wpa_supplicant: more wpa2_enterprise fixes

Merges https://github.com/espressif/esp-idf/pull/2386 Closes https://github.com/espressif/esp-idf/issues/2383 Closes https://github.com/espressif/esp-idf/issues/2381
2024-10-05 20:47:46 -04:00 · 2018-09-07 02:30:10 -07:00 · 2018-09-07 02:30:10 -07:00 · 9ad19e8122
commit 9ad19e8122
parent 75fcd062e8
4 changed files with 34 additions and 2 deletions
--- a/components/wpa_supplicant/src/fast_crypto/fast_crypto_internal-cipher.c
+++ b/components/wpa_supplicant/src/fast_crypto/fast_crypto_internal-cipher.c
@ -77,9 +77,9 @@ struct crypto_cipher *  fast_crypto_cipher_init(enum crypto_cipher_alg alg,
            break;
        case CRYPTO_CIPHER_ALG_AES:                
            mbedtls_aes_init(&(ctx->u.aes.ctx_enc));
-            mbedtls_aes_setkey_enc(&(ctx->u.aes.ctx_enc), key, 256);
+            mbedtls_aes_setkey_enc(&(ctx->u.aes.ctx_enc), key, key_len * 8);
            mbedtls_aes_init(&(ctx->u.aes.ctx_dec));
-            mbedtls_aes_setkey_dec(&(ctx->u.aes.ctx_dec), key, 256);               
+            mbedtls_aes_setkey_dec(&(ctx->u.aes.ctx_dec), key, key_len * 8);               
            os_memcpy(ctx->u.aes.cbc, iv, AES_BLOCK_SIZE);
            break;
 #ifdef CONFIG_DES3
--- a/components/wpa_supplicant/src/wpa2/tls/tlsv1_client.c
+++ b/components/wpa_supplicant/src/wpa2/tls/tlsv1_client.c
@ -463,7 +463,9 @@ struct tlsv1_client * tlsv1_client_init(void)
 	suites[count++] = TLS_RSA_WITH_AES_256_CBC_SHA;
 	suites[count++] = TLS_RSA_WITH_AES_128_CBC_SHA256;
 	suites[count++] = TLS_RSA_WITH_AES_128_CBC_SHA;
+#ifdef CONFIG_DES3
 	suites[count++] = TLS_RSA_WITH_3DES_EDE_CBC_SHA;
+#endif
 	suites[count++] = TLS_RSA_WITH_RC4_128_SHA;
 	suites[count++] = TLS_RSA_WITH_RC4_128_MD5;
 	conn->num_cipher_suites = count;
@ -560,12 +562,16 @@ int tlsv1_client_get_cipher(struct tlsv1_client *conn, char *buf,
 	case TLS_RSA_WITH_RC4_128_SHA:
 		cipher = "RC4-SHA";
 		break;
+#ifdef CONFIG_DES
 	case TLS_RSA_WITH_DES_CBC_SHA:
 		cipher = "DES-CBC-SHA";
 		break;
+#endif
+#ifdef CONFIG_DES3
 	case TLS_RSA_WITH_3DES_EDE_CBC_SHA:
 		cipher = "DES-CBC3-SHA";
 		break;
+#endif
 	case TLS_DH_anon_WITH_AES_128_CBC_SHA256:
 		cipher = "ADH-AES-128-SHA256";
 		break;
@ -601,12 +607,16 @@ int tlsv1_client_get_cipher(struct tlsv1_client *conn, char *buf,
        case TLS_RSA_WITH_RC4_128_SHA:
            strcpy(cipher, "RC4-SHA");
            break;
+#ifdef CONFIG_DES
        case TLS_RSA_WITH_DES_CBC_SHA:
            strcpy(cipher, "DES-CBC-SHA");
            break;
+#endif
+#ifdef CONFIG_DES3
        case TLS_RSA_WITH_3DES_EDE_CBC_SHA:
            strcpy(cipher, "DES-CBC3-SHA");
            break;
+#endif
        case TLS_DH_anon_WITH_AES_128_CBC_SHA256:
            strcpy(cipher, "ADH-AES-128-SHA256");
            break;
@ -780,9 +790,13 @@ int tlsv1_client_set_cipher_list(struct tlsv1_client *conn, u8 *ciphers)
 		suites[count++] = TLS_DH_anon_WITH_AES_256_CBC_SHA;
 		suites[count++] = TLS_DH_anon_WITH_AES_128_CBC_SHA256;
 		suites[count++] = TLS_DH_anon_WITH_AES_128_CBC_SHA;
+#ifdef CONFIG_DES3
 		suites[count++] = TLS_DH_anon_WITH_3DES_EDE_CBC_SHA;
+#endif
 		suites[count++] = TLS_DH_anon_WITH_RC4_128_MD5;
+#ifdef CONFIG_DES
 		suites[count++] = TLS_DH_anon_WITH_DES_CBC_SHA;
+#endif

 		/*
 		 * Cisco AP (at least 350 and 1200 series) local authentication
--- a/components/wpa_supplicant/src/wpa2/tls/tlsv1_common.c
+++ b/components/wpa_supplicant/src/wpa2/tls/tlsv1_common.c
@ -31,16 +31,24 @@ static const struct tls_cipher_suite tls_cipher_suites[] = {
 	  TLS_HASH_MD5 },
 	{ TLS_RSA_WITH_RC4_128_SHA, TLS_KEY_X_RSA, TLS_CIPHER_RC4_128,
 	  TLS_HASH_SHA },
+#ifdef CONFIG_DES
 	{ TLS_RSA_WITH_DES_CBC_SHA, TLS_KEY_X_RSA, TLS_CIPHER_DES_CBC,
 	  TLS_HASH_SHA },
+#endif
+#ifdef CONFIG_DES3
 	{ TLS_RSA_WITH_3DES_EDE_CBC_SHA, TLS_KEY_X_RSA,
 	  TLS_CIPHER_3DES_EDE_CBC, TLS_HASH_SHA },
+#endif
 	{ TLS_DH_anon_WITH_RC4_128_MD5, TLS_KEY_X_DH_anon,
 	  TLS_CIPHER_RC4_128, TLS_HASH_MD5 },
+#ifdef CONFIG_DES
 	{ TLS_DH_anon_WITH_DES_CBC_SHA, TLS_KEY_X_DH_anon,
 	  TLS_CIPHER_DES_CBC, TLS_HASH_SHA },
+#endif
+#ifdef CONFIG_DES3
 	{ TLS_DH_anon_WITH_3DES_EDE_CBC_SHA, TLS_KEY_X_DH_anon,
 	  TLS_CIPHER_3DES_EDE_CBC, TLS_HASH_SHA },
+#endif
 	{ TLS_RSA_WITH_AES_128_CBC_SHA, TLS_KEY_X_RSA, TLS_CIPHER_AES_128_CBC,
 	  TLS_HASH_SHA },
 	{ TLS_DH_anon_WITH_AES_128_CBC_SHA, TLS_KEY_X_DH_anon,
@ -74,12 +82,16 @@ static const struct tls_cipher_data tls_ciphers[] = {
 	  CRYPTO_CIPHER_ALG_RC4 },
 	{ TLS_CIPHER_RC4_128,      TLS_CIPHER_STREAM, 16, 16,  0,
 	  CRYPTO_CIPHER_ALG_RC4 },
+#ifdef CONFIG_DES
 	{ TLS_CIPHER_DES40_CBC,    TLS_CIPHER_BLOCK,   5,  8,  8,
 	  CRYPTO_CIPHER_ALG_DES },
 	{ TLS_CIPHER_DES_CBC,      TLS_CIPHER_BLOCK,   8,  8,  8,
 	  CRYPTO_CIPHER_ALG_DES },
+#endif
+#ifdef CONFIG_DES3
 	{ TLS_CIPHER_3DES_EDE_CBC, TLS_CIPHER_BLOCK,  24, 24,  8,
 	  CRYPTO_CIPHER_ALG_3DES },
+#endif
 	{ TLS_CIPHER_AES_128_CBC,  TLS_CIPHER_BLOCK,  16, 16, 16,
 	  CRYPTO_CIPHER_ALG_AES },
 	{ TLS_CIPHER_AES_256_CBC,  TLS_CIPHER_BLOCK,  32, 32, 16,
--- a/components/wpa_supplicant/src/wpa2/tls/tlsv1_server.c
+++ b/components/wpa_supplicant/src/wpa2/tls/tlsv1_server.c
@ -363,7 +363,9 @@ struct tlsv1_server * tlsv1_server_init(struct tlsv1_credentials *cred)
 	suites = conn->cipher_suites;
 	suites[count++] = TLS_RSA_WITH_AES_256_CBC_SHA;
 	suites[count++] = TLS_RSA_WITH_AES_128_CBC_SHA;
+#ifdef CONFIG_DES3
 	suites[count++] = TLS_RSA_WITH_3DES_EDE_CBC_SHA;
+#endif
 	suites[count++] = TLS_RSA_WITH_RC4_128_SHA;
 	suites[count++] = TLS_RSA_WITH_RC4_128_MD5;
 	conn->num_cipher_suites = count;
@ -471,12 +473,16 @@ int tlsv1_server_get_cipher(struct tlsv1_server *conn, char *buf,
 	case TLS_RSA_WITH_RC4_128_SHA:
 		cipher = "RC4-SHA";
 		break;
+#ifdef CONFIG_DES
 	case TLS_RSA_WITH_DES_CBC_SHA:
 		cipher = "DES-CBC-SHA";
 		break;
+#endif
+#ifdef CONFIG_DES3
 	case TLS_RSA_WITH_3DES_EDE_CBC_SHA:
 		cipher = "DES-CBC3-SHA";
 		break;
+#endif
 	case TLS_DH_anon_WITH_AES_128_CBC_SHA:
 		cipher = "ADH-AES-128-SHA";
 		break;