From fdbb3da1b4069c47e441ea2ea410484306443ffc Mon Sep 17 00:00:00 2001 From: Kapil Gupta Date: Wed, 25 Aug 2021 12:55:29 +0530 Subject: [PATCH 1/7] wpa_supplicant: Correct task deletion for RRM and DPP tasks Closes https://github.com/espressif/esp-idf/issues/7409 --- .../src/esp_supplicant/esp_common.c | 28 +++++++++----- .../src/esp_supplicant/esp_dpp.c | 38 ++++++++++++++----- 2 files changed, 47 insertions(+), 19 deletions(-) diff --git a/components/wpa_supplicant/src/esp_supplicant/esp_common.c b/components/wpa_supplicant/src/esp_supplicant/esp_common.c index a2e35d679f..828804bad7 100644 --- a/components/wpa_supplicant/src/esp_supplicant/esp_common.c +++ b/components/wpa_supplicant/src/esp_supplicant/esp_common.c @@ -220,8 +220,8 @@ static void esp_supplicant_sta_conn_handler(void* arg, esp_event_base_t event_ba esp_clear_bssid_flag(wpa_s); } -static void esp_supplicant_sta_disconn_handler(void* arg, esp_event_base_t event_base, - int32_t event_id, void* event_data) +static void supplicant_sta_disconn_handler(void* arg, esp_event_base_t event_base, + int32_t event_id, void* event_data) { struct wpa_supplicant *wpa_s = &g_wpa_supp; wpas_rrm_reset(wpa_s); @@ -250,7 +250,7 @@ void esp_supplicant_common_init(struct wpa_funcs *wpa_cb) esp_event_handler_register(WIFI_EVENT, WIFI_EVENT_STA_CONNECTED, &esp_supplicant_sta_conn_handler, NULL); esp_event_handler_register(WIFI_EVENT, WIFI_EVENT_STA_DISCONNECTED, - &esp_supplicant_sta_disconn_handler, NULL); + &supplicant_sta_disconn_handler, NULL); wpa_s->type = 0; wpa_s->subtype = 0; @@ -261,16 +261,19 @@ void esp_supplicant_common_deinit(void) { struct wpa_supplicant *wpa_s = &g_wpa_supp; - if (esp_supplicant_post_evt(SIG_SUPPLICANT_DEL_TASK, 0) != 0) { - wpa_printf(MSG_ERROR, "failed to send task delete event"); - } esp_scan_deinit(wpa_s); wpas_rrm_reset(wpa_s); wpas_clear_beacon_rep_data(wpa_s); esp_event_handler_unregister(WIFI_EVENT, WIFI_EVENT_STA_CONNECTED, &esp_supplicant_sta_conn_handler); esp_event_handler_unregister(WIFI_EVENT, WIFI_EVENT_STA_DISCONNECTED, - &esp_supplicant_sta_disconn_handler); + &supplicant_sta_disconn_handler); + wpa_s->type = 0; + wpa_s->subtype = 0; + esp_wifi_register_mgmt_frame_internal(wpa_s->type, wpa_s->subtype); + if (esp_supplicant_post_evt(SIG_SUPPLICANT_DEL_TASK, 0) != 0) { + wpa_printf(MSG_ERROR, "failed to send task delete event"); + } } int esp_rrm_send_neighbor_rep_request(neighbor_rep_request_cb cb, @@ -390,13 +393,20 @@ int esp_supplicant_post_evt(uint32_t evt_id, uint32_t data) evt->id = evt_id; evt->data = data; - SUPPLICANT_API_LOCK(); + /* Make sure lock exists before taking it */ + if (s_supplicant_api_lock) { + SUPPLICANT_API_LOCK(); + } else { + return -1; + } if (xQueueSend(s_supplicant_evt_queue, &evt, 10 / portTICK_PERIOD_MS ) != pdPASS) { SUPPLICANT_API_UNLOCK(); os_free(evt); return -1; } - SUPPLICANT_API_UNLOCK(); + if (evt_id != SIG_SUPPLICANT_DEL_TASK) { + SUPPLICANT_API_UNLOCK(); + } return 0; } diff --git a/components/wpa_supplicant/src/esp_supplicant/esp_dpp.c b/components/wpa_supplicant/src/esp_supplicant/esp_dpp.c index 22f986b521..1dcdf6688e 100644 --- a/components/wpa_supplicant/src/esp_supplicant/esp_dpp.c +++ b/components/wpa_supplicant/src/esp_supplicant/esp_dpp.c @@ -42,22 +42,36 @@ struct action_rx_param { static int esp_dpp_post_evt(uint32_t evt_id, uint32_t data) { - DPP_API_LOCK(); - dpp_event_t *evt = os_zalloc(sizeof(dpp_event_t)); + int ret = ESP_OK; + if (evt == NULL) { - DPP_API_UNLOCK(); - return ESP_ERR_NO_MEM; + ret = ESP_ERR_NO_MEM; + goto end; } evt->id = evt_id; evt->data = data; - if ( xQueueSend(s_dpp_evt_queue, &evt, 10 / portTICK_PERIOD_MS ) != pdPASS) { - DPP_API_UNLOCK(); - os_free(evt); - return ESP_ERR_DPP_FAILURE; + if (s_dpp_api_lock) { + DPP_API_LOCK(); + } else { + ret = ESP_ERR_DPP_FAILURE; + goto end; } - DPP_API_UNLOCK(); - return ESP_OK; + if (xQueueSend(s_dpp_evt_queue, &evt, 10 / portTICK_PERIOD_MS ) != pdPASS) { + DPP_API_UNLOCK(); + ret = ESP_ERR_DPP_FAILURE; + goto end; + } + if (evt_id != SIG_DPP_DEL_TASK) { + DPP_API_UNLOCK(); + } + + return ret; +end: + if (evt) { + os_free(evt); + } + return ret; } static void esp_dpp_call_cb(esp_supp_dpp_event_t evt, void *data) @@ -654,6 +668,10 @@ void esp_supp_dpp_deinit(void) params->key = NULL; } + esp_event_handler_unregister(WIFI_EVENT, WIFI_EVENT_ACTION_TX_STATUS, + &offchan_event_handler); + esp_event_handler_unregister(WIFI_EVENT, WIFI_EVENT_ROC_DONE, + &offchan_event_handler); s_dpp_auth_retries = 0; dpp_global_deinit(s_dpp_ctx.dpp_global); esp_dpp_post_evt(SIG_DPP_DEL_TASK, 0); From b1f7ad6983aa875da1243eb55075f88e4b8e1615 Mon Sep 17 00:00:00 2001 From: Kapil Gupta Date: Tue, 4 Jan 2022 11:34:06 +0530 Subject: [PATCH 2/7] esp_example: Enable MbedTLS for DPP enrollee by default --- components/wpa_supplicant/CMakeLists.txt | 15 ++++++++--- components/wpa_supplicant/Kconfig | 27 ++++++++++++------- .../include/esp_supplicant/esp_dpp.h | 18 ++++--------- .../src/esp_supplicant/esp_dpp.c | 20 +++++--------- .../dpp-enrollee/sdkconfig.defaults | 1 + 5 files changed, 41 insertions(+), 40 deletions(-) create mode 100644 examples/wifi/wifi_easy_connect/dpp-enrollee/sdkconfig.defaults diff --git a/components/wpa_supplicant/CMakeLists.txt b/components/wpa_supplicant/CMakeLists.txt index 9a47093364..b5b04cf36f 100644 --- a/components/wpa_supplicant/CMakeLists.txt +++ b/components/wpa_supplicant/CMakeLists.txt @@ -5,7 +5,6 @@ set(srcs "port/os_xtensa.c" "src/ap/wpa_auth_ie.c" "src/common/sae.c" "src/common/wpa_common.c" - "src/common/dpp.c" "src/utils/bitfield.c" "src/crypto/aes-siv.c" "src/crypto/sha256-kdf.c" @@ -158,7 +157,14 @@ else() set(roaming_src "") endif() -idf_component_register(SRCS "${srcs}" "${tls_src}" "${roaming_src}" "${crypto_src}" +if(CONFIG_WPA_DPP_SUPPORT) + set(dpp_src "src/common/dpp.c" + "esp_supplicant/src/esp_dpp.c") +else() + set(dpp_src "") +endif() + +idf_component_register(SRCS "${srcs}" "${tls_src}" "${roaming_src}" "${crypto_src}" "${dpp_src}" INCLUDE_DIRS include port/include include/esp_supplicant PRIV_INCLUDE_DIRS src src/utils PRIV_REQUIRES mbedtls esp_timer) @@ -183,7 +189,6 @@ target_compile_definitions(${COMPONENT_LIB} PRIVATE CONFIG_ECC CONFIG_IEEE80211W CONFIG_SHA256 - CONFIG_DPP CONFIG_WNM ) @@ -193,5 +198,7 @@ endif() if(CONFIG_WPA_WPS_STRICT) target_compile_definitions(${COMPONENT_LIB} PRIVATE CONFIG_WPS_STRICT) endif() - +if(CONFIG_WPA_DPP_SUPPORT) + target_compile_definitions(${COMPONENT_LIB} PRIVATE CONFIG_DPP) +endif() set_property(TARGET ${COMPONENT_LIB} APPEND PROPERTY LINK_INTERFACE_MULTIPLICITY 3) diff --git a/components/wpa_supplicant/Kconfig b/components/wpa_supplicant/Kconfig index c98b38bcaa..d612997308 100644 --- a/components/wpa_supplicant/Kconfig +++ b/components/wpa_supplicant/Kconfig @@ -38,8 +38,8 @@ menu "Supplicant" rigorously. Disabling this add the workaorunds with various APs. Enabling this may cause inter operability issues with some APs. - menuconfig WPA_11KV_SUPPORT - bool "Enable 802.11k, 802.11v APIs handling in supplicant" + config WPA_11KV_SUPPORT + bool "Enable 802.11k, 802.11v APIs handling" default n help Select this option to enable 802.11k 802.11v APIs(RRM and BTM support). @@ -54,12 +54,19 @@ menu "Supplicant" and on the radio environment. Current implementation adds beacon report, link measurement, neighbor report. - if WPA_11KV_SUPPORT - config WPA_SCAN_CACHE - bool "Keep scan results in cache" - default n - help - Keep scan results in cache, if not enabled, those - will be flushed immediately. - endif + config WPA_SCAN_CACHE + bool "Keep scan results in cache" + depends on WPA_11KV_SUPPORT + default n + help + Keep scan results in cache, if not enabled, those + will be flushed immediately. + + config WPA_DPP_SUPPORT + bool "Enable DPP support" + default n + select WPA_MBEDTLS_CRYPTO + help + Select this option to enable WiFi Easy Connect Support. + endmenu diff --git a/components/wpa_supplicant/include/esp_supplicant/esp_dpp.h b/components/wpa_supplicant/include/esp_supplicant/esp_dpp.h index c6c86bc536..d1bb43a0ad 100644 --- a/components/wpa_supplicant/include/esp_supplicant/esp_dpp.h +++ b/components/wpa_supplicant/include/esp_supplicant/esp_dpp.h @@ -1,16 +1,8 @@ -// Copyright 2020 Espressif Systems (Shanghai) PTE LTD -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at - -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +/* + * SPDX-FileCopyrightText: 2020-2022 Espressif Systems (Shanghai) CO LTD + * + * SPDX-License-Identifier: Apache-2.0 + */ #ifndef ESP_DPP_H #define ESP_DPP_H diff --git a/components/wpa_supplicant/src/esp_supplicant/esp_dpp.c b/components/wpa_supplicant/src/esp_supplicant/esp_dpp.c index 1dcdf6688e..06d764b0ea 100644 --- a/components/wpa_supplicant/src/esp_supplicant/esp_dpp.c +++ b/components/wpa_supplicant/src/esp_supplicant/esp_dpp.c @@ -1,16 +1,8 @@ -// Copyright 2020 Espressif Systems (Shanghai) PTE LTD -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +/* + * SPDX-FileCopyrightText: 2020-2022 Espressif Systems (Shanghai) CO LTD + * + * SPDX-License-Identifier: Apache-2.0 + */ #include "esp_dpp_i.h" #include "esp_dpp.h" @@ -20,6 +12,7 @@ #include "esp_wifi.h" #include "common/ieee802_11_defs.h" +#ifdef CONFIG_DPP static void *s_dpp_task_hdl = NULL; static void *s_dpp_evt_queue = NULL; static void *s_dpp_api_lock = NULL; @@ -676,3 +669,4 @@ void esp_supp_dpp_deinit(void) dpp_global_deinit(s_dpp_ctx.dpp_global); esp_dpp_post_evt(SIG_DPP_DEL_TASK, 0); } +#endif diff --git a/examples/wifi/wifi_easy_connect/dpp-enrollee/sdkconfig.defaults b/examples/wifi/wifi_easy_connect/dpp-enrollee/sdkconfig.defaults new file mode 100644 index 0000000000..e67b04732c --- /dev/null +++ b/examples/wifi/wifi_easy_connect/dpp-enrollee/sdkconfig.defaults @@ -0,0 +1 @@ +CONFIG_WPA_DPP_SUPPORT=y From bf4f9b9e41491d5a00fff45aa4a4120412d25150 Mon Sep 17 00:00:00 2001 From: Kapil Gupta Date: Fri, 31 Dec 2021 20:15:32 +0530 Subject: [PATCH 3/7] wpa_supplicant: Add BTM security checks --- components/wpa_supplicant/src/common/scan.c | 4 + .../wpa_supplicant/src/common/wnm_sta.c | 7 +- .../src/esp_supplicant/esp_common.c | 133 ++++++++++-------- .../src/esp_supplicant/esp_common_i.h | 25 +--- .../src/esp_supplicant/esp_dpp.c | 9 +- .../src/esp_supplicant/esp_wpa2.c | 9 +- .../src/esp_supplicant/esp_wpa_main.c | 9 +- 7 files changed, 111 insertions(+), 85 deletions(-) diff --git a/components/wpa_supplicant/src/common/scan.c b/components/wpa_supplicant/src/common/scan.c index 46dab15be1..dac96e3b80 100644 --- a/components/wpa_supplicant/src/common/scan.c +++ b/components/wpa_supplicant/src/common/scan.c @@ -36,6 +36,10 @@ void wpa_supplicant_req_scan(struct wpa_supplicant *wpa_s, int sec, int usec) wpa_dbg(wpa_s, MSG_DEBUG, "Already scanning - Return"); return; } + if (!wpa_s->current_bss) { + wpa_dbg(wpa_s, MSG_INFO, "Current BSS is null - Return"); + return; + } params = os_zalloc(sizeof(*params)); if (!params) { diff --git a/components/wpa_supplicant/src/common/wnm_sta.c b/components/wpa_supplicant/src/common/wnm_sta.c index 284712f8b0..be6e0fa547 100644 --- a/components/wpa_supplicant/src/common/wnm_sta.c +++ b/components/wpa_supplicant/src/common/wnm_sta.c @@ -205,12 +205,15 @@ bool wpa_scan_res_match(struct wpa_supplicant *wpa_s, return false; } - /* TODO security Match */ + /* Just check for Open/secure mode */ + if ((current_bss->caps & WLAN_CAPABILITY_PRIVACY) != (target_bss->caps & WLAN_CAPABILITY_PRIVACY)) { + wpa_printf(MSG_DEBUG, "WNM: Security didn't match"); + return false; + } return true; } - static struct wpa_bss * compare_scan_neighbor_results(struct wpa_supplicant *wpa_s, os_time_t age_secs, enum mbo_transition_reject_reason *reason) diff --git a/components/wpa_supplicant/src/esp_supplicant/esp_common.c b/components/wpa_supplicant/src/esp_supplicant/esp_common.c index 828804bad7..04a93e2b9b 100644 --- a/components/wpa_supplicant/src/esp_supplicant/esp_common.c +++ b/components/wpa_supplicant/src/esp_supplicant/esp_common.c @@ -1,17 +1,7 @@ -/** - * Copyright 2020 Espressif Systems (Shanghai) PTE LTD +/* + * SPDX-FileCopyrightText: 2020-2022 Espressif Systems (Shanghai) CO LTD * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 */ #include "utils/includes.h" @@ -33,12 +23,12 @@ struct wpa_supplicant g_wpa_supp; -static void *s_supplicant_task_hdl = NULL; +static TaskHandle_t s_supplicant_task_hdl = NULL; static void *s_supplicant_evt_queue = NULL; static void *s_supplicant_api_lock = NULL; -static int esp_handle_action_frm(u8 *frame, size_t len, - u8 *sender, u32 rssi, u8 channel) +static int handle_action_frm(u8 *frame, size_t len, + u8 *sender, u32 rssi, u8 channel) { struct ieee_mgmt_frame *frm = os_malloc(sizeof(struct ieee_mgmt_frame) + len); @@ -61,7 +51,7 @@ static int esp_handle_action_frm(u8 *frame, size_t len, return 0; } -static void esp_rx_rrm_frame(struct wpa_supplicant *wpa_s, u8 *sender, +static void handle_rrm_frame(struct wpa_supplicant *wpa_s, u8 *sender, u8 *payload, size_t len, u32 rssi) { if (payload[0] == WLAN_RRM_NEIGHBOR_REPORT_RESPONSE) { @@ -78,7 +68,7 @@ static void esp_rx_rrm_frame(struct wpa_supplicant *wpa_s, u8 *sender, } } -static int esp_mgmt_rx_action(u8 *sender, u8 *payload, size_t len, u8 channel, u32 rssi) +static int mgmt_rx_action(u8 *sender, u8 *payload, size_t len, u8 channel, u32 rssi) { u8 category; u8 bssid[ETH_ALEN]; @@ -95,13 +85,13 @@ static int esp_mgmt_rx_action(u8 *sender, u8 *payload, size_t len, u8 channel, u if (category == WLAN_ACTION_WNM) { ieee802_11_rx_wnm_action(wpa_s, sender, payload, len); } else if (category == WLAN_ACTION_RADIO_MEASUREMENT) { - esp_rx_rrm_frame(wpa_s, sender, payload, len, rssi); + handle_rrm_frame(wpa_s, sender, payload, len, rssi); } return 0; } -static void esp_btm_rrm_task(void *pvParameters) +static void btm_rrm_task(void *pvParameters) { supplicant_event_t *evt; bool task_del = false; @@ -120,7 +110,7 @@ static void esp_btm_rrm_task(void *pvParameters) case SIG_SUPPLICANT_RX_ACTION: { struct ieee_mgmt_frame *frm = (struct ieee_mgmt_frame *)evt->data; - esp_mgmt_rx_action(frm->sender, frm->payload, frm->len, frm->channel, frm->rssi); + mgmt_rx_action(frm->sender, frm->payload, frm->len, frm->channel, frm->rssi); os_free(frm); break; } @@ -153,7 +143,7 @@ static void esp_btm_rrm_task(void *pvParameters) vTaskDelete(NULL); } -static void esp_clear_bssid_flag(struct wpa_supplicant *wpa_s) +static void clear_bssid_flag(struct wpa_supplicant *wpa_s) { wifi_config_t *config; @@ -175,7 +165,7 @@ static void esp_clear_bssid_flag(struct wpa_supplicant *wpa_s) wpa_printf(MSG_DEBUG, "cleared bssid flag"); } -static void esp_register_action_frame(struct wpa_supplicant *wpa_s) +static void register_action_frame(struct wpa_supplicant *wpa_s) { wpa_s->type &= ~(1 << WLAN_FC_STYPE_ACTION); /* subtype is defined only for action frame */ @@ -193,8 +183,8 @@ static void esp_register_action_frame(struct wpa_supplicant *wpa_s) esp_wifi_register_mgmt_frame_internal(wpa_s->type, wpa_s->subtype); } -static void esp_supplicant_sta_conn_handler(void* arg, esp_event_base_t event_base, - int32_t event_id, void* event_data) +static void supplicant_sta_conn_handler(void* arg, esp_event_base_t event_base, + int32_t event_id, void* event_data) { u8 bssid[ETH_ALEN]; u8 *ie; @@ -215,9 +205,9 @@ static void esp_supplicant_sta_conn_handler(void* arg, esp_event_base_t event_ba ieee802_11_parse_elems(wpa_s, ie, bss->ie_len); wpa_bss_flush(wpa_s); /* Register for action frames */ - esp_register_action_frame(wpa_s); + register_action_frame(wpa_s); /* clear set bssid flag */ - esp_clear_bssid_flag(wpa_s); + clear_bssid_flag(wpa_s); } static void supplicant_sta_disconn_handler(void* arg, esp_event_base_t event_base, @@ -228,19 +218,46 @@ static void supplicant_sta_disconn_handler(void* arg, esp_event_base_t event_bas if (wpa_s->current_bss) { wpa_s->current_bss = NULL; } + clear_bssid_flag(wpa_s); } -void esp_supplicant_common_init(struct wpa_funcs *wpa_cb) +static int ieee80211_handle_rx_frm(u8 type, u8 *frame, size_t len, u8 *sender, + u32 rssi, u8 channel, u64 current_tsf) +{ + if (type == WLAN_FC_STYPE_BEACON || type == WLAN_FC_STYPE_PROBE_RESP) { + return esp_handle_beacon_probe(type, frame, len, sender, rssi, channel, current_tsf); + } else if (type == WLAN_FC_STYPE_ACTION) { + return handle_action_frm(frame, len, sender, rssi, channel); + } + + return -1; +} + + +int esp_supplicant_common_init(struct wpa_funcs *wpa_cb) { struct wpa_supplicant *wpa_s = &g_wpa_supp; - - s_supplicant_evt_queue = xQueueCreate(3, sizeof(supplicant_event_t)); - xTaskCreate(esp_btm_rrm_task, "btm_rrm_t", SUPPLICANT_TASK_STACK_SIZE, NULL, 2, s_supplicant_task_hdl); + int ret; s_supplicant_api_lock = xSemaphoreCreateRecursiveMutex(); if (!s_supplicant_api_lock) { - wpa_printf(MSG_ERROR, "esp_supplicant_common_init: failed to create Supplicant API lock"); - return; + wpa_printf(MSG_ERROR, "%s: failed to create Supplicant API lock", __func__); + ret = -1; + goto err; + } + + s_supplicant_evt_queue = xQueueCreate(3, sizeof(supplicant_event_t)); + + if (!s_supplicant_evt_queue) { + wpa_printf(MSG_ERROR, "%s: failed to create Supplicant event queue", __func__); + ret = -1; + goto err; + } + ret = xTaskCreate(btm_rrm_task, "btm_rrm_t", SUPPLICANT_TASK_STACK_SIZE, NULL, 2, &s_supplicant_task_hdl); + if (ret != pdPASS) { + wpa_printf(MSG_ERROR, "btm: failed to create task"); + ret = -1; + goto err; } esp_scan_init(wpa_s); @@ -248,13 +265,19 @@ void esp_supplicant_common_init(struct wpa_funcs *wpa_cb) wpas_clear_beacon_rep_data(wpa_s); esp_event_handler_register(WIFI_EVENT, WIFI_EVENT_STA_CONNECTED, - &esp_supplicant_sta_conn_handler, NULL); + &supplicant_sta_conn_handler, NULL); esp_event_handler_register(WIFI_EVENT, WIFI_EVENT_STA_DISCONNECTED, &supplicant_sta_disconn_handler, NULL); wpa_s->type = 0; wpa_s->subtype = 0; - wpa_cb->wpa_sta_rx_mgmt = esp_ieee80211_handle_rx_frm; + wpa_s->type |= (1 << WLAN_FC_STYPE_BEACON) | (1 << WLAN_FC_STYPE_PROBE_RESP); + esp_wifi_register_mgmt_frame_internal(wpa_s->type, wpa_s->subtype); + wpa_cb->wpa_sta_rx_mgmt = ieee80211_handle_rx_frm; + return 0; +err: + esp_supplicant_common_deinit(); + return ret; } void esp_supplicant_common_deinit(void) @@ -265,13 +288,22 @@ void esp_supplicant_common_deinit(void) wpas_rrm_reset(wpa_s); wpas_clear_beacon_rep_data(wpa_s); esp_event_handler_unregister(WIFI_EVENT, WIFI_EVENT_STA_CONNECTED, - &esp_supplicant_sta_conn_handler); + &supplicant_sta_conn_handler); esp_event_handler_unregister(WIFI_EVENT, WIFI_EVENT_STA_DISCONNECTED, &supplicant_sta_disconn_handler); - wpa_s->type = 0; - wpa_s->subtype = 0; - esp_wifi_register_mgmt_frame_internal(wpa_s->type, wpa_s->subtype); - if (esp_supplicant_post_evt(SIG_SUPPLICANT_DEL_TASK, 0) != 0) { + if (wpa_s->type) { + wpa_s->type = 0; + esp_wifi_register_mgmt_frame_internal(wpa_s->type, wpa_s->subtype); + } + if (!s_supplicant_task_hdl && esp_supplicant_post_evt(SIG_SUPPLICANT_DEL_TASK, 0) != 0) { + if (s_supplicant_evt_queue) { + vQueueDelete(s_supplicant_evt_queue); + s_supplicant_evt_queue = NULL; + } + if (s_supplicant_api_lock) { + vSemaphoreDelete(s_supplicant_api_lock); + s_supplicant_api_lock = NULL; + } wpa_printf(MSG_ERROR, "failed to send task delete event"); } } @@ -279,20 +311,20 @@ void esp_supplicant_common_deinit(void) int esp_rrm_send_neighbor_rep_request(neighbor_rep_request_cb cb, void *cb_ctx) { - struct wpa_supplicant *wpa_s = &g_wpa_supp; struct wpa_ssid_value wpa_ssid = {0}; struct wifi_ssid *ssid = esp_wifi_sta_get_prof_ssid_internal(); + os_memcpy(wpa_ssid.ssid, ssid->ssid, ssid->len); wpa_ssid.ssid_len = ssid->len; - return wpas_rrm_send_neighbor_rep_request(wpa_s, &wpa_ssid, 0, 0, cb, cb_ctx); + + return wpas_rrm_send_neighbor_rep_request(&g_wpa_supp, &wpa_ssid, 0, 0, cb, cb_ctx); } int esp_wnm_send_bss_transition_mgmt_query(enum btm_query_reason query_reason, const char *btm_candidates, int cand_list) { - struct wpa_supplicant *wpa_s = &g_wpa_supp; - return wnm_send_bss_transition_mgmt_query(wpa_s, query_reason, btm_candidates, cand_list); + return wnm_send_bss_transition_mgmt_query(&g_wpa_supp, query_reason, btm_candidates, cand_list); } void wpa_supplicant_connect(struct wpa_supplicant *wpa_s, @@ -397,6 +429,7 @@ int esp_supplicant_post_evt(uint32_t evt_id, uint32_t data) if (s_supplicant_api_lock) { SUPPLICANT_API_LOCK(); } else { + os_free(evt); return -1; } if (xQueueSend(s_supplicant_evt_queue, &evt, 10 / portTICK_PERIOD_MS ) != pdPASS) { @@ -409,15 +442,3 @@ int esp_supplicant_post_evt(uint32_t evt_id, uint32_t data) } return 0; } - -int esp_ieee80211_handle_rx_frm(u8 type, u8 *frame, size_t len, u8 *sender, - u32 rssi, u8 channel, u64 current_tsf) -{ - if (type == WLAN_FC_STYPE_BEACON || type == WLAN_FC_STYPE_PROBE_RESP) { - return esp_handle_beacon_probe(type, frame, len, sender, rssi, channel, current_tsf); - } else if (type == WLAN_FC_STYPE_ACTION) { - return esp_handle_action_frm(frame, len, sender, rssi, channel); - } - - return -1; -} diff --git a/components/wpa_supplicant/src/esp_supplicant/esp_common_i.h b/components/wpa_supplicant/src/esp_supplicant/esp_common_i.h index 4dfe7e3d06..9d3350fa49 100644 --- a/components/wpa_supplicant/src/esp_supplicant/esp_common_i.h +++ b/components/wpa_supplicant/src/esp_supplicant/esp_common_i.h @@ -1,17 +1,7 @@ -/** - * Copyright 2020 Espressif Systems (Shanghai) PTE LTD +/* + * SPDX-FileCopyrightText: 2020-2021 Espressif Systems (Shanghai) CO LTD * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 */ #ifndef ESP_COMMON_I_H @@ -47,11 +37,9 @@ enum SIG_SUPPLICANT { }; int esp_supplicant_post_evt(uint32_t evt_id, uint32_t data); -int esp_ieee80211_handle_rx_frm(u8 type, u8 *frame, size_t len, u8 *sender, - u32 rssi, u8 channel, u64 current_tsf); void esp_set_rm_enabled_ie(void); void esp_get_tx_power(uint8_t *tx_power); -void esp_supplicant_common_init(struct wpa_funcs *wpa_cb); +int esp_supplicant_common_init(struct wpa_funcs *wpa_cb); void esp_supplicant_common_deinit(void); #else @@ -59,11 +47,6 @@ void esp_supplicant_common_deinit(void); #include "esp_wnm.h" static inline void esp_set_rm_enabled_ie(void) {} -static inline int esp_ieee80211_handle_rx_frm(u8 type, u8 *frame, size_t len, u8 *sender, - u32 rssi, u8 channel, u64 current_tsf) -{ - return -1; -} int esp_rrm_send_neighbor_rep_request(neighbor_rep_request_cb cb, void *cb_ctx) { diff --git a/components/wpa_supplicant/src/esp_supplicant/esp_dpp.c b/components/wpa_supplicant/src/esp_supplicant/esp_dpp.c index 06d764b0ea..bbbf467b17 100644 --- a/components/wpa_supplicant/src/esp_supplicant/esp_dpp.c +++ b/components/wpa_supplicant/src/esp_supplicant/esp_dpp.c @@ -13,7 +13,7 @@ #include "common/ieee802_11_defs.h" #ifdef CONFIG_DPP -static void *s_dpp_task_hdl = NULL; +static TaskHandle_t s_dpp_task_hdl = NULL; static void *s_dpp_evt_queue = NULL; static void *s_dpp_api_lock = NULL; @@ -620,6 +620,7 @@ void esp_supp_dpp_stop_listen(void) esp_err_t esp_supp_dpp_init(esp_supp_dpp_event_cb_t cb) { struct dpp_global_config cfg = {0}; + int ret; os_bzero(&s_dpp_ctx, sizeof(s_dpp_ctx)); s_dpp_ctx.dpp_event_cb = cb; @@ -630,7 +631,11 @@ esp_err_t esp_supp_dpp_init(esp_supp_dpp_event_cb_t cb) s_dpp_stop_listening = false; s_dpp_evt_queue = xQueueCreate(3, sizeof(dpp_event_t)); - xTaskCreate(esp_dpp_task, "dppT", DPP_TASK_STACK_SIZE, NULL, 2, s_dpp_task_hdl); + ret = xTaskCreate(esp_dpp_task, "dppT", DPP_TASK_STACK_SIZE, NULL, 2, &s_dpp_task_hdl); + if (ret != pdPASS) { + wpa_printf(MSG_ERROR, "DPP: failed to create task"); + return ESP_FAIL; + } s_dpp_api_lock = xSemaphoreCreateRecursiveMutex(); if (!s_dpp_api_lock) { diff --git a/components/wpa_supplicant/src/esp_supplicant/esp_wpa2.c b/components/wpa_supplicant/src/esp_supplicant/esp_wpa2.c index e3949f9e54..464f9a30ea 100644 --- a/components/wpa_supplicant/src/esp_supplicant/esp_wpa2.c +++ b/components/wpa_supplicant/src/esp_supplicant/esp_wpa2.c @@ -72,7 +72,7 @@ static int wpa2_start_eapol_internal(void); int wpa2_post(uint32_t sig, uint32_t par); #ifdef USE_WPA2_TASK -static void *s_wpa2_task_hdl = NULL; +static TaskHandle_t s_wpa2_task_hdl = NULL; static void *s_wpa2_queue = NULL; static wpa2_state_t s_wpa2_state = WPA2_STATE_DISABLED; static void *s_wpa2_api_lock = NULL; @@ -803,7 +803,12 @@ static int eap_peer_sm_init(void) gEapSm = sm; #ifdef USE_WPA2_TASK s_wpa2_queue = xQueueCreate(SIG_WPA2_MAX, sizeof( void * ) ); - xTaskCreate(wpa2_task, "wpa2T", WPA2_TASK_STACK_SIZE, NULL, 2, s_wpa2_task_hdl); + ret = xTaskCreate(wpa2_task, "wpa2T", WPA2_TASK_STACK_SIZE, NULL, 2, &s_wpa2_task_hdl); + if (ret != pdPASS) { + wpa_printf(MSG_ERROR, "wps enable: failed to create task"); + ret = ESP_FAIL; + goto _err; + } s_wifi_wpa2_sync_sem = xSemaphoreCreateCounting(1, 0); if (!s_wifi_wpa2_sync_sem) { vQueueDelete(s_wpa2_queue); diff --git a/components/wpa_supplicant/src/esp_supplicant/esp_wpa_main.c b/components/wpa_supplicant/src/esp_supplicant/esp_wpa_main.c index 480ba919ff..7a4fc56286 100644 --- a/components/wpa_supplicant/src/esp_supplicant/esp_wpa_main.c +++ b/components/wpa_supplicant/src/esp_supplicant/esp_wpa_main.c @@ -227,9 +227,10 @@ static void wpa_sta_disconnected_cb(uint8_t reason_code) } #ifndef ROAMING_SUPPORT -static inline void esp_supplicant_common_init(struct wpa_funcs *wpa_cb) +static inline int esp_supplicant_common_init(struct wpa_funcs *wpa_cb) { wpa_cb->wpa_sta_rx_mgmt = NULL; + return 0; } static inline void esp_supplicant_common_deinit(void) { @@ -268,7 +269,11 @@ int esp_supplicant_init(void) wpa_cb->wpa_config_done = wpa_config_done; esp_wifi_register_wpa3_cb(wpa_cb); - esp_supplicant_common_init(wpa_cb); + ret = esp_supplicant_common_init(wpa_cb); + + if (ret != 0) { + return ret; + } esp_wifi_register_wpa_cb_internal(wpa_cb); From 8ef2842074f97921f65058022fe49c9ec01f5af3 Mon Sep 17 00:00:00 2001 From: Kapil Gupta Date: Tue, 15 Mar 2022 20:58:06 +0530 Subject: [PATCH 4/7] wpa_supplicant: static analysis fixes --- components/wpa_supplicant/src/common/dpp.c | 14 ++++++++------ components/wpa_supplicant/src/common/sae.c | 8 +++----- .../wpa_supplicant/src/crypto/des-internal.c | 4 ++-- components/wpa_supplicant/src/crypto/libtommath.h | 2 +- .../wpa_supplicant/src/esp_supplicant/esp_common.c | 7 ++++++- components/wpa_supplicant/src/tls/libtommath.h | 2 +- components/wpa_supplicant/src/wps/wps.c | 3 +++ 7 files changed, 24 insertions(+), 16 deletions(-) diff --git a/components/wpa_supplicant/src/common/dpp.c b/components/wpa_supplicant/src/common/dpp.c index 8ccbd26a67..cf7f63680d 100644 --- a/components/wpa_supplicant/src/common/dpp.c +++ b/components/wpa_supplicant/src/common/dpp.c @@ -851,7 +851,7 @@ static int dpp_derive_k1(const u8 *Mx, size_t Mx_len, u8 *k1, /* HKDF-Expand(PRK, info, L) */ res = dpp_hkdf_expand(hash_len, prk, hash_len, info, k1, hash_len); - os_memset(prk, 0, hash_len); + forced_memzero(prk, hash_len); if (res < 0) return -1; @@ -880,7 +880,7 @@ static int dpp_derive_k2(const u8 *Nx, size_t Nx_len, u8 *k2, /* HKDF-Expand(PRK, info, L) */ res = dpp_hkdf_expand(hash_len, prk, hash_len, info, k2, hash_len); - os_memset(prk, 0, hash_len); + forced_memzero(prk, hash_len); if (res < 0) return -1; @@ -939,7 +939,7 @@ static int dpp_derive_ke(struct dpp_authentication *auth, u8 *ke, /* HKDF-Expand(PRK, info, L) */ res = dpp_hkdf_expand(hash_len, prk, hash_len, info_ke, ke, hash_len); - os_memset(prk, 0, hash_len); + forced_memzero(prk, hash_len); if (res < 0) return -1; @@ -3942,7 +3942,7 @@ static void dpp_build_legacy_cred_params(struct wpabuf *buf, wpa_snprintf_hex(psk, sizeof(psk), conf->psk, sizeof(conf->psk)); json_add_string(buf, "psk_hex", psk); - os_memset(psk, 0, sizeof(psk)); + forced_memzero(psk, sizeof(psk)); } } @@ -4114,6 +4114,8 @@ skip_groups: goto fail; signature = os_malloc(2 * curve->prime_len); + if (!signature) + goto fail; if (dpp_bn2bin_pad(r, signature, curve->prime_len) < 0 || dpp_bn2bin_pad(s, signature + curve->prime_len, curve->prime_len) < 0) @@ -5732,7 +5734,7 @@ static int dpp_derive_pmk(const u8 *Nx, size_t Nx_len, u8 *pmk, /* HKDF-Expand(PRK, info, L) */ res = dpp_hkdf_expand(hash_len, prk, hash_len, info, pmk, hash_len); - os_memset(prk, 0, hash_len); + forced_memzero(prk, hash_len); if (res < 0) return -1; @@ -5937,7 +5939,7 @@ dpp_peer_intro(struct dpp_introduction *intro, const char *own_connector, fail: if (ret != DPP_STATUS_OK) os_memset(intro, 0, sizeof(*intro)); - os_memset(Nx, 0, sizeof(Nx)); + forced_memzero(Nx, sizeof(Nx)); os_free(own_conn); os_free(signed_connector); os_free(info.payload); diff --git a/components/wpa_supplicant/src/common/sae.c b/components/wpa_supplicant/src/common/sae.c index 5f4b7e9697..c23feb6ce2 100644 --- a/components/wpa_supplicant/src/common/sae.c +++ b/components/wpa_supplicant/src/common/sae.c @@ -147,7 +147,7 @@ static struct crypto_bignum * sae_get_rand(struct sae_data *sae) break; } - os_memset(val, 0, order_len); + forced_memzero(val, order_len); return bn; } @@ -829,11 +829,11 @@ static int sae_derive_keys(struct sae_data *sae, const u8 *k) if (sha256_prf(keyseed, sizeof(keyseed), "SAE KCK and PMK", val, sae->tmp->prime_len, keys, sizeof(keys)) < 0) goto fail; - os_memset(keyseed, 0, sizeof(keyseed)); + forced_memzero(keyseed, sizeof(keyseed)); os_memcpy(sae->tmp->kck, keys, SAE_KCK_LEN); os_memcpy(sae->pmk, keys + SAE_KCK_LEN, SAE_PMK_LEN); os_memcpy(sae->pmkid, val, SAE_PMKID_LEN); - os_memset(keys, 0, sizeof(keys)); + forced_memzero(keys, sizeof(keys)); wpa_hexdump_key(MSG_DEBUG, "SAE: KCK", sae->tmp->kck, SAE_KCK_LEN); wpa_hexdump_key(MSG_DEBUG, "SAE: PMK", sae->pmk, SAE_PMK_LEN); @@ -1180,8 +1180,6 @@ static int sae_parse_password_identifier(struct sae_data *sae, sae->tmp->pw_id); return WLAN_STATUS_UNKNOWN_PASSWORD_IDENTIFIER; } - os_free(sae->tmp->pw_id); - sae->tmp->pw_id = NULL; return WLAN_STATUS_SUCCESS; /* No Password Identifier */ } diff --git a/components/wpa_supplicant/src/crypto/des-internal.c b/components/wpa_supplicant/src/crypto/des-internal.c index 4ed6957802..5d7cddae1f 100644 --- a/components/wpa_supplicant/src/crypto/des-internal.c +++ b/components/wpa_supplicant/src/crypto/des-internal.c @@ -419,8 +419,8 @@ int des_encrypt(const u8 *clear, const u8 *key, u8 *cypher) WPA_PUT_BE32(cypher, work[0]); WPA_PUT_BE32(cypher + 4, work[1]); - os_memset(pkey, 0, sizeof(pkey)); - os_memset(ek, 0, sizeof(ek)); + forced_memzero(pkey, sizeof(pkey)); + forced_memzero(ek, sizeof(ek)); return 0; } diff --git a/components/wpa_supplicant/src/crypto/libtommath.h b/components/wpa_supplicant/src/crypto/libtommath.h index 9e8ba2a0b2..b5f1a0eb52 100644 --- a/components/wpa_supplicant/src/crypto/libtommath.h +++ b/components/wpa_supplicant/src/crypto/libtommath.h @@ -1657,7 +1657,7 @@ mp_div(mp_int * a, mp_int * b, mp_int * c, mp_int * d) } /* init our temps */ - if ((res = mp_init_multi(&ta, &tb, &tq, &q, NULL) != MP_OKAY)) { + if ((res = mp_init_multi(&ta, &tb, &tq, &q, NULL)) != MP_OKAY) { return res; } diff --git a/components/wpa_supplicant/src/esp_supplicant/esp_common.c b/components/wpa_supplicant/src/esp_supplicant/esp_common.c index 04a93e2b9b..6172820ae6 100644 --- a/components/wpa_supplicant/src/esp_supplicant/esp_common.c +++ b/components/wpa_supplicant/src/esp_supplicant/esp_common.c @@ -214,11 +214,16 @@ static void supplicant_sta_disconn_handler(void* arg, esp_event_base_t event_bas int32_t event_id, void* event_data) { struct wpa_supplicant *wpa_s = &g_wpa_supp; + wifi_event_sta_disconnected_t *disconn = event_data; + wpas_rrm_reset(wpa_s); if (wpa_s->current_bss) { wpa_s->current_bss = NULL; } - clear_bssid_flag(wpa_s); + + if (disconn->reason != WIFI_REASON_ROAMING) { + clear_bssid_flag(wpa_s); + } } static int ieee80211_handle_rx_frm(u8 type, u8 *frame, size_t len, u8 *sender, diff --git a/components/wpa_supplicant/src/tls/libtommath.h b/components/wpa_supplicant/src/tls/libtommath.h index ea651db3ec..c3f5eee39e 100644 --- a/components/wpa_supplicant/src/tls/libtommath.h +++ b/components/wpa_supplicant/src/tls/libtommath.h @@ -1653,7 +1653,7 @@ mp_div(mp_int * a, mp_int * b, mp_int * c, mp_int * d) } /* init our temps */ - if ((res = mp_init_multi(&ta, &tb, &tq, &q, NULL) != MP_OKAY)) { + if ((res = mp_init_multi(&ta, &tb, &tq, &q, NULL)) != MP_OKAY) { return res; } diff --git a/components/wpa_supplicant/src/wps/wps.c b/components/wpa_supplicant/src/wps/wps.c index 48b9135843..c505a02031 100644 --- a/components/wpa_supplicant/src/wps/wps.c +++ b/components/wpa_supplicant/src/wps/wps.c @@ -71,6 +71,9 @@ int wps_is_selected_pbc_registrar(const struct wpabuf *msg) { struct wps_parse_attr *attr = (struct wps_parse_attr *)os_zalloc(sizeof(struct wps_parse_attr)); + if (!attr) + return 0; + /* * In theory, this could also verify that attr.sel_reg_config_methods * includes WPS_CONFIG_PUSHBUTTON, but some deployed AP implementations From 6d3dc2e6169a09de7e0d15ebf1fd91707076e488 Mon Sep 17 00:00:00 2001 From: Kapil Gupta Date: Wed, 6 Apr 2022 09:49:53 +0530 Subject: [PATCH 5/7] wpa_supplicant: Remove scan done event in task --- components/wpa_supplicant/src/esp_supplicant/esp_common.c | 1 - components/wpa_supplicant/src/esp_supplicant/esp_scan.c | 5 +++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/components/wpa_supplicant/src/esp_supplicant/esp_common.c b/components/wpa_supplicant/src/esp_supplicant/esp_common.c index 6172820ae6..2e6a85bdae 100644 --- a/components/wpa_supplicant/src/esp_supplicant/esp_common.c +++ b/components/wpa_supplicant/src/esp_supplicant/esp_common.c @@ -276,7 +276,6 @@ int esp_supplicant_common_init(struct wpa_funcs *wpa_cb) wpa_s->type = 0; wpa_s->subtype = 0; - wpa_s->type |= (1 << WLAN_FC_STYPE_BEACON) | (1 << WLAN_FC_STYPE_PROBE_RESP); esp_wifi_register_mgmt_frame_internal(wpa_s->type, wpa_s->subtype); wpa_cb->wpa_sta_rx_mgmt = ieee80211_handle_rx_frm; return 0; diff --git a/components/wpa_supplicant/src/esp_supplicant/esp_scan.c b/components/wpa_supplicant/src/esp_supplicant/esp_scan.c index 44cfe7be26..4cac3b9f67 100644 --- a/components/wpa_supplicant/src/esp_supplicant/esp_scan.c +++ b/components/wpa_supplicant/src/esp_supplicant/esp_scan.c @@ -29,6 +29,7 @@ #include "common/ieee802_11_common.h" #include "esp_supplicant/esp_common_i.h" #include "common/wnm_sta.h" +#include "esp_scan_i.h" extern struct wpa_supplicant g_wpa_supp; @@ -38,11 +39,11 @@ static void scan_done_event_handler(void *arg, STATUS status) /* update last scan time */ wpa_s->scan_start_tsf = esp_wifi_get_tsf_time(WIFI_IF_STA); - if (!wpa_s->scanning) { + if (wpa_s->scanning) { wpa_s->type &= ~(1 << WLAN_FC_STYPE_BEACON) & ~(1 << WLAN_FC_STYPE_PROBE_RESP); esp_wifi_register_mgmt_frame_internal(wpa_s->type, wpa_s->subtype); } - esp_supplicant_post_evt(SIG_SUPPLICANT_SCAN_DONE, 0); + esp_supplicant_handle_scan_done_evt(); } static void esp_supp_handle_wnm_scan_done(struct wpa_supplicant *wpa_s) From 81d1226f5321d8cb7ff7274f9459e52ba4073165 Mon Sep 17 00:00:00 2001 From: Jack Date: Fri, 22 Apr 2022 17:06:48 +0800 Subject: [PATCH 6/7] ESP_WIFI: Remove static analysis warnings --- .../wpa_supplicant/include/utils/wpabuf.h | 20 +++--- components/wpa_supplicant/src/ap/wpa_auth.c | 2 +- .../wpa_supplicant/src/ap/wpa_auth_ie.c | 2 +- components/wpa_supplicant/src/common/dpp.c | 7 +- components/wpa_supplicant/src/common/sae.c | 1 + .../src/crypto/crypto_mbedtls-bignum.c | 23 +++---- .../src/crypto/crypto_mbedtls-ec.c | 47 +++++-------- .../src/crypto/crypto_mbedtls.c | 35 +++------- .../wpa_supplicant/src/crypto/tls_mbedtls.c | 11 ++-- .../src/esp_supplicant/esp_dpp.c | 1 + .../src/esp_supplicant/esp_hostap.c | 34 +++++----- .../src/esp_supplicant/esp_wpa2.c | 66 ++++++++----------- .../src/esp_supplicant/esp_wps.c | 54 +++++++-------- .../wpa_supplicant/src/rsn_supp/pmksa_cache.c | 5 +- components/wpa_supplicant/src/rsn_supp/wpa.c | 4 +- components/wpa_supplicant/src/utils/wpabuf.c | 19 ++++-- .../wpa_supplicant/src/wps/wps_registrar.c | 2 +- components/wpa_supplicant/test/test_sae.c | 20 ++---- 18 files changed, 153 insertions(+), 200 deletions(-) diff --git a/components/wpa_supplicant/include/utils/wpabuf.h b/components/wpa_supplicant/include/utils/wpabuf.h index 2a5fa3f5dc..092b31e08b 100644 --- a/components/wpa_supplicant/include/utils/wpabuf.h +++ b/components/wpa_supplicant/include/utils/wpabuf.h @@ -1,6 +1,6 @@ /* * Dynamic data buffer - * Copyright (c) 2007-2009, Jouni Malinen + * Copyright (c) 2007-2012, Jouni Malinen * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 as @@ -15,6 +15,9 @@ #ifndef WPABUF_H #define WPABUF_H +/* wpabuf::buf is a pointer to external data */ +#define WPABUF_FLAG_EXT_DATA BIT(0) + /* * Internal data structure for wpabuf. Please do not touch this directly from * elsewhere. This is only defined in header file to allow inline functions @@ -23,8 +26,8 @@ struct wpabuf { size_t size; /* total size of the allocated buffer */ size_t used; /* length of data in the buffer */ - u8 *ext_data; /* pointer to external data; NULL if data follows - * struct wpabuf */ + u8 *buf; /* pointer to the head of the buffer */ + unsigned int flags; /* optionally followed by the allocated buffer */ }; @@ -79,9 +82,7 @@ static inline size_t wpabuf_tailroom(const struct wpabuf *buf) */ static inline const void * wpabuf_head(const struct wpabuf *buf) { - if (buf->ext_data) - return buf->ext_data; - return buf + 1; + return buf->buf; } static inline const u8 * wpabuf_head_u8(const struct wpabuf *buf) @@ -96,9 +97,7 @@ static inline const u8 * wpabuf_head_u8(const struct wpabuf *buf) */ static inline void * wpabuf_mhead(struct wpabuf *buf) { - if (buf->ext_data) - return buf->ext_data; - return buf + 1; + return buf->buf; } static inline u8 * wpabuf_mhead_u8(struct wpabuf *buf) @@ -157,7 +156,8 @@ static inline void wpabuf_put_buf(struct wpabuf *dst, static inline void wpabuf_set(struct wpabuf *buf, const void *data, size_t len) { - buf->ext_data = (u8 *) data; + buf->buf = (u8 *) data; + buf->flags = WPABUF_FLAG_EXT_DATA; buf->size = buf->used = len; } diff --git a/components/wpa_supplicant/src/ap/wpa_auth.c b/components/wpa_supplicant/src/ap/wpa_auth.c index a76a7e8dce..c96f0e4b96 100644 --- a/components/wpa_supplicant/src/ap/wpa_auth.c +++ b/components/wpa_supplicant/src/ap/wpa_auth.c @@ -1590,7 +1590,7 @@ SM_STATE(WPA_PTK, PTKCALCNEGOTIATING) sm->pending_1_of_4_timeout = 0; eloop_cancel_timeout(wpa_send_eapol_timeout, sm->wpa_auth, sm); - if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt)) { + if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt) && sm->PMK != pmk) { /* PSK may have changed from the previous choice, so update * state machine data based on whatever PSK was selected here. */ diff --git a/components/wpa_supplicant/src/ap/wpa_auth_ie.c b/components/wpa_supplicant/src/ap/wpa_auth_ie.c index 368285403d..532127c8e5 100644 --- a/components/wpa_supplicant/src/ap/wpa_auth_ie.c +++ b/components/wpa_supplicant/src/ap/wpa_auth_ie.c @@ -362,7 +362,7 @@ int wpa_validate_wpa_ie(struct wpa_authenticator *wpa_auth, const u8 *wpa_ie, size_t wpa_ie_len/*, const u8 *mdie, size_t mdie_len*/) { - struct wpa_ie_data data; + struct wpa_ie_data data = {0}; int ciphers, key_mgmt, res, version; u32 selector; diff --git a/components/wpa_supplicant/src/common/dpp.c b/components/wpa_supplicant/src/common/dpp.c index cf7f63680d..45cc3b1cf2 100644 --- a/components/wpa_supplicant/src/common/dpp.c +++ b/components/wpa_supplicant/src/common/dpp.c @@ -4676,6 +4676,7 @@ static struct crypto_key * dpp_parse_jwk(struct json_token *jwk, struct wpabuf *x = NULL, *y = NULL, *a = NULL; struct crypto_ec_group *group; struct crypto_key *pkey = NULL; + size_t len; token = json_get_member(jwk, "kty"); if (!token || token->type != JSON_STRING) { @@ -4734,9 +4735,10 @@ static struct crypto_key * dpp_parse_jwk(struct json_token *jwk, goto fail; } + len = wpabuf_len(x); a = wpabuf_concat(x, y); pkey = crypto_ec_set_pubkey_point(group, wpabuf_head(a), - wpabuf_len(x)); + len); crypto_ec_deinit((struct crypto_ec *)group); *key_curve = curve; @@ -4975,8 +4977,7 @@ static void dpp_copy_netaccesskey(struct dpp_authentication *auth, unsigned char *der = NULL; int der_len; - crypto_ec_get_priv_key_der(auth->own_protocol_key, &der, &der_len); - if (der_len <= 0) { + if (crypto_ec_get_priv_key_der(auth->own_protocol_key, &der, &der_len) < 0) { return; } wpabuf_free(auth->net_access_key); diff --git a/components/wpa_supplicant/src/common/sae.c b/components/wpa_supplicant/src/common/sae.c index c23feb6ce2..469303cb28 100644 --- a/components/wpa_supplicant/src/common/sae.c +++ b/components/wpa_supplicant/src/common/sae.c @@ -675,6 +675,7 @@ static int sae_derive_commit(struct sae_data *sae) * theoretical infinite loop, break out after 100 * attemps. */ + crypto_bignum_deinit(mask, 1); return ESP_FAIL; } diff --git a/components/wpa_supplicant/src/crypto/crypto_mbedtls-bignum.c b/components/wpa_supplicant/src/crypto/crypto_mbedtls-bignum.c index 155021ec17..550d510819 100644 --- a/components/wpa_supplicant/src/crypto/crypto_mbedtls-bignum.c +++ b/components/wpa_supplicant/src/crypto/crypto_mbedtls-bignum.c @@ -1,16 +1,8 @@ -// Copyright 2015-2020 Espressif Systems (Shanghai) PTE LTD -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at - -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +/* + * SPDX-FileCopyrightText: 2015-2021 Espressif Systems (Shanghai) CO LTD + * + * SPDX-License-Identifier: Apache-2.0 + */ #ifdef ESP_PLATFORM #include "esp_system.h" @@ -65,6 +57,7 @@ int crypto_bignum_to_bin(const struct crypto_bignum *a, u8 *buf, size_t buflen, size_t padlen) { int num_bytes, offset; + int ret; if (padlen > buflen) { return -1; @@ -82,9 +75,11 @@ int crypto_bignum_to_bin(const struct crypto_bignum *a, } os_memset(buf, 0, offset); - mbedtls_mpi_write_binary((mbedtls_mpi *) a, buf + offset, mbedtls_mpi_size((mbedtls_mpi *)a) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_write_binary((mbedtls_mpi *) a, buf + offset, mbedtls_mpi_size((mbedtls_mpi *)a))); return num_bytes + offset; +cleanup: + return ret; } diff --git a/components/wpa_supplicant/src/crypto/crypto_mbedtls-ec.c b/components/wpa_supplicant/src/crypto/crypto_mbedtls-ec.c index 3f65393753..d55805db4b 100644 --- a/components/wpa_supplicant/src/crypto/crypto_mbedtls-ec.c +++ b/components/wpa_supplicant/src/crypto/crypto_mbedtls-ec.c @@ -1,16 +1,8 @@ -// Copyright 2015-2020 Espressif Systems (Shanghai) PTE LTD -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at - -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +/* + * SPDX-FileCopyrightText: 2015-2021 Espressif Systems (Shanghai) CO LTD + * + * SPDX-License-Identifier: Apache-2.0 + */ #ifdef ESP_PLATFORM #include "esp_system.h" @@ -217,6 +209,9 @@ struct crypto_ec_point *crypto_ec_point_from_bin(struct crypto_ec *e, len = mbedtls_mpi_size(&e->group.P); pt = os_zalloc(sizeof(mbedtls_ecp_point)); + if (!pt) { + return NULL; + } mbedtls_ecp_point_init(pt); MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&pt->X, val, len)); @@ -490,11 +485,15 @@ struct crypto_key * crypto_ec_set_pubkey_point(const struct crypto_ec_group *gro mbedtls_pk_context *key = (mbedtls_pk_context *)crypto_alloc_key(); if (!key) { - wpa_printf(MSG_ERROR, "%s: memory allocation failed\n", __func__); + wpa_printf(MSG_ERROR, "%s: memory allocation failed", __func__); return NULL; } point = (mbedtls_ecp_point *)crypto_ec_point_from_bin((struct crypto_ec *)group, buf); + if (!point) { + wpa_printf(MSG_ERROR, "%s: Point initialization failed", __func__); + goto fail; + } if (crypto_ec_point_is_at_infinity((struct crypto_ec *)group, (struct crypto_ec_point *)point)) { wpa_printf(MSG_ERROR, "Point is at infinity"); goto fail; @@ -509,30 +508,16 @@ struct crypto_key * crypto_ec_set_pubkey_point(const struct crypto_ec_group *gro wpa_printf(MSG_ERROR, "Invalid key"); goto fail; } - mbedtls_ecp_keypair *ecp_key = malloc(sizeof (*ecp_key)); - if (!ecp_key) { - wpa_printf(MSG_ERROR, "key allocation failed"); - goto fail; - } - - /* Init keypair */ - mbedtls_ecp_keypair_init(ecp_key); - // TODO Is it needed? check? - MBEDTLS_MPI_CHK(mbedtls_ecp_copy(&ecp_key->Q, point)); /* Assign values */ if( ( ret = mbedtls_pk_setup( key, mbedtls_pk_info_from_type(MBEDTLS_PK_ECKEY) ) ) != 0 ) goto fail; - if (key->pk_ctx) - os_free(key->pk_ctx); - key->pk_ctx = ecp_key; mbedtls_ecp_copy(&mbedtls_pk_ec(*key)->Q, point); mbedtls_ecp_group_load(&mbedtls_pk_ec(*key)->grp, MBEDTLS_ECP_DP_SECP256R1); pkey = (struct crypto_key *)key; -cleanup: crypto_ec_point_deinit((struct crypto_ec_point *)point, 0); return pkey; fail: @@ -566,7 +551,7 @@ int crypto_ec_get_priv_key_der(struct crypto_key *key, unsigned char **key_data, char der_data[ECP_PRV_DER_MAX_BYTES]; *key_len = mbedtls_pk_write_key_der(pkey, (unsigned char *)der_data, ECP_PRV_DER_MAX_BYTES); - if (!*key_len) + if (*key_len <= 0) return -1; *key_data = os_malloc(*key_len); @@ -599,12 +584,12 @@ int crypto_ec_get_publickey_buf(struct crypto_key *key, u8 *key_buf, int len) mbedtls_pk_context *pkey = (mbedtls_pk_context *)key; unsigned char buf[MBEDTLS_MPI_MAX_SIZE + 10]; /* tag, length + MPI */ unsigned char *c = buf + sizeof(buf ); - size_t pk_len = 0; + int pk_len = 0; memset(buf, 0, sizeof(buf) ); pk_len = mbedtls_pk_write_pubkey( &c, buf, pkey); - if (!pk_len) + if (pk_len < 0) return -1; if (len == 0) diff --git a/components/wpa_supplicant/src/crypto/crypto_mbedtls.c b/components/wpa_supplicant/src/crypto/crypto_mbedtls.c index 9d9fb0e5fd..aa1d11804f 100644 --- a/components/wpa_supplicant/src/crypto/crypto_mbedtls.c +++ b/components/wpa_supplicant/src/crypto/crypto_mbedtls.c @@ -1,17 +1,7 @@ -/** - * Copyright 2020 Espressif Systems (Shanghai) PTE LTD +/* + * SPDX-FileCopyrightText: 2020-2021 Espressif Systems (Shanghai) CO LTD * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 */ #ifdef ESP_PLATFORM @@ -631,23 +621,16 @@ int crypto_mod_exp(const uint8_t *base, size_t base_len, mbedtls_mpi_init(&bn_result); mbedtls_mpi_init(&bn_rinv); - mbedtls_mpi_read_binary(&bn_base, base, base_len); - mbedtls_mpi_read_binary(&bn_exp, power, power_len); - mbedtls_mpi_read_binary(&bn_modulus, modulus, modulus_len); + MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&bn_base, base, base_len)); + MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&bn_exp, power, power_len)); + MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&bn_modulus, modulus, modulus_len)); - ret = mbedtls_mpi_exp_mod(&bn_result, &bn_base, &bn_exp, &bn_modulus, - &bn_rinv); - if (ret < 0) { - mbedtls_mpi_free(&bn_base); - mbedtls_mpi_free(&bn_exp); - mbedtls_mpi_free(&bn_modulus); - mbedtls_mpi_free(&bn_result); - mbedtls_mpi_free(&bn_rinv); - return ret; - } + MBEDTLS_MPI_CHK(mbedtls_mpi_exp_mod(&bn_result, &bn_base, &bn_exp, &bn_modulus, + &bn_rinv)); ret = mbedtls_mpi_write_binary(&bn_result, result, *result_len); +cleanup: mbedtls_mpi_free(&bn_base); mbedtls_mpi_free(&bn_exp); mbedtls_mpi_free(&bn_modulus); diff --git a/components/wpa_supplicant/src/crypto/tls_mbedtls.c b/components/wpa_supplicant/src/crypto/tls_mbedtls.c index 0d108d0d92..785158b5ca 100644 --- a/components/wpa_supplicant/src/crypto/tls_mbedtls.c +++ b/components/wpa_supplicant/src/crypto/tls_mbedtls.c @@ -104,11 +104,9 @@ static int tls_mbedtls_write(void *ctx, const unsigned char *buf, size_t len) struct tls_connection *conn = (struct tls_connection *)ctx; struct tls_data *data = &conn->tls_io_data; - if (data->out_data) { - wpabuf_resize(&data->out_data, len); - } else { - data->out_data = wpabuf_alloc(len); - } + if (wpabuf_resize(&data->out_data, len) < 0) { + return 0; + } wpabuf_put_data(data->out_data, buf, len); @@ -809,9 +807,8 @@ static int tls_connection_prf(void *tls_ctx, struct tls_connection *conn, int ret; u8 seed[2 * TLS_RANDOM_LEN]; mbedtls_ssl_context *ssl = &conn->tls->ssl; - mbedtls_ssl_transform *transform = ssl->transform; - if (!ssl || !transform) { + if (!ssl || !ssl->transform) { wpa_printf(MSG_ERROR, "TLS: %s, session ingo is null", __func__); return -1; } diff --git a/components/wpa_supplicant/src/esp_supplicant/esp_dpp.c b/components/wpa_supplicant/src/esp_supplicant/esp_dpp.c index bbbf467b17..63a638deb4 100644 --- a/components/wpa_supplicant/src/esp_supplicant/esp_dpp.c +++ b/components/wpa_supplicant/src/esp_supplicant/esp_dpp.c @@ -639,6 +639,7 @@ esp_err_t esp_supp_dpp_init(esp_supp_dpp_event_cb_t cb) s_dpp_api_lock = xSemaphoreCreateRecursiveMutex(); if (!s_dpp_api_lock) { + esp_supp_dpp_deinit(); wpa_printf(MSG_ERROR, "DPP: dpp_init: failed to create DPP API lock"); return ESP_ERR_NO_MEM; } diff --git a/components/wpa_supplicant/src/esp_supplicant/esp_hostap.c b/components/wpa_supplicant/src/esp_supplicant/esp_hostap.c index ec4a2d3fa8..b798916783 100644 --- a/components/wpa_supplicant/src/esp_supplicant/esp_hostap.c +++ b/components/wpa_supplicant/src/esp_supplicant/esp_hostap.c @@ -124,33 +124,29 @@ bool hostap_deinit(void *data) return true; } - if (hapd->wpa_auth->wpa_ie != NULL) { - os_free(hapd->wpa_auth->wpa_ie); - } - - if (hapd->wpa_auth->group != NULL) { - os_free(hapd->wpa_auth->group); - } - if (hapd->wpa_auth != NULL) { + if (hapd->wpa_auth->wpa_ie != NULL) { + os_free(hapd->wpa_auth->wpa_ie); + } + + if (hapd->wpa_auth->group != NULL) { + os_free(hapd->wpa_auth->group); + } os_free(hapd->wpa_auth); } - if (hapd->conf->ssid.wpa_psk != NULL) { - os_free(hapd->conf->ssid.wpa_psk); - } - - if (hapd->conf->ssid.wpa_passphrase != NULL) { - os_free(hapd->conf->ssid.wpa_passphrase); - } - if (hapd->conf != NULL) { + if (hapd->conf->ssid.wpa_psk != NULL) { + os_free(hapd->conf->ssid.wpa_psk); + } + + if (hapd->conf->ssid.wpa_passphrase != NULL) { + os_free(hapd->conf->ssid.wpa_passphrase); + } os_free(hapd->conf); } - if (hapd != NULL) { - os_free(hapd); - } + os_free(hapd); esp_wifi_unset_appie_internal(WIFI_APPIE_WPA); diff --git a/components/wpa_supplicant/src/esp_supplicant/esp_wpa2.c b/components/wpa_supplicant/src/esp_supplicant/esp_wpa2.c index 464f9a30ea..17b5fefe20 100644 --- a/components/wpa_supplicant/src/esp_supplicant/esp_wpa2.c +++ b/components/wpa_supplicant/src/esp_supplicant/esp_wpa2.c @@ -491,33 +491,24 @@ build_nak: if (resp == NULL) { return ESP_FAIL; } - ret = ESP_FAIL; - send_resp: if (resp == NULL) { wpa_printf(MSG_ERROR, "Response build fail, return."); - wpabuf_free(sm->lastRespData); - sm->lastRespData = resp; - wpa2_set_eap_state(WPA2_ENT_EAP_STATE_FAIL); - return WPA2_ENT_EAP_STATE_FAIL; + return ESP_FAIL; } ret = eap_sm_send_eapol(sm, resp); - if (ret == ESP_OK) { - if (resp != sm->lastRespData) { - wpabuf_free(sm->lastRespData); - sm->lastRespData = resp; - } - } else { + if (resp != sm->lastRespData) { wpabuf_free(sm->lastRespData); - sm->lastRespData = NULL; + } + if (ret != ESP_OK) { wpabuf_free(resp); resp = NULL; - if (ret == WPA_ERR_INVALID_BSSID) { ret = WPA2_ENT_EAP_STATE_FAIL; wpa2_set_eap_state(WPA2_ENT_EAP_STATE_FAIL); } } + sm->lastRespData = resp; out: return ret; } @@ -757,14 +748,16 @@ static int eap_peer_sm_init(void) sm = (struct eap_sm *)os_zalloc(sizeof(*sm)); if (sm == NULL) { - return ESP_ERR_NO_MEM; + ret = ESP_ERR_NO_MEM; + return ret; } + gEapSm = sm; s_wpa2_data_lock = xSemaphoreCreateRecursiveMutex(); if (!s_wpa2_data_lock) { - free(sm); wpa_printf(MSG_ERROR, "wpa2 eap_peer_sm_init: failed to alloc data lock"); - return ESP_ERR_NO_MEM; + ret = ESP_ERR_NO_MEM; + goto _err; } wpa2_set_eap_state(WPA2_ENT_EAP_STATE_NOT_START); @@ -773,36 +766,30 @@ static int eap_peer_sm_init(void) ret = eap_peer_blob_init(sm); if (ret) { wpa_printf(MSG_ERROR, "eap_peer_blob_init failed\n"); - os_free(sm); - vSemaphoreDelete(s_wpa2_data_lock); - return ESP_FAIL; + ret = ESP_FAIL; + goto _err; } ret = eap_peer_config_init(sm, g_wpa_private_key_passwd, g_wpa_private_key_passwd_len); if (ret) { wpa_printf(MSG_ERROR, "eap_peer_config_init failed\n"); - eap_peer_blob_deinit(sm); - os_free(sm); - vSemaphoreDelete(s_wpa2_data_lock); - return ESP_FAIL; + ret = ESP_FAIL; + goto _err; } sm->ssl_ctx = tls_init(); if (sm->ssl_ctx == NULL) { wpa_printf(MSG_WARNING, "SSL: Failed to initialize TLS " "context."); - eap_peer_blob_deinit(sm); - eap_peer_config_deinit(sm); - os_free(sm); - vSemaphoreDelete(s_wpa2_data_lock); - return ESP_FAIL; + ret = ESP_FAIL; + goto _err; } wpa2_rxq_init(); gEapSm = sm; #ifdef USE_WPA2_TASK - s_wpa2_queue = xQueueCreate(SIG_WPA2_MAX, sizeof( void * ) ); + s_wpa2_queue = xQueueCreate(SIG_WPA2_MAX, sizeof( s_wpa2_queue ) ); ret = xTaskCreate(wpa2_task, "wpa2T", WPA2_TASK_STACK_SIZE, NULL, 2, &s_wpa2_task_hdl); if (ret != pdPASS) { wpa_printf(MSG_ERROR, "wps enable: failed to create task"); @@ -811,20 +798,19 @@ static int eap_peer_sm_init(void) } s_wifi_wpa2_sync_sem = xSemaphoreCreateCounting(1, 0); if (!s_wifi_wpa2_sync_sem) { - vQueueDelete(s_wpa2_queue); - s_wpa2_queue = NULL; - eap_peer_blob_deinit(sm); - eap_peer_config_deinit(sm); - os_free(sm); - vSemaphoreDelete(s_wpa2_data_lock); wpa_printf(MSG_ERROR, "WPA2: failed create wifi wpa2 task sync sem"); - return ESP_FAIL; + ret = ESP_FAIL; + goto _err; } wpa_printf(MSG_INFO, "wpa2_task prio:%d, stack:%d\n", 2, WPA2_TASK_STACK_SIZE); #endif return ESP_OK; + +_err: + eap_peer_sm_deinit(); + return ret; } /** @@ -857,8 +843,8 @@ static void eap_peer_sm_deinit(void) if (s_wifi_wpa2_sync_sem) { vSemaphoreDelete(s_wifi_wpa2_sync_sem); + s_wifi_wpa2_sync_sem = NULL; } - s_wifi_wpa2_sync_sem = NULL; if (s_wpa2_data_lock) { vSemaphoreDelete(s_wpa2_data_lock); @@ -866,6 +852,10 @@ static void eap_peer_sm_deinit(void) wpa_printf(MSG_DEBUG, "wpa2 eap_peer_sm_deinit: free data lock"); } + if (s_wpa2_queue) { + vQueueDelete(s_wpa2_queue); + s_wpa2_queue = NULL; + } os_free(sm); gEapSm = NULL; } diff --git a/components/wpa_supplicant/src/esp_supplicant/esp_wps.c b/components/wpa_supplicant/src/esp_supplicant/esp_wps.c index 471b262035..8be6043123 100644 --- a/components/wpa_supplicant/src/esp_supplicant/esp_wps.c +++ b/components/wpa_supplicant/src/esp_supplicant/esp_wps.c @@ -517,15 +517,16 @@ wps_build_ic_appie_wps_pr(void) 0, NULL); } - if (wps_ie) { - if (wpabuf_resize(&extra_ie, wpabuf_len(wps_ie)) == 0) { - wpabuf_put_buf(extra_ie, wps_ie); - } else { - wpabuf_free(wps_ie); - return; - } - wpabuf_free(wps_ie); + if (!wps_ie) { + return; } + if (wpabuf_resize(&extra_ie, wpabuf_len(wps_ie)) == 0) { + wpabuf_put_buf(extra_ie, wps_ie); + } else { + wpabuf_free(wps_ie); + return; + } + wpabuf_free(wps_ie); esp_wifi_set_appie_internal(WIFI_APPIE_WPS_PR, (uint8_t *)wpabuf_head(extra_ie), extra_ie->used, 0); wpabuf_free(extra_ie); @@ -647,7 +648,8 @@ int wps_send_eap_identity_rsp(u8 id) ret = esp_wifi_get_assoc_bssid_internal(bssid); if (ret != 0) { wpa_printf(MSG_ERROR, "bssid is empty!"); - return ESP_FAIL; + ret = ESP_FAIL; + goto _err; } wpabuf_put_data(eap_buf, sm->identity, sm->identity_len); @@ -982,13 +984,6 @@ int wps_finish(void) } if (sm->wps->state == WPS_FINISHED) { - wifi_config_t *config = (wifi_config_t *)os_zalloc(sizeof(wifi_config_t)); - - if (config == NULL) { - wifi_event_sta_wps_fail_reason_t reason_code = WPS_FAIL_REASON_NORMAL; - esp_event_send_internal(WIFI_EVENT, WIFI_EVENT_STA_WPS_ER_FAILED, &reason_code, sizeof(reason_code), portMAX_DELAY); - return ESP_FAIL; - } wpa_printf(MSG_DEBUG, "wps finished------>"); wps_set_status(WPS_STATUS_SUCCESS); @@ -997,6 +992,14 @@ int wps_finish(void) ets_timer_disarm(&sm->wps_msg_timeout_timer); if (sm->ap_cred_cnt == 1) { + wifi_config_t *config = (wifi_config_t *)os_zalloc(sizeof(wifi_config_t)); + + if (config == NULL) { + wifi_event_sta_wps_fail_reason_t reason_code = WPS_FAIL_REASON_NORMAL; + esp_event_send_internal(WIFI_EVENT, WIFI_EVENT_STA_WPS_ER_FAILED, &reason_code, sizeof(reason_code), portMAX_DELAY); + return ESP_FAIL; + } + os_memset(config, 0x00, sizeof(wifi_sta_config_t)); os_memcpy(config->sta.ssid, sm->ssid[0], sm->ssid_len[0]); os_memcpy(config->sta.password, sm->key[0], sm->key_len[0]); @@ -1406,6 +1409,9 @@ int wps_dev_init(void) return ESP_OK; _out: + if (!dev) { + return ret; + } if (dev->manufacturer) { os_free(dev->manufacturer); } @@ -1594,7 +1600,7 @@ wifi_station_wps_init(void) gWpsSm = (struct wps_sm *)os_zalloc(sizeof(struct wps_sm)); /* alloc Wps_sm */ if (!gWpsSm) { - goto _err; + goto _out; } sm = gWpsSm; @@ -1680,10 +1686,8 @@ _err: wps_deinit(); sm->wps = NULL; } - if (sm) { - os_free(gWpsSm); - gWpsSm = NULL; - } + os_free(gWpsSm); + gWpsSm = NULL; return ESP_FAIL; _out: return ESP_FAIL; @@ -1736,10 +1740,8 @@ wifi_station_wps_deinit(void) wps_deinit(); sm->wps = NULL; } - if (sm) { - os_free(gWpsSm); - gWpsSm = NULL; - } + os_free(gWpsSm); + gWpsSm = NULL; return ESP_OK; } @@ -1977,7 +1979,7 @@ int wps_task_init(void) } os_bzero(s_wps_sig_cnt, SIG_WPS_NUM); - s_wps_queue = xQueueCreate(SIG_WPS_NUM, sizeof( void * ) ); + s_wps_queue = xQueueCreate(SIG_WPS_NUM, sizeof(s_wps_queue) ); if (!s_wps_queue) { wpa_printf(MSG_ERROR, "wps task init: failed to alloc queue"); goto _wps_no_mem; diff --git a/components/wpa_supplicant/src/rsn_supp/pmksa_cache.c b/components/wpa_supplicant/src/rsn_supp/pmksa_cache.c index 341905f7ab..1a4585b6b6 100644 --- a/components/wpa_supplicant/src/rsn_supp/pmksa_cache.c +++ b/components/wpa_supplicant/src/rsn_supp/pmksa_cache.c @@ -513,7 +513,10 @@ pmksa_cache_init(void (*free_cb)(struct rsn_pmksa_cache_entry *entry, .dispatch_method = ESP_TIMER_TASK, .name = "pmksa_timeout_timer" }; - esp_timer_create(&pmksa_cache_timeout_timer_create, &(pmksa->cache_timeout_timer)); + if (esp_timer_create(&pmksa_cache_timeout_timer_create, &(pmksa->cache_timeout_timer)) != ESP_OK) { + os_free(pmksa); + pmksa = NULL; + } } return pmksa; diff --git a/components/wpa_supplicant/src/rsn_supp/wpa.c b/components/wpa_supplicant/src/rsn_supp/wpa.c index 18ade0cef1..d98eb7a7d6 100644 --- a/components/wpa_supplicant/src/rsn_supp/wpa.c +++ b/components/wpa_supplicant/src/rsn_supp/wpa.c @@ -2214,7 +2214,9 @@ wpa_set_passphrase(char * passphrase, u8 *ssid, size_t ssid_len) if (esp_wifi_sta_get_reset_param_internal() != 0) { // check it's psk if (strlen((char *)esp_wifi_sta_get_prof_password_internal()) == 64) { - hexstr2bin((char *)esp_wifi_sta_get_prof_password_internal(), esp_wifi_sta_get_ap_info_prof_pmk_internal(), PMK_LEN); + if (hexstr2bin((char *)esp_wifi_sta_get_prof_password_internal(), esp_wifi_sta_get_ap_info_prof_pmk_internal(), PMK_LEN) != 0) { + return; + } } else { pbkdf2_sha1((char *)esp_wifi_sta_get_prof_password_internal(), sta_ssid->ssid, (size_t)sta_ssid->len, 4096, esp_wifi_sta_get_ap_info_prof_pmk_internal(), PMK_LEN); diff --git a/components/wpa_supplicant/src/utils/wpabuf.c b/components/wpa_supplicant/src/utils/wpabuf.c index a4de3a5049..17ebdafc5f 100644 --- a/components/wpa_supplicant/src/utils/wpabuf.c +++ b/components/wpa_supplicant/src/utils/wpabuf.c @@ -1,6 +1,6 @@ /* * Dynamic data buffer - * Copyright (c) 2007-2009, Jouni Malinen + * Copyright (c) 2007-2012, Jouni Malinen * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 as @@ -72,12 +72,12 @@ int wpabuf_resize(struct wpabuf **_buf, size_t add_len) if (buf->used + add_len > buf->size) { unsigned char *nbuf; - if (buf->ext_data) { - nbuf = (unsigned char*)os_realloc(buf->ext_data, buf->used + add_len); + if (buf->flags & WPABUF_FLAG_EXT_DATA) { + nbuf = os_realloc(buf->buf, buf->used + add_len); if (nbuf == NULL) return -1; memset(nbuf + buf->used, 0, add_len); - buf->ext_data = nbuf; + buf->buf = nbuf; } else { #ifdef WPA_TRACE nbuf = os_realloc(trace, sizeof(struct wpabuf_trace) + @@ -99,6 +99,7 @@ int wpabuf_resize(struct wpabuf **_buf, size_t add_len) memset(nbuf + sizeof(struct wpabuf) + buf->used, 0, add_len); #endif /* WPA_TRACE */ + buf->buf = (u8 *) (buf + 1); *_buf = buf; } buf->size = buf->used + add_len; @@ -130,6 +131,7 @@ struct wpabuf * wpabuf_alloc(size_t len) #endif /* WPA_TRACE */ buf->size = len; + buf->buf = (u8 *) (buf + 1); return buf; } @@ -151,7 +153,8 @@ struct wpabuf * wpabuf_alloc_ext_data(u8 *data, size_t len) buf->size = len; buf->used = len; - buf->ext_data = data; + buf->buf = data; + buf->flags |= WPABUF_FLAG_EXT_DATA; return buf; } @@ -191,12 +194,14 @@ void wpabuf_free(struct wpabuf *buf) trace->magic); abort(); } - os_free(buf->ext_data); + if (buf->flags & WPABUF_FLAG_EXT_DATA) + os_free(buf->buf); os_free(trace); #else /* WPA_TRACE */ if (buf == NULL) return; - os_free(buf->ext_data); + if (buf->flags & WPABUF_FLAG_EXT_DATA) + os_free(buf->buf); os_free(buf); #endif /* WPA_TRACE */ } diff --git a/components/wpa_supplicant/src/wps/wps_registrar.c b/components/wpa_supplicant/src/wps/wps_registrar.c index 2a13b3bbb3..55215477d5 100644 --- a/components/wpa_supplicant/src/wps/wps_registrar.c +++ b/components/wpa_supplicant/src/wps/wps_registrar.c @@ -1652,7 +1652,7 @@ int wps_build_cred(struct wps_data *wps, struct wpabuf *msg) os_memcpy(wps->cred.key, wps->new_psk, wps->new_psk_len); // NOLINT(clang-analyzer-unix.Malloc) wps->cred.key_len = wps->new_psk_len; } else if (wps->use_psk_key && wps->wps->psk_set) { - char hex[65]; + char hex[65] = {0}; wpa_printf(MSG_DEBUG, "WPS: Use PSK format for Network Key"); os_memcpy(wps->cred.key, hex, 32 * 2); wps->cred.key_len = 32 * 2; diff --git a/components/wpa_supplicant/test/test_sae.c b/components/wpa_supplicant/test/test_sae.c index e0d99825e9..e323ad3162 100644 --- a/components/wpa_supplicant/test/test_sae.c +++ b/components/wpa_supplicant/test/test_sae.c @@ -1,16 +1,8 @@ -// Copyright 2015-2018 Espressif Systems (Shanghai) PTE LTD -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at - -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +/* + * SPDX-FileCopyrightText: 2015-2021 Espressif Systems (Shanghai) CO LTD + * + * SPDX-License-Identifier: Apache-2.0 + */ #ifdef CONFIG_WPA3_SAE @@ -36,6 +28,7 @@ static struct wpabuf *wpabuf_alloc2(size_t len) if (buf == NULL) return NULL; buf->size = len; + buf->buf = (u8 *)(buf+1); return buf; } @@ -47,7 +40,6 @@ void wpabuf_free2(struct wpabuf *buf) { if (buf == NULL) return; - os_free(buf->ext_data); os_free(buf); } From ffd68203f60dcaffbf91ddaa6e10bbfc39252c5d Mon Sep 17 00:00:00 2001 From: Jack Date: Fri, 22 Apr 2022 19:30:45 +0800 Subject: [PATCH 7/7] fix build error --- components/wpa_supplicant/CMakeLists.txt | 2 +- components/wpa_supplicant/include/utils/wpa_debug.h | 2 +- components/wpa_supplicant/src/common/dpp.c | 4 ---- 3 files changed, 2 insertions(+), 6 deletions(-) diff --git a/components/wpa_supplicant/CMakeLists.txt b/components/wpa_supplicant/CMakeLists.txt index b5b04cf36f..02b2e6f3cf 100644 --- a/components/wpa_supplicant/CMakeLists.txt +++ b/components/wpa_supplicant/CMakeLists.txt @@ -159,7 +159,7 @@ endif() if(CONFIG_WPA_DPP_SUPPORT) set(dpp_src "src/common/dpp.c" - "esp_supplicant/src/esp_dpp.c") + "src/esp_supplicant/esp_dpp.c") else() set(dpp_src "") endif() diff --git a/components/wpa_supplicant/include/utils/wpa_debug.h b/components/wpa_supplicant/include/utils/wpa_debug.h index 9714617a60..c6ac189c22 100644 --- a/components/wpa_supplicant/include/utils/wpa_debug.h +++ b/components/wpa_supplicant/include/utils/wpa_debug.h @@ -176,7 +176,7 @@ void wpa_hexdump_ascii_key(int level, const char *title, const u8 *buf, * * Note: New line '\n' is added to the end of the text when printing to stdout. */ -void wpa_msg(void *ctx, int level, const char *fmt, ...) PRINTF_FORMAT(3, 4); +#define wpa_msg(...) do {} while(0) /** * wpa_msg_ctrl - Conditional printf for ctrl_iface monitors diff --git a/components/wpa_supplicant/src/common/dpp.c b/components/wpa_supplicant/src/common/dpp.c index 45cc3b1cf2..459e2b73e9 100644 --- a/components/wpa_supplicant/src/common/dpp.c +++ b/components/wpa_supplicant/src/common/dpp.c @@ -52,10 +52,6 @@ static const struct dpp_curve_params dpp_curves[] = { { NULL, 0, 0, 0, 0, NULL, 0, NULL } }; -void wpa_msg(void *ctx, int level, const char *fmt, ...) -{ -} - static struct wpabuf * gas_build_req(u8 action, u8 dialog_token, size_t size) {