Upgrade wpa_supplicant to 0.6.3 and add some improvements (mainly for roaming with ap_scan=1) Remove arch specific config files (they seem rather pointless) Remove the dependency on OpenSSL (use small built-in SSL functions)

SVN-Revision: 11833

4 files changed, 276 insertions, 0 deletions

diff --git a/package/wpa_supplicant/patches/100-timestamp_check.patch b/package/wpa_supplicant/patches/100-timestamp_check.patch
new file mode 100644
index 0000000000..d994a65ae9
--- /dev/null
+++ b/package/wpa_supplicant/patches/100-timestamp_check.patch
@@ -0,0 +1,17 @@
+Index: wpa_supplicant-0.6.3/src/tls/x509v3.c
+===================================================================
+--- wpa_supplicant-0.6.3.orig/src/tls/x509v3.c	2008-02-23 03:45:24.000000000 +0100
++++ wpa_supplicant-0.6.3/src/tls/x509v3.c	2008-07-09 12:47:19.000000000 +0200
+@@ -1551,8 +1551,11 @@
+ 		if (chain_trusted)
+ 			continue;
+ 
+-		if ((unsigned long) now.sec <
++		if (
++#ifndef NO_TIMESTAMP_CHECK
++		    (unsigned long) now.sec <
+ 		    (unsigned long) cert->not_before ||
++#endif
+ 		    (unsigned long) now.sec >
+ 		    (unsigned long) cert->not_after) {
+ 			wpa_printf(MSG_INFO, "X509: Certificate not valid "
diff --git a/package/wpa_supplicant/patches/110-roaming.patch b/package/wpa_supplicant/patches/110-roaming.patch
new file mode 100644
index 0000000000..8c6210da1d
--- /dev/null
+++ b/package/wpa_supplicant/patches/110-roaming.patch
@@ -0,0 +1,51 @@
+This patch decreases the timeouts for assoc/auth to more realistic values. Improves roaming speed
+Index: wpa_supplicant-0.6.3/wpa_supplicant/events.c
+===================================================================
+--- wpa_supplicant-0.6.3.orig/wpa_supplicant/events.c	2008-02-23 03:45:24.000000000 +0100
++++ wpa_supplicant-0.6.3/wpa_supplicant/events.c	2008-07-09 15:13:37.000000000 +0200
+@@ -762,7 +762,7 @@
+ 		wpa_supplicant_set_state(wpa_s, WPA_COMPLETED);
+ 	} else if (!ft_completed) {
+ 		/* Timeout for receiving the first EAPOL packet */
+-		wpa_supplicant_req_auth_timeout(wpa_s, 10, 0);
++		wpa_supplicant_req_auth_timeout(wpa_s, 3, 0);
+ 	}
+ 	wpa_supplicant_cancel_scan(wpa_s);
+ 
+Index: wpa_supplicant-0.6.3/wpa_supplicant/scan.c
+===================================================================
+--- wpa_supplicant-0.6.3.orig/wpa_supplicant/scan.c	2008-02-23 03:45:24.000000000 +0100
++++ wpa_supplicant-0.6.3/wpa_supplicant/scan.c	2008-07-09 15:13:37.000000000 +0200
+@@ -144,6 +144,7 @@
+ 		return;
+ 	}
+ 
++	wpa_drv_flush_pmkid(wpa_s);
+ 	if (wpa_s->use_client_mlme) {
+ 		ieee80211_sta_set_probe_req_ie(wpa_s, extra_ie, extra_ie_len);
+ 		ret = ieee80211_sta_req_scan(wpa_s, ssid ? ssid->ssid : NULL,
+@@ -156,7 +157,7 @@
+ 
+ 	if (ret) {
+ 		wpa_printf(MSG_WARNING, "Failed to initiate AP scan.");
+-		wpa_supplicant_req_scan(wpa_s, 10, 0);
++		wpa_supplicant_req_scan(wpa_s, 3, 0);
+ 	}
+ }
+ 
+Index: wpa_supplicant-0.6.3/wpa_supplicant/wpa_supplicant.c
+===================================================================
+--- wpa_supplicant-0.6.3.orig/wpa_supplicant/wpa_supplicant.c	2008-02-23 03:45:24.000000000 +0100
++++ wpa_supplicant-0.6.3/wpa_supplicant/wpa_supplicant.c	2008-07-09 15:13:37.000000000 +0200
+@@ -1092,9 +1092,9 @@
+ 		/* Timeout for IEEE 802.11 authentication and association */
+ 		int timeout;
+ 		if (assoc_failed)
+-			timeout = 5;
++			timeout = 2;
+ 		else if (wpa_s->conf->ap_scan == 1)
+-			timeout = 10;
++			timeout = 3;
+ 		else
+ 			timeout = 60;
+ 		wpa_supplicant_req_auth_timeout(wpa_s, timeout, 0);
diff --git a/package/wpa_supplicant/patches/120-ssid_scan.patch b/package/wpa_supplicant/patches/120-ssid_scan.patch
new file mode 100644
index 0000000000..b4127fa9a7
--- /dev/null
+++ b/package/wpa_supplicant/patches/120-ssid_scan.patch
@@ -0,0 +1,41 @@
+Don't do broadcast SSID scans, if all configured SSIDs use scan_ssid=1. Improves background scanning in supplicant-managed roaming.
+
+Index: wpa_supplicant-0.6.3/wpa_supplicant/scan.c
+===================================================================
+--- wpa_supplicant-0.6.3.orig/wpa_supplicant/scan.c	2008-07-09 18:53:28.000000000 +0200
++++ wpa_supplicant-0.6.3/wpa_supplicant/scan.c	2008-07-09 19:00:55.000000000 +0200
+@@ -48,11 +48,23 @@
+ 	int enabled, scan_req = 0, ret;
+ 	const u8 *extra_ie = NULL;
+ 	size_t extra_ie_len = 0;
++	int scan_ssid_all = 1;
+ 
+ 	if (wpa_s->disconnected && !wpa_s->scan_req)
+ 		return;
+ 
+ 	enabled = 0;
++
++	/* check if all configured ssids should be scanned directly */
++	ssid = wpa_s->conf->ssid;
++	while (ssid) {
++		if (!ssid->scan_ssid) {
++			scan_ssid_all = 0;
++			break;
++		}
++		ssid = ssid->next;
++	}
++
+ 	ssid = wpa_s->conf->ssid;
+ 	while (ssid) {
+ 		if (!ssid->disabled) {
+@@ -125,6 +137,10 @@
+ 		return;
+ 	}
+ 
++	if (scan_ssid_all && !ssid) {
++		ssid = wpa_s->conf->ssid;
++	}
++
+ 	wpa_printf(MSG_DEBUG, "Starting AP scan (%s SSID)",
+ 		   ssid ? "specific": "broadcast");
+ 	if (ssid) {
diff --git a/package/wpa_supplicant/patches/130-scanning.patch b/package/wpa_supplicant/patches/130-scanning.patch
new file mode 100644
index 0000000000..4b3dc970f3
--- /dev/null
+++ b/package/wpa_supplicant/patches/130-scanning.patch
@@ -0,0 +1,167 @@
+Add a scan result cache to improve roaming speed if the driver gave us a background scan before losing the connection.
+
+Index: wpa_supplicant-0.6.3/wpa_supplicant/config.h
+===================================================================
+--- wpa_supplicant-0.6.3.orig/wpa_supplicant/config.h	2008-02-23 03:45:24.000000000 +0100
++++ wpa_supplicant-0.6.3/wpa_supplicant/config.h	2008-07-10 15:08:21.000000000 +0200
+@@ -97,6 +97,12 @@
+ 	int ap_scan;
+ 
+ 	/**
++	 * scan_cache - controls the time in seconds after the last scan results
++	 * before a new scan may be initiated
++	 */
++	int scan_cache;
++
++	/**
+ 	 * ctrl_interface - Parameters for the control interface
+ 	 *
+ 	 * If this is specified, %wpa_supplicant will open a control interface
+Index: wpa_supplicant-0.6.3/wpa_supplicant/config_file.c
+===================================================================
+--- wpa_supplicant-0.6.3.orig/wpa_supplicant/config_file.c	2008-02-23 03:45:24.000000000 +0100
++++ wpa_supplicant-0.6.3/wpa_supplicant/config_file.c	2008-07-10 15:59:38.000000000 +0200
+@@ -312,6 +312,13 @@
+ 	return 0;
+ }
+ 
++static int wpa_config_process_scan_cache(struct wpa_config *config, char *pos)
++{
++	config->scan_cache = atoi(pos);
++	wpa_printf(MSG_DEBUG, "scan_cache=%d", config->scan_cache);
++	return 0;
++}
++
+ 
+ static int wpa_config_process_fast_reauth(struct wpa_config *config, char *pos)
+ {
+@@ -445,6 +452,9 @@
+ 	if (os_strncmp(pos, "ap_scan=", 8) == 0)
+ 		return wpa_config_process_ap_scan(config, pos + 8);
+ 
++	if (os_strncmp(pos, "scan_cache=", 11) == 0)
++		return wpa_config_process_scan_cache(config, pos + 11);
++
+ 	if (os_strncmp(pos, "fast_reauth=", 12) == 0)
+ 		return wpa_config_process_fast_reauth(config, pos + 12);
+ 
+@@ -810,6 +820,8 @@
+ 		fprintf(f, "eapol_version=%d\n", config->eapol_version);
+ 	if (config->ap_scan != DEFAULT_AP_SCAN)
+ 		fprintf(f, "ap_scan=%d\n", config->ap_scan);
++	if (config->scan_cache != 0)
++		fprintf(f, "scan_cache=%d\n", config->scan_cache);
+ 	if (config->fast_reauth != DEFAULT_FAST_REAUTH)
+ 		fprintf(f, "fast_reauth=%d\n", config->fast_reauth);
+ #ifdef EAP_TLS_OPENSSL
+Index: wpa_supplicant-0.6.3/wpa_supplicant/events.c
+===================================================================
+--- wpa_supplicant-0.6.3.orig/wpa_supplicant/events.c	2008-07-10 13:27:03.000000000 +0200
++++ wpa_supplicant-0.6.3/wpa_supplicant/events.c	2008-07-10 17:18:53.000000000 +0200
+@@ -555,6 +555,9 @@
+ 	if (wpa_s->conf->ap_scan == 2 || wpa_s->disconnected)
+ 		return;
+ 
++	if (wpa_s->wpa_state > WPA_ASSOCIATED)
++		goto done;
++
+ 	while (selected == NULL) {
+ 		for (prio = 0; prio < wpa_s->conf->num_prio; prio++) {
+ 			selected = wpa_supplicant_select_bss(
+@@ -594,13 +597,16 @@
+ 		rsn_preauth_scan_results(wpa_s->wpa, wpa_s->scan_res);
+ 	} else {
+ 		wpa_printf(MSG_DEBUG, "No suitable AP found.");
+-		timeout = 5;
++		timeout = 1;
+ 		goto req_scan;
+ 	}
+ 
++done:
++	os_get_time(&wpa_s->last_scan_results);
+ 	return;
+ 
+ req_scan:
++	memset(&wpa_s->last_scan_results, 0, sizeof(wpa_s->last_scan_results));
+ 	if (wpa_s->scan_res_tried == 1 && wpa_s->conf->ap_scan == 1) {
+ 		/*
+ 		 * Quick recovery if the initial scan results were not
+@@ -804,6 +810,9 @@
+ 	}
+ 	if (wpa_s->wpa_state >= WPA_ASSOCIATED)
+ 		wpa_supplicant_req_scan(wpa_s, 0, 100000);
++	else if (wpa_s->wpa_state == WPA_ASSOCIATING)
++		wpa_supplicant_req_auth_timeout(wpa_s, 0, 100000);
++
+ 	bssid = wpa_s->bssid;
+ 	if (os_memcmp(bssid, "\x00\x00\x00\x00\x00\x00", ETH_ALEN) == 0)
+ 		bssid = wpa_s->pending_bssid;
+Index: wpa_supplicant-0.6.3/wpa_supplicant/wpa_supplicant_i.h
+===================================================================
+--- wpa_supplicant-0.6.3.orig/wpa_supplicant/wpa_supplicant_i.h	2008-07-10 15:03:56.000000000 +0200
++++ wpa_supplicant-0.6.3/wpa_supplicant/wpa_supplicant_i.h	2008-07-10 15:16:17.000000000 +0200
+@@ -334,6 +334,7 @@
+ 	struct wpa_client_mlme mlme;
+ 	int use_client_mlme;
+ 	int driver_4way_handshake;
++	struct os_time last_scan_results;
+ };
+ 
+ 
+@@ -381,6 +382,7 @@
+ 
+ /* scan.c */
+ void wpa_supplicant_req_scan(struct wpa_supplicant *wpa_s, int sec, int usec);
++int wpa_supplicant_may_scan(struct wpa_supplicant *wpa_s);
+ void wpa_supplicant_cancel_scan(struct wpa_supplicant *wpa_s);
+ 
+ /* events.c */
+Index: wpa_supplicant-0.6.3/wpa_supplicant/scan.c
+===================================================================
+--- wpa_supplicant-0.6.3.orig/wpa_supplicant/scan.c	2008-07-10 13:27:03.000000000 +0200
++++ wpa_supplicant-0.6.3/wpa_supplicant/scan.c	2008-07-10 16:24:31.000000000 +0200
+@@ -40,6 +40,18 @@
+ 	wpa_supplicant_event(wpa_s, EVENT_ASSOC, &data);
+ }
+ 
++int wpa_supplicant_may_scan(struct wpa_supplicant *wpa_s)
++{
++	struct os_time time;
++
++	if (wpa_s->conf->scan_cache > 0) {
++		os_get_time(&time);
++		time.sec -= wpa_s->conf->scan_cache;
++		if (os_time_before(&time, &wpa_s->last_scan_results))
++			return 0;
++	}
++	return 1;
++}
+ 
+ static void wpa_supplicant_scan(void *eloop_ctx, void *timeout_ctx)
+ {
+@@ -150,8 +162,9 @@
+ 	} else
+ 		wpa_s->prev_scan_ssid = BROADCAST_SSID_SCAN;
+ 
+-	if (wpa_s->scan_res_tried == 0 && wpa_s->conf->ap_scan == 1 &&
+-	    !wpa_s->use_client_mlme) {
++	if (!wpa_supplicant_may_scan(wpa_s) ||
++		(wpa_s->scan_res_tried == 0 && wpa_s->conf->ap_scan == 1 &&
++	    !wpa_s->use_client_mlme)) {
+ 		wpa_s->scan_res_tried++;
+ 		wpa_printf(MSG_DEBUG, "Trying to get current scan results "
+ 			   "first without requesting a new scan to speed up "
+Index: wpa_supplicant-0.6.3/wpa_supplicant/wpa_supplicant.c
+===================================================================
+--- wpa_supplicant-0.6.3.orig/wpa_supplicant/wpa_supplicant.c	2008-07-10 14:41:16.000000000 +0200
++++ wpa_supplicant-0.6.3/wpa_supplicant/wpa_supplicant.c	2008-07-10 18:45:59.000000000 +0200
+@@ -1417,6 +1417,9 @@
+ {
+ 	struct wpa_supplicant *wpa_s = ctx;
+ 
++	if (wpa_s->wpa_state < WPA_ASSOCIATING)
++		return;
++
+ 	wpa_printf(MSG_DEBUG, "RX EAPOL from " MACSTR, MAC2STR(src_addr));
+ 	wpa_hexdump(MSG_MSGDUMP, "RX EAPOL", buf, len);
+