hostapd: disable support for Wired Equivalent Privacy by default

Upstream in commit 200c7693c9a1 ("Make WEP functionality an optional
build parameter") has made WEP functionality an optional build parameter
disabled as default, because WEP should not be used for anything
anymore. As a step towards removing it completely, they moved all WEP
related functionality behind CONFIG_WEP blocks and disabled it by
default.

This functionality is subject to be completely removed in a future
release.

So follow this good security advice, deprecation notice and disable WEP
by default, but still allow custom builds with WEP support via
CONFIG_WPA_ENABLE_WEP config option till upstream removes support for
WEP completely.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
master
Petr Štetiar 2020-05-04 10:14:32 +02:00
parent 0a3ec87a66
commit 472fd98c5b
2 changed files with 14 additions and 0 deletions

View File

@ -73,3 +73,12 @@ config DRIVER_11AC_SUPPORT
config DRIVER_11W_SUPPORT
bool
default n
config WPA_ENABLE_WEP
bool "Enable support for unsecure and obsolete WEP"
help
Wired equivalent privacy (WEP) is an obsolete cryptographic data
confidentiality algorithm that is not considered secure. It should not be used
for anything anymore. The functionality needed to use WEP is available in the
current hostapd release under this optional build parameter and completely
removed in a future release.

View File

@ -32,6 +32,7 @@ PKG_CONFIG_DEPENDS:= \
CONFIG_DRIVER_WEXT_SUPPORT \
CONFIG_DRIVER_11N_SUPPORT \
CONFIG_DRIVER_11AC_SUPPORT \
CONFIG_WPA_ENABLE_WEP
EAPOL_TEST_PROVIDERS:=eapol-test eapol-test-openssl eapol-test-wolfssl
@ -445,6 +446,10 @@ ifdef CONFIG_PACKAGE_kmod-cfg80211
TARGET_LDFLAGS += -lm -lnl-tiny
endif
ifdef CONFIG_WPA_ENABLE_WEP
DRIVER_MAKEOPTS += CONFIG_WEP=y
endif
define Build/RunMake
CFLAGS="$(TARGET_CPPFLAGS) $(TARGET_CFLAGS)" \
$(MAKE) $(PKG_JOBS) -C $(PKG_BUILD_DIR)/$(1) \