Merge branch 'bugfix/supplicant_issues' into 'master'

fix some supplicant issues

Closes WIFI-4446 and WIFI-4445

See merge request espressif/esp-idf!18362

components/wpa_supplicant/esp_supplicant/include/esp_wpa.h

@@ -26,7 +26,7 @@ extern "C" {
   */
 
 /** \defgroup WPA_APIs  WPS APIs
-  * @brief ESP32 Supplicant APIs
+  * @brief Supplicant APIs
   *
   */
 

components/wpa_supplicant/esp_supplicant/include/esp_wpa2.h

@@ -32,7 +32,7 @@ extern "C" {
 /**
   * @brief  Enable wpa2 enterprise authentication.
   *
-  * @attention 1. wpa2 enterprise authentication can only be used when ESP32 station is enabled.
+  * @attention 1. wpa2 enterprise authentication can only be used when station mode is enabled.
   * @attention 2. wpa2 enterprise authentication can only support TLS, PEAP-MSCHAPv2 and TTLS-MSCHAPv2 method.
   *
   * @return
@@ -44,7 +44,7 @@ esp_err_t esp_wifi_sta_wpa2_ent_enable(void);
 /**
   * @brief  Disable wpa2 enterprise authentication.
   *
-  * @attention 1. wpa2 enterprise authentication can only be used when ESP32 station is enabled.
+  * @attention 1. wpa2 enterprise authentication can only be used when station mode is enabled.
   * @attention 2. wpa2 enterprise authentication can only support TLS, PEAP-MSCHAPv2 and TTLS-MSCHAPv2 method.
   *
   * @return

components/wpa_supplicant/esp_supplicant/include/esp_wps.h

@@ -63,7 +63,7 @@ typedef struct {
     .wps_type = type, \
     .factory_info = {   \
         ESP_COMPILER_DESIGNATED_INIT_AGGREGATE_TYPE_STR(manufacturer, "ESPRESSIF")  \
-        ESP_COMPILER_DESIGNATED_INIT_AGGREGATE_TYPE_STR(model_number, "ESP32")  \
+        ESP_COMPILER_DESIGNATED_INIT_AGGREGATE_TYPE_STR(model_number, CONFIG_IDF_TARGET)  \
         ESP_COMPILER_DESIGNATED_INIT_AGGREGATE_TYPE_STR(model_name, "ESPRESSIF IOT")  \
         ESP_COMPILER_DESIGNATED_INIT_AGGREGATE_TYPE_STR(device_name, "ESP DEVICE")  \
     },  \

components/wpa_supplicant/esp_supplicant/src/esp_dpp.c

@@ -554,7 +554,7 @@ esp_supp_dpp_bootstrap_gen(const char *chan_list, enum dpp_bootstrap_type type,
         }
     }
 
-    sprintf(command, "type=qrcode mac=" MACSTR "%s%s%s%s%s",
+    os_snprintf(command, 1200, "type=qrcode mac=" MACSTR "%s%s%s%s%s",
             MAC2STR(params->mac), uri_chan_list,
             key ? "key=" : "", key ? key : "",
             params->info_len ? " info=" : "",

components/wpa_supplicant/esp_supplicant/src/esp_wpa2.c

@@ -1153,12 +1153,14 @@ esp_err_t esp_wifi_sta_wpa2_ent_set_fast_phase1_params(esp_eap_fast_config confi
 {
     char config_for_supplicant[PHASE1_PARAM_STRING_LEN] = "";
     if ((config.fast_provisioning > -1) && (config.fast_provisioning <= 2)) {
-        os_sprintf((char *) &config_for_supplicant, "fast_provisioning=%d ", config.fast_provisioning);
+        os_snprintf((char *) &config_for_supplicant, PHASE1_PARAM_STRING_LEN, "fast_provisioning=%d ", config.fast_provisioning);
     } else {
         return ESP_ERR_INVALID_ARG;
     }
     if (config.fast_max_pac_list_len && config.fast_max_pac_list_len < 100) {
-        os_sprintf((char *) &config_for_supplicant + strlen(config_for_supplicant), "fast_max_pac_list_len=%d ", config.fast_max_pac_list_len);
+        os_snprintf((char *) &config_for_supplicant + strlen(config_for_supplicant),
+                   PHASE1_PARAM_STRING_LEN - strlen(config_for_supplicant),
+                   "fast_max_pac_list_len=%d ", config.fast_max_pac_list_len);
     } else if (config.fast_max_pac_list_len >= 100) {
         return ESP_ERR_INVALID_ARG;
     }

components/wpa_supplicant/esp_supplicant/src/esp_wps.c

@@ -29,6 +29,20 @@
 #include "eap_common/eap_wsc_common.h"
 #include "esp_wpas_glue.h"
 
+#if CONFIG_IDF_TARGET_ESP32
+const char *wps_model_number = "ESP32";
+#elif CONFIG_IDF_TARGET_ESP32S2
+const char *wps_model_number = "ESP32S2";
+#elif CONFIG_IDF_TARGET_ESP32S3
+const char *wps_model_number = "ESP32S3";
+#elif CONFIG_IDF_TARGET_ESP32C3
+const char *wps_model_number = "ESP32C3";
+#elif CONFIG_IDF_TARGET_ESP32C2
+const char *wps_model_number = "ESP32C2";
+#elif CONFIG_IDF_TARGET_ESP32H2
+const char *wps_model_number = "ESP32H2";
+#endif
+
 void *s_wps_api_lock = NULL;  /* Used in WPS public API only, never be freed */
 void *s_wps_api_sem = NULL;   /* Sync semaphore used between WPS publi API caller task and WPS task */
 bool s_wps_enabled = false;
@@ -392,7 +406,7 @@ wps_parse_scan_result(struct wps_scan_ie *scan)
             wpabuf_free(buf);
             esp_wifi_enable_sta_privacy_internal();
             os_memset(sm->ssid[0], 0, SSID_MAX_LEN);
-            strncpy((char *)sm->ssid[0], (char *)&scan->ssid[2], (int)scan->ssid[1]);
+            os_strlcpy((char *)sm->ssid[0], (char *)&scan->ssid[2], (int)scan->ssid[1]);
             sm->ssid_len[0] = scan->ssid[1];
             if (scan->bssid && memcmp(sm->bssid, scan->bssid, ETH_ALEN) != 0) {
                 wpa_printf(MSG_INFO, "sm BSSid: "MACSTR " scan BSSID " MACSTR "\n",
@@ -1052,10 +1066,10 @@ int wps_set_default_factory(void)
         }
     }
 
-    sprintf(s_factory_info->manufacturer, "ESPRESSIF");
-    sprintf(s_factory_info->model_name, "ESPRESSIF IOT");
-    sprintf(s_factory_info->model_number, "ESP32");
-    sprintf(s_factory_info->device_name, "ESP32 STATION");
+    os_snprintf(s_factory_info->manufacturer, WPS_MAX_MANUFACTURER_LEN, "ESPRESSIF");
+    os_snprintf(s_factory_info->model_name, WPS_MAX_MODEL_NUMBER_LEN, "ESPRESSIF IOT");
+    os_snprintf(s_factory_info->model_number, WPS_MAX_MODEL_NAME_LEN, wps_model_number);
+    os_snprintf(s_factory_info->device_name, WPS_MAX_DEVICE_NAME_LEN, "%s STATION", wps_model_number);
 
     return ESP_OK;
 }
@@ -1129,35 +1143,35 @@ int wps_dev_init(void)
         ret = ESP_FAIL;
         goto _out;
     }
-    sprintf(dev->manufacturer, s_factory_info->manufacturer);
+    os_snprintf(dev->manufacturer, WPS_MAX_MANUFACTURER_LEN, s_factory_info->manufacturer);
 
     dev->model_name = os_zalloc(WPS_MAX_MODEL_NAME_LEN);
     if (!dev->model_name) {
         ret = ESP_FAIL;
         goto _out;
     }
-    sprintf(dev->model_name, s_factory_info->model_name);
+    os_snprintf(dev->model_name, WPS_MAX_MODEL_NAME_LEN, s_factory_info->model_name);
 
     dev->model_number = os_zalloc(WPS_MAX_MODEL_NAME_LEN);
     if (!dev->model_number) {
         ret = ESP_FAIL;
         goto _out;
     }
-    sprintf(dev->model_number, s_factory_info->model_number);
+    os_snprintf(dev->model_number, WPS_MAX_MODEL_NAME_LEN, s_factory_info->model_number);
 
     dev->device_name = os_zalloc(WPS_MAX_DEVICE_NAME_LEN);
     if (!dev->device_name) {
         ret = ESP_FAIL;
         goto _out;
     }
-    sprintf(dev->device_name, s_factory_info->device_name);
+    os_snprintf(dev->device_name, WPS_MAX_DEVICE_NAME_LEN, s_factory_info->device_name);
 
     dev->serial_number = os_zalloc(16);
     if (!dev->serial_number) {
         ret = ESP_FAIL;
         goto _out;
     }
-    sprintf(dev->serial_number, "%02x%02x%02x%02x%02x%02x",
+    os_snprintf(dev->serial_number, 16, "%02x%02x%02x%02x%02x%02x",
             sm->ownaddr[0], sm->ownaddr[1], sm->ownaddr[2],
             sm->ownaddr[3], sm->ownaddr[4], sm->ownaddr[5]);
 
@@ -1356,7 +1370,7 @@ int wps_init_cfg_pin(struct wps_config *cfg)
         if (wps_generate_pin(&spin) < 0) {
             return -1;
 	}
-        os_sprintf((char *)cfg->pin, "%08d", spin);
+        os_snprintf((char *)cfg->pin, 9, "%08d", spin);
     }
 
     return 0;
@@ -1553,7 +1567,7 @@ wifi_wps_scan_done(void *arg, STATUS status)
         esp_wifi_disconnect();
 
         os_memcpy(wifi_config.sta.bssid, sm->bssid, ETH_ALEN);
-        os_strncpy((char *)wifi_config.sta.ssid, (char *)sm->ssid[0], sm->ssid_len[0]);
+        os_strlcpy((char *)wifi_config.sta.ssid, (char *)sm->ssid[0], sm->ssid_len[0]);
         wifi_config.sta.bssid_set = 1;
         wpa_printf(MSG_INFO, "WPS: connecting to %s, bssid=" MACSTR,
                    (char *)sm->ssid[0], MAC2STR(wifi_config.sta.bssid));

components/wpa_supplicant/port/include/os.h

@@ -281,9 +281,6 @@ char * ets_strdup(const char *s);
 #ifndef os_strncmp
 #define os_strncmp(s1, s2, n) strncmp((s1), (s2), (n))
 #endif
-#ifndef os_strncpy
-#define os_strncpy(d, s, n) strncpy((d), (s), (n))
-#endif
 #ifndef os_strrchr
 #define os_strrchr(s, c)  strrchr((s), (c))
 #endif

components/wpa_supplicant/src/ap/hostapd.h

@@ -93,8 +93,8 @@ struct hostapd_data {
 
 	u8 own_addr[ETH_ALEN];
 	struct sta_info *sta_list; /* STA info list head */
-#define STA_HASH_SIZE 10
-#define STA_HASH(sta) (sta[5] & 0xa)
+#define STA_HASH_SIZE 16
+#define STA_HASH(sta) (sta[5] & 0xf)
 	struct sta_info *sta_hash[STA_HASH_SIZE];
 	int num_sta; /* number of entries in sta_list */
 

components/wpa_supplicant/src/ap/wpa_auth.c

@@ -37,7 +37,6 @@
 #define STATE_MACHINE_ADDR sm->addr
 
 
-static void wpa_send_eapol_timeout(void *eloop_ctx, void *timeout_ctx);
 static int wpa_sm_step(struct wpa_state_machine *sm);
 static int wpa_verify_key_mic(int akmp, struct wpa_ptk *PTK, u8 *data,
 			      size_t data_len);
@@ -805,7 +804,7 @@ continue_processing:
             return;
         }
         sm->MICVerified = TRUE;
-        eloop_cancel_timeout(wpa_send_eapol_timeout, wpa_auth, sm);
+        eloop_cancel_timeout(resend_eapol_handle, (void*)(sm->index), NULL);
         sm->pending_1_of_4_timeout = 0;
     }
 
@@ -916,16 +915,6 @@ static int wpa_gmk_to_gtk(const u8 *gmk, const char *label, const u8 *addr,
 }
 
 
-static void wpa_send_eapol_timeout(void *eloop_ctx, void *timeout_ctx)
-{
-    struct wpa_state_machine *sm = timeout_ctx;
-
-    sm->pending_1_of_4_timeout = 0;
-    sm->TimeoutEvt = TRUE;
-    wpa_sm_step(sm);
-}
-
-
 void __wpa_send_eapol(struct wpa_authenticator *wpa_auth,
               struct wpa_state_machine *sm, int key_info,
               const u8 *key_rsc, const u8 *nonce,
@@ -1060,6 +1049,7 @@ void __wpa_send_eapol(struct wpa_authenticator *wpa_auth,
             os_free(hdr);
             return;
         }
+        os_free(buf);
     }
 
     if (key_info & WPA_KEY_INFO_MIC) {
@@ -1548,7 +1538,7 @@ SM_STATE(WPA_PTK, PTKCALCNEGOTIATING)
 #endif /* CONFIG_IEEE80211R_AP */
 
     sm->pending_1_of_4_timeout = 0;
-    eloop_cancel_timeout(wpa_send_eapol_timeout, sm->wpa_auth, sm);
+    eloop_cancel_timeout(resend_eapol_handle, (void*)(sm->index), NULL);
 
     if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt) && sm->PMK != pmk) {
         /* PSK may have changed from the previous choice, so update

components/wpa_supplicant/src/common/sae.c

@@ -815,8 +815,10 @@ static int sae_derive_keys(struct sae_data *sae, const u8 *k)
 	 */
 
 	os_memset(null_key, 0, sizeof(null_key));
-	hmac_sha256(null_key, sizeof(null_key), k, sae->tmp->prime_len,
-		    keyseed);
+	if (hmac_sha256(null_key, sizeof(null_key), k, sae->tmp->prime_len,
+			keyseed) < 0)
+		goto fail;
+
 	wpa_hexdump_key(MSG_DEBUG, "SAE: keyseed", keyseed, sizeof(keyseed));
 
 	crypto_bignum_add(sae->tmp->own_commit_scalar, sae->peer_commit_scalar,

components/wpa_supplicant/src/eap_peer/eap.c

@@ -661,7 +661,7 @@ int eap_peer_blob_init(struct eap_sm *sm)
 			ret = -2;
 			goto _out;
 		}
-		os_strncpy(sm->blob[0].name, CLIENT_CERT_NAME, BLOB_NAME_LEN+1);
+		os_strlcpy(sm->blob[0].name, CLIENT_CERT_NAME, BLOB_NAME_LEN+1);
 		sm->blob[0].len = g_wpa_client_cert_len;
 		sm->blob[0].data = g_wpa_client_cert;
 	}
@@ -672,7 +672,7 @@ int eap_peer_blob_init(struct eap_sm *sm)
 			ret = -2;
 			goto _out;
 		}
-		os_strncpy(sm->blob[1].name, PRIVATE_KEY_NAME, BLOB_NAME_LEN+1);
+		os_strlcpy(sm->blob[1].name, PRIVATE_KEY_NAME, BLOB_NAME_LEN+1);
 		sm->blob[1].len = g_wpa_private_key_len;
 		sm->blob[1].data = g_wpa_private_key;
 	}
@@ -683,7 +683,7 @@ int eap_peer_blob_init(struct eap_sm *sm)
 			ret = -2;
 			goto _out;
 		}
-		os_strncpy(sm->blob[2].name, CA_CERT_NAME, BLOB_NAME_LEN+1);
+		os_strlcpy(sm->blob[2].name, CA_CERT_NAME, BLOB_NAME_LEN+1);
 		sm->blob[2].len = g_wpa_ca_cert_len;
 		sm->blob[2].data = g_wpa_ca_cert;
 	}
@@ -694,7 +694,7 @@ int eap_peer_blob_init(struct eap_sm *sm)
 			ret = -2;
 			goto _out;
 		}
-		os_strncpy(sm->blob[3].name, "blob://", 8);
+		os_strlcpy(sm->blob[3].name, "blob://", 8);
 		sm->blob[3].len = g_wpa_pac_file_len;
 		sm->blob[3].data = g_wpa_pac_file;
 	}

components/wpa_supplicant/src/eap_peer/eap_peap.c

@@ -1115,9 +1115,9 @@ static struct wpabuf * eap_peap_process(struct eap_sm *sm, void *priv,
 			 * label by default, but allow it to be configured with
 			 * phase1 parameter peaplabel=1. */
 			if (data->peap_version > 1 || data->force_new_label)
-				strcpy(label, "client PEAP encryption");
+				os_strlcpy(label, "client PEAP encryption", 24);
 			else
-				strcpy(label, "client EAP encryption");
+				os_strlcpy(label, "client EAP encryption", 24);
 			wpa_printf(MSG_DEBUG, "EAP-PEAP: using label '%s' in "
 				   "key derivation", label);
 			data->key_data =

components/wpa_supplicant/src/rsn_supp/wpa.c

@@ -2275,7 +2275,7 @@ int wpa_set_bss(char *macddr, char * bssid, u8 pairwise_cipher, u8 group_cipher,
 
     if (sm->key_mgmt == WPA_KEY_MGMT_SAE ||
         is_wpa2_enterprise_connection()) {
-        if (!esp_wifi_skip_supp_pmkcaching() || use_pmk_cache) {
+        if (!esp_wifi_skip_supp_pmkcaching() && use_pmk_cache) {
             pmksa_cache_set_current(sm, NULL, (const u8*) bssid, 0, 0);
             wpa_sm_set_pmk_from_pmksa(sm);
         } else {