mirror of
https://github.com/freebsd/freebsd-src
synced 2024-07-22 10:48:02 +00:00
206b73d042
Update wpa 2.8 --> 2.9 hostapd: * SAE changes - disable use of groups using Brainpool curves - improved protection against side channel attacks [https://w1.fi/security/2019-6/] * EAP-pwd changes - disable use of groups using Brainpool curves - improved protection against side channel attacks [https://w1.fi/security/2019-6/] * fixed FT-EAP initial mobility domain association using PMKSA caching * added configuration of airtime policy * fixed FILS to and RSNE into (Re)Association Response frames * fixed DPP bootstrapping URI parser of channel list * added support for regulatory WMM limitation (for ETSI) * added support for MACsec Key Agreement using IEEE 802.1X/PSK * added experimental support for EAP-TEAP server (RFC 7170) * added experimental support for EAP-TLS server with TLS v1.3 * added support for two server certificates/keys (RSA/ECC) * added AKMSuiteSelector into "STA <addr>" control interface data to determine with AKM was used for an association * added eap_sim_id parameter to allow EAP-SIM/AKA server pseudonym and fast reauthentication use to be disabled * fixed an ECDH operation corner case with OpenSSL wpa_supplicant: * SAE changes - disable use of groups using Brainpool curves - improved protection against side channel attacks [https://w1.fi/security/2019-6/] * EAP-pwd changes - disable use of groups using Brainpool curves - allow the set of groups to be configured (eap_pwd_groups) - improved protection against side channel attacks [https://w1.fi/security/2019-6/] * fixed FT-EAP initial mobility domain association using PMKSA caching (disabled by default for backwards compatibility; can be enabled with ft_eap_pmksa_caching=1) * fixed a regression in OpenSSL 1.1+ engine loading * added validation of RSNE in (Re)Association Response frames * fixed DPP bootstrapping URI parser of channel list * extended EAP-SIM/AKA fast re-authentication to allow use with FILS * extended ca_cert_blob to support PEM format * improved robustness of P2P Action frame scheduling * added support for EAP-SIM/AKA using anonymous@realm identity * fixed Hotspot 2.0 credential selection based on roaming consortium to ignore credentials without a specific EAP method * added experimental support for EAP-TEAP peer (RFC 7170) * added experimental support for EAP-TLS peer with TLS v1.3 * fixed a regression in WMM parameter configuration for a TDLS peer * fixed a regression in operation with drivers that offload 802.1X 4-way handshake * fixed an ECDH operation corner case with OpenSSL MFC after: 1 week Security: https://w1.fi/security/2019-6/\ sae-eap-pwd-side-channel-attack-update.txt
156 lines
3.2 KiB
C
156 lines
3.2 KiB
C
/*
|
|
* EAP method registration
|
|
* Copyright (c) 2004-2009, Jouni Malinen <j@w1.fi>
|
|
*
|
|
* This software may be distributed under the terms of the BSD license.
|
|
* See README for more details.
|
|
*/
|
|
|
|
#include "includes.h"
|
|
|
|
#include "common.h"
|
|
#include "eap_server/eap_methods.h"
|
|
#include "eap_register.h"
|
|
|
|
|
|
/**
|
|
* eap_server_register_methods - Register statically linked EAP server methods
|
|
* Returns: 0 on success, -1 or -2 on failure
|
|
*
|
|
* This function is called at program initialization to register all EAP
|
|
* methods that were linked in statically.
|
|
*/
|
|
int eap_server_register_methods(void)
|
|
{
|
|
int ret = 0;
|
|
|
|
#ifdef EAP_SERVER_IDENTITY
|
|
if (ret == 0)
|
|
ret = eap_server_identity_register();
|
|
#endif /* EAP_SERVER_IDENTITY */
|
|
|
|
#ifdef EAP_SERVER_MD5
|
|
if (ret == 0)
|
|
ret = eap_server_md5_register();
|
|
#endif /* EAP_SERVER_MD5 */
|
|
|
|
#ifdef EAP_SERVER_TLS
|
|
if (ret == 0)
|
|
ret = eap_server_tls_register();
|
|
#endif /* EAP_SERVER_TLS */
|
|
|
|
#ifdef EAP_SERVER_UNAUTH_TLS
|
|
if (ret == 0)
|
|
ret = eap_server_unauth_tls_register();
|
|
#endif /* EAP_SERVER_TLS */
|
|
|
|
#ifdef EAP_SERVER_TLS
|
|
#ifdef CONFIG_HS20
|
|
if (ret == 0)
|
|
ret = eap_server_wfa_unauth_tls_register();
|
|
#endif /* CONFIG_HS20 */
|
|
#endif /* EAP_SERVER_TLS */
|
|
|
|
#ifdef EAP_SERVER_MSCHAPV2
|
|
if (ret == 0)
|
|
ret = eap_server_mschapv2_register();
|
|
#endif /* EAP_SERVER_MSCHAPV2 */
|
|
|
|
#ifdef EAP_SERVER_PEAP
|
|
if (ret == 0)
|
|
ret = eap_server_peap_register();
|
|
#endif /* EAP_SERVER_PEAP */
|
|
|
|
#ifdef EAP_SERVER_TLV
|
|
if (ret == 0)
|
|
ret = eap_server_tlv_register();
|
|
#endif /* EAP_SERVER_TLV */
|
|
|
|
#ifdef EAP_SERVER_GTC
|
|
if (ret == 0)
|
|
ret = eap_server_gtc_register();
|
|
#endif /* EAP_SERVER_GTC */
|
|
|
|
#ifdef EAP_SERVER_TTLS
|
|
if (ret == 0)
|
|
ret = eap_server_ttls_register();
|
|
#endif /* EAP_SERVER_TTLS */
|
|
|
|
#ifdef EAP_SERVER_SIM
|
|
if (ret == 0)
|
|
ret = eap_server_sim_register();
|
|
#endif /* EAP_SERVER_SIM */
|
|
|
|
#ifdef EAP_SERVER_AKA
|
|
if (ret == 0)
|
|
ret = eap_server_aka_register();
|
|
#endif /* EAP_SERVER_AKA */
|
|
|
|
#ifdef EAP_SERVER_AKA_PRIME
|
|
if (ret == 0)
|
|
ret = eap_server_aka_prime_register();
|
|
#endif /* EAP_SERVER_AKA_PRIME */
|
|
|
|
#ifdef EAP_SERVER_PAX
|
|
if (ret == 0)
|
|
ret = eap_server_pax_register();
|
|
#endif /* EAP_SERVER_PAX */
|
|
|
|
#ifdef EAP_SERVER_PSK
|
|
if (ret == 0)
|
|
ret = eap_server_psk_register();
|
|
#endif /* EAP_SERVER_PSK */
|
|
|
|
#ifdef EAP_SERVER_SAKE
|
|
if (ret == 0)
|
|
ret = eap_server_sake_register();
|
|
#endif /* EAP_SERVER_SAKE */
|
|
|
|
#ifdef EAP_SERVER_GPSK
|
|
if (ret == 0)
|
|
ret = eap_server_gpsk_register();
|
|
#endif /* EAP_SERVER_GPSK */
|
|
|
|
#ifdef EAP_SERVER_VENDOR_TEST
|
|
if (ret == 0)
|
|
ret = eap_server_vendor_test_register();
|
|
#endif /* EAP_SERVER_VENDOR_TEST */
|
|
|
|
#ifdef EAP_SERVER_FAST
|
|
if (ret == 0)
|
|
ret = eap_server_fast_register();
|
|
#endif /* EAP_SERVER_FAST */
|
|
|
|
#ifdef EAP_SERVER_TEAP
|
|
if (ret == 0)
|
|
ret = eap_server_teap_register();
|
|
#endif /* EAP_SERVER_TEAP */
|
|
|
|
#ifdef EAP_SERVER_WSC
|
|
if (ret == 0)
|
|
ret = eap_server_wsc_register();
|
|
#endif /* EAP_SERVER_WSC */
|
|
|
|
#ifdef EAP_SERVER_IKEV2
|
|
if (ret == 0)
|
|
ret = eap_server_ikev2_register();
|
|
#endif /* EAP_SERVER_IKEV2 */
|
|
|
|
#ifdef EAP_SERVER_TNC
|
|
if (ret == 0)
|
|
ret = eap_server_tnc_register();
|
|
#endif /* EAP_SERVER_TNC */
|
|
|
|
#ifdef EAP_SERVER_PWD
|
|
if (ret == 0)
|
|
ret = eap_server_pwd_register();
|
|
#endif /* EAP_SERVER_PWD */
|
|
|
|
#ifdef EAP_SERVER_EKE
|
|
if (ret == 0)
|
|
ret = eap_server_eke_register();
|
|
#endif /* EAP_SERVER_EKE */
|
|
|
|
return ret;
|
|
}
|