MFC r351397:

MFV r346563:

Update wpa 2.8 --> 2.9

hostapd:
* SAE changes
- disable use of groups using Brainpool curves
- improved protection against side channel attacks
[https://w1.fi/security/2019-6/]
* EAP-pwd changes
- disable use of groups using Brainpool curves
- improved protection against side channel attacks
[https://w1.fi/security/2019-6/]
* fixed FT-EAP initial mobility domain association using PMKSA caching
* added configuration of airtime policy
* fixed FILS to and RSNE into (Re)Association Response frames
* fixed DPP bootstrapping URI parser of channel list
* added support for regulatory WMM limitation (for ETSI)
* added support for MACsec Key Agreement using IEEE 802.1X/PSK
* added experimental support for EAP-TEAP server (RFC 7170)
* added experimental support for EAP-TLS server with TLS v1.3
* added support for two server certificates/keys (RSA/ECC)
* added AKMSuiteSelector into "STA <addr>" control interface data to
determine with AKM was used for an association
* added eap_sim_id parameter to allow EAP-SIM/AKA server pseudonym and
fast reauthentication use to be disabled
* fixed an ECDH operation corner case with OpenSSL

wpa_supplicant:
* SAE changes
- disable use of groups using Brainpool curves
- improved protection against side channel attacks
[https://w1.fi/security/2019-6/]
* EAP-pwd changes
- disable use of groups using Brainpool curves
- allow the set of groups to be configured (eap_pwd_groups)
- improved protection against side channel attacks
[https://w1.fi/security/2019-6/]
* fixed FT-EAP initial mobility domain association using PMKSA caching
(disabled by default for backwards compatibility; can be enabled
with ft_eap_pmksa_caching=1)
* fixed a regression in OpenSSL 1.1+ engine loading
* added validation of RSNE in (Re)Association Response frames
* fixed DPP bootstrapping URI parser of channel list
* extended EAP-SIM/AKA fast re-authentication to allow use with FILS
* extended ca_cert_blob to support PEM format
* improved robustness of P2P Action frame scheduling
* added support for EAP-SIM/AKA using anonymous@realm identity
* fixed Hotspot 2.0 credential selection based on roaming consortium
to ignore credentials without a specific EAP method
* added experimental support for EAP-TEAP peer (RFC 7170)
* added experimental support for EAP-TLS peer with TLS v1.3
* fixed a regression in WMM parameter configuration for a TDLS peer
* fixed a regression in operation with drivers that offload 802.1X
4-way handshake
* fixed an ECDH operation corner case with OpenSSL

Security: https://w1.fi/security/2019-6/\
sae-eap-pwd-side-channel-attack-update.txt

MFC r341759, r341839, r346591:
The following five MFCs update wpa 2.6 --> 2.8.

r341759:
MFV r341618: Update wpa 2.6 --> 2.7.

r341839:
Set default ciphers.

Submitted by: jkim@

r346591:
Update wpa_supplicant/hostapd 2.7 --> 2.8

Upstream documents the following advisories:

- https://w1.fi/security/2019-1/sae-side-channel-attacks.txt
- https://w1.fi/security/2019-2/eap-pwd-side-channel-attack.txt
- https://w1.fi/security/2019-3/sae-confirm-missing-state-validation.txt
- https://w1.fi/security/2019-4/eap-pwd-missing-commit-validation.txt
- https://w1.fi/security/2019-5/eap-pwd-message-reassembly-issue-\
with-unexpected-fragment.txt

Security: CVE-2019-9494, VU#871675, CVE-2019-9495, CVE-2019-9496,
CVE-2019-9497, CVE-2019-9498, CVE-2019-9499

Relnotes: yes

MFC r336203, r336499, r336501-r336502, r336506, r336510, r336512-r336513, r336515, r336528-r336531

r336203:
MFV r324714:

Update wpa 2.5 --> 2.6.

r336499:
MFV: r336485

Address: hostapd: Avoid key reinstallation in FT handshake

Obtained from: https://w1.fi/security/2017-1/\
rebased-v2.6-0001-hostapd-Avoid-key-\
reinstallation-in-FT-handshake.patch

r336501:
MFV: r336486

Prevent reinstallation of an already in-use group key.
Upline git commit cb5132bb35698cc0c743e34fe0e845dfc4c3e410.

Obtained from: https://w1.fi/security/2017-1/\
rebased-v2.6-0002-Prevent-reinstallation-\
of-an-already-in-use-group-ke.patch

r336502:
MFV r336487:

Import upline security patch: Extend protection of GTK/IGTK
reinstallation of WNM-Sleep Mode cases. This git commit
87e2db16bafcbc60b8d0016175814a73c1e8ed45.

This commit is is simply a pops change as r324696 already plugged
this vulnerability. To maintain consistency with the vendor branch
props will be changed.

Obtained from: https://w1.fi/security/2017-1/\
rebased-v2.6-0003-Extend-protection-of-GTK-IGTK-\
reinstallation-of-WNM-.patch

r336506:
MFV r336490:

Prevent installation of an all-zero TK.
This is also upline git commit 53bb18cc8b7a4da72e47e4b3752d0d2135cffb23.

Obtained from: https://w1.fi/security/2017-1/\
rebased-v2.6-0004-Prevent-installation-\
of-an-all-zero-TK.patch

r336510:
MFV r336493:

Fix PTK rekeying to generate a new ANonce.
This is also upline git commit 0adc9b28b39d414d5febfff752f6a1576f785c85.

This commit is a NOP, just changing props as the heavy lifting was
done by r324696. This just brings us into line with the vendor branch.

Obtained from: https://w1.fi/security/2017-1/\
rebased-v2.6-0005-Fix-PTK-rekeying-to-\
generate-a-new-ANonce.patch

r336512:
MFV r336494:

TDLS: Reject TPK-TK reconfiguration.
This is also upline git commmit ff89af96e5a35c86f50330d2b86c18323318a60c.

Once again this is a NOP as this is a props change to sync up with
the vendor branch. The real commit is in r324696.

Obtained from: https://w1.fi/security/2017-1/\
rebased-v2.6-0006-TDLS-Reject-TPK-TK-\
reconfiguration.patch

r336513:
MFV r336495:

Another props change. The real work was done by r324696. We're simply
syncing up with the vendor branch again.

mport upline security patch: WNM: Ignore WNM-Sleep Mode Request in
wnm_sleep_mode=0 case. This is also upline git commit
114f2830d2c2aee6db23d48240e93415a256a37c.

Obtained from: https://w1.fi/security/2017-1/\
rebased-v2.6-0007-WNM-Ignore-WNM-Sleep-Mode-\
Response-without-pending-r.patch

r336515:
MFV r336496:

A props change to sync up with the vendor branch. The real work was
done by r324696.

FILS: Do not allow multiple (Re)Association Response frames.
This is also upline git commit e760851176c77ae6de19821bb1d5bf3ae2cb5187.

Obtained from: https://w1.fi/security/2017-1/\
rebased-v2.6-0008-FT-Do-not-allow-multiple-\
Reassociation-Response-fram.patch

r336528:
Revert r336501. It was a of the wrong rev from the vendor branch.

r336529:
MFV: r336486

Prevent reinstallation of an already in-use group key.
Upline git commit cb5132bb35698cc0c743e34fe0e845dfc4c3e410.

Obtained from: https://w1.fi/security/2017-1/\
rebased-v2.6-0002-Prevent-reinstallation-\
of-an-already-in-use-group-ke.patch

r336530:
To reduce our diff between our sources and our upline, sync up
with upline. Also making it easier to read.

Obtained from: diffing base with ports

r336531:
Remove a redundant declaration.

While at it add a blank line, conforming with the convention
used in this file.

Copy head@r302406 to stable/11 as part of the 11.0-RELEASE cycle.
Prune svn:mergeinfo from the new branch, as nothing has been merged
here.

Additional commits post-branch will follow.

Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation

Update hostapd/wpa_supplicant to version 2.5.

Tested by several people on current@/wireless@.

Relnotes: yes

Merge wpa_supplicant/hostapd 2.4.

Major changes are: SAE, Suite B, RFC 7268, EAP-PKE, ACS, and tons of
bug fixes.

Relnotes: yes

Merge hostapd / wpa_supplicant 2.0.

Reviewed by: adrian (driver_bsd + usr.sbin/wpa)

Merge wpa_supplicant and hostapd 0.7.3.

Import hostapd 0.7.3.

Changes:

2010-09-07 - v0.7.3
* fixed re-association after WPS not initializing WPA state machine in
some cases
* fixed WPS IE update on reconfiguration
* fixed WPS code not to proxy Probe Request frames for foreign SSIDs
* added WPS workaround for open networks and some known interop issues
* fixed WPS Diffie-Hellman derivation to use correct public key length
* fixed FT RRB messages on big endian CPUs
* changed WPS protection for brute force AP PIN attacks to disable AP
PIN only temporarily (but with increasing time) to avoid usability
issues on Label-only devices
* added wps_ap_pin command for more secure handling of AP PIN
operations (e.g., to generate a random AP PIN and only use it for
short amount of time)
* fixed HT STBC negotiation

2010-04-18 - v0.7.2
* fix WPS internal Registrar use when an external Registrar is also
active
* bsd: Cleaned up driver wrapper and added various low-level
configuration options
* TNC: fixed issues with fragmentation
* EAP-TNC: add Flags field into fragment acknowledgement (needed to
interoperate with other implementations; may potentially breaks
compatibility with older wpa_supplicant/hostapd versions)
* cleaned up driver wrapper API for multi-BSS operations
* nl80211: fix multi-BSS and VLAN operations
* fix number of issues with IEEE 802.11r/FT; this version is not
backwards compatible with old versions
* add SA Query Request processing in AP mode (IEEE 802.11w)
* fix IGTK PN in group rekeying (IEEE 802.11w)
* fix WPS PBC session overlap detection to use correct attribute
* hostapd_notif_Assoc() can now be called with all IEs to simplify
driver wrappers
* work around interoperability issue with some WPS External Registrar
implementations
* nl80211: fix WPS IE update
* hostapd_cli: add support for action script operations (run a script
on hostapd events)
* fix DH padding with internal crypto code (mainly, for WPS)
* fix WPS association with both WPS IE and WPA/RSN IE present with
driver wrappers that use hostapd MLME (e.g., nl80211)

2010-01-16 - v0.7.1
* cleaned up driver wrapper API (struct wpa_driver_ops); the new API
is not fully backwards compatible, so out-of-tree driver wrappers
will need modifications
* cleaned up various module interfaces
* merge hostapd and wpa_supplicant developers' documentation into a
single document
* fixed HT Capabilities IE with nl80211 drivers
* moved generic AP functionality code into src/ap
* WPS: handle Selected Registrar as union of info from all Registrars
* remove obsolte Prism54.org driver wrapper
* added internal debugging mechanism with backtrace support and memory
allocation/freeing validation, etc. tests (CONFIG_WPA_TRACE=y)
* EAP-FAST server: piggyback Phase 2 start with the end of Phase 1
* WPS: add support for dynamically selecting whether to provision the
PSK as an ASCII passphrase or PSK
* added support for WDS (4-address frame) mode with per-station virtual
interfaces (wds_sta=1 in config file; only supported with
driver=nl80211 for now)
* fixed WPS Probe Request processing to handle missing required
attribute
* fixed PKCS#12 use with OpenSSL 1.0.0
* detect bridge interface automatically so that bridge parameter in
hostapd.conf becomes optional (though, it may now be used to
automatically add then WLAN interface into a bridge with
driver=nl80211)

2009-11-21 - v0.7.0
* increased hostapd_cli ping interval to 5 seconds and made this
configurable with a new command line options (-G<seconds>)
* driver_nl80211: use Linux socket filter to improve performance
* added support for external Registrars with WPS (UPnP transport)
* 802.11n: scan for overlapping BSSes before starting 20/40 MHz channel
* driver_nl80211: fixed STA accounting data collection (TX/RX bytes
reported correctly; TX/RX packets not yet available from kernel)
* added support for WPS USBA out-of-band mechanism with USB Flash
Drives (UFD) (CONFIG_WPS_UFD=y)
* fixed EAPOL/EAP reauthentication when using an external RADIUS
authentication server
* fixed TNC with EAP-TTLS
* fixed IEEE 802.11r key derivation function to match with the standard
(note: this breaks interoperability with previous version) [Bug 303]
* fixed SHA-256 based key derivation function to match with the
standard when using CCMP (for IEEE 802.11r and IEEE 802.11w)
(note: this breaks interoperability with previous version) [Bug 307]
* added number of code size optimizations to remove unnecessary
functionality from the program binary based on build configuration
(part of this automatic; part configurable with CONFIG_NO_* build
options)
* use shared driver wrapper files with wpa_supplicant
* driver_nl80211: multiple updates to provide support for new Linux
nl80211/mac80211 functionality
* updated management frame protection to use IEEE Std 802.11w-2009
* fixed number of small WPS issues and added workarounds to
interoperate with common deployed broken implementations
* added some IEEE 802.11n co-existance rules to disable 40 MHz channels
or modify primary/secondary channels if needed based on neighboring
networks
* added support for NFC out-of-band mechanism with WPS
* added preliminary support for IEEE 802.11r RIC processing