Merge branch 'bugfix/supplicant_analyzer_fixes' into 'master'

Bugfix/supplicant analyzer fixes

Closes WIFIBUG-1218 and IDF-13129

See merge request espressif/esp-idf!39300

Author: Jiang Jiang Jian

components/esp_wifi/wifi_apps/roaming_app/src/Kconfig.roaming

@@ -93,7 +93,7 @@ menu "Roaming Methods"
     config ESP_WIFI_NETWORK_ASSISTED_ROAMING_IP_RENEW_SKIP
         bool "Skip IP renew during BTM based roaming"
         depends on ESP_WIFI_ROAMING_NETWORK_ASSISTED_ROAM
-        default y
+        default n
         help
             Station will not ask for IP renew after a BTM based roaming. Before enabling please
             make sure your network supports this.

components/wpa_supplicant/esp_supplicant/src/crypto/crypto_mbedtls-bignum.c

@@ -1,5 +1,5 @@
 /*
- * SPDX-FileCopyrightText: 2015-2024 Espressif Systems (Shanghai) CO LTD
+ * SPDX-FileCopyrightText: 2015-2025 Espressif Systems (Shanghai) CO LTD
  *
  * SPDX-License-Identifier: Apache-2.0
  */
@@ -51,15 +51,20 @@ struct crypto_bignum *crypto_bignum_init_set(const u8 *buf, size_t len)
 
 struct crypto_bignum * crypto_bignum_init_uint(unsigned int val)
 {
+    int ret;
 
     mbedtls_mpi *bn = os_zalloc(sizeof(mbedtls_mpi));
-    if (bn == NULL) {
+    if (!bn) {
         return NULL;
     }
 
     mbedtls_mpi_init(bn);
-    mbedtls_mpi_lset(bn, val);
+    ret = mbedtls_mpi_lset(bn, val);
 
+    if (ret) {
+        crypto_bignum_deinit((struct crypto_bignum *)bn, 0);
+        bn = NULL;
+    }
     return (struct crypto_bignum *)bn;
 }
 

components/wpa_supplicant/esp_supplicant/src/crypto/crypto_mbedtls-ec.c

@@ -1177,6 +1177,7 @@ struct wpabuf * crypto_ecdh_get_pubkey(struct crypto_ecdh *ecdh, int y)
 {
     struct wpabuf *public_key = NULL;
     uint8_t *buf = NULL;
+    int ret;
     mbedtls_ecdh_context *ctx = (mbedtls_ecdh_context *)ecdh;
     size_t prime_len = ACCESS_ECDH(ctx, grp).pbits / 8;
 
@@ -1187,8 +1188,13 @@ struct wpabuf * crypto_ecdh_get_pubkey(struct crypto_ecdh *ecdh, int y)
     }
 
     /* Export an MPI into unsigned big endian binary data of fixed size */
-    mbedtls_mpi_write_binary(ACCESS_ECDH(&ctx, Q).MBEDTLS_PRIVATE(X), buf, prime_len);
+    ret = mbedtls_mpi_write_binary(ACCESS_ECDH(&ctx, Q).MBEDTLS_PRIVATE(X), buf, prime_len);
+    if (ret) {
+        goto cleanup;
+    }
     public_key = wpabuf_alloc_copy(buf, 32);
+
+cleanup:
     os_free(buf);
     return public_key;
 }

components/wpa_supplicant/esp_supplicant/src/crypto/fastpbkdf2.c

@@ -109,7 +109,7 @@ static inline void md_pad(uint8_t *block, size_t blocksz, size_t used, size_t ms
                                       const uint8_t *key, size_t nkey)        \
   {                                                                           \
     /* Prepare key: */                                                        \
-    uint8_t k[_blocksz];                                                      \
+    uint8_t k[_blocksz] = {0};                                                \
                                                                               \
     /* Shorten long keys. */                                                  \
     if (nkey > _blocksz)                                                      \

components/wpa_supplicant/esp_supplicant/src/esp_wps.c

@@ -641,11 +641,11 @@ int wps_process_wps_mX_req(u8 *ubuf, int len, enum wps_process_res *res)
         tlen = frag_len;
     }
 
+    if (tlen > 50000) {
+        wpa_printf(MSG_ERROR, "EAP-WSC: Invalid Message Length");
+        return ESP_FAIL;
+    }
     if ((flag & WPS_MSG_FLAG_MORE) || wps_buf != NULL) {//frag msg
-        if (tlen > 50000) {
-            wpa_printf(MSG_ERROR, "EAP-WSC: Invalid Message Length");
-            return ESP_FAIL;
-        }
         wpa_printf(MSG_DEBUG, "rx frag msg id:%d, flag:%d, frag_len: %d, tot_len: %d, be_tot_len:%d", sm->current_identifier, flag, frag_len, tlen, be_tot_len);
         if (ESP_OK != wps_enrollee_process_msg_frag(&wps_buf, tlen, tbuf, frag_len, flag)) {
             if (wps_buf) {

components/wpa_supplicant/src/ap/wpa_auth.c

@@ -1644,6 +1644,7 @@ SM_STATE(WPA_PTK, PTKCALCNEGOTIATING)
     SM_ENTRY_MA(WPA_PTK, PTKCALCNEGOTIATING, wpa_ptk);
     sm->EAPOLKeyReceived = FALSE;
     sm->update_snonce = FALSE;
+    os_memset(&PTK, 0, sizeof(PTK));
     pmk_len = PMK_LEN;
 
     /* WPA with IEEE 802.1X: use the derived PMK from EAP

components/wpa_supplicant/src/crypto/sha256-prf.c

@@ -97,7 +97,7 @@ int sha256_prf_bits(const u8 *key, size_t key_len, const char *label,
 	 * Mask out unused bits in the last octet if it does not use all the
 	 * bits.
 	 */
-	if (buf_len_bits % 8) {
+	if (pos > 0 && (buf_len_bits % 8)) {
 		u8 mask = 0xff << (8 - buf_len_bits % 8);
 		buf[pos - 1] &= mask;
 	}

components/wpa_supplicant/src/crypto/sha384-prf.c

@@ -97,7 +97,7 @@ int sha384_prf_bits(const u8 *key, size_t key_len, const char *label,
 	 * Mask out unused bits in the last octet if it does not use all the
 	 * bits.
 	 */
-	if (buf_len_bits % 8) {
+	if (pos > 0 && (buf_len_bits % 8)) {
 		u8 mask = 0xff << (8 - buf_len_bits % 8);
 		buf[pos - 1] &= mask;
 	}

components/wpa_supplicant/src/eap_peer/eap_fast_pac.c

@@ -426,11 +426,9 @@ int eap_fast_load_pac(struct eap_sm *sm, struct eap_fast_pac **pac_root,
 
 	if (eap_fast_read_line(&rc, &pos) < 0) {
 		/* empty file - assume it is fine to overwrite */
-        printf("\n\nassuming it is fine to overwrite... \n\n");
 		eap_fast_deinit_pac_data(&rc);
 		return 0;
 	}
-    printf("\n\nPAC FILE =\n%s", rc.pos);
 	if (os_strcmp(pac_file_hdr, rc.buf) != 0)
 		err = "Unrecognized header line";
 
@@ -546,11 +544,13 @@ static int eap_fast_write_pac(struct eap_sm *sm, const char *pac_file,
 		blob->data = (u8 *) buf;
 		blob->len = len;
 		buf = NULL;
+#ifndef ESP_SUPPLICANT
 		blob->name = os_strdup(pac_file + 7);
 		if (blob->name == NULL) {
 			os_free(blob);
 			return -1;
 		}
+#endif
 		eap_set_config_blob(sm, blob);
 		os_free(blob);
 	} else {
@@ -657,7 +657,6 @@ int eap_fast_save_pac(struct eap_sm *sm, struct eap_fast_pac *pac_root,
 		return -1;
 	}
 
-    wpa_printf(MSG_DEBUG, "PAC file: %s", (sm->blob[3].data));
 	wpa_printf(MSG_DEBUG, "EAP-FAST: Wrote %d PAC entries into '%s'",
 		   count, pac_file);
 
@@ -755,8 +754,7 @@ int eap_fast_load_pac_bin(struct eap_sm *sm, struct eap_fast_pac **pac_root,
 {
 	const struct wpa_config_blob *blob = NULL;
 	u8 *buf, *end, *pos;
-	size_t len = 0;
-    size_t count = 0;
+	size_t len, count = 0;
 	struct eap_fast_pac *pac, *prev;
 
 	*pac_root = NULL;
@@ -776,6 +774,7 @@ int eap_fast_load_pac_bin(struct eap_sm *sm, struct eap_fast_pac **pac_root,
 		len = blob->len;
 	} else {
 		buf = (u8 *) sm->blob[3].data; //(u8 *) os_readfile(pac_file, &len);
+		len = sm->blob[3].len;
 		if (buf == NULL) {
 			wpa_printf(MSG_INFO, "EAP-FAST: No PAC file '%s' - "
 				   "assume no PAC entries have been "

components/wpa_supplicant/src/eap_peer/eap_ttls.c

@@ -117,7 +117,7 @@ static void * eap_ttls_init(struct eap_sm *sm)
 
 
 static void eap_ttls_phase2_eap_deinit(struct eap_sm *sm,
-			   struct eap_ttls_data *data)
+				       struct eap_ttls_data *data)
 {
 	if (data->phase2_priv && data->phase2_method) {
 		data->phase2_method->deinit(sm, data->phase2_priv);
@@ -130,7 +130,7 @@ static void eap_ttls_phase2_eap_deinit(struct eap_sm *sm,
 static void eap_ttls_free_key(struct eap_ttls_data *data)
 {
 	if (data->key_data) {
-		bin_clear_free(data->key_data, EAP_TLS_KEY_LEN);
+		bin_clear_free(data->key_data, EAP_TLS_KEY_LEN + EAP_EMSK_LEN);
 		data->key_data = NULL;
 	}
 }
@@ -153,7 +153,7 @@ static void eap_ttls_deinit(struct eap_sm *sm, void *priv)
 
 
 static u8 * eap_ttls_avp_hdr(u8 *avphdr, u32 avp_code, u32 vendor_id,
-		 int mandatory, size_t len)
+			     int mandatory, size_t len)
 {
 	struct ttls_avp_vendor *avp;
 	u8 flags;
@@ -170,7 +170,7 @@ static u8 * eap_ttls_avp_hdr(u8 *avphdr, u32 avp_code, u32 vendor_id,
 	}
 
 	avp->avp_code = host_to_be32(avp_code);
-	avp->avp_length = host_to_be32(((u32) (flags << 24)) |
+	avp->avp_length = host_to_be32(((u32) flags << 24) |
 				       (u32) (hdrlen + len));
 
 	return avphdr + hdrlen;