Merge branch 'bugfix/wpa2_suiteb_192bit_and_eap_changes_v5.4' into 'release/v5.4'

Send disonnect event in connect fail for 192bit enterprise and add some fixes for wpa_supplicant(v5.4)

See merge request espressif/esp-idf!41587

components/esp_wifi/include/esp_wifi.h

@@ -1498,7 +1498,7 @@ esp_err_t esp_wifi_force_wakeup_release(void);
 /**
   * @brief     configure country
   *
-  * @attention 1. When ieee80211d_enabled, the country info of the AP to which
+  * @attention 1. When ieee80211d_enabled is enabled, the country info of the AP to which
   *               the station is connected is used. E.g. if the configured country is US
   *               and the country info of the AP to which the station is connected is JP
   *               then the country info that will be used is JP. If the station disconnected

components/wpa_supplicant/esp_supplicant/src/esp_eap_client.c

@@ -60,6 +60,7 @@ static struct eap_sm *gEapSm = NULL;
 
 static int eap_peer_sm_init(void);
 static void eap_peer_sm_deinit(void);
+static void eap_start_eapol(void *ctx, void *data);
 
 static int eap_sm_rx_eapol_internal(u8 *src_addr, u8 *buf, u32 len, uint8_t *bssid);
 static int wpa2_start_eapol_internal(void);
@@ -529,6 +530,10 @@ static int eap_sm_rx_eapol_internal(u8 *src_addr, u8 *buf, u32 len, uint8_t *bss
         return ESP_FAIL;
     }
 
+    if (!sm->eap_process_started) {
+        sm->eap_process_started = true;
+        eloop_cancel_timeout(eap_start_eapol, NULL, NULL);
+    }
     if (len < sizeof(*hdr) + sizeof(*ehdr)) {
         wpa_printf(MSG_DEBUG, "WPA: EAPOL frame too short to be a WPA "
                    "EAPOL-Key (len %lu, expecting at least %lu)",
@@ -612,15 +617,28 @@ _out:
     return ret;
 }
 
-static int wpa2_start_eapol(void)
+static void eap_start_eapol(void *ctx, void *data)
 {
 #ifdef USE_WPA2_TASK
-    return wpa2_post(SIG_WPA2_START, 0);
+    wpa2_post(SIG_WPA2_START, 0);
 #else
-    return wpa2_start_eapol_internal();
+    wpa2_start_eapol_internal();
 #endif
 }
 
+static int eap_start_eapol_timer(void)
+{
+    /*
+     * Do not send EAPOL-Start immediately since in most cases,
+     * Authenticator is going to start authentication immediately
+     * after association and an extra EAPOL-Start is just going to
+     * delay authentication. Use a short timeout to send the first
+     * EAPOL-Start if Authenticator does not start authentication.
+     */
+    eloop_register_timeout(2, 0, eap_start_eapol, NULL, NULL);
+    return 0;
+}
+
 static int wpa2_start_eapol_internal(void)
 {
     struct eap_sm *sm = gEapSm;
@@ -739,6 +757,7 @@ static int eap_peer_sm_init(void)
     wpa_printf(MSG_INFO, "wifi_task prio:%d, stack:%d", WPA2_TASK_PRIORITY, WPA2_TASK_STACK_SIZE);
 #endif
     sm->workaround = 1;
+    sm->eap_process_started = false;
     return ESP_OK;
 
 _err:
@@ -806,7 +825,7 @@ static esp_err_t esp_client_enable_fn(void *arg)
     }
 
     wpa2_cb->wpa2_sm_rx_eapol = wpa2_ent_rx_eapol;
-    wpa2_cb->wpa2_start = wpa2_start_eapol;
+    wpa2_cb->wpa2_start = eap_start_eapol_timer;
     wpa2_cb->wpa2_init = eap_peer_sm_init;
     wpa2_cb->wpa2_deinit = eap_peer_sm_deinit;
 

components/wpa_supplicant/src/eap_peer/eap_i.h

@@ -311,6 +311,7 @@ struct eap_sm {
 	size_t eapKeyDataLen;
 	struct wpabuf *lastRespData;
 	const struct eap_method *m;
+	bool eap_process_started;
 };
 
 typedef enum {

components/wpa_supplicant/src/rsn_supp/wpa.c

@@ -2377,7 +2377,7 @@ int wpa_set_bss(char *macddr, char * bssid, u8 pairwise_cipher, u8 group_cipher,
 	}
 #ifdef CONFIG_SUITEB192
         extern bool g_wpa_suiteb_certification;
-        if (g_wpa_suiteb_certification) {
+        if (is_wpa2_enterprise_connection() && g_wpa_suiteb_certification) {
             if (sm->mgmt_group_cipher != WPA_CIPHER_BIP_GMAC_256) {
                 wpa_printf(MSG_ERROR, "suite-b 192bit certification, only GMAC256 is supported");
                 return -1;