diff options
| author |   patrick <patrick@openbsd.org> | 2017-10-21 20:43:20 +0000 |
|---|---|---|
| committer | patrick <patrick@openbsd.org> | 2017-10-21 20:43:20 +0000 |
| commit | 7d9a7415ec576771bce983437d2b0dd5bb98d5af (patch) | |
| tree | 331e41d54b84bac4c22388805b53dfbb2a58053c /usr.bin/ssh/ssh.c | |
| parent | Even though letting the firmware handle the handshake is nice from (diff) | |
| download | wireguard-openbsd-7d9a7415ec576771bce983437d2b0dd5bb98d5af.tar.xz wireguard-openbsd-7d9a7415ec576771bce983437d2b0dd5bb98d5af.zip | |
Even though letting the firmware handle the handshake is nice from
a user perspective, it's rather horrible from a security perspective.
Especially since there has not only been the KRACK attack, but also
exploited wireless firmware. Thus this commit changes the way that
bwfm(4) is integrated into our network stack. Instead of making it
an Ethernet controller with some WiFi capability, deeply integrate
it into the net80211 stack. This way we can do the WPA handshake in
software and we don't have to reimplement or copy too much code from
the net80211 stack. Some code taken from NetBSD where Jared McNeill
committed bwfm(4) with net80211 integration as well.
Discussed with and "looks good" stsp@
Diffstat (limited to 'usr.bin/ssh/ssh.c')
0 files changed, 0 insertions, 0 deletions