Avoid dereferencing a dangling function pointer in 'eap_server_sm_deinit()'.
This issue arises when hostap unregisteres EAP methods before it removes
the server state machine for station.
The previous PEAP client behavior allowed the server to skip Phase 2
authentication with the expectation that the server was authenticated
during Phase 1 through TLS server certificate validation. Various PEAP
specifications are not exactly clear on what the behavior on this front
is supposed to be and as such, this ended up being more flexible than
the TTLS/FAST/TEAP cases. However, this is not really ideal when
unfortunately common misconfiguration of PEAP is used in deployed
devices where the server trust root (ca_cert) is not configured or the
user has an easy option for allowing this validation step to be skipped.
Change the default PEAP client behavior to be to require Phase 2
authentication to be successfully completed for cases where TLS session
resumption is not used and the client certificate has not been
configured. Those two exceptions are the main cases where a deployed
authentication server might skip Phase 2 and as such, where a more
strict default behavior could result in undesired interoperability
issues. Requiring Phase 2 authentication will end up disabling TLS
session resumption automatically to avoid interoperability issues.
Allow Phase 2 authentication behavior to be configured with a new phase1
configuration parameter option:
'phase2_auth' option can be used to control Phase 2 (i.e., within TLS
tunnel) behavior for PEAP:
* 0 = do not require Phase 2 authentication
* 1 = require Phase 2 authentication when client certificate
(private_key/client_cert) is no used and TLS session resumption was
not used (default)
* 2 = require Phase 2 authentication in all cases
1) Add parameter to configure reason code of deauth frame
2) Add logs to indicate MIC failure 4-Way-Handshake
3) Process RSNXE capabilities only if AP advertises them
-Merges the addition of extended caps IE for assoc req, probe resp
and beacons in a single place. This ensures that there are no
duplicate Extended Caps IE in the frame. Moves the capability
indication for BTM and HT20/40 from supplicant to wifi libs.
-Fix issue with frequent disconections when scanning for only a single
channel.
-Prints error message and returns ESP_ERR_NOT_SUPPORTED in case
esp32c2 tries to set bandwidth to HT40.
Fix crash in sending new RRM neighbour report requests by removing
the call to neighbour report request timeout callback in case of
already ongoing neighbour report request timer.
1. Fix memory leak caused by assoc IE and retry timer
2. Discard commit frame received at confirmed state in SAE
3. Ignore immediate assoc req received from the station while we are
processing the older one. Fix regression caused by 4cb4faa9
1) Set NVS PMF required true if not specified by application when
authmode is WPA3
2) Fix issue regarding cleanup of non associated sta_info
3) Fix implementation of sta lock to avoid concurrency issues
4) Fix softAP deinit crash when password is configured with max length
1) Resolve wpa_suppliant coverity issues caused by SAE softAP
2) Fix crash occured while deinitialization of softAP
when authmode is changed
3) Fix issue related to anti clogging token and send_confirm
4) Put some AP specific functions under ESP_WIFI_SOFTAP_SUPPORT
compilation flags
Update wifi lib with below -
1. Create NAN Discovery SM for beaconing & cluster formation
2. Create NAN interface for Tx/Rx of beacons & action frames
3. Add commands & events for NAN Services Publish/Subscribe/Followup
4. Add NAN Datapath definitions, Events, Peer structures
5. Support for forming and parsing of Datapath related attributes
6. Modules for NDP Req, Resp, Confirm, Term, Peer management
7. NAN Interface related additions in Datapath, Data Tx Q's
In addition include below changes -
1. Add netif and driver support for NAN Interface
2. Add simple examples for Publisher-Subscriber usecases
3. Add an advanced console example that supports commands
for NAN Discovery, Services & Datapath
4. Add wifi_apps for providing better NAN API's and Peer management
Co-authored-by: Shyamal Khachane <shyamal.khachane@espressif.com>
Add validation for group data cipher, pairwise cipher and AKM Suites to
ensure correct ciphers are supported by AP during 192-bit Enterprise
connections.
