git: 995f5b9b0e4d - main - net/nhostapd*, security/wpa_supplicant*: Sync drivers_bsd.c from src
Date: Sat, 15 Mar 2025 22:44:26 UTC
The branch main has been updated by cy:
URL: https://cgit.FreeBSD.org/ports/commit/?id=995f5b9b0e4dc582efaf9fb961125af852cb3a57
commit 995f5b9b0e4dc582efaf9fb961125af852cb3a57
Author: Cy Schubert <cy@FreeBSD.org>
AuthorDate: 2025-03-13 20:46:17 +0000
Commit: Cy Schubert <cy@FreeBSD.org>
CommitDate: 2025-03-15 22:43:27 +0000
net/nhostapd*, security/wpa_supplicant*: Sync drivers_bsd.c from src
src/ commits to drviers_bsd.c in src have fixed a number of problems
with wpa_supplicant/hostapd and FreeBSD. Bring those changes into the
ports.
PR: 285371
Tested by: Matthias Apitz <guru@unixarea.de>
MFH 2025Q1
---
net/hostapd-devel/Makefile | 2 +-
.../files/patch-src_drivers_driver__bsd.c | 144 +++++++---
net/hostapd/Makefile | 2 +-
net/hostapd/files/patch-src_drivers_driver__bsd.c | 121 +++++---
security/wpa_supplicant-devel/Makefile | 2 +-
.../files/patch-src_drivers_driver__bsd.c | 144 +++++++---
security/wpa_supplicant/Makefile | 2 +-
.../files/patch-src_drivers_driver__bsd.c | 311 +++++++++++++++++++++
8 files changed, 623 insertions(+), 105 deletions(-)
diff --git a/net/hostapd-devel/Makefile b/net/hostapd-devel/Makefile
index d3343be5a39b..398649aee77a 100644
--- a/net/hostapd-devel/Makefile
+++ b/net/hostapd-devel/Makefile
@@ -1,6 +1,6 @@
PORTNAME= hostapd
PORTVERSION= ${COMMIT_DATE}
-PORTREVISION= 1
+PORTREVISION= 2
CATEGORIES= net
PKGNAMESUFFIX= -devel
diff --git a/net/hostapd-devel/files/patch-src_drivers_driver__bsd.c b/net/hostapd-devel/files/patch-src_drivers_driver__bsd.c
index eab6a22e82f3..c0f39bee6eeb 100644
--- a/net/hostapd-devel/files/patch-src_drivers_driver__bsd.c
+++ b/net/hostapd-devel/files/patch-src_drivers_driver__bsd.c
@@ -1,5 +1,5 @@
---- src/drivers/driver_bsd.c.orig 2024-09-01 06:39:57.000000000 -0700
-+++ src/drivers/driver_bsd.c 2024-09-13 15:40:52.262309000 -0700
+--- src/drivers/driver_bsd.c.orig 2025-02-15 11:51:02.000000000 -0800
++++ src/drivers/driver_bsd.c 2025-03-13 13:43:16.777368000 -0700
@@ -14,6 +14,7 @@
#include "driver.h"
#include "eloop.h"
@@ -19,14 +19,10 @@
struct ifreq ifr;
os_memset(&ifr, 0, sizeof(ifr));
-@@ -302,10 +304,37 @@
-
- if (ioctl(drv->global->sock, SIOCGIFFLAGS, &ifr) < 0) {
- wpa_printf(MSG_ERROR, "ioctl[SIOCGIFFLAGS]: %s",
-+ strerror(errno));
-+ return -1;
-+ }
-+ drv->flags = ifr.ifr_flags;
+@@ -306,7 +308,34 @@
+ return -1;
+ }
+ drv->flags = ifr.ifr_flags;
+
+
+ if (enable) {
@@ -41,23 +37,72 @@
+
+ if (ioctl(drv->global->sock, SIOCSIFFLAGS, &ifr) < 0) {
+ wpa_printf(MSG_ERROR, "ioctl[SIOCSIFFLAGS]: %s",
- strerror(errno));
- return -1;
- }
++ strerror(errno));
++ return -1;
++ }
+
+ wpa_printf(MSG_DEBUG, "%s: if %s (changed) enable %d IFF_UP %d ",
+ __func__, drv->ifname, enable, ((ifr.ifr_flags & IFF_UP) != 0));
+
- drv->flags = ifr.ifr_flags;
-+ return 0;
++ drv->flags = ifr.ifr_flags;
+ return 0;
+
+nochange:
+ wpa_printf(MSG_DEBUG, "%s: if %s (no change) enable %d IFF_UP %d ",
+ __func__, drv->ifname, enable, ((ifr.ifr_flags & IFF_UP) != 0));
- return 0;
++ return 0;
}
-@@ -525,7 +554,7 @@
+ static int
+@@ -325,9 +354,6 @@
+ const u8 *key = params->key;
+ size_t key_len = params->key_len;
+
+- if (params->key_flag & KEY_FLAG_NEXT)
+- return -1;
+-
+ wpa_printf(MSG_DEBUG, "%s: alg=%d addr=%p key_idx=%d set_tx=%d "
+ "seq_len=%zu key_len=%zu", __func__, alg, addr, key_idx,
+ set_tx, seq_len, key_len);
+@@ -352,6 +378,12 @@
+ case WPA_ALG_CCMP:
+ wk.ik_type = IEEE80211_CIPHER_AES_CCM;
+ break;
++ case WPA_ALG_GCMP:
++ wk.ik_type = IEEE80211_CIPHER_AES_GCM_128;
++ break;
++ case WPA_ALG_BIP_CMAC_128:
++ wk.ik_type = IEEE80211_CIPHER_BIP_CMAC_128;
++ break;
+ default:
+ wpa_printf(MSG_ERROR, "%s: unknown alg=%d", __func__, alg);
+ return -1;
+@@ -422,7 +454,13 @@
+ switch (params->wpa_group) {
+ case WPA_CIPHER_CCMP:
+ v = IEEE80211_CIPHER_AES_CCM;
++ break;
++ case WPA_CIPHER_GCMP:
++ v = IEEE80211_CIPHER_AES_GCM_128;
+ break;
++ case WPA_CIPHER_BIP_CMAC_128:
++ v = IEEE80211_CIPHER_BIP_CMAC_128;
++ break;
+ case WPA_CIPHER_TKIP:
+ v = IEEE80211_CIPHER_TKIP;
+ break;
+@@ -459,6 +497,10 @@
+ }
+
+ v = 0;
++ if (params->wpa_pairwise & WPA_CIPHER_BIP_CMAC_128)
++ v |= 1<<IEEE80211_CIPHER_BIP_CMAC_128;
++ if (params->wpa_pairwise & WPA_CIPHER_GCMP)
++ v |= 1<<IEEE80211_CIPHER_AES_GCM_128;
+ if (params->wpa_pairwise & WPA_CIPHER_CCMP)
+ v |= 1<<IEEE80211_CIPHER_AES_CCM;
+ if (params->wpa_pairwise & WPA_CIPHER_TKIP)
+@@ -528,7 +570,7 @@
__func__);
return -1;
}
@@ -66,7 +111,15 @@
}
static void
-@@ -853,14 +882,18 @@
+@@ -589,6 +631,7 @@
+ mode = IFM_IEEE80211_11B;
+ } else {
+ mode =
++ freq->vht_enabled ? IFM_IEEE80211_VHT5G :
+ freq->ht_enabled ? IFM_IEEE80211_11NA :
+ IFM_IEEE80211_11A;
+ }
+@@ -856,14 +899,18 @@
drv = bsd_get_drvindex(global, ifm->ifm_index);
if (drv == NULL)
return;
@@ -88,7 +141,17 @@
wpa_printf(MSG_DEBUG, "RTM_IFINFO: Interface '%s' UP",
drv->ifname);
wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_ENABLED,
-@@ -1027,7 +1060,8 @@
+@@ -1001,8 +1048,7 @@
+ }
+
+ static void *
+-bsd_init(struct hostapd_data *hapd, struct wpa_init_params *params,
+- enum wpa_p2p_mode p2p_mode)
++bsd_init(struct hostapd_data *hapd, struct wpa_init_params *params)
+ {
+ struct bsd_driver_data *drv;
+
+@@ -1031,7 +1077,8 @@
if (l2_packet_get_own_addr(drv->sock_xmit, params->own_addr))
goto bad;
@@ -98,7 +161,7 @@
goto bad;
if (bsd_set_mediaopt(drv, IFM_OMASK, IFM_IEEE80211_HOSTAP) < 0) {
-@@ -1052,12 +1086,13 @@
+@@ -1056,12 +1103,13 @@
{
struct bsd_driver_data *drv = priv;
@@ -113,10 +176,13 @@
static int
bsd_set_sta_authorized(void *priv, const u8 *addr,
unsigned int total_flags, unsigned int flags_or,
-@@ -1199,13 +1234,41 @@
- }
+@@ -1200,6 +1248,34 @@
+ struct bsd_driver_data *drv = ctx;
- static int
+ drv_event_eapol_rx(drv->ctx, src_addr, buf, len);
++}
++
++static int
+wpa_driver_bsd_set_rsn_wpa_ie(struct bsd_driver_data * drv,
+ struct wpa_driver_associate_params *params, const u8 *ie)
+{
@@ -142,11 +208,10 @@
+ return -1;
+
+ return 0;
-+}
-+
-+static int
- wpa_driver_bsd_associate(void *priv, struct wpa_driver_associate_params *params)
- {
+ }
+
+ static int
+@@ -1208,8 +1284,8 @@
struct bsd_driver_data *drv = priv;
struct ieee80211req_mlme mlme;
u32 mode;
@@ -156,7 +221,7 @@
wpa_printf(MSG_DEBUG,
"%s: ssid '%.*s' wpa ie len %u pairwise %u group %u key mgmt %u"
-@@ -1222,7 +1285,10 @@
+@@ -1226,7 +1302,10 @@
mode = 0 /* STA */;
break;
case IEEE80211_MODE_IBSS:
@@ -167,7 +232,7 @@
break;
case IEEE80211_MODE_AP:
mode = IFM_IEEE80211_HOSTAP;
-@@ -1251,22 +1317,31 @@
+@@ -1255,22 +1334,31 @@
ret = -1;
if (wpa_driver_bsd_set_auth_alg(drv, params->auth_alg) < 0)
ret = -1;
@@ -213,7 +278,7 @@
return -1;
os_memset(&mlme, 0, sizeof(mlme));
-@@ -1311,11 +1386,8 @@
+@@ -1315,11 +1403,8 @@
}
/* NB: interface must be marked UP to do a scan */
@@ -226,7 +291,18 @@
#ifdef IEEE80211_IOC_SCAN_MAX_SSID
os_memset(&sr, 0, sizeof(sr));
-@@ -1547,6 +1619,8 @@
+@@ -1499,6 +1584,10 @@
+ drv->capa.enc |= WPA_DRIVER_CAPA_ENC_TKIP;
+ if (devcaps.dc_cryptocaps & IEEE80211_CRYPTO_AES_CCM)
+ drv->capa.enc |= WPA_DRIVER_CAPA_ENC_CCMP;
++ if (devcaps.dc_cryptocaps & IEEE80211_CRYPTO_AES_GCM_128)
++ drv->capa.enc |= WPA_DRIVER_CAPA_ENC_GCMP;
++ if (devcaps.dc_cryptocaps & IEEE80211_CRYPTO_BIP_CMAC_128)
++ drv->capa.enc |= WPA_DRIVER_CAPA_ENC_BIP;
+
+ if (devcaps.dc_drivercaps & IEEE80211_C_HOSTAP)
+ drv->capa.flags |= WPA_DRIVER_FLAGS_AP;
+@@ -1551,6 +1640,8 @@
}
if (ifmr.ifm_current & IFM_IEEE80211_HOSTAP)
return IEEE80211_M_HOSTAP;
@@ -235,7 +311,7 @@
if (ifmr.ifm_current & IFM_IEEE80211_MONITOR)
return IEEE80211_M_MONITOR;
#ifdef IEEE80211_M_MBSS
-@@ -1607,7 +1681,7 @@
+@@ -1611,7 +1702,7 @@
drv->capa.key_mgmt_iftype[i] = drv->capa.key_mgmt;
/* Down interface during setup. */
@@ -244,7 +320,7 @@
goto fail;
/* Proven to work, lets go! */
-@@ -1631,6 +1705,9 @@
+@@ -1635,6 +1726,9 @@
if (drv->ifindex != 0 && !drv->if_removed) {
wpa_driver_bsd_set_wpa(drv, 0);
diff --git a/net/hostapd/Makefile b/net/hostapd/Makefile
index 8b6b2cf48a8a..5ea12eceec8b 100644
--- a/net/hostapd/Makefile
+++ b/net/hostapd/Makefile
@@ -1,6 +1,6 @@
PORTNAME= hostapd
PORTVERSION= 2.11
-PORTREVISION= 1
+PORTREVISION= 2
CATEGORIES= net
MASTER_SITES= https://w1.fi/releases/
diff --git a/net/hostapd/files/patch-src_drivers_driver__bsd.c b/net/hostapd/files/patch-src_drivers_driver__bsd.c
index 809575aeb356..5c6671c0d638 100644
--- a/net/hostapd/files/patch-src_drivers_driver__bsd.c
+++ b/net/hostapd/files/patch-src_drivers_driver__bsd.c
@@ -1,5 +1,5 @@
--- src/drivers/driver_bsd.c.orig 2024-07-20 11:04:37.000000000 -0700
-+++ src/drivers/driver_bsd.c 2024-09-13 15:39:20.543245000 -0700
++++ src/drivers/driver_bsd.c 2025-03-13 13:38:22.780127000 -0700
@@ -14,6 +14,7 @@
#include "driver.h"
#include "eloop.h"
@@ -19,14 +19,10 @@
struct ifreq ifr;
os_memset(&ifr, 0, sizeof(ifr));
-@@ -302,10 +304,37 @@
-
- if (ioctl(drv->global->sock, SIOCGIFFLAGS, &ifr) < 0) {
- wpa_printf(MSG_ERROR, "ioctl[SIOCGIFFLAGS]: %s",
-+ strerror(errno));
-+ return -1;
-+ }
-+ drv->flags = ifr.ifr_flags;
+@@ -306,7 +308,34 @@
+ return -1;
+ }
+ drv->flags = ifr.ifr_flags;
+
+
+ if (enable) {
@@ -41,23 +37,61 @@
+
+ if (ioctl(drv->global->sock, SIOCSIFFLAGS, &ifr) < 0) {
+ wpa_printf(MSG_ERROR, "ioctl[SIOCSIFFLAGS]: %s",
- strerror(errno));
- return -1;
- }
++ strerror(errno));
++ return -1;
++ }
+
+ wpa_printf(MSG_DEBUG, "%s: if %s (changed) enable %d IFF_UP %d ",
+ __func__, drv->ifname, enable, ((ifr.ifr_flags & IFF_UP) != 0));
+
- drv->flags = ifr.ifr_flags;
-+ return 0;
++ drv->flags = ifr.ifr_flags;
+ return 0;
+
+nochange:
+ wpa_printf(MSG_DEBUG, "%s: if %s (no change) enable %d IFF_UP %d ",
+ __func__, drv->ifname, enable, ((ifr.ifr_flags & IFF_UP) != 0));
- return 0;
++ return 0;
}
-@@ -525,7 +554,7 @@
+ static int
+@@ -349,6 +378,12 @@
+ case WPA_ALG_CCMP:
+ wk.ik_type = IEEE80211_CIPHER_AES_CCM;
+ break;
++ case WPA_ALG_GCMP:
++ wk.ik_type = IEEE80211_CIPHER_AES_GCM_128;
++ break;
++ case WPA_ALG_BIP_CMAC_128:
++ wk.ik_type = IEEE80211_CIPHER_BIP_CMAC_128;
++ break;
+ default:
+ wpa_printf(MSG_ERROR, "%s: unknown alg=%d", __func__, alg);
+ return -1;
+@@ -420,6 +455,12 @@
+ case WPA_CIPHER_CCMP:
+ v = IEEE80211_CIPHER_AES_CCM;
+ break;
++ case WPA_CIPHER_GCMP:
++ v = IEEE80211_CIPHER_AES_GCM_128;
++ break;
++ case WPA_CIPHER_BIP_CMAC_128:
++ v = IEEE80211_CIPHER_BIP_CMAC_128;
++ break;
+ case WPA_CIPHER_TKIP:
+ v = IEEE80211_CIPHER_TKIP;
+ break;
+@@ -456,6 +497,10 @@
+ }
+
+ v = 0;
++ if (params->wpa_pairwise & WPA_CIPHER_BIP_CMAC_128)
++ v |= 1<<IEEE80211_CIPHER_BIP_CMAC_128;
++ if (params->wpa_pairwise & WPA_CIPHER_GCMP)
++ v |= 1<<IEEE80211_CIPHER_AES_GCM_128;
+ if (params->wpa_pairwise & WPA_CIPHER_CCMP)
+ v |= 1<<IEEE80211_CIPHER_AES_CCM;
+ if (params->wpa_pairwise & WPA_CIPHER_TKIP)
+@@ -525,7 +570,7 @@
__func__);
return -1;
}
@@ -66,7 +100,15 @@
}
static void
-@@ -853,14 +882,18 @@
+@@ -586,6 +631,7 @@
+ mode = IFM_IEEE80211_11B;
+ } else {
+ mode =
++ freq->vht_enabled ? IFM_IEEE80211_VHT5G :
+ freq->ht_enabled ? IFM_IEEE80211_11NA :
+ IFM_IEEE80211_11A;
+ }
+@@ -853,14 +899,18 @@
drv = bsd_get_drvindex(global, ifm->ifm_index);
if (drv == NULL)
return;
@@ -88,7 +130,7 @@
wpa_printf(MSG_DEBUG, "RTM_IFINFO: Interface '%s' UP",
drv->ifname);
wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_ENABLED,
-@@ -1027,7 +1060,8 @@
+@@ -1027,7 +1077,8 @@
if (l2_packet_get_own_addr(drv->sock_xmit, params->own_addr))
goto bad;
@@ -98,7 +140,7 @@
goto bad;
if (bsd_set_mediaopt(drv, IFM_OMASK, IFM_IEEE80211_HOSTAP) < 0) {
-@@ -1052,12 +1086,13 @@
+@@ -1052,12 +1103,13 @@
{
struct bsd_driver_data *drv = priv;
@@ -113,10 +155,13 @@
static int
bsd_set_sta_authorized(void *priv, const u8 *addr,
unsigned int total_flags, unsigned int flags_or,
-@@ -1199,13 +1234,41 @@
- }
+@@ -1196,6 +1248,34 @@
+ struct bsd_driver_data *drv = ctx;
- static int
+ drv_event_eapol_rx(drv->ctx, src_addr, buf, len);
++}
++
++static int
+wpa_driver_bsd_set_rsn_wpa_ie(struct bsd_driver_data * drv,
+ struct wpa_driver_associate_params *params, const u8 *ie)
+{
@@ -142,11 +187,10 @@
+ return -1;
+
+ return 0;
-+}
-+
-+static int
- wpa_driver_bsd_associate(void *priv, struct wpa_driver_associate_params *params)
- {
+ }
+
+ static int
+@@ -1204,8 +1284,8 @@
struct bsd_driver_data *drv = priv;
struct ieee80211req_mlme mlme;
u32 mode;
@@ -156,7 +200,7 @@
wpa_printf(MSG_DEBUG,
"%s: ssid '%.*s' wpa ie len %u pairwise %u group %u key mgmt %u"
-@@ -1222,7 +1285,10 @@
+@@ -1222,7 +1302,10 @@
mode = 0 /* STA */;
break;
case IEEE80211_MODE_IBSS:
@@ -167,7 +211,7 @@
break;
case IEEE80211_MODE_AP:
mode = IFM_IEEE80211_HOSTAP;
-@@ -1251,22 +1317,31 @@
+@@ -1251,22 +1334,31 @@
ret = -1;
if (wpa_driver_bsd_set_auth_alg(drv, params->auth_alg) < 0)
ret = -1;
@@ -213,7 +257,7 @@
return -1;
os_memset(&mlme, 0, sizeof(mlme));
-@@ -1311,11 +1386,8 @@
+@@ -1311,11 +1403,8 @@
}
/* NB: interface must be marked UP to do a scan */
@@ -226,7 +270,18 @@
#ifdef IEEE80211_IOC_SCAN_MAX_SSID
os_memset(&sr, 0, sizeof(sr));
-@@ -1547,6 +1619,8 @@
+@@ -1495,6 +1584,10 @@
+ drv->capa.enc |= WPA_DRIVER_CAPA_ENC_TKIP;
+ if (devcaps.dc_cryptocaps & IEEE80211_CRYPTO_AES_CCM)
+ drv->capa.enc |= WPA_DRIVER_CAPA_ENC_CCMP;
++ if (devcaps.dc_cryptocaps & IEEE80211_CRYPTO_AES_GCM_128)
++ drv->capa.enc |= WPA_DRIVER_CAPA_ENC_GCMP;
++ if (devcaps.dc_cryptocaps & IEEE80211_CRYPTO_BIP_CMAC_128)
++ drv->capa.enc |= WPA_DRIVER_CAPA_ENC_BIP;
+
+ if (devcaps.dc_drivercaps & IEEE80211_C_HOSTAP)
+ drv->capa.flags |= WPA_DRIVER_FLAGS_AP;
+@@ -1547,6 +1640,8 @@
}
if (ifmr.ifm_current & IFM_IEEE80211_HOSTAP)
return IEEE80211_M_HOSTAP;
@@ -235,7 +290,7 @@
if (ifmr.ifm_current & IFM_IEEE80211_MONITOR)
return IEEE80211_M_MONITOR;
#ifdef IEEE80211_M_MBSS
-@@ -1607,7 +1681,7 @@
+@@ -1607,7 +1702,7 @@
drv->capa.key_mgmt_iftype[i] = drv->capa.key_mgmt;
/* Down interface during setup. */
@@ -244,7 +299,7 @@
goto fail;
/* Proven to work, lets go! */
-@@ -1631,6 +1705,9 @@
+@@ -1631,6 +1726,9 @@
if (drv->ifindex != 0 && !drv->if_removed) {
wpa_driver_bsd_set_wpa(drv, 0);
diff --git a/security/wpa_supplicant-devel/Makefile b/security/wpa_supplicant-devel/Makefile
index 479a59e2a2eb..dca2b705e7b3 100644
--- a/security/wpa_supplicant-devel/Makefile
+++ b/security/wpa_supplicant-devel/Makefile
@@ -1,6 +1,6 @@
PORTNAME= wpa_supplicant
PORTVERSION= ${COMMIT_DATE}
-PORTREVISION= 2
+PORTREVISION= 3
CATEGORIES= security net
PKGNAMESUFFIX= -devel
diff --git a/security/wpa_supplicant-devel/files/patch-src_drivers_driver__bsd.c b/security/wpa_supplicant-devel/files/patch-src_drivers_driver__bsd.c
index 51293391dff4..61003e755553 100644
--- a/security/wpa_supplicant-devel/files/patch-src_drivers_driver__bsd.c
+++ b/security/wpa_supplicant-devel/files/patch-src_drivers_driver__bsd.c
@@ -1,5 +1,5 @@
---- src/drivers/driver_bsd.c.orig 2024-09-01 06:39:57.000000000 -0700
-+++ src/drivers/driver_bsd.c 2024-09-13 15:36:17.326062000 -0700
+--- src/drivers/driver_bsd.c.orig 2025-02-15 11:51:02.000000000 -0800
++++ src/drivers/driver_bsd.c 2025-03-13 13:42:51.318078000 -0700
@@ -14,6 +14,7 @@
#include "driver.h"
#include "eloop.h"
@@ -19,14 +19,10 @@
struct ifreq ifr;
os_memset(&ifr, 0, sizeof(ifr));
-@@ -302,10 +304,37 @@
-
- if (ioctl(drv->global->sock, SIOCGIFFLAGS, &ifr) < 0) {
- wpa_printf(MSG_ERROR, "ioctl[SIOCGIFFLAGS]: %s",
-+ strerror(errno));
-+ return -1;
-+ }
-+ drv->flags = ifr.ifr_flags;
+@@ -306,7 +308,34 @@
+ return -1;
+ }
+ drv->flags = ifr.ifr_flags;
+
+
+ if (enable) {
@@ -41,23 +37,72 @@
+
+ if (ioctl(drv->global->sock, SIOCSIFFLAGS, &ifr) < 0) {
+ wpa_printf(MSG_ERROR, "ioctl[SIOCSIFFLAGS]: %s",
- strerror(errno));
- return -1;
- }
++ strerror(errno));
++ return -1;
++ }
+
+ wpa_printf(MSG_DEBUG, "%s: if %s (changed) enable %d IFF_UP %d ",
+ __func__, drv->ifname, enable, ((ifr.ifr_flags & IFF_UP) != 0));
+
- drv->flags = ifr.ifr_flags;
-+ return 0;
++ drv->flags = ifr.ifr_flags;
+ return 0;
+
+nochange:
+ wpa_printf(MSG_DEBUG, "%s: if %s (no change) enable %d IFF_UP %d ",
+ __func__, drv->ifname, enable, ((ifr.ifr_flags & IFF_UP) != 0));
- return 0;
++ return 0;
}
-@@ -525,7 +554,7 @@
+ static int
+@@ -325,9 +354,6 @@
+ const u8 *key = params->key;
+ size_t key_len = params->key_len;
+
+- if (params->key_flag & KEY_FLAG_NEXT)
+- return -1;
+-
+ wpa_printf(MSG_DEBUG, "%s: alg=%d addr=%p key_idx=%d set_tx=%d "
+ "seq_len=%zu key_len=%zu", __func__, alg, addr, key_idx,
+ set_tx, seq_len, key_len);
+@@ -352,6 +378,12 @@
+ case WPA_ALG_CCMP:
+ wk.ik_type = IEEE80211_CIPHER_AES_CCM;
+ break;
++ case WPA_ALG_GCMP:
++ wk.ik_type = IEEE80211_CIPHER_AES_GCM_128;
++ break;
++ case WPA_ALG_BIP_CMAC_128:
++ wk.ik_type = IEEE80211_CIPHER_BIP_CMAC_128;
++ break;
+ default:
+ wpa_printf(MSG_ERROR, "%s: unknown alg=%d", __func__, alg);
+ return -1;
+@@ -422,7 +454,13 @@
+ switch (params->wpa_group) {
+ case WPA_CIPHER_CCMP:
+ v = IEEE80211_CIPHER_AES_CCM;
++ break;
++ case WPA_CIPHER_GCMP:
++ v = IEEE80211_CIPHER_AES_GCM_128;
+ break;
++ case WPA_CIPHER_BIP_CMAC_128:
++ v = IEEE80211_CIPHER_BIP_CMAC_128;
++ break;
+ case WPA_CIPHER_TKIP:
+ v = IEEE80211_CIPHER_TKIP;
+ break;
+@@ -459,6 +497,10 @@
+ }
+
+ v = 0;
++ if (params->wpa_pairwise & WPA_CIPHER_BIP_CMAC_128)
++ v |= 1<<IEEE80211_CIPHER_BIP_CMAC_128;
++ if (params->wpa_pairwise & WPA_CIPHER_GCMP)
++ v |= 1<<IEEE80211_CIPHER_AES_GCM_128;
+ if (params->wpa_pairwise & WPA_CIPHER_CCMP)
+ v |= 1<<IEEE80211_CIPHER_AES_CCM;
+ if (params->wpa_pairwise & WPA_CIPHER_TKIP)
+@@ -528,7 +570,7 @@
__func__);
return -1;
}
@@ -66,7 +111,15 @@
}
static void
-@@ -853,14 +882,18 @@
+@@ -589,6 +631,7 @@
+ mode = IFM_IEEE80211_11B;
+ } else {
+ mode =
++ freq->vht_enabled ? IFM_IEEE80211_VHT5G :
+ freq->ht_enabled ? IFM_IEEE80211_11NA :
+ IFM_IEEE80211_11A;
+ }
+@@ -856,14 +899,18 @@
drv = bsd_get_drvindex(global, ifm->ifm_index);
if (drv == NULL)
return;
@@ -88,7 +141,17 @@
wpa_printf(MSG_DEBUG, "RTM_IFINFO: Interface '%s' UP",
drv->ifname);
wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_ENABLED,
-@@ -1027,7 +1060,8 @@
+@@ -1001,8 +1048,7 @@
+ }
+
+ static void *
+-bsd_init(struct hostapd_data *hapd, struct wpa_init_params *params,
+- enum wpa_p2p_mode p2p_mode)
++bsd_init(struct hostapd_data *hapd, struct wpa_init_params *params)
+ {
+ struct bsd_driver_data *drv;
+
+@@ -1031,7 +1077,8 @@
if (l2_packet_get_own_addr(drv->sock_xmit, params->own_addr))
goto bad;
@@ -98,7 +161,7 @@
goto bad;
if (bsd_set_mediaopt(drv, IFM_OMASK, IFM_IEEE80211_HOSTAP) < 0) {
-@@ -1052,12 +1086,13 @@
+@@ -1056,12 +1103,13 @@
{
struct bsd_driver_data *drv = priv;
@@ -113,10 +176,13 @@
static int
bsd_set_sta_authorized(void *priv, const u8 *addr,
unsigned int total_flags, unsigned int flags_or,
-@@ -1199,13 +1234,41 @@
- }
+@@ -1200,6 +1248,34 @@
+ struct bsd_driver_data *drv = ctx;
- static int
+ drv_event_eapol_rx(drv->ctx, src_addr, buf, len);
++}
++
++static int
+wpa_driver_bsd_set_rsn_wpa_ie(struct bsd_driver_data * drv,
+ struct wpa_driver_associate_params *params, const u8 *ie)
+{
@@ -142,11 +208,10 @@
+ return -1;
+
+ return 0;
-+}
-+
-+static int
- wpa_driver_bsd_associate(void *priv, struct wpa_driver_associate_params *params)
- {
+ }
+
+ static int
+@@ -1208,8 +1284,8 @@
struct bsd_driver_data *drv = priv;
struct ieee80211req_mlme mlme;
u32 mode;
@@ -156,7 +221,7 @@
wpa_printf(MSG_DEBUG,
"%s: ssid '%.*s' wpa ie len %u pairwise %u group %u key mgmt %u"
-@@ -1222,7 +1285,10 @@
+@@ -1226,7 +1302,10 @@
mode = 0 /* STA */;
break;
case IEEE80211_MODE_IBSS:
@@ -167,7 +232,7 @@
break;
case IEEE80211_MODE_AP:
mode = IFM_IEEE80211_HOSTAP;
-@@ -1251,22 +1317,31 @@
+@@ -1255,22 +1334,31 @@
ret = -1;
if (wpa_driver_bsd_set_auth_alg(drv, params->auth_alg) < 0)
ret = -1;
@@ -213,7 +278,7 @@
return -1;
os_memset(&mlme, 0, sizeof(mlme));
-@@ -1311,11 +1386,8 @@
+@@ -1315,11 +1403,8 @@
}
/* NB: interface must be marked UP to do a scan */
@@ -226,7 +291,18 @@
#ifdef IEEE80211_IOC_SCAN_MAX_SSID
os_memset(&sr, 0, sizeof(sr));
-@@ -1547,6 +1619,8 @@
+@@ -1499,6 +1584,10 @@
+ drv->capa.enc |= WPA_DRIVER_CAPA_ENC_TKIP;
+ if (devcaps.dc_cryptocaps & IEEE80211_CRYPTO_AES_CCM)
+ drv->capa.enc |= WPA_DRIVER_CAPA_ENC_CCMP;
++ if (devcaps.dc_cryptocaps & IEEE80211_CRYPTO_AES_GCM_128)
++ drv->capa.enc |= WPA_DRIVER_CAPA_ENC_GCMP;
++ if (devcaps.dc_cryptocaps & IEEE80211_CRYPTO_BIP_CMAC_128)
++ drv->capa.enc |= WPA_DRIVER_CAPA_ENC_BIP;
+
+ if (devcaps.dc_drivercaps & IEEE80211_C_HOSTAP)
+ drv->capa.flags |= WPA_DRIVER_FLAGS_AP;
+@@ -1551,6 +1640,8 @@
}
if (ifmr.ifm_current & IFM_IEEE80211_HOSTAP)
return IEEE80211_M_HOSTAP;
@@ -235,7 +311,7 @@
if (ifmr.ifm_current & IFM_IEEE80211_MONITOR)
return IEEE80211_M_MONITOR;
#ifdef IEEE80211_M_MBSS
-@@ -1607,7 +1681,7 @@
+@@ -1611,7 +1702,7 @@
drv->capa.key_mgmt_iftype[i] = drv->capa.key_mgmt;
/* Down interface during setup. */
@@ -244,7 +320,7 @@
goto fail;
/* Proven to work, lets go! */
-@@ -1631,6 +1705,9 @@
+@@ -1635,6 +1726,9 @@
if (drv->ifindex != 0 && !drv->if_removed) {
wpa_driver_bsd_set_wpa(drv, 0);
diff --git a/security/wpa_supplicant/Makefile b/security/wpa_supplicant/Makefile
index 6f30219ddbb5..31b46b93b9a0 100644
--- a/security/wpa_supplicant/Makefile
+++ b/security/wpa_supplicant/Makefile
@@ -1,6 +1,6 @@
PORTNAME= wpa_supplicant
PORTVERSION= 2.11
-PORTREVISION= 3
+PORTREVISION= 4
CATEGORIES= security net
MASTER_SITES= https://w1.fi/releases/
diff --git a/security/wpa_supplicant/files/patch-src_drivers_driver__bsd.c b/security/wpa_supplicant/files/patch-src_drivers_driver__bsd.c
new file mode 100644
index 000000000000..19bf94621aaa
--- /dev/null
+++ b/security/wpa_supplicant/files/patch-src_drivers_driver__bsd.c
@@ -0,0 +1,311 @@
+--- src/drivers/driver_bsd.c.orig 2024-07-20 11:04:37.000000000 -0700
++++ src/drivers/driver_bsd.c 2025-03-13 13:35:55.927279000 -0700
+@@ -14,6 +14,7 @@
+ #include "driver.h"
+ #include "eloop.h"
+ #include "common/ieee802_11_defs.h"
++#include "common/ieee802_11_common.h"
+ #include "common/wpa_common.h"
+
+ #include <ifaddrs.h>
+@@ -293,8 +294,9 @@
+ }
+
+ static int
+-bsd_get_iface_flags(struct bsd_driver_data *drv)
++bsd_ctrl_iface(void *priv, int enable)
+ {
++ struct bsd_driver_data *drv = priv;
+ struct ifreq ifr;
+
+ os_memset(&ifr, 0, sizeof(ifr));
+@@ -306,7 +308,34 @@
+ return -1;
+ }
+ drv->flags = ifr.ifr_flags;
++
++
++ if (enable) {
++ if (ifr.ifr_flags & IFF_UP)
++ goto nochange;
++ ifr.ifr_flags |= IFF_UP;
++ } else {
++ if (!(ifr.ifr_flags & IFF_UP))
++ goto nochange;
++ ifr.ifr_flags &= ~IFF_UP;
++ }
++
++ if (ioctl(drv->global->sock, SIOCSIFFLAGS, &ifr) < 0) {
++ wpa_printf(MSG_ERROR, "ioctl[SIOCSIFFLAGS]: %s",
++ strerror(errno));
++ return -1;
++ }
++
++ wpa_printf(MSG_DEBUG, "%s: if %s (changed) enable %d IFF_UP %d ",
++ __func__, drv->ifname, enable, ((ifr.ifr_flags & IFF_UP) != 0));
++
++ drv->flags = ifr.ifr_flags;
+ return 0;
++
++nochange:
++ wpa_printf(MSG_DEBUG, "%s: if %s (no change) enable %d IFF_UP %d ",
++ __func__, drv->ifname, enable, ((ifr.ifr_flags & IFF_UP) != 0));
++ return 0;
+ }
+
+ static int
+@@ -349,6 +378,12 @@
+ case WPA_ALG_CCMP:
+ wk.ik_type = IEEE80211_CIPHER_AES_CCM;
+ break;
++ case WPA_ALG_GCMP:
++ wk.ik_type = IEEE80211_CIPHER_AES_GCM_128;
++ break;
++ case WPA_ALG_BIP_CMAC_128:
++ wk.ik_type = IEEE80211_CIPHER_BIP_CMAC_128;
++ break;
+ default:
+ wpa_printf(MSG_ERROR, "%s: unknown alg=%d", __func__, alg);
+ return -1;
+@@ -420,6 +455,12 @@
+ case WPA_CIPHER_CCMP:
+ v = IEEE80211_CIPHER_AES_CCM;
+ break;
++ case WPA_CIPHER_GCMP:
++ v = IEEE80211_CIPHER_AES_GCM_128;
++ break;
++ case WPA_CIPHER_BIP_CMAC_128:
++ v = IEEE80211_CIPHER_BIP_CMAC_128;
++ break;
+ case WPA_CIPHER_TKIP:
+ v = IEEE80211_CIPHER_TKIP;
+ break;
+@@ -456,6 +497,10 @@
+ }
+
+ v = 0;
++ if (params->wpa_pairwise & WPA_CIPHER_BIP_CMAC_128)
++ v |= 1<<IEEE80211_CIPHER_BIP_CMAC_128;
++ if (params->wpa_pairwise & WPA_CIPHER_GCMP)
++ v |= 1<<IEEE80211_CIPHER_AES_GCM_128;
+ if (params->wpa_pairwise & WPA_CIPHER_CCMP)
+ v |= 1<<IEEE80211_CIPHER_AES_CCM;
+ if (params->wpa_pairwise & WPA_CIPHER_TKIP)
+@@ -525,7 +570,7 @@
+ __func__);
+ return -1;
+ }
+- return 0;
++ return bsd_ctrl_iface(priv, 1);
+ }
+
+ static void
+@@ -586,6 +631,7 @@
+ mode = IFM_IEEE80211_11B;
+ } else {
+ mode =
++ freq->vht_enabled ? IFM_IEEE80211_VHT5G :
+ freq->ht_enabled ? IFM_IEEE80211_11NA :
+ IFM_IEEE80211_11A;
+ }
+@@ -853,14 +899,18 @@
+ drv = bsd_get_drvindex(global, ifm->ifm_index);
+ if (drv == NULL)
+ return;
+- if ((ifm->ifm_flags & IFF_UP) == 0 &&
+- (drv->flags & IFF_UP) != 0) {
++ if (((ifm->ifm_flags & IFF_UP) == 0 ||
++ (ifm->ifm_flags & IFF_RUNNING) == 0) &&
++ (drv->flags & IFF_UP) != 0 &&
++ (drv->flags & IFF_RUNNING) != 0) {
+ wpa_printf(MSG_DEBUG, "RTM_IFINFO: Interface '%s' DOWN",
+ drv->ifname);
+ wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_DISABLED,
+ NULL);
+ } else if ((ifm->ifm_flags & IFF_UP) != 0 &&
+- (drv->flags & IFF_UP) == 0) {
++ (ifm->ifm_flags & IFF_RUNNING) != 0 &&
++ ((drv->flags & IFF_UP) == 0 ||
++ (drv->flags & IFF_RUNNING) == 0)) {
+ wpa_printf(MSG_DEBUG, "RTM_IFINFO: Interface '%s' UP",
+ drv->ifname);
+ wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_ENABLED,
+@@ -1027,7 +1077,8 @@
+ if (l2_packet_get_own_addr(drv->sock_xmit, params->own_addr))
+ goto bad;
+
+- if (bsd_get_iface_flags(drv) < 0)
++ /* mark down during setup */
++ if (bsd_ctrl_iface(drv, 0) < 0)
+ goto bad;
+
+ if (bsd_set_mediaopt(drv, IFM_OMASK, IFM_IEEE80211_HOSTAP) < 0) {
+@@ -1052,12 +1103,13 @@
+ {
+ struct bsd_driver_data *drv = priv;
+
++ if (drv->ifindex != 0)
++ bsd_ctrl_iface(drv, 0);
+ if (drv->sock_xmit != NULL)
+ l2_packet_deinit(drv->sock_xmit);
+ os_free(drv);
+ }
+
+-
+ static int
+ bsd_set_sta_authorized(void *priv, const u8 *addr,
+ unsigned int total_flags, unsigned int flags_or,
+@@ -1196,6 +1248,34 @@
+ struct bsd_driver_data *drv = ctx;
+
+ drv_event_eapol_rx(drv->ctx, src_addr, buf, len);
++}
*** 149 LINES SKIPPED ***