diff --git a/components/wpa_supplicant/CMakeLists.txt b/components/wpa_supplicant/CMakeLists.txt index 63b6b6a971..a16edee3fc 100644 --- a/components/wpa_supplicant/CMakeLists.txt +++ b/components/wpa_supplicant/CMakeLists.txt @@ -5,7 +5,6 @@ set(srcs "port/os_xtensa.c" "src/ap/wpa_auth_ie.c" "src/common/sae.c" "src/common/wpa_common.c" - "src/common/dpp.c" "src/utils/bitfield.c" "src/crypto/aes-siv.c" "src/crypto/sha256-kdf.c" @@ -59,8 +58,7 @@ set(esp_srcs "esp_supplicant/src/esp_wpa2.c" "esp_supplicant/src/esp_wpa_main.c" "esp_supplicant/src/esp_wpas_glue.c" "esp_supplicant/src/esp_wps.c" - "esp_supplicant/src/esp_wpa3.c" - "esp_supplicant/src/esp_dpp.c") + "esp_supplicant/src/esp_wpa3.c") if(CONFIG_ESP_WIFI_SOFTAP_SUPPORT) set(esp_srcs ${esp_srcs} "esp_supplicant/src/esp_hostap.c") endif() @@ -162,13 +160,22 @@ if(CONFIG_WPA_11KV_SUPPORT) else() set(roaming_src "") endif() + if(CONFIG_WPA_MBO_SUPPORT) set(mbo_src "src/common/mbo.c") else() set(mbo_src "") endif() -idf_component_register(SRCS "${srcs}" ${esp_srcs} "${tls_src}" "${roaming_src}" "${crypto_src}" "${mbo_src}" +if(CONFIG_WPA_DPP_SUPPORT) + set(dpp_src "src/common/dpp.c" + "esp_supplicant/src/esp_dpp.c") +else() + set(dpp_src "") +endif() + +idf_component_register(SRCS "${srcs}" ${esp_srcs} "${tls_src}" "${roaming_src}" + "${crypto_src}" "${mbo_src}" "${dpp_src}" INCLUDE_DIRS include port/include esp_supplicant/include PRIV_INCLUDE_DIRS src src/utils esp_supplicant/src PRIV_REQUIRES mbedtls esp_timer) @@ -193,7 +200,6 @@ target_compile_definitions(${COMPONENT_LIB} PRIVATE CONFIG_ECC CONFIG_IEEE80211W CONFIG_SHA256 - CONFIG_DPP CONFIG_WNM ) @@ -219,4 +225,7 @@ endif() if(CONFIG_WPA_MBO_SUPPORT) target_compile_definitions(${COMPONENT_LIB} PRIVATE CONFIG_MBO) endif() +if(CONFIG_WPA_DPP_SUPPORT) + target_compile_definitions(${COMPONENT_LIB} PRIVATE CONFIG_DPP) +endif() set_property(TARGET ${COMPONENT_LIB} APPEND PROPERTY LINK_INTERFACE_MULTIPLICITY 3) diff --git a/components/wpa_supplicant/Kconfig b/components/wpa_supplicant/Kconfig index 8b80df2628..1536a508cf 100644 --- a/components/wpa_supplicant/Kconfig +++ b/components/wpa_supplicant/Kconfig @@ -52,8 +52,8 @@ menu "Supplicant" rigorously. Disabling this add the workaorunds with various APs. Enabling this may cause inter operability issues with some APs. - menuconfig WPA_11KV_SUPPORT - bool "Enable 802.11k, 802.11v APIs handling in supplicant" + config WPA_11KV_SUPPORT + bool "Enable 802.11k, 802.11v APIs handling" default n help Select this option to enable 802.11k 802.11v APIs(RRM and BTM support). @@ -68,7 +68,7 @@ menu "Supplicant" and on the radio environment. Current implementation adds beacon report, link measurement, neighbor report. - menuconfig WPA_SCAN_CACHE + config WPA_SCAN_CACHE bool "Keep scan results in cache" depends on WPA_11KV_SUPPORT default n @@ -76,10 +76,19 @@ menu "Supplicant" Keep scan results in cache, if not enabled, those will be flushed immediately. - menuconfig WPA_MBO_SUPPORT - bool "Enable MBO support in supplicant" - depends on WPA_11KV_SUPPORT + config WPA_MBO_SUPPORT + bool "Enable MBO support" default n + select WPA_11KV_SUPPORT + select WPA_SCAN_CACHE help Select this option to enable WiFi Multiband operation certification support. + + config WPA_DPP_SUPPORT + bool "Enable DPP support" + default n + select WPA_MBEDTLS_CRYPTO + help + Select this option to enable WiFi Easy Connect Support. + endmenu diff --git a/components/wpa_supplicant/esp_supplicant/include/esp_dpp.h b/components/wpa_supplicant/esp_supplicant/include/esp_dpp.h index c6c86bc536..d1bb43a0ad 100644 --- a/components/wpa_supplicant/esp_supplicant/include/esp_dpp.h +++ b/components/wpa_supplicant/esp_supplicant/include/esp_dpp.h @@ -1,16 +1,8 @@ -// Copyright 2020 Espressif Systems (Shanghai) PTE LTD -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at - -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +/* + * SPDX-FileCopyrightText: 2020-2022 Espressif Systems (Shanghai) CO LTD + * + * SPDX-License-Identifier: Apache-2.0 + */ #ifndef ESP_DPP_H #define ESP_DPP_H diff --git a/components/wpa_supplicant/esp_supplicant/src/esp_common.c b/components/wpa_supplicant/esp_supplicant/src/esp_common.c index 4dc6e63e74..01a0cc1eab 100644 --- a/components/wpa_supplicant/esp_supplicant/src/esp_common.c +++ b/components/wpa_supplicant/esp_supplicant/src/esp_common.c @@ -1,5 +1,5 @@ /* - * SPDX-FileCopyrightText: 2020-2021 Espressif Systems (Shanghai) CO LTD + * SPDX-FileCopyrightText: 2020-2022 Espressif Systems (Shanghai) CO LTD * * SPDX-License-Identifier: Apache-2.0 */ @@ -23,7 +23,7 @@ struct wpa_supplicant g_wpa_supp; -static void *s_supplicant_task_hdl = NULL; +static TaskHandle_t s_supplicant_task_hdl = NULL; static void *s_supplicant_evt_queue = NULL; static void *s_supplicant_api_lock = NULL; @@ -214,10 +214,16 @@ static void supplicant_sta_disconn_handler(void* arg, esp_event_base_t event_bas int32_t event_id, void* event_data) { struct wpa_supplicant *wpa_s = &g_wpa_supp; + wifi_event_sta_disconnected_t *disconn = event_data; + wpas_rrm_reset(wpa_s); if (wpa_s->current_bss) { wpa_s->current_bss = NULL; } + + if (disconn->reason != WIFI_REASON_ROAMING) { + clear_bssid_flag(wpa_s); + } } static int ieee80211_handle_rx_frm(u8 type, u8 *frame, size_t len, u8 *sender, @@ -262,18 +268,25 @@ int esp_supplicant_common_init(struct wpa_funcs *wpa_cb) struct wpa_supplicant *wpa_s = &g_wpa_supp; int ret; - s_supplicant_evt_queue = xQueueCreate(3, sizeof(supplicant_event_t)); - ret = xTaskCreate(btm_rrm_task, "btm_rrm_t", SUPPLICANT_TASK_STACK_SIZE, NULL, 2, s_supplicant_task_hdl); - if (ret != pdPASS) { - wpa_printf(MSG_ERROR, "btm: failed to create task"); - return ret; - } - s_supplicant_api_lock = xSemaphoreCreateRecursiveMutex(); if (!s_supplicant_api_lock) { - esp_supplicant_common_deinit(); wpa_printf(MSG_ERROR, "%s: failed to create Supplicant API lock", __func__); - return ret; + ret = -1; + goto err; + } + + s_supplicant_evt_queue = xQueueCreate(3, sizeof(supplicant_event_t)); + + if (!s_supplicant_evt_queue) { + wpa_printf(MSG_ERROR, "%s: failed to create Supplicant event queue", __func__); + ret = -1; + goto err; + } + ret = xTaskCreate(btm_rrm_task, "btm_rrm_t", SUPPLICANT_TASK_STACK_SIZE, NULL, 2, &s_supplicant_task_hdl); + if (ret != pdPASS) { + wpa_printf(MSG_ERROR, "btm: failed to create task"); + ret = -1; + goto err; } esp_scan_init(wpa_s); @@ -287,7 +300,6 @@ int esp_supplicant_common_init(struct wpa_funcs *wpa_cb) wpa_s->type = 0; wpa_s->subtype = 0; - wpa_s->type |= (1 << WLAN_FC_STYPE_BEACON) | (1 << WLAN_FC_STYPE_PROBE_RESP); esp_wifi_register_mgmt_frame_internal(wpa_s->type, wpa_s->subtype); wpa_cb->wpa_sta_rx_mgmt = ieee80211_handle_rx_frm; /* Matching is done only for MBO at the moment, this can be extended for other features*/ @@ -298,15 +310,15 @@ int esp_supplicant_common_init(struct wpa_funcs *wpa_cb) wpa_cb->wpa_sta_profile_match = NULL; #endif return 0; +err: + esp_supplicant_common_deinit(); + return ret; } void esp_supplicant_common_deinit(void) { struct wpa_supplicant *wpa_s = &g_wpa_supp; - if (esp_supplicant_post_evt(SIG_SUPPLICANT_DEL_TASK, 0) != 0) { - wpa_printf(MSG_ERROR, "failed to send task delete event"); - } esp_scan_deinit(wpa_s); wpas_rrm_reset(wpa_s); wpas_clear_beacon_rep_data(wpa_s); @@ -314,6 +326,21 @@ void esp_supplicant_common_deinit(void) &supplicant_sta_conn_handler); esp_event_handler_unregister(WIFI_EVENT, WIFI_EVENT_STA_DISCONNECTED, &supplicant_sta_disconn_handler); + if (wpa_s->type) { + wpa_s->type = 0; + esp_wifi_register_mgmt_frame_internal(wpa_s->type, wpa_s->subtype); + } + if (!s_supplicant_task_hdl && esp_supplicant_post_evt(SIG_SUPPLICANT_DEL_TASK, 0) != 0) { + if (s_supplicant_evt_queue) { + vQueueDelete(s_supplicant_evt_queue); + s_supplicant_evt_queue = NULL; + } + if (s_supplicant_api_lock) { + vSemaphoreDelete(s_supplicant_api_lock); + s_supplicant_api_lock = NULL; + } + wpa_printf(MSG_ERROR, "failed to send task delete event"); + } } int esp_rrm_send_neighbor_rep_request(neighbor_rep_request_cb cb, @@ -587,12 +614,20 @@ int esp_supplicant_post_evt(uint32_t evt_id, uint32_t data) evt->id = evt_id; evt->data = data; - SUPPLICANT_API_LOCK(); + /* Make sure lock exists before taking it */ + if (s_supplicant_api_lock) { + SUPPLICANT_API_LOCK(); + } else { + os_free(evt); + return -1; + } if (xQueueSend(s_supplicant_evt_queue, &evt, 10 / portTICK_PERIOD_MS ) != pdPASS) { SUPPLICANT_API_UNLOCK(); os_free(evt); return -1; } - SUPPLICANT_API_UNLOCK(); + if (evt_id != SIG_SUPPLICANT_DEL_TASK) { + SUPPLICANT_API_UNLOCK(); + } return 0; } diff --git a/components/wpa_supplicant/esp_supplicant/src/esp_dpp.c b/components/wpa_supplicant/esp_supplicant/src/esp_dpp.c index c90702c091..65ad4f6f36 100644 --- a/components/wpa_supplicant/esp_supplicant/src/esp_dpp.c +++ b/components/wpa_supplicant/esp_supplicant/src/esp_dpp.c @@ -1,5 +1,5 @@ /* - * SPDX-FileCopyrightText: 2020-2021 Espressif Systems (Shanghai) CO LTD + * SPDX-FileCopyrightText: 2020-2022 Espressif Systems (Shanghai) CO LTD * * SPDX-License-Identifier: Apache-2.0 */ @@ -12,7 +12,8 @@ #include "esp_wifi.h" #include "common/ieee802_11_defs.h" -static void *s_dpp_task_hdl = NULL; +#ifdef CONFIG_DPP +static TaskHandle_t s_dpp_task_hdl = NULL; static void *s_dpp_evt_queue = NULL; static void *s_dpp_api_lock = NULL; @@ -34,22 +35,36 @@ struct action_rx_param { static int esp_dpp_post_evt(uint32_t evt_id, uint32_t data) { - DPP_API_LOCK(); - dpp_event_t *evt = os_zalloc(sizeof(dpp_event_t)); + int ret = ESP_OK; + if (evt == NULL) { - DPP_API_UNLOCK(); - return ESP_ERR_NO_MEM; + ret = ESP_ERR_NO_MEM; + goto end; } evt->id = evt_id; evt->data = data; - if ( xQueueSend(s_dpp_evt_queue, &evt, 10 / portTICK_PERIOD_MS ) != pdPASS) { - DPP_API_UNLOCK(); - os_free(evt); - return ESP_ERR_DPP_FAILURE; + if (s_dpp_api_lock) { + DPP_API_LOCK(); + } else { + ret = ESP_ERR_DPP_FAILURE; + goto end; } - DPP_API_UNLOCK(); - return ESP_OK; + if (xQueueSend(s_dpp_evt_queue, &evt, 10 / portTICK_PERIOD_MS ) != pdPASS) { + DPP_API_UNLOCK(); + ret = ESP_ERR_DPP_FAILURE; + goto end; + } + if (evt_id != SIG_DPP_DEL_TASK) { + DPP_API_UNLOCK(); + } + + return ret; +end: + if (evt) { + os_free(evt); + } + return ret; } static void esp_dpp_call_cb(esp_supp_dpp_event_t evt, void *data) @@ -616,7 +631,7 @@ esp_err_t esp_supp_dpp_init(esp_supp_dpp_event_cb_t cb) s_dpp_stop_listening = false; s_dpp_evt_queue = xQueueCreate(3, sizeof(dpp_event_t)); - ret = xTaskCreate(esp_dpp_task, "dppT", DPP_TASK_STACK_SIZE, NULL, 2, s_dpp_task_hdl); + ret = xTaskCreate(esp_dpp_task, "dppT", DPP_TASK_STACK_SIZE, NULL, 2, &s_dpp_task_hdl); if (ret != pdPASS) { wpa_printf(MSG_ERROR, "DPP: failed to create task"); return ESP_FAIL; @@ -652,7 +667,12 @@ void esp_supp_dpp_deinit(void) params->key = NULL; } + esp_event_handler_unregister(WIFI_EVENT, WIFI_EVENT_ACTION_TX_STATUS, + &offchan_event_handler); + esp_event_handler_unregister(WIFI_EVENT, WIFI_EVENT_ROC_DONE, + &offchan_event_handler); s_dpp_auth_retries = 0; dpp_global_deinit(s_dpp_ctx.dpp_global); esp_dpp_post_evt(SIG_DPP_DEL_TASK, 0); } +#endif diff --git a/components/wpa_supplicant/esp_supplicant/src/esp_scan.c b/components/wpa_supplicant/esp_supplicant/src/esp_scan.c index 41bf97e082..7a3a0d6f24 100644 --- a/components/wpa_supplicant/esp_supplicant/src/esp_scan.c +++ b/components/wpa_supplicant/esp_supplicant/src/esp_scan.c @@ -19,6 +19,7 @@ #include "common/ieee802_11_common.h" #include "esp_common_i.h" #include "common/wnm_sta.h" +#include "esp_scan_i.h" extern struct wpa_supplicant g_wpa_supp; @@ -28,11 +29,11 @@ static void scan_done_event_handler(void *arg, STATUS status) /* update last scan time */ wpa_s->scan_start_tsf = esp_wifi_get_tsf_time(WIFI_IF_STA); - if (!wpa_s->scanning) { + if (wpa_s->scanning) { wpa_s->type &= ~(1 << WLAN_FC_STYPE_BEACON) & ~(1 << WLAN_FC_STYPE_PROBE_RESP); esp_wifi_register_mgmt_frame_internal(wpa_s->type, wpa_s->subtype); } - esp_supplicant_post_evt(SIG_SUPPLICANT_SCAN_DONE, 0); + esp_supplicant_handle_scan_done_evt(); } static void handle_wnm_scan_done(struct wpa_supplicant *wpa_s) diff --git a/components/wpa_supplicant/esp_supplicant/src/esp_wpa2.c b/components/wpa_supplicant/esp_supplicant/src/esp_wpa2.c index 9debcf795b..4fb135916b 100644 --- a/components/wpa_supplicant/esp_supplicant/src/esp_wpa2.c +++ b/components/wpa_supplicant/esp_supplicant/src/esp_wpa2.c @@ -64,7 +64,7 @@ static int wpa2_start_eapol_internal(void); int wpa2_post(uint32_t sig, uint32_t par); #ifdef USE_WPA2_TASK -static void *s_wpa2_task_hdl = NULL; +static TaskHandle_t s_wpa2_task_hdl = NULL; static void *s_wpa2_queue = NULL; static wpa2_state_t s_wpa2_state = WPA2_STATE_DISABLED; static void *s_wpa2_api_lock = NULL; @@ -784,7 +784,7 @@ static int eap_peer_sm_init(void) gEapSm = sm; #ifdef USE_WPA2_TASK s_wpa2_queue = xQueueCreate(SIG_WPA2_MAX, sizeof(s_wpa2_queue)); - ret = xTaskCreate(wpa2_task, "wpa2T", WPA2_TASK_STACK_SIZE, NULL, 2, s_wpa2_task_hdl); + ret = xTaskCreate(wpa2_task, "wpa2T", WPA2_TASK_STACK_SIZE, NULL, 2, &s_wpa2_task_hdl); if (ret != pdPASS) { wpa_printf(MSG_ERROR, "wps enable: failed to create task"); ret = ESP_FAIL; diff --git a/components/wpa_supplicant/src/common/dpp.c b/components/wpa_supplicant/src/common/dpp.c index 899e0c06c4..887add165f 100644 --- a/components/wpa_supplicant/src/common/dpp.c +++ b/components/wpa_supplicant/src/common/dpp.c @@ -847,7 +847,7 @@ static int dpp_derive_k1(const u8 *Mx, size_t Mx_len, u8 *k1, /* HKDF-Expand(PRK, info, L) */ res = dpp_hkdf_expand(hash_len, prk, hash_len, info, k1, hash_len); - os_memset(prk, 0, hash_len); + forced_memzero(prk, hash_len); if (res < 0) return -1; @@ -876,7 +876,7 @@ static int dpp_derive_k2(const u8 *Nx, size_t Nx_len, u8 *k2, /* HKDF-Expand(PRK, info, L) */ res = dpp_hkdf_expand(hash_len, prk, hash_len, info, k2, hash_len); - os_memset(prk, 0, hash_len); + forced_memzero(prk, hash_len); if (res < 0) return -1; @@ -935,7 +935,7 @@ static int dpp_derive_ke(struct dpp_authentication *auth, u8 *ke, /* HKDF-Expand(PRK, info, L) */ res = dpp_hkdf_expand(hash_len, prk, hash_len, info_ke, ke, hash_len); - os_memset(prk, 0, hash_len); + forced_memzero(prk, hash_len); if (res < 0) return -1; @@ -3938,7 +3938,7 @@ static void dpp_build_legacy_cred_params(struct wpabuf *buf, wpa_snprintf_hex(psk, sizeof(psk), conf->psk, sizeof(conf->psk)); json_add_string(buf, "psk_hex", psk); - os_memset(psk, 0, sizeof(psk)); + forced_memzero(psk, sizeof(psk)); } } @@ -4110,6 +4110,8 @@ skip_groups: goto fail; signature = os_malloc(2 * curve->prime_len); + if (!signature) + goto fail; if (dpp_bn2bin_pad(r, signature, curve->prime_len) < 0 || dpp_bn2bin_pad(s, signature + curve->prime_len, curve->prime_len) < 0) @@ -5728,7 +5730,7 @@ static int dpp_derive_pmk(const u8 *Nx, size_t Nx_len, u8 *pmk, /* HKDF-Expand(PRK, info, L) */ res = dpp_hkdf_expand(hash_len, prk, hash_len, info, pmk, hash_len); - os_memset(prk, 0, hash_len); + forced_memzero(prk, hash_len); if (res < 0) return -1; @@ -5933,7 +5935,7 @@ dpp_peer_intro(struct dpp_introduction *intro, const char *own_connector, fail: if (ret != DPP_STATUS_OK) os_memset(intro, 0, sizeof(*intro)); - os_memset(Nx, 0, sizeof(Nx)); + forced_memzero(Nx, sizeof(Nx)); os_free(own_conn); os_free(signed_connector); os_free(info.payload); diff --git a/components/wpa_supplicant/src/common/sae.c b/components/wpa_supplicant/src/common/sae.c index 8311a8583d..469303cb28 100644 --- a/components/wpa_supplicant/src/common/sae.c +++ b/components/wpa_supplicant/src/common/sae.c @@ -147,7 +147,7 @@ static struct crypto_bignum * sae_get_rand(struct sae_data *sae) break; } - os_memset(val, 0, order_len); + forced_memzero(val, order_len); return bn; } @@ -830,11 +830,11 @@ static int sae_derive_keys(struct sae_data *sae, const u8 *k) if (sha256_prf(keyseed, sizeof(keyseed), "SAE KCK and PMK", val, sae->tmp->prime_len, keys, sizeof(keys)) < 0) goto fail; - os_memset(keyseed, 0, sizeof(keyseed)); + forced_memzero(keyseed, sizeof(keyseed)); os_memcpy(sae->tmp->kck, keys, SAE_KCK_LEN); os_memcpy(sae->pmk, keys + SAE_KCK_LEN, SAE_PMK_LEN); os_memcpy(sae->pmkid, val, SAE_PMKID_LEN); - os_memset(keys, 0, sizeof(keys)); + forced_memzero(keys, sizeof(keys)); wpa_hexdump_key(MSG_DEBUG, "SAE: KCK", sae->tmp->kck, SAE_KCK_LEN); wpa_hexdump_key(MSG_DEBUG, "SAE: PMK", sae->pmk, SAE_PMK_LEN); @@ -1181,8 +1181,6 @@ static int sae_parse_password_identifier(struct sae_data *sae, sae->tmp->pw_id); return WLAN_STATUS_UNKNOWN_PASSWORD_IDENTIFIER; } - os_free(sae->tmp->pw_id); - sae->tmp->pw_id = NULL; return WLAN_STATUS_SUCCESS; /* No Password Identifier */ } diff --git a/components/wpa_supplicant/src/common/scan.c b/components/wpa_supplicant/src/common/scan.c index 46dab15be1..dac96e3b80 100644 --- a/components/wpa_supplicant/src/common/scan.c +++ b/components/wpa_supplicant/src/common/scan.c @@ -36,6 +36,10 @@ void wpa_supplicant_req_scan(struct wpa_supplicant *wpa_s, int sec, int usec) wpa_dbg(wpa_s, MSG_DEBUG, "Already scanning - Return"); return; } + if (!wpa_s->current_bss) { + wpa_dbg(wpa_s, MSG_INFO, "Current BSS is null - Return"); + return; + } params = os_zalloc(sizeof(*params)); if (!params) { diff --git a/components/wpa_supplicant/src/common/wnm_sta.c b/components/wpa_supplicant/src/common/wnm_sta.c index 9a05d57b30..0ca33587a8 100644 --- a/components/wpa_supplicant/src/common/wnm_sta.c +++ b/components/wpa_supplicant/src/common/wnm_sta.c @@ -308,12 +308,15 @@ bool wpa_scan_res_match(struct wpa_supplicant *wpa_s, return false; } - /* TODO security Match */ + /* Just check for Open/secure mode */ + if ((current_bss->caps & WLAN_CAPABILITY_PRIVACY) != (target_bss->caps & WLAN_CAPABILITY_PRIVACY)) { + wpa_printf(MSG_DEBUG, "WNM: Security didn't match"); + return false; + } return true; } - static struct wpa_bss * compare_scan_neighbor_results(struct wpa_supplicant *wpa_s, os_time_t age_secs, enum mbo_transition_reject_reason *reason) diff --git a/components/wpa_supplicant/src/crypto/des-internal.c b/components/wpa_supplicant/src/crypto/des-internal.c index 4ed6957802..5d7cddae1f 100644 --- a/components/wpa_supplicant/src/crypto/des-internal.c +++ b/components/wpa_supplicant/src/crypto/des-internal.c @@ -419,8 +419,8 @@ int des_encrypt(const u8 *clear, const u8 *key, u8 *cypher) WPA_PUT_BE32(cypher, work[0]); WPA_PUT_BE32(cypher + 4, work[1]); - os_memset(pkey, 0, sizeof(pkey)); - os_memset(ek, 0, sizeof(ek)); + forced_memzero(pkey, sizeof(pkey)); + forced_memzero(ek, sizeof(ek)); return 0; } diff --git a/components/wpa_supplicant/src/crypto/libtommath.h b/components/wpa_supplicant/src/crypto/libtommath.h index 9e8ba2a0b2..b5f1a0eb52 100644 --- a/components/wpa_supplicant/src/crypto/libtommath.h +++ b/components/wpa_supplicant/src/crypto/libtommath.h @@ -1657,7 +1657,7 @@ mp_div(mp_int * a, mp_int * b, mp_int * c, mp_int * d) } /* init our temps */ - if ((res = mp_init_multi(&ta, &tb, &tq, &q, NULL) != MP_OKAY)) { + if ((res = mp_init_multi(&ta, &tb, &tq, &q, NULL)) != MP_OKAY) { return res; } diff --git a/components/wpa_supplicant/src/tls/libtommath.h b/components/wpa_supplicant/src/tls/libtommath.h index ea651db3ec..c3f5eee39e 100644 --- a/components/wpa_supplicant/src/tls/libtommath.h +++ b/components/wpa_supplicant/src/tls/libtommath.h @@ -1653,7 +1653,7 @@ mp_div(mp_int * a, mp_int * b, mp_int * c, mp_int * d) } /* init our temps */ - if ((res = mp_init_multi(&ta, &tb, &tq, &q, NULL) != MP_OKAY)) { + if ((res = mp_init_multi(&ta, &tb, &tq, &q, NULL)) != MP_OKAY) { return res; } diff --git a/components/wpa_supplicant/src/wps/wps.c b/components/wpa_supplicant/src/wps/wps.c index 48b9135843..c505a02031 100644 --- a/components/wpa_supplicant/src/wps/wps.c +++ b/components/wpa_supplicant/src/wps/wps.c @@ -71,6 +71,9 @@ int wps_is_selected_pbc_registrar(const struct wpabuf *msg) { struct wps_parse_attr *attr = (struct wps_parse_attr *)os_zalloc(sizeof(struct wps_parse_attr)); + if (!attr) + return 0; + /* * In theory, this could also verify that attr.sel_reg_config_methods * includes WPS_CONFIG_PUSHBUTTON, but some deployed AP implementations diff --git a/examples/wifi/wifi_easy_connect/dpp-enrollee/sdkconfig.defaults b/examples/wifi/wifi_easy_connect/dpp-enrollee/sdkconfig.defaults new file mode 100644 index 0000000000..e67b04732c --- /dev/null +++ b/examples/wifi/wifi_easy_connect/dpp-enrollee/sdkconfig.defaults @@ -0,0 +1 @@ +CONFIG_WPA_DPP_SUPPORT=y