Handling AKM based checks in connect path am: 81f06b0d90 am: 9d67c1b8c4
Original change: https://googleplex-android-review.googlesource.com/c/platform/external/wpa_supplicant_8/+/24117152
Change-Id: I0b3f5005d5ede83b2f1a8d264b623adb4cfcadbf
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
diff --git a/src/crypto/tls.h b/src/crypto/tls.h
index c201dcd..82276c5 100644
--- a/src/crypto/tls.h
+++ b/src/crypto/tls.h
@@ -693,4 +693,14 @@
void tls_register_cert_callback(tls_get_certificate_cb cb);
+/**
+ * tls_register_openssl_failure_callback - Register a callback to indicate
+ * that an OpenSSL failure has occurred
+ * @cb: Callback object to register
+ */
+typedef void (*tls_openssl_failure_cb)
+(void* ctx, const char* msg);
+
+void tls_register_openssl_failure_callback(tls_openssl_failure_cb cb);
+
#endif /* TLS_H */
diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
index 23bbe68..b378356 100644
--- a/src/crypto/tls_openssl.c
+++ b/src/crypto/tls_openssl.c
@@ -201,6 +201,7 @@
static struct tls_context *tls_global = NULL;
static tls_get_certificate_cb certificate_callback_global = NULL;
+static tls_openssl_failure_cb openssl_failure_callback_global = NULL;
#ifdef ANDROID
#include <openssl/pem.h>
@@ -2634,9 +2635,19 @@
if (chain)
sk_X509_pop_free(chain, X509_free);
- wpa_printf(MSG_WARNING, "TLS: Certificate verification failed,"
- " error %d (%s) depth %d for '%s'", err, err_str,
- depth, buf);
+ char *format_str = "TLS: Certificate verification failed,"
+ " error %d (%s) depth %d for '%s'";
+ int msg_len = snprintf(NULL, 0, format_str, err, err_str, depth, buf) + 1;
+ char *msg = os_malloc(msg_len);
+ snprintf(msg, msg_len, format_str, err, err_str, depth, buf);
+
+ wpa_printf(MSG_WARNING, "%s", msg);
+ if (conn != NULL && conn->context != NULL
+ && openssl_failure_callback_global != NULL) {
+ (*openssl_failure_callback_global)(conn->context->cb_ctx, msg);
+ }
+ os_free(msg);
+
openssl_tls_fail_event(conn, err_cert, err, depth, buf,
err_str, TLS_FAIL_UNSPECIFIED);
return preverify_ok;
@@ -6048,3 +6059,8 @@
{
certificate_callback_global = cb;
}
+
+void tls_register_openssl_failure_callback(tls_openssl_failure_cb cb)
+{
+ openssl_failure_callback_global = cb;
+}
diff --git a/src/drivers/driver_nl80211_event.c b/src/drivers/driver_nl80211_event.c
index e99afdc..16d6f5b 100644
--- a/src/drivers/driver_nl80211_event.c
+++ b/src/drivers/driver_nl80211_event.c
@@ -1104,6 +1104,7 @@
* operation that happened in parallel with the disconnection request.
*/
drv->ignore_next_local_disconnect = 0;
+ drv->sta_mlo_info.default_map = true;
#ifdef CONFIG_DRIVER_NL80211_QCA
if (drv->pending_t2lm_data)
diff --git a/src/eap_peer/eap.c b/src/eap_peer/eap.c
index 8338c47..ff7dc1e 100644
--- a/src/eap_peer/eap.c
+++ b/src/eap_peer/eap.c
@@ -2207,6 +2207,14 @@
return -1;
}
+void tls_openssl_failure_callback(void* ctx, const char* msg) {
+ if (ctx == NULL || msg == NULL) return;
+ struct eap_sm *sm = (struct eap_sm*) ctx;
+ if (sm->eapol_cb && sm->eapol_cb->notify_open_ssl_failure) {
+ sm->eapol_cb->notify_open_ssl_failure(sm->eapol_ctx, msg);
+ }
+}
+
/**
* eap_peer_sm_init - Allocate and initialize EAP peer state machine
* @eapol_ctx: Context data to be used with eapol_cb calls
@@ -2251,6 +2259,7 @@
tlsconf.cb_ctx = sm;
tlsconf.cert_in_cb = conf->cert_in_cb;
tls_register_cert_callback(&tls_certificate_callback);
+ tls_register_openssl_failure_callback(&tls_openssl_failure_callback);
sm->ssl_ctx = tls_init(&tlsconf);
if (sm->ssl_ctx == NULL) {
wpa_printf(MSG_WARNING, "SSL: Failed to initialize TLS "
diff --git a/wpa_supplicant/Android.bp b/wpa_supplicant/Android.bp
index dd4423a..664c65c 100644
--- a/wpa_supplicant/Android.bp
+++ b/wpa_supplicant/Android.bp
@@ -445,4 +445,4 @@
"wpa_supplicant.c",
"wps_supplicant.c",
],
-}
+}
\ No newline at end of file
diff --git a/wpa_supplicant/Android.mk b/wpa_supplicant/Android.mk
index 03dc209..c3a7bc6 100644
--- a/wpa_supplicant/Android.mk
+++ b/wpa_supplicant/Android.mk
@@ -1835,7 +1835,7 @@
PASNOBJS += src/crypto/crypto_openssl.c
ifdef TLS_FUNCS
PASNOBJS += src/crypto/tls_openssl.c
-#PASNOBJS += -lssl -lcrypto
+PASNOBJS += src/crypto/tls_openssl_ocsp.c
NEED_TLS_PRF_SHA256=y
endif
endif
@@ -2038,13 +2038,20 @@
include $(BUILD_STATIC_LIBRARY)
endif # WPA_SUPPLICANT_USE_AIDL == y
-#include $(CLEAR_VARS)
-#LOCAL_MODULE = libpasn
-#LOCAL_CFLAGS = $(L_CFLAGS)
-#LOCAL_SRC_FILES = $(PASNOBJS)
-#LOCAL_C_INCLUDES = $(INCLUDES)
-#LOCAL_SHARED_LIBRARIES := libc libcutils liblog
-#ifeq ($(CONFIG_TLS), openssl)
-#LOCAL_SHARED_LIBRARIES := libcrypto libssl
-#endif
-#include $(BUILD_SHARED_LIBRARY)
+ifeq ($(CONFIG_PASN), y)
+include $(CLEAR_VARS)
+LOCAL_MODULE = libpasn
+LOCAL_LICENSE_KINDS := SPDX-license-identifier-BSD SPDX-license-identifier-BSD-3-Clause SPDX-license-identifier-ISC legacy_unencumbered
+LOCAL_LICENSE_CONDITIONS := notice unencumbered
+LOCAL_NOTICE_FILE := $(LOCAL_PATH)/../LICENSE
+LOCAL_VENDOR_MODULE := true
+LOCAL_CFLAGS = $(L_CFLAGS)
+LOCAL_SRC_FILES = $(PASNOBJS)
+LOCAL_C_INCLUDES = $(INCLUDES)
+LOCAL_SHARED_LIBRARIES := libc libcutils liblog
+ifeq ($(CONFIG_TLS), openssl)
+LOCAL_SHARED_LIBRARIES += libcrypto libssl libkeystore-wifi-hidl
+LOCAL_SHARED_LIBRARIES += libkeystore-engine-wifi-hidl
+endif
+include $(BUILD_SHARED_LIBRARY)
+endif # CONFIG_PASN == y
diff --git a/wpa_supplicant/aidl/sta_network.cpp b/wpa_supplicant/aidl/sta_network.cpp
index bb3045c..2604d2e 100644
--- a/wpa_supplicant/aidl/sta_network.cpp
+++ b/wpa_supplicant/aidl/sta_network.cpp
@@ -2689,9 +2689,9 @@
FALLTHROUGH_INTENDED;
case TlsVersion::TLS_V1_1:
tlsFlags |= TLS_CONN_DISABLE_TLSv1_0;
- FALLTHROUGH_INTENDED;
- default:
break;
+ default:
+ return createStatus(SupplicantStatusCode::FAILURE_UNSUPPORTED);
}
generateTlsParams();
diff --git a/wpa_supplicant/android.config b/wpa_supplicant/android.config
index bfdd53e..4cc3808 100644
--- a/wpa_supplicant/android.config
+++ b/wpa_supplicant/android.config
@@ -541,6 +541,9 @@
# WPA3-Personal (SAE)
CONFIG_SAE=y
+# PASN
+CONFIG_PASN=y
+
# WPA3-Enterprise (SuiteB-192)
CONFIG_SUITEB=y
CONFIG_SUITEB192=y
diff --git a/wpa_supplicant/wpa_supplicant/Android.bp b/wpa_supplicant/wpa_supplicant/Android.bp
new file mode 100644
index 0000000..b70e5b9
--- /dev/null
+++ b/wpa_supplicant/wpa_supplicant/Android.bp
@@ -0,0 +1,52 @@
+// Copyright (C) 2023 The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+soong_namespace {
+
+}
+
+package {
+ default_applicable_licenses: [
+ // Inherits SPDX-license-identifier-BSD-3-Clause
+ "external_wpa_supplicant_8_license",
+ ],
+}
+
+soong_config_module_type_import {
+ from: "frameworks/opt/net/wifi/libwifi_hal/Android.bp",
+ module_types: ["wifi_cc_defaults"],
+}
+
+wifi_cc_defaults {
+ name: "lib_vendor_wpa_supplicant",
+ soong_config_variables: {
+ board_wlan_device: {
+ emulator: {
+ static_libs: ["lib_driver_cmd_simulated_cf_bp"],
+ },
+ // TODO(b/295186835): Convert lib_driver_cmd_* to soong
+ conditions_default: {
+ static_libs: ["lib_driver_cmd_fallback"],
+ },
+ }
+ }
+}
+
+cc_binary {
+ name: "wpa_supplicant",
+ defaults: [
+ "wpa_supplicant_defaults",
+ "lib_vendor_wpa_supplicant",
+ ],
+}
diff --git a/wpa_supplicant/wpa_supplicant/libdrivercmdfallback/Android.bp b/wpa_supplicant/wpa_supplicant/libdrivercmdfallback/Android.bp
new file mode 100644
index 0000000..3fe900b
--- /dev/null
+++ b/wpa_supplicant/wpa_supplicant/libdrivercmdfallback/Android.bp
@@ -0,0 +1,32 @@
+//
+// Copyright (C) 2023 The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package {
+ default_applicable_licenses: ["Android-Apache-2.0"],
+}
+
+cc_library_static {
+ name: "lib_driver_cmd_fallback",
+ srcs: ["driver_cmd_nl80211.c"],
+ header_libs: [
+ "wpa_supplicant_headers",
+ ],
+ cflags: [
+ "-Werror",
+ "-Wno-unused-parameter",
+ "-Wno-macro-redefined",
+ ],
+ soc_specific: true,
+}
\ No newline at end of file
diff --git a/wpa_supplicant/wpa_supplicant/libdrivercmdfallback/driver_cmd_nl80211.c b/wpa_supplicant/wpa_supplicant/libdrivercmdfallback/driver_cmd_nl80211.c
new file mode 100644
index 0000000..6cdc57a
--- /dev/null
+++ b/wpa_supplicant/wpa_supplicant/libdrivercmdfallback/driver_cmd_nl80211.c
@@ -0,0 +1,45 @@
+/*
+ * Copyright (C) 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * Driver interaction with extended Linux CFG8021
+ */
+
+#include "includes.h"
+
+#include "common.h"
+
+int wpa_driver_nl80211_driver_cmd(void* priv, char* cmd, char* buf,
+ size_t buf_len) {
+ return 0;
+}
+
+int wpa_driver_set_p2p_noa(void* priv, u8 count, int start, int duration) {
+ return 0;
+}
+
+int wpa_driver_get_p2p_noa(void* priv, u8* buf, size_t len) {
+ return 0;
+}
+
+int wpa_driver_set_p2p_ps(void* priv, int legacy_ps, int opp_ps, int ctwindow) {
+ return -1;
+}
+
+int wpa_driver_set_ap_wps_p2p_ie(void* priv, const struct wpabuf* beacon,
+ const struct wpabuf* proberesp,
+ const struct wpabuf* assocresp) {
+ return 0;
+}