Merge branch 'bugfix/rrm_dpp_task_delete_v4.2' into 'release/v4.2'

Bugfix/rrm dpp task delete v4.2

See merge request espressif/esp-idf!17880

components/wpa_supplicant/include/utils/wpa_debug.h

@@ -172,7 +172,7 @@ void wpa_hexdump_ascii_key(int level, const char *title, const u8 *buf,
  *
  * Note: New line '\n' is added to the end of the text when printing to stdout.
  */
-void wpa_msg(void *ctx, int level, const char *fmt, ...) PRINTF_FORMAT(3, 4);
+#define wpa_msg(...) do {} while(0)
 
 /**
  * wpa_msg_ctrl - Conditional printf for ctrl_iface monitors

components/wpa_supplicant/include/utils/wpabuf.h

@@ -1,6 +1,6 @@
 /*
  * Dynamic data buffer
- * Copyright (c) 2007-2009, Jouni Malinen <j@w1.fi>
+ * Copyright (c) 2007-2012, Jouni Malinen <j@w1.fi>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License version 2 as
@@ -15,6 +15,9 @@
 #ifndef WPABUF_H
 #define WPABUF_H
 
+/* wpabuf::buf is a pointer to external data */
+#define WPABUF_FLAG_EXT_DATA BIT(0)
+
 /*
  * Internal data structure for wpabuf. Please do not touch this directly from
  * elsewhere. This is only defined in header file to allow inline functions
@@ -23,8 +26,8 @@
 struct wpabuf {
 	size_t size; /* total size of the allocated buffer */
 	size_t used; /* length of data in the buffer */
-	u8 *ext_data; /* pointer to external data; NULL if data follows
+	u8 *buf; /* pointer to the head of the buffer */
-		       * struct wpabuf */
+	unsigned int flags;
 	/* optionally followed by the allocated buffer */
 };
 
@@ -79,9 +82,7 @@ static inline size_t wpabuf_tailroom(const struct wpabuf *buf)
  */
 static inline const void * wpabuf_head(const struct wpabuf *buf)
 {
-	if (buf->ext_data)
+	return buf->buf;
-		return buf->ext_data;
-	return buf + 1;
 }
 
 static inline const u8 * wpabuf_head_u8(const struct wpabuf *buf)
@@ -96,9 +97,7 @@ static inline const u8 * wpabuf_head_u8(const struct wpabuf *buf)
  */
 static inline void * wpabuf_mhead(struct wpabuf *buf)
 {
-	if (buf->ext_data)
+	return buf->buf;
-		return buf->ext_data;
-	return buf + 1;
 }
 
 static inline u8 * wpabuf_mhead_u8(struct wpabuf *buf)
@@ -157,7 +156,8 @@ static inline void wpabuf_put_buf(struct wpabuf *dst,
 
 static inline void wpabuf_set(struct wpabuf *buf, const void *data, size_t len)
 {
-	buf->ext_data = (u8 *) data;
+	buf->buf = (u8 *) data;
+	buf->flags = WPABUF_FLAG_EXT_DATA;
 	buf->size = buf->used = len;
 }
 

components/wpa_supplicant/src/ap/wpa_auth.c

@@ -1590,7 +1590,7 @@ SM_STATE(WPA_PTK, PTKCALCNEGOTIATING)
     sm->pending_1_of_4_timeout = 0;
     eloop_cancel_timeout(wpa_send_eapol_timeout, sm->wpa_auth, sm);
 
-    if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt)) {
+    if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt) && sm->PMK != pmk) {
         /* PSK may have changed from the previous choice, so update
          * state machine data based on whatever PSK was selected here.
          */

components/wpa_supplicant/src/ap/wpa_auth_ie.c

@@ -353,7 +353,7 @@ int wpa_validate_wpa_ie(struct wpa_authenticator *wpa_auth,
 			const u8 *wpa_ie, size_t wpa_ie_len/*,
 			const u8 *mdie, size_t mdie_len*/)
 {
-	struct wpa_ie_data data;
+	struct wpa_ie_data data = {0};
 	int ciphers, key_mgmt, res, version;
 	u32 selector;
 

components/wpa_supplicant/src/common/dpp.c

@@ -52,10 +52,6 @@ static const struct dpp_curve_params dpp_curves[] = {
 	{ NULL, 0, 0, 0, 0, NULL, 0, NULL }
 };
 
-void wpa_msg(void *ctx, int level, const char *fmt, ...)
-{
-}
-
 static struct wpabuf *
 gas_build_req(u8 action, u8 dialog_token, size_t size)
 {
@@ -851,7 +847,7 @@ static int dpp_derive_k1(const u8 *Mx, size_t Mx_len, u8 *k1,
 
 	/* HKDF-Expand(PRK, info, L) */
 	res = dpp_hkdf_expand(hash_len, prk, hash_len, info, k1, hash_len);
-	os_memset(prk, 0, hash_len);
+	forced_memzero(prk, hash_len);
 	if (res < 0)
 		return -1;
 
@@ -880,7 +876,7 @@ static int dpp_derive_k2(const u8 *Nx, size_t Nx_len, u8 *k2,
 
 	/* HKDF-Expand(PRK, info, L) */
 	res = dpp_hkdf_expand(hash_len, prk, hash_len, info, k2, hash_len);
-	os_memset(prk, 0, hash_len);
+	forced_memzero(prk, hash_len);
 	if (res < 0)
 		return -1;
 
@@ -939,7 +935,7 @@ static int dpp_derive_ke(struct dpp_authentication *auth, u8 *ke,
 
 	/* HKDF-Expand(PRK, info, L) */
 	res = dpp_hkdf_expand(hash_len, prk, hash_len, info_ke, ke, hash_len);
-	os_memset(prk, 0, hash_len);
+	forced_memzero(prk, hash_len);
 	if (res < 0)
 		return -1;
 
@@ -3936,7 +3932,7 @@ static void dpp_build_legacy_cred_params(struct wpabuf *buf,
 		wpa_snprintf_hex(psk, sizeof(psk),
 				 conf->psk, sizeof(conf->psk));
 		json_add_string(buf, "psk_hex", psk);
-	    os_memset(psk, 0, sizeof(psk));
+		forced_memzero(psk, sizeof(psk));
 	}
 }
 
@@ -4108,6 +4104,8 @@ skip_groups:
 		goto fail;
 
 	signature = os_malloc(2 * curve->prime_len);
+	if (!signature)
+		goto fail;
 	if (dpp_bn2bin_pad(r, signature, curve->prime_len) < 0 ||
 			dpp_bn2bin_pad(s, signature + curve->prime_len,
 				curve->prime_len) < 0)
@@ -4668,6 +4666,7 @@ static struct crypto_key * dpp_parse_jwk(struct json_token *jwk,
 	struct wpabuf *x = NULL, *y = NULL, *a = NULL;
 	struct crypto_ec_group *group;
 	struct crypto_key *pkey = NULL;
+	size_t len;
 
 	token = json_get_member(jwk, "kty");
 	if (!token || token->type != JSON_STRING) {
@@ -4726,9 +4725,10 @@ static struct crypto_key * dpp_parse_jwk(struct json_token *jwk,
 		goto fail;
 	}
 
+	len = wpabuf_len(x);
 	a = wpabuf_concat(x, y);
 	pkey = crypto_ec_set_pubkey_point(group, wpabuf_head(a),
-					  wpabuf_len(x));
+					  len);
 	crypto_ec_deinit((struct crypto_ec *)group);
 	*key_curve = curve;
 
@@ -4967,8 +4967,7 @@ static void dpp_copy_netaccesskey(struct dpp_authentication *auth,
 	unsigned char *der = NULL;
 	int der_len;
 
-	crypto_ec_get_priv_key_der(auth->own_protocol_key, &der, &der_len);
+	if (crypto_ec_get_priv_key_der(auth->own_protocol_key, &der, &der_len) < 0) {
-	if (der_len <= 0) {
 		return;
 	}
 	wpabuf_free(auth->net_access_key);
@@ -5726,7 +5725,7 @@ static int dpp_derive_pmk(const u8 *Nx, size_t Nx_len, u8 *pmk,
 
 	/* HKDF-Expand(PRK, info, L) */
 	res = dpp_hkdf_expand(hash_len, prk, hash_len, info, pmk, hash_len);
-	os_memset(prk, 0, hash_len);
+	forced_memzero(prk, hash_len);
 	if (res < 0)
 		return -1;
 
@@ -5931,7 +5930,7 @@ dpp_peer_intro(struct dpp_introduction *intro, const char *own_connector,
 fail:
 	if (ret != DPP_STATUS_OK)
 		os_memset(intro, 0, sizeof(*intro));
-	os_memset(Nx, 0, sizeof(Nx));
+	forced_memzero(Nx, sizeof(Nx));
 	os_free(own_conn);
 	os_free(signed_connector);
 	os_free(info.payload);

components/wpa_supplicant/src/common/sae.c

@@ -147,7 +147,7 @@ static struct crypto_bignum * sae_get_rand(struct sae_data *sae)
 		break;
 	}
 
-	os_memset(val, 0, order_len);
+	forced_memzero(val, order_len);
 	return bn;
 }
 
@@ -675,6 +675,7 @@ static int sae_derive_commit(struct sae_data *sae)
 			 * theoretical infinite loop, break out after 100
 			 * attemps.
 			 */
+			crypto_bignum_deinit(mask, 1);
 			return ESP_FAIL;
 		}
 		if (mask) {
@@ -828,11 +829,11 @@ static int sae_derive_keys(struct sae_data *sae, const u8 *k)
 	if (sha256_prf(keyseed, sizeof(keyseed), "SAE KCK and PMK",
 		       val, sae->tmp->prime_len, keys, sizeof(keys)) < 0)
 		goto fail;
-	os_memset(keyseed, 0, sizeof(keyseed));
+	forced_memzero(keyseed, sizeof(keyseed));
 	os_memcpy(sae->tmp->kck, keys, SAE_KCK_LEN);
 	os_memcpy(sae->pmk, keys + SAE_KCK_LEN, SAE_PMK_LEN);
 	os_memcpy(sae->pmkid, val, SAE_PMKID_LEN);
-	os_memset(keys, 0, sizeof(keys));
+	forced_memzero(keys, sizeof(keys));
 	wpa_hexdump_key(MSG_DEBUG, "SAE: KCK", sae->tmp->kck, SAE_KCK_LEN);
 	wpa_hexdump_key(MSG_DEBUG, "SAE: PMK", sae->pmk, SAE_PMK_LEN);
 
@@ -1179,8 +1180,6 @@ static int sae_parse_password_identifier(struct sae_data *sae,
 				   sae->tmp->pw_id);
 			return WLAN_STATUS_UNKNOWN_PASSWORD_IDENTIFIER;
 		}
-		os_free(sae->tmp->pw_id);
-		sae->tmp->pw_id = NULL;
 		return WLAN_STATUS_SUCCESS; /* No Password Identifier */
 	}
 

components/wpa_supplicant/src/crypto/crypto_mbedtls-bignum.c

@@ -1,16 +1,8 @@
-// Copyright 2015-2020 Espressif Systems (Shanghai) PTE LTD
+/*
-//
+ * SPDX-FileCopyrightText: 2015-2021 Espressif Systems (Shanghai) CO LTD
-// Licensed under the Apache License, Version 2.0 (the "License");
+ *
-// you may not use this file except in compliance with the License.
+ * SPDX-License-Identifier: Apache-2.0
-// You may obtain a copy of the License at
+ */
-
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
 
 #ifdef ESP_PLATFORM
 #include "esp_system.h"
@@ -65,6 +57,7 @@ int crypto_bignum_to_bin(const struct crypto_bignum *a,
                          u8 *buf, size_t buflen, size_t padlen)
 {
     int num_bytes, offset;
+    int ret;
 
     if (padlen > buflen) {
         return -1;
@@ -82,9 +75,11 @@ int crypto_bignum_to_bin(const struct crypto_bignum *a,
     }
 
     os_memset(buf, 0, offset);
-    mbedtls_mpi_write_binary((mbedtls_mpi *) a, buf + offset, mbedtls_mpi_size((mbedtls_mpi *)a) );
+    MBEDTLS_MPI_CHK(mbedtls_mpi_write_binary((mbedtls_mpi *) a, buf + offset, mbedtls_mpi_size((mbedtls_mpi *)a)));
 
     return num_bytes + offset;
+cleanup:
+    return ret;
 }
 
 

components/wpa_supplicant/src/crypto/crypto_mbedtls-ec.c

@@ -1,16 +1,8 @@
-// Copyright 2015-2020 Espressif Systems (Shanghai) PTE LTD
+/*
-//
+ * SPDX-FileCopyrightText: 2015-2021 Espressif Systems (Shanghai) CO LTD
-// Licensed under the Apache License, Version 2.0 (the "License");
+ *
-// you may not use this file except in compliance with the License.
+ * SPDX-License-Identifier: Apache-2.0
-// You may obtain a copy of the License at
+ */
-
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
 
 #ifdef ESP_PLATFORM
 #include "esp_system.h"
@@ -217,6 +209,9 @@ struct crypto_ec_point *crypto_ec_point_from_bin(struct crypto_ec *e,
 	len = mbedtls_mpi_size(&e->group.P);
 
 	pt = os_zalloc(sizeof(mbedtls_ecp_point));
+	if (!pt) {
+		return NULL;
+	}
 	mbedtls_ecp_point_init(pt);
 
 	MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&pt->X, val, len));
@@ -490,11 +485,15 @@ struct crypto_key * crypto_ec_set_pubkey_point(const struct crypto_ec_group *gro
 	mbedtls_pk_context *key = (mbedtls_pk_context *)crypto_alloc_key();
 
 	if (!key) {
-		wpa_printf(MSG_ERROR, "%s: memory allocation failed\n", __func__);
+		wpa_printf(MSG_ERROR, "%s: memory allocation failed", __func__);
 		return NULL;
 	}
 
 	point = (mbedtls_ecp_point *)crypto_ec_point_from_bin((struct crypto_ec *)group, buf);
+	if (!point) {
+		wpa_printf(MSG_ERROR, "%s: Point initialization failed", __func__);
+		goto fail;
+	}
 	if (crypto_ec_point_is_at_infinity((struct crypto_ec *)group, (struct crypto_ec_point *)point)) {
 		wpa_printf(MSG_ERROR, "Point is at infinity");
 		goto fail;
@@ -509,30 +508,16 @@ struct crypto_key * crypto_ec_set_pubkey_point(const struct crypto_ec_group *gro
 		wpa_printf(MSG_ERROR, "Invalid key");
 		goto fail;
 	}
-	mbedtls_ecp_keypair *ecp_key = malloc(sizeof (*ecp_key));
-	if (!ecp_key) {
-		wpa_printf(MSG_ERROR, "key allocation failed");
-		goto fail;
-	}
-
-	/* Init keypair */
-	mbedtls_ecp_keypair_init(ecp_key);
-	// TODO Is it needed? check?
-	MBEDTLS_MPI_CHK(mbedtls_ecp_copy(&ecp_key->Q, point));
 
 	/* Assign values */
 	if( ( ret = mbedtls_pk_setup( key,
 					mbedtls_pk_info_from_type(MBEDTLS_PK_ECKEY) ) ) != 0 )
 		goto fail;
 
-	if (key->pk_ctx)
-		os_free(key->pk_ctx);
-	key->pk_ctx = ecp_key;
 	mbedtls_ecp_copy(&mbedtls_pk_ec(*key)->Q, point);
 	mbedtls_ecp_group_load(&mbedtls_pk_ec(*key)->grp, MBEDTLS_ECP_DP_SECP256R1);
 
 	pkey = (struct crypto_key *)key;
-cleanup:
 	crypto_ec_point_deinit((struct crypto_ec_point *)point, 0);
 	return pkey;
 fail:
@@ -566,7 +551,7 @@ int crypto_ec_get_priv_key_der(struct crypto_key *key, unsigned char **key_data,
 	char der_data[ECP_PRV_DER_MAX_BYTES];
 
 	*key_len = mbedtls_pk_write_key_der(pkey, (unsigned char *)der_data, ECP_PRV_DER_MAX_BYTES);
-	if (!*key_len)
+	if (*key_len <= 0)
 		return -1;
 
 	*key_data = os_malloc(*key_len);
@@ -599,12 +584,12 @@ int crypto_ec_get_publickey_buf(struct crypto_key *key, u8 *key_buf, int len)
 	mbedtls_pk_context *pkey = (mbedtls_pk_context *)key;
 	unsigned char buf[MBEDTLS_MPI_MAX_SIZE + 10]; /* tag, length + MPI */
 	unsigned char *c = buf + sizeof(buf );
-	size_t pk_len = 0;
+	int pk_len = 0;
 
 	memset(buf, 0, sizeof(buf) );
 	pk_len = mbedtls_pk_write_pubkey( &c, buf, pkey);
 
-	if (!pk_len)
+	if (pk_len < 0)
 		return -1;
 
 	if (len == 0)

components/wpa_supplicant/src/crypto/des-internal.c

@@ -419,8 +419,8 @@ void des_encrypt(const u8 *clear, const u8 *key, u8 *cypher)
 	WPA_PUT_BE32(cypher, work[0]);
 	WPA_PUT_BE32(cypher + 4, work[1]);
 
-	os_memset(pkey, 0, sizeof(pkey));
+	forced_memzero(pkey, sizeof(pkey));
-	os_memset(ek, 0, sizeof(ek));
+	forced_memzero(ek, sizeof(ek));
 }
 
 /*

components/wpa_supplicant/src/crypto/libtommath.h

@@ -1657,7 +1657,7 @@ mp_div(mp_int * a, mp_int * b, mp_int * c, mp_int * d)
   }
 	
   /* init our temps */
-  if ((res = mp_init_multi(&ta, &tb, &tq, &q, NULL) != MP_OKAY)) {
+  if ((res = mp_init_multi(&ta, &tb, &tq, &q, NULL)) != MP_OKAY) {
      return res;
   }
 

components/wpa_supplicant/src/crypto/tls_mbedtls.c

@@ -103,11 +103,9 @@ static int tls_mbedtls_write(void *ctx, const unsigned char *buf, size_t len)
 	struct tls_connection *conn = (struct tls_connection *)ctx;
 	struct tls_data *data = &conn->tls_io_data;
 
-	if (data->out_data) {
+	if (wpabuf_resize(&data->out_data, len) < 0) {
-		wpabuf_resize(&data->out_data, len);
+                return 0;
-	} else {
+        }
-		data->out_data = wpabuf_alloc(len);
-	}
 
 	wpabuf_put_data(data->out_data, buf, len);
 
@@ -807,9 +805,8 @@ static int tls_connection_prf(void *tls_ctx, struct tls_connection *conn,
 	int ret;
 	u8 seed[2 * TLS_RANDOM_LEN];
 	mbedtls_ssl_context *ssl = &conn->tls->ssl;
-	mbedtls_ssl_transform *transform = ssl->transform;
 
-	if (!ssl || !transform) {
+	if (!ssl || !ssl->transform) {
 		wpa_printf(MSG_ERROR, "TLS: %s, session ingo is null", __func__);
 		return -1;
 	}
@@ -828,10 +825,10 @@ static int tls_connection_prf(void *tls_ctx, struct tls_connection *conn,
 	wpa_hexdump_key(MSG_MSGDUMP, "random", seed, 2 * TLS_RANDOM_LEN);
 	wpa_hexdump_key(MSG_MSGDUMP, "master", ssl->session->master, TLS_MASTER_SECRET_LEN);
 
-	if (transform->ciphersuite_info->mac == MBEDTLS_MD_SHA384) {
+	if (ssl->transform->ciphersuite_info->mac == MBEDTLS_MD_SHA384) {
 		ret = tls_prf_sha384(ssl->session->master, TLS_MASTER_SECRET_LEN,
 				label, seed, 2 * TLS_RANDOM_LEN, out, out_len);
-	} else if (transform->ciphersuite_info->mac == MBEDTLS_MD_SHA256) {
+	} else if (ssl->transform->ciphersuite_info->mac == MBEDTLS_MD_SHA256) {
 		ret = tls_prf_sha256(ssl->session->master, TLS_MASTER_SECRET_LEN,
 				label, seed, 2 * TLS_RANDOM_LEN, out, out_len);
 	} else {

components/wpa_supplicant/src/esp_supplicant/esp_hostap.c

@@ -102,33 +102,29 @@ bool hostap_deinit(void *data)
         return true;
     }
 
-    if (hapd->wpa_auth->wpa_ie != NULL) {
-        os_free(hapd->wpa_auth->wpa_ie);
-    }
-
-    if (hapd->wpa_auth->group != NULL) {
-        os_free(hapd->wpa_auth->group);
-    }
-
     if (hapd->wpa_auth != NULL) {
+        if (hapd->wpa_auth->wpa_ie != NULL) {
+            os_free(hapd->wpa_auth->wpa_ie);
+        }
+
+        if (hapd->wpa_auth->group != NULL) {
+            os_free(hapd->wpa_auth->group);
+        }
         os_free(hapd->wpa_auth);
     }
 
-    if (hapd->conf->ssid.wpa_psk != NULL) {
-        os_free(hapd->conf->ssid.wpa_psk);
-    }
-
-    if (hapd->conf->ssid.wpa_passphrase != NULL) {
-        os_free(hapd->conf->ssid.wpa_passphrase);
-    }
-
     if (hapd->conf != NULL) {
+        if (hapd->conf->ssid.wpa_psk != NULL) {
+            os_free(hapd->conf->ssid.wpa_psk);
+        }
+
+        if (hapd->conf->ssid.wpa_passphrase != NULL) {
+            os_free(hapd->conf->ssid.wpa_passphrase);
+        }
         os_free(hapd->conf);
     }
 
-    if (hapd != NULL) {
+    os_free(hapd);
-        os_free(hapd);
-    }
 
     esp_wifi_unset_appie_internal(WIFI_APPIE_WPA);
 

components/wpa_supplicant/src/esp_supplicant/esp_wpa2.c

@@ -72,7 +72,7 @@ static int wpa2_start_eapol_internal(void);
 int wpa2_post(uint32_t sig, uint32_t par);
 
 #ifdef USE_WPA2_TASK
-static void *s_wpa2_task_hdl = NULL;
+static TaskHandle_t s_wpa2_task_hdl = NULL;
 static void *s_wpa2_queue = NULL;
 static wpa2_state_t s_wpa2_state = WPA2_STATE_DISABLED;
 static void *s_wpa2_api_lock = NULL;
@@ -491,33 +491,24 @@ build_nak:
     if (resp == NULL) {
         return ESP_FAIL;
     }
-    ret = ESP_FAIL;
-
 send_resp:
     if (resp == NULL) {
         wpa_printf(MSG_ERROR, "Response build fail, return.");
-        wpabuf_free(sm->lastRespData);
+        return ESP_FAIL;
-        sm->lastRespData = resp;
-        wpa2_set_eap_state(WPA2_ENT_EAP_STATE_FAIL);
-        return WPA2_ENT_EAP_STATE_FAIL;
     }
     ret = eap_sm_send_eapol(sm, resp);
-    if (ret == ESP_OK) {
+    if (resp != sm->lastRespData) {
-        if (resp != sm->lastRespData) {
-            wpabuf_free(sm->lastRespData);
-            sm->lastRespData = resp;
-        }
-    } else {
         wpabuf_free(sm->lastRespData);
-        sm->lastRespData = NULL;
+    }
+    if (ret != ESP_OK) {
         wpabuf_free(resp);
         resp = NULL;
-
         if (ret == WPA_ERR_INVALID_BSSID) {
             ret = WPA2_ENT_EAP_STATE_FAIL;
             wpa2_set_eap_state(WPA2_ENT_EAP_STATE_FAIL);
         }
     }
+    sm->lastRespData = resp;
 out:
     return ret;
 }
@@ -757,14 +748,16 @@ static int eap_peer_sm_init(void)
 
     sm = (struct eap_sm *)os_zalloc(sizeof(*sm));
     if (sm == NULL) {
-        return ESP_ERR_NO_MEM;
+        ret = ESP_ERR_NO_MEM;
+        return ret;
     }
 
+    gEapSm = sm;
     s_wpa2_data_lock = xSemaphoreCreateRecursiveMutex();
     if (!s_wpa2_data_lock) {
-	free(sm);
         wpa_printf(MSG_ERROR, "wpa2 eap_peer_sm_init: failed to alloc data lock");
-	return ESP_ERR_NO_MEM;
+        ret = ESP_ERR_NO_MEM;
+	goto _err;
     }
 
     wpa2_set_eap_state(WPA2_ENT_EAP_STATE_NOT_START);
@@ -773,53 +766,51 @@ static int eap_peer_sm_init(void)
     ret = eap_peer_blob_init(sm);
     if (ret) {
         wpa_printf(MSG_ERROR, "eap_peer_blob_init failed\n");
-        os_free(sm);
+        ret = ESP_FAIL;
-        vSemaphoreDelete(s_wpa2_data_lock);
+        goto _err;
-        return ESP_FAIL;
     }
 
     ret = eap_peer_config_init(sm, g_wpa_private_key_passwd, g_wpa_private_key_passwd_len);
     if (ret) {
         wpa_printf(MSG_ERROR, "eap_peer_config_init failed\n");
-        eap_peer_blob_deinit(sm);
+        ret = ESP_FAIL;
-        os_free(sm);
+        goto _err;
-        vSemaphoreDelete(s_wpa2_data_lock);
-        return ESP_FAIL;
     }
 
     sm->ssl_ctx = tls_init();
     if (sm->ssl_ctx == NULL) {
         wpa_printf(MSG_WARNING, "SSL: Failed to initialize TLS "
                    "context.");
-        eap_peer_blob_deinit(sm);
+        ret = ESP_FAIL;
-        eap_peer_config_deinit(sm);
+        goto _err;
-        os_free(sm);
-        vSemaphoreDelete(s_wpa2_data_lock);
-        return ESP_FAIL;
     }
 
     wpa2_rxq_init();
 
     gEapSm = sm;
 #ifdef USE_WPA2_TASK
-    s_wpa2_queue = xQueueCreate(SIG_WPA2_MAX, sizeof( void * ) );
+    s_wpa2_queue = xQueueCreate(SIG_WPA2_MAX, sizeof( s_wpa2_queue ) );
-    xTaskCreate(wpa2_task, "wpa2T", WPA2_TASK_STACK_SIZE, NULL, 2, s_wpa2_task_hdl);
+    ret = xTaskCreate(wpa2_task, "wpa2T", WPA2_TASK_STACK_SIZE, NULL, 2, &s_wpa2_task_hdl);
+    if (ret != pdPASS) {
+        wpa_printf(MSG_ERROR, "wps enable: failed to create task");
+        ret = ESP_FAIL;
+        goto _err;
+    }
     s_wifi_wpa2_sync_sem = xSemaphoreCreateCounting(1, 0);
     if (!s_wifi_wpa2_sync_sem) {
-        vQueueDelete(s_wpa2_queue);
-        s_wpa2_queue = NULL;
-        eap_peer_blob_deinit(sm);
-        eap_peer_config_deinit(sm);
-        os_free(sm);
-        vSemaphoreDelete(s_wpa2_data_lock);
         wpa_printf(MSG_ERROR, "WPA2: failed create wifi wpa2 task sync sem");
-        return ESP_FAIL;
+        ret = ESP_FAIL;
+        goto _err;
     }
 
     wpa_printf(MSG_INFO, "wpa2_task prio:%d, stack:%d\n", 2, WPA2_TASK_STACK_SIZE);
 
 #endif
     return ESP_OK;
+
+_err:
+    eap_peer_sm_deinit();
+    return ret;
 }
 
 /**
@@ -852,8 +843,8 @@ static void eap_peer_sm_deinit(void)
 
     if (s_wifi_wpa2_sync_sem) {
         vSemaphoreDelete(s_wifi_wpa2_sync_sem);
+        s_wifi_wpa2_sync_sem = NULL;
     }
-    s_wifi_wpa2_sync_sem = NULL;
 
     if (s_wpa2_data_lock) {
         vSemaphoreDelete(s_wpa2_data_lock);
@@ -861,6 +852,10 @@ static void eap_peer_sm_deinit(void)
         wpa_printf(MSG_DEBUG, "wpa2 eap_peer_sm_deinit: free data lock");
     }
 
+    if (s_wpa2_queue) {
+        vQueueDelete(s_wpa2_queue);
+        s_wpa2_queue = NULL;
+    }
     os_free(sm);
     gEapSm = NULL;
 }

components/wpa_supplicant/src/esp_supplicant/esp_wps.c

@@ -517,15 +517,16 @@ wps_build_ic_appie_wps_pr(void)
                  0, NULL);
     }
 
-    if (wps_ie) {
+    if (!wps_ie) {
-        if (wpabuf_resize(&extra_ie, wpabuf_len(wps_ie)) == 0) {
+        return;
-            wpabuf_put_buf(extra_ie, wps_ie);
-        } else {
-            wpabuf_free(wps_ie);
-            return;
-        }
-        wpabuf_free(wps_ie);
     }
+    if (wpabuf_resize(&extra_ie, wpabuf_len(wps_ie)) == 0) {
+        wpabuf_put_buf(extra_ie, wps_ie);
+    } else {
+        wpabuf_free(wps_ie);
+        return;
+    }
+    wpabuf_free(wps_ie);
 
     esp_wifi_set_appie_internal(WIFI_APPIE_WPS_PR, (uint8_t *)wpabuf_head(extra_ie), extra_ie->used, 0);
     wpabuf_free(extra_ie);
@@ -647,7 +648,8 @@ int wps_send_eap_identity_rsp(u8 id)
     ret = esp_wifi_get_assoc_bssid_internal(bssid);
     if (ret != 0) {
         wpa_printf(MSG_ERROR, "bssid is empty!");
-        return ESP_FAIL;
+        ret = ESP_FAIL;
+        goto _err;
     }
 
     wpabuf_put_data(eap_buf, sm->identity, sm->identity_len);
@@ -982,13 +984,6 @@ int wps_finish(void)
     }
 
     if (sm->wps->state == WPS_FINISHED) {
-        wifi_config_t *config = (wifi_config_t *)os_zalloc(sizeof(wifi_config_t));
-
-        if (config == NULL) {
-            wifi_event_sta_wps_fail_reason_t reason_code = WPS_FAIL_REASON_NORMAL;
-            esp_event_send_internal(WIFI_EVENT, WIFI_EVENT_STA_WPS_ER_FAILED, &reason_code, sizeof(reason_code), portMAX_DELAY);
-            return ESP_FAIL;
-        }
 
         wpa_printf(MSG_DEBUG, "wps finished------>");
         wps_set_status(WPS_STATUS_SUCCESS);
@@ -997,6 +992,14 @@ int wps_finish(void)
         ets_timer_disarm(&sm->wps_msg_timeout_timer);
 
         if (sm->ap_cred_cnt == 1) {
+            wifi_config_t *config = (wifi_config_t *)os_zalloc(sizeof(wifi_config_t));
+
+            if (config == NULL) {
+                wifi_event_sta_wps_fail_reason_t reason_code = WPS_FAIL_REASON_NORMAL;
+                esp_event_send_internal(WIFI_EVENT, WIFI_EVENT_STA_WPS_ER_FAILED, &reason_code, sizeof(reason_code), portMAX_DELAY);
+                return ESP_FAIL;
+            }
+
             os_memset(config, 0x00, sizeof(wifi_sta_config_t));
             os_memcpy(config->sta.ssid, sm->ssid[0], sm->ssid_len[0]);
             os_memcpy(config->sta.password, sm->key[0], sm->key_len[0]);
@@ -1406,6 +1409,9 @@ int wps_dev_init(void)
     return ESP_OK;
 
 _out:
+    if (!dev) {
+        return ret;
+    }
     if (dev->manufacturer) {
         os_free(dev->manufacturer);
     }
@@ -1594,7 +1600,7 @@ wifi_station_wps_init(void)
 
     gWpsSm = (struct wps_sm *)os_zalloc(sizeof(struct wps_sm));   /* alloc Wps_sm */
     if (!gWpsSm) {
-        goto _err;
+        goto _out;
     }
 
     sm = gWpsSm;
@@ -1680,10 +1686,8 @@ _err:
         wps_deinit();
         sm->wps = NULL;
     }
-    if (sm) {
+    os_free(gWpsSm);
-        os_free(gWpsSm);
+    gWpsSm = NULL;
-        gWpsSm = NULL;
-    }
     return ESP_FAIL;
 _out:
     return ESP_FAIL;
@@ -1736,10 +1740,8 @@ wifi_station_wps_deinit(void)
         wps_deinit();
         sm->wps = NULL;
     }
-    if (sm) {
+    os_free(gWpsSm);
-        os_free(gWpsSm);
+    gWpsSm = NULL;
-        gWpsSm = NULL;
-    }
 
     return ESP_OK;
 }
@@ -1977,7 +1979,7 @@ int wps_task_init(void)
     }
 
     os_bzero(s_wps_sig_cnt, SIG_WPS_NUM);
-    s_wps_queue = xQueueCreate(SIG_WPS_NUM, sizeof( void * ) );
+    s_wps_queue = xQueueCreate(SIG_WPS_NUM, sizeof(s_wps_queue) );
     if (!s_wps_queue) {
         wpa_printf(MSG_ERROR, "wps task init: failed to alloc queue");
         goto _wps_no_mem;

components/wpa_supplicant/src/rsn_supp/pmksa_cache.c

@@ -513,7 +513,10 @@ pmksa_cache_init(void (*free_cb)(struct rsn_pmksa_cache_entry *entry,
             .dispatch_method = ESP_TIMER_TASK,
             .name = "pmksa_timeout_timer"
         };
-        esp_timer_create(&pmksa_cache_timeout_timer_create, &(pmksa->cache_timeout_timer));
+        if (esp_timer_create(&pmksa_cache_timeout_timer_create, &(pmksa->cache_timeout_timer)) != ESP_OK) {
+            os_free(pmksa);
+            pmksa = NULL;
+        }
     }
 
     return pmksa;

components/wpa_supplicant/src/rsn_supp/wpa.c

@@ -2197,7 +2197,9 @@ wpa_set_passphrase(char * passphrase, u8 *ssid, size_t ssid_len)
     if (esp_wifi_sta_get_reset_param_internal() != 0) {
         // check it's psk
         if (strlen((char *)esp_wifi_sta_get_prof_password_internal()) == 64) {
-            hexstr2bin((char *)esp_wifi_sta_get_prof_password_internal(), esp_wifi_sta_get_ap_info_prof_pmk_internal(), PMK_LEN);
+            if (hexstr2bin((char *)esp_wifi_sta_get_prof_password_internal(), esp_wifi_sta_get_ap_info_prof_pmk_internal(), PMK_LEN) != 0) {
+                return;
+            }
         } else {
         pbkdf2_sha1((char *)esp_wifi_sta_get_prof_password_internal(), (char *)sta_ssid->ssid, (size_t)sta_ssid->len,
             4096, esp_wifi_sta_get_ap_info_prof_pmk_internal(), PMK_LEN);

components/wpa_supplicant/src/tls/libtommath.h

@@ -1653,7 +1653,7 @@ mp_div(mp_int * a, mp_int * b, mp_int * c, mp_int * d)
   }
 	
   /* init our temps */
-  if ((res = mp_init_multi(&ta, &tb, &tq, &q, NULL) != MP_OKAY)) {
+  if ((res = mp_init_multi(&ta, &tb, &tq, &q, NULL)) != MP_OKAY) {
      return res;
   }
 

components/wpa_supplicant/src/utils/wpabuf.c

@@ -1,6 +1,6 @@
 /*
  * Dynamic data buffer
- * Copyright (c) 2007-2009, Jouni Malinen <j@w1.fi>
+ * Copyright (c) 2007-2012, Jouni Malinen <j@w1.fi>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License version 2 as
@@ -72,12 +72,12 @@ int wpabuf_resize(struct wpabuf **_buf, size_t add_len)
 
 	if (buf->used + add_len > buf->size) {
 		unsigned char *nbuf;
-		if (buf->ext_data) {
+		if (buf->flags & WPABUF_FLAG_EXT_DATA) {
-			nbuf = (unsigned char*)os_realloc(buf->ext_data, buf->used + add_len);
+			nbuf = os_realloc(buf->buf, buf->used + add_len);
 			if (nbuf == NULL)
 				return -1;
 			memset(nbuf + buf->used, 0, add_len);
-			buf->ext_data = nbuf;
+			buf->buf = nbuf;
 		} else {
 #ifdef WPA_TRACE
 			nbuf = os_realloc(trace, sizeof(struct wpabuf_trace) +
@@ -99,6 +99,7 @@ int wpabuf_resize(struct wpabuf **_buf, size_t add_len)
 			memset(nbuf + sizeof(struct wpabuf) + buf->used, 0,
 				  add_len);
 #endif /* WPA_TRACE */
+			buf->buf = (u8 *) (buf + 1);
 			*_buf = buf;
 		}
 		buf->size = buf->used + add_len;
@@ -130,6 +131,7 @@ struct wpabuf * wpabuf_alloc(size_t len)
 #endif /* WPA_TRACE */
 
 	buf->size = len;
+	buf->buf = (u8 *) (buf + 1);
 	return buf;
 }
 
@@ -151,7 +153,8 @@ struct wpabuf * wpabuf_alloc_ext_data(u8 *data, size_t len)
 
 	buf->size = len;
 	buf->used = len;
-	buf->ext_data = data;
+	buf->buf = data;
+	buf->flags |= WPABUF_FLAG_EXT_DATA;
 
 	return buf;
 }
@@ -191,12 +194,14 @@ void wpabuf_free(struct wpabuf *buf)
 			   trace->magic);
 		abort();
 	}
-	os_free(buf->ext_data);
+	if (buf->flags & WPABUF_FLAG_EXT_DATA)
+		os_free(buf->buf);
 	os_free(trace);
 #else /* WPA_TRACE */
 	if (buf == NULL)
 		return;
-	os_free(buf->ext_data);
+	if (buf->flags & WPABUF_FLAG_EXT_DATA)
+		os_free(buf->buf);
 	os_free(buf);
 #endif /* WPA_TRACE */
 }

components/wpa_supplicant/src/wps/wps.c

@@ -71,6 +71,9 @@ int wps_is_selected_pbc_registrar(const struct wpabuf *msg)
 {
     struct wps_parse_attr *attr = (struct wps_parse_attr *)os_zalloc(sizeof(struct wps_parse_attr));
 
+    if (!attr)
+        return 0;
+
     /*
      * In theory, this could also verify that attr.sel_reg_config_methods
      * includes WPS_CONFIG_PUSHBUTTON, but some deployed AP implementations

components/wpa_supplicant/src/wps/wps_registrar.c

@@ -1652,7 +1652,7 @@ int wps_build_cred(struct wps_data *wps, struct wpabuf *msg)
 		os_memcpy(wps->cred.key, wps->new_psk, wps->new_psk_len);	// NOLINT(clang-analyzer-unix.Malloc)
 		wps->cred.key_len = wps->new_psk_len;
 	} else if (wps->use_psk_key && wps->wps->psk_set) {
-		char hex[65];
+		char hex[65] = {0};
 		wpa_printf(MSG_DEBUG,  "WPS: Use PSK format for Network Key");
 		os_memcpy(wps->cred.key, hex, 32 * 2);
 		wps->cred.key_len = 32 * 2;

components/wpa_supplicant/test/test_sae.c

@@ -1,16 +1,8 @@
-// Copyright 2015-2018 Espressif Systems (Shanghai) PTE LTD
+/*
-//
+ * SPDX-FileCopyrightText: 2015-2021 Espressif Systems (Shanghai) CO LTD
-// Licensed under the Apache License, Version 2.0 (the "License");
+ *
-// you may not use this file except in compliance with the License.
+ * SPDX-License-Identifier: Apache-2.0
-// You may obtain a copy of the License at
+ */
-
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
 
 #ifdef CONFIG_WPA3_SAE
 
@@ -34,6 +26,7 @@ static struct wpabuf *wpabuf_alloc2(size_t len)
     if (buf == NULL)
         return NULL;
     buf->size = len;
+    buf->buf = (u8 *)(buf+1);
     return buf;
 }
 
@@ -45,7 +38,6 @@ void wpabuf_free2(struct wpabuf *buf)
 {
     if (buf == NULL)
         return;
-    os_free(buf->ext_data);
     os_free(buf);
 }