Merge changes from topic "Supplicant_AIDL_interface_V3" into main
* changes:
Notify the IP address of connected client
Update supplicant service to use supplicant AIDL V3 interface.
diff --git a/src/crypto/tls.h b/src/crypto/tls.h
index c201dcd..82276c5 100644
--- a/src/crypto/tls.h
+++ b/src/crypto/tls.h
@@ -693,4 +693,14 @@
void tls_register_cert_callback(tls_get_certificate_cb cb);
+/**
+ * tls_register_openssl_failure_callback - Register a callback to indicate
+ * that an OpenSSL failure has occurred
+ * @cb: Callback object to register
+ */
+typedef void (*tls_openssl_failure_cb)
+(void* ctx, const char* msg);
+
+void tls_register_openssl_failure_callback(tls_openssl_failure_cb cb);
+
#endif /* TLS_H */
diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
index 23bbe68..b378356 100644
--- a/src/crypto/tls_openssl.c
+++ b/src/crypto/tls_openssl.c
@@ -201,6 +201,7 @@
static struct tls_context *tls_global = NULL;
static tls_get_certificate_cb certificate_callback_global = NULL;
+static tls_openssl_failure_cb openssl_failure_callback_global = NULL;
#ifdef ANDROID
#include <openssl/pem.h>
@@ -2634,9 +2635,19 @@
if (chain)
sk_X509_pop_free(chain, X509_free);
- wpa_printf(MSG_WARNING, "TLS: Certificate verification failed,"
- " error %d (%s) depth %d for '%s'", err, err_str,
- depth, buf);
+ char *format_str = "TLS: Certificate verification failed,"
+ " error %d (%s) depth %d for '%s'";
+ int msg_len = snprintf(NULL, 0, format_str, err, err_str, depth, buf) + 1;
+ char *msg = os_malloc(msg_len);
+ snprintf(msg, msg_len, format_str, err, err_str, depth, buf);
+
+ wpa_printf(MSG_WARNING, "%s", msg);
+ if (conn != NULL && conn->context != NULL
+ && openssl_failure_callback_global != NULL) {
+ (*openssl_failure_callback_global)(conn->context->cb_ctx, msg);
+ }
+ os_free(msg);
+
openssl_tls_fail_event(conn, err_cert, err, depth, buf,
err_str, TLS_FAIL_UNSPECIFIED);
return preverify_ok;
@@ -6048,3 +6059,8 @@
{
certificate_callback_global = cb;
}
+
+void tls_register_openssl_failure_callback(tls_openssl_failure_cb cb)
+{
+ openssl_failure_callback_global = cb;
+}
diff --git a/src/drivers/driver_nl80211.c b/src/drivers/driver_nl80211.c
index 5f39e80..1acc43b 100644
--- a/src/drivers/driver_nl80211.c
+++ b/src/drivers/driver_nl80211.c
@@ -6982,13 +6982,8 @@
nl80211_put_fils_connect_params(drv, params, msg) != 0)
return -1;
-#if defined(CONFIG_DRIVER_NL80211_BRCM) || defined(CONFIG_DRIVER_NL80211_SYNA)
- if (((params->key_mgmt_suite & WPA_KEY_MGMT_SAE) ||
- (params->key_mgmt_suite == WPA_KEY_MGMT_FT_SAE)) &&
-#else
if ((wpa_key_mgmt_sae(params->key_mgmt_suite) ||
wpa_key_mgmt_sae(params->allowed_key_mgmts)) &&
-#endif /* CONFIG_DRIVER_NL80211_BRCM || CONFIG_DRIVER_NL80211_SYNA */
(!(drv->capa.flags & WPA_DRIVER_FLAGS_SME)) &&
nla_put_flag(msg, NL80211_ATTR_EXTERNAL_AUTH_SUPPORT))
return -1;
@@ -7041,13 +7036,8 @@
goto fail;
#ifdef CONFIG_SAE
-#if defined(CONFIG_DRIVER_NL80211_BRCM) || defined(CONFIG_DRIVER_NL80211_SYNA)
- if (((params->key_mgmt_suite & WPA_KEY_MGMT_SAE) ||
- (params->key_mgmt_suite == WPA_KEY_MGMT_FT_SAE)) &&
-#else
if ((wpa_key_mgmt_sae(params->key_mgmt_suite) ||
wpa_key_mgmt_sae(params->allowed_key_mgmts)) &&
-#endif /* CONFIG_DRIVER_NL80211_BRCM || CONFIG_DRIVER_NL80211_SYNA */
nl80211_put_sae_pwe(msg, params->sae_pwe) < 0)
goto fail;
#endif /* CONFIG_SAE */
@@ -7155,13 +7145,8 @@
if (wpa_driver_nl80211_set_mode(priv, nlmode) < 0)
return -1;
-#if defined(CONFIG_DRIVER_NL80211_BRCM) || defined(CONFIG_DRIVER_NL80211_SYNA)
- if ((params->key_mgmt_suite & WPA_KEY_MGMT_SAE) ||
- (params->key_mgmt_suite == WPA_KEY_MGMT_FT_SAE))
-#else
if (wpa_key_mgmt_sae(params->key_mgmt_suite) ||
wpa_key_mgmt_sae(params->allowed_key_mgmts))
-#endif /* CONFIG_DRIVER_NL80211_BRCM || CONFIG_DRIVER_NL80211_SYNA */
bss->use_nl_connect = 1;
else
bss->use_nl_connect = 0;
diff --git a/src/drivers/driver_nl80211_event.c b/src/drivers/driver_nl80211_event.c
index e99afdc..16d6f5b 100644
--- a/src/drivers/driver_nl80211_event.c
+++ b/src/drivers/driver_nl80211_event.c
@@ -1104,6 +1104,7 @@
* operation that happened in parallel with the disconnection request.
*/
drv->ignore_next_local_disconnect = 0;
+ drv->sta_mlo_info.default_map = true;
#ifdef CONFIG_DRIVER_NL80211_QCA
if (drv->pending_t2lm_data)
diff --git a/src/eap_peer/eap.c b/src/eap_peer/eap.c
index 8338c47..ff7dc1e 100644
--- a/src/eap_peer/eap.c
+++ b/src/eap_peer/eap.c
@@ -2207,6 +2207,14 @@
return -1;
}
+void tls_openssl_failure_callback(void* ctx, const char* msg) {
+ if (ctx == NULL || msg == NULL) return;
+ struct eap_sm *sm = (struct eap_sm*) ctx;
+ if (sm->eapol_cb && sm->eapol_cb->notify_open_ssl_failure) {
+ sm->eapol_cb->notify_open_ssl_failure(sm->eapol_ctx, msg);
+ }
+}
+
/**
* eap_peer_sm_init - Allocate and initialize EAP peer state machine
* @eapol_ctx: Context data to be used with eapol_cb calls
@@ -2251,6 +2259,7 @@
tlsconf.cb_ctx = sm;
tlsconf.cert_in_cb = conf->cert_in_cb;
tls_register_cert_callback(&tls_certificate_callback);
+ tls_register_openssl_failure_callback(&tls_openssl_failure_callback);
sm->ssl_ctx = tls_init(&tlsconf);
if (sm->ssl_ctx == NULL) {
wpa_printf(MSG_WARNING, "SSL: Failed to initialize TLS "