forked from espressif/esp-idf
Merge branch 'bugfix/add_unregister_wpa3_cb' into 'master'
wpa_supplicant : Fix issues encountered in WFA testing Closes WIFI-5386 See merge request espressif/esp-idf!22396
This commit is contained in:
Jiang Jiang Jian
@@ -27,6 +27,7 @@
|
||||
#include "mbedtls/ctr_drbg.h"
|
||||
#include "mbedtls/entropy.h"
|
||||
#include "mbedtls/debug.h"
|
||||
#include "mbedtls/oid.h"
|
||||
#ifdef ESPRESSIF_USE
|
||||
#include "mbedtls/esp_debug.h"
|
||||
#include "mbedtls/esp_config.h"
|
||||
@@ -194,7 +195,6 @@ static int set_ca_cert(tls_context_t *tls, const unsigned char *cacert, size_t c
|
||||
}
|
||||
mbedtls_ssl_conf_authmode(&tls->conf, MBEDTLS_SSL_VERIFY_REQUIRED);
|
||||
mbedtls_ssl_conf_ca_chain(&tls->conf, tls->cacert_ptr, NULL);
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
@@ -290,6 +290,14 @@ static void tls_enable_sha1_config(tls_context_t *tls)
|
||||
mbedtls_ssl_conf_cert_profile(&tls->conf, crt_profile);
|
||||
mbedtls_ssl_conf_sig_algs(&tls->conf, tls_sig_algs_for_eap);
|
||||
}
|
||||
#ifdef CONFIG_ESP_WIFI_DISABLE_KEY_USAGE_CHECK
|
||||
static int tls_disable_key_usages(void *data, mbedtls_x509_crt *cert, int depth, uint32_t *flags)
|
||||
{
|
||||
cert->MBEDTLS_PRIVATE(ext_types) &= ~MBEDTLS_X509_EXT_KEY_USAGE;
|
||||
cert->MBEDTLS_PRIVATE(ext_types) &= ~MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE;
|
||||
return 0;
|
||||
}
|
||||
#endif /*CONFIG_ESP_WIFI_DISABLE_KEY_USAGE_CHECK*/
|
||||
|
||||
static const int eap_ciphersuite_preference[] =
|
||||
{
|
||||
@@ -519,6 +527,10 @@ static int set_client_config(const struct tls_connection_params *cfg, tls_contex
|
||||
* but doesn't take that much processing power */
|
||||
tls_set_ciphersuite(cfg, tls);
|
||||
|
||||
#ifdef CONFIG_ESP_WIFI_DISABLE_KEY_USAGE_CHECK
|
||||
mbedtls_ssl_set_verify( &tls->ssl, tls_disable_key_usages, NULL );
|
||||
#endif /*CONFIG_ESP_WIFI_DISABLE_KEY_USAGE_CHECK*/
|
||||
|
||||
#ifdef CONFIG_MBEDTLS_CERTIFICATE_BUNDLE
|
||||
if (cfg->flags & TLS_CONN_USE_DEFAULT_CERT_BUNDLE) {
|
||||
wpa_printf(MSG_INFO, "Using default cert bundle");
|
||||
|
||||
@@ -322,6 +322,14 @@ void esp_wifi_register_wpa3_cb(struct wpa_funcs *wpa_cb)
|
||||
wpa_cb->wpa3_parse_sae_msg = wpa3_parse_sae_msg;
|
||||
}
|
||||
|
||||
void esp_wifi_unregister_wpa3_cb(void)
|
||||
{
|
||||
extern struct wpa_funcs *wpa_cb;
|
||||
|
||||
wpa_cb->wpa3_build_sae_msg = NULL;
|
||||
wpa_cb->wpa3_parse_sae_msg = NULL;
|
||||
|
||||
}
|
||||
#endif /* CONFIG_WPA3_SAE */
|
||||
|
||||
#ifdef CONFIG_SAE
|
||||
|
||||
@@ -40,6 +40,7 @@
|
||||
#include "wps/wps_defs.h"
|
||||
|
||||
const wifi_osi_funcs_t *wifi_funcs;
|
||||
struct wpa_funcs *wpa_cb;
|
||||
|
||||
void wpa_install_key(enum wpa_alg alg, u8 *addr, int key_idx, int set_tx,
|
||||
u8 *seq, size_t seq_len, u8 *key, size_t key_len, enum key_flag key_flag)
|
||||
@@ -311,7 +312,6 @@ static bool hostap_sta_join(void **sta, u8 *bssid, u8 *wpa_ie, u8 wpa_ie_len,u8
|
||||
int esp_supplicant_init(void)
|
||||
{
|
||||
int ret = ESP_OK;
|
||||
struct wpa_funcs *wpa_cb;
|
||||
|
||||
wifi_funcs = WIFI_OSI_FUNCS_INITIALIZER();
|
||||
if (!wifi_funcs) {
|
||||
@@ -371,5 +371,6 @@ int esp_supplicant_deinit(void)
|
||||
{
|
||||
esp_supplicant_common_deinit();
|
||||
eloop_destroy();
|
||||
wpa_cb = NULL;
|
||||
return esp_wifi_unregister_wpa_cb_internal();
|
||||
}
|
||||
|
||||
@@ -646,6 +646,7 @@ void eap_peer_config_deinit(struct eap_sm *sm)
|
||||
os_free(sm->config.new_password);
|
||||
os_free(sm->config.eap_methods);
|
||||
os_bzero(&sm->config, sizeof(struct eap_peer_config));
|
||||
config_methods = NULL;
|
||||
}
|
||||
|
||||
int eap_peer_blob_init(struct eap_sm *sm)
|
||||
|
||||
@@ -2372,6 +2372,18 @@ int wpa_set_bss(char *macddr, char * bssid, u8 pairwise_cipher, u8 group_cipher,
|
||||
wpa_printf(MSG_ERROR, "suite-b 192bit certification, only GMAC256 is supported");
|
||||
return -1;
|
||||
}
|
||||
if (sm->group_cipher != WPA_CIPHER_GCMP_256) {
|
||||
wpa_printf(MSG_ERROR, "suite-b 192bit certification, only group GCMP256 is supported for group data cipher.");
|
||||
return -1;
|
||||
}
|
||||
if (sm->pairwise_cipher != WPA_CIPHER_GCMP_256) {
|
||||
wpa_printf(MSG_ERROR,"suite-b 192bit certification, only group GCMP256 is supported for pairwise cipher");
|
||||
return -1;
|
||||
}
|
||||
if (sm->key_mgmt != WPA_KEY_MGMT_IEEE8021X_SUITE_B_192) {
|
||||
wpa_printf(MSG_ERROR, "suite-b 192bit certification, 192bit akm supported");
|
||||
return -1;
|
||||
}
|
||||
}
|
||||
#endif
|
||||
} else {
|
||||
|
||||
Reference in New Issue
Block a user