aboutsummaryrefslogtreecommitdiffstats
path: root/package/network/services
diff options
context:
space:
mode:
authorPetr Štetiar <ynezz@true.cz>2020-05-04 10:14:32 +0200
committerPetr Štetiar <ynezz@true.cz>2020-05-21 08:18:01 +0200
commit472fd98c5b12b531e0cb8dacb2625dd1810b278d (patch)
treea1f2106a16a8d1446cc2225f2933509921671af0 /package/network/services
parent0a3ec87a66baa29a9dcb367847a1dcb093d3de16 (diff)
downloadupstream-472fd98c5b12b531e0cb8dacb2625dd1810b278d.tar.gz
upstream-472fd98c5b12b531e0cb8dacb2625dd1810b278d.tar.bz2
upstream-472fd98c5b12b531e0cb8dacb2625dd1810b278d.zip
hostapd: disable support for Wired Equivalent Privacy by default
Upstream in commit 200c7693c9a1 ("Make WEP functionality an optional build parameter") has made WEP functionality an optional build parameter disabled as default, because WEP should not be used for anything anymore. As a step towards removing it completely, they moved all WEP related functionality behind CONFIG_WEP blocks and disabled it by default. This functionality is subject to be completely removed in a future release. So follow this good security advice, deprecation notice and disable WEP by default, but still allow custom builds with WEP support via CONFIG_WPA_ENABLE_WEP config option till upstream removes support for WEP completely. Signed-off-by: Petr Štetiar <ynezz@true.cz>
Diffstat (limited to 'package/network/services')
-rw-r--r--package/network/services/hostapd/Config.in9
-rw-r--r--package/network/services/hostapd/Makefile5
2 files changed, 14 insertions, 0 deletions
diff --git a/package/network/services/hostapd/Config.in b/package/network/services/hostapd/Config.in
index 9dfa44e313..2cdd1ed970 100644
--- a/package/network/services/hostapd/Config.in
+++ b/package/network/services/hostapd/Config.in
@@ -73,3 +73,12 @@ config DRIVER_11AC_SUPPORT
config DRIVER_11W_SUPPORT
bool
default n
+
+config WPA_ENABLE_WEP
+ bool "Enable support for unsecure and obsolete WEP"
+ help
+ Wired equivalent privacy (WEP) is an obsolete cryptographic data
+ confidentiality algorithm that is not considered secure. It should not be used
+ for anything anymore. The functionality needed to use WEP is available in the
+ current hostapd release under this optional build parameter and completely
+ removed in a future release.
diff --git a/package/network/services/hostapd/Makefile b/package/network/services/hostapd/Makefile
index b4b70a3d6f..a2c5a34f2f 100644
--- a/package/network/services/hostapd/Makefile
+++ b/package/network/services/hostapd/Makefile
@@ -32,6 +32,7 @@ PKG_CONFIG_DEPENDS:= \
CONFIG_DRIVER_WEXT_SUPPORT \
CONFIG_DRIVER_11N_SUPPORT \
CONFIG_DRIVER_11AC_SUPPORT \
+ CONFIG_WPA_ENABLE_WEP
EAPOL_TEST_PROVIDERS:=eapol-test eapol-test-openssl eapol-test-wolfssl
@@ -445,6 +446,10 @@ ifdef CONFIG_PACKAGE_kmod-cfg80211
TARGET_LDFLAGS += -lm -lnl-tiny
endif
+ifdef CONFIG_WPA_ENABLE_WEP
+ DRIVER_MAKEOPTS += CONFIG_WEP=y
+endif
+
define Build/RunMake
CFLAGS="$(TARGET_CPPFLAGS) $(TARGET_CFLAGS)" \
$(MAKE) $(PKG_JOBS) -C $(PKG_BUILD_DIR)/$(1) \