Merge "Add SAE-EXT-KEY AKM if 802.11be is enabled"
diff --git a/wpa_supplicant/aidl/aidl.h b/wpa_supplicant/aidl/aidl.h
index f0470e2..b0ad1f2 100644
--- a/wpa_supplicant/aidl/aidl.h
+++ b/wpa_supplicant/aidl/aidl.h
@@ -191,7 +191,7 @@
 static void wpas_aidl_notify_hs20_rx_deauth_imminent_notice(
 	struct wpa_supplicant *wpa_s, u8 code, u16 reauth_delay, const char *url)
 {}
-void wpas_aidl_notify_hs20_rx_terms_and_conditions_acceptance(
+static void wpas_aidl_notify_hs20_rx_terms_and_conditions_acceptance(
 		struct wpa_supplicant *wpa_s, const char *url)
 {}
 static void wpas_aidl_notify_disconnect_reason(struct wpa_supplicant *wpa_s) {}
@@ -209,7 +209,8 @@
 static void wpas_aidl_notify_p2p_device_found(
 	struct wpa_supplicant *wpa_s, const u8 *addr,
 	const struct p2p_peer_info *info, const u8 *peer_wfd_device_info,
-	u8 peer_wfd_device_info_len)
+	u8 peer_wfd_device_info_lenconst, u8 *peer_wfd_r2_device_info,
+	u8 peer_wfd_r2_device_info_len)
 {}
 static void wpas_aidl_notify_p2p_device_lost(
 	struct wpa_supplicant *wpa_s, const u8 *p2p_device_addr)
@@ -262,7 +263,7 @@
 {}
 static void wpas_aidl_notify_dpp_config_sent(struct wpa_supplicant *wpa_s)
 {}
-void wpas_aidl_notify_dpp_connection_status_sent(struct wpa_supplicant *wpa_s,
+static void wpas_aidl_notify_dpp_connection_status_sent(struct wpa_supplicant *wpa_s,
 	enum dpp_status_error result)
 {}
 static void wpas_aidl_notify_dpp_auth_success(struct wpa_supplicant *wpa_s)
@@ -279,20 +280,24 @@
 {}
 static void wpas_aidl_notify_dpp_timeout(struct wpa_supplicant *wpa_s)
 {}
-static void wpas_aidl_notify_dpp_failure(struct wpa_supplicant *wpa_s)
+static void wpas_aidl_notify_dpp_auth_failure(struct wpa_supplicant *wpa_s)
 {}
-void wpas_aidl_notify_dpp_config_sent_wait_response(struct wpa_supplicant *wpa_s)
+static void wpas_aidl_notify_dpp_fail(struct wpa_supplicant *wpa_s)
 {}
-void wpas_aidl_notify_dpp_config_accepted(struct wpa_supplicant *wpa_s)
+static void wpas_aidl_notify_dpp_config_sent_wait_response(struct wpa_supplicant *wpa_s)
 {}
-void wpas_aidl_notify_dpp_config_applied(struct wpa_supplicant *wpa_s)
+static void wpas_aidl_notify_dpp_config_accepted(struct wpa_supplicant *wpa_s)
 {}
-void wpas_aidl_notify_dpp_config_rejected(struct wpa_supplicant *wpa_s)
+static void wpas_aidl_notify_dpp_config_rejected(struct wpa_supplicant *wpa_s)
+{}
+static void wpas_aidl_notify_dpp_conn_status(struct wpa_supplicant *wpa_s,
+			enum dpp_status_error status, const char *ssid,
+			const char *channel_list, unsigned short band_list[], int size)
 {}
 static void wpas_aidl_notify_pmk_cache_added(struct wpa_supplicant *wpas,
 						 struct rsn_pmksa_cache_entry *pmksa_entry)
 {}
-void wpas_aidl_notify_bss_tm_status(struct wpa_supplicant *wpa_s)
+static void wpas_aidl_notify_bss_tm_status(struct wpa_supplicant *wpa_s)
 {}
 static void wpas_aidl_notify_transition_disable(struct wpa_supplicant *wpa_s,
 						struct wpa_ssid *ssid,
@@ -300,22 +305,22 @@
 {}
 static void wpas_aidl_notify_network_not_found(struct wpa_supplicant *wpa_s)
 {}
-void wpas_aidl_notify_frequency_changed(struct wpa_supplicant *wpa_s, int frequency)
+static void wpas_aidl_notify_frequency_changed(struct wpa_supplicant *wpa_s, int frequency)
 {}
-void wpas_aidl_notify_ceritification(struct wpa_supplicant *wpa_s,
+static void wpas_aidl_notify_ceritification(struct wpa_supplicant *wpa_s,
 	int depth, const char *subject,
 	const char *altsubject[],
 	int num_altsubject,
 	const char *cert_hash,
 	const struct wpabuf *cert)
 {}
-void wpas_aidl_notify_eap_method_selected(struct wpa_supplicant *wpa_s,
+static void wpas_aidl_notify_eap_method_selected(struct wpa_supplicant *wpa_s,
 	const char *reason_string)
 {}
-void wpas_aidl_notify_ssid_temp_disabled(struct wpa_supplicant *wpa_s,
+static void wpas_aidl_notify_ssid_temp_disabled(struct wpa_supplicant *wpa_s,
 	const char *reason_string)
 {}
-void wpas_aidl_notify_open_ssl_failure(struct wpa_supplicant *wpa_s,
+static void wpas_aidl_notify_open_ssl_failure(struct wpa_supplicant *wpa_s,
 	const char *reason_string)
 {}
 static void wpas_aidl_notify_qos_policy_reset(struct wpa_supplicant *wpa_s) {}
@@ -323,8 +328,10 @@
 						struct dscp_policy_data *policies,
 						int num_policies)
 {}
-ssize_t wpas_aidl_get_certificate(const char* alias, uint8_t** value)
-{}
+static ssize_t wpas_aidl_get_certificate(const char* alias, uint8_t** value)
+{
+	return -1;
+}
 #endif  // CONFIG_CTRL_IFACE_AIDL
 
 #ifdef _cplusplus
diff --git a/wpa_supplicant/aidl/misc_utils.h b/wpa_supplicant/aidl/misc_utils.h
index 5c5b68c..c529e3d 100644
--- a/wpa_supplicant/aidl/misc_utils.h
+++ b/wpa_supplicant/aidl/misc_utils.h
@@ -100,10 +100,21 @@
 	return ss;
 }
 
-inline std::stringstream& deserializePmkCacheEntry(
+inline std::int8_t deserializePmkCacheEntry(
 	std::stringstream &ss, struct rsn_pmksa_cache_entry *pmksa_entry) {
 	ss.seekg(0);
+	if (ss.str().size() < sizeof(pmksa_entry->pmk_len)) {
+		return -1;
+	}
+
 	ss.read((char *) &pmksa_entry->pmk_len, sizeof(pmksa_entry->pmk_len));
+	if ((pmksa_entry->pmk_len > PMK_LEN_MAX) ||
+	    (ss.str().size() < (sizeof(pmksa_entry->pmk_len) + pmksa_entry->pmk_len +
+	    PMKID_LEN + ETH_ALEN + sizeof(pmksa_entry->akmp) +
+	    sizeof(pmksa_entry->reauth_time) + sizeof(pmksa_entry->expiration) +
+	    sizeof(pmksa_entry->opportunistic) + 1 /* fils_cache_id_set */)))
+		return -1;
+
 	ss.read((char *) pmksa_entry->pmk, pmksa_entry->pmk_len);
 	ss.read((char *) pmksa_entry->pmkid, PMKID_LEN);
 	ss.read((char *) pmksa_entry->aa, ETH_ALEN);
@@ -115,8 +126,13 @@
 	char byte = 0;
 	ss.read((char *) &byte, sizeof(byte));
 	pmksa_entry->fils_cache_id_set = (byte) ? 1 : 0;
+	if (pmksa_entry->fils_cache_id_set == 1) {
+		if((ss.str().size() - static_cast<uint32_t>(ss.tellg())) < FILS_CACHE_ID_LEN)
+			return -1;
+	}
+
 	ss.read((char *) pmksa_entry->fils_cache_id, FILS_CACHE_ID_LEN);
-	return ss;
+	return 0;
 }
 }  // namespace misc_utils
 }  // namespace supplicant
diff --git a/wpa_supplicant/aidl/p2p_iface.cpp b/wpa_supplicant/aidl/p2p_iface.cpp
index 2c826e4..c8056f0 100644
--- a/wpa_supplicant/aidl/p2p_iface.cpp
+++ b/wpa_supplicant/aidl/p2p_iface.cpp
@@ -194,7 +194,7 @@
 
 	if (wpas_p2p_group_add_persistent(
 		wpa_s, wpa_network, 0, 0, freq, 0, ht40, vht,
-		CONF_OPER_CHWIDTH_USE_HT, he, 0, NULL, 0, 0, is6GhzAllowed(wpa_s), P2P_JOIN_LIMIT)) {
+		CONF_OPER_CHWIDTH_USE_HT, he, 0, NULL, 0, 0, is6GhzAllowed(wpa_s), P2P_JOIN_LIMIT, true)) {
 		ret = -1;
 	}
 
@@ -1609,7 +1609,7 @@
 	} else if (ssid->disabled == 2) {
 		if (wpas_p2p_group_add_persistent(
 			wpa_s, ssid, 0, 0, 0, 0, ht40, vht,
-			CONF_OPER_CHWIDTH_USE_HT, he, edmg, NULL, 0, 0, is6GhzAllowed(wpa_s), 0)) {
+			CONF_OPER_CHWIDTH_USE_HT, he, edmg, NULL, 0, 0, is6GhzAllowed(wpa_s), 0, false)) {
 			return createStatus(SupplicantStatusCode::FAILURE_NETWORK_UNKNOWN);
 		} else {
 			return ndk::ScopedAStatus::ok();
diff --git a/wpa_supplicant/aidl/sta_network.cpp b/wpa_supplicant/aidl/sta_network.cpp
index db13509..5a83b05 100644
--- a/wpa_supplicant/aidl/sta_network.cpp
+++ b/wpa_supplicant/aidl/sta_network.cpp
@@ -2158,7 +2158,11 @@
 	std::stringstream ss(
 		std::stringstream::in | std::stringstream::out | std::stringstream::binary);
 	ss.write((char *) serializedEntry.data(), std::streamsize(serializedEntry.size()));
-	misc_utils::deserializePmkCacheEntry(ss, new_entry);
+	if (misc_utils::deserializePmkCacheEntry(ss, new_entry) < 0) {
+		os_free(new_entry);
+		return createStatusWithMsg(SupplicantStatusCode::FAILURE_ARGS_INVALID,
+		 "Invalid pmk length");
+	}
 	new_entry->network_ctx = wpa_ssid;
 
 	// If there is an entry has a later expiration, ignore this one.
diff --git a/wpa_supplicant/ctrl_iface.c b/wpa_supplicant/ctrl_iface.c
index 314d741..7586feb 100644
--- a/wpa_supplicant/ctrl_iface.c
+++ b/wpa_supplicant/ctrl_iface.c
@@ -6879,7 +6879,7 @@
 	return wpas_p2p_group_add_persistent(wpa_s, ssid, 0, freq,
 					     vht_center_freq2, 0, ht40, vht,
 					     vht_chwidth, he, edmg,
-					     NULL, 0, 0, allow_6ghz, 0);
+					     NULL, 0, 0, allow_6ghz, 0, false);
 }
 
 
diff --git a/wpa_supplicant/dbus/dbus_new_handlers_p2p.c b/wpa_supplicant/dbus/dbus_new_handlers_p2p.c
index 370aee2..9d1728c 100644
--- a/wpa_supplicant/dbus/dbus_new_handlers_p2p.c
+++ b/wpa_supplicant/dbus/dbus_new_handlers_p2p.c
@@ -356,6 +356,7 @@
 	int persistent_group = 0;
 	int freq = 0;
 	int retry_limit = 0;
+	int force_go_bssid = 0;
 	char *iface = NULL;
 	unsigned int group_id = 0;
 	struct wpa_ssid *ssid;
@@ -382,6 +383,9 @@
 			retry_limit = entry.int32_value;
 			if (retry_limit <= 0)
 				goto inv_args_clear;
+		} else if (os_strcmp(entry.key, "force_go_bssid") == 0 &&
+			   entry.type == DBUS_TYPE_BOOLEAN) {
+			force_go_bssid = entry.bool_value;
 		} else if (os_strcmp(entry.key, "persistent_group_object") ==
 			   0 &&
 			   entry.type == DBUS_TYPE_OBJECT_PATH)
@@ -432,7 +436,8 @@
 
 		if (wpas_p2p_group_add_persistent(wpa_s, ssid, 0, freq, 0, 0, 0,
 						  0, 0, 0, 0, NULL, 0, 0,
-						  false, retry_limit)) {
+						  false, retry_limit,
+						  force_go_bssid)) {
 			reply = wpas_dbus_error_unknown_error(
 				message,
 				"Failed to reinvoke a persistent group");
diff --git a/wpa_supplicant/dpp_supplicant.c b/wpa_supplicant/dpp_supplicant.c
index 593da3a..d13a8d0 100644
--- a/wpa_supplicant/dpp_supplicant.c
+++ b/wpa_supplicant/dpp_supplicant.c
@@ -29,7 +29,7 @@
 #include "scan.h"
 #include "notify.h"
 #include "dpp_supplicant.h"
-#include "aidl.h"
+#include "aidl/aidl.h"
 
 
 static int wpas_dpp_listen_start(struct wpa_supplicant *wpa_s,
diff --git a/wpa_supplicant/notify.c b/wpa_supplicant/notify.c
index 7ec0f0d..bb2c0b7 100644
--- a/wpa_supplicant/notify.c
+++ b/wpa_supplicant/notify.c
@@ -24,7 +24,7 @@
 #include "p2p_supplicant.h"
 #include "sme.h"
 #include "notify.h"
-#include "aidl.h"
+#include "aidl/aidl.h"
 
 int wpas_notify_supplicant_initialized(struct wpa_global *global)
 {
diff --git a/wpa_supplicant/p2p_supplicant.c b/wpa_supplicant/p2p_supplicant.c
index ab1555e..a505e4f 100644
--- a/wpa_supplicant/p2p_supplicant.c
+++ b/wpa_supplicant/p2p_supplicant.c
@@ -3309,7 +3309,8 @@
 				wpa_s->conf->p2p_go_he,
 				wpa_s->conf->p2p_go_edmg, NULL,
 				go ? P2P_MAX_INITIAL_CONN_WAIT_GO_REINVOKE : 0,
-				1, is_p2p_allow_6ghz(wpa_s->global->p2p), 0);
+				1, is_p2p_allow_6ghz(wpa_s->global->p2p), 0,
+				false);
 		} else if (bssid) {
 			wpa_s->user_initiated_pd = 0;
 			wpa_msg_global(wpa_s, MSG_INFO,
@@ -3539,7 +3540,8 @@
 				      ssid->mode == WPAS_MODE_P2P_GO ?
 				      P2P_MAX_INITIAL_CONN_WAIT_GO_REINVOKE :
 				      0, 1,
-				      is_p2p_allow_6ghz(wpa_s->global->p2p), 0);
+				      is_p2p_allow_6ghz(wpa_s->global->p2p), 0,
+				      false);
 }
 
 
@@ -4619,7 +4621,7 @@
 					persistent_go->mode ==
 					WPAS_MODE_P2P_GO ?
 					P2P_MAX_INITIAL_CONN_WAIT_GO_REINVOKE :
-					0, 0, false, 0);
+					0, 0, false, 0, false);
 			} else if (response_done) {
 				wpas_p2p_group_add(wpa_s, 1, freq,
 						   0, 0, 0, 0, 0, 0, false);
@@ -4742,7 +4744,7 @@
 			NULL,
 			persistent_go->mode == WPAS_MODE_P2P_GO ?
 			P2P_MAX_INITIAL_CONN_WAIT_GO_REINVOKE : 0, 0,
-			is_p2p_allow_6ghz(wpa_s->global->p2p), 0);
+			is_p2p_allow_6ghz(wpa_s->global->p2p), 0, false);
 	} else {
 		wpas_p2p_group_add(wpa_s, 1, freq, 0, 0, 0, 0, 0, 0,
 				   is_p2p_allow_6ghz(wpa_s->global->p2p));
@@ -6971,7 +6973,8 @@
 
 static int wpas_start_p2p_client(struct wpa_supplicant *wpa_s,
 				 struct wpa_ssid *params, int addr_allocated,
-				 int freq, int force_scan, int retry_limit)
+				 int freq, int force_scan, int retry_limit,
+				 bool force_go_bssid)
 {
 	struct wpa_ssid *ssid;
 	int other_iface_found = 0;
@@ -7014,7 +7017,7 @@
 	if (params->passphrase)
 		ssid->passphrase = os_strdup(params->passphrase);
 
-	if (params->bssid_set) {
+	if (force_go_bssid && params->bssid_set) {
 		ssid->bssid_set = 1;
 		os_memcpy(ssid->bssid, params->bssid, ETH_ALEN);
 	}
@@ -7065,7 +7068,8 @@
 				  int edmg,
 				  const struct p2p_channels *channels,
 				  int connection_timeout, int force_scan,
-				  bool allow_6ghz, int retry_limit)
+				  bool allow_6ghz, int retry_limit,
+				  bool force_go_bssid)
 {
 	struct p2p_go_neg_results params;
 	int go = 0, freq;
@@ -7134,7 +7138,8 @@
 		}
 
 		return wpas_start_p2p_client(wpa_s, ssid, addr_allocated, freq,
-					     force_scan, retry_limit);
+					     force_scan, retry_limit,
+					     force_go_bssid);
 	} else {
 		return -1;
 	}
diff --git a/wpa_supplicant/p2p_supplicant.h b/wpa_supplicant/p2p_supplicant.h
index 949044a..c87e1bf 100644
--- a/wpa_supplicant/p2p_supplicant.h
+++ b/wpa_supplicant/p2p_supplicant.h
@@ -52,7 +52,8 @@
 				  int max_oper_chwidth, int he, int edmg,
 				  const struct p2p_channels *channels,
 				  int connection_timeout, int force_scan,
-				  bool allow_6ghz, int retry_limit);
+				  bool allow_6ghz, int retry_limit,
+				  bool force_go_bssid);
 struct p2p_group * wpas_p2p_group_init(struct wpa_supplicant *wpa_s,
 				       struct wpa_ssid *ssid);
 enum wpas_p2p_prov_disc_use {