wpa_supplicant: version bump 2.7 -> 2.8

Also, follow Debian and upstream and enable some more options.

Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>

1 files changed, 36 insertions, 29 deletions

diff --git a/config/wpasupplicant/defconfig b/config/wpasupplicant/defconfig
index eed1ccfa9..bcedf382b 100644
--- a/config/wpasupplicant/defconfig
+++ b/config/wpasupplicant/defconfig
@@ -109,9 +109,6 @@ CONFIG_EAP_PEAP=y
 CONFIG_EAP_TTLS=y
 
 # EAP-FAST
-# Note: If OpenSSL is used as the TLS library, OpenSSL 1.0 or newer is needed
-# for EAP-FAST support. Older OpenSSL releases would need to be patched, e.g.,
-# with openssl-0.9.8x-tls-extensions.patch, to add the needed functions.
 CONFIG_EAP_FAST=y
 
 # EAP-GTC
@@ -127,10 +124,10 @@ CONFIG_EAP_OTP=y
 #CONFIG_EAP_PSK=y
 
 # EAP-pwd (secure authentication using only a password)
-#CONFIG_EAP_PWD=y
+CONFIG_EAP_PWD=y
 
 # EAP-PAX
-#CONFIG_EAP_PAX=y
+CONFIG_EAP_PAX=y
 
 # LEAP
 CONFIG_EAP_LEAP=y
@@ -146,15 +143,15 @@ CONFIG_EAP_LEAP=y
 #CONFIG_USIM_SIMULATOR=y
 
 # EAP-SAKE
-#CONFIG_EAP_SAKE=y
+CONFIG_EAP_SAKE=y
 
 # EAP-GPSK
-#CONFIG_EAP_GPSK=y
+CONFIG_EAP_GPSK=y
 # Include support for optional SHA256 cipher suite in EAP-GPSK
-#CONFIG_EAP_GPSK_SHA256=y
+CONFIG_EAP_GPSK_SHA256=y
 
 # EAP-TNC and related Trusted Network Connect support (experimental)
-#CONFIG_EAP_TNC=y
+CONFIG_EAP_TNC=y
 
 # Wi-Fi Protected Setup (WPS)
 CONFIG_WPS=y
@@ -162,12 +159,12 @@ CONFIG_WPS=y
 #CONFIG_WPS_ER=y
 # Disable credentials for an open network by default when acting as a WPS
 # registrar.
-CONFIG_WPS_REG_DISABLE_OPEN=y
+#CONFIG_WPS_REG_DISABLE_OPEN=y
 # Enable WPS support with NFC config method
 #CONFIG_WPS_NFC=y
 
 # EAP-IKEv2
-#CONFIG_EAP_IKEV2=y
+CONFIG_EAP_IKEV2=y
 
 # EAP-EKE
 #CONFIG_EAP_EKE=y
@@ -188,10 +185,10 @@ CONFIG_SMARTCARD=y
 #CONFIG_PCSC=y
 
 # Support HT overrides (disable HT/HT40, mask MCS rates, etc.)
-#CONFIG_HT_OVERRIDES=y
+CONFIG_HT_OVERRIDES=y
 
 # Support VHT overrides (disable VHT, mask MCS rates, etc.)
-#CONFIG_VHT_OVERRIDES=y
+CONFIG_VHT_OVERRIDES=y
 
 # Development testing
 #CONFIG_EAPOL_TEST=y
@@ -235,6 +232,9 @@ CONFIG_WPA_CLI_EDIT=y
 # wpa_passphrase). This saves about 0.5 kB in code size.
 #CONFIG_NO_WPA_PASSPHRASE=y
 
+# Simultaneous Authentication of Equals (SAE), WPA3-Personal
+CONFIG_SAE=y
+
 # Disable scan result processing (ap_mode=1) to save code size by about 1 kB.
 # This can be used if ap_scan=1 mode is never enabled.
 #CONFIG_NO_SCAN_PROCESSING=y
@@ -301,6 +301,9 @@ CONFIG_L2_PACKET=linux
 # Driver support is also needed for IEEE 802.11w.
 CONFIG_IEEE80211W=y
 
+# Support Operating Channel Validation
+#CONFIG_OCV=y
+
 # Select TLS implementation
 # openssl = OpenSSL (default)
 # gnutls = GnuTLS
@@ -349,10 +352,6 @@ CONFIG_TLSV12=y
 #CONFIG_NDIS_EVENTS_INTEGRATED=y
 #PLATFORMSDKLIB="/opt/Program Files/Microsoft Platform SDK/Lib"
 
-# Add support for old DBus control interface
-# (fi.epitest.hostap.WPASupplicant)
-#CONFIG_CTRL_IFACE_DBUS=y
-
 # Add support for new DBus control interface
 # (fi.w1.hostap.wpa_supplicant1)
 #CONFIG_CTRL_IFACE_DBUS_NEW=y
@@ -382,7 +381,7 @@ CONFIG_TLSV12=y
 #CONFIG_DYNAMIC_EAP_METHODS=y
 
 # IEEE Std 802.11r-2008 (Fast BSS Transition) for station mode
-#CONFIG_IEEE80211R=y
+CONFIG_IEEE80211R=y
 
 # Add support for writing debug log to a file (/tmp/wpa_supplicant-log-#.txt)
 CONFIG_DEBUG_FILE=y
@@ -458,6 +457,11 @@ CONFIG_DELAYED_MIC_ERROR_REPORT=y
 # that meet the requirements described above.
 #CONFIG_NO_RANDOM_POOL=y
 
+# Should we attempt to use the getrandom(2) call that provides more reliable
+# yet secure randomness source than /dev/random on Linux 3.17 and newer.
+# Requires glibc 2.25 to build, falls back to /dev/random if unavailable.
+CONFIG_GETRANDOM=y
+
 # IEEE 802.11n (High Throughput) support (mainly for AP mode)
 CONFIG_IEEE80211N=y
 
@@ -473,10 +477,10 @@ CONFIG_IEEE80211AC=y
 # This can be used to enable functionality to improve interworking with
 # external networks (GAS/ANQP to learn more about the networks and network
 # selection based on available credentials).
-#CONFIG_INTERWORKING=y
+CONFIG_INTERWORKING=y
 
 # Hotspot 2.0
-#CONFIG_HS20=y
+CONFIG_HS20=y
 
 # Enable interface matching in wpa_supplicant
 CONFIG_MATCH_IFACE=y
@@ -499,8 +503,8 @@ CONFIG_P2P=y
 # Enable TDLS support
 CONFIG_TDLS=y
 
-# Wi-Fi Direct
-# This can be used to enable Wi-Fi Direct extensions for P2P using an external
+# Wi-Fi Display
+# This can be used to enable Wi-Fi Display extensions for P2P using an external
 # program to control the additional information exchanges in the messages.
 CONFIG_WIFI_DISPLAY=y
 
@@ -510,9 +514,9 @@ CONFIG_WIFI_DISPLAY=y
 #
 # Enabling directly a module will enable autoscan support.
 # For exponential module:
-#CONFIG_AUTOSCAN_EXPONENTIAL=y
+CONFIG_AUTOSCAN_EXPONENTIAL=y
 # For periodic module:
-#CONFIG_AUTOSCAN_PERIODIC=y
+CONFIG_AUTOSCAN_PERIODIC=y
 
 # Password (and passphrase, etc.) backend for external storage
 # These optional mechanisms can be used to add support for storing passwords
@@ -561,8 +565,6 @@ CONFIG_ACS=y
 #CONFIG_MBO=y
 
 # Fast Initial Link Setup (FILS) (IEEE 802.11ai)
-# Note: This is an experimental and not yet complete implementation. This
-# should not be enabled for production use.
 #CONFIG_FILS=y
 # FILS shared key authentication with PFS
 #CONFIG_FILS_SK_PFS=y
@@ -570,7 +572,7 @@ CONFIG_ACS=y
 # Support RSN on IBSS networks
 # This is needed to be able to use mode=1 network profile with proto=RSN and
 # key_mgmt=WPA-PSK (i.e., full key management instead of WPA-None).
-#CONFIG_IBSS_RSN=y
+CONFIG_IBSS_RSN=y
 
 # External PMKSA cache control
 # This can be used to enable control interface commands that allow the current
@@ -588,8 +590,13 @@ CONFIG_ACS=y
 CONFIG_BGSCAN_SIMPLE=y
 # Learn channels used by the network and try to avoid bgscans on other
 # channels (experimental)
-#CONFIG_BGSCAN_LEARN=y
+CONFIG_BGSCAN_LEARN=y
 
 # Opportunistic Wireless Encryption (OWE)
 # Experimental implementation of draft-harkins-owe-07.txt
-#CONFIG_OWE=y
+CONFIG_OWE=y
+
+# Device Provisioning Protocol (DPP)
+# This requires CONFIG_IEEE80211W=y to be enabled, too. (see
+# wpa_supplicant/README-DPP for details)
+CONFIG_DPP=y