From 60ebc751f74f5777a5f616398efd0ce6ac1b7987 Mon Sep 17 00:00:00 2001 From: Cy Schubert Date: Mon, 7 Apr 2025 13:03:44 -0700 Subject: [PATCH] hostapd/* wpa_supplicant/*: Support CCMP-256/GMCP-256 Chase src/fa06d18b3b87 adding support for CCMP-256/GMCP-256. --- net/hostapd-devel/Makefile | 1 + .../files/patch-src_drivers_driver__bsd.c | 108 ++++++++++++------ net/hostapd/Makefile | 2 +- .../files/patch-src_drivers_driver__bsd.c | 108 ++++++++++++------ security/wpa_supplicant-devel/Makefile | 1 + .../files/patch-src_drivers_driver__bsd.c | 108 ++++++++++++------ security/wpa_supplicant/Makefile | 2 +- .../files/patch-src_drivers_driver__bsd.c | 88 +++++++++----- 8 files changed, 279 insertions(+), 139 deletions(-) diff --git a/net/hostapd-devel/Makefile b/net/hostapd-devel/Makefile index 70c093b0ddb6..fa29bcc7ce01 100644 --- a/net/hostapd-devel/Makefile +++ b/net/hostapd-devel/Makefile @@ -1,5 +1,6 @@ PORTNAME= hostapd PORTVERSION= ${COMMIT_DATE} +PORTREVISION= 1 CATEGORIES= net PKGNAMESUFFIX= -devel diff --git a/net/hostapd-devel/files/patch-src_drivers_driver__bsd.c b/net/hostapd-devel/files/patch-src_drivers_driver__bsd.c index 53071c0f3f8e..e6a3fc573aec 100644 --- a/net/hostapd-devel/files/patch-src_drivers_driver__bsd.c +++ b/net/hostapd-devel/files/patch-src_drivers_driver__bsd.c @@ -1,5 +1,5 @@ --- src/drivers/driver_bsd.c.orig 2024-07-20 11:04:37.000000000 -0700 -+++ src/drivers/driver_bsd.c 2025-03-17 06:07:14.891847000 -0700 ++++ src/drivers/driver_bsd.c 2025-04-07 12:57:12.036618000 -0700 @@ -9,11 +9,13 @@ #include "includes.h" @@ -25,10 +25,14 @@ struct ifreq ifr; os_memset(&ifr, 0, sizeof(ifr)); -@@ -306,7 +309,34 @@ - return -1; - } - drv->flags = ifr.ifr_flags; +@@ -302,11 +305,38 @@ + + if (ioctl(drv->global->sock, SIOCGIFFLAGS, &ifr) < 0) { + wpa_printf(MSG_ERROR, "ioctl[SIOCGIFFLAGS]: %s", ++ strerror(errno)); ++ return -1; ++ } ++ drv->flags = ifr.ifr_flags; + + + if (enable) { @@ -43,14 +47,14 @@ + + if (ioctl(drv->global->sock, SIOCSIFFLAGS, &ifr) < 0) { + wpa_printf(MSG_ERROR, "ioctl[SIOCSIFFLAGS]: %s", -+ strerror(errno)); -+ return -1; -+ } + strerror(errno)); + return -1; + } + + wpa_printf(MSG_DEBUG, "%s: if %s (changed) enable %d IFF_UP %d ", + __func__, drv->ifname, enable, ((ifr.ifr_flags & IFF_UP) != 0)); + -+ drv->flags = ifr.ifr_flags; + drv->flags = ifr.ifr_flags; return 0; + +nochange: @@ -60,14 +64,20 @@ } static int -@@ -349,6 +379,14 @@ +@@ -349,6 +379,20 @@ case WPA_ALG_CCMP: wk.ik_type = IEEE80211_CIPHER_AES_CCM; break; +#if defined(__FreeBSD_version) && __FreeBSD_version >= 1500027 ++ case WPA_ALG_CCMP_256: ++ wk.ik_type = IEEE80211_CIPHER_AES_CCM_256; ++ break; + case WPA_ALG_GCMP: + wk.ik_type = IEEE80211_CIPHER_AES_GCM_128; + break; ++ case WPA_ALG_GCMP_256: ++ wk.ik_type = IEEE80211_CIPHER_AES_GCM_256; ++ break; + case WPA_ALG_BIP_CMAC_128: + wk.ik_type = IEEE80211_CIPHER_BIP_CMAC_128; + break; @@ -75,14 +85,34 @@ default: wpa_printf(MSG_ERROR, "%s: unknown alg=%d", __func__, alg); return -1; -@@ -420,6 +458,14 @@ +@@ -413,13 +457,34 @@ + { + #ifndef IEEE80211_IOC_APPIE + static const char *ciphernames[] = ++#if defined(__FreeBSD_version) && __FreeBSD_version >= 1500027 ++ { "WEP", "TKIP", "AES-OCB", "AES-CCM", "CKIP", "NONE", ++ "AES-CCM-256", "BIP-CMAC-128", "BIP-CMAC-256", "BIP-GMAC-128", ++ "BIP-GMAC-256", "AES-GCM-128", "AES-GCM-256" }; ++#else + { "WEP", "TKIP", "AES-OCB", "AES-CCM", "CKIP", "NONE" }; ++#endif ++ + int v; + + switch (params->wpa_group) { case WPA_CIPHER_CCMP: v = IEEE80211_CIPHER_AES_CCM; break; +#if defined(__FreeBSD_version) && __FreeBSD_version >= 1500027 ++ case WPA_CIPHER_CCMP_256: ++ v = IEEE80211_CIPHER_AES_CCM_256; ++ break; + case WPA_CIPHER_GCMP: + v = IEEE80211_CIPHER_AES_GCM_128; + break; ++ case WPA_CIPHER_GCMP_256: ++ v = IEEE80211_CIPHER_AES_GCM_256; ++ break; + case WPA_CIPHER_BIP_CMAC_128: + v = IEEE80211_CIPHER_BIP_CMAC_128; + break; @@ -90,7 +120,7 @@ case WPA_CIPHER_TKIP: v = IEEE80211_CIPHER_TKIP; break; -@@ -456,6 +502,12 @@ +@@ -456,8 +521,20 @@ } v = 0; @@ -99,11 +129,19 @@ + v |= 1<wpa_pairwise & WPA_CIPHER_GCMP) + v |= 1<wpa_pairwise & WPA_CIPHER_GCMP_256) ++ v |= 1<wpa_pairwise & WPA_CIPHER_CCMP) v |= 1<= 1500027 ++ if (params->wpa_pairwise & WPA_CIPHER_CCMP_256) ++ v |= 1<wpa_pairwise & WPA_CIPHER_TKIP) -@@ -525,7 +577,7 @@ + v |= 1<wpa_pairwise & WPA_CIPHER_NONE) +@@ -525,7 +602,7 @@ __func__); return -1; } @@ -112,7 +150,7 @@ } static void -@@ -586,6 +638,7 @@ +@@ -586,6 +663,7 @@ mode = IFM_IEEE80211_11B; } else { mode = @@ -120,7 +158,7 @@ freq->ht_enabled ? IFM_IEEE80211_11NA : IFM_IEEE80211_11A; } -@@ -853,14 +906,18 @@ +@@ -853,14 +931,18 @@ drv = bsd_get_drvindex(global, ifm->ifm_index); if (drv == NULL) return; @@ -142,7 +180,7 @@ wpa_printf(MSG_DEBUG, "RTM_IFINFO: Interface '%s' UP", drv->ifname); wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_ENABLED, -@@ -1027,7 +1084,8 @@ +@@ -1027,7 +1109,8 @@ if (l2_packet_get_own_addr(drv->sock_xmit, params->own_addr)) goto bad; @@ -152,7 +190,7 @@ goto bad; if (bsd_set_mediaopt(drv, IFM_OMASK, IFM_IEEE80211_HOSTAP) < 0) { -@@ -1052,12 +1110,13 @@ +@@ -1052,12 +1135,13 @@ { struct bsd_driver_data *drv = priv; @@ -167,7 +205,7 @@ static int bsd_set_sta_authorized(void *priv, const u8 *addr, unsigned int total_flags, unsigned int flags_or, -@@ -1199,13 +1258,41 @@ +@@ -1199,13 +1283,41 @@ } static int @@ -210,7 +248,7 @@ wpa_printf(MSG_DEBUG, "%s: ssid '%.*s' wpa ie len %u pairwise %u group %u key mgmt %u" -@@ -1222,7 +1309,10 @@ +@@ -1222,7 +1334,10 @@ mode = 0 /* STA */; break; case IEEE80211_MODE_IBSS: @@ -221,7 +259,7 @@ break; case IEEE80211_MODE_AP: mode = IFM_IEEE80211_HOSTAP; -@@ -1251,24 +1341,33 @@ +@@ -1251,22 +1366,31 @@ ret = -1; if (wpa_driver_bsd_set_auth_alg(drv, params->auth_alg) < 0) ret = -1; @@ -234,6 +272,9 @@ - params->key_mgmt_suite == WPA_KEY_MGMT_NONE && - params->wpa_ie_len == 0); - wpa_printf(MSG_DEBUG, "%s: set PRIVACY %u", __func__, privacy); +- +- if (set80211param(drv, IEEE80211_IOC_PRIVACY, privacy) < 0) +- return -1; + if (params->wpa_ie_len) { + rsn_ie = get_ie(params->wpa_ie, params->wpa_ie_len, + WLAN_EID_RSN); @@ -253,7 +294,9 @@ + } + } -- if (set80211param(drv, IEEE80211_IOC_PRIVACY, privacy) < 0) +- if (params->wpa_ie_len && +- set80211param(drv, IEEE80211_IOC_WPA, +- params->wpa_ie[0] == WLAN_EID_RSN ? 2 : 1) < 0) + /* + * NB: interface must be marked UP for association + * or scanning (ap_scan=2) @@ -261,15 +304,8 @@ + if (bsd_ctrl_iface(drv, 1) < 0) return -1; -- if (params->wpa_ie_len && -- set80211param(drv, IEEE80211_IOC_WPA, -- params->wpa_ie[0] == WLAN_EID_RSN ? 2 : 1) < 0) -- return -1; -- os_memset(&mlme, 0, sizeof(mlme)); - mlme.im_op = IEEE80211_MLME_ASSOC; - if (params->ssid != NULL) -@@ -1311,11 +1410,8 @@ +@@ -1311,11 +1435,8 @@ } /* NB: interface must be marked UP to do a scan */ @@ -282,7 +318,7 @@ #ifdef IEEE80211_IOC_SCAN_MAX_SSID os_memset(&sr, 0, sizeof(sr)); -@@ -1495,6 +1591,12 @@ +@@ -1495,6 +1616,12 @@ drv->capa.enc |= WPA_DRIVER_CAPA_ENC_TKIP; if (devcaps.dc_cryptocaps & IEEE80211_CRYPTO_AES_CCM) drv->capa.enc |= WPA_DRIVER_CAPA_ENC_CCMP; @@ -295,7 +331,7 @@ if (devcaps.dc_drivercaps & IEEE80211_C_HOSTAP) drv->capa.flags |= WPA_DRIVER_FLAGS_AP; -@@ -1547,6 +1649,8 @@ +@@ -1547,6 +1674,8 @@ } if (ifmr.ifm_current & IFM_IEEE80211_HOSTAP) return IEEE80211_M_HOSTAP; @@ -304,7 +340,7 @@ if (ifmr.ifm_current & IFM_IEEE80211_MONITOR) return IEEE80211_M_MONITOR; #ifdef IEEE80211_M_MBSS -@@ -1607,7 +1711,7 @@ +@@ -1607,7 +1736,7 @@ drv->capa.key_mgmt_iftype[i] = drv->capa.key_mgmt; /* Down interface during setup. */ @@ -313,13 +349,13 @@ goto fail; /* Proven to work, lets go! */ -@@ -1630,6 +1734,9 @@ - +@@ -1631,6 +1760,9 @@ if (drv->ifindex != 0 && !drv->if_removed) { wpa_driver_bsd_set_wpa(drv, 0); -+ + + /* NB: mark interface down */ + bsd_ctrl_iface(drv, 0); - ++ wpa_driver_bsd_set_wpa_internal(drv, drv->prev_wpa, drv->prev_privacy); + diff --git a/net/hostapd/Makefile b/net/hostapd/Makefile index 5ea12eceec8b..be1ce57829b3 100644 --- a/net/hostapd/Makefile +++ b/net/hostapd/Makefile @@ -1,6 +1,6 @@ PORTNAME= hostapd PORTVERSION= 2.11 -PORTREVISION= 2 +PORTREVISION= 3 CATEGORIES= net MASTER_SITES= https://w1.fi/releases/ diff --git a/net/hostapd/files/patch-src_drivers_driver__bsd.c b/net/hostapd/files/patch-src_drivers_driver__bsd.c index 53071c0f3f8e..e6a3fc573aec 100644 --- a/net/hostapd/files/patch-src_drivers_driver__bsd.c +++ b/net/hostapd/files/patch-src_drivers_driver__bsd.c @@ -1,5 +1,5 @@ --- src/drivers/driver_bsd.c.orig 2024-07-20 11:04:37.000000000 -0700 -+++ src/drivers/driver_bsd.c 2025-03-17 06:07:14.891847000 -0700 ++++ src/drivers/driver_bsd.c 2025-04-07 12:57:12.036618000 -0700 @@ -9,11 +9,13 @@ #include "includes.h" @@ -25,10 +25,14 @@ struct ifreq ifr; os_memset(&ifr, 0, sizeof(ifr)); -@@ -306,7 +309,34 @@ - return -1; - } - drv->flags = ifr.ifr_flags; +@@ -302,11 +305,38 @@ + + if (ioctl(drv->global->sock, SIOCGIFFLAGS, &ifr) < 0) { + wpa_printf(MSG_ERROR, "ioctl[SIOCGIFFLAGS]: %s", ++ strerror(errno)); ++ return -1; ++ } ++ drv->flags = ifr.ifr_flags; + + + if (enable) { @@ -43,14 +47,14 @@ + + if (ioctl(drv->global->sock, SIOCSIFFLAGS, &ifr) < 0) { + wpa_printf(MSG_ERROR, "ioctl[SIOCSIFFLAGS]: %s", -+ strerror(errno)); -+ return -1; -+ } + strerror(errno)); + return -1; + } + + wpa_printf(MSG_DEBUG, "%s: if %s (changed) enable %d IFF_UP %d ", + __func__, drv->ifname, enable, ((ifr.ifr_flags & IFF_UP) != 0)); + -+ drv->flags = ifr.ifr_flags; + drv->flags = ifr.ifr_flags; return 0; + +nochange: @@ -60,14 +64,20 @@ } static int -@@ -349,6 +379,14 @@ +@@ -349,6 +379,20 @@ case WPA_ALG_CCMP: wk.ik_type = IEEE80211_CIPHER_AES_CCM; break; +#if defined(__FreeBSD_version) && __FreeBSD_version >= 1500027 ++ case WPA_ALG_CCMP_256: ++ wk.ik_type = IEEE80211_CIPHER_AES_CCM_256; ++ break; + case WPA_ALG_GCMP: + wk.ik_type = IEEE80211_CIPHER_AES_GCM_128; + break; ++ case WPA_ALG_GCMP_256: ++ wk.ik_type = IEEE80211_CIPHER_AES_GCM_256; ++ break; + case WPA_ALG_BIP_CMAC_128: + wk.ik_type = IEEE80211_CIPHER_BIP_CMAC_128; + break; @@ -75,14 +85,34 @@ default: wpa_printf(MSG_ERROR, "%s: unknown alg=%d", __func__, alg); return -1; -@@ -420,6 +458,14 @@ +@@ -413,13 +457,34 @@ + { + #ifndef IEEE80211_IOC_APPIE + static const char *ciphernames[] = ++#if defined(__FreeBSD_version) && __FreeBSD_version >= 1500027 ++ { "WEP", "TKIP", "AES-OCB", "AES-CCM", "CKIP", "NONE", ++ "AES-CCM-256", "BIP-CMAC-128", "BIP-CMAC-256", "BIP-GMAC-128", ++ "BIP-GMAC-256", "AES-GCM-128", "AES-GCM-256" }; ++#else + { "WEP", "TKIP", "AES-OCB", "AES-CCM", "CKIP", "NONE" }; ++#endif ++ + int v; + + switch (params->wpa_group) { case WPA_CIPHER_CCMP: v = IEEE80211_CIPHER_AES_CCM; break; +#if defined(__FreeBSD_version) && __FreeBSD_version >= 1500027 ++ case WPA_CIPHER_CCMP_256: ++ v = IEEE80211_CIPHER_AES_CCM_256; ++ break; + case WPA_CIPHER_GCMP: + v = IEEE80211_CIPHER_AES_GCM_128; + break; ++ case WPA_CIPHER_GCMP_256: ++ v = IEEE80211_CIPHER_AES_GCM_256; ++ break; + case WPA_CIPHER_BIP_CMAC_128: + v = IEEE80211_CIPHER_BIP_CMAC_128; + break; @@ -90,7 +120,7 @@ case WPA_CIPHER_TKIP: v = IEEE80211_CIPHER_TKIP; break; -@@ -456,6 +502,12 @@ +@@ -456,8 +521,20 @@ } v = 0; @@ -99,11 +129,19 @@ + v |= 1<wpa_pairwise & WPA_CIPHER_GCMP) + v |= 1<wpa_pairwise & WPA_CIPHER_GCMP_256) ++ v |= 1<wpa_pairwise & WPA_CIPHER_CCMP) v |= 1<= 1500027 ++ if (params->wpa_pairwise & WPA_CIPHER_CCMP_256) ++ v |= 1<wpa_pairwise & WPA_CIPHER_TKIP) -@@ -525,7 +577,7 @@ + v |= 1<wpa_pairwise & WPA_CIPHER_NONE) +@@ -525,7 +602,7 @@ __func__); return -1; } @@ -112,7 +150,7 @@ } static void -@@ -586,6 +638,7 @@ +@@ -586,6 +663,7 @@ mode = IFM_IEEE80211_11B; } else { mode = @@ -120,7 +158,7 @@ freq->ht_enabled ? IFM_IEEE80211_11NA : IFM_IEEE80211_11A; } -@@ -853,14 +906,18 @@ +@@ -853,14 +931,18 @@ drv = bsd_get_drvindex(global, ifm->ifm_index); if (drv == NULL) return; @@ -142,7 +180,7 @@ wpa_printf(MSG_DEBUG, "RTM_IFINFO: Interface '%s' UP", drv->ifname); wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_ENABLED, -@@ -1027,7 +1084,8 @@ +@@ -1027,7 +1109,8 @@ if (l2_packet_get_own_addr(drv->sock_xmit, params->own_addr)) goto bad; @@ -152,7 +190,7 @@ goto bad; if (bsd_set_mediaopt(drv, IFM_OMASK, IFM_IEEE80211_HOSTAP) < 0) { -@@ -1052,12 +1110,13 @@ +@@ -1052,12 +1135,13 @@ { struct bsd_driver_data *drv = priv; @@ -167,7 +205,7 @@ static int bsd_set_sta_authorized(void *priv, const u8 *addr, unsigned int total_flags, unsigned int flags_or, -@@ -1199,13 +1258,41 @@ +@@ -1199,13 +1283,41 @@ } static int @@ -210,7 +248,7 @@ wpa_printf(MSG_DEBUG, "%s: ssid '%.*s' wpa ie len %u pairwise %u group %u key mgmt %u" -@@ -1222,7 +1309,10 @@ +@@ -1222,7 +1334,10 @@ mode = 0 /* STA */; break; case IEEE80211_MODE_IBSS: @@ -221,7 +259,7 @@ break; case IEEE80211_MODE_AP: mode = IFM_IEEE80211_HOSTAP; -@@ -1251,24 +1341,33 @@ +@@ -1251,22 +1366,31 @@ ret = -1; if (wpa_driver_bsd_set_auth_alg(drv, params->auth_alg) < 0) ret = -1; @@ -234,6 +272,9 @@ - params->key_mgmt_suite == WPA_KEY_MGMT_NONE && - params->wpa_ie_len == 0); - wpa_printf(MSG_DEBUG, "%s: set PRIVACY %u", __func__, privacy); +- +- if (set80211param(drv, IEEE80211_IOC_PRIVACY, privacy) < 0) +- return -1; + if (params->wpa_ie_len) { + rsn_ie = get_ie(params->wpa_ie, params->wpa_ie_len, + WLAN_EID_RSN); @@ -253,7 +294,9 @@ + } + } -- if (set80211param(drv, IEEE80211_IOC_PRIVACY, privacy) < 0) +- if (params->wpa_ie_len && +- set80211param(drv, IEEE80211_IOC_WPA, +- params->wpa_ie[0] == WLAN_EID_RSN ? 2 : 1) < 0) + /* + * NB: interface must be marked UP for association + * or scanning (ap_scan=2) @@ -261,15 +304,8 @@ + if (bsd_ctrl_iface(drv, 1) < 0) return -1; -- if (params->wpa_ie_len && -- set80211param(drv, IEEE80211_IOC_WPA, -- params->wpa_ie[0] == WLAN_EID_RSN ? 2 : 1) < 0) -- return -1; -- os_memset(&mlme, 0, sizeof(mlme)); - mlme.im_op = IEEE80211_MLME_ASSOC; - if (params->ssid != NULL) -@@ -1311,11 +1410,8 @@ +@@ -1311,11 +1435,8 @@ } /* NB: interface must be marked UP to do a scan */ @@ -282,7 +318,7 @@ #ifdef IEEE80211_IOC_SCAN_MAX_SSID os_memset(&sr, 0, sizeof(sr)); -@@ -1495,6 +1591,12 @@ +@@ -1495,6 +1616,12 @@ drv->capa.enc |= WPA_DRIVER_CAPA_ENC_TKIP; if (devcaps.dc_cryptocaps & IEEE80211_CRYPTO_AES_CCM) drv->capa.enc |= WPA_DRIVER_CAPA_ENC_CCMP; @@ -295,7 +331,7 @@ if (devcaps.dc_drivercaps & IEEE80211_C_HOSTAP) drv->capa.flags |= WPA_DRIVER_FLAGS_AP; -@@ -1547,6 +1649,8 @@ +@@ -1547,6 +1674,8 @@ } if (ifmr.ifm_current & IFM_IEEE80211_HOSTAP) return IEEE80211_M_HOSTAP; @@ -304,7 +340,7 @@ if (ifmr.ifm_current & IFM_IEEE80211_MONITOR) return IEEE80211_M_MONITOR; #ifdef IEEE80211_M_MBSS -@@ -1607,7 +1711,7 @@ +@@ -1607,7 +1736,7 @@ drv->capa.key_mgmt_iftype[i] = drv->capa.key_mgmt; /* Down interface during setup. */ @@ -313,13 +349,13 @@ goto fail; /* Proven to work, lets go! */ -@@ -1630,6 +1734,9 @@ - +@@ -1631,6 +1760,9 @@ if (drv->ifindex != 0 && !drv->if_removed) { wpa_driver_bsd_set_wpa(drv, 0); -+ + + /* NB: mark interface down */ + bsd_ctrl_iface(drv, 0); - ++ wpa_driver_bsd_set_wpa_internal(drv, drv->prev_wpa, drv->prev_privacy); + diff --git a/security/wpa_supplicant-devel/Makefile b/security/wpa_supplicant-devel/Makefile index ae5b7fed5318..ef3b8e33ab29 100644 --- a/security/wpa_supplicant-devel/Makefile +++ b/security/wpa_supplicant-devel/Makefile @@ -1,5 +1,6 @@ PORTNAME= wpa_supplicant PORTVERSION= ${COMMIT_DATE} +PORTREVISION= 1 CATEGORIES= security net PKGNAMESUFFIX= -devel diff --git a/security/wpa_supplicant-devel/files/patch-src_drivers_driver__bsd.c b/security/wpa_supplicant-devel/files/patch-src_drivers_driver__bsd.c index 53071c0f3f8e..e6a3fc573aec 100644 --- a/security/wpa_supplicant-devel/files/patch-src_drivers_driver__bsd.c +++ b/security/wpa_supplicant-devel/files/patch-src_drivers_driver__bsd.c @@ -1,5 +1,5 @@ --- src/drivers/driver_bsd.c.orig 2024-07-20 11:04:37.000000000 -0700 -+++ src/drivers/driver_bsd.c 2025-03-17 06:07:14.891847000 -0700 ++++ src/drivers/driver_bsd.c 2025-04-07 12:57:12.036618000 -0700 @@ -9,11 +9,13 @@ #include "includes.h" @@ -25,10 +25,14 @@ struct ifreq ifr; os_memset(&ifr, 0, sizeof(ifr)); -@@ -306,7 +309,34 @@ - return -1; - } - drv->flags = ifr.ifr_flags; +@@ -302,11 +305,38 @@ + + if (ioctl(drv->global->sock, SIOCGIFFLAGS, &ifr) < 0) { + wpa_printf(MSG_ERROR, "ioctl[SIOCGIFFLAGS]: %s", ++ strerror(errno)); ++ return -1; ++ } ++ drv->flags = ifr.ifr_flags; + + + if (enable) { @@ -43,14 +47,14 @@ + + if (ioctl(drv->global->sock, SIOCSIFFLAGS, &ifr) < 0) { + wpa_printf(MSG_ERROR, "ioctl[SIOCSIFFLAGS]: %s", -+ strerror(errno)); -+ return -1; -+ } + strerror(errno)); + return -1; + } + + wpa_printf(MSG_DEBUG, "%s: if %s (changed) enable %d IFF_UP %d ", + __func__, drv->ifname, enable, ((ifr.ifr_flags & IFF_UP) != 0)); + -+ drv->flags = ifr.ifr_flags; + drv->flags = ifr.ifr_flags; return 0; + +nochange: @@ -60,14 +64,20 @@ } static int -@@ -349,6 +379,14 @@ +@@ -349,6 +379,20 @@ case WPA_ALG_CCMP: wk.ik_type = IEEE80211_CIPHER_AES_CCM; break; +#if defined(__FreeBSD_version) && __FreeBSD_version >= 1500027 ++ case WPA_ALG_CCMP_256: ++ wk.ik_type = IEEE80211_CIPHER_AES_CCM_256; ++ break; + case WPA_ALG_GCMP: + wk.ik_type = IEEE80211_CIPHER_AES_GCM_128; + break; ++ case WPA_ALG_GCMP_256: ++ wk.ik_type = IEEE80211_CIPHER_AES_GCM_256; ++ break; + case WPA_ALG_BIP_CMAC_128: + wk.ik_type = IEEE80211_CIPHER_BIP_CMAC_128; + break; @@ -75,14 +85,34 @@ default: wpa_printf(MSG_ERROR, "%s: unknown alg=%d", __func__, alg); return -1; -@@ -420,6 +458,14 @@ +@@ -413,13 +457,34 @@ + { + #ifndef IEEE80211_IOC_APPIE + static const char *ciphernames[] = ++#if defined(__FreeBSD_version) && __FreeBSD_version >= 1500027 ++ { "WEP", "TKIP", "AES-OCB", "AES-CCM", "CKIP", "NONE", ++ "AES-CCM-256", "BIP-CMAC-128", "BIP-CMAC-256", "BIP-GMAC-128", ++ "BIP-GMAC-256", "AES-GCM-128", "AES-GCM-256" }; ++#else + { "WEP", "TKIP", "AES-OCB", "AES-CCM", "CKIP", "NONE" }; ++#endif ++ + int v; + + switch (params->wpa_group) { case WPA_CIPHER_CCMP: v = IEEE80211_CIPHER_AES_CCM; break; +#if defined(__FreeBSD_version) && __FreeBSD_version >= 1500027 ++ case WPA_CIPHER_CCMP_256: ++ v = IEEE80211_CIPHER_AES_CCM_256; ++ break; + case WPA_CIPHER_GCMP: + v = IEEE80211_CIPHER_AES_GCM_128; + break; ++ case WPA_CIPHER_GCMP_256: ++ v = IEEE80211_CIPHER_AES_GCM_256; ++ break; + case WPA_CIPHER_BIP_CMAC_128: + v = IEEE80211_CIPHER_BIP_CMAC_128; + break; @@ -90,7 +120,7 @@ case WPA_CIPHER_TKIP: v = IEEE80211_CIPHER_TKIP; break; -@@ -456,6 +502,12 @@ +@@ -456,8 +521,20 @@ } v = 0; @@ -99,11 +129,19 @@ + v |= 1<wpa_pairwise & WPA_CIPHER_GCMP) + v |= 1<wpa_pairwise & WPA_CIPHER_GCMP_256) ++ v |= 1<wpa_pairwise & WPA_CIPHER_CCMP) v |= 1<= 1500027 ++ if (params->wpa_pairwise & WPA_CIPHER_CCMP_256) ++ v |= 1<wpa_pairwise & WPA_CIPHER_TKIP) -@@ -525,7 +577,7 @@ + v |= 1<wpa_pairwise & WPA_CIPHER_NONE) +@@ -525,7 +602,7 @@ __func__); return -1; } @@ -112,7 +150,7 @@ } static void -@@ -586,6 +638,7 @@ +@@ -586,6 +663,7 @@ mode = IFM_IEEE80211_11B; } else { mode = @@ -120,7 +158,7 @@ freq->ht_enabled ? IFM_IEEE80211_11NA : IFM_IEEE80211_11A; } -@@ -853,14 +906,18 @@ +@@ -853,14 +931,18 @@ drv = bsd_get_drvindex(global, ifm->ifm_index); if (drv == NULL) return; @@ -142,7 +180,7 @@ wpa_printf(MSG_DEBUG, "RTM_IFINFO: Interface '%s' UP", drv->ifname); wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_ENABLED, -@@ -1027,7 +1084,8 @@ +@@ -1027,7 +1109,8 @@ if (l2_packet_get_own_addr(drv->sock_xmit, params->own_addr)) goto bad; @@ -152,7 +190,7 @@ goto bad; if (bsd_set_mediaopt(drv, IFM_OMASK, IFM_IEEE80211_HOSTAP) < 0) { -@@ -1052,12 +1110,13 @@ +@@ -1052,12 +1135,13 @@ { struct bsd_driver_data *drv = priv; @@ -167,7 +205,7 @@ static int bsd_set_sta_authorized(void *priv, const u8 *addr, unsigned int total_flags, unsigned int flags_or, -@@ -1199,13 +1258,41 @@ +@@ -1199,13 +1283,41 @@ } static int @@ -210,7 +248,7 @@ wpa_printf(MSG_DEBUG, "%s: ssid '%.*s' wpa ie len %u pairwise %u group %u key mgmt %u" -@@ -1222,7 +1309,10 @@ +@@ -1222,7 +1334,10 @@ mode = 0 /* STA */; break; case IEEE80211_MODE_IBSS: @@ -221,7 +259,7 @@ break; case IEEE80211_MODE_AP: mode = IFM_IEEE80211_HOSTAP; -@@ -1251,24 +1341,33 @@ +@@ -1251,22 +1366,31 @@ ret = -1; if (wpa_driver_bsd_set_auth_alg(drv, params->auth_alg) < 0) ret = -1; @@ -234,6 +272,9 @@ - params->key_mgmt_suite == WPA_KEY_MGMT_NONE && - params->wpa_ie_len == 0); - wpa_printf(MSG_DEBUG, "%s: set PRIVACY %u", __func__, privacy); +- +- if (set80211param(drv, IEEE80211_IOC_PRIVACY, privacy) < 0) +- return -1; + if (params->wpa_ie_len) { + rsn_ie = get_ie(params->wpa_ie, params->wpa_ie_len, + WLAN_EID_RSN); @@ -253,7 +294,9 @@ + } + } -- if (set80211param(drv, IEEE80211_IOC_PRIVACY, privacy) < 0) +- if (params->wpa_ie_len && +- set80211param(drv, IEEE80211_IOC_WPA, +- params->wpa_ie[0] == WLAN_EID_RSN ? 2 : 1) < 0) + /* + * NB: interface must be marked UP for association + * or scanning (ap_scan=2) @@ -261,15 +304,8 @@ + if (bsd_ctrl_iface(drv, 1) < 0) return -1; -- if (params->wpa_ie_len && -- set80211param(drv, IEEE80211_IOC_WPA, -- params->wpa_ie[0] == WLAN_EID_RSN ? 2 : 1) < 0) -- return -1; -- os_memset(&mlme, 0, sizeof(mlme)); - mlme.im_op = IEEE80211_MLME_ASSOC; - if (params->ssid != NULL) -@@ -1311,11 +1410,8 @@ +@@ -1311,11 +1435,8 @@ } /* NB: interface must be marked UP to do a scan */ @@ -282,7 +318,7 @@ #ifdef IEEE80211_IOC_SCAN_MAX_SSID os_memset(&sr, 0, sizeof(sr)); -@@ -1495,6 +1591,12 @@ +@@ -1495,6 +1616,12 @@ drv->capa.enc |= WPA_DRIVER_CAPA_ENC_TKIP; if (devcaps.dc_cryptocaps & IEEE80211_CRYPTO_AES_CCM) drv->capa.enc |= WPA_DRIVER_CAPA_ENC_CCMP; @@ -295,7 +331,7 @@ if (devcaps.dc_drivercaps & IEEE80211_C_HOSTAP) drv->capa.flags |= WPA_DRIVER_FLAGS_AP; -@@ -1547,6 +1649,8 @@ +@@ -1547,6 +1674,8 @@ } if (ifmr.ifm_current & IFM_IEEE80211_HOSTAP) return IEEE80211_M_HOSTAP; @@ -304,7 +340,7 @@ if (ifmr.ifm_current & IFM_IEEE80211_MONITOR) return IEEE80211_M_MONITOR; #ifdef IEEE80211_M_MBSS -@@ -1607,7 +1711,7 @@ +@@ -1607,7 +1736,7 @@ drv->capa.key_mgmt_iftype[i] = drv->capa.key_mgmt; /* Down interface during setup. */ @@ -313,13 +349,13 @@ goto fail; /* Proven to work, lets go! */ -@@ -1630,6 +1734,9 @@ - +@@ -1631,6 +1760,9 @@ if (drv->ifindex != 0 && !drv->if_removed) { wpa_driver_bsd_set_wpa(drv, 0); -+ + + /* NB: mark interface down */ + bsd_ctrl_iface(drv, 0); - ++ wpa_driver_bsd_set_wpa_internal(drv, drv->prev_wpa, drv->prev_privacy); + diff --git a/security/wpa_supplicant/Makefile b/security/wpa_supplicant/Makefile index 31b46b93b9a0..a40c862c2b61 100644 --- a/security/wpa_supplicant/Makefile +++ b/security/wpa_supplicant/Makefile @@ -1,6 +1,6 @@ PORTNAME= wpa_supplicant PORTVERSION= 2.11 -PORTREVISION= 4 +PORTREVISION= 5 CATEGORIES= security net MASTER_SITES= https://w1.fi/releases/ diff --git a/security/wpa_supplicant/files/patch-src_drivers_driver__bsd.c b/security/wpa_supplicant/files/patch-src_drivers_driver__bsd.c index 53071c0f3f8e..7c22ee2a372c 100644 --- a/security/wpa_supplicant/files/patch-src_drivers_driver__bsd.c +++ b/security/wpa_supplicant/files/patch-src_drivers_driver__bsd.c @@ -1,5 +1,5 @@ --- src/drivers/driver_bsd.c.orig 2024-07-20 11:04:37.000000000 -0700 -+++ src/drivers/driver_bsd.c 2025-03-17 06:07:14.891847000 -0700 ++++ src/drivers/driver_bsd.c 2025-04-07 12:47:28.984390000 -0700 @@ -9,11 +9,13 @@ #include "includes.h" @@ -60,14 +60,20 @@ } static int -@@ -349,6 +379,14 @@ +@@ -349,6 +379,20 @@ case WPA_ALG_CCMP: wk.ik_type = IEEE80211_CIPHER_AES_CCM; break; +#if defined(__FreeBSD_version) && __FreeBSD_version >= 1500027 ++ case WPA_ALG_CCMP_256: ++ wk.ik_type = IEEE80211_CIPHER_AES_CCM_256; ++ break; + case WPA_ALG_GCMP: + wk.ik_type = IEEE80211_CIPHER_AES_GCM_128; + break; ++ case WPA_ALG_GCMP_256: ++ wk.ik_type = IEEE80211_CIPHER_AES_GCM_256; ++ break; + case WPA_ALG_BIP_CMAC_128: + wk.ik_type = IEEE80211_CIPHER_BIP_CMAC_128; + break; @@ -75,14 +81,34 @@ default: wpa_printf(MSG_ERROR, "%s: unknown alg=%d", __func__, alg); return -1; -@@ -420,6 +458,14 @@ +@@ -413,13 +457,34 @@ + { + #ifndef IEEE80211_IOC_APPIE + static const char *ciphernames[] = ++#if defined(__FreeBSD_version) && __FreeBSD_version >= 1500027 ++ { "WEP", "TKIP", "AES-OCB", "AES-CCM", "CKIP", "NONE", ++ "AES-CCM-256", "BIP-CMAC-128", "BIP-CMAC-256", "BIP-GMAC-128", ++ "BIP-GMAC-256", "AES-GCM-128", "AES-GCM-256" }; ++#else + { "WEP", "TKIP", "AES-OCB", "AES-CCM", "CKIP", "NONE" }; ++#endif ++ + int v; + + switch (params->wpa_group) { case WPA_CIPHER_CCMP: v = IEEE80211_CIPHER_AES_CCM; break; +#if defined(__FreeBSD_version) && __FreeBSD_version >= 1500027 ++ case WPA_CIPHER_CCMP_256: ++ v = IEEE80211_CIPHER_AES_CCM_256; ++ break; + case WPA_CIPHER_GCMP: + v = IEEE80211_CIPHER_AES_GCM_128; + break; ++ case WPA_CIPHER_GCMP_256: ++ v = IEEE80211_CIPHER_AES_GCM_256; ++ break; + case WPA_CIPHER_BIP_CMAC_128: + v = IEEE80211_CIPHER_BIP_CMAC_128; + break; @@ -90,7 +116,7 @@ case WPA_CIPHER_TKIP: v = IEEE80211_CIPHER_TKIP; break; -@@ -456,6 +502,12 @@ +@@ -456,8 +521,18 @@ } v = 0; @@ -99,11 +125,17 @@ + v |= 1<wpa_pairwise & WPA_CIPHER_GCMP) + v |= 1<wpa_pairwise & WPA_CIPHER_GCMP_256) ++ v |= 1<wpa_pairwise & WPA_CIPHER_CCMP) v |= 1<wpa_pairwise & WPA_CIPHER_CCMP_256) ++ v |= 1<wpa_pairwise & WPA_CIPHER_TKIP) -@@ -525,7 +577,7 @@ + v |= 1<wpa_pairwise & WPA_CIPHER_NONE) +@@ -525,7 +600,7 @@ __func__); return -1; } @@ -112,7 +144,7 @@ } static void -@@ -586,6 +638,7 @@ +@@ -586,6 +661,7 @@ mode = IFM_IEEE80211_11B; } else { mode = @@ -120,7 +152,7 @@ freq->ht_enabled ? IFM_IEEE80211_11NA : IFM_IEEE80211_11A; } -@@ -853,14 +906,18 @@ +@@ -853,14 +929,18 @@ drv = bsd_get_drvindex(global, ifm->ifm_index); if (drv == NULL) return; @@ -142,7 +174,7 @@ wpa_printf(MSG_DEBUG, "RTM_IFINFO: Interface '%s' UP", drv->ifname); wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_ENABLED, -@@ -1027,7 +1084,8 @@ +@@ -1027,7 +1107,8 @@ if (l2_packet_get_own_addr(drv->sock_xmit, params->own_addr)) goto bad; @@ -152,7 +184,7 @@ goto bad; if (bsd_set_mediaopt(drv, IFM_OMASK, IFM_IEEE80211_HOSTAP) < 0) { -@@ -1052,12 +1110,13 @@ +@@ -1052,12 +1133,13 @@ { struct bsd_driver_data *drv = priv; @@ -167,7 +199,7 @@ static int bsd_set_sta_authorized(void *priv, const u8 *addr, unsigned int total_flags, unsigned int flags_or, -@@ -1199,13 +1258,41 @@ +@@ -1199,13 +1281,41 @@ } static int @@ -210,7 +242,7 @@ wpa_printf(MSG_DEBUG, "%s: ssid '%.*s' wpa ie len %u pairwise %u group %u key mgmt %u" -@@ -1222,7 +1309,10 @@ +@@ -1222,7 +1332,10 @@ mode = 0 /* STA */; break; case IEEE80211_MODE_IBSS: @@ -221,7 +253,7 @@ break; case IEEE80211_MODE_AP: mode = IFM_IEEE80211_HOSTAP; -@@ -1251,24 +1341,33 @@ +@@ -1251,22 +1364,31 @@ ret = -1; if (wpa_driver_bsd_set_auth_alg(drv, params->auth_alg) < 0) ret = -1; @@ -234,6 +266,9 @@ - params->key_mgmt_suite == WPA_KEY_MGMT_NONE && - params->wpa_ie_len == 0); - wpa_printf(MSG_DEBUG, "%s: set PRIVACY %u", __func__, privacy); +- +- if (set80211param(drv, IEEE80211_IOC_PRIVACY, privacy) < 0) +- return -1; + if (params->wpa_ie_len) { + rsn_ie = get_ie(params->wpa_ie, params->wpa_ie_len, + WLAN_EID_RSN); @@ -253,7 +288,9 @@ + } + } -- if (set80211param(drv, IEEE80211_IOC_PRIVACY, privacy) < 0) +- if (params->wpa_ie_len && +- set80211param(drv, IEEE80211_IOC_WPA, +- params->wpa_ie[0] == WLAN_EID_RSN ? 2 : 1) < 0) + /* + * NB: interface must be marked UP for association + * or scanning (ap_scan=2) @@ -261,15 +298,8 @@ + if (bsd_ctrl_iface(drv, 1) < 0) return -1; -- if (params->wpa_ie_len && -- set80211param(drv, IEEE80211_IOC_WPA, -- params->wpa_ie[0] == WLAN_EID_RSN ? 2 : 1) < 0) -- return -1; -- os_memset(&mlme, 0, sizeof(mlme)); - mlme.im_op = IEEE80211_MLME_ASSOC; - if (params->ssid != NULL) -@@ -1311,11 +1410,8 @@ +@@ -1311,11 +1433,8 @@ } /* NB: interface must be marked UP to do a scan */ @@ -282,7 +312,7 @@ #ifdef IEEE80211_IOC_SCAN_MAX_SSID os_memset(&sr, 0, sizeof(sr)); -@@ -1495,6 +1591,12 @@ +@@ -1495,6 +1614,12 @@ drv->capa.enc |= WPA_DRIVER_CAPA_ENC_TKIP; if (devcaps.dc_cryptocaps & IEEE80211_CRYPTO_AES_CCM) drv->capa.enc |= WPA_DRIVER_CAPA_ENC_CCMP; @@ -295,7 +325,7 @@ if (devcaps.dc_drivercaps & IEEE80211_C_HOSTAP) drv->capa.flags |= WPA_DRIVER_FLAGS_AP; -@@ -1547,6 +1649,8 @@ +@@ -1547,6 +1672,8 @@ } if (ifmr.ifm_current & IFM_IEEE80211_HOSTAP) return IEEE80211_M_HOSTAP; @@ -304,7 +334,7 @@ if (ifmr.ifm_current & IFM_IEEE80211_MONITOR) return IEEE80211_M_MONITOR; #ifdef IEEE80211_M_MBSS -@@ -1607,7 +1711,7 @@ +@@ -1607,7 +1734,7 @@ drv->capa.key_mgmt_iftype[i] = drv->capa.key_mgmt; /* Down interface during setup. */ @@ -313,13 +343,13 @@ goto fail; /* Proven to work, lets go! */ -@@ -1630,6 +1734,9 @@ - +@@ -1631,6 +1758,9 @@ if (drv->ifindex != 0 && !drv->if_removed) { wpa_driver_bsd_set_wpa(drv, 0); -+ + + /* NB: mark interface down */ + bsd_ctrl_iface(drv, 0); - ++ wpa_driver_bsd_set_wpa_internal(drv, drv->prev_wpa, drv->prev_privacy); +