MFC r351397:MFV r346563:Update wpa 2.8 --> 2.9hostapd:* SAE changes - disable use of groups using Brainpool curves - improved protection against side channel attacks [https://w1.fi/security/2019-6/]* EAP-pwd changes - disable use of groups using Brainpool curves - improved protection against side channel attacks [https://w1.fi/security/2019-6/]* fixed FT-EAP initial mobility domain association using PMKSA caching* added configuration of airtime policy* fixed FILS to and RSNE into (Re)Association Response frames* fixed DPP bootstrapping URI parser of channel list* added support for regulatory WMM limitation (for ETSI)* added support for MACsec Key Agreement using IEEE 802.1X/PSK* added experimental support for EAP-TEAP server (RFC 7170)* added experimental support for EAP-TLS server with TLS v1.3* added support for two server certificates/keys (RSA/ECC)* added AKMSuiteSelector into "STA <addr>" control interface data to determine with AKM was used for an association* added eap_sim_id parameter to allow EAP-SIM/AKA server pseudonym and fast reauthentication use to be disabled* fixed an ECDH operation corner case with OpenSSLwpa_supplicant:* SAE changes - disable use of groups using Brainpool curves - improved protection against side channel attacks [https://w1.fi/security/2019-6/]* EAP-pwd changes - disable use of groups using Brainpool curves - allow the set of groups to be configured (eap_pwd_groups) - improved protection against side channel attacks [https://w1.fi/security/2019-6/]* fixed FT-EAP initial mobility domain association using PMKSA caching (disabled by default for backwards compatibility; can be enabled with ft_eap_pmksa_caching=1)* fixed a regression in OpenSSL 1.1+ engine loading* added validation of RSNE in (Re)Association Response frames* fixed DPP bootstrapping URI parser of channel list* extended EAP-SIM/AKA fast re-authentication to allow use with FILS* extended ca_cert_blob to support PEM format* improved robustness of P2P Action frame scheduling* added support for EAP-SIM/AKA using anonymous@realm identity* fixed Hotspot 2.0 credential selection based on roaming consortium to ignore credentials without a specific EAP method* added experimental support for EAP-TEAP peer (RFC 7170)* added experimental support for EAP-TLS peer with TLS v1.3* fixed a regression in WMM parameter configuration for a TDLS peer* fixed a regression in operation with drivers that offload 802.1X 4-way handshake* fixed an ECDH operation corner case with OpenSSLSecurity: https://w1.fi/security/2019-6/\ sae-eap-pwd-side-channel-attack-update.txt
Copy head@r302406 to stable/11 as part of the 11.0-RELEASE cycle.Prune svn:mergeinfo from the new branch, as nothing has been mergedhere.Additional commits post-branch will follow.Approved by: re (implicit)Sponsored by: The FreeBSD Foundation
Merge wpa_supplicant/hostapd 2.4.Major changes are: SAE, Suite B, RFC 7268, EAP-PKE, ACS, and tons ofbug fixes.Relnotes: yes
Merge hostapd / wpa_supplicant 2.0.Reviewed by: adrian (driver_bsd + usr.sbin/wpa)
Merge wpa_supplicant and hostapd 0.7.3.
MFV hostapd & wpa_supplicant 0.6.10.
connect vendor wpa area to contrib
import wpa_supplicant+hostapd 0.6.8