[wpa_supplicant] Cumulative patch from commit 27e828d72
Bug: 231272394
Test: connect/disconnect to WPA2, WPA3 networks
Test: SoftAp & p2p connection
Test: Regression test(b/231636895)
BYPASS_INCLUSIVE_LANGUAGE_REASON=Merged from Open source
27e828d72 ACS: Send EHT enabled info to driver
82066bd36 nl80211: Don't force VHT channel definition with EHT
43fe1ce35 EHT: Add [EHT] flag into AP mode STA command
696ad5c2d EHT: Indicate wifi_generation=7 in wpa_supplicant STATUS output
4994c41f2 EHT: Indicate ieee80211be configuration in hostapd STATUS output
50d883710 EHT: Fix invalid length checking for EHT Capability element
6c7b2be42 SAE: Send real status code to the driver when AP rejects external auth
2c78f11a9 Fix compilation due to forward declaration of macaddr_acl
c8e822801 OpenSSL: Fix build with old library versions that do not support TLS 1.3
c24e18e5c LibreSSL: Fix compilation issue with TLS 1.3 session ticket limit
eb5e63985 LibreSSL: Fix compilation issue with RSA-OAEP
5d56cf1c7 BoringSSL: Fix compilation error due to TLS 1.3 session tickets
a561d12d2 EAP peer status notification for server not supporting RFC 5746
566ce69a8 EAP peer: Workaround for servers that do not support safe TLS renegotiation
ccb3206b6 Fix tls_connection_set_success_data() in TLS library wrappers
decac7cd1 OpenSSL: Do not send out a TLS 1.3 session ticket if caching disabled
05406f7ae EAP-PEAP server: Fix TLS 1.3 move to Phase 2 without a new session ticket
10746875e OpenSSL: Allow no OCSP response when resuming a session with TLS 1.3
2be1bcaf7 EAP-TLS peer: Fix protected success indication check for resumed session
1c66276d9 EAP-TLS server: Send final TLS message for resumed session with TLS 1.3
81e249888 OpenSSL: Limit the number of TLS 1.3 session tickets to one
d26247c3d wpa_supplicant/README-WPS: Beautifications
a8d058c93 OpenSSL: SSLKEYLOGFILE capability to allow Wireshark TLS decoding
23f389068 wolfSSL: Fix OCSP stapling
a2971f8d8 wolfSSL: Allow TLS version 1.3 to be disabled
a40e48fbe wolfSSL: Fix TLS 1.3 session handling
0c3f68f2a wolfSSL: Check for the too-short-password error in pbkdf2_sha1()
ca2622481 Check the return of pbkdf2_sha1() for errors
013cd694d wolfSSL: Fixes for FIPS builds
9d5f8168f wolfSSL: Register a FIPS callback
8f36e6c0f wolfSSL: Implement crypto_ec_key wrappers
1f7e10177 wolfSSL: Add missing free calls for wolfSSL structs
ec1cd91e7 wolfSSL: Support both DER and PEM blobs
42871a5d2 EAP-SIM/AKA peer: IMSI privacy
21098e39f EAP-SIM/AKA server: IMSI privacy
36b11bbcf OpenSSL: RSA-OAEP-SHA-256 encryption/decryption
c3d389b72 EHT: Channel switch command support
dae7940a4 EHT: Additions to hostapd_set_freq_params()
e646b11fe EHT: Indicate EHT support in Neighbor Report element
f915d52de EHT: Provide EHT capabilities in STA addition path
a6d1b4c46 EHT: Process (Re)Association Request frame capabilities
340c0e212 EHT: Parse elements received in Management frames
d54e3d049 EHT: Add operation element in AP mode Management frames
9b7202d66 EHT: Add capabilities element in AP mode Management frames
a7ea72188 EHT: Add configuration options for beamforming capabilities
8db3881c7 EHT: Add operating channel width configuration
8dcc2139f EHT: AP mode configuration options to enable/disable the support
9f7da264b nl80211: Pass station's EHT capabilities to the driver in sta_add()
0c8a9aa5d nl80211: Parse EHT capabilities from the driver
c08b735fd EHT: Define EHT elements
1a716f86a defconfig: Document IEEE 802.11ax as a published amendment
86310c220 Set hostapd hw_mode automatically based on 6 GHz op_class
664fd83d5 nl80211: Increase the buffer length for debug printing channels
563162a5f QCA vendor attribute to allow eMLSR HW mode
1e34bc49c OpenSSL: Track SSL_SESSION ex data separately
734fa392f MBO: Check association disallowed in Beacon frames, if newer
284e3ad19 Determine whether Beacon frame information is newer in scan results
28c9f29a3 scan: Print SSID in scan results dump
5a0471579 Install wpa_passphrase when not disabled
f1686d776 hostapd: Allow enabling background radar
08d7738bb wolfSSL: Speed up crypto_ec_point_compute_y_sqr()
f50d5c9a8 wolfSSL: Fix crypto_ec_point_compute_y_sqr() error case processing
7302aa761 wolfSSL: Fix the memory leak of crypto_ec_point_compute_y_sqr()
e7dd0fff1 wolfSSL: Use wc_HmacInit() to avoid potential use of uninitialized values
f7be558d6 OpenSSL: Fix build with BoringSSL
6d33ef362 OpenSSL: Remove compatibility options for older versions than 1.0.2
78c2a4cd0 OpenSSL: Drop compatibility options for LibreSSL older than 2.7
b06250767 OpenSSL: Implement crypto_ecdh routines without EC_KEY for OpenSSL 3.0
fc96f6802 OpenSSL: Use new name for the EC_POINT set/get coordinate functions
0aae045af ctrl: Print the source address of the received commands
f94214968 wpa_ctrl: Wait for a total of 10 seconds, not 10 seconds per iteration
0d9be8855 wolfSSL: Fix certificate commonName checking
94e0f39d9 wolfSSL: Use wolfSSL_export_keying_material() when available
c31fc7a64 wolfSSL: Fix crypto_dh_init() and dh5_init()
d7b8c6eef wolfSSL: Fix crypto_ecdh_* with ECC_TIMING_RESISTANT
ae1fb6455 EAP-EKE server: Fix a memory leak on an error path
166acab4e wolfSSL: TLS session caching
12dee16d7 wolfSSL: Add a debug logging callback
a5d190650 wolfSSL: Implement tls_get_tls_unique()
a419fef36 wolfSSL: Implement tls_connection_get_cipher_suite()
364876b7d wolfSSL: Implement tls_connection_get_peer_subject()
d9c716400 wolfSSL: Implement tls_connection_get_own_cert_used()
d677b9dc6 wolfSSL: Conditional build for aes_wrap/aes_unwrap()
b0f016b87 eapol_test: Update with src/ap/ieee802_1x.c changes
747c5f228 Include MS_FUNCS=y for EAP-pwd peer build
c7f71fb86 Include HMAC-SHA384/512 KDF for SAE if SHA384/512 is included
3a759dcc8 ACS: Honor acs_exclude_dfs with hostapd's ACS implementation
3240cedd6 eapol_test: Print out names for additional known EAP types
f5c711c85 OpenSSL: Unload providers only at process exit
33c4dd26c BSS coloring: Handle the collision and CCA events coming from the kernel
27b4cc712 nl80211: Handle driver events for BSS coloring
399d6e64d nl80211: Add the switch_color() handler for BSS color changes
86bd90eb3 BSS coloring: Disable BSS color during CCA
f7d0b740e BSS coloring: BSS Color Change Announcement element generation
654d2395d BSS coloring: Handling of collision events and triggering CCA
52e2516f1 wpa_supplicant: Add the CONFIG_HE_OVERRIDES option to the defconfig
6a2a60f1d OpenSSL: Do not use the deprecated RSAPrivateKey function
ebb3055e1 OpenSSL: Generate DH parameters automatically if not set with dh_file
bcd299b32 OpenSSL: Convert DH/DSA parameter loading to new API
28c1c91d0 Remove unused dh_blob parameter
4a774cf31 Remove useless DH file configuration from TLS library wrappers
65652c67f Remove DH file configuration from TLS client functionality
b94371af8 RADIUS attributes for EAPOL-Key message details
24763e3cd RADIUS: Attributes with Extended Types (RFC 6929)
feed2f9e7 BoringSSL: Use accessor functions for X509 key usage flags
80be88a08 BoringSSL: Replace stack-allocated X509_STORE_CTX with heap one
b95ed17f6 OpenSSL: Fix build with BoringSSL and LibreSSL 3.3.x and older
ae0f6ee97 OpenSSL: CMAC using the OpenSSL library for non-FIPS cases as well
0c61f6234 OpenSSL: Implement CMAC using the EVP_MAC API
4fcd29660 OpenSSL: Extend CMAC to support 192-bit AES
117617843 OpenSSL: Remove now unused compatibility wrapper for RSA_bits()
a2dbb2558 Android: Compile hs20-osu-client to /vendor/bin in test builds
b0769ce61 DPP: Allow a list of supported curves to be used in bootstrapping URI
ef85328a6 QCA vendor command support to reset configuration for eLNA bypass
7008c50fa OpenSSL: Implement DH using the EVP API
e31500ade OpenSSL: Implement HMAC using the EVP_MAC API
097ca6bf0 OpenSSL: Unload providers on deinit
092efd45a OpenSSL: Implement AES keywrap using the EVP API
7e4984d9c OpenSSL: Use a correct EVP_CIPHER_CTX freeing function on an error path
8e0ac5366 RRM: Include passive channels in active beacon report scan
0adc67612 wpa_supplicant: Use unique IDs for networks and credentials
dacb6d278 Update IEEE P802.11ax draft references to published amendment
8128ea76a Add Transmit Power Envelope element in 6 GHz
bc3dc72a3 Extend 6 GHz Operation Info field in HE Operation element
0eb686637 hostapd: Add config option to specify 6 GHz regulatory AP type
ee06165e9 hostapd: Extend Country element to support 6 GHz band
f5ad97245 PASN: Fix build without CONFIG_TESTING_OPTIONS=y
3467a701c wpa_supplicant: Do not associate on 6 GHz with forbidden configurations
43c6eb5e4 SAE-PK: Add the option to the defconfigs
0482251a6 EAP-TLS: Allow TLSv1.3 support to be enabled with build config
7114e5606 EAP-TLS: Testing functionality to skip protected success indication
95fd54b86 Disconnect STA on continuous EAP reauth without 4-way handshake completion
9e11e746f EAP-TLS: Do not allow TLSv1.3 success without protected result indication
6135a8a6a Stop authentication attemps if AP does not disconnect us
88ab59d71 EAP-TLS: Replace the Commitment Message term with RFC 9190 language
63f311b10 EAP-TLS: Update specification references to RFC 5216 and 9190
5ab385321 Revert "Android: Compile hs20-osu-client to /vendor/bin in test builds"
b746cb28b Add support for not transmitting EAPOL-Key group msg 2/2
d27f7bd94 FILS: Fix config check to allow unsolicited broadcast Probe Response
65a3a273c OWE: Reuse own DH private key in AP if STA tries OWE association again
6ff8bda99 hostapd: Add the missing CONFIG_SAE option to the defconfig
1f5b6085c Fix SIGSEGV of eapol_test
576662d27 ieee802_11_auth: Coding style cleanup - NULL comparison
945acf3ef ieee802_11_auth: Coding style cleanup - no string constant splitting
1c3438fec RADIUS ACL/PSK check during 4-way handshake
5b5c954c0 Fix AP config check to recognize all PSK AKMs
c5d9f9064 QCA vendor attribute to indicate NDP interface managemtn using nl80211
a9c90475b FT: Update current_bss to target AP before check for SME-in-driver
0c88d1487 Debug print on CONFIG_NO_TKIP=y prevent RSNE with TKIP as group cipher
d5a9331f9 P2P: Copy only valid opclasses while filtering out 6 GHz channels
99c91beaa Sync with wireless-next.git include/uapi/linux/nl80211.h
d9121335a wpa_cli: Add ACL and BTM control commands
00622fcfe Extend ACL to install allow/deny list to the driver dynamically
077bce96f Set drv_max_acl_mac_addrs in wpa_supplicant AP mode
9828aba16 Support ACL operations in wpa_supplicant AP mode
fd0d738ff Add return value to ACL functions
f5ac42811 Move ACL control interface commands into shared files
930695662 Add BSS-TM-QUERY event to indicate reception of BSS TM Query
febcdf324 Support BTM operations in wpa_supplicant AP mode
0f8c6e995 Move BTM control interface commands into shared file
e059d8ece Update the Extended Capability element to struct sta_info
eb2e6b56b Enable BSS Transition Management in wpa_supplicant AP mode
30ecf0181 DPP: Update Controller parameters when it was already started
b93d1083e DPP: Fix msg_ctx for PKEX over TCP as Controller/Responder
3085e1a67 hs20-osu-client: dNSName values from OSU server certificate for PPS MO
ce86f2446 DFS: Remove unnecessary variable
760a5ae26 DFS: Switch to background radar channel if available
b63d953fe DFS: Enable CSA for background radar detection
25663241c DFS: Introduce hostapd_dfs_request_channel_switch()
316a9dc63 DFS: Configure background radar/CAC detection
bad12effe nl80211: Radar background flag setting
effd6111b DFS: Rely on channel_type in dfs_downgrade_bandwidth()
f9ba3d5c8 OpenSSL 3.0: Set SSL groups using SSL_set1_groups()
09c62aaf1 OpenSSL: Determine RSA key size without low-level routines
b700a56e1 OpenSSL 3.0: Determine the prime length for an EC key group using EVP_PKEY
3c61f4db4 OpenSSL: Replace EC_GROUP_get_curve_GFp() calls with EC_GROUP_get_curve()
e2cb0ca1a OpenSSL 3.0: Implement crypto_ec_key_group() with new API
f6a53f64a OpenSSL: Replace EVP_PKEY_cmp() with EVP_PKEY_eq() when available
5b093570d D-Bus: Add 'wep_disabled' capability
56a14cc72 DFS: Don't let cac_time_left_seconds overflow
ae512c30a DPP: Fix uninitialised variable on error path
3a157fe92 dbus: Set CurrentAuthMode to INACTIVE only if network is not selected
0ce8d55a2 hs20-osu-client: Allow EST server to use different host name
5eaf596e1 HTTP: Make URL available to the cert_cb
abed7978f HS 2.0 server: Event log entry on missing configuration for the realm
1192d5721 Android: Compile hs20-osu-client to /vendor/bin in test builds
1fee1c40c Enhance QCA vendor interface to indicate TWT required capability of AP
a192305a4 Add QCA vendor attributes for AFC support in external ACS
de5939ef5 DPP: Allow Configurator net_access_key_curve to be changed
9638452a6 DPP: Update Configurator to require same netAccessKey curve to be used
2b406eece DPP: Update Auth-I derivation operations
de64dfe98 DPP: Curve change for netAccessKey
fd2eb7a41 DPP: Fix a memory leak on error path
e9551efe0 DPP: Missing/invalid Protocol Version in Reconfig Auth Req
eeb72e7c9 DPP: Extend DPP_PKEX_ADD ver=<1/2> to cover Responder role
6c3c431bb Add QCA vendor attribute to enable Spectral FFT recapture
fcbdaae8a SAE: Add support for RADIUS passphrase as the SAE password
3d86fcee0 cleanup: Remove unreachable code
9683195ee qca-vendor: Fix typos
4c9ef9322 brcm_vendor: Fix typos
d65285ab8 src/drivers: Fix typos
203a027b2 nl80211: Report background radar/CAC detection capability
0a73649b6 DFS: Add capability to select radar-only channels
f39765369 DFS: Introduce dfs_set_valid_channel() utility routine
d001b301b Fix removal of wpa_passphrase on 'make clean'
cb41c214b build: Re-enable options for libwpa_client.so and wpa_passphrase
dec626109 HE: Fix invalid length checking for HE Capability element
53be64f7d HE: Fix calculation of the PPE Threshold field length
738fef2f0 Clear PSK explicitly from memory in couple more cases on deinit
567b9764f Clear PMK explicitly even without FT support in AP build
0bd29c176 Remove duplicated pointer check
007fd6111 Clear temporary results from stack in PBKDF2-SHA1
1364f322b Remove GTK/IGTK/BIGTK from memory explicitly in AP mode
af1f0694e Clear last set keys (for testing purposes) from memory explicitly
6c850a1c0 nl80211: Clear bss->freq when stopping AP mode
a44fa15cb Define a vendor specific NDP attribute for NAN service id
414ca953f DPP: Clear SCANNING state when starting network introduction
0b5f8e3d8 DPP: Clear netrole on starting chirping or reconfiguration
2fcc076d1 Clear wpa_s->last/current_ssid in more cases
7a7f803a9 DPP: Stop offchannel frame TX wait on DPP_STOP_LISTEN in a corner case
7e941e7a1 macsec_linux: Support cipher suite configuration
46c635910 MACsec: Support GCM-AES-256 cipher suite
42944de69 nl80211: Do not store no-wait TX frame cookies to be cancelled
340ec48cd DPP: Clear state on configuration failure in GAS server hander
7e6f59c70 nl80211: Clear the last saved TX frame cookie on wait expiration
9d5fd3328 Update QCA vendor attribute to indicate maximum PCL attributes
19169a53a atheros: Do not include p2p.h
f43d31dda nl80211: Debug print association comeback event data
a91072503 OCV: Don't start SA Query timer on CSA when SA Query is offloaded
f5c8697c0 Sync with mac80211-next.git include/uapi/linux/nl80211.h
632a9995c Clear ignore_old_scan_res on FLUSH command
Change-Id: I35fd1fb999d045ced8c153fe3d8284c9a71069b1
164 files changed