When registrar somehow misses the WSC_DONE sent by station and station
goes for next connection after sending deauth, make sure that softAP
disables the registrar.
- Ensure that wpa_supplicant's state machine registers the requirement for rsnxe
before deciding to add rsnxe to a assoc request.
Co-authored-by: jgujarathi <jash.gujarathi@espressif.com>
1. Free temporary data used by SAE before memsetting the same
2. Drop any received auth responses that use a different algorithm than the one currently in use
UDP application sends packet using esp_netif, underlying transport such
as Wi-Fi may drop the packet due to higher load. New error code
represent transient, non-fatal packet drop error. udp application may
use such errtype, for example to rate limit.
* Fix issues related to mgmt packets encryption in GCMP
* Fix issue of wrong decryption of mgmt packets when PMF is enabled
* Fix softAP bug in handling of SAE Reauthentication
- Any scanning currently updates the bss table held by supplicant anyway,
but the time record used to maintain the recency of the last scan is
only updated by supplicant issued scans. Updating the last scan time
for application trigerred scanning will prevent the needless scanning
by supplicant if there has been an application trigerred scan in
the time diff threshold(currently 10s).
- Add default durations to supplicant issued scans based on results from
initial experiments where probe response times were recorded in a
significantly noisy environment. It was noticed that within 70ms
we receive over 80% of the responses 90% of the time
- Clear the bssid set flag and channel in supplicant disconnect handler as this
can cause the station to recursively connect to the wrong AP in case
roaming through BTM mechanisms fails.
- Fix issue with incorrect blocking time calculation when blocking scan
issued for a single channel.
- Deprecate the existing esp_rrm_send_neighbor_rep_request() API
- Adds a new API to send neighbor report requests esp_rrm_send_neighbor_report_request().
This replaces the older API's callback procedure with a new Wi-Fi
event that is posted when the neighbor report is received.
This moves the execution of the callback from supplicant
context to freertos context.
- Avoid downgrading TLS ciphersuites when client RSA keys are larger than RSA-2048 bit.
- Note that when using bigger certificates on low-power chips without crypto
hardware acceleration, it is recommended to adjust the task watchdog timer (TWDT)
if it is enabled. For precise information on timing requirements, you can check
performance numbers at https://github.com/espressif/mbedtls/wiki/Performance-Numbers.
Taking sizeof(ptr) is incorrect to determine size of passed in hash and
results in hlen getting set to a very large value since MD5_MAC_LEN >
sizeof(ptr). Provide the actual size of the hash buffer from the caller
to fix this.
tls_key_x_server_params_hash() callers src/tls/tlsv1_client_read.c and
src/tls/tlsv1_server_write.c both pass in a large enough hash (hash[64]
or hash[100]) that this does not appear to have an impact, though it is
still wrong.
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
This new value was added to verify peer certificate if it is provided,
but not reject the TLS handshake if no peer certificate is provided.
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
Some of the TLS library wrappers defined only an empty function for
tls_connection_set_success_data(). That could result in memory leaks in
TLS server cases, so update these to do the minimal thing and free the
provided buffer as unused.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
These operations do not really have any effect since
tls_connection_set_params() is used only in the TLS client case and the
client receives the DH parameters from the server instead of local
configuration.
Signed-off-by: Jouni Malinen <j@w1.fi>
RFC 9190 requires protected result indication to be used with TLSv1.3,
so do not allow EAP-TLS to complete successfully if the server does not
send that indication.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
