diff --git a/net/hostapd-devel/Makefile b/net/hostapd-devel/Makefile index d3343be5a39b..398649aee77a 100644 --- a/net/hostapd-devel/Makefile +++ b/net/hostapd-devel/Makefile @@ -1,47 +1,47 @@ PORTNAME= hostapd PORTVERSION= ${COMMIT_DATE} -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= net PKGNAMESUFFIX= -devel MAINTAINER= cy@FreeBSD.org COMMENT= IEEE 802.11 AP, IEEE 802.1X/WPA/WPA2/EAP/RADIUS Authenticator WWW= https://w1.fi/hostapd/ USE_GITHUB= yes GH_ACCOUNT= cschuber GH_PROJECT= hostap GH_TAGNAME= ad8d30e0a COMMIT_DATE= 2025.02.15 LICENSE= BSD3CLAUSE USES= cpe gmake ssl CPE_VENDOR= w1.fi BUILD_WRKSRC= ${WRKSRC}/hostapd CFLAGS+= -Wno-incompatible-function-pointer-types CFLAGS+= -I${OPENSSLINC} LDFLAGS+= -L${OPENSSLLIB} PLIST_FILES= sbin/hostapd sbin/hostapd_cli share/man/man1/hostapd_cli.1.gz \ share/man/man8/hostapd.8.gz .if !exists(/etc/rc.d/hostapd) USE_RC_SUBR= hostapd .endif post-patch: @${REINPLACE_CMD} -e 's|@$$(E) " CC " $$<|@$$(E) " $$(CC) " $$<|' \ ${BUILD_WRKSRC}/Makefile @${SED} -e 's|@PREFIX@|${PREFIX}|g' ${FILESDIR}/config \ >> ${WRKSRC}/hostapd/.config do-install: ${INSTALL_PROGRAM} ${WRKSRC}/hostapd/hostapd ${STAGEDIR}${PREFIX}/sbin ${INSTALL_PROGRAM} ${WRKSRC}/hostapd/hostapd_cli \ ${STAGEDIR}${PREFIX}/sbin ${INSTALL_MAN} ${WRKSRC}/hostapd/hostapd_cli.1 \ ${STAGEDIR}${PREFIX}/share/man/man1 ${INSTALL_MAN} ${WRKSRC}/hostapd/hostapd.8 \ ${STAGEDIR}${PREFIX}/share/man/man8 .include diff --git a/net/hostapd-devel/files/patch-src_drivers_driver__bsd.c b/net/hostapd-devel/files/patch-src_drivers_driver__bsd.c index eab6a22e82f3..c0f39bee6eeb 100644 --- a/net/hostapd-devel/files/patch-src_drivers_driver__bsd.c +++ b/net/hostapd-devel/files/patch-src_drivers_driver__bsd.c @@ -1,256 +1,332 @@ ---- src/drivers/driver_bsd.c.orig 2024-09-01 06:39:57.000000000 -0700 -+++ src/drivers/driver_bsd.c 2024-09-13 15:40:52.262309000 -0700 +--- src/drivers/driver_bsd.c.orig 2025-02-15 11:51:02.000000000 -0800 ++++ src/drivers/driver_bsd.c 2025-03-13 13:43:16.777368000 -0700 @@ -14,6 +14,7 @@ #include "driver.h" #include "eloop.h" #include "common/ieee802_11_defs.h" +#include "common/ieee802_11_common.h" #include "common/wpa_common.h" #include @@ -293,8 +294,9 @@ } static int -bsd_get_iface_flags(struct bsd_driver_data *drv) +bsd_ctrl_iface(void *priv, int enable) { + struct bsd_driver_data *drv = priv; struct ifreq ifr; os_memset(&ifr, 0, sizeof(ifr)); -@@ -302,10 +304,37 @@ - - if (ioctl(drv->global->sock, SIOCGIFFLAGS, &ifr) < 0) { - wpa_printf(MSG_ERROR, "ioctl[SIOCGIFFLAGS]: %s", -+ strerror(errno)); -+ return -1; -+ } -+ drv->flags = ifr.ifr_flags; +@@ -306,7 +308,34 @@ + return -1; + } + drv->flags = ifr.ifr_flags; + + + if (enable) { + if (ifr.ifr_flags & IFF_UP) + goto nochange; + ifr.ifr_flags |= IFF_UP; + } else { + if (!(ifr.ifr_flags & IFF_UP)) + goto nochange; + ifr.ifr_flags &= ~IFF_UP; + } + + if (ioctl(drv->global->sock, SIOCSIFFLAGS, &ifr) < 0) { + wpa_printf(MSG_ERROR, "ioctl[SIOCSIFFLAGS]: %s", - strerror(errno)); - return -1; - } ++ strerror(errno)); ++ return -1; ++ } + + wpa_printf(MSG_DEBUG, "%s: if %s (changed) enable %d IFF_UP %d ", + __func__, drv->ifname, enable, ((ifr.ifr_flags & IFF_UP) != 0)); + - drv->flags = ifr.ifr_flags; -+ return 0; ++ drv->flags = ifr.ifr_flags; + return 0; + +nochange: + wpa_printf(MSG_DEBUG, "%s: if %s (no change) enable %d IFF_UP %d ", + __func__, drv->ifname, enable, ((ifr.ifr_flags & IFF_UP) != 0)); - return 0; ++ return 0; } -@@ -525,7 +554,7 @@ + static int +@@ -325,9 +354,6 @@ + const u8 *key = params->key; + size_t key_len = params->key_len; + +- if (params->key_flag & KEY_FLAG_NEXT) +- return -1; +- + wpa_printf(MSG_DEBUG, "%s: alg=%d addr=%p key_idx=%d set_tx=%d " + "seq_len=%zu key_len=%zu", __func__, alg, addr, key_idx, + set_tx, seq_len, key_len); +@@ -352,6 +378,12 @@ + case WPA_ALG_CCMP: + wk.ik_type = IEEE80211_CIPHER_AES_CCM; + break; ++ case WPA_ALG_GCMP: ++ wk.ik_type = IEEE80211_CIPHER_AES_GCM_128; ++ break; ++ case WPA_ALG_BIP_CMAC_128: ++ wk.ik_type = IEEE80211_CIPHER_BIP_CMAC_128; ++ break; + default: + wpa_printf(MSG_ERROR, "%s: unknown alg=%d", __func__, alg); + return -1; +@@ -422,7 +454,13 @@ + switch (params->wpa_group) { + case WPA_CIPHER_CCMP: + v = IEEE80211_CIPHER_AES_CCM; ++ break; ++ case WPA_CIPHER_GCMP: ++ v = IEEE80211_CIPHER_AES_GCM_128; + break; ++ case WPA_CIPHER_BIP_CMAC_128: ++ v = IEEE80211_CIPHER_BIP_CMAC_128; ++ break; + case WPA_CIPHER_TKIP: + v = IEEE80211_CIPHER_TKIP; + break; +@@ -459,6 +497,10 @@ + } + + v = 0; ++ if (params->wpa_pairwise & WPA_CIPHER_BIP_CMAC_128) ++ v |= 1<wpa_pairwise & WPA_CIPHER_GCMP) ++ v |= 1<wpa_pairwise & WPA_CIPHER_CCMP) + v |= 1<wpa_pairwise & WPA_CIPHER_TKIP) +@@ -528,7 +570,7 @@ __func__); return -1; } - return 0; + return bsd_ctrl_iface(priv, 1); } static void -@@ -853,14 +882,18 @@ +@@ -589,6 +631,7 @@ + mode = IFM_IEEE80211_11B; + } else { + mode = ++ freq->vht_enabled ? IFM_IEEE80211_VHT5G : + freq->ht_enabled ? IFM_IEEE80211_11NA : + IFM_IEEE80211_11A; + } +@@ -856,14 +899,18 @@ drv = bsd_get_drvindex(global, ifm->ifm_index); if (drv == NULL) return; - if ((ifm->ifm_flags & IFF_UP) == 0 && - (drv->flags & IFF_UP) != 0) { + if (((ifm->ifm_flags & IFF_UP) == 0 || + (ifm->ifm_flags & IFF_RUNNING) == 0) && + (drv->flags & IFF_UP) != 0 && + (drv->flags & IFF_RUNNING) != 0) { wpa_printf(MSG_DEBUG, "RTM_IFINFO: Interface '%s' DOWN", drv->ifname); wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_DISABLED, NULL); } else if ((ifm->ifm_flags & IFF_UP) != 0 && - (drv->flags & IFF_UP) == 0) { + (ifm->ifm_flags & IFF_RUNNING) != 0 && + ((drv->flags & IFF_UP) == 0 || + (drv->flags & IFF_RUNNING) == 0)) { wpa_printf(MSG_DEBUG, "RTM_IFINFO: Interface '%s' UP", drv->ifname); wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_ENABLED, -@@ -1027,7 +1060,8 @@ +@@ -1001,8 +1048,7 @@ + } + + static void * +-bsd_init(struct hostapd_data *hapd, struct wpa_init_params *params, +- enum wpa_p2p_mode p2p_mode) ++bsd_init(struct hostapd_data *hapd, struct wpa_init_params *params) + { + struct bsd_driver_data *drv; + +@@ -1031,7 +1077,8 @@ if (l2_packet_get_own_addr(drv->sock_xmit, params->own_addr)) goto bad; - if (bsd_get_iface_flags(drv) < 0) + /* mark down during setup */ + if (bsd_ctrl_iface(drv, 0) < 0) goto bad; if (bsd_set_mediaopt(drv, IFM_OMASK, IFM_IEEE80211_HOSTAP) < 0) { -@@ -1052,12 +1086,13 @@ +@@ -1056,12 +1103,13 @@ { struct bsd_driver_data *drv = priv; + if (drv->ifindex != 0) + bsd_ctrl_iface(drv, 0); if (drv->sock_xmit != NULL) l2_packet_deinit(drv->sock_xmit); os_free(drv); } - static int bsd_set_sta_authorized(void *priv, const u8 *addr, unsigned int total_flags, unsigned int flags_or, -@@ -1199,13 +1234,41 @@ - } +@@ -1200,6 +1248,34 @@ + struct bsd_driver_data *drv = ctx; - static int + drv_event_eapol_rx(drv->ctx, src_addr, buf, len); ++} ++ ++static int +wpa_driver_bsd_set_rsn_wpa_ie(struct bsd_driver_data * drv, + struct wpa_driver_associate_params *params, const u8 *ie) +{ + int privacy; + size_t ie_len = ie[1] ? ie[1] + 2 : 0; + + /* XXX error handling is wrong but unclear what to do... */ + if (wpa_driver_bsd_set_wpa_ie(drv, ie, ie_len) < 0) + return -1; + + privacy = !(params->pairwise_suite == WPA_CIPHER_NONE && + params->group_suite == WPA_CIPHER_NONE && + params->key_mgmt_suite == WPA_KEY_MGMT_NONE); + wpa_printf(MSG_DEBUG, "%s: set PRIVACY %u", __func__, + privacy); + + if (set80211param(drv, IEEE80211_IOC_PRIVACY, privacy) < 0) + return -1; + + if (ie_len && + set80211param(drv, IEEE80211_IOC_WPA, + ie[0] == WLAN_EID_RSN ? 2 : 1) < 0) + return -1; + + return 0; -+} -+ -+static int - wpa_driver_bsd_associate(void *priv, struct wpa_driver_associate_params *params) - { + } + + static int +@@ -1208,8 +1284,8 @@ struct bsd_driver_data *drv = priv; struct ieee80211req_mlme mlme; u32 mode; - int privacy; int ret = 0; + const u8 *wpa_ie, *rsn_ie; wpa_printf(MSG_DEBUG, "%s: ssid '%.*s' wpa ie len %u pairwise %u group %u key mgmt %u" -@@ -1222,7 +1285,10 @@ +@@ -1226,7 +1302,10 @@ mode = 0 /* STA */; break; case IEEE80211_MODE_IBSS: +#if 0 mode = IFM_IEEE80211_IBSS; +#endif + mode = IFM_IEEE80211_ADHOC; break; case IEEE80211_MODE_AP: mode = IFM_IEEE80211_HOSTAP; -@@ -1251,22 +1317,31 @@ +@@ -1255,22 +1334,31 @@ ret = -1; if (wpa_driver_bsd_set_auth_alg(drv, params->auth_alg) < 0) ret = -1; - /* XXX error handling is wrong but unclear what to do... */ - if (wpa_driver_bsd_set_wpa_ie(drv, params->wpa_ie, params->wpa_ie_len) < 0) - return -1; - privacy = !(params->pairwise_suite == WPA_CIPHER_NONE && - params->group_suite == WPA_CIPHER_NONE && - params->key_mgmt_suite == WPA_KEY_MGMT_NONE && - params->wpa_ie_len == 0); - wpa_printf(MSG_DEBUG, "%s: set PRIVACY %u", __func__, privacy); - - if (set80211param(drv, IEEE80211_IOC_PRIVACY, privacy) < 0) - return -1; + if (params->wpa_ie_len) { + rsn_ie = get_ie(params->wpa_ie, params->wpa_ie_len, + WLAN_EID_RSN); + if (rsn_ie) { + if (wpa_driver_bsd_set_rsn_wpa_ie(drv, params, + rsn_ie) < 0) + return -1; + } + else { + wpa_ie = get_vendor_ie(params->wpa_ie, + params->wpa_ie_len, WPA_IE_VENDOR_TYPE); + if (wpa_ie) { + if (wpa_driver_bsd_set_rsn_wpa_ie(drv, params, + wpa_ie) < 0) + return -1; + } + } + } - if (params->wpa_ie_len && - set80211param(drv, IEEE80211_IOC_WPA, - params->wpa_ie[0] == WLAN_EID_RSN ? 2 : 1) < 0) + /* + * NB: interface must be marked UP for association + * or scanning (ap_scan=2) + */ + if (bsd_ctrl_iface(drv, 1) < 0) return -1; os_memset(&mlme, 0, sizeof(mlme)); -@@ -1311,11 +1386,8 @@ +@@ -1315,11 +1403,8 @@ } /* NB: interface must be marked UP to do a scan */ - if (!(drv->flags & IFF_UP)) { - wpa_printf(MSG_DEBUG, "%s: interface is not up, cannot scan", - __func__); + if (bsd_ctrl_iface(drv, 1) < 0) return -1; - } #ifdef IEEE80211_IOC_SCAN_MAX_SSID os_memset(&sr, 0, sizeof(sr)); -@@ -1547,6 +1619,8 @@ +@@ -1499,6 +1584,10 @@ + drv->capa.enc |= WPA_DRIVER_CAPA_ENC_TKIP; + if (devcaps.dc_cryptocaps & IEEE80211_CRYPTO_AES_CCM) + drv->capa.enc |= WPA_DRIVER_CAPA_ENC_CCMP; ++ if (devcaps.dc_cryptocaps & IEEE80211_CRYPTO_AES_GCM_128) ++ drv->capa.enc |= WPA_DRIVER_CAPA_ENC_GCMP; ++ if (devcaps.dc_cryptocaps & IEEE80211_CRYPTO_BIP_CMAC_128) ++ drv->capa.enc |= WPA_DRIVER_CAPA_ENC_BIP; + + if (devcaps.dc_drivercaps & IEEE80211_C_HOSTAP) + drv->capa.flags |= WPA_DRIVER_FLAGS_AP; +@@ -1551,6 +1640,8 @@ } if (ifmr.ifm_current & IFM_IEEE80211_HOSTAP) return IEEE80211_M_HOSTAP; + if (ifmr.ifm_current & IFM_IEEE80211_IBSS) + return IEEE80211_M_IBSS; if (ifmr.ifm_current & IFM_IEEE80211_MONITOR) return IEEE80211_M_MONITOR; #ifdef IEEE80211_M_MBSS -@@ -1607,7 +1681,7 @@ +@@ -1611,7 +1702,7 @@ drv->capa.key_mgmt_iftype[i] = drv->capa.key_mgmt; /* Down interface during setup. */ - if (bsd_get_iface_flags(drv) < 0) + if (bsd_ctrl_iface(drv, 0) < 0) goto fail; /* Proven to work, lets go! */ -@@ -1631,6 +1705,9 @@ +@@ -1635,6 +1726,9 @@ if (drv->ifindex != 0 && !drv->if_removed) { wpa_driver_bsd_set_wpa(drv, 0); + /* NB: mark interface down */ + bsd_ctrl_iface(drv, 0); + wpa_driver_bsd_set_wpa_internal(drv, drv->prev_wpa, drv->prev_privacy); diff --git a/net/hostapd/Makefile b/net/hostapd/Makefile index 8b6b2cf48a8a..5ea12eceec8b 100644 --- a/net/hostapd/Makefile +++ b/net/hostapd/Makefile @@ -1,40 +1,40 @@ PORTNAME= hostapd PORTVERSION= 2.11 -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= net MASTER_SITES= https://w1.fi/releases/ MAINTAINER= cy@FreeBSD.org COMMENT= IEEE 802.11 AP, IEEE 802.1X/WPA/WPA2/EAP/RADIUS Authenticator WWW= https://w1.fi/hostapd/ LICENSE= BSD3CLAUSE USES= cpe gmake ssl CPE_VENDOR= w1.fi BUILD_WRKSRC= ${WRKSRC}/hostapd CFLAGS+= -I${OPENSSLINC} LDFLAGS+= -L${OPENSSLLIB} PLIST_FILES= sbin/hostapd sbin/hostapd_cli share/man/man1/hostapd_cli.1.gz \ share/man/man8/hostapd.8.gz .if !exists(/etc/rc.d/hostapd) USE_RC_SUBR= hostapd .endif post-patch: @${REINPLACE_CMD} -e 's|@$$(E) " CC " $$<|@$$(E) " $$(CC) " $$<|' \ ${BUILD_WRKSRC}/Makefile @${SED} -e 's|@PREFIX@|${PREFIX}|g' ${FILESDIR}/config \ >> ${WRKSRC}/hostapd/.config do-install: ${INSTALL_PROGRAM} ${WRKSRC}/hostapd/hostapd ${STAGEDIR}${PREFIX}/sbin ${INSTALL_PROGRAM} ${WRKSRC}/hostapd/hostapd_cli \ ${STAGEDIR}${PREFIX}/sbin ${INSTALL_MAN} ${WRKSRC}/hostapd/hostapd_cli.1 \ ${STAGEDIR}${PREFIX}/share/man/man1 ${INSTALL_MAN} ${WRKSRC}/hostapd/hostapd.8 \ ${STAGEDIR}${PREFIX}/share/man/man8 .include diff --git a/net/hostapd/files/patch-src_drivers_driver__bsd.c b/net/hostapd/files/patch-src_drivers_driver__bsd.c index 809575aeb356..5c6671c0d638 100644 --- a/net/hostapd/files/patch-src_drivers_driver__bsd.c +++ b/net/hostapd/files/patch-src_drivers_driver__bsd.c @@ -1,256 +1,311 @@ --- src/drivers/driver_bsd.c.orig 2024-07-20 11:04:37.000000000 -0700 -+++ src/drivers/driver_bsd.c 2024-09-13 15:39:20.543245000 -0700 ++++ src/drivers/driver_bsd.c 2025-03-13 13:38:22.780127000 -0700 @@ -14,6 +14,7 @@ #include "driver.h" #include "eloop.h" #include "common/ieee802_11_defs.h" +#include "common/ieee802_11_common.h" #include "common/wpa_common.h" #include @@ -293,8 +294,9 @@ } static int -bsd_get_iface_flags(struct bsd_driver_data *drv) +bsd_ctrl_iface(void *priv, int enable) { + struct bsd_driver_data *drv = priv; struct ifreq ifr; os_memset(&ifr, 0, sizeof(ifr)); -@@ -302,10 +304,37 @@ - - if (ioctl(drv->global->sock, SIOCGIFFLAGS, &ifr) < 0) { - wpa_printf(MSG_ERROR, "ioctl[SIOCGIFFLAGS]: %s", -+ strerror(errno)); -+ return -1; -+ } -+ drv->flags = ifr.ifr_flags; +@@ -306,7 +308,34 @@ + return -1; + } + drv->flags = ifr.ifr_flags; + + + if (enable) { + if (ifr.ifr_flags & IFF_UP) + goto nochange; + ifr.ifr_flags |= IFF_UP; + } else { + if (!(ifr.ifr_flags & IFF_UP)) + goto nochange; + ifr.ifr_flags &= ~IFF_UP; + } + + if (ioctl(drv->global->sock, SIOCSIFFLAGS, &ifr) < 0) { + wpa_printf(MSG_ERROR, "ioctl[SIOCSIFFLAGS]: %s", - strerror(errno)); - return -1; - } ++ strerror(errno)); ++ return -1; ++ } + + wpa_printf(MSG_DEBUG, "%s: if %s (changed) enable %d IFF_UP %d ", + __func__, drv->ifname, enable, ((ifr.ifr_flags & IFF_UP) != 0)); + - drv->flags = ifr.ifr_flags; -+ return 0; ++ drv->flags = ifr.ifr_flags; + return 0; + +nochange: + wpa_printf(MSG_DEBUG, "%s: if %s (no change) enable %d IFF_UP %d ", + __func__, drv->ifname, enable, ((ifr.ifr_flags & IFF_UP) != 0)); - return 0; ++ return 0; } -@@ -525,7 +554,7 @@ + static int +@@ -349,6 +378,12 @@ + case WPA_ALG_CCMP: + wk.ik_type = IEEE80211_CIPHER_AES_CCM; + break; ++ case WPA_ALG_GCMP: ++ wk.ik_type = IEEE80211_CIPHER_AES_GCM_128; ++ break; ++ case WPA_ALG_BIP_CMAC_128: ++ wk.ik_type = IEEE80211_CIPHER_BIP_CMAC_128; ++ break; + default: + wpa_printf(MSG_ERROR, "%s: unknown alg=%d", __func__, alg); + return -1; +@@ -420,6 +455,12 @@ + case WPA_CIPHER_CCMP: + v = IEEE80211_CIPHER_AES_CCM; + break; ++ case WPA_CIPHER_GCMP: ++ v = IEEE80211_CIPHER_AES_GCM_128; ++ break; ++ case WPA_CIPHER_BIP_CMAC_128: ++ v = IEEE80211_CIPHER_BIP_CMAC_128; ++ break; + case WPA_CIPHER_TKIP: + v = IEEE80211_CIPHER_TKIP; + break; +@@ -456,6 +497,10 @@ + } + + v = 0; ++ if (params->wpa_pairwise & WPA_CIPHER_BIP_CMAC_128) ++ v |= 1<wpa_pairwise & WPA_CIPHER_GCMP) ++ v |= 1<wpa_pairwise & WPA_CIPHER_CCMP) + v |= 1<wpa_pairwise & WPA_CIPHER_TKIP) +@@ -525,7 +570,7 @@ __func__); return -1; } - return 0; + return bsd_ctrl_iface(priv, 1); } static void -@@ -853,14 +882,18 @@ +@@ -586,6 +631,7 @@ + mode = IFM_IEEE80211_11B; + } else { + mode = ++ freq->vht_enabled ? IFM_IEEE80211_VHT5G : + freq->ht_enabled ? IFM_IEEE80211_11NA : + IFM_IEEE80211_11A; + } +@@ -853,14 +899,18 @@ drv = bsd_get_drvindex(global, ifm->ifm_index); if (drv == NULL) return; - if ((ifm->ifm_flags & IFF_UP) == 0 && - (drv->flags & IFF_UP) != 0) { + if (((ifm->ifm_flags & IFF_UP) == 0 || + (ifm->ifm_flags & IFF_RUNNING) == 0) && + (drv->flags & IFF_UP) != 0 && + (drv->flags & IFF_RUNNING) != 0) { wpa_printf(MSG_DEBUG, "RTM_IFINFO: Interface '%s' DOWN", drv->ifname); wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_DISABLED, NULL); } else if ((ifm->ifm_flags & IFF_UP) != 0 && - (drv->flags & IFF_UP) == 0) { + (ifm->ifm_flags & IFF_RUNNING) != 0 && + ((drv->flags & IFF_UP) == 0 || + (drv->flags & IFF_RUNNING) == 0)) { wpa_printf(MSG_DEBUG, "RTM_IFINFO: Interface '%s' UP", drv->ifname); wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_ENABLED, -@@ -1027,7 +1060,8 @@ +@@ -1027,7 +1077,8 @@ if (l2_packet_get_own_addr(drv->sock_xmit, params->own_addr)) goto bad; - if (bsd_get_iface_flags(drv) < 0) + /* mark down during setup */ + if (bsd_ctrl_iface(drv, 0) < 0) goto bad; if (bsd_set_mediaopt(drv, IFM_OMASK, IFM_IEEE80211_HOSTAP) < 0) { -@@ -1052,12 +1086,13 @@ +@@ -1052,12 +1103,13 @@ { struct bsd_driver_data *drv = priv; + if (drv->ifindex != 0) + bsd_ctrl_iface(drv, 0); if (drv->sock_xmit != NULL) l2_packet_deinit(drv->sock_xmit); os_free(drv); } - static int bsd_set_sta_authorized(void *priv, const u8 *addr, unsigned int total_flags, unsigned int flags_or, -@@ -1199,13 +1234,41 @@ - } +@@ -1196,6 +1248,34 @@ + struct bsd_driver_data *drv = ctx; - static int + drv_event_eapol_rx(drv->ctx, src_addr, buf, len); ++} ++ ++static int +wpa_driver_bsd_set_rsn_wpa_ie(struct bsd_driver_data * drv, + struct wpa_driver_associate_params *params, const u8 *ie) +{ + int privacy; + size_t ie_len = ie[1] ? ie[1] + 2 : 0; + + /* XXX error handling is wrong but unclear what to do... */ + if (wpa_driver_bsd_set_wpa_ie(drv, ie, ie_len) < 0) + return -1; + + privacy = !(params->pairwise_suite == WPA_CIPHER_NONE && + params->group_suite == WPA_CIPHER_NONE && + params->key_mgmt_suite == WPA_KEY_MGMT_NONE); + wpa_printf(MSG_DEBUG, "%s: set PRIVACY %u", __func__, + privacy); + + if (set80211param(drv, IEEE80211_IOC_PRIVACY, privacy) < 0) + return -1; + + if (ie_len && + set80211param(drv, IEEE80211_IOC_WPA, + ie[0] == WLAN_EID_RSN ? 2 : 1) < 0) + return -1; + + return 0; -+} -+ -+static int - wpa_driver_bsd_associate(void *priv, struct wpa_driver_associate_params *params) - { + } + + static int +@@ -1204,8 +1284,8 @@ struct bsd_driver_data *drv = priv; struct ieee80211req_mlme mlme; u32 mode; - int privacy; int ret = 0; + const u8 *wpa_ie, *rsn_ie; wpa_printf(MSG_DEBUG, "%s: ssid '%.*s' wpa ie len %u pairwise %u group %u key mgmt %u" -@@ -1222,7 +1285,10 @@ +@@ -1222,7 +1302,10 @@ mode = 0 /* STA */; break; case IEEE80211_MODE_IBSS: +#if 0 mode = IFM_IEEE80211_IBSS; +#endif + mode = IFM_IEEE80211_ADHOC; break; case IEEE80211_MODE_AP: mode = IFM_IEEE80211_HOSTAP; -@@ -1251,22 +1317,31 @@ +@@ -1251,22 +1334,31 @@ ret = -1; if (wpa_driver_bsd_set_auth_alg(drv, params->auth_alg) < 0) ret = -1; - /* XXX error handling is wrong but unclear what to do... */ - if (wpa_driver_bsd_set_wpa_ie(drv, params->wpa_ie, params->wpa_ie_len) < 0) - return -1; - privacy = !(params->pairwise_suite == WPA_CIPHER_NONE && - params->group_suite == WPA_CIPHER_NONE && - params->key_mgmt_suite == WPA_KEY_MGMT_NONE && - params->wpa_ie_len == 0); - wpa_printf(MSG_DEBUG, "%s: set PRIVACY %u", __func__, privacy); - - if (set80211param(drv, IEEE80211_IOC_PRIVACY, privacy) < 0) - return -1; + if (params->wpa_ie_len) { + rsn_ie = get_ie(params->wpa_ie, params->wpa_ie_len, + WLAN_EID_RSN); + if (rsn_ie) { + if (wpa_driver_bsd_set_rsn_wpa_ie(drv, params, + rsn_ie) < 0) + return -1; + } + else { + wpa_ie = get_vendor_ie(params->wpa_ie, + params->wpa_ie_len, WPA_IE_VENDOR_TYPE); + if (wpa_ie) { + if (wpa_driver_bsd_set_rsn_wpa_ie(drv, params, + wpa_ie) < 0) + return -1; + } + } + } - if (params->wpa_ie_len && - set80211param(drv, IEEE80211_IOC_WPA, - params->wpa_ie[0] == WLAN_EID_RSN ? 2 : 1) < 0) + /* + * NB: interface must be marked UP for association + * or scanning (ap_scan=2) + */ + if (bsd_ctrl_iface(drv, 1) < 0) return -1; os_memset(&mlme, 0, sizeof(mlme)); -@@ -1311,11 +1386,8 @@ +@@ -1311,11 +1403,8 @@ } /* NB: interface must be marked UP to do a scan */ - if (!(drv->flags & IFF_UP)) { - wpa_printf(MSG_DEBUG, "%s: interface is not up, cannot scan", - __func__); + if (bsd_ctrl_iface(drv, 1) < 0) return -1; - } #ifdef IEEE80211_IOC_SCAN_MAX_SSID os_memset(&sr, 0, sizeof(sr)); -@@ -1547,6 +1619,8 @@ +@@ -1495,6 +1584,10 @@ + drv->capa.enc |= WPA_DRIVER_CAPA_ENC_TKIP; + if (devcaps.dc_cryptocaps & IEEE80211_CRYPTO_AES_CCM) + drv->capa.enc |= WPA_DRIVER_CAPA_ENC_CCMP; ++ if (devcaps.dc_cryptocaps & IEEE80211_CRYPTO_AES_GCM_128) ++ drv->capa.enc |= WPA_DRIVER_CAPA_ENC_GCMP; ++ if (devcaps.dc_cryptocaps & IEEE80211_CRYPTO_BIP_CMAC_128) ++ drv->capa.enc |= WPA_DRIVER_CAPA_ENC_BIP; + + if (devcaps.dc_drivercaps & IEEE80211_C_HOSTAP) + drv->capa.flags |= WPA_DRIVER_FLAGS_AP; +@@ -1547,6 +1640,8 @@ } if (ifmr.ifm_current & IFM_IEEE80211_HOSTAP) return IEEE80211_M_HOSTAP; + if (ifmr.ifm_current & IFM_IEEE80211_IBSS) + return IEEE80211_M_IBSS; if (ifmr.ifm_current & IFM_IEEE80211_MONITOR) return IEEE80211_M_MONITOR; #ifdef IEEE80211_M_MBSS -@@ -1607,7 +1681,7 @@ +@@ -1607,7 +1702,7 @@ drv->capa.key_mgmt_iftype[i] = drv->capa.key_mgmt; /* Down interface during setup. */ - if (bsd_get_iface_flags(drv) < 0) + if (bsd_ctrl_iface(drv, 0) < 0) goto fail; /* Proven to work, lets go! */ -@@ -1631,6 +1705,9 @@ +@@ -1631,6 +1726,9 @@ if (drv->ifindex != 0 && !drv->if_removed) { wpa_driver_bsd_set_wpa(drv, 0); + /* NB: mark interface down */ + bsd_ctrl_iface(drv, 0); + wpa_driver_bsd_set_wpa_internal(drv, drv->prev_wpa, drv->prev_privacy); diff --git a/security/wpa_supplicant-devel/Makefile b/security/wpa_supplicant-devel/Makefile index 479a59e2a2eb..dca2b705e7b3 100644 --- a/security/wpa_supplicant-devel/Makefile +++ b/security/wpa_supplicant-devel/Makefile @@ -1,241 +1,241 @@ PORTNAME= wpa_supplicant PORTVERSION= ${COMMIT_DATE} -PORTREVISION= 2 +PORTREVISION= 3 CATEGORIES= security net PKGNAMESUFFIX= -devel MAINTAINER= cy@FreeBSD.org COMMENT= Supplicant (client) for WPA/802.1x protocols WWW= https://w1.fi/wpa_supplicant/ USE_GITHUB= yes GH_ACCOUNT= cschuber GH_PROJECT= hostap GH_TAGNAME= ad8d30e0a COMMIT_DATE= 2025.02.15 LICENSE= BSD3CLAUSE LICENSE_FILE= ${WRKSRC}/README USES= cpe gmake pkgconfig:build readline ssl BUILD_WRKSRC= ${WRKSRC}/wpa_supplicant INSTALL_WRKSRC= ${WRKSRC}/src CPPFLAGS+= -Wno-incompatible-function-pointer-types CFLAGS+= ${CPPFLAGS} # USES=readline only augments CPPFLAGS and LDFLAGS CFLAGS+= -I${OPENSSLINC} CFLAGS+= -Wno-deprecated-declarations LDFLAGS+= -L${OPENSSLLIB} -lutil MAKE_ENV= V=1 SUB_FILES= pkg-message PORTDOCS= README ChangeLog CFG= ${BUILD_WRKSRC}/.config .if !exists(/etc/rc.d/wpa_supplicant) USE_RC_SUBR= wpa_supplicant .endif OPTIONS_MULTI= DRV EAP OPTIONS_MULTI_DRV= BSD WIRED NDIS TEST NONE #ROBOSWITCH OPTIONS_MULTI_EAP= TLS PEAP TTLS MD5 MSCHAPV2 GTC LEAP OTP PSK FAST \ SIM PWD PAX AKA AKA_PRIME SAKE GPSK TNC IKEV2 EKE OPTIONS_DEFINE= WPS WPS_ER WPS_NOREG WPS_NFC WPS_UPNP PKCS12 SMARTCARD \ HT_OVERRIDES VHT_OVERRIDES TLSV12 IEEE80211W \ IEEE80211R DEBUG_FILE DEBUG_SYSLOG PRIVSEP \ DELAYED_MIC IEEE80211N IEEE80211AC INTERWORKING \ IEEE8021X_EAPOL EAPOL_TEST \ HS20 NO_ROAMING P2P PASN TDLS DBUS MATCH DOCS \ SIM_SIMULATOR USIM_SIMULATOR WNM MBO RSN_PREAUTH WEP OPTIONS_DEFAULT= BSD WIRED \ TLS PEAP TTLS MD5 MSCHAPV2 GTC LEAP OTP PSK \ WPS PKCS12 SMARTCARD IEEE80211R DEBUG_SYSLOG \ INTERWORKING HS20 DBUS MATCH IEEE80211R IEEE80211W \ IEEE8021X_EAPOL WPS_ER WPS_NFC WPS_UPNP \ FAST PWD PAX SAKE GPSK TNC IKEV2 EKE \ WNM MBO RSN_PREAUTH WEP PASN OPTIONS_SUB= WPS_DESC= Wi-Fi Protected Setup WPS_ER_DESC= Enable WPS External Registrar WPS_NOREG_DESC= Disable open network credentials when registrar WPS_NFC_DESC= Near Field Communication (NFC) configuration WPS_UPNP_DESC= Universal Plug and Play support PKCS12_DESC= PKCS\#12 (PFS) support SMARTCARD_DESC= Private key on smartcard support HT_OVERRIDES_DESC= Disable HT/HT40, mask MCS rates, etc VHT_OVERRIDES_DESC= Disable VHT, mask MCS rates, etc TLSV12_DESC= Build with TLS v1.2 instead of TLS v1.0 IEEE80211AC_DESC= Very High Throughput, AP mode (IEEE 802.11ac) IEEE80211N_DESC= High Throughput, AP mode (IEEE 802.11n) IEEE80211R_DESC= Fast BSS Transition (IEEE 802.11r-2008) IEEE80211W_DESC= Management Frame Protection (IEEE 802.11w) IEEE8021X_EAPOL_DESC= EAP over LAN support EAPOL_TEST_DESC= Development testing DEBUG_FILE_DESC= Support for writing debug log to a file DEBUG_SYSLOG_DESC= Send debug messages to syslog instead of stdout PRIVSEP_DESC= Privilege separation DELAYED_MIC_DESC= Mitigate TKIP attack, random delay on MIC errors INTERWORKING_DESC= Improve ext. network interworking (IEEE 802.11u) HS20_DESC= Hotspot 2.0 NO_ROAMING_DESC= Disable roaming P2P_DESC= Peer-to-Peer support PASN_DESC= Pre-Association Security Negotiation TDLS_DESC= Tunneled Direct Link Setup MATCH_DESC= Interface match mode DRV_DESC= Driver options BSD_DESC= BSD net80211 interface NDIS_DESC= Windows NDIS interface WIRED_DESC= Wired ethernet interface ROBOSWITCH_DESC= Broadcom Roboswitch interface TEST_DESC= Development testing interface NONE_DESC= The 'no driver' interface, e.g. WPS ER only EAP_DESC= Extensible Authentication Protocols TLS_DESC= Transport Layer Security PEAP_DESC= Protected Extensible Authentication Protocol TTLS_DESC= Tunneled Transport Layer Security MD5_DESC= MD5 hash (deprecated, no key generation) MSCHAPV2_DESC= Microsoft CHAP version 2 (RFC 2759) GTC_DESC= Generic Token Card LEAP_DESC= Lightweight Extensible Authentication Protocol OTP_DESC= One-Time Password PSK_DESC= Pre-Shared key FAST_DESC= Flexible Authentication via Secure Tunneling AKA_DESC= Autentication and Key Agreement (UMTS) AKA_PRIME_DESC= AKA Prime variant (RFC 5448) EKE_DESC= Encrypted Key Exchange WEP_DESC= WEP support SIM_DESC= Subscriber Identity Module SIM_SIMULATOR_DESC= SIM simulator (Milenage) for EAP-SIM USIM_SIMULATOR_DESC= SIM simulator (Milenage) for EAP-AKA IKEV2_DESC= Internet Key Exchange version 2 PWD_DESC= Shared password (RFC 5931) PAX_DESC= Password Authenticated Exchange SAKE_DESC= Shared-Secret Authentication & Key Establishment GPSK_DESC= Generalized Pre-Shared Key TNC_DESC= Trusted Network Connect WNM_DESC= Wireless Network Monitoring MBO_DESC= Multi Band Operation (Enables WNM) RSN_PREAUTH= RSN Preauthentication PRIVSEP_PLIST_FILES= sbin/wpa_priv DBUS_PLIST_FILES= share/dbus-1/system-services/fi.w1.wpa_supplicant1.service \ etc/dbus-1/system.d/dbus-wpa_supplicant.conf .include .if ${PORT_OPTIONS:MNDIS} && ${PORT_OPTIONS:MPRIVSEP} BROKEN= Fails to compile with both NDIS and PRIVSEP .endif .if ${PORT_OPTIONS:MIEEE80211AC} && ${PORT_OPTIONS:MIEEE80211N} BROKEN= Fails to compile with both IEEE80211AC and IEEE80211N .endif .if ${PORT_OPTIONS:MSIM} || ${PORT_OPTIONS:MAKA} || ${PORT_OPTIONS:MAKA_PRIME} LIB_DEPENDS+= libpcsclite.so:devel/pcsc-lite CFLAGS+= -I${LOCALBASE}/include/PCSC LDFLAGS+= -L${LOCALBASE}/lib .endif .if ${PORT_OPTIONS:MDBUS} LIB_DEPENDS+= libdbus-1.so:devel/dbus .endif post-patch: @${CP} ${FILESDIR}/Packet32.[ch] ${FILESDIR}/ntddndis.h \ ${WRKSRC}/src/utils # Set driver(s) .for item in BSD NDIS WIRED ROBOSWITCH TEST NONE . if ${PORT_OPTIONS:M${item}} @${ECHO_CMD} CONFIG_DRIVER_${item}=y >> ${CFG} . endif .endfor # Set EAP protocol(s) .for item in MD5 MSCHAPV2 TLS PEAP TTLS FAST GTC OTP PSK PWD PAX LEAP SIM \ AKA AKA_PRIME SAKE GPSK TNC IKEV2 EKE WEP . if ${PORT_OPTIONS:M${item}} @${ECHO_CMD} CONFIG_EAP_${item:tu}=y >> ${CFG} . endif .endfor .if ${PORT_OPTIONS:MSIM} || ${PORT_OPTIONS:MAKA} || ${PORT_OPTIONS:MAKA_PRIME} @${ECHO_CMD} CONFIG_PCSC=y >> ${CFG} .endif .if ${PORT_OPTIONS:MMBO} @${ECHO_CMD} CONFIG_WNM=y >> ${CFG} .endif .for simple in WPS WPS_ER WPS_NFC WPS_UPNP PKCS12 SMARTCARD HT_OVERRIDES \ VHT_OVERRIDES TLSV12 IEEE80211AC IEEE80211N IEEE80211R IEEE80211W \ IEEE8021X_EAPOL EAPOL_TEST \ INTERWORKING DEBUG_FILE DEBUG_SYSLOG HS20 NO_ROAMING PRIVSEP P2P \ PASN TDLS WNM MBO RSN_PREAUTH . if ${PORT_OPTIONS:M${simple}} @${ECHO_CMD} CONFIG_${simple}=y >> ${CFG} . endif .endfor .for item in READLINE PEERKEY @${ECHO_CMD} CONFIG_${item}=y >> ${CFG} .endfor .if ${PORT_OPTIONS:MIEEE80211AC} || ${PORT_OPTIONS:MIEEE80211N} @${ECHO_CMD} CONFIG_AP=y >> ${CFG} .endif .if ${PORT_OPTIONS:MGPSK} # GPSK desired, assume highest SHA desired too @${ECHO_CMD} CONFIG_EAP_GPSK_SHA256=y >> ${CFG} .endif .if ${PORT_OPTIONS:MWPS_NOREG} @${ECHO_CMD} CONFIG_WPS_REG_DISABLE_OPEN=y >> ${CFG} .endif .if ${PORT_OPTIONS:MDELAYED_MIC} @${ECHO_CMD} CONFIG_DELAYED_MIC_ERROR_REPORT=y >> ${CFG} .endif .if ${PORT_OPTIONS:MDBUS} @${ECHO_CMD} CONFIG_CTRL_IFACE_DBUS_NEW=y >> ${CFG} @${ECHO_CMD} CONFIG_CTRL_IFACE_DBUS_INTRO=y >> ${CFG} .endif .if ${PORT_OPTIONS:MMATCH} @${ECHO_CMD} CONFIG_MATCH_IFACE=y >> ${CFG} .endif .if ${PORT_OPTIONS:MUSIM_SIMULATOR} @${ECHO_CMD} CONFIG_USIM_SIMULATOR=y >> ${CFG} .endif .if ${PORT_OPTIONS:MSIM_SIMULATOR} @${ECHO_CMD} CONFIG_SIM_SIMULATOR=y >> ${CFG} .endif @${ECHO_CMD} CONFIG_OS=unix >> ${CFG} @${ECHO_CMD} CONFIG_CTRL_IFACE=unix >> ${CFG} @${ECHO_CMD} CONFIG_BACKEND=file >> ${CFG} @${ECHO_CMD} CONFIG_L2_PACKET=freebsd >> ${CFG} @${ECHO_CMD} CONFIG_TLS=openssl >> ${CFG} post-build-EAPOL_TEST-on: cd ${BUILD_WRKSRC} && ${GMAKE} eapol_test do-install: (cd ${BUILD_WRKSRC} && ${INSTALL_PROGRAM} wpa_supplicant wpa_cli \ wpa_passphrase ${STAGEDIR}${PREFIX}/sbin) ${INSTALL_DATA} ${BUILD_WRKSRC}/wpa_supplicant.conf \ ${STAGEDIR}${PREFIX}/etc/wpa_supplicant.conf.sample do-install-EAPOL_TEST-on: ${INSTALL_PROGRAM} ${BUILD_WRKSRC}/eapol_test ${STAGEDIR}${PREFIX}/sbin do-install-DOCS-on: @${MKDIR} ${STAGEDIR}${DOCSDIR} (cd ${BUILD_WRKSRC} && \ ${INSTALL_DATA} ${PORTDOCS} ${STAGEDIR}${DOCSDIR}) do-install-PRIVSEP-on: ${INSTALL_PROGRAM} ${BUILD_WRKSRC}/wpa_priv ${STAGEDIR}${PREFIX}/sbin do-install-DBUS-on: @${MKDIR} ${STAGEDIR}${PREFIX}/share/dbus-1/system-services/ @${MKDIR} ${STAGEDIR}${PREFIX}/etc/dbus-1/system.d/ ${INSTALL_DATA} ${BUILD_WRKSRC}/dbus/fi.w1.wpa_supplicant1.service \ ${STAGEDIR}${PREFIX}/share/dbus-1/system-services/ ${INSTALL_DATA} ${BUILD_WRKSRC}/dbus/dbus-wpa_supplicant.conf \ ${STAGEDIR}${PREFIX}/etc/dbus-1/system.d/ .include diff --git a/security/wpa_supplicant-devel/files/patch-src_drivers_driver__bsd.c b/security/wpa_supplicant-devel/files/patch-src_drivers_driver__bsd.c index 51293391dff4..61003e755553 100644 --- a/security/wpa_supplicant-devel/files/patch-src_drivers_driver__bsd.c +++ b/security/wpa_supplicant-devel/files/patch-src_drivers_driver__bsd.c @@ -1,256 +1,332 @@ ---- src/drivers/driver_bsd.c.orig 2024-09-01 06:39:57.000000000 -0700 -+++ src/drivers/driver_bsd.c 2024-09-13 15:36:17.326062000 -0700 +--- src/drivers/driver_bsd.c.orig 2025-02-15 11:51:02.000000000 -0800 ++++ src/drivers/driver_bsd.c 2025-03-13 13:42:51.318078000 -0700 @@ -14,6 +14,7 @@ #include "driver.h" #include "eloop.h" #include "common/ieee802_11_defs.h" +#include "common/ieee802_11_common.h" #include "common/wpa_common.h" #include @@ -293,8 +294,9 @@ } static int -bsd_get_iface_flags(struct bsd_driver_data *drv) +bsd_ctrl_iface(void *priv, int enable) { + struct bsd_driver_data *drv = priv; struct ifreq ifr; os_memset(&ifr, 0, sizeof(ifr)); -@@ -302,10 +304,37 @@ - - if (ioctl(drv->global->sock, SIOCGIFFLAGS, &ifr) < 0) { - wpa_printf(MSG_ERROR, "ioctl[SIOCGIFFLAGS]: %s", -+ strerror(errno)); -+ return -1; -+ } -+ drv->flags = ifr.ifr_flags; +@@ -306,7 +308,34 @@ + return -1; + } + drv->flags = ifr.ifr_flags; + + + if (enable) { + if (ifr.ifr_flags & IFF_UP) + goto nochange; + ifr.ifr_flags |= IFF_UP; + } else { + if (!(ifr.ifr_flags & IFF_UP)) + goto nochange; + ifr.ifr_flags &= ~IFF_UP; + } + + if (ioctl(drv->global->sock, SIOCSIFFLAGS, &ifr) < 0) { + wpa_printf(MSG_ERROR, "ioctl[SIOCSIFFLAGS]: %s", - strerror(errno)); - return -1; - } ++ strerror(errno)); ++ return -1; ++ } + + wpa_printf(MSG_DEBUG, "%s: if %s (changed) enable %d IFF_UP %d ", + __func__, drv->ifname, enable, ((ifr.ifr_flags & IFF_UP) != 0)); + - drv->flags = ifr.ifr_flags; -+ return 0; ++ drv->flags = ifr.ifr_flags; + return 0; + +nochange: + wpa_printf(MSG_DEBUG, "%s: if %s (no change) enable %d IFF_UP %d ", + __func__, drv->ifname, enable, ((ifr.ifr_flags & IFF_UP) != 0)); - return 0; ++ return 0; } -@@ -525,7 +554,7 @@ + static int +@@ -325,9 +354,6 @@ + const u8 *key = params->key; + size_t key_len = params->key_len; + +- if (params->key_flag & KEY_FLAG_NEXT) +- return -1; +- + wpa_printf(MSG_DEBUG, "%s: alg=%d addr=%p key_idx=%d set_tx=%d " + "seq_len=%zu key_len=%zu", __func__, alg, addr, key_idx, + set_tx, seq_len, key_len); +@@ -352,6 +378,12 @@ + case WPA_ALG_CCMP: + wk.ik_type = IEEE80211_CIPHER_AES_CCM; + break; ++ case WPA_ALG_GCMP: ++ wk.ik_type = IEEE80211_CIPHER_AES_GCM_128; ++ break; ++ case WPA_ALG_BIP_CMAC_128: ++ wk.ik_type = IEEE80211_CIPHER_BIP_CMAC_128; ++ break; + default: + wpa_printf(MSG_ERROR, "%s: unknown alg=%d", __func__, alg); + return -1; +@@ -422,7 +454,13 @@ + switch (params->wpa_group) { + case WPA_CIPHER_CCMP: + v = IEEE80211_CIPHER_AES_CCM; ++ break; ++ case WPA_CIPHER_GCMP: ++ v = IEEE80211_CIPHER_AES_GCM_128; + break; ++ case WPA_CIPHER_BIP_CMAC_128: ++ v = IEEE80211_CIPHER_BIP_CMAC_128; ++ break; + case WPA_CIPHER_TKIP: + v = IEEE80211_CIPHER_TKIP; + break; +@@ -459,6 +497,10 @@ + } + + v = 0; ++ if (params->wpa_pairwise & WPA_CIPHER_BIP_CMAC_128) ++ v |= 1<wpa_pairwise & WPA_CIPHER_GCMP) ++ v |= 1<wpa_pairwise & WPA_CIPHER_CCMP) + v |= 1<wpa_pairwise & WPA_CIPHER_TKIP) +@@ -528,7 +570,7 @@ __func__); return -1; } - return 0; + return bsd_ctrl_iface(priv, 1); } static void -@@ -853,14 +882,18 @@ +@@ -589,6 +631,7 @@ + mode = IFM_IEEE80211_11B; + } else { + mode = ++ freq->vht_enabled ? IFM_IEEE80211_VHT5G : + freq->ht_enabled ? IFM_IEEE80211_11NA : + IFM_IEEE80211_11A; + } +@@ -856,14 +899,18 @@ drv = bsd_get_drvindex(global, ifm->ifm_index); if (drv == NULL) return; - if ((ifm->ifm_flags & IFF_UP) == 0 && - (drv->flags & IFF_UP) != 0) { + if (((ifm->ifm_flags & IFF_UP) == 0 || + (ifm->ifm_flags & IFF_RUNNING) == 0) && + (drv->flags & IFF_UP) != 0 && + (drv->flags & IFF_RUNNING) != 0) { wpa_printf(MSG_DEBUG, "RTM_IFINFO: Interface '%s' DOWN", drv->ifname); wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_DISABLED, NULL); } else if ((ifm->ifm_flags & IFF_UP) != 0 && - (drv->flags & IFF_UP) == 0) { + (ifm->ifm_flags & IFF_RUNNING) != 0 && + ((drv->flags & IFF_UP) == 0 || + (drv->flags & IFF_RUNNING) == 0)) { wpa_printf(MSG_DEBUG, "RTM_IFINFO: Interface '%s' UP", drv->ifname); wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_ENABLED, -@@ -1027,7 +1060,8 @@ +@@ -1001,8 +1048,7 @@ + } + + static void * +-bsd_init(struct hostapd_data *hapd, struct wpa_init_params *params, +- enum wpa_p2p_mode p2p_mode) ++bsd_init(struct hostapd_data *hapd, struct wpa_init_params *params) + { + struct bsd_driver_data *drv; + +@@ -1031,7 +1077,8 @@ if (l2_packet_get_own_addr(drv->sock_xmit, params->own_addr)) goto bad; - if (bsd_get_iface_flags(drv) < 0) + /* mark down during setup */ + if (bsd_ctrl_iface(drv, 0) < 0) goto bad; if (bsd_set_mediaopt(drv, IFM_OMASK, IFM_IEEE80211_HOSTAP) < 0) { -@@ -1052,12 +1086,13 @@ +@@ -1056,12 +1103,13 @@ { struct bsd_driver_data *drv = priv; + if (drv->ifindex != 0) + bsd_ctrl_iface(drv, 0); if (drv->sock_xmit != NULL) l2_packet_deinit(drv->sock_xmit); os_free(drv); } - static int bsd_set_sta_authorized(void *priv, const u8 *addr, unsigned int total_flags, unsigned int flags_or, -@@ -1199,13 +1234,41 @@ - } +@@ -1200,6 +1248,34 @@ + struct bsd_driver_data *drv = ctx; - static int + drv_event_eapol_rx(drv->ctx, src_addr, buf, len); ++} ++ ++static int +wpa_driver_bsd_set_rsn_wpa_ie(struct bsd_driver_data * drv, + struct wpa_driver_associate_params *params, const u8 *ie) +{ + int privacy; + size_t ie_len = ie[1] ? ie[1] + 2 : 0; + + /* XXX error handling is wrong but unclear what to do... */ + if (wpa_driver_bsd_set_wpa_ie(drv, ie, ie_len) < 0) + return -1; + + privacy = !(params->pairwise_suite == WPA_CIPHER_NONE && + params->group_suite == WPA_CIPHER_NONE && + params->key_mgmt_suite == WPA_KEY_MGMT_NONE); + wpa_printf(MSG_DEBUG, "%s: set PRIVACY %u", __func__, + privacy); + + if (set80211param(drv, IEEE80211_IOC_PRIVACY, privacy) < 0) + return -1; + + if (ie_len && + set80211param(drv, IEEE80211_IOC_WPA, + ie[0] == WLAN_EID_RSN ? 2 : 1) < 0) + return -1; + + return 0; -+} -+ -+static int - wpa_driver_bsd_associate(void *priv, struct wpa_driver_associate_params *params) - { + } + + static int +@@ -1208,8 +1284,8 @@ struct bsd_driver_data *drv = priv; struct ieee80211req_mlme mlme; u32 mode; - int privacy; int ret = 0; + const u8 *wpa_ie, *rsn_ie; wpa_printf(MSG_DEBUG, "%s: ssid '%.*s' wpa ie len %u pairwise %u group %u key mgmt %u" -@@ -1222,7 +1285,10 @@ +@@ -1226,7 +1302,10 @@ mode = 0 /* STA */; break; case IEEE80211_MODE_IBSS: +#if 0 mode = IFM_IEEE80211_IBSS; +#endif + mode = IFM_IEEE80211_ADHOC; break; case IEEE80211_MODE_AP: mode = IFM_IEEE80211_HOSTAP; -@@ -1251,22 +1317,31 @@ +@@ -1255,22 +1334,31 @@ ret = -1; if (wpa_driver_bsd_set_auth_alg(drv, params->auth_alg) < 0) ret = -1; - /* XXX error handling is wrong but unclear what to do... */ - if (wpa_driver_bsd_set_wpa_ie(drv, params->wpa_ie, params->wpa_ie_len) < 0) - return -1; - privacy = !(params->pairwise_suite == WPA_CIPHER_NONE && - params->group_suite == WPA_CIPHER_NONE && - params->key_mgmt_suite == WPA_KEY_MGMT_NONE && - params->wpa_ie_len == 0); - wpa_printf(MSG_DEBUG, "%s: set PRIVACY %u", __func__, privacy); - - if (set80211param(drv, IEEE80211_IOC_PRIVACY, privacy) < 0) - return -1; + if (params->wpa_ie_len) { + rsn_ie = get_ie(params->wpa_ie, params->wpa_ie_len, + WLAN_EID_RSN); + if (rsn_ie) { + if (wpa_driver_bsd_set_rsn_wpa_ie(drv, params, + rsn_ie) < 0) + return -1; + } + else { + wpa_ie = get_vendor_ie(params->wpa_ie, + params->wpa_ie_len, WPA_IE_VENDOR_TYPE); + if (wpa_ie) { + if (wpa_driver_bsd_set_rsn_wpa_ie(drv, params, + wpa_ie) < 0) + return -1; + } + } + } - if (params->wpa_ie_len && - set80211param(drv, IEEE80211_IOC_WPA, - params->wpa_ie[0] == WLAN_EID_RSN ? 2 : 1) < 0) + /* + * NB: interface must be marked UP for association + * or scanning (ap_scan=2) + */ + if (bsd_ctrl_iface(drv, 1) < 0) return -1; os_memset(&mlme, 0, sizeof(mlme)); -@@ -1311,11 +1386,8 @@ +@@ -1315,11 +1403,8 @@ } /* NB: interface must be marked UP to do a scan */ - if (!(drv->flags & IFF_UP)) { - wpa_printf(MSG_DEBUG, "%s: interface is not up, cannot scan", - __func__); + if (bsd_ctrl_iface(drv, 1) < 0) return -1; - } #ifdef IEEE80211_IOC_SCAN_MAX_SSID os_memset(&sr, 0, sizeof(sr)); -@@ -1547,6 +1619,8 @@ +@@ -1499,6 +1584,10 @@ + drv->capa.enc |= WPA_DRIVER_CAPA_ENC_TKIP; + if (devcaps.dc_cryptocaps & IEEE80211_CRYPTO_AES_CCM) + drv->capa.enc |= WPA_DRIVER_CAPA_ENC_CCMP; ++ if (devcaps.dc_cryptocaps & IEEE80211_CRYPTO_AES_GCM_128) ++ drv->capa.enc |= WPA_DRIVER_CAPA_ENC_GCMP; ++ if (devcaps.dc_cryptocaps & IEEE80211_CRYPTO_BIP_CMAC_128) ++ drv->capa.enc |= WPA_DRIVER_CAPA_ENC_BIP; + + if (devcaps.dc_drivercaps & IEEE80211_C_HOSTAP) + drv->capa.flags |= WPA_DRIVER_FLAGS_AP; +@@ -1551,6 +1640,8 @@ } if (ifmr.ifm_current & IFM_IEEE80211_HOSTAP) return IEEE80211_M_HOSTAP; + if (ifmr.ifm_current & IFM_IEEE80211_IBSS) + return IEEE80211_M_IBSS; if (ifmr.ifm_current & IFM_IEEE80211_MONITOR) return IEEE80211_M_MONITOR; #ifdef IEEE80211_M_MBSS -@@ -1607,7 +1681,7 @@ +@@ -1611,7 +1702,7 @@ drv->capa.key_mgmt_iftype[i] = drv->capa.key_mgmt; /* Down interface during setup. */ - if (bsd_get_iface_flags(drv) < 0) + if (bsd_ctrl_iface(drv, 0) < 0) goto fail; /* Proven to work, lets go! */ -@@ -1631,6 +1705,9 @@ +@@ -1635,6 +1726,9 @@ if (drv->ifindex != 0 && !drv->if_removed) { wpa_driver_bsd_set_wpa(drv, 0); + /* NB: mark interface down */ + bsd_ctrl_iface(drv, 0); + wpa_driver_bsd_set_wpa_internal(drv, drv->prev_wpa, drv->prev_privacy); diff --git a/security/wpa_supplicant/Makefile b/security/wpa_supplicant/Makefile index 6f30219ddbb5..31b46b93b9a0 100644 --- a/security/wpa_supplicant/Makefile +++ b/security/wpa_supplicant/Makefile @@ -1,227 +1,227 @@ PORTNAME= wpa_supplicant PORTVERSION= 2.11 -PORTREVISION= 3 +PORTREVISION= 4 CATEGORIES= security net MASTER_SITES= https://w1.fi/releases/ MAINTAINER= cy@FreeBSD.org COMMENT= Supplicant (client) for WPA/802.1x protocols WWW= https://w1.fi/wpa_supplicant/ LICENSE= BSD3CLAUSE LICENSE_FILE= ${WRKSRC}/README USES= cpe gmake pkgconfig:build readline ssl BUILD_WRKSRC= ${WRKSRC}/wpa_supplicant INSTALL_WRKSRC= ${WRKSRC}/src CFLAGS+= ${CPPFLAGS} # USES=readline only augments CPPFLAGS and LDFLAGS CFLAGS+= -I${OPENSSLINC} CFLAGS+= -Wno-deprecated-declarations LDFLAGS+= -L${OPENSSLLIB} -lutil MAKE_ENV= V=1 SUB_FILES= pkg-message PORTDOCS= README ChangeLog CFG= ${BUILD_WRKSRC}/.config .if !exists(/etc/rc.d/wpa_supplicant) USE_RC_SUBR= wpa_supplicant .endif OPTIONS_MULTI= DRV EAP OPTIONS_MULTI_DRV= BSD WIRED NDIS TEST NONE #ROBOSWITCH OPTIONS_MULTI_EAP= TLS PEAP TTLS MD5 MSCHAPV2 GTC LEAP OTP PSK FAST \ SIM PWD PAX AKA AKA_PRIME SAKE GPSK TNC IKEV2 EKE OPTIONS_DEFINE= WPS WPS_ER WPS_NOREG WPS_NFC WPS_UPNP PKCS12 SMARTCARD \ HT_OVERRIDES VHT_OVERRIDES TLSV12 IEEE80211W \ IEEE80211R DEBUG_FILE DEBUG_SYSLOG PRIVSEP \ DELAYED_MIC IEEE80211N IEEE80211AC INTERWORKING \ IEEE8021X_EAPOL EAPOL_TEST \ HS20 NO_ROAMING P2P TDLS DBUS MATCH DOCS \ SIM_SIMULATOR USIM_SIMULATOR WEP PASN OPTIONS_DEFAULT= BSD WIRED \ TLS PEAP TTLS MD5 MSCHAPV2 GTC LEAP OTP PSK \ WPS PKCS12 SMARTCARD IEEE80211R DEBUG_SYSLOG \ INTERWORKING HS20 DBUS MATCH IEEE80211R IEEE80211W \ IEEE8021X_EAPOL WPS_ER WPS_NFC WPS_UPNP \ FAST PWD PAX SAKE GPSK TNC IKEV2 EKE WEP PASN OPTIONS_SUB= WPS_DESC= Wi-Fi Protected Setup WPS_ER_DESC= Enable WPS External Registrar WPS_NOREG_DESC= Disable open network credentials when registrar WPS_NFC_DESC= Near Field Communication (NFC) configuration WPS_UPNP_DESC= Universal Plug and Play support PKCS12_DESC= PKCS\#12 (PFS) support SMARTCARD_DESC= Private key on smartcard support HT_OVERRIDES_DESC= Disable HT/HT40, mask MCS rates, etc VHT_OVERRIDES_DESC= Disable VHT, mask MCS rates, etc TLSV12_DESC= Build with TLS v1.2 instead of TLS v1.0 IEEE80211AC_DESC= Very High Throughput, AP mode (IEEE 802.11ac) IEEE80211N_DESC= High Throughput, AP mode (IEEE 802.11n) IEEE80211R_DESC= Fast BSS Transition (IEEE 802.11r-2008) IEEE80211W_DESC= Management Frame Protection (IEEE 802.11w) IEEE8021X_EAPOL_DESC= EAP over LAN support EAPOL_TEST_DESC= Development testing DEBUG_FILE_DESC= Support for writing debug log to a file DEBUG_SYSLOG_DESC= Send debug messages to syslog instead of stdout PRIVSEP_DESC= Privilege separation DELAYED_MIC_DESC= Mitigate TKIP attack, random delay on MIC errors INTERWORKING_DESC= Improve ext. network interworking (IEEE 802.11u) HS20_DESC= Hotspot 2.0 NO_ROAMING_DESC= Disable roaming P2P_DESC= Peer-to-Peer support TDLS_DESC= Tunneled Direct Link Setup MATCH_DESC= Interface match mode DRV_DESC= Driver options BSD_DESC= BSD net80211 interface NDIS_DESC= Windows NDIS interface WIRED_DESC= Wired ethernet interface ROBOSWITCH_DESC= Broadcom Roboswitch interface TEST_DESC= Development testing interface NONE_DESC= The 'no driver' interface, e.g. WPS ER only EAP_DESC= Extensible Authentication Protocols TLS_DESC= Transport Layer Security PEAP_DESC= Protected Extensible Authentication Protocol TTLS_DESC= Tunneled Transport Layer Security MD5_DESC= MD5 hash (deprecated, no key generation) MSCHAPV2_DESC= Microsoft CHAP version 2 (RFC 2759) GTC_DESC= Generic Token Card LEAP_DESC= Lightweight Extensible Authentication Protocol OTP_DESC= One-Time Password PSK_DESC= Pre-Shared key FAST_DESC= Flexible Authentication via Secure Tunneling AKA_DESC= Autentication and Key Agreement (UMTS) AKA_PRIME_DESC= AKA Prime variant (RFC 5448) EKE_DESC= Encrypted Key Exchange WEP_DESC= WEP support SIM_DESC= Subscriber Identity Module SIM_SIMULATOR_DESC= SIM simulator (Milenage) for EAP-SIM USIM_SIMULATOR_DESC= SIM simulator (Milenage) for EAP-AKA IKEV2_DESC= Internet Key Exchange version 2 PWD_DESC= Shared password (RFC 5931) PAX_DESC= Password Authenticated Exchange SAKE_DESC= Shared-Secret Authentication & Key Establishment GPSK_DESC= Generalized Pre-Shared Key TNC_DESC= Trusted Network Connect PASN_DESC= Pre-Association Security Negotiation PRIVSEP_PLIST_FILES= sbin/wpa_priv DBUS_PLIST_FILES= share/dbus-1/system-services/fi.w1.wpa_supplicant1.service \ etc/dbus-1/system.d/dbus-wpa_supplicant.conf .include .if ${PORT_OPTIONS:MNDIS} && ${PORT_OPTIONS:MPRIVSEP} BROKEN= Fails to compile with both NDIS and PRIVSEP .endif .if ${PORT_OPTIONS:MIEEE80211AC} && ${PORT_OPTIONS:MIEEE80211N} BROKEN= Fails to compile with both IEEE80211AC and IEEE80211N .endif .if ${PORT_OPTIONS:MSIM} || ${PORT_OPTIONS:MAKA} || ${PORT_OPTIONS:MAKA_PRIME} LIB_DEPENDS+= libpcsclite.so:devel/pcsc-lite CFLAGS+= -I${LOCALBASE}/include/PCSC LDFLAGS+= -L${LOCALBASE}/lib .endif .if ${PORT_OPTIONS:MDBUS} LIB_DEPENDS+= libdbus-1.so:devel/dbus .endif post-patch: @${CP} ${FILESDIR}/Packet32.[ch] ${FILESDIR}/ntddndis.h \ ${WRKSRC}/src/utils # Set driver(s) .for item in BSD NDIS WIRED ROBOSWITCH TEST NONE . if ${PORT_OPTIONS:M${item}} @${ECHO_CMD} CONFIG_DRIVER_${item}=y >> ${CFG} . endif .endfor # Set EAP protocol(s) .for item in MD5 MSCHAPV2 TLS PEAP TTLS FAST GTC OTP PSK PWD PAX LEAP SIM \ AKA AKA_PRIME SAKE GPSK TNC IKEV2 EKE WEP . if ${PORT_OPTIONS:M${item}} @${ECHO_CMD} CONFIG_EAP_${item:tu}=y >> ${CFG} . endif .endfor .if ${PORT_OPTIONS:MSIM} || ${PORT_OPTIONS:MAKA} || ${PORT_OPTIONS:MAKA_PRIME} @${ECHO_CMD} CONFIG_PCSC=y >> ${CFG} .endif .for simple in WPS WPS_ER WPS_NFC WPS_UPNP PKCS12 SMARTCARD HT_OVERRIDES \ VHT_OVERRIDES TLSV12 IEEE80211AC IEEE80211N IEEE80211R IEEE80211W \ IEEE8021X_EAPOL EAPOL_TEST \ INTERWORKING DEBUG_FILE DEBUG_SYSLOG HS20 NO_ROAMING PRIVSEP P2P TDLS \ PASN . if ${PORT_OPTIONS:M${simple}} @${ECHO_CMD} CONFIG_${simple}=y >> ${CFG} . endif .endfor .for item in READLINE PEERKEY @${ECHO_CMD} CONFIG_${item}=y >> ${CFG} .endfor .if ${PORT_OPTIONS:MIEEE80211AC} || ${PORT_OPTIONS:MIEEE80211N} @${ECHO_CMD} CONFIG_AP=y >> ${CFG} .endif .if ${PORT_OPTIONS:MGPSK} # GPSK desired, assume highest SHA desired too @${ECHO_CMD} CONFIG_EAP_GPSK_SHA256=y >> ${CFG} .endif .if ${PORT_OPTIONS:MWPS_NOREG} @${ECHO_CMD} CONFIG_WPS_REG_DISABLE_OPEN=y >> ${CFG} .endif .if ${PORT_OPTIONS:MDELAYED_MIC} @${ECHO_CMD} CONFIG_DELAYED_MIC_ERROR_REPORT=y >> ${CFG} .endif .if ${PORT_OPTIONS:MDBUS} @${ECHO_CMD} CONFIG_CTRL_IFACE_DBUS_NEW=y >> ${CFG} @${ECHO_CMD} CONFIG_CTRL_IFACE_DBUS_INTRO=y >> ${CFG} .endif .if ${PORT_OPTIONS:MMATCH} @${ECHO_CMD} CONFIG_MATCH_IFACE=y >> ${CFG} .endif .if ${PORT_OPTIONS:MUSIM_SIMULATOR} @${ECHO_CMD} CONFIG_USIM_SIMULATOR=y >> ${CFG} .endif .if ${PORT_OPTIONS:MSIM_SIMULATOR} @${ECHO_CMD} CONFIG_SIM_SIMULATOR=y >> ${CFG} .endif @${ECHO_CMD} CONFIG_OS=unix >> ${CFG} @${ECHO_CMD} CONFIG_CTRL_IFACE=unix >> ${CFG} @${ECHO_CMD} CONFIG_BACKEND=file >> ${CFG} @${ECHO_CMD} CONFIG_L2_PACKET=freebsd >> ${CFG} @${ECHO_CMD} CONFIG_TLS=openssl >> ${CFG} post-build-EAPOL_TEST-on: cd ${BUILD_WRKSRC} && ${GMAKE} eapol_test do-install: (cd ${BUILD_WRKSRC} && ${INSTALL_PROGRAM} wpa_supplicant wpa_cli \ wpa_passphrase ${STAGEDIR}${PREFIX}/sbin) ${INSTALL_DATA} ${BUILD_WRKSRC}/wpa_supplicant.conf \ ${STAGEDIR}${PREFIX}/etc/wpa_supplicant.conf.sample do-install-EAPOL_TEST-on: ${INSTALL_PROGRAM} ${BUILD_WRKSRC}/eapol_test ${STAGEDIR}${PREFIX}/sbin do-install-DOCS-on: @${MKDIR} ${STAGEDIR}${DOCSDIR} (cd ${BUILD_WRKSRC} && \ ${INSTALL_DATA} ${PORTDOCS} ${STAGEDIR}${DOCSDIR}) do-install-PRIVSEP-on: ${INSTALL_PROGRAM} ${BUILD_WRKSRC}/wpa_priv ${STAGEDIR}${PREFIX}/sbin do-install-DBUS-on: @${MKDIR} ${STAGEDIR}${PREFIX}/share/dbus-1/system-services/ @${MKDIR} ${STAGEDIR}${PREFIX}/etc/dbus-1/system.d/ ${INSTALL_DATA} ${BUILD_WRKSRC}/dbus/fi.w1.wpa_supplicant1.service \ ${STAGEDIR}${PREFIX}/share/dbus-1/system-services/ ${INSTALL_DATA} ${BUILD_WRKSRC}/dbus/dbus-wpa_supplicant.conf \ ${STAGEDIR}${PREFIX}/etc/dbus-1/system.d/ .include diff --git a/net/hostapd/files/patch-src_drivers_driver__bsd.c b/security/wpa_supplicant/files/patch-src_drivers_driver__bsd.c similarity index 74% copy from net/hostapd/files/patch-src_drivers_driver__bsd.c copy to security/wpa_supplicant/files/patch-src_drivers_driver__bsd.c index 809575aeb356..19bf94621aaa 100644 --- a/net/hostapd/files/patch-src_drivers_driver__bsd.c +++ b/security/wpa_supplicant/files/patch-src_drivers_driver__bsd.c @@ -1,256 +1,311 @@ --- src/drivers/driver_bsd.c.orig 2024-07-20 11:04:37.000000000 -0700 -+++ src/drivers/driver_bsd.c 2024-09-13 15:39:20.543245000 -0700 ++++ src/drivers/driver_bsd.c 2025-03-13 13:35:55.927279000 -0700 @@ -14,6 +14,7 @@ #include "driver.h" #include "eloop.h" #include "common/ieee802_11_defs.h" +#include "common/ieee802_11_common.h" #include "common/wpa_common.h" #include @@ -293,8 +294,9 @@ } static int -bsd_get_iface_flags(struct bsd_driver_data *drv) +bsd_ctrl_iface(void *priv, int enable) { + struct bsd_driver_data *drv = priv; struct ifreq ifr; os_memset(&ifr, 0, sizeof(ifr)); -@@ -302,10 +304,37 @@ - - if (ioctl(drv->global->sock, SIOCGIFFLAGS, &ifr) < 0) { - wpa_printf(MSG_ERROR, "ioctl[SIOCGIFFLAGS]: %s", -+ strerror(errno)); -+ return -1; -+ } -+ drv->flags = ifr.ifr_flags; +@@ -306,7 +308,34 @@ + return -1; + } + drv->flags = ifr.ifr_flags; + + + if (enable) { + if (ifr.ifr_flags & IFF_UP) + goto nochange; + ifr.ifr_flags |= IFF_UP; + } else { + if (!(ifr.ifr_flags & IFF_UP)) + goto nochange; + ifr.ifr_flags &= ~IFF_UP; + } + + if (ioctl(drv->global->sock, SIOCSIFFLAGS, &ifr) < 0) { + wpa_printf(MSG_ERROR, "ioctl[SIOCSIFFLAGS]: %s", - strerror(errno)); - return -1; - } ++ strerror(errno)); ++ return -1; ++ } + + wpa_printf(MSG_DEBUG, "%s: if %s (changed) enable %d IFF_UP %d ", + __func__, drv->ifname, enable, ((ifr.ifr_flags & IFF_UP) != 0)); + - drv->flags = ifr.ifr_flags; -+ return 0; ++ drv->flags = ifr.ifr_flags; + return 0; + +nochange: + wpa_printf(MSG_DEBUG, "%s: if %s (no change) enable %d IFF_UP %d ", + __func__, drv->ifname, enable, ((ifr.ifr_flags & IFF_UP) != 0)); - return 0; ++ return 0; } -@@ -525,7 +554,7 @@ + static int +@@ -349,6 +378,12 @@ + case WPA_ALG_CCMP: + wk.ik_type = IEEE80211_CIPHER_AES_CCM; + break; ++ case WPA_ALG_GCMP: ++ wk.ik_type = IEEE80211_CIPHER_AES_GCM_128; ++ break; ++ case WPA_ALG_BIP_CMAC_128: ++ wk.ik_type = IEEE80211_CIPHER_BIP_CMAC_128; ++ break; + default: + wpa_printf(MSG_ERROR, "%s: unknown alg=%d", __func__, alg); + return -1; +@@ -420,6 +455,12 @@ + case WPA_CIPHER_CCMP: + v = IEEE80211_CIPHER_AES_CCM; + break; ++ case WPA_CIPHER_GCMP: ++ v = IEEE80211_CIPHER_AES_GCM_128; ++ break; ++ case WPA_CIPHER_BIP_CMAC_128: ++ v = IEEE80211_CIPHER_BIP_CMAC_128; ++ break; + case WPA_CIPHER_TKIP: + v = IEEE80211_CIPHER_TKIP; + break; +@@ -456,6 +497,10 @@ + } + + v = 0; ++ if (params->wpa_pairwise & WPA_CIPHER_BIP_CMAC_128) ++ v |= 1<wpa_pairwise & WPA_CIPHER_GCMP) ++ v |= 1<wpa_pairwise & WPA_CIPHER_CCMP) + v |= 1<wpa_pairwise & WPA_CIPHER_TKIP) +@@ -525,7 +570,7 @@ __func__); return -1; } - return 0; + return bsd_ctrl_iface(priv, 1); } static void -@@ -853,14 +882,18 @@ +@@ -586,6 +631,7 @@ + mode = IFM_IEEE80211_11B; + } else { + mode = ++ freq->vht_enabled ? IFM_IEEE80211_VHT5G : + freq->ht_enabled ? IFM_IEEE80211_11NA : + IFM_IEEE80211_11A; + } +@@ -853,14 +899,18 @@ drv = bsd_get_drvindex(global, ifm->ifm_index); if (drv == NULL) return; - if ((ifm->ifm_flags & IFF_UP) == 0 && - (drv->flags & IFF_UP) != 0) { + if (((ifm->ifm_flags & IFF_UP) == 0 || + (ifm->ifm_flags & IFF_RUNNING) == 0) && + (drv->flags & IFF_UP) != 0 && + (drv->flags & IFF_RUNNING) != 0) { wpa_printf(MSG_DEBUG, "RTM_IFINFO: Interface '%s' DOWN", drv->ifname); wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_DISABLED, NULL); } else if ((ifm->ifm_flags & IFF_UP) != 0 && - (drv->flags & IFF_UP) == 0) { + (ifm->ifm_flags & IFF_RUNNING) != 0 && + ((drv->flags & IFF_UP) == 0 || + (drv->flags & IFF_RUNNING) == 0)) { wpa_printf(MSG_DEBUG, "RTM_IFINFO: Interface '%s' UP", drv->ifname); wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_ENABLED, -@@ -1027,7 +1060,8 @@ +@@ -1027,7 +1077,8 @@ if (l2_packet_get_own_addr(drv->sock_xmit, params->own_addr)) goto bad; - if (bsd_get_iface_flags(drv) < 0) + /* mark down during setup */ + if (bsd_ctrl_iface(drv, 0) < 0) goto bad; if (bsd_set_mediaopt(drv, IFM_OMASK, IFM_IEEE80211_HOSTAP) < 0) { -@@ -1052,12 +1086,13 @@ +@@ -1052,12 +1103,13 @@ { struct bsd_driver_data *drv = priv; + if (drv->ifindex != 0) + bsd_ctrl_iface(drv, 0); if (drv->sock_xmit != NULL) l2_packet_deinit(drv->sock_xmit); os_free(drv); } - static int bsd_set_sta_authorized(void *priv, const u8 *addr, unsigned int total_flags, unsigned int flags_or, -@@ -1199,13 +1234,41 @@ - } +@@ -1196,6 +1248,34 @@ + struct bsd_driver_data *drv = ctx; - static int + drv_event_eapol_rx(drv->ctx, src_addr, buf, len); ++} ++ ++static int +wpa_driver_bsd_set_rsn_wpa_ie(struct bsd_driver_data * drv, + struct wpa_driver_associate_params *params, const u8 *ie) +{ + int privacy; + size_t ie_len = ie[1] ? ie[1] + 2 : 0; + + /* XXX error handling is wrong but unclear what to do... */ + if (wpa_driver_bsd_set_wpa_ie(drv, ie, ie_len) < 0) + return -1; + + privacy = !(params->pairwise_suite == WPA_CIPHER_NONE && + params->group_suite == WPA_CIPHER_NONE && + params->key_mgmt_suite == WPA_KEY_MGMT_NONE); + wpa_printf(MSG_DEBUG, "%s: set PRIVACY %u", __func__, + privacy); + + if (set80211param(drv, IEEE80211_IOC_PRIVACY, privacy) < 0) + return -1; + + if (ie_len && + set80211param(drv, IEEE80211_IOC_WPA, + ie[0] == WLAN_EID_RSN ? 2 : 1) < 0) + return -1; + + return 0; -+} -+ -+static int - wpa_driver_bsd_associate(void *priv, struct wpa_driver_associate_params *params) - { + } + + static int +@@ -1204,8 +1284,8 @@ struct bsd_driver_data *drv = priv; struct ieee80211req_mlme mlme; u32 mode; - int privacy; int ret = 0; + const u8 *wpa_ie, *rsn_ie; wpa_printf(MSG_DEBUG, "%s: ssid '%.*s' wpa ie len %u pairwise %u group %u key mgmt %u" -@@ -1222,7 +1285,10 @@ +@@ -1222,7 +1302,10 @@ mode = 0 /* STA */; break; case IEEE80211_MODE_IBSS: +#if 0 mode = IFM_IEEE80211_IBSS; +#endif + mode = IFM_IEEE80211_ADHOC; break; case IEEE80211_MODE_AP: mode = IFM_IEEE80211_HOSTAP; -@@ -1251,22 +1317,31 @@ +@@ -1251,22 +1334,31 @@ ret = -1; if (wpa_driver_bsd_set_auth_alg(drv, params->auth_alg) < 0) ret = -1; - /* XXX error handling is wrong but unclear what to do... */ - if (wpa_driver_bsd_set_wpa_ie(drv, params->wpa_ie, params->wpa_ie_len) < 0) - return -1; - privacy = !(params->pairwise_suite == WPA_CIPHER_NONE && - params->group_suite == WPA_CIPHER_NONE && - params->key_mgmt_suite == WPA_KEY_MGMT_NONE && - params->wpa_ie_len == 0); - wpa_printf(MSG_DEBUG, "%s: set PRIVACY %u", __func__, privacy); - - if (set80211param(drv, IEEE80211_IOC_PRIVACY, privacy) < 0) - return -1; + if (params->wpa_ie_len) { + rsn_ie = get_ie(params->wpa_ie, params->wpa_ie_len, + WLAN_EID_RSN); + if (rsn_ie) { + if (wpa_driver_bsd_set_rsn_wpa_ie(drv, params, + rsn_ie) < 0) + return -1; + } + else { + wpa_ie = get_vendor_ie(params->wpa_ie, + params->wpa_ie_len, WPA_IE_VENDOR_TYPE); + if (wpa_ie) { + if (wpa_driver_bsd_set_rsn_wpa_ie(drv, params, + wpa_ie) < 0) + return -1; + } + } + } - if (params->wpa_ie_len && - set80211param(drv, IEEE80211_IOC_WPA, - params->wpa_ie[0] == WLAN_EID_RSN ? 2 : 1) < 0) + /* + * NB: interface must be marked UP for association + * or scanning (ap_scan=2) + */ + if (bsd_ctrl_iface(drv, 1) < 0) return -1; os_memset(&mlme, 0, sizeof(mlme)); -@@ -1311,11 +1386,8 @@ +@@ -1311,11 +1403,8 @@ } /* NB: interface must be marked UP to do a scan */ - if (!(drv->flags & IFF_UP)) { - wpa_printf(MSG_DEBUG, "%s: interface is not up, cannot scan", - __func__); + if (bsd_ctrl_iface(drv, 1) < 0) return -1; - } #ifdef IEEE80211_IOC_SCAN_MAX_SSID os_memset(&sr, 0, sizeof(sr)); -@@ -1547,6 +1619,8 @@ +@@ -1495,6 +1584,10 @@ + drv->capa.enc |= WPA_DRIVER_CAPA_ENC_TKIP; + if (devcaps.dc_cryptocaps & IEEE80211_CRYPTO_AES_CCM) + drv->capa.enc |= WPA_DRIVER_CAPA_ENC_CCMP; ++ if (devcaps.dc_cryptocaps & IEEE80211_CRYPTO_AES_GCM_128) ++ drv->capa.enc |= WPA_DRIVER_CAPA_ENC_GCMP; ++ if (devcaps.dc_cryptocaps & IEEE80211_CRYPTO_BIP_CMAC_128) ++ drv->capa.enc |= WPA_DRIVER_CAPA_ENC_BIP; + + if (devcaps.dc_drivercaps & IEEE80211_C_HOSTAP) + drv->capa.flags |= WPA_DRIVER_FLAGS_AP; +@@ -1547,6 +1640,8 @@ } if (ifmr.ifm_current & IFM_IEEE80211_HOSTAP) return IEEE80211_M_HOSTAP; + if (ifmr.ifm_current & IFM_IEEE80211_IBSS) + return IEEE80211_M_IBSS; if (ifmr.ifm_current & IFM_IEEE80211_MONITOR) return IEEE80211_M_MONITOR; #ifdef IEEE80211_M_MBSS -@@ -1607,7 +1681,7 @@ +@@ -1607,7 +1702,7 @@ drv->capa.key_mgmt_iftype[i] = drv->capa.key_mgmt; /* Down interface during setup. */ - if (bsd_get_iface_flags(drv) < 0) + if (bsd_ctrl_iface(drv, 0) < 0) goto fail; /* Proven to work, lets go! */ -@@ -1631,6 +1705,9 @@ +@@ -1631,6 +1726,9 @@ if (drv->ifindex != 0 && !drv->if_removed) { wpa_driver_bsd_set_wpa(drv, 0); + /* NB: mark interface down */ + bsd_ctrl_iface(drv, 0); + wpa_driver_bsd_set_wpa_internal(drv, drv->prev_wpa, drv->prev_privacy);