From nobody Sun Jul 03 21:37:18 2022 X-Original-To: dev-commits-ports-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 33A0D8A2D50; Sun, 3 Jul 2022 21:37:20 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Lbj2R0c76z3t3b; Sun, 3 Jul 2022 21:37:18 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1656884239; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=F32NUz+8C2Oz8gAcX3c3cKCSdnfo45DleSLjJJtW5Ns=; b=rz1zQCvT7tzEPLcVu7Ceo7A48m6+x0NtOrVaqIjuVnX2YYnG2EPv+tteJD5bgcTcAFJZJe uC5QuN33qdyn00oVc3uvzDGebyKAtPBHlOmTPumO5oNLwgVmbekKlnuL50hro0Q5XDo1EH e1XMgS5uFdZpWCZK/l1Cqqzih+PFsL59/mWnkfEl6MSb4J7kUM+Hi5BLI+mN2gVO7azZcT 2hVOCqd++mH+aHlPkebmsgfWl9WE2MczBqxa5gpm3VLpbkG5NtCp1dSuehDlgWPoi6iv5h VJSwQyhV/bmVOhZ1UFHto5yNL40QNjrh5QMuxVHkjfkdODeSGI8JnOhIiBn5rg== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 352A12C384; Sun, 3 Jul 2022 21:37:18 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 263LbIdJ095807; Sun, 3 Jul 2022 21:37:18 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 263LbIbv095806; Sun, 3 Jul 2022 21:37:18 GMT (envelope-from git) Date: Sun, 3 Jul 2022 21:37:18 GMT Message-Id: <202207032137.263LbIbv095806@gitrepo.freebsd.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org From: Cy Schubert Subject: git: b3916c7a8d25 - main - wpa_supplicant* hostapd*: Resolve secondary VAP association issue List-Id: Commits to the main branch of the FreeBSD ports repository List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-ports-main@freebsd.org X-BeenThere: dev-commits-ports-main@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: cy X-Git-Repository: ports X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: b3916c7a8d2599e99fabdc1735b095ff5a9f9381 Auto-Submitted: auto-generated ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1656884239; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=F32NUz+8C2Oz8gAcX3c3cKCSdnfo45DleSLjJJtW5Ns=; b=tCWJWAHq7R8GMIPYJexLJ9wduqkZwU5Wv5fIFYTc/B5jYeOh6jOCFSXCRyoiamfTxJ07DJ UF8raNQb+g0YO489t86KbJQvUZrWOnqX7gIoE5MvojgS+yHTgxC4ZE1wzXtf9prKos3TAw cTZIbm9dYkfnSdIaXHvuogbvrUshu53kx/q9c452sEEb8zU2a2UBz096oHbRHUcoA3rZvN nd/eqoGSZr0eGY6EITX48sAbUk3ewtPuNQ8tMsOBgu1+TQsml5nGCPs28XuEcMQOVVrxkq 0qwTJvai00KzeNInFm5KIbqxNLDeWyb5ApURGaLHve8cx6brqUuUW+75VpeQwA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1656884239; a=rsa-sha256; cv=none; b=qdZdemVN7uX+dhHPhrW6n/vZEI+ttJk/7NAZrm258Tkp9S3sG3zr/WofGjrOsiWGeGP2Zp 7AH85FBdPaUxJDK1Hgc/vpLCiAUpEsdwlksb2lvjmXVtHF3LFjqadIk4FPA+76TPRF4X2/ /FNL9Xy/HtUnNudwjZGOmY2233ScniXW9pA1a98rywUHF0eqDUvuW5vi20KQcr8yT84u/C KoOL/1AKofeS+L9JKIKE34LK1KwZWNWtdcDQ9zIogCVJBqVH04tdlUF4j0VJbSPpGJidEG 0zaHT8sPg7lwWGNbbbBr3li5BhTwsTQ5FhyXbkQtqD8BracIgaRm7s+VACKUkg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N The branch main has been updated by cy: URL: https://cgit.FreeBSD.org/ports/commit/?id=b3916c7a8d2599e99fabdc1735b095ff5a9f9381 commit b3916c7a8d2599e99fabdc1735b095ff5a9f9381 Author: J.R. Oldroyd AuthorDate: 2022-07-03 21:18:40 +0000 Commit: Cy Schubert CommitDate: 2022-07-03 21:33:18 +0000 wpa_supplicant* hostapd*: Resolve secondary VAP association issue Association will fail on a secondary open unprotected VAP when the primary VAP is configured for WPA. Examples of secondary VAPs are, hotels, universities, and commodity routers' guest networks. A broadly similar bug was discussed on Red Hat's bugzilla affecting association to a D-Link DIR-842. This suggests that as IEs were added to the 802.11 protocol the old code was increasingly inadaquate to handle the additional IEs, not only a secondary VAP. This duplcates src commit 775611ea11db here in ports. PR: 264238 Reported by: Jaskie "J.R. Oldroyd" Submitted by: "J.R. Oldroyd" MFH: 2022Q3 --- net/hostapd-devel/Makefile | 1 + .../files/patch-src_drivers_driver__bsd.c | 109 ++++++++++++++++++--- net/hostapd/Makefile | 2 +- net/hostapd/files/patch-src_drivers_driver__bsd.c | 107 +++++++++++++++++--- security/wpa_supplicant-devel/Makefile | 1 + .../files/patch-src_drivers_driver__bsd.c | 109 ++++++++++++++++++--- security/wpa_supplicant/Makefile | 2 +- .../files/patch-src_drivers_driver__bsd.c | 107 +++++++++++++++++--- 8 files changed, 390 insertions(+), 48 deletions(-) diff --git a/net/hostapd-devel/Makefile b/net/hostapd-devel/Makefile index 6cc447a6a92b..59298e7651ee 100644 --- a/net/hostapd-devel/Makefile +++ b/net/hostapd-devel/Makefile @@ -2,6 +2,7 @@ PORTNAME= hostapd PORTVERSION= ${COMMIT_DATE} +PORTREVISION= 1 CATEGORIES= net PKGNAMESUFFIX= -devel diff --git a/net/hostapd-devel/files/patch-src_drivers_driver__bsd.c b/net/hostapd-devel/files/patch-src_drivers_driver__bsd.c index dda055f26664..db2f4291d682 100644 --- a/net/hostapd-devel/files/patch-src_drivers_driver__bsd.c +++ b/net/hostapd-devel/files/patch-src_drivers_driver__bsd.c @@ -1,6 +1,14 @@ ---- src/drivers/driver_bsd.c.orig 2022-05-24 13:30:39.000000000 -0700 -+++ src/drivers/driver_bsd.c 2022-06-20 07:18:14.191871000 -0700 -@@ -853,14 +853,18 @@ +--- src/drivers/driver_bsd.c.orig 2022-06-20 04:39:26.000000000 -0700 ++++ src/drivers/driver_bsd.c 2022-07-03 14:14:25.865828000 -0700 +@@ -14,6 +14,7 @@ + #include "driver.h" + #include "eloop.h" + #include "common/ieee802_11_defs.h" ++#include "common/ieee802_11_common.h" + #include "common/wpa_common.h" + + #include +@@ -853,14 +854,18 @@ drv = bsd_get_drvindex(global, ifm->ifm_index); if (drv == NULL) return; @@ -22,7 +30,50 @@ wpa_printf(MSG_DEBUG, "RTM_IFINFO: Interface '%s' UP", drv->ifname); wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_ENABLED, -@@ -1220,7 +1224,10 @@ +@@ -1197,13 +1202,41 @@ + } + + static int ++wpa_driver_bsd_set_rsn_wpa_ie(struct bsd_driver_data * drv, ++ struct wpa_driver_associate_params *params, const u8 *ie) ++{ ++ int privacy; ++ size_t ie_len = ie[1] ? ie[1] + 2 : 0; ++ ++ /* XXX error handling is wrong but unclear what to do... */ ++ if (wpa_driver_bsd_set_wpa_ie(drv, ie, ie_len) < 0) ++ return -1; ++ ++ privacy = !(params->pairwise_suite == WPA_CIPHER_NONE && ++ params->group_suite == WPA_CIPHER_NONE && ++ params->key_mgmt_suite == WPA_KEY_MGMT_NONE); ++ wpa_printf(MSG_DEBUG, "%s: set PRIVACY %u", __func__, ++ privacy); ++ ++ if (set80211param(drv, IEEE80211_IOC_PRIVACY, privacy) < 0) ++ return -1; ++ ++ if (ie_len && ++ set80211param(drv, IEEE80211_IOC_WPA, ++ ie[0] == WLAN_EID_RSN ? 2 : 1) < 0) ++ return -1; ++ ++ return 0; ++} ++ ++static int + wpa_driver_bsd_associate(void *priv, struct wpa_driver_associate_params *params) + { + struct bsd_driver_data *drv = priv; + struct ieee80211req_mlme mlme; + u32 mode; +- int privacy; + int ret = 0; ++ const u8 *wpa_ie, *rsn_ie; + + wpa_printf(MSG_DEBUG, + "%s: ssid '%.*s' wpa ie len %u pairwise %u group %u key mgmt %u" +@@ -1220,7 +1253,10 @@ mode = 0 /* STA */; break; case IEEE80211_MODE_IBSS: @@ -33,21 +84,55 @@ break; case IEEE80211_MODE_AP: mode = IFM_IEEE80211_HOSTAP; -@@ -1267,6 +1274,13 @@ - params->wpa_ie[0] == WLAN_EID_RSN ? 2 : 1) < 0) - return -1; +@@ -1249,24 +1285,33 @@ + ret = -1; + if (wpa_driver_bsd_set_auth_alg(drv, params->auth_alg) < 0) + ret = -1; +- /* XXX error handling is wrong but unclear what to do... */ +- if (wpa_driver_bsd_set_wpa_ie(drv, params->wpa_ie, params->wpa_ie_len) < 0) +- return -1; + +- privacy = !(params->pairwise_suite == WPA_CIPHER_NONE && +- params->group_suite == WPA_CIPHER_NONE && +- params->key_mgmt_suite == WPA_KEY_MGMT_NONE && +- params->wpa_ie_len == 0); +- wpa_printf(MSG_DEBUG, "%s: set PRIVACY %u", __func__, privacy); ++ if (params->wpa_ie_len) { ++ rsn_ie = get_ie(params->wpa_ie, params->wpa_ie_len, ++ WLAN_EID_RSN); ++ if (rsn_ie) { ++ if (wpa_driver_bsd_set_rsn_wpa_ie(drv, params, ++ rsn_ie) < 0) ++ return -1; ++ } ++ else { ++ wpa_ie = get_vendor_ie(params->wpa_ie, ++ params->wpa_ie_len, WPA_IE_VENDOR_TYPE); ++ if (wpa_ie) { ++ if (wpa_driver_bsd_set_rsn_wpa_ie(drv, params, ++ wpa_ie) < 0) ++ return -1; ++ } ++ } ++ } +- if (set80211param(drv, IEEE80211_IOC_PRIVACY, privacy) < 0) + /* + * NB: interface must be marked UP for association + * or scanning (ap_scan=2) + */ + if (bsd_get_iface_flags(drv) < 0) -+ return -1; -+ + return -1; + +- if (params->wpa_ie_len && +- set80211param(drv, IEEE80211_IOC_WPA, +- params->wpa_ie[0] == WLAN_EID_RSN ? 2 : 1) < 0) +- return -1; +- os_memset(&mlme, 0, sizeof(mlme)); mlme.im_op = IEEE80211_MLME_ASSOC; if (params->ssid != NULL) -@@ -1485,6 +1499,17 @@ +@@ -1485,6 +1530,17 @@ if (devcaps.dc_drivercaps & IEEE80211_C_WPA2) drv->capa.key_mgmt = WPA_DRIVER_CAPA_KEY_MGMT_WPA2 | WPA_DRIVER_CAPA_KEY_MGMT_WPA2_PSK; @@ -65,7 +150,7 @@ if (devcaps.dc_cryptocaps & IEEE80211_CRYPTO_WEP) drv->capa.enc |= WPA_DRIVER_CAPA_ENC_WEP40 | -@@ -1493,6 +1518,7 @@ +@@ -1493,6 +1549,7 @@ drv->capa.enc |= WPA_DRIVER_CAPA_ENC_TKIP; if (devcaps.dc_cryptocaps & IEEE80211_CRYPTO_AES_CCM) drv->capa.enc |= WPA_DRIVER_CAPA_ENC_CCMP; @@ -73,7 +158,7 @@ if (devcaps.dc_drivercaps & IEEE80211_C_HOSTAP) drv->capa.flags |= WPA_DRIVER_FLAGS_AP; -@@ -1545,6 +1571,8 @@ +@@ -1545,6 +1602,8 @@ } if (ifmr.ifm_current & IFM_IEEE80211_HOSTAP) return IEEE80211_M_HOSTAP; diff --git a/net/hostapd/Makefile b/net/hostapd/Makefile index 114041a960bb..ff3f148c9dd6 100644 --- a/net/hostapd/Makefile +++ b/net/hostapd/Makefile @@ -2,7 +2,7 @@ PORTNAME= hostapd PORTVERSION= 2.10 -PORTREVISION= 4 +PORTREVISION= 5 CATEGORIES= net MASTER_SITES= https://w1.fi/releases/ diff --git a/net/hostapd/files/patch-src_drivers_driver__bsd.c b/net/hostapd/files/patch-src_drivers_driver__bsd.c index 2c49538712af..112a8230671c 100644 --- a/net/hostapd/files/patch-src_drivers_driver__bsd.c +++ b/net/hostapd/files/patch-src_drivers_driver__bsd.c @@ -1,6 +1,14 @@ --- src/drivers/driver_bsd.c.orig 2022-01-16 12:51:29.000000000 -0800 -+++ src/drivers/driver_bsd.c 2022-06-20 07:14:50.617305000 -0700 -@@ -853,14 +853,18 @@ ++++ src/drivers/driver_bsd.c 2022-07-03 14:12:06.167581000 -0700 +@@ -14,6 +14,7 @@ + #include "driver.h" + #include "eloop.h" + #include "common/ieee802_11_defs.h" ++#include "common/ieee802_11_common.h" + #include "common/wpa_common.h" + + #include +@@ -853,14 +854,18 @@ drv = bsd_get_drvindex(global, ifm->ifm_index); if (drv == NULL) return; @@ -22,7 +30,50 @@ wpa_printf(MSG_DEBUG, "RTM_IFINFO: Interface '%s' UP", drv->ifname); wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_ENABLED, -@@ -1220,7 +1224,10 @@ +@@ -1197,13 +1202,41 @@ + } + + static int ++wpa_driver_bsd_set_rsn_wpa_ie(struct bsd_driver_data * drv, ++ struct wpa_driver_associate_params *params, const u8 *ie) ++{ ++ int privacy; ++ size_t ie_len = ie[1] ? ie[1] + 2 : 0; ++ ++ /* XXX error handling is wrong but unclear what to do... */ ++ if (wpa_driver_bsd_set_wpa_ie(drv, ie, ie_len) < 0) ++ return -1; ++ ++ privacy = !(params->pairwise_suite == WPA_CIPHER_NONE && ++ params->group_suite == WPA_CIPHER_NONE && ++ params->key_mgmt_suite == WPA_KEY_MGMT_NONE); ++ wpa_printf(MSG_DEBUG, "%s: set PRIVACY %u", __func__, ++ privacy); ++ ++ if (set80211param(drv, IEEE80211_IOC_PRIVACY, privacy) < 0) ++ return -1; ++ ++ if (ie_len && ++ set80211param(drv, IEEE80211_IOC_WPA, ++ ie[0] == WLAN_EID_RSN ? 2 : 1) < 0) ++ return -1; ++ ++ return 0; ++} ++ ++static int + wpa_driver_bsd_associate(void *priv, struct wpa_driver_associate_params *params) + { + struct bsd_driver_data *drv = priv; + struct ieee80211req_mlme mlme; + u32 mode; +- int privacy; + int ret = 0; ++ const u8 *wpa_ie, *rsn_ie; + + wpa_printf(MSG_DEBUG, + "%s: ssid '%.*s' wpa ie len %u pairwise %u group %u key mgmt %u" +@@ -1220,7 +1253,10 @@ mode = 0 /* STA */; break; case IEEE80211_MODE_IBSS: @@ -33,21 +84,55 @@ break; case IEEE80211_MODE_AP: mode = IFM_IEEE80211_HOSTAP; -@@ -1267,6 +1274,13 @@ - params->wpa_ie[0] == WLAN_EID_RSN ? 2 : 1) < 0) - return -1; +@@ -1249,24 +1285,33 @@ + ret = -1; + if (wpa_driver_bsd_set_auth_alg(drv, params->auth_alg) < 0) + ret = -1; +- /* XXX error handling is wrong but unclear what to do... */ +- if (wpa_driver_bsd_set_wpa_ie(drv, params->wpa_ie, params->wpa_ie_len) < 0) +- return -1; + +- privacy = !(params->pairwise_suite == WPA_CIPHER_NONE && +- params->group_suite == WPA_CIPHER_NONE && +- params->key_mgmt_suite == WPA_KEY_MGMT_NONE && +- params->wpa_ie_len == 0); +- wpa_printf(MSG_DEBUG, "%s: set PRIVACY %u", __func__, privacy); ++ if (params->wpa_ie_len) { ++ rsn_ie = get_ie(params->wpa_ie, params->wpa_ie_len, ++ WLAN_EID_RSN); ++ if (rsn_ie) { ++ if (wpa_driver_bsd_set_rsn_wpa_ie(drv, params, ++ rsn_ie) < 0) ++ return -1; ++ } ++ else { ++ wpa_ie = get_vendor_ie(params->wpa_ie, ++ params->wpa_ie_len, WPA_IE_VENDOR_TYPE); ++ if (wpa_ie) { ++ if (wpa_driver_bsd_set_rsn_wpa_ie(drv, params, ++ wpa_ie) < 0) ++ return -1; ++ } ++ } ++ } +- if (set80211param(drv, IEEE80211_IOC_PRIVACY, privacy) < 0) + /* + * NB: interface must be marked UP for association + * or scanning (ap_scan=2) + */ + if (bsd_get_iface_flags(drv) < 0) -+ return -1; -+ + return -1; + +- if (params->wpa_ie_len && +- set80211param(drv, IEEE80211_IOC_WPA, +- params->wpa_ie[0] == WLAN_EID_RSN ? 2 : 1) < 0) +- return -1; +- os_memset(&mlme, 0, sizeof(mlme)); mlme.im_op = IEEE80211_MLME_ASSOC; if (params->ssid != NULL) -@@ -1485,6 +1499,17 @@ +@@ -1485,6 +1530,17 @@ if (devcaps.dc_drivercaps & IEEE80211_C_WPA2) drv->capa.key_mgmt = WPA_DRIVER_CAPA_KEY_MGMT_WPA2 | WPA_DRIVER_CAPA_KEY_MGMT_WPA2_PSK; @@ -65,7 +150,7 @@ if (devcaps.dc_cryptocaps & IEEE80211_CRYPTO_WEP) drv->capa.enc |= WPA_DRIVER_CAPA_ENC_WEP40 | -@@ -1493,6 +1518,7 @@ +@@ -1493,6 +1549,7 @@ drv->capa.enc |= WPA_DRIVER_CAPA_ENC_TKIP; if (devcaps.dc_cryptocaps & IEEE80211_CRYPTO_AES_CCM) drv->capa.enc |= WPA_DRIVER_CAPA_ENC_CCMP; @@ -73,7 +158,7 @@ if (devcaps.dc_drivercaps & IEEE80211_C_HOSTAP) drv->capa.flags |= WPA_DRIVER_FLAGS_AP; -@@ -1545,6 +1571,8 @@ +@@ -1545,6 +1602,8 @@ } if (ifmr.ifm_current & IFM_IEEE80211_HOSTAP) return IEEE80211_M_HOSTAP; diff --git a/security/wpa_supplicant-devel/Makefile b/security/wpa_supplicant-devel/Makefile index 7beb397b67a2..efae4a6c5792 100644 --- a/security/wpa_supplicant-devel/Makefile +++ b/security/wpa_supplicant-devel/Makefile @@ -1,5 +1,6 @@ PORTNAME= wpa_supplicant PORTVERSION= ${COMMIT_DATE} +PORTREVISION= 1 CATEGORIES= security net PKGNAMESUFFIX= -devel diff --git a/security/wpa_supplicant-devel/files/patch-src_drivers_driver__bsd.c b/security/wpa_supplicant-devel/files/patch-src_drivers_driver__bsd.c index 6a400fd174c2..19470678ef08 100644 --- a/security/wpa_supplicant-devel/files/patch-src_drivers_driver__bsd.c +++ b/security/wpa_supplicant-devel/files/patch-src_drivers_driver__bsd.c @@ -1,6 +1,14 @@ ---- src/drivers/driver_bsd.c.orig 2022-05-24 13:30:39.000000000 -0700 -+++ src/drivers/driver_bsd.c 2022-06-20 07:13:36.571991000 -0700 -@@ -853,14 +853,18 @@ +--- src/drivers/driver_bsd.c.orig 2022-06-20 04:39:26.000000000 -0700 ++++ src/drivers/driver_bsd.c 2022-07-03 14:15:42.260043000 -0700 +@@ -14,6 +14,7 @@ + #include "driver.h" + #include "eloop.h" + #include "common/ieee802_11_defs.h" ++#include "common/ieee802_11_common.h" + #include "common/wpa_common.h" + + #include +@@ -853,14 +854,18 @@ drv = bsd_get_drvindex(global, ifm->ifm_index); if (drv == NULL) return; @@ -22,7 +30,50 @@ wpa_printf(MSG_DEBUG, "RTM_IFINFO: Interface '%s' UP", drv->ifname); wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_ENABLED, -@@ -1220,7 +1224,10 @@ +@@ -1197,13 +1202,41 @@ + } + + static int ++wpa_driver_bsd_set_rsn_wpa_ie(struct bsd_driver_data * drv, ++ struct wpa_driver_associate_params *params, const u8 *ie) ++{ ++ int privacy; ++ size_t ie_len = ie[1] ? ie[1] + 2 : 0; ++ ++ /* XXX error handling is wrong but unclear what to do... */ ++ if (wpa_driver_bsd_set_wpa_ie(drv, ie, ie_len) < 0) ++ return -1; ++ ++ privacy = !(params->pairwise_suite == WPA_CIPHER_NONE && ++ params->group_suite == WPA_CIPHER_NONE && ++ params->key_mgmt_suite == WPA_KEY_MGMT_NONE); ++ wpa_printf(MSG_DEBUG, "%s: set PRIVACY %u", __func__, ++ privacy); ++ ++ if (set80211param(drv, IEEE80211_IOC_PRIVACY, privacy) < 0) ++ return -1; ++ ++ if (ie_len && ++ set80211param(drv, IEEE80211_IOC_WPA, ++ ie[0] == WLAN_EID_RSN ? 2 : 1) < 0) ++ return -1; ++ ++ return 0; ++} ++ ++static int + wpa_driver_bsd_associate(void *priv, struct wpa_driver_associate_params *params) + { + struct bsd_driver_data *drv = priv; + struct ieee80211req_mlme mlme; + u32 mode; +- int privacy; + int ret = 0; ++ const u8 *wpa_ie, *rsn_ie; + + wpa_printf(MSG_DEBUG, + "%s: ssid '%.*s' wpa ie len %u pairwise %u group %u key mgmt %u" +@@ -1220,7 +1253,10 @@ mode = 0 /* STA */; break; case IEEE80211_MODE_IBSS: @@ -33,21 +84,55 @@ break; case IEEE80211_MODE_AP: mode = IFM_IEEE80211_HOSTAP; -@@ -1267,6 +1274,13 @@ - params->wpa_ie[0] == WLAN_EID_RSN ? 2 : 1) < 0) - return -1; +@@ -1249,24 +1285,33 @@ + ret = -1; + if (wpa_driver_bsd_set_auth_alg(drv, params->auth_alg) < 0) + ret = -1; +- /* XXX error handling is wrong but unclear what to do... */ +- if (wpa_driver_bsd_set_wpa_ie(drv, params->wpa_ie, params->wpa_ie_len) < 0) +- return -1; + +- privacy = !(params->pairwise_suite == WPA_CIPHER_NONE && +- params->group_suite == WPA_CIPHER_NONE && +- params->key_mgmt_suite == WPA_KEY_MGMT_NONE && +- params->wpa_ie_len == 0); +- wpa_printf(MSG_DEBUG, "%s: set PRIVACY %u", __func__, privacy); ++ if (params->wpa_ie_len) { ++ rsn_ie = get_ie(params->wpa_ie, params->wpa_ie_len, ++ WLAN_EID_RSN); ++ if (rsn_ie) { ++ if (wpa_driver_bsd_set_rsn_wpa_ie(drv, params, ++ rsn_ie) < 0) ++ return -1; ++ } ++ else { ++ wpa_ie = get_vendor_ie(params->wpa_ie, ++ params->wpa_ie_len, WPA_IE_VENDOR_TYPE); ++ if (wpa_ie) { ++ if (wpa_driver_bsd_set_rsn_wpa_ie(drv, params, ++ wpa_ie) < 0) ++ return -1; ++ } ++ } ++ } +- if (set80211param(drv, IEEE80211_IOC_PRIVACY, privacy) < 0) + /* + * NB: interface must be marked UP for association + * or scanning (ap_scan=2) + */ + if (bsd_get_iface_flags(drv) < 0) -+ return -1; -+ + return -1; + +- if (params->wpa_ie_len && +- set80211param(drv, IEEE80211_IOC_WPA, +- params->wpa_ie[0] == WLAN_EID_RSN ? 2 : 1) < 0) +- return -1; +- os_memset(&mlme, 0, sizeof(mlme)); mlme.im_op = IEEE80211_MLME_ASSOC; if (params->ssid != NULL) -@@ -1485,6 +1499,17 @@ +@@ -1485,6 +1530,17 @@ if (devcaps.dc_drivercaps & IEEE80211_C_WPA2) drv->capa.key_mgmt = WPA_DRIVER_CAPA_KEY_MGMT_WPA2 | WPA_DRIVER_CAPA_KEY_MGMT_WPA2_PSK; @@ -65,7 +150,7 @@ if (devcaps.dc_cryptocaps & IEEE80211_CRYPTO_WEP) drv->capa.enc |= WPA_DRIVER_CAPA_ENC_WEP40 | -@@ -1493,6 +1518,7 @@ +@@ -1493,6 +1549,7 @@ drv->capa.enc |= WPA_DRIVER_CAPA_ENC_TKIP; if (devcaps.dc_cryptocaps & IEEE80211_CRYPTO_AES_CCM) drv->capa.enc |= WPA_DRIVER_CAPA_ENC_CCMP; @@ -73,7 +158,7 @@ if (devcaps.dc_drivercaps & IEEE80211_C_HOSTAP) drv->capa.flags |= WPA_DRIVER_FLAGS_AP; -@@ -1545,6 +1571,8 @@ +@@ -1545,6 +1602,8 @@ } if (ifmr.ifm_current & IFM_IEEE80211_HOSTAP) return IEEE80211_M_HOSTAP; diff --git a/security/wpa_supplicant/Makefile b/security/wpa_supplicant/Makefile index 1b3e5889d2c6..d58333174c06 100644 --- a/security/wpa_supplicant/Makefile +++ b/security/wpa_supplicant/Makefile @@ -1,6 +1,6 @@ PORTNAME= wpa_supplicant PORTVERSION= 2.10 -PORTREVISION= 4 +PORTREVISION= 5 CATEGORIES= security net MASTER_SITES= https://w1.fi/releases/ diff --git a/security/wpa_supplicant/files/patch-src_drivers_driver__bsd.c b/security/wpa_supplicant/files/patch-src_drivers_driver__bsd.c index 440233164126..56df017d59d1 100644 --- a/security/wpa_supplicant/files/patch-src_drivers_driver__bsd.c +++ b/security/wpa_supplicant/files/patch-src_drivers_driver__bsd.c @@ -1,6 +1,14 @@ --- src/drivers/driver_bsd.c.orig 2022-01-16 12:51:29.000000000 -0800 -+++ src/drivers/driver_bsd.c 2022-06-20 07:11:44.629814000 -0700 -@@ -853,14 +853,18 @@ ++++ src/drivers/driver_bsd.c 2022-07-03 14:09:49.672011000 -0700 +@@ -14,6 +14,7 @@ + #include "driver.h" + #include "eloop.h" + #include "common/ieee802_11_defs.h" ++#include "common/ieee802_11_common.h" + #include "common/wpa_common.h" + + #include +@@ -853,14 +854,18 @@ drv = bsd_get_drvindex(global, ifm->ifm_index); if (drv == NULL) return; @@ -22,7 +30,50 @@ wpa_printf(MSG_DEBUG, "RTM_IFINFO: Interface '%s' UP", drv->ifname); wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_ENABLED, -@@ -1220,7 +1224,10 @@ +@@ -1197,13 +1202,41 @@ + } + + static int ++wpa_driver_bsd_set_rsn_wpa_ie(struct bsd_driver_data * drv, ++ struct wpa_driver_associate_params *params, const u8 *ie) ++{ ++ int privacy; ++ size_t ie_len = ie[1] ? ie[1] + 2 : 0; ++ ++ /* XXX error handling is wrong but unclear what to do... */ ++ if (wpa_driver_bsd_set_wpa_ie(drv, ie, ie_len) < 0) ++ return -1; ++ ++ privacy = !(params->pairwise_suite == WPA_CIPHER_NONE && ++ params->group_suite == WPA_CIPHER_NONE && ++ params->key_mgmt_suite == WPA_KEY_MGMT_NONE); ++ wpa_printf(MSG_DEBUG, "%s: set PRIVACY %u", __func__, ++ privacy); ++ ++ if (set80211param(drv, IEEE80211_IOC_PRIVACY, privacy) < 0) ++ return -1; ++ ++ if (ie_len && ++ set80211param(drv, IEEE80211_IOC_WPA, ++ ie[0] == WLAN_EID_RSN ? 2 : 1) < 0) ++ return -1; ++ ++ return 0; ++} ++ ++static int + wpa_driver_bsd_associate(void *priv, struct wpa_driver_associate_params *params) + { + struct bsd_driver_data *drv = priv; + struct ieee80211req_mlme mlme; + u32 mode; +- int privacy; + int ret = 0; ++ const u8 *wpa_ie, *rsn_ie; + + wpa_printf(MSG_DEBUG, + "%s: ssid '%.*s' wpa ie len %u pairwise %u group %u key mgmt %u" +@@ -1220,7 +1253,10 @@ mode = 0 /* STA */; break; case IEEE80211_MODE_IBSS: @@ -33,21 +84,55 @@ break; case IEEE80211_MODE_AP: mode = IFM_IEEE80211_HOSTAP; -@@ -1267,6 +1274,13 @@ - params->wpa_ie[0] == WLAN_EID_RSN ? 2 : 1) < 0) - return -1; +@@ -1249,24 +1285,33 @@ + ret = -1; + if (wpa_driver_bsd_set_auth_alg(drv, params->auth_alg) < 0) + ret = -1; +- /* XXX error handling is wrong but unclear what to do... */ +- if (wpa_driver_bsd_set_wpa_ie(drv, params->wpa_ie, params->wpa_ie_len) < 0) +- return -1; + +- privacy = !(params->pairwise_suite == WPA_CIPHER_NONE && +- params->group_suite == WPA_CIPHER_NONE && +- params->key_mgmt_suite == WPA_KEY_MGMT_NONE && +- params->wpa_ie_len == 0); +- wpa_printf(MSG_DEBUG, "%s: set PRIVACY %u", __func__, privacy); ++ if (params->wpa_ie_len) { ++ rsn_ie = get_ie(params->wpa_ie, params->wpa_ie_len, ++ WLAN_EID_RSN); ++ if (rsn_ie) { ++ if (wpa_driver_bsd_set_rsn_wpa_ie(drv, params, ++ rsn_ie) < 0) ++ return -1; ++ } ++ else { ++ wpa_ie = get_vendor_ie(params->wpa_ie, ++ params->wpa_ie_len, WPA_IE_VENDOR_TYPE); ++ if (wpa_ie) { ++ if (wpa_driver_bsd_set_rsn_wpa_ie(drv, params, ++ wpa_ie) < 0) ++ return -1; ++ } ++ } ++ } +- if (set80211param(drv, IEEE80211_IOC_PRIVACY, privacy) < 0) + /* + * NB: interface must be marked UP for association + * or scanning (ap_scan=2) + */ + if (bsd_get_iface_flags(drv) < 0) -+ return -1; -+ + return -1; + +- if (params->wpa_ie_len && +- set80211param(drv, IEEE80211_IOC_WPA, +- params->wpa_ie[0] == WLAN_EID_RSN ? 2 : 1) < 0) +- return -1; +- os_memset(&mlme, 0, sizeof(mlme)); mlme.im_op = IEEE80211_MLME_ASSOC; if (params->ssid != NULL) -@@ -1485,6 +1499,17 @@ +@@ -1485,6 +1530,17 @@ if (devcaps.dc_drivercaps & IEEE80211_C_WPA2) drv->capa.key_mgmt = WPA_DRIVER_CAPA_KEY_MGMT_WPA2 | WPA_DRIVER_CAPA_KEY_MGMT_WPA2_PSK; @@ -65,7 +150,7 @@ if (devcaps.dc_cryptocaps & IEEE80211_CRYPTO_WEP) drv->capa.enc |= WPA_DRIVER_CAPA_ENC_WEP40 | -@@ -1493,6 +1518,7 @@ +@@ -1493,6 +1549,7 @@ drv->capa.enc |= WPA_DRIVER_CAPA_ENC_TKIP; if (devcaps.dc_cryptocaps & IEEE80211_CRYPTO_AES_CCM) drv->capa.enc |= WPA_DRIVER_CAPA_ENC_CCMP; @@ -73,7 +158,7 @@ if (devcaps.dc_drivercaps & IEEE80211_C_HOSTAP) drv->capa.flags |= WPA_DRIVER_FLAGS_AP; -@@ -1545,6 +1571,8 @@ +@@ -1545,6 +1602,8 @@ } if (ifmr.ifm_current & IFM_IEEE80211_HOSTAP) return IEEE80211_M_HOSTAP;