From 430ad28df861d1fe638646f51cdf468c5b8a3f61 Mon Sep 17 00:00:00 2001 From: Thomas d'Otreppe Date: Sat, 17 Dec 2016 08:34:02 +0000 Subject: [PATCH] HostAPd: Fixed connection on Windows. MD5 in the signature was making the connection fail, switched to SHA256 (Closes: #1708). git-svn-id: http://svn.aircrack-ng.org/trunk@2878 28c6078b-6c39-48e3-add9-af49d547ecab --- patches/wpe/hostapd-wpe/hostapd-wpe.patch | 174 ++++++++++++---------- 1 file changed, 97 insertions(+), 77 deletions(-) diff --git a/patches/wpe/hostapd-wpe/hostapd-wpe.patch b/patches/wpe/hostapd-wpe/hostapd-wpe.patch index 4309d8740d..e31e97f993 100644 --- a/patches/wpe/hostapd-wpe/hostapd-wpe.patch +++ b/patches/wpe/hostapd-wpe/hostapd-wpe.patch @@ -1,6 +1,6 @@ diff -rupN hostapd-2.6/hostapd/certs/bootstrap hostapd-2.6-wpe/hostapd/certs/bootstrap --- hostapd-2.6/hostapd/certs/bootstrap 1969-12-31 19:00:00.000000000 -0500 -+++ hostapd-2.6-wpe/hostapd/certs/bootstrap 2016-12-11 17:30:32.603942719 -0500 ++++ hostapd-2.6-wpe/hostapd/certs/bootstrap 2016-12-16 15:17:09.459959417 -0500 @@ -0,0 +1,82 @@ +#!/bin/sh +# @@ -12,7 +12,7 @@ diff -rupN hostapd-2.6/hostapd/certs/bootstrap hostapd-2.6-wpe/hostapd/certs/boo +# binary package. The installation should also ensure that the permissions +# and owners are correct for the files generated by this script. +# -+# $Id$ ++# $Id: c9d939beac8d5bdc21ea1ff9233442f9ab933297 $ +# +umask 027 +cd `dirname $0` @@ -38,7 +38,7 @@ diff -rupN hostapd-2.6/hostapd/certs/bootstrap hostapd-2.6-wpe/hostapd/certs/boo +if [ ! -f dh ]; then + openssl dhparam -out dh 1024 || exit 1 + if [ -e /dev/urandom ] ; then -+ dd if=/dev/urandom of=./random count=10 >/dev/null 2>&1; ++ ln -sf /dev/urandom random + else + date > ./random; + fi @@ -86,8 +86,8 @@ diff -rupN hostapd-2.6/hostapd/certs/bootstrap hostapd-2.6-wpe/hostapd/certs/boo +fi diff -rupN hostapd-2.6/hostapd/certs/ca.cnf hostapd-2.6-wpe/hostapd/certs/ca.cnf --- hostapd-2.6/hostapd/certs/ca.cnf 1969-12-31 19:00:00.000000000 -0500 -+++ hostapd-2.6-wpe/hostapd/certs/ca.cnf 2016-12-11 17:30:32.603942719 -0500 -@@ -0,0 +1,59 @@ ++++ hostapd-2.6-wpe/hostapd/certs/ca.cnf 2016-12-16 15:17:09.459959417 -0500 +@@ -0,0 +1,62 @@ +[ ca ] +default_ca = CA_default + @@ -104,11 +104,12 @@ diff -rupN hostapd-2.6/hostapd/certs/ca.cnf hostapd-2.6-wpe/hostapd/certs/ca.cnf +RANDFILE = $dir/.rand +name_opt = ca_default +cert_opt = ca_default -+default_days = 365 ++default_days = 60 +default_crl_days = 30 -+default_md = md5 ++default_md = sha256 +preserve = no +policy = policy_match ++crlDistributionPoints = URI:http://www.example.org/example_ca.crl + +[ policy_match ] +countryName = match @@ -140,16 +141,18 @@ diff -rupN hostapd-2.6/hostapd/certs/ca.cnf hostapd-2.6-wpe/hostapd/certs/ca.cnf +stateOrProvinceName = Radius +localityName = Somewhere +organizationName = Example Inc. -+emailAddress = admin@example.com ++emailAddress = admin@example.org +commonName = "Example Certificate Authority" + +[v3_ca] +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid:always,issuer:always -+basicConstraints = CA:true ++basicConstraints = critical,CA:true ++crlDistributionPoints = URI:http://www.example.org/example_ca.crl ++ diff -rupN hostapd-2.6/hostapd/certs/client.cnf hostapd-2.6-wpe/hostapd/certs/client.cnf --- hostapd-2.6/hostapd/certs/client.cnf 1969-12-31 19:00:00.000000000 -0500 -+++ hostapd-2.6-wpe/hostapd/certs/client.cnf 2016-12-11 17:30:32.603942719 -0500 ++++ hostapd-2.6-wpe/hostapd/certs/client.cnf 2016-12-16 15:17:09.459959417 -0500 @@ -0,0 +1,53 @@ +[ ca ] +default_ca = CA_default @@ -160,16 +163,16 @@ diff -rupN hostapd-2.6/hostapd/certs/client.cnf hostapd-2.6-wpe/hostapd/certs/cl +crl_dir = $dir/crl +database = $dir/index.txt +new_certs_dir = $dir -+certificate = $dir/server.pem ++certificate = $dir/ca.pem +serial = $dir/serial +crl = $dir/crl.pem -+private_key = $dir/server.key ++private_key = $dir/ca.key +RANDFILE = $dir/.rand +name_opt = ca_default +cert_opt = ca_default -+default_days = 365 ++default_days = 60 +default_crl_days = 30 -+default_md = md5 ++default_md = sha256 +preserve = no +policy = policy_match + @@ -202,11 +205,11 @@ diff -rupN hostapd-2.6/hostapd/certs/client.cnf hostapd-2.6-wpe/hostapd/certs/cl +stateOrProvinceName = Radius +localityName = Somewhere +organizationName = Example Inc. -+emailAddress = user@example.com -+commonName = user@example.com ++emailAddress = user@example.org ++commonName = user@example.org diff -rupN hostapd-2.6/hostapd/certs/demoCA/cacert.pem hostapd-2.6-wpe/hostapd/certs/demoCA/cacert.pem --- hostapd-2.6/hostapd/certs/demoCA/cacert.pem 1969-12-31 19:00:00.000000000 -0500 -+++ hostapd-2.6-wpe/hostapd/certs/demoCA/cacert.pem 2016-12-11 17:30:32.603942719 -0500 ++++ hostapd-2.6-wpe/hostapd/certs/demoCA/cacert.pem 2016-12-16 15:17:09.459959417 -0500 @@ -0,0 +1,22 @@ +-----BEGIN CERTIFICATE----- +MIIDtjCCAx+gAwIBAgIBADANBgkqhkiG9w0BAQQFADCBnzELMAkGA1UEBhMCQ0Ex @@ -232,7 +235,7 @@ diff -rupN hostapd-2.6/hostapd/certs/demoCA/cacert.pem hostapd-2.6-wpe/hostapd/c +-----END CERTIFICATE----- diff -rupN hostapd-2.6/hostapd/certs/Makefile hostapd-2.6-wpe/hostapd/certs/Makefile --- hostapd-2.6/hostapd/certs/Makefile 1969-12-31 19:00:00.000000000 -0500 -+++ hostapd-2.6-wpe/hostapd/certs/Makefile 2016-12-11 17:30:32.603942719 -0500 ++++ hostapd-2.6-wpe/hostapd/certs/Makefile 2016-12-16 15:25:49.563949572 -0500 @@ -0,0 +1,145 @@ +###################################################################### +# @@ -240,22 +243,17 @@ diff -rupN hostapd-2.6/hostapd/certs/Makefile hostapd-2.6-wpe/hostapd/certs/Make +# the easy creation of certificates. +# +# See the README file in this directory for more information. -+# -+# $Id$ ++# ++# $Id: cc12464c6c7754aff2f0c8d6e116708c94ff2168 $ +# +###################################################################### + -+DH_KEY_SIZE = 1024 ++DH_KEY_SIZE = 2048 + +# +# Set the passwords +# -+PASSWORD_SERVER = `grep output_password server.cnf | sed 's/.*=//;s/^ *//'` -+PASSWORD_CA = `grep output_password ca.cnf | sed 's/.*=//;s/^ *//'` -+PASSWORD_CLIENT = `grep output_password client.cnf | sed 's/.*=//;s/^ *//'` -+ -+USER_NAME = `grep emailAddress client.cnf | grep '@' | sed 's/.*=//;s/^ *//'` -+CA_DEFAULT_DAYS = `grep default_days ca.cnf | sed 's/.*=//;s/^ *//'` ++-include passwords.mk + +###################################################################### +# @@ -263,7 +261,7 @@ diff -rupN hostapd-2.6/hostapd/certs/Makefile hostapd-2.6-wpe/hostapd/certs/Make +# +###################################################################### +.PHONY: all -+all: index.txt serial dh random server ca ++all: index.txt serial dh server ca client + +.PHONY: client +client: client.pem @@ -274,13 +272,23 @@ diff -rupN hostapd-2.6/hostapd/certs/Makefile hostapd-2.6-wpe/hostapd/certs/Make +.PHONY: server +server: server.pem server.vrfy + ++.PHONY: verify ++verify: server.vrfy client.vrfy ++ ++passwords.mk: server.cnf ca.cnf client.cnf ++ @echo "PASSWORD_SERVER = '$(shell grep output_password server.cnf | sed 's/.*=//;s/^ *//')'" > $@ ++ @echo "PASSWORD_CA = '$(shell grep output_password ca.cnf | sed 's/.*=//;s/^ *//')'" >> $@ ++ @echo "PASSWORD_CLIENT = '$(shell grep output_password client.cnf | sed 's/.*=//;s/^ *//')'" >> $@ ++ @echo "USER_NAME = '$(shell grep emailAddress client.cnf | grep '@' | sed 's/.*=//;s/^ *//')'" >> $@ ++ @echo "CA_DEFAULT_DAYS = '$(shell grep default_days ca.cnf | sed 's/.*=//;s/^ *//')'" >> $@ ++ +###################################################################### +# +# Diffie-Hellman parameters +# +###################################################################### +dh: -+ openssl dhparam -out dh $(DH_KEY_SIZE) ++ openssl gendh -out dh -2 $(DH_KEY_SIZE) + +###################################################################### +# @@ -288,6 +296,8 @@ diff -rupN hostapd-2.6/hostapd/certs/Makefile hostapd-2.6-wpe/hostapd/certs/Make +# +###################################################################### +ca.key ca.pem: ca.cnf ++ @[ -f index.txt ] || $(MAKE) index.txt ++ @[ -f serial ] || $(MAKE) serial + openssl req -new -x509 -keyout ca.key -out ca.pem \ + -days $(CA_DEFAULT_DAYS) -config ./ca.cnf + @@ -313,7 +323,7 @@ diff -rupN hostapd-2.6/hostapd/certs/Makefile hostapd-2.6-wpe/hostapd/certs/Make + +.PHONY: server.vrfy +server.vrfy: ca.pem -+ openssl verify -CAfile ca.pem server.pem ++ @openssl verify -CAfile ca.pem server.pem + +###################################################################### +# @@ -335,7 +345,7 @@ diff -rupN hostapd-2.6/hostapd/certs/Makefile hostapd-2.6-wpe/hostapd/certs/Make + cp client.pem $(USER_NAME).pem + +.PHONY: client.vrfy -+client.vrfy: server.pem client.pem ++client.vrfy: ca.pem client.pem + c_rehash . + openssl verify -CApath . client.pem + @@ -350,13 +360,6 @@ diff -rupN hostapd-2.6/hostapd/certs/Makefile hostapd-2.6-wpe/hostapd/certs/Make +serial: + @echo '01' > serial + -+random: -+ @if [ -c /dev/urandom ] ; then \ -+ dd if=/dev/urandom of=./random count=10 >/dev/null 2>&1; \ -+ else \ -+ date > ./random; \ -+ fi -+ +print: + openssl x509 -text -in server.crt + @@ -378,11 +381,11 @@ diff -rupN hostapd-2.6/hostapd/certs/Makefile hostapd-2.6-wpe/hostapd/certs/Make +# +destroycerts: + rm -f *~ dh *.csr *.crt *.p12 *.der *.pem *.key index.txt* \ -+ serial* random *\.0 *\.1 ++ serial* *\.0 *\.1 diff -rupN hostapd-2.6/hostapd/certs/README hostapd-2.6-wpe/hostapd/certs/README --- hostapd-2.6/hostapd/certs/README 1969-12-31 19:00:00.000000000 -0500 -+++ hostapd-2.6-wpe/hostapd/certs/README 2016-12-11 17:30:32.603942719 -0500 -@@ -0,0 +1,216 @@ ++++ hostapd-2.6-wpe/hostapd/certs/README 2016-12-16 15:17:09.459959417 -0500 +@@ -0,0 +1,226 @@ + This directory contains scripts to create the server certificates. +To make a set of default (i.e. test) certificates, simply type: + @@ -398,9 +401,19 @@ diff -rupN hostapd-2.6/hostapd/certs/README hostapd-2.6-wpe/hostapd/certs/README +server certificate. Without those extensions Windows clients will +refuse to authenticate to FreeRADIUS. + ++ The root CA and the "XP Extensions" file also contain a crlDistributionPoints ++attribute. The latest release of Windows Phone needs this to be present ++for the handset to validate the RADIUS server certificate. The RADIUS ++server must have the URI defined but the CA need not have...however it ++is best practice for a CA to have a revocation URI. Note that whilst ++the Windows Mobile client cannot actually use the CRL when doing 802.1X ++it is recommended that the URI be an actual working URL and contain a ++revocation format file as there may be other OS behaviour at play and ++future OSes that may do something with that URI. ++ + In general, you should use self-signed certificates for 802.1x (EAP) -+authentication. When you list root CAs from other organizations in -+the "CA_file", you permit them to masquerade as you, to authenticate ++authentication. When you list root CAs from other organisations in ++the "ca_file", you permit them to masquerade as you, to authenticate +your users, and to issue client certificates for EAP-TLS. + + If FreeRADIUS was configured to use OpenSSL, then simply starting @@ -539,7 +552,7 @@ diff -rupN hostapd-2.6/hostapd/certs/README hostapd-2.6-wpe/hostapd/certs/README + + to test 2048 bit keys. + -+ A 1GHz system will likely do 30 calculations/s. A 2Ghz system may ++ A 1GHz system will likely do 30 calculations/s. A 2GHz system may + do 50 calculations/s, or more. That number is also the number of + authentications/s that can be done for EAP-TLS (or TTLS, or PEAP). + @@ -549,8 +562,8 @@ diff -rupN hostapd-2.6/hostapd/certs/README hostapd-2.6-wpe/hostapd/certs/README +The certificates created using this method are known to be compatible +with ALL operating systems. Some common issues are: + -+ - Windows requires certain OID's in the certificates. If it doesn't -+ see them, it will stop doing EAP. The most visibile effect is ++ - Windows requires certain OIDs in the certificates. If it doesn't ++ see them, it will stop doing EAP. The most visible effect is + that the client starts EAP, gets a few Access-Challenge packets, + and then a little while later re-starts EAP. If this happens, see + the FAQ, and the comments in raddb/eap.conf for how to fix it. @@ -593,7 +606,7 @@ diff -rupN hostapd-2.6/hostapd/certs/README hostapd-2.6-wpe/hostapd/certs/README +digests, to maintain compatibility with network equipment that +supports only this algorithm. + -+MD5 has known weaknesses and is discouraged in favor of SHA1 (see ++MD5 has known weaknesses and is discouraged in favour of SHA1 (see +http://www.kb.cert.org/vuls/id/836068 for details). If your network +equipment supports the SHA1 signature algorithm, we recommend that you +change the "ca.cnf", "server.cnf", and "client.cnf" files to specify @@ -601,8 +614,8 @@ diff -rupN hostapd-2.6/hostapd/certs/README hostapd-2.6-wpe/hostapd/certs/README +'default_md' entry in those files from 'md5' to 'sha1'. diff -rupN hostapd-2.6/hostapd/certs/README.wpe hostapd-2.6-wpe/hostapd/certs/README.wpe --- hostapd-2.6/hostapd/certs/README.wpe 1969-12-31 19:00:00.000000000 -0500 -+++ hostapd-2.6-wpe/hostapd/certs/README.wpe 2016-12-11 17:30:32.603942719 -0500 -@@ -0,0 +1,8 @@ ++++ hostapd-2.6-wpe/hostapd/certs/README.wpe 2016-12-16 15:32:44.719941713 -0500 +@@ -0,0 +1,13 @@ +# Certificate creation for Hostapd-WPE # +######################################## + @@ -611,9 +624,14 @@ diff -rupN hostapd-2.6/hostapd/certs/README.wpe hostapd-2.6-wpe/hostapd/certs/RE +make clean +./bootstrap +make install ++ ++Notes: ++- Windows 10 (and possibly any Windows starting from Vista) will fail EAP ++ if certificates signed with MD5 are used. ++- Generated certificates used a SHA256 signature. diff -rupN hostapd-2.6/hostapd/certs/server.cnf hostapd-2.6-wpe/hostapd/certs/server.cnf --- hostapd-2.6/hostapd/certs/server.cnf 1969-12-31 19:00:00.000000000 -0500 -+++ hostapd-2.6-wpe/hostapd/certs/server.cnf 2016-12-11 17:30:32.603942719 -0500 ++++ hostapd-2.6-wpe/hostapd/certs/server.cnf 2016-12-16 15:17:09.459959417 -0500 @@ -0,0 +1,54 @@ +[ ca ] +default_ca = CA_default @@ -631,9 +649,9 @@ diff -rupN hostapd-2.6/hostapd/certs/server.cnf hostapd-2.6-wpe/hostapd/certs/se +RANDFILE = $dir/.rand +name_opt = ca_default +cert_opt = ca_default -+default_days = 365 ++default_days = 60 +default_crl_days = 30 -+default_md = md5 ++default_md = sha256 +preserve = no +policy = policy_match + @@ -666,23 +684,25 @@ diff -rupN hostapd-2.6/hostapd/certs/server.cnf hostapd-2.6-wpe/hostapd/certs/se +stateOrProvinceName = Radius +localityName = Somewhere +organizationName = Example Inc. -+emailAddress = admin@example.com ++emailAddress = admin@example.org +commonName = "Example Server Certificate" + diff -rupN hostapd-2.6/hostapd/certs/xpextensions hostapd-2.6-wpe/hostapd/certs/xpextensions --- hostapd-2.6/hostapd/certs/xpextensions 1969-12-31 19:00:00.000000000 -0500 -+++ hostapd-2.6-wpe/hostapd/certs/xpextensions 2016-12-11 17:30:32.603942719 -0500 -@@ -0,0 +1,22 @@ ++++ hostapd-2.6-wpe/hostapd/certs/xpextensions 2016-12-16 15:17:09.459959417 -0500 +@@ -0,0 +1,24 @@ +# -+# File containing the OID's required for Windows. ++# File containing the OIDs required for Windows. +# +# http://support.microsoft.com/kb/814394/en-us +# +[ xpclient_ext] +extendedKeyUsage = 1.3.6.1.5.5.7.3.2 ++crlDistributionPoints = URI:http://www.example.com/example_ca.crl + +[ xpserver_ext] +extendedKeyUsage = 1.3.6.1.5.5.7.3.1 ++crlDistributionPoints = URI:http://www.example.com/example_ca.crl + +# +# Add this to the PKCS#7 keybag attributes holding the client's private key @@ -694,10 +714,10 @@ diff -rupN hostapd-2.6/hostapd/certs/xpextensions hostapd-2.6-wpe/hostapd/certs/ +# The other solution is to use Microsoft's web certificate server +# to generate these certs. +# -+# 1.3.6.1.4.1.311.17.2 ++# 1.3.6.1.4.1.311.17.2 diff -rupN hostapd-2.6/hostapd/.config hostapd-2.6-wpe/hostapd/.config --- hostapd-2.6/hostapd/.config 1969-12-31 19:00:00.000000000 -0500 -+++ hostapd-2.6-wpe/hostapd/.config 2016-12-11 17:30:32.603942719 -0500 ++++ hostapd-2.6-wpe/hostapd/.config 2016-12-16 15:15:56.779960793 -0500 @@ -0,0 +1,345 @@ +# Wireless Pawn Edition HostAPd configuration file +# @@ -1046,7 +1066,7 @@ diff -rupN hostapd-2.6/hostapd/.config hostapd-2.6-wpe/hostapd/.config +CONFIG_TAXONOMY=y diff -rupN hostapd-2.6/hostapd/config_file.c hostapd-2.6-wpe/hostapd/config_file.c --- hostapd-2.6/hostapd/config_file.c 2016-10-02 14:51:11.000000000 -0400 -+++ hostapd-2.6-wpe/hostapd/config_file.c 2016-12-11 17:30:32.603942719 -0500 ++++ hostapd-2.6-wpe/hostapd/config_file.c 2016-12-16 15:15:56.779960793 -0500 @@ -20,7 +20,7 @@ #include "ap/wpa_auth.h" #include "ap/ap_config.h" @@ -1079,7 +1099,7 @@ diff -rupN hostapd-2.6/hostapd/config_file.c hostapd-2.6-wpe/hostapd/config_file bss->eap_server = atoi(pos); diff -rupN hostapd-2.6/hostapd/defconfig hostapd-2.6-wpe/hostapd/defconfig --- hostapd-2.6/hostapd/defconfig 2016-10-02 14:51:11.000000000 -0400 -+++ hostapd-2.6-wpe/hostapd/defconfig 2016-12-11 17:30:32.603942719 -0500 ++++ hostapd-2.6-wpe/hostapd/defconfig 2016-12-16 15:15:56.779960793 -0500 @@ -148,14 +148,14 @@ CONFIG_IPV6=y #CONFIG_DRIVER_RADIUS_ACL=y @@ -1099,7 +1119,7 @@ diff -rupN hostapd-2.6/hostapd/defconfig hostapd-2.6-wpe/hostapd/defconfig # This can be used to reduce the size of the hostapd considerably if debugging diff -rupN hostapd-2.6/hostapd/hostapd-wpe.conf hostapd-2.6-wpe/hostapd/hostapd-wpe.conf --- hostapd-2.6/hostapd/hostapd-wpe.conf 1969-12-31 19:00:00.000000000 -0500 -+++ hostapd-2.6-wpe/hostapd/hostapd-wpe.conf 2016-12-11 17:38:28.799933705 -0500 ++++ hostapd-2.6-wpe/hostapd/hostapd-wpe.conf 2016-12-16 15:15:56.783960792 -0500 @@ -0,0 +1,2042 @@ +# Configuration file for hostapd-wpe + @@ -3145,7 +3165,7 @@ diff -rupN hostapd-2.6/hostapd/hostapd-wpe.conf hostapd-2.6-wpe/hostapd/hostapd- +# ... diff -rupN hostapd-2.6/hostapd/hostapd-wpe.eap_user hostapd-2.6-wpe/hostapd/hostapd-wpe.eap_user --- hostapd-2.6/hostapd/hostapd-wpe.eap_user 1969-12-31 19:00:00.000000000 -0500 -+++ hostapd-2.6-wpe/hostapd/hostapd-wpe.eap_user 2016-12-11 17:30:32.607942719 -0500 ++++ hostapd-2.6-wpe/hostapd/hostapd-wpe.eap_user 2016-12-16 15:15:56.783960792 -0500 @@ -0,0 +1,107 @@ +# hostapd user database for integrated EAP server + @@ -3256,7 +3276,7 @@ diff -rupN hostapd-2.6/hostapd/hostapd-wpe.eap_user hostapd-2.6-wpe/hostapd/host +"t" TTLS-PAP,TTLS-CHAP,TTLS-MSCHAP,MSCHAPV2,MD5,GTC,TTLS,TTLS-MSCHAPV2 "t" [2] diff -rupN hostapd-2.6/hostapd/main.c hostapd-2.6-wpe/hostapd/main.c --- hostapd-2.6/hostapd/main.c 2016-10-02 14:51:11.000000000 -0400 -+++ hostapd-2.6-wpe/hostapd/main.c 2016-12-11 17:30:32.607942719 -0500 ++++ hostapd-2.6-wpe/hostapd/main.c 2016-12-16 15:15:56.783960792 -0500 @@ -28,7 +28,7 @@ #include "config_file.h" #include "eap_register.h" @@ -3335,7 +3355,7 @@ diff -rupN hostapd-2.6/hostapd/main.c hostapd-2.6-wpe/hostapd/main.c &if_names_size, optarg)) diff -rupN hostapd-2.6/hostapd/Makefile hostapd-2.6-wpe/hostapd/Makefile --- hostapd-2.6/hostapd/Makefile 2016-10-02 14:51:11.000000000 -0400 -+++ hostapd-2.6-wpe/hostapd/Makefile 2016-12-11 17:30:32.607942719 -0500 ++++ hostapd-2.6-wpe/hostapd/Makefile 2016-12-16 15:15:56.783960792 -0500 @@ -86,6 +86,7 @@ OBJS += ../src/ap/beacon.o OBJS += ../src/ap/bss_load.o OBJS += ../src/ap/neighbor_db.o @@ -3400,7 +3420,7 @@ diff -rupN hostapd-2.6/hostapd/Makefile hostapd-2.6-wpe/hostapd/Makefile rm -rf lcov-html diff -rupN hostapd-2.6/src/ap/beacon.c hostapd-2.6-wpe/src/ap/beacon.c --- hostapd-2.6/src/ap/beacon.c 2016-10-02 14:51:11.000000000 -0400 -+++ hostapd-2.6-wpe/src/ap/beacon.c 2016-12-11 17:30:32.607942719 -0500 ++++ hostapd-2.6-wpe/src/ap/beacon.c 2016-12-16 15:15:56.783960792 -0500 @@ -30,7 +30,7 @@ #include "hs20.h" #include "dfs.h" @@ -3426,7 +3446,7 @@ diff -rupN hostapd-2.6/src/ap/beacon.c hostapd-2.6-wpe/src/ap/beacon.c if (res == NO_SSID_MATCH) { diff -rupN hostapd-2.6/src/ap/ieee802_11.c hostapd-2.6-wpe/src/ap/ieee802_11.c --- hostapd-2.6/src/ap/ieee802_11.c 2016-10-02 14:51:11.000000000 -0400 -+++ hostapd-2.6-wpe/src/ap/ieee802_11.c 2016-12-11 17:30:32.607942719 -0500 ++++ hostapd-2.6-wpe/src/ap/ieee802_11.c 2016-12-16 15:15:56.783960792 -0500 @@ -45,7 +45,7 @@ #include "mbo_ap.h" #include "rrm.h" @@ -3449,7 +3469,7 @@ diff -rupN hostapd-2.6/src/ap/ieee802_11.c hostapd-2.6-wpe/src/ap/ieee802_11.c "Station tried to associate with unknown SSID " diff -rupN hostapd-2.6/src/crypto/ms_funcs.h hostapd-2.6-wpe/src/crypto/ms_funcs.h --- hostapd-2.6/src/crypto/ms_funcs.h 2016-10-02 14:51:11.000000000 -0400 -+++ hostapd-2.6-wpe/src/crypto/ms_funcs.h 2016-12-11 17:30:32.607942719 -0500 ++++ hostapd-2.6-wpe/src/crypto/ms_funcs.h 2016-12-16 15:15:56.783960792 -0500 @@ -9,6 +9,10 @@ #ifndef MS_FUNCS_H #define MS_FUNCS_H @@ -3463,7 +3483,7 @@ diff -rupN hostapd-2.6/src/crypto/ms_funcs.h hostapd-2.6-wpe/src/crypto/ms_funcs const u8 *password, size_t password_len, diff -rupN hostapd-2.6/src/crypto/tls_openssl.c hostapd-2.6-wpe/src/crypto/tls_openssl.c --- hostapd-2.6/src/crypto/tls_openssl.c 2016-10-02 14:51:11.000000000 -0400 -+++ hostapd-2.6-wpe/src/crypto/tls_openssl.c 2016-12-11 17:30:32.607942719 -0500 ++++ hostapd-2.6-wpe/src/crypto/tls_openssl.c 2016-12-16 15:15:56.787960792 -0500 @@ -21,6 +21,7 @@ #include #include @@ -3627,7 +3647,7 @@ diff -rupN hostapd-2.6/src/crypto/tls_openssl.c hostapd-2.6-wpe/src/crypto/tls_o + diff -rupN hostapd-2.6/src/eap_server/eap_server.c hostapd-2.6-wpe/src/eap_server/eap_server.c --- hostapd-2.6/src/eap_server/eap_server.c 2016-10-02 14:51:11.000000000 -0400 -+++ hostapd-2.6-wpe/src/eap_server/eap_server.c 2016-12-11 17:30:32.607942719 -0500 ++++ hostapd-2.6-wpe/src/eap_server/eap_server.c 2016-12-16 15:15:56.787960792 -0500 @@ -23,7 +23,8 @@ #define STATE_MACHINE_DATA struct eap_sm #define STATE_MACHINE_DEBUG_PREFIX "EAP" @@ -3661,7 +3681,7 @@ diff -rupN hostapd-2.6/src/eap_server/eap_server.c hostapd-2.6-wpe/src/eap_serve eap_user_free(user); diff -rupN hostapd-2.6/src/eap_server/eap_server_mschapv2.c hostapd-2.6-wpe/src/eap_server/eap_server_mschapv2.c --- hostapd-2.6/src/eap_server/eap_server_mschapv2.c 2016-10-02 14:51:11.000000000 -0400 -+++ hostapd-2.6-wpe/src/eap_server/eap_server_mschapv2.c 2016-12-11 17:30:32.607942719 -0500 ++++ hostapd-2.6-wpe/src/eap_server/eap_server_mschapv2.c 2016-12-16 15:15:56.787960792 -0500 @@ -12,7 +12,7 @@ #include "crypto/ms_funcs.h" #include "crypto/random.h" @@ -3712,7 +3732,7 @@ diff -rupN hostapd-2.6/src/eap_server/eap_server_mschapv2.c hostapd-2.6-wpe/src/ diff -rupN hostapd-2.6/src/eap_server/eap_server_peap.c hostapd-2.6-wpe/src/eap_server/eap_server_peap.c --- hostapd-2.6/src/eap_server/eap_server_peap.c 2016-10-02 14:51:11.000000000 -0400 -+++ hostapd-2.6-wpe/src/eap_server/eap_server_peap.c 2016-12-11 17:30:32.611942719 -0500 ++++ hostapd-2.6-wpe/src/eap_server/eap_server_peap.c 2016-12-16 15:15:56.787960792 -0500 @@ -17,7 +17,7 @@ #include "eap_common/eap_tlv_common.h" #include "eap_common/eap_peap_common.h" @@ -3724,7 +3744,7 @@ diff -rupN hostapd-2.6/src/eap_server/eap_server_peap.c hostapd-2.6-wpe/src/eap_ * 0 = Microsoft's PEAP version 0; draft-kamath-pppext-peapv0-00.txt diff -rupN hostapd-2.6/src/eap_server/eap_server_ttls.c hostapd-2.6-wpe/src/eap_server/eap_server_ttls.c --- hostapd-2.6/src/eap_server/eap_server_ttls.c 2016-10-02 14:51:11.000000000 -0400 -+++ hostapd-2.6-wpe/src/eap_server/eap_server_ttls.c 2016-12-11 17:30:32.611942719 -0500 ++++ hostapd-2.6-wpe/src/eap_server/eap_server_ttls.c 2016-12-16 15:15:56.799960792 -0500 @@ -16,7 +16,7 @@ #include "eap_server/eap_tls_common.h" #include "eap_common/chap.h" @@ -3792,7 +3812,7 @@ diff -rupN hostapd-2.6/src/eap_server/eap_server_ttls.c hostapd-2.6-wpe/src/eap_ u8 challenge2[8]; diff -rupN hostapd-2.6/src/Makefile hostapd-2.6-wpe/src/Makefile --- hostapd-2.6/src/Makefile 2016-10-02 14:51:11.000000000 -0400 -+++ hostapd-2.6-wpe/src/Makefile 2016-12-11 17:30:32.611942719 -0500 ++++ hostapd-2.6-wpe/src/Makefile 2016-12-16 15:15:56.799960792 -0500 @@ -1,5 +1,5 @@ SUBDIRS=ap common crypto drivers eapol_auth eapol_supp eap_common eap_peer eap_server l2_packet p2p pae radius rsn_supp tls utils wps -SUBDIRS += fst @@ -3802,7 +3822,7 @@ diff -rupN hostapd-2.6/src/Makefile hostapd-2.6-wpe/src/Makefile for d in $(SUBDIRS); do [ -d $$d ] && $(MAKE) -C $$d; done diff -rupN hostapd-2.6/src/utils/wpa_debug.c hostapd-2.6-wpe/src/utils/wpa_debug.c --- hostapd-2.6/src/utils/wpa_debug.c 2016-10-02 14:51:11.000000000 -0400 -+++ hostapd-2.6-wpe/src/utils/wpa_debug.c 2016-12-11 17:30:32.611942719 -0500 ++++ hostapd-2.6-wpe/src/utils/wpa_debug.c 2016-12-16 15:15:56.799960792 -0500 @@ -30,7 +30,7 @@ static FILE *wpa_debug_tracing_file = NU @@ -3814,7 +3834,7 @@ diff -rupN hostapd-2.6/src/utils/wpa_debug.c hostapd-2.6-wpe/src/utils/wpa_debug diff -rupN hostapd-2.6/src/wpe/Makefile hostapd-2.6-wpe/src/wpe/Makefile --- hostapd-2.6/src/wpe/Makefile 1969-12-31 19:00:00.000000000 -0500 -+++ hostapd-2.6-wpe/src/wpe/Makefile 2016-12-11 17:30:32.611942719 -0500 ++++ hostapd-2.6-wpe/src/wpe/Makefile 2016-12-16 15:15:56.799960792 -0500 @@ -0,0 +1,8 @@ +all: + @echo Nothing to be made. @@ -3826,7 +3846,7 @@ diff -rupN hostapd-2.6/src/wpe/Makefile hostapd-2.6-wpe/src/wpe/Makefile + @echo Nothing to be made. diff -rupN hostapd-2.6/src/wpe/wpe.c hostapd-2.6-wpe/src/wpe/wpe.c --- hostapd-2.6/src/wpe/wpe.c 1969-12-31 19:00:00.000000000 -0500 -+++ hostapd-2.6-wpe/src/wpe/wpe.c 2016-12-11 17:30:32.611942719 -0500 ++++ hostapd-2.6-wpe/src/wpe/wpe.c 2016-12-16 15:15:56.799960792 -0500 @@ -0,0 +1,209 @@ +/* + wpe.c - @@ -4039,7 +4059,7 @@ diff -rupN hostapd-2.6/src/wpe/wpe.c hostapd-2.6-wpe/src/wpe/wpe.c + diff -rupN hostapd-2.6/src/wpe/wpe.h hostapd-2.6-wpe/src/wpe/wpe.h --- hostapd-2.6/src/wpe/wpe.h 1969-12-31 19:00:00.000000000 -0500 -+++ hostapd-2.6-wpe/src/wpe/wpe.h 2016-12-11 17:30:32.611942719 -0500 ++++ hostapd-2.6-wpe/src/wpe/wpe.h 2016-12-16 15:15:56.799960792 -0500 @@ -0,0 +1,50 @@ +/* + wpe.h -