_config.h | ||
| eap_eke.c | ||
| eap_fast_pac.c | ||
| eap_fast_pac.h | ||
| eap_fast.c | ||
| eap_gpsk.c | ||
| eap_gtc.c | ||
| eap_i.h | ||
| eap_ikev2.c | ||
| eap_leap.c | ||
| eap_md5.c | ||
| eap_methods.c | ||
| eap_methods.h | ||
| eap_mschapv2.c | ||
| eap_otp.c | ||
| eap_pax.c | ||
| eap_peap.c | ||
| eap_proxy_dummy.c | ||
| eap_proxy.h | ||
| eap_psk.c | ||
| eap_pwd.c | ||
| eap_sake.c | ||
| eap_sim.c | ||
| eap_teap_pac.c | ||
| eap_teap_pac.h | ||
| eap_teap.c | ||
| eap_tls_common.c | ||
| eap_tls_common.h | ||
| eap_tls.c | ||
| eap_tnc.c | ||
| eap_ttls.c | ||
| eap_vendor_test.c | ||
| eap_wsc.c | ||
| eap.c | ||
| eap.h | ||
| ikev2.c | ||
| ikev2.h | ||
| mschapv2.c | ||
| mschapv2.h | ||
| tncc.c | ||
| tncc.h | ||