diff options
| -rw-r--r-- | src/crypto/tls.h | 10 | ||||
| -rw-r--r-- | src/crypto/tls_openssl.c | 22 | ||||
| -rw-r--r-- | src/drivers/driver_nl80211_event.c | 1 | ||||
| -rw-r--r-- | src/eap_peer/eap.c | 9 | ||||
| -rw-r--r-- | wpa_supplicant/Android.bp | 2 | ||||
| -rw-r--r-- | wpa_supplicant/Android.mk | 29 | ||||
| -rw-r--r-- | wpa_supplicant/aidl/sta_network.cpp | 4 | ||||
| -rw-r--r-- | wpa_supplicant/android.config | 3 | ||||
| -rw-r--r-- | wpa_supplicant/wpa_supplicant/Android.bp | 52 | ||||
| -rw-r--r-- | wpa_supplicant/wpa_supplicant/libdrivercmdfallback/Android.bp | 32 | ||||
| -rw-r--r-- | wpa_supplicant/wpa_supplicant/libdrivercmdfallback/driver_cmd_nl80211.c | 45 |
11 files changed, 192 insertions, 17 deletions
diff --git a/src/crypto/tls.h b/src/crypto/tls.h index c201dcd6..82276c5f 100644 --- a/src/crypto/tls.h +++ b/src/crypto/tls.h @@ -693,4 +693,14 @@ typedef ssize_t (*tls_get_certificate_cb) void tls_register_cert_callback(tls_get_certificate_cb cb); +/** + * tls_register_openssl_failure_callback - Register a callback to indicate + * that an OpenSSL failure has occurred + * @cb: Callback object to register + */ +typedef void (*tls_openssl_failure_cb) +(void* ctx, const char* msg); + +void tls_register_openssl_failure_callback(tls_openssl_failure_cb cb); + #endif /* TLS_H */ diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c index 23bbe687..b378356d 100644 --- a/src/crypto/tls_openssl.c +++ b/src/crypto/tls_openssl.c @@ -201,6 +201,7 @@ struct tls_connection { static struct tls_context *tls_global = NULL; static tls_get_certificate_cb certificate_callback_global = NULL; +static tls_openssl_failure_cb openssl_failure_callback_global = NULL; #ifdef ANDROID #include <openssl/pem.h> @@ -2634,9 +2635,19 @@ static int tls_verify_cb(int preverify_ok, X509_STORE_CTX *x509_ctx) if (chain) sk_X509_pop_free(chain, X509_free); - wpa_printf(MSG_WARNING, "TLS: Certificate verification failed," - " error %d (%s) depth %d for '%s'", err, err_str, - depth, buf); + char *format_str = "TLS: Certificate verification failed," + " error %d (%s) depth %d for '%s'"; + int msg_len = snprintf(NULL, 0, format_str, err, err_str, depth, buf) + 1; + char *msg = os_malloc(msg_len); + snprintf(msg, msg_len, format_str, err, err_str, depth, buf); + + wpa_printf(MSG_WARNING, "%s", msg); + if (conn != NULL && conn->context != NULL + && openssl_failure_callback_global != NULL) { + (*openssl_failure_callback_global)(conn->context->cb_ctx, msg); + } + os_free(msg); + openssl_tls_fail_event(conn, err_cert, err, depth, buf, err_str, TLS_FAIL_UNSPECIFIED); return preverify_ok; @@ -6048,3 +6059,8 @@ void tls_register_cert_callback(tls_get_certificate_cb cb) { certificate_callback_global = cb; } + +void tls_register_openssl_failure_callback(tls_openssl_failure_cb cb) +{ + openssl_failure_callback_global = cb; +} diff --git a/src/drivers/driver_nl80211_event.c b/src/drivers/driver_nl80211_event.c index e99afdca..16d6f5b4 100644 --- a/src/drivers/driver_nl80211_event.c +++ b/src/drivers/driver_nl80211_event.c @@ -1104,6 +1104,7 @@ static void mlme_event_connect(struct wpa_driver_nl80211_data *drv, * operation that happened in parallel with the disconnection request. */ drv->ignore_next_local_disconnect = 0; + drv->sta_mlo_info.default_map = true; #ifdef CONFIG_DRIVER_NL80211_QCA if (drv->pending_t2lm_data) diff --git a/src/eap_peer/eap.c b/src/eap_peer/eap.c index 8338c47b..ff7dc1e2 100644 --- a/src/eap_peer/eap.c +++ b/src/eap_peer/eap.c @@ -2207,6 +2207,14 @@ ssize_t tls_certificate_callback(void* ctx, const char* alias, uint8_t** value) return -1; } +void tls_openssl_failure_callback(void* ctx, const char* msg) { + if (ctx == NULL || msg == NULL) return; + struct eap_sm *sm = (struct eap_sm*) ctx; + if (sm->eapol_cb && sm->eapol_cb->notify_open_ssl_failure) { + sm->eapol_cb->notify_open_ssl_failure(sm->eapol_ctx, msg); + } +} + /** * eap_peer_sm_init - Allocate and initialize EAP peer state machine * @eapol_ctx: Context data to be used with eapol_cb calls @@ -2251,6 +2259,7 @@ struct eap_sm * eap_peer_sm_init(void *eapol_ctx, tlsconf.cb_ctx = sm; tlsconf.cert_in_cb = conf->cert_in_cb; tls_register_cert_callback(&tls_certificate_callback); + tls_register_openssl_failure_callback(&tls_openssl_failure_callback); sm->ssl_ctx = tls_init(&tlsconf); if (sm->ssl_ctx == NULL) { wpa_printf(MSG_WARNING, "SSL: Failed to initialize TLS " diff --git a/wpa_supplicant/Android.bp b/wpa_supplicant/Android.bp index dd4423aa..664c65cd 100644 --- a/wpa_supplicant/Android.bp +++ b/wpa_supplicant/Android.bp @@ -445,4 +445,4 @@ filegroup { "wpa_supplicant.c", "wps_supplicant.c", ], -} +}
\ No newline at end of file diff --git a/wpa_supplicant/Android.mk b/wpa_supplicant/Android.mk index 03dc209c..c3a7bc64 100644 --- a/wpa_supplicant/Android.mk +++ b/wpa_supplicant/Android.mk @@ -1835,7 +1835,7 @@ ifeq ($(CONFIG_TLS), openssl) PASNOBJS += src/crypto/crypto_openssl.c ifdef TLS_FUNCS PASNOBJS += src/crypto/tls_openssl.c -#PASNOBJS += -lssl -lcrypto +PASNOBJS += src/crypto/tls_openssl_ocsp.c NEED_TLS_PRF_SHA256=y endif endif @@ -2038,13 +2038,20 @@ LOCAL_EXPORT_C_INCLUDE_DIRS := \ include $(BUILD_STATIC_LIBRARY) endif # WPA_SUPPLICANT_USE_AIDL == y -#include $(CLEAR_VARS) -#LOCAL_MODULE = libpasn -#LOCAL_CFLAGS = $(L_CFLAGS) -#LOCAL_SRC_FILES = $(PASNOBJS) -#LOCAL_C_INCLUDES = $(INCLUDES) -#LOCAL_SHARED_LIBRARIES := libc libcutils liblog -#ifeq ($(CONFIG_TLS), openssl) -#LOCAL_SHARED_LIBRARIES := libcrypto libssl -#endif -#include $(BUILD_SHARED_LIBRARY) +ifeq ($(CONFIG_PASN), y) +include $(CLEAR_VARS) +LOCAL_MODULE = libpasn +LOCAL_LICENSE_KINDS := SPDX-license-identifier-BSD SPDX-license-identifier-BSD-3-Clause SPDX-license-identifier-ISC legacy_unencumbered +LOCAL_LICENSE_CONDITIONS := notice unencumbered +LOCAL_NOTICE_FILE := $(LOCAL_PATH)/../LICENSE +LOCAL_VENDOR_MODULE := true +LOCAL_CFLAGS = $(L_CFLAGS) +LOCAL_SRC_FILES = $(PASNOBJS) +LOCAL_C_INCLUDES = $(INCLUDES) +LOCAL_SHARED_LIBRARIES := libc libcutils liblog +ifeq ($(CONFIG_TLS), openssl) +LOCAL_SHARED_LIBRARIES += libcrypto libssl libkeystore-wifi-hidl +LOCAL_SHARED_LIBRARIES += libkeystore-engine-wifi-hidl +endif +include $(BUILD_SHARED_LIBRARY) +endif # CONFIG_PASN == y diff --git a/wpa_supplicant/aidl/sta_network.cpp b/wpa_supplicant/aidl/sta_network.cpp index bb3045c8..2604d2e2 100644 --- a/wpa_supplicant/aidl/sta_network.cpp +++ b/wpa_supplicant/aidl/sta_network.cpp @@ -2689,9 +2689,9 @@ ndk::ScopedAStatus StaNetwork::setMinimumTlsVersionEapPhase1ParamInternal(TlsVer FALLTHROUGH_INTENDED; case TlsVersion::TLS_V1_1: tlsFlags |= TLS_CONN_DISABLE_TLSv1_0; - FALLTHROUGH_INTENDED; - default: break; + default: + return createStatus(SupplicantStatusCode::FAILURE_UNSUPPORTED); } generateTlsParams(); diff --git a/wpa_supplicant/android.config b/wpa_supplicant/android.config index bfdd53e5..4cc38084 100644 --- a/wpa_supplicant/android.config +++ b/wpa_supplicant/android.config @@ -541,6 +541,9 @@ CONFIG_DPP2=y # WPA3-Personal (SAE) CONFIG_SAE=y +# PASN +CONFIG_PASN=y + # WPA3-Enterprise (SuiteB-192) CONFIG_SUITEB=y CONFIG_SUITEB192=y diff --git a/wpa_supplicant/wpa_supplicant/Android.bp b/wpa_supplicant/wpa_supplicant/Android.bp new file mode 100644 index 00000000..b70e5b92 --- /dev/null +++ b/wpa_supplicant/wpa_supplicant/Android.bp @@ -0,0 +1,52 @@ +// Copyright (C) 2023 The Android Open Source Project +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +soong_namespace { + +} + +package { + default_applicable_licenses: [ + // Inherits SPDX-license-identifier-BSD-3-Clause + "external_wpa_supplicant_8_license", + ], +} + +soong_config_module_type_import { + from: "frameworks/opt/net/wifi/libwifi_hal/Android.bp", + module_types: ["wifi_cc_defaults"], +} + +wifi_cc_defaults { + name: "lib_vendor_wpa_supplicant", + soong_config_variables: { + board_wlan_device: { + emulator: { + static_libs: ["lib_driver_cmd_simulated_cf_bp"], + }, + // TODO(b/295186835): Convert lib_driver_cmd_* to soong + conditions_default: { + static_libs: ["lib_driver_cmd_fallback"], + }, + } + } +} + +cc_binary { + name: "wpa_supplicant", + defaults: [ + "wpa_supplicant_defaults", + "lib_vendor_wpa_supplicant", + ], +} diff --git a/wpa_supplicant/wpa_supplicant/libdrivercmdfallback/Android.bp b/wpa_supplicant/wpa_supplicant/libdrivercmdfallback/Android.bp new file mode 100644 index 00000000..3fe900b2 --- /dev/null +++ b/wpa_supplicant/wpa_supplicant/libdrivercmdfallback/Android.bp @@ -0,0 +1,32 @@ +// +// Copyright (C) 2023 The Android Open Source Project +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package { + default_applicable_licenses: ["Android-Apache-2.0"], +} + +cc_library_static { + name: "lib_driver_cmd_fallback", + srcs: ["driver_cmd_nl80211.c"], + header_libs: [ + "wpa_supplicant_headers", + ], + cflags: [ + "-Werror", + "-Wno-unused-parameter", + "-Wno-macro-redefined", + ], + soc_specific: true, +}
\ No newline at end of file diff --git a/wpa_supplicant/wpa_supplicant/libdrivercmdfallback/driver_cmd_nl80211.c b/wpa_supplicant/wpa_supplicant/libdrivercmdfallback/driver_cmd_nl80211.c new file mode 100644 index 00000000..6cdc57a5 --- /dev/null +++ b/wpa_supplicant/wpa_supplicant/libdrivercmdfallback/driver_cmd_nl80211.c @@ -0,0 +1,45 @@ +/* + * Copyright (C) 2023 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/* + * Driver interaction with extended Linux CFG8021 + */ + +#include "includes.h" + +#include "common.h" + +int wpa_driver_nl80211_driver_cmd(void* priv, char* cmd, char* buf, + size_t buf_len) { + return 0; +} + +int wpa_driver_set_p2p_noa(void* priv, u8 count, int start, int duration) { + return 0; +} + +int wpa_driver_get_p2p_noa(void* priv, u8* buf, size_t len) { + return 0; +} + +int wpa_driver_set_p2p_ps(void* priv, int legacy_ps, int opp_ps, int ctwindow) { + return -1; +} + +int wpa_driver_set_ap_wps_p2p_ie(void* priv, const struct wpabuf* beacon, + const struct wpabuf* proberesp, + const struct wpabuf* assocresp) { + return 0; +} |