commit 5ffde30abd38e80e867b09b84d49ae2c2006363c
author TreeHugger Robot <treehugger-gerrit@google.com> Wed Sep 07 09:16:33 2022 +0000
committer Android (Google) Code Review <android-gerrit@google.com> Wed Sep 07 09:16:33 2022 +0000
tree c45fb6ef4ba83c6a2cb1461b47bb1457d516ada3
parent 716c3a438b98e677901deb462da7188b5b9b7363
parent 975e7c4b94690a98b47928cc7b8461cff8754b23

Merge "owe: enable ptk woraround for OWE backward compatibility" into tm-qpr-dev

src/eap_peer/eap.c

diff --git a/src/eap_peer/eap.c b/src/eap_peer/eap.c
index 721c9d6..269d719 100644
--- a/src/eap_peer/eap.c
+++ b/src/eap_peer/eap.c
@@ -2850,8 +2850,9 @@
 	}
 
 	/* Look for the realm of the anonymous identity. */
-	realm = strnchr(config->anonymous_identity,
-	    config->anonymous_identity_len, '@');
+	identity = config->anonymous_identity;
+	identity_len = config->anonymous_identity_len;
+	realm = strnchr(identity, identity_len, '@');
 	if (NULL != realm) {
 		wpa_printf(MSG_DEBUG, "Get the realm from anonymous identity.");
 		*len = identity_len - (realm - identity);
@@ -2859,8 +2860,9 @@
 	}
 
 	/* Look for the realm of the real identity. */
-	realm = strnchr(config->imsi_identity,
-	    config->imsi_identity_len, '@');
+	identity = config->imsi_identity;
+	identity_len = config->imsi_identity_len;
+	realm = strnchr(identity, identity_len, '@');
 	if (NULL != realm) {
 		wpa_printf(MSG_DEBUG, "Get the realm from IMSI identity.");
 		*len = identity_len - (realm - identity);

wpa_supplicant/aidl/sta_network.cpp

diff --git a/wpa_supplicant/aidl/sta_network.cpp b/wpa_supplicant/aidl/sta_network.cpp
index 1b72171..4bab592 100644
--- a/wpa_supplicant/aidl/sta_network.cpp
+++ b/wpa_supplicant/aidl/sta_network.cpp
@@ -2489,6 +2489,26 @@
 			key_mgmt_mask |= WPA_KEY_MGMT_FT_SAE;
 		}
 #endif
+#ifdef CONFIG_FILS
+		if ((key_mgmt_mask & WPA_KEY_MGMT_FILS_SHA256) &&
+		    (capa.key_mgmt_iftype[WPA_IF_STATION] &
+			WPA_DRIVER_CAPA_KEY_MGMT_FT_FILS_SHA256)) {
+			key_mgmt_mask |= WPA_KEY_MGMT_FT_FILS_SHA256;
+		}
+
+		if ((key_mgmt_mask & WPA_KEY_MGMT_FILS_SHA384) &&
+		    (capa.key_mgmt_iftype[WPA_IF_STATION] &
+			WPA_DRIVER_CAPA_KEY_MGMT_FT_FILS_SHA384)) {
+			key_mgmt_mask |= WPA_KEY_MGMT_FT_FILS_SHA384;
+		}
+#endif
+#ifdef CONFIG_SUITEB192
+		if ((key_mgmt_mask & WPA_KEY_MGMT_IEEE8021X_SUITE_B_192) &&
+		    (capa.key_mgmt_iftype[WPA_IF_STATION] &
+			WPA_DRIVER_CAPA_KEY_MGMT_FT_802_1X_SHA384)) {
+			key_mgmt_mask |= WPA_KEY_MGMT_FT_IEEE8021X_SHA384;
+		}
+#endif
 #endif
 	}
 
@@ -2513,6 +2533,20 @@
 		key_mgmt_mask &= ~WPA_KEY_MGMT_FT_SAE;
 	}
 #endif
+#ifdef CONFIG_FILS
+	if (key_mgmt_mask & WPA_KEY_MGMT_FILS_SHA256) {
+		key_mgmt_mask &= ~WPA_KEY_MGMT_FT_FILS_SHA256;
+	}
+
+	if (key_mgmt_mask & WPA_KEY_MGMT_FILS_SHA384) {
+		key_mgmt_mask &= ~WPA_KEY_MGMT_FT_FILS_SHA384;
+	}
+#endif
+#ifdef CONFIG_SUITEB192
+	if (key_mgmt_mask & WPA_KEY_MGMT_IEEE8021X_SUITE_B_192) {
+		key_mgmt_mask &= ~WPA_KEY_MGMT_FT_IEEE8021X_SHA384;
+	}
+#endif
 #endif
 }
 

wpa_supplicant/wpa_supplicant.c

diff --git a/wpa_supplicant/wpa_supplicant.c b/wpa_supplicant/wpa_supplicant.c
index cb42994..4503ae9 100644
--- a/wpa_supplicant/wpa_supplicant.c
+++ b/wpa_supplicant/wpa_supplicant.c
@@ -1907,7 +1907,9 @@
 
 #ifdef CONFIG_DRIVER_NL80211_BRCM
 	if ((wpa_s->key_mgmt & WPA_KEY_MGMT_CROSS_AKM_ROAM) &&
-	    IS_CROSS_AKM_ROAM_KEY_MGMT(ssid->key_mgmt)) {
+		IS_CROSS_AKM_ROAM_KEY_MGMT(ssid->key_mgmt) &&
+		(wpa_s->group_cipher == WPA_CIPHER_CCMP) &&
+		(wpa_s->pairwise_cipher == WPA_CIPHER_CCMP)) {
 		wpa_s->key_mgmt = WPA_KEY_MGMT_SAE | WPA_KEY_MGMT_PSK;
 		wpa_dbg(wpa_s, MSG_INFO,
 			"WPA: Updating to KEY_MGMT SAE+PSK for seamless roaming");