wpa_supplicant* hostapd*: Resolve secondary VAP association issue

Association will fail on a secondary open unprotected VAP when the primary VAP is configured for WPA. Examples of secondary VAPs are, hotels, universities, and commodity routers' guest networks. A broadly similar bug was discussed on Red Hat's bugzilla affecting association to a D-Link DIR-842. This suggests that as IEs were added to the 802.11 protocol the old code was increasingly inadaquate to handle the additional IEs, not only a secondary VAP. This duplcates src commit 775611ea11db here in ports. PR: 264238 Reported by: Jaskie <jiangjun12321@gmail.com> "J.R. Oldroyd" <fbsd@opal.com> Submitted by: "J.R. Oldroyd" <fbsd@opal.com> MFH: 2022Q3
author: J.R. Oldroyd <fbsd@opal.com> 2022-07-03 21:18:40 +0000
committer: Cy Schubert <cy@FreeBSD.org> 2022-07-03 21:33:18 +0000
commit: b3916c7a8d2599e99fabdc1735b095ff5a9f9381 (patch)
tree: e5fb895110487c24497f3d47ac68e443f2404c44
parent: cad6302bccdaef3b1fd9fd4ce8b1d26c24b32840 (diff)
download: ports-b3916c7a8d2599e99fabdc1735b095ff5a9f9381.tar.gz
ports-b3916c7a8d2599e99fabdc1735b095ff5a9f9381.zip
8 files changed, 390 insertions, 48 deletions
diff --git a/net/hostapd-devel/Makefile b/net/hostapd-devel/Makefile
index 6cc447a6a92b..59298e7651ee 100644
--- a/net/hostapd-devel/Makefile
+++ b/net/hostapd-devel/Makefile
@@ -2,6 +2,7 @@
 
 PORTNAME=	hostapd
 PORTVERSION=	${COMMIT_DATE}
+PORTREVISION=	1
 CATEGORIES=	net
 PKGNAMESUFFIX=	-devel
 
diff --git a/net/hostapd-devel/files/patch-src_drivers_driver__bsd.c b/net/hostapd-devel/files/patch-src_drivers_driver__bsd.c
index dda055f26664..db2f4291d682 100644
--- a/net/hostapd-devel/files/patch-src_drivers_driver__bsd.c
+++ b/net/hostapd-devel/files/patch-src_drivers_driver__bsd.c
@@ -1,6 +1,14 @@
---- src/drivers/driver_bsd.c.orig	2022-05-24 13:30:39.000000000 -0700
-+++ src/drivers/driver_bsd.c	2022-06-20 07:18:14.191871000 -0700
-@@ -853,14 +853,18 @@
+--- src/drivers/driver_bsd.c.orig	2022-06-20 04:39:26.000000000 -0700
++++ src/drivers/driver_bsd.c	2022-07-03 14:14:25.865828000 -0700
+@@ -14,6 +14,7 @@
+ #include "driver.h"
+ #include "eloop.h"
+ #include "common/ieee802_11_defs.h"
++#include "common/ieee802_11_common.h"
+ #include "common/wpa_common.h"
+ 
+ #include <ifaddrs.h>
+@@ -853,14 +854,18 @@
  		drv = bsd_get_drvindex(global, ifm->ifm_index);
  		if (drv == NULL)
  			return;
@@ -22,7 +30,50 @@
  			wpa_printf(MSG_DEBUG, "RTM_IFINFO: Interface '%s' UP",
  				   drv->ifname);
  			wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_ENABLED,
-@@ -1220,7 +1224,10 @@
+@@ -1197,13 +1202,41 @@
+ }
+ 
+ static int
++wpa_driver_bsd_set_rsn_wpa_ie(struct bsd_driver_data * drv,
++    struct wpa_driver_associate_params *params, const u8 *ie)
++{
++	int privacy;
++	size_t ie_len = ie[1] ? ie[1] + 2 : 0;
++
++	/* XXX error handling is wrong but unclear what to do... */
++	if (wpa_driver_bsd_set_wpa_ie(drv, ie, ie_len) < 0)
++		return -1;
++
++	privacy = !(params->pairwise_suite == WPA_CIPHER_NONE &&
++	    params->group_suite == WPA_CIPHER_NONE &&
++	    params->key_mgmt_suite == WPA_KEY_MGMT_NONE);
++	wpa_printf(MSG_DEBUG, "%s: set PRIVACY %u", __func__,
++	    privacy);
++
++	if (set80211param(drv, IEEE80211_IOC_PRIVACY, privacy) < 0)
++		return -1;
++
++	if (ie_len &&
++	    set80211param(drv, IEEE80211_IOC_WPA,
++	    ie[0] == WLAN_EID_RSN ? 2 : 1) < 0)
++		return -1;
++
++	return 0;
++}
++
++static int
+ wpa_driver_bsd_associate(void *priv, struct wpa_driver_associate_params *params)
+ {
+ 	struct bsd_driver_data *drv = priv;
+ 	struct ieee80211req_mlme mlme;
+ 	u32 mode;
+-	int privacy;
+ 	int ret = 0;
++	const u8 *wpa_ie, *rsn_ie;
+ 
+ 	wpa_printf(MSG_DEBUG,
+ 		"%s: ssid '%.*s' wpa ie len %u pairwise %u group %u key mgmt %u"
+@@ -1220,7 +1253,10 @@
  		mode = 0 /* STA */;
  		break;
  	case IEEE80211_MODE_IBSS:
@@ -33,21 +84,55 @@
  		break;
  	case IEEE80211_MODE_AP:
  		mode = IFM_IEEE80211_HOSTAP;
-@@ -1267,6 +1274,13 @@
- 			  params->wpa_ie[0] == WLAN_EID_RSN ? 2 : 1) < 0)
- 		return -1;
+@@ -1249,24 +1285,33 @@
+ 		ret = -1;
+ 	if (wpa_driver_bsd_set_auth_alg(drv, params->auth_alg) < 0)
+ 		ret = -1;
+-	/* XXX error handling is wrong but unclear what to do... */
+-	if (wpa_driver_bsd_set_wpa_ie(drv, params->wpa_ie, params->wpa_ie_len) < 0)
+-		return -1;
+ 
+-	privacy = !(params->pairwise_suite == WPA_CIPHER_NONE &&
+-	    params->group_suite == WPA_CIPHER_NONE &&
+-	    params->key_mgmt_suite == WPA_KEY_MGMT_NONE &&
+-	    params->wpa_ie_len == 0);
+-	wpa_printf(MSG_DEBUG, "%s: set PRIVACY %u", __func__, privacy);
++	if (params->wpa_ie_len) {
++		rsn_ie = get_ie(params->wpa_ie, params->wpa_ie_len,
++		    WLAN_EID_RSN);
++		if (rsn_ie) {
++			if (wpa_driver_bsd_set_rsn_wpa_ie(drv, params,
++			    rsn_ie) < 0)
++				return -1;
++		}
++		else {
++			wpa_ie = get_vendor_ie(params->wpa_ie,
++			    params->wpa_ie_len, WPA_IE_VENDOR_TYPE);
++			if (wpa_ie) {
++				if (wpa_driver_bsd_set_rsn_wpa_ie(drv, params,
++				    wpa_ie) < 0)
++					return -1;
++			}
++		}
++	}
  
+-	if (set80211param(drv, IEEE80211_IOC_PRIVACY, privacy) < 0)
 +	/*
 +	 * NB: interface must be marked UP for association
 +	 * or scanning (ap_scan=2)
 +	 */
 +	if (bsd_get_iface_flags(drv) < 0)
-+		return -1;
-+
+ 		return -1;
+ 
+-	if (params->wpa_ie_len &&
+-	    set80211param(drv, IEEE80211_IOC_WPA,
+-			  params->wpa_ie[0] == WLAN_EID_RSN ? 2 : 1) < 0)
+-		return -1;
+-
  	os_memset(&mlme, 0, sizeof(mlme));
  	mlme.im_op = IEEE80211_MLME_ASSOC;
  	if (params->ssid != NULL)
-@@ -1485,6 +1499,17 @@
+@@ -1485,6 +1530,17 @@
  	if (devcaps.dc_drivercaps & IEEE80211_C_WPA2)
  		drv->capa.key_mgmt = WPA_DRIVER_CAPA_KEY_MGMT_WPA2 |
  			WPA_DRIVER_CAPA_KEY_MGMT_WPA2_PSK;
@@ -65,7 +150,7 @@
  
  	if (devcaps.dc_cryptocaps & IEEE80211_CRYPTO_WEP)
  		drv->capa.enc |= WPA_DRIVER_CAPA_ENC_WEP40 |
-@@ -1493,6 +1518,7 @@
+@@ -1493,6 +1549,7 @@
  		drv->capa.enc |= WPA_DRIVER_CAPA_ENC_TKIP;
  	if (devcaps.dc_cryptocaps & IEEE80211_CRYPTO_AES_CCM)
  		drv->capa.enc |= WPA_DRIVER_CAPA_ENC_CCMP;
@@ -73,7 +158,7 @@
  
  	if (devcaps.dc_drivercaps & IEEE80211_C_HOSTAP)
  		drv->capa.flags |= WPA_DRIVER_FLAGS_AP;
-@@ -1545,6 +1571,8 @@
+@@ -1545,6 +1602,8 @@
  		}
  		if (ifmr.ifm_current & IFM_IEEE80211_HOSTAP)
  			return IEEE80211_M_HOSTAP;
diff --git a/net/hostapd/Makefile b/net/hostapd/Makefile
index 114041a960bb..ff3f148c9dd6 100644
--- a/net/hostapd/Makefile
+++ b/net/hostapd/Makefile
@@ -2,7 +2,7 @@
 
 PORTNAME=	hostapd
 PORTVERSION=	2.10
-PORTREVISION=	4
+PORTREVISION=	5
 CATEGORIES=	net
 MASTER_SITES=	https://w1.fi/releases/
 
diff --git a/net/hostapd/files/patch-src_drivers_driver__bsd.c b/net/hostapd/files/patch-src_drivers_driver__bsd.c
index 2c49538712af..112a8230671c 100644
--- a/net/hostapd/files/patch-src_drivers_driver__bsd.c
+++ b/net/hostapd/files/patch-src_drivers_driver__bsd.c
@@ -1,6 +1,14 @@
 --- src/drivers/driver_bsd.c.orig	2022-01-16 12:51:29.000000000 -0800
-+++ src/drivers/driver_bsd.c	2022-06-20 07:14:50.617305000 -0700
-@@ -853,14 +853,18 @@
++++ src/drivers/driver_bsd.c	2022-07-03 14:12:06.167581000 -0700
+@@ -14,6 +14,7 @@
+ #include "driver.h"
+ #include "eloop.h"
+ #include "common/ieee802_11_defs.h"
++#include "common/ieee802_11_common.h"
+ #include "common/wpa_common.h"
+ 
+ #include <ifaddrs.h>
+@@ -853,14 +854,18 @@
  		drv = bsd_get_drvindex(global, ifm->ifm_index);
  		if (drv == NULL)
  			return;
@@ -22,7 +30,50 @@
  			wpa_printf(MSG_DEBUG, "RTM_IFINFO: Interface '%s' UP",
  				   drv->ifname);
  			wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_ENABLED,
-@@ -1220,7 +1224,10 @@
+@@ -1197,13 +1202,41 @@
+ }
+ 
+ static int
++wpa_driver_bsd_set_rsn_wpa_ie(struct bsd_driver_data * drv,
++    struct wpa_driver_associate_params *params, const u8 *ie)
++{
++	int privacy;
++	size_t ie_len = ie[1] ? ie[1] + 2 : 0;
++
++	/* XXX error handling is wrong but unclear what to do... */
++	if (wpa_driver_bsd_set_wpa_ie(drv, ie, ie_len) < 0)
++		return -1;
++
++	privacy = !(params->pairwise_suite == WPA_CIPHER_NONE &&
++	    params->group_suite == WPA_CIPHER_NONE &&
++	    params->key_mgmt_suite == WPA_KEY_MGMT_NONE);
++	wpa_printf(MSG_DEBUG, "%s: set PRIVACY %u", __func__,
++	    privacy);
++
++	if (set80211param(drv, IEEE80211_IOC_PRIVACY, privacy) < 0)
++		return -1;
++
++	if (ie_len &&
++	    set80211param(drv, IEEE80211_IOC_WPA,
++	    ie[0] == WLAN_EID_RSN ? 2 : 1) < 0)
++		return -1;
++
++	return 0;
++}
++
++static int
+ wpa_driver_bsd_associate(void *priv, struct wpa_driver_associate_params *params)
+ {
+ 	struct bsd_driver_data *drv = priv;
+ 	struct ieee80211req_mlme mlme;
+ 	u32 mode;
+-	int privacy;
+ 	int ret = 0;
++	const u8 *wpa_ie, *rsn_ie;
+ 
+ 	wpa_printf(MSG_DEBUG,
+ 		"%s: ssid '%.*s' wpa ie len %u pairwise %u group %u key mgmt %u"
+@@ -1220,7 +1253,10 @@
  		mode = 0 /* STA */;
  		break;
  	case IEEE80211_MODE_IBSS:
@@ -33,21 +84,55 @@
  		break;
  	case IEEE80211_MODE_AP:
  		mode = IFM_IEEE80211_HOSTAP;
-@@ -1267,6 +1274,13 @@
- 			  params->wpa_ie[0] == WLAN_EID_RSN ? 2 : 1) < 0)
- 		return -1;
+@@ -1249,24 +1285,33 @@
+ 		ret = -1;
+ 	if (wpa_driver_bsd_set_auth_alg(drv, params->auth_alg) < 0)
+ 		ret = -1;
+-	/* XXX error handling is wrong but unclear what to do... */
+-	if (wpa_driver_bsd_set_wpa_ie(drv, params->wpa_ie, params->wpa_ie_len) < 0)
+-		return -1;
+ 
+-	privacy = !(params->pairwise_suite == WPA_CIPHER_NONE &&
+-	    params->group_suite == WPA_CIPHER_NONE &&
+-	    params->key_mgmt_suite == WPA_KEY_MGMT_NONE &&
+-	    params->wpa_ie_len == 0);
+-	wpa_printf(MSG_DEBUG, "%s: set PRIVACY %u", __func__, privacy);
++	if (params->wpa_ie_len) {
++		rsn_ie = get_ie(params->wpa_ie, params->wpa_ie_len,
++		    WLAN_EID_RSN);
++		if (rsn_ie) {
++			if (wpa_driver_bsd_set_rsn_wpa_ie(drv, params,
++			    rsn_ie) < 0)
++				return -1;
++		}
++		else {
++			wpa_ie = get_vendor_ie(params->wpa_ie,
++			    params->wpa_ie_len, WPA_IE_VENDOR_TYPE);
++			if (wpa_ie) {
++				if (wpa_driver_bsd_set_rsn_wpa_ie(drv, params,
++				    wpa_ie) < 0)
++					return -1;
++			}
++		}
++	}
  
+-	if (set80211param(drv, IEEE80211_IOC_PRIVACY, privacy) < 0)
 +	/*
 +	 * NB: interface must be marked UP for association
 +	 * or scanning (ap_scan=2)
 +	 */
 +	if (bsd_get_iface_flags(drv) < 0)
-+		return -1;
-+
+ 		return -1;
+ 
+-	if (params->wpa_ie_len &&
+-	    set80211param(drv, IEEE80211_IOC_WPA,
+-			  params->wpa_ie[0] == WLAN_EID_RSN ? 2 : 1) < 0)
+-		return -1;
+-
  	os_memset(&mlme, 0, sizeof(mlme));
  	mlme.im_op = IEEE80211_MLME_ASSOC;
  	if (params->ssid != NULL)
-@@ -1485,6 +1499,17 @@
+@@ -1485,6 +1530,17 @@
  	if (devcaps.dc_drivercaps & IEEE80211_C_WPA2)
  		drv->capa.key_mgmt = WPA_DRIVER_CAPA_KEY_MGMT_WPA2 |
  			WPA_DRIVER_CAPA_KEY_MGMT_WPA2_PSK;
@@ -65,7 +150,7 @@
  
  	if (devcaps.dc_cryptocaps & IEEE80211_CRYPTO_WEP)
  		drv->capa.enc |= WPA_DRIVER_CAPA_ENC_WEP40 |
-@@ -1493,6 +1518,7 @@
+@@ -1493,6 +1549,7 @@
  		drv->capa.enc |= WPA_DRIVER_CAPA_ENC_TKIP;
  	if (devcaps.dc_cryptocaps & IEEE80211_CRYPTO_AES_CCM)
  		drv->capa.enc |= WPA_DRIVER_CAPA_ENC_CCMP;
@@ -73,7 +158,7 @@
  
  	if (devcaps.dc_drivercaps & IEEE80211_C_HOSTAP)
  		drv->capa.flags |= WPA_DRIVER_FLAGS_AP;
-@@ -1545,6 +1571,8 @@
+@@ -1545,6 +1602,8 @@
  		}
  		if (ifmr.ifm_current & IFM_IEEE80211_HOSTAP)
  			return IEEE80211_M_HOSTAP;
diff --git a/security/wpa_supplicant-devel/Makefile b/security/wpa_supplicant-devel/Makefile
index 7beb397b67a2..efae4a6c5792 100644
--- a/security/wpa_supplicant-devel/Makefile
+++ b/security/wpa_supplicant-devel/Makefile
@@ -1,5 +1,6 @@
 PORTNAME=	wpa_supplicant
 PORTVERSION=	${COMMIT_DATE}
+PORTREVISION=	1
 CATEGORIES=	security net
 PKGNAMESUFFIX=	-devel
 
diff --git a/security/wpa_supplicant-devel/files/patch-src_drivers_driver__bsd.c b/security/wpa_supplicant-devel/files/patch-src_drivers_driver__bsd.c
index 6a400fd174c2..19470678ef08 100644
--- a/security/wpa_supplicant-devel/files/patch-src_drivers_driver__bsd.c
+++ b/security/wpa_supplicant-devel/files/patch-src_drivers_driver__bsd.c
@@ -1,6 +1,14 @@
---- src/drivers/driver_bsd.c.orig	2022-05-24 13:30:39.000000000 -0700
-+++ src/drivers/driver_bsd.c	2022-06-20 07:13:36.571991000 -0700
-@@ -853,14 +853,18 @@
+--- src/drivers/driver_bsd.c.orig	2022-06-20 04:39:26.000000000 -0700
++++ src/drivers/driver_bsd.c	2022-07-03 14:15:42.260043000 -0700
+@@ -14,6 +14,7 @@
+ #include "driver.h"
+ #include "eloop.h"
+ #include "common/ieee802_11_defs.h"
++#include "common/ieee802_11_common.h"
+ #include "common/wpa_common.h"
+ 
+ #include <ifaddrs.h>
+@@ -853,14 +854,18 @@
  		drv = bsd_get_drvindex(global, ifm->ifm_index);
  		if (drv == NULL)
  			return;
@@ -22,7 +30,50 @@
  			wpa_printf(MSG_DEBUG, "RTM_IFINFO: Interface '%s' UP",
  				   drv->ifname);
  			wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_ENABLED,
-@@ -1220,7 +1224,10 @@
+@@ -1197,13 +1202,41 @@
+ }
+ 
+ static int
++wpa_driver_bsd_set_rsn_wpa_ie(struct bsd_driver_data * drv,
++    struct wpa_driver_associate_params *params, const u8 *ie)
++{
++	int privacy;
++	size_t ie_len = ie[1] ? ie[1] + 2 : 0;
++
++	/* XXX error handling is wrong but unclear what to do... */
++	if (wpa_driver_bsd_set_wpa_ie(drv, ie, ie_len) < 0)
++		return -1;
++
++	privacy = !(params->pairwise_suite == WPA_CIPHER_NONE &&
++	    params->group_suite == WPA_CIPHER_NONE &&
++	    params->key_mgmt_suite == WPA_KEY_MGMT_NONE);
++	wpa_printf(MSG_DEBUG, "%s: set PRIVACY %u", __func__,
++	    privacy);
++
++	if (set80211param(drv, IEEE80211_IOC_PRIVACY, privacy) < 0)
++		return -1;
++
++	if (ie_len &&
++	    set80211param(drv, IEEE80211_IOC_WPA,
++	    ie[0] == WLAN_EID_RSN ? 2 : 1) < 0)
++		return -1;
++
++	return 0;
++}
++
++static int
+ wpa_driver_bsd_associate(void *priv, struct wpa_driver_associate_params *params)
+ {
+ 	struct bsd_driver_data *drv = priv;
+ 	struct ieee80211req_mlme mlme;
+ 	u32 mode;
+-	int privacy;
+ 	int ret = 0;
++	const u8 *wpa_ie, *rsn_ie;
+ 
+ 	wpa_printf(MSG_DEBUG,
+ 		"%s: ssid '%.*s' wpa ie len %u pairwise %u group %u key mgmt %u"
+@@ -1220,7 +1253,10 @@
  		mode = 0 /* STA */;
  		break;
  	case IEEE80211_MODE_IBSS:
@@ -33,21 +84,55 @@
  		break;
  	case IEEE80211_MODE_AP:
  		mode = IFM_IEEE80211_HOSTAP;
-@@ -1267,6 +1274,13 @@
- 			  params->wpa_ie[0] == WLAN_EID_RSN ? 2 : 1) < 0)
- 		return -1;
+@@ -1249,24 +1285,33 @@
+ 		ret = -1;
+ 	if (wpa_driver_bsd_set_auth_alg(drv, params->auth_alg) < 0)
+ 		ret = -1;
+-	/* XXX error handling is wrong but unclear what to do... */
+-	if (wpa_driver_bsd_set_wpa_ie(drv, params->wpa_ie, params->wpa_ie_len) < 0)
+-		return -1;
+ 
+-	privacy = !(params->pairwise_suite == WPA_CIPHER_NONE &&
+-	    params->group_suite == WPA_CIPHER_NONE &&
+-	    params->key_mgmt_suite == WPA_KEY_MGMT_NONE &&
+-	    params->wpa_ie_len == 0);
+-	wpa_printf(MSG_DEBUG, "%s: set PRIVACY %u", __func__, privacy);
++	if (params->wpa_ie_len) {
++		rsn_ie = get_ie(params->wpa_ie, params->wpa_ie_len,
++		    WLAN_EID_RSN);
++		if (rsn_ie) {
++			if (wpa_driver_bsd_set_rsn_wpa_ie(drv, params,
++			    rsn_ie) < 0)
++				return -1;
++		}
++		else {
++			wpa_ie = get_vendor_ie(params->wpa_ie,
++			    params->wpa_ie_len, WPA_IE_VENDOR_TYPE);
++			if (wpa_ie) {
++				if (wpa_driver_bsd_set_rsn_wpa_ie(drv, params,
++				    wpa_ie) < 0)
++					return -1;
++			}
++		}
++	}
  
+-	if (set80211param(drv, IEEE80211_IOC_PRIVACY, privacy) < 0)
 +	/*
 +	 * NB: interface must be marked UP for association
 +	 * or scanning (ap_scan=2)
 +	 */
 +	if (bsd_get_iface_flags(drv) < 0)
-+		return -1;
-+
+ 		return -1;
+ 
+-	if (params->wpa_ie_len &&
+-	    set80211param(drv, IEEE80211_IOC_WPA,
+-			  params->wpa_ie[0] == WLAN_EID_RSN ? 2 : 1) < 0)
+-		return -1;
+-
  	os_memset(&mlme, 0, sizeof(mlme));
  	mlme.im_op = IEEE80211_MLME_ASSOC;
  	if (params->ssid != NULL)
-@@ -1485,6 +1499,17 @@
+@@ -1485,6 +1530,17 @@
  	if (devcaps.dc_drivercaps & IEEE80211_C_WPA2)
  		drv->capa.key_mgmt = WPA_DRIVER_CAPA_KEY_MGMT_WPA2 |
  			WPA_DRIVER_CAPA_KEY_MGMT_WPA2_PSK;
@@ -65,7 +150,7 @@
  
  	if (devcaps.dc_cryptocaps & IEEE80211_CRYPTO_WEP)
  		drv->capa.enc |= WPA_DRIVER_CAPA_ENC_WEP40 |
-@@ -1493,6 +1518,7 @@
+@@ -1493,6 +1549,7 @@
  		drv->capa.enc |= WPA_DRIVER_CAPA_ENC_TKIP;
  	if (devcaps.dc_cryptocaps & IEEE80211_CRYPTO_AES_CCM)
  		drv->capa.enc |= WPA_DRIVER_CAPA_ENC_CCMP;
@@ -73,7 +158,7 @@
  
  	if (devcaps.dc_drivercaps & IEEE80211_C_HOSTAP)
  		drv->capa.flags |= WPA_DRIVER_FLAGS_AP;
-@@ -1545,6 +1571,8 @@
+@@ -1545,6 +1602,8 @@
  		}
  		if (ifmr.ifm_current & IFM_IEEE80211_HOSTAP)
  			return IEEE80211_M_HOSTAP;
diff --git a/security/wpa_supplicant/Makefile b/security/wpa_supplicant/Makefile
index 1b3e5889d2c6..d58333174c06 100644
--- a/security/wpa_supplicant/Makefile
+++ b/security/wpa_supplicant/Makefile
@@ -1,6 +1,6 @@
 PORTNAME=	wpa_supplicant
 PORTVERSION=	2.10
-PORTREVISION=	4
+PORTREVISION=	5
 CATEGORIES=	security net
 MASTER_SITES=	https://w1.fi/releases/
 
diff --git a/security/wpa_supplicant/files/patch-src_drivers_driver__bsd.c b/security/wpa_supplicant/files/patch-src_drivers_driver__bsd.c
index 440233164126..56df017d59d1 100644
--- a/security/wpa_supplicant/files/patch-src_drivers_driver__bsd.c
+++ b/security/wpa_supplicant/files/patch-src_drivers_driver__bsd.c
@@ -1,6 +1,14 @@
 --- src/drivers/driver_bsd.c.orig	2022-01-16 12:51:29.000000000 -0800
-+++ src/drivers/driver_bsd.c	2022-06-20 07:11:44.629814000 -0700
-@@ -853,14 +853,18 @@
++++ src/drivers/driver_bsd.c	2022-07-03 14:09:49.672011000 -0700
+@@ -14,6 +14,7 @@
+ #include "driver.h"
+ #include "eloop.h"
+ #include "common/ieee802_11_defs.h"
++#include "common/ieee802_11_common.h"
+ #include "common/wpa_common.h"
+ 
+ #include <ifaddrs.h>
+@@ -853,14 +854,18 @@
  		drv = bsd_get_drvindex(global, ifm->ifm_index);
  		if (drv == NULL)
  			return;
@@ -22,7 +30,50 @@
  			wpa_printf(MSG_DEBUG, "RTM_IFINFO: Interface '%s' UP",
  				   drv->ifname);
  			wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_ENABLED,
-@@ -1220,7 +1224,10 @@
+@@ -1197,13 +1202,41 @@
+ }
+ 
+ static int
++wpa_driver_bsd_set_rsn_wpa_ie(struct bsd_driver_data * drv,
++    struct wpa_driver_associate_params *params, const u8 *ie)
++{
++	int privacy;
++	size_t ie_len = ie[1] ? ie[1] + 2 : 0;
++
++	/* XXX error handling is wrong but unclear what to do... */
++	if (wpa_driver_bsd_set_wpa_ie(drv, ie, ie_len) < 0)
++		return -1;
++
++	privacy = !(params->pairwise_suite == WPA_CIPHER_NONE &&
++	    params->group_suite == WPA_CIPHER_NONE &&
++	    params->key_mgmt_suite == WPA_KEY_MGMT_NONE);
++	wpa_printf(MSG_DEBUG, "%s: set PRIVACY %u", __func__,
++	    privacy);
++
++	if (set80211param(drv, IEEE80211_IOC_PRIVACY, privacy) < 0)
++		return -1;
++
++	if (ie_len &&
++	    set80211param(drv, IEEE80211_IOC_WPA,
++	    ie[0] == WLAN_EID_RSN ? 2 : 1) < 0)
++		return -1;
++
++	return 0;
++}
++
++static int
+ wpa_driver_bsd_associate(void *priv, struct wpa_driver_associate_params *params)
+ {
+ 	struct bsd_driver_data *drv = priv;
+ 	struct ieee80211req_mlme mlme;
+ 	u32 mode;
+-	int privacy;
+ 	int ret = 0;
++	const u8 *wpa_ie, *rsn_ie;
+ 
+ 	wpa_printf(MSG_DEBUG,
+ 		"%s: ssid '%.*s' wpa ie len %u pairwise %u group %u key mgmt %u"
+@@ -1220,7 +1253,10 @@
  		mode = 0 /* STA */;
  		break;
  	case IEEE80211_MODE_IBSS:
@@ -33,21 +84,55 @@
  		break;
  	case IEEE80211_MODE_AP:
  		mode = IFM_IEEE80211_HOSTAP;
-@@ -1267,6 +1274,13 @@
- 			  params->wpa_ie[0] == WLAN_EID_RSN ? 2 : 1) < 0)
- 		return -1;
+@@ -1249,24 +1285,33 @@
+ 		ret = -1;
+ 	if (wpa_driver_bsd_set_auth_alg(drv, params->auth_alg) < 0)
+ 		ret = -1;
+-	/* XXX error handling is wrong but unclear what to do... */
+-	if (wpa_driver_bsd_set_wpa_ie(drv, params->wpa_ie, params->wpa_ie_len) < 0)
+-		return -1;
+ 
+-	privacy = !(params->pairwise_suite == WPA_CIPHER_NONE &&
+-	    params->group_suite == WPA_CIPHER_NONE &&
+-	    params->key_mgmt_suite == WPA_KEY_MGMT_NONE &&
+-	    params->wpa_ie_len == 0);
+-	wpa_printf(MSG_DEBUG, "%s: set PRIVACY %u", __func__, privacy);
++	if (params->wpa_ie_len) {
++		rsn_ie = get_ie(params->wpa_ie, params->wpa_ie_len,
++		    WLAN_EID_RSN);
++		if (rsn_ie) {
++			if (wpa_driver_bsd_set_rsn_wpa_ie(drv, params,
++			    rsn_ie) < 0)
++				return -1;
++		}
++		else {
++			wpa_ie = get_vendor_ie(params->wpa_ie,
++			    params->wpa_ie_len, WPA_IE_VENDOR_TYPE);
++			if (wpa_ie) {
++				if (wpa_driver_bsd_set_rsn_wpa_ie(drv, params,
++				    wpa_ie) < 0)
++					return -1;
++			}
++		}
++	}
  
+-	if (set80211param(drv, IEEE80211_IOC_PRIVACY, privacy) < 0)
 +	/*
 +	 * NB: interface must be marked UP for association
 +	 * or scanning (ap_scan=2)
 +	 */
 +	if (bsd_get_iface_flags(drv) < 0)
-+		return -1;
-+
+ 		return -1;
+ 
+-	if (params->wpa_ie_len &&
+-	    set80211param(drv, IEEE80211_IOC_WPA,
+-			  params->wpa_ie[0] == WLAN_EID_RSN ? 2 : 1) < 0)
+-		return -1;
+-
  	os_memset(&mlme, 0, sizeof(mlme));
  	mlme.im_op = IEEE80211_MLME_ASSOC;
  	if (params->ssid != NULL)
-@@ -1485,6 +1499,17 @@
+@@ -1485,6 +1530,17 @@
  	if (devcaps.dc_drivercaps & IEEE80211_C_WPA2)
  		drv->capa.key_mgmt = WPA_DRIVER_CAPA_KEY_MGMT_WPA2 |
  			WPA_DRIVER_CAPA_KEY_MGMT_WPA2_PSK;
@@ -65,7 +150,7 @@
  
  	if (devcaps.dc_cryptocaps & IEEE80211_CRYPTO_WEP)
  		drv->capa.enc |= WPA_DRIVER_CAPA_ENC_WEP40 |
-@@ -1493,6 +1518,7 @@
+@@ -1493,6 +1549,7 @@
  		drv->capa.enc |= WPA_DRIVER_CAPA_ENC_TKIP;
  	if (devcaps.dc_cryptocaps & IEEE80211_CRYPTO_AES_CCM)
  		drv->capa.enc |= WPA_DRIVER_CAPA_ENC_CCMP;
@@ -73,7 +158,7 @@
  
  	if (devcaps.dc_drivercaps & IEEE80211_C_HOSTAP)
  		drv->capa.flags |= WPA_DRIVER_FLAGS_AP;
-@@ -1545,6 +1571,8 @@
+@@ -1545,6 +1602,8 @@
  		}
  		if (ifmr.ifm_current & IFM_IEEE80211_HOSTAP)
  			return IEEE80211_M_HOSTAP;
author	J.R. Oldroyd <fbsd@opal.com>	2022-07-03 21:18:40 +0000
committer	Cy Schubert <cy@FreeBSD.org>	2022-07-03 21:33:18 +0000
commit	b3916c7a8d2599e99fabdc1735b095ff5a9f9381 (patch)
tree	e5fb895110487c24497f3d47ac68e443f2404c44
parent	cad6302bccdaef3b1fd9fd4ce8b1d26c24b32840 (diff)
download	ports-b3916c7a8d2599e99fabdc1735b095ff5a9f9381.tar.gz ports-b3916c7a8d2599e99fabdc1735b095ff5a9f9381.zip