diff --git a/components/wpa_supplicant/esp_supplicant/src/esp_hostap.c b/components/wpa_supplicant/esp_supplicant/src/esp_hostap.c index 84deacc758..221ed3bd9c 100644 --- a/components/wpa_supplicant/esp_supplicant/src/esp_hostap.c +++ b/components/wpa_supplicant/esp_supplicant/src/esp_hostap.c @@ -224,17 +224,11 @@ bool hostap_deinit(void *data) esp_wifi_unset_appie_internal(WIFI_APPIE_WPA); #ifdef CONFIG_SAE - uint8_t authmode; - authmode = esp_wifi_ap_get_prof_authmode_internal(); - if (authmode == WIFI_AUTH_WPA3_PSK || - authmode == WIFI_AUTH_WPA2_WPA3_PSK) { - wpa3_hostap_auth_deinit(); - /* Wait till lock is released by wpa3 task */ - if (WPA3_HOSTAP_AUTH_API_LOCK() == pdTRUE) { - WPA3_HOSTAP_AUTH_API_UNLOCK(); - os_mutex_delete(g_wpa3_hostap_auth_api_lock); - g_wpa3_hostap_auth_api_lock = NULL; - } + wpa3_hostap_auth_deinit(); + /* Wait till lock is released by wpa3 task */ + if (g_wpa3_hostap_auth_api_lock && + WPA3_HOSTAP_AUTH_API_LOCK() == pdTRUE) { + WPA3_HOSTAP_AUTH_API_UNLOCK(); } #endif /* CONFIG_SAE */ @@ -259,7 +253,7 @@ int esp_wifi_build_rsnxe(struct hostapd_data *hapd, u8 *eid, size_t len) capab |= BIT(WLAN_RSNX_CAPAB_SAE_H2E); } - flen = (capab & 0xff00) ? 2 : 1; + flen = 1; if (len < 2 + flen || !capab) { return 0; /* no supported extended RSN capabilities */ } @@ -268,10 +262,6 @@ int esp_wifi_build_rsnxe(struct hostapd_data *hapd, u8 *eid, size_t len) *pos++ = WLAN_EID_RSNX; *pos++ = flen; *pos++ = capab & 0x00ff; - capab >>= 8; - if (capab) { - *pos++ = capab; - } return pos - eid; } diff --git a/components/wpa_supplicant/esp_supplicant/src/esp_wpa3.c b/components/wpa_supplicant/esp_supplicant/src/esp_wpa3.c index 1c060582fe..0f1a769fc0 100644 --- a/components/wpa_supplicant/esp_supplicant/src/esp_wpa3.c +++ b/components/wpa_supplicant/esp_supplicant/src/esp_wpa3.c @@ -461,7 +461,7 @@ static void wpa3_process_rx_confirm(wpa3_hostap_auth_event_t *evt) } os_mutex_unlock(sta->lock); if (ret != WLAN_STATUS_SUCCESS) { - uint16_t aid = 0; + uint16_t aid = -1; if (esp_wifi_ap_get_sta_aid(frm->bssid, &aid) == ESP_OK && aid == 0) { esp_wifi_ap_deauth_internal(frm->bssid, ret); } @@ -521,23 +521,23 @@ static void esp_wpa3_hostap_task(void *pvParameters) int wpa3_hostap_auth_init(void *data) { - int ret = ESP_OK; if (g_wpa3_hostap_evt_queue) { wpa_printf(MSG_ERROR, "esp_wpa3_hostap_task has already been initialised"); - return ret; + return ESP_OK; } - g_wpa3_hostap_auth_api_lock = os_semphr_create(1, 0); - if (!g_wpa3_hostap_auth_api_lock) { - wpa_printf(MSG_ERROR, "wpa3_hostap_auth_init: failed to create WPA3 hostap auth API lock"); - return ESP_FAIL; + if (g_wpa3_hostap_auth_api_lock == NULL) { + g_wpa3_hostap_auth_api_lock = os_semphr_create(1, 1); + if (!g_wpa3_hostap_auth_api_lock) { + wpa_printf(MSG_ERROR, "wpa3_hostap_auth_init: failed to create WPA3 hostap auth API lock"); + return ESP_FAIL; + } } g_wpa3_hostap_evt_queue = os_queue_create(10, sizeof(wpa3_hostap_auth_event_t)); if (!g_wpa3_hostap_evt_queue) { wpa_printf(MSG_ERROR, "wpa3_hostap_auth_init: failed to create queue"); - ret = ESP_FAIL; - goto init_done; + return ESP_FAIL; } if (os_task_create(esp_wpa3_hostap_task, "esp_wpa3_hostap_task", @@ -546,22 +546,18 @@ int wpa3_hostap_auth_init(void *data) &g_wpa3_hostap_task_hdl) != pdPASS) { wpa_printf(MSG_ERROR, "wpa3_hostap_auth_init: failed to create task"); os_queue_delete(g_wpa3_hostap_evt_queue); - ret = ESP_FAIL; - goto init_done; + return ESP_FAIL; } struct hostapd_data *hapd = (struct hostapd_data *)data; dl_list_init(&hapd->sae_commit_queue); - -init_done: - WPA3_HOSTAP_AUTH_API_UNLOCK(); - return ret; + return ESP_OK; } bool wpa3_hostap_auth_deinit(void) { if (wpa3_hostap_post_evt(SIG_TASK_DEL, 0) != 0) { - wpa_printf(MSG_ERROR, "failed to send task delete event"); + wpa_printf(MSG_DEBUG, "failed to send task delete event"); return false; } else { return true; diff --git a/components/wpa_supplicant/src/ap/ieee802_11.c b/components/wpa_supplicant/src/ap/ieee802_11.c index 7ca09b4ad6..2b2b2c09a2 100644 --- a/components/wpa_supplicant/src/ap/ieee802_11.c +++ b/components/wpa_supplicant/src/ap/ieee802_11.c @@ -202,7 +202,7 @@ static int use_sae_anti_clogging(struct hostapd_data *hapd) for (sta = hapd->sta_list; sta; sta = sta->next) { if (sta->sae && (sta->sae->state == SAE_COMMITTED || - sta->sae->state != SAE_CONFIRMED)) { + sta->sae->state == SAE_CONFIRMED)) { open++; } if (open >= hapd->conf->sae_anti_clogging_threshold) { @@ -358,13 +358,12 @@ static int sae_sm_step(struct hostapd_data *hapd, struct sta_info *sta, if (ret) { return ret; } + sae_set_state(sta, SAE_COMMITTED, "Sent Commit"); if (sae_process_commit(sta->sae) < 0) { return WLAN_STATUS_UNSPECIFIED_FAILURE; } - sae_set_state(sta, SAE_COMMITTED, "Sent Commit"); - sta->sae->sync = 0; } else { if (sae_check_big_sync(hapd, sta)) { @@ -534,38 +533,36 @@ int handle_auth_sae(struct hostapd_data *hapd, struct sta_info *sta, goto remove_sta; } - if (sta->sae->state >= SAE_CONFIRMED) { - const u8 *var; - size_t var_len; - u16 peer_send_confirm; + const u8 *var; + size_t var_len; + u16 peer_send_confirm; - var = buf; - var_len = len; - if (var_len < 2) { - resp = WLAN_STATUS_UNSPECIFIED_FAILURE; - goto reply; - } + var = buf; + var_len = len; + if (var_len < 2) { + resp = WLAN_STATUS_UNSPECIFIED_FAILURE; + goto reply; + } - peer_send_confirm = WPA_GET_LE16(var); + peer_send_confirm = WPA_GET_LE16(var); - if (sta->sae->state == SAE_ACCEPTED && - (peer_send_confirm <= sta->sae->rc || - peer_send_confirm == 0xffff)) { - wpa_printf(MSG_DEBUG, - "SAE: Silently ignore unexpected Confirm from peer " - MACSTR - " (peer-send-confirm=%u Rc=%u)", - MAC2STR(sta->addr), - peer_send_confirm, sta->sae->rc); - return 0; - } + if (sta->sae->state == SAE_ACCEPTED && + (peer_send_confirm <= sta->sae->rc || + peer_send_confirm == 0xffff)) { + wpa_printf(MSG_DEBUG, + "SAE: Silently ignore unexpected Confirm from peer " + MACSTR + " (peer-send-confirm=%u Rc=%u)", + MAC2STR(sta->addr), + peer_send_confirm, sta->sae->rc); + return 0; + } - if (sae_check_confirm(sta->sae, buf, len) < 0) { - resp = WLAN_STATUS_UNSPECIFIED_FAILURE; - goto reply; - } - sta->sae->rc = peer_send_confirm; - } + if (sae_check_confirm(sta->sae, buf, len) < 0) { + resp = WLAN_STATUS_UNSPECIFIED_FAILURE; + goto reply; + } + sta->sae->rc = peer_send_confirm; resp = sae_sm_step(hapd, sta, bssid, auth_transaction, status, 0, &sta_removed); diff --git a/components/wpa_supplicant/src/ap/wpa_auth.c b/components/wpa_supplicant/src/ap/wpa_auth.c index 1d77581969..82c9bfa96a 100644 --- a/components/wpa_supplicant/src/ap/wpa_auth.c +++ b/components/wpa_supplicant/src/ap/wpa_auth.c @@ -495,7 +495,7 @@ static void wpa_free_sta_sm(struct wpa_state_machine *sm) void wpa_auth_sta_deinit(struct wpa_state_machine *sm) { #ifdef ESP_SUPPLICANT - if (esp_wifi_ap_is_sta_sae_reauth_node(sm->addr)) { + if (sm && esp_wifi_ap_is_sta_sae_reauth_node(sm->addr)) { wpa_printf( MSG_DEBUG, "deinit old sm=%p\n", sm); } #else /* ESP_SUPPLICANT */ @@ -2509,6 +2509,7 @@ void wpa_deinit(struct wpa_authenticator *wpa_auth) } +#ifdef CONFIG_ESP_WIFI_SOFTAP_SUPPORT bool wpa_ap_join(struct sta_info *sta, uint8_t *bssid, uint8_t *wpa_ie, uint8_t wpa_ie_len, uint8_t *rsnxe, uint8_t rsnxe_len, bool *pmf_enable, int subtype) @@ -2614,6 +2615,7 @@ bool wpa_ap_remove(void* sta_info) return true; } +#endif /* CONFIG_ESP_WIFI_SOFTAP_SUPPORT */ void wpa_auth_pmksa_remove(struct wpa_authenticator *wpa_auth, const u8 *sta_addr) diff --git a/components/wpa_supplicant/src/ap/wpa_auth_ie.c b/components/wpa_supplicant/src/ap/wpa_auth_ie.c index bd6919e0ce..e25223d0fe 100644 --- a/components/wpa_supplicant/src/ap/wpa_auth_ie.c +++ b/components/wpa_supplicant/src/ap/wpa_auth_ie.c @@ -311,7 +311,7 @@ int wpa_write_rsnxe(struct wpa_auth_config *conf, u8 *buf, size_t len) capab |= BIT(WLAN_RSNX_CAPAB_SAE_H2E); } - flen = (capab & 0xff00) ? 2 : 1; + flen = 1; if (!capab) return 0; /* no supported extended RSN capabilities */ if (len < 2 + flen) @@ -321,9 +321,6 @@ int wpa_write_rsnxe(struct wpa_auth_config *conf, u8 *buf, size_t len) *pos++ = WLAN_EID_RSNX; *pos++ = flen; *pos++ = capab & 0x00ff; - capab >>= 8; - if (capab) - *pos++ = capab; return pos - buf; } diff --git a/components/wpa_supplicant/src/common/sae.c b/components/wpa_supplicant/src/common/sae.c index cac3340d6e..1b20bf8393 100644 --- a/components/wpa_supplicant/src/common/sae.c +++ b/components/wpa_supplicant/src/common/sae.c @@ -2212,10 +2212,10 @@ int sae_write_confirm(struct sae_data *sae, struct wpabuf *buf) return ESP_FAIL; /* Send-Confirm */ - if (sae->send_confirm < 0xffff) - sae->send_confirm++; sc = wpabuf_put(buf, 0); wpabuf_put_le16(buf, sae->send_confirm); + if (sae->send_confirm < 0xffff) + sae->send_confirm++; if (sae->tmp->ec) { if (sae_cn_confirm_ecc(sae, sc, sae->tmp->own_commit_scalar, diff --git a/components/wpa_supplicant/src/common/wpa_common.c b/components/wpa_supplicant/src/common/wpa_common.c index a2abc8f7a2..34e704f640 100644 --- a/components/wpa_supplicant/src/common/wpa_common.c +++ b/components/wpa_supplicant/src/common/wpa_common.c @@ -493,17 +493,17 @@ int wpa_parse_wpa_ie_rsn(const u8 *rsn_ie, size_t rsn_ie_len, } if (left >= 2) { - data->num_pmkid = WPA_GET_LE16(pos); + u16 num_pmkid = WPA_GET_LE16(pos); pos += 2; left -= 2; - if (left < (int) data->num_pmkid * PMKID_LEN) { + if (num_pmkid > (unsigned int) left / PMKID_LEN) { wpa_printf(MSG_DEBUG, "%s: PMKID underflow " - "(num_pmkid=%lu left=%d)", - __func__, (unsigned long) data->num_pmkid, - left); + "(num_pmkid=%u left=%d)", + __func__, num_pmkid, left); data->num_pmkid = 0; return -9; } else { + data->num_pmkid = num_pmkid; data->pmkid = pos; pos += data->num_pmkid * PMKID_LEN; left -= data->num_pmkid * PMKID_LEN;