Merge branch 'bugfix/coverity_fixes' into 'master'

wpa_supplicant: Fix issues reported by coverity

Closes WIFI-4390

See merge request espressif/esp-idf!17915

components/wpa_supplicant/src/ap/ap_config.h

@@ -219,7 +219,6 @@ struct hostapd_bss_config {
 	int rsn_pairwise;
 	int rsn_preauth;
 	char *rsn_preauth_interfaces;
-	int peerkey;
 
 #ifdef CONFIG_IEEE80211R
 	/* IEEE 802.11r - Fast BSS Transition */

components/wpa_supplicant/src/ap/wpa_auth.c

@@ -586,8 +586,7 @@ void wpa_receive(struct wpa_authenticator *wpa_auth, struct wpa_state_machine *s
     struct ieee802_1x_hdr *hdr;
     struct wpa_eapol_key *key;
     u16 key_info, key_data_length;
-    enum { PAIRWISE_2, PAIRWISE_4, GROUP_2, REQUEST,
-           SMK_M1, SMK_M3, SMK_ERROR } msg;
+    enum { PAIRWISE_2, PAIRWISE_4, GROUP_2, REQUEST } msg;
     struct wpa_eapol_ie_parse kde;
     int ft;
     const u8 *eapol_key_ie;
@@ -646,16 +645,12 @@ void wpa_receive(struct wpa_authenticator *wpa_auth, struct wpa_state_machine *s
     /* FIX: verify that the EAPOL-Key frame was encrypted if pairwise keys
      * are set */
 
-    if ((key_info & (WPA_KEY_INFO_SMK_MESSAGE | WPA_KEY_INFO_REQUEST)) ==
-        (WPA_KEY_INFO_SMK_MESSAGE | WPA_KEY_INFO_REQUEST)) {
-        if (key_info & WPA_KEY_INFO_ERROR) {
-            msg = SMK_ERROR;
-        } else {
-            msg = SMK_M1;
-        }
-    } else if (key_info & WPA_KEY_INFO_SMK_MESSAGE) {
-        msg = SMK_M3;
-    } else if (key_info & WPA_KEY_INFO_REQUEST) {
+    if (key_info & WPA_KEY_INFO_SMK_MESSAGE) {
+        wpa_printf(MSG_DEBUG, "WPA: Ignore SMK message");
+        return;
+    }
+
+    if (key_info & WPA_KEY_INFO_REQUEST) {
         msg = REQUEST;
     } else if (!(key_info & WPA_KEY_INFO_KEY_TYPE)) {
         msg = GROUP_2;
@@ -665,7 +660,6 @@ void wpa_receive(struct wpa_authenticator *wpa_auth, struct wpa_state_machine *s
         msg = PAIRWISE_2;
     }
 
-    /* TODO: key_info type validation for PeerKey */
     if (msg == REQUEST || msg == PAIRWISE_2 || msg == PAIRWISE_4 ||
         msg == GROUP_2) {
         u16 ver = key_info & WPA_KEY_INFO_TYPE_MASK;
@@ -806,25 +800,6 @@ continue_processing:
             return;
         }
         break;
-#ifdef CONFIG_PEERKEY
-    case SMK_M1:
-    case SMK_M3:
-    case SMK_ERROR:
-        if (!wpa_auth->conf.peerkey) {
-            wpa_printf( MSG_DEBUG, "RSN: SMK M1/M3/Error, but "
-                   "PeerKey use disabled - ignoring message");
-            return;
-        }
-        if (!sm->PTK_valid) {
-            return;
-        }
-        break;
-#else /* CONFIG_PEERKEY */
-    case SMK_M1:
-    case SMK_M3:
-    case SMK_ERROR:
-        return; /* STSL disabled - ignore SMK messages */
-#endif /* CONFIG_PEERKEY */
     case REQUEST:
         break;
     }
@@ -865,22 +840,13 @@ continue_processing:
          * even though MAC address KDE is not normally encrypted,
          * supplicant is allowed to encrypt it.
          */
-        if (msg == SMK_ERROR) {
-#ifdef CONFIG_PEERKEY
-            wpa_smk_error(wpa_auth, sm, key);
-#endif /* CONFIG_PEERKEY */
-            return;
-        } else if (key_info & WPA_KEY_INFO_ERROR) {
+        if (key_info & WPA_KEY_INFO_ERROR) {
             if (wpa_receive_error_report(
                     wpa_auth, sm,
                     !(key_info & WPA_KEY_INFO_KEY_TYPE)) > 0)
                 return; /* STA entry was removed */
         } else if (key_info & WPA_KEY_INFO_KEY_TYPE) {
             wpa_request_new_ptk(sm);
-#ifdef CONFIG_PEERKEY
-        } else if (msg == SMK_M1) {
-            wpa_smk_m1(wpa_auth, sm, key);
-#endif /* CONFIG_PEERKEY */
         } else if (key_data_length > 0 &&
                wpa_parse_kde_ies((const u8 *) (key + 1),
                          key_data_length, &kde) == 0 &&
@@ -916,13 +882,6 @@ continue_processing:
         wpa_replay_counter_mark_invalid(sm->key_replay, NULL);
     }
 
-#ifdef CONFIG_PEERKEY
-    if (msg == SMK_M3) {
-        wpa_smk_m3(wpa_auth, sm, key);
-        return;
-    }
-#endif /* CONFIG_PEERKEY */
-
     wpa_printf( MSG_DEBUG, "wpa_rx: free eapol=%p\n", sm->last_rx_eapol_key);
     os_free(sm->last_rx_eapol_key);
     sm->last_rx_eapol_key = (u8 *)os_malloc(data_len);
@@ -1054,11 +1013,11 @@ void __wpa_send_eapol(struct wpa_authenticator *wpa_auth,
     WPA_PUT_BE16(key->key_info, key_info);
 
     alg = pairwise ? sm->pairwise : wpa_auth->conf.wpa_group;
-    WPA_PUT_BE16(key->key_length, wpa_cipher_key_len(alg));
-    if (key_info & WPA_KEY_INFO_SMK_MESSAGE)
+    if (sm->wpa == WPA_VERSION_WPA2 && !pairwise)
         WPA_PUT_BE16(key->key_length, 0);
+    else
+        WPA_PUT_BE16(key->key_length, wpa_cipher_key_len(alg));
 
-    /* FIX: STSL: what to use as key_replay_counter? */
     for (i = RSNA_MAX_EAPOL_RETRIES - 1; i > 0; i--) {
         sm->key_replay[i].valid = sm->key_replay[i - 1].valid;
         memcpy(sm->key_replay[i].counter,

components/wpa_supplicant/src/ap/wpa_auth.h

@@ -136,7 +136,6 @@ struct wpa_auth_config {
 	int rsn_pairwise;
 	int rsn_preauth;
 	int eapol_version;
-	int peerkey;
 	int wmm_enabled;
 	int wmm_uapsd;
 	int disable_pmksa_caching;

components/wpa_supplicant/src/ap/wpa_auth_i.h

@@ -200,17 +200,6 @@ int wpa_auth_for_each_auth(struct wpa_authenticator *wpa_auth,
 			   int (*cb)(struct wpa_authenticator *a, void *ctx),
 			   void *cb_ctx);
 
-#ifdef CONFIG_PEERKEY
-int wpa_stsl_remove(struct wpa_authenticator *wpa_auth,
-		    struct wpa_stsl_negotiation *neg);
-void wpa_smk_error(struct wpa_authenticator *wpa_auth,
-		   struct wpa_state_machine *sm, struct wpa_eapol_key *key);
-void wpa_smk_m1(struct wpa_authenticator *wpa_auth,
-		struct wpa_state_machine *sm, struct wpa_eapol_key *key);
-void wpa_smk_m3(struct wpa_authenticator *wpa_auth,
-		struct wpa_state_machine *sm, struct wpa_eapol_key *key);
-#endif /* CONFIG_PEERKEY */
-
 #ifdef CONFIG_IEEE80211R
 int wpa_write_mdie(struct wpa_auth_config *conf, u8 *buf, size_t len);
 int wpa_write_ftie(struct wpa_auth_config *conf, const u8 *r0kh_id,

components/wpa_supplicant/src/ap/wpa_auth_ie.c

@@ -216,8 +216,6 @@ int wpa_write_rsn_ie(struct wpa_auth_config *conf, u8 *buf, size_t len,
 	capab = 0;
 	if (conf->rsn_preauth)
 		capab |= WPA_CAPABILITY_PREAUTH;
-	if (conf->peerkey)
-		capab |= WPA_CAPABILITY_PEERKEY_ENABLED;
 	if (conf->wmm_enabled) {
 		/* 4 PTKSA replay counters when using WMM */
 		capab |= (RSN_NUM_REPLAY_COUNTERS_16 << 2);
@@ -626,36 +624,6 @@ static int wpa_parse_generic(const u8 *pos, const u8 *end,
 		return 0;
 	}
 
-#ifdef CONFIG_PEERKEY
-	if (pos[1] > RSN_SELECTOR_LEN + 2 &&
-	    RSN_SELECTOR_GET(pos + 2) == RSN_KEY_DATA_SMK) {
-		ie->smk = pos + 2 + RSN_SELECTOR_LEN;
-		ie->smk_len = pos[1] - RSN_SELECTOR_LEN;
-		return 0;
-	}
-
-	if (pos[1] > RSN_SELECTOR_LEN + 2 &&
-	    RSN_SELECTOR_GET(pos + 2) == RSN_KEY_DATA_NONCE) {
-		ie->nonce = pos + 2 + RSN_SELECTOR_LEN;
-		ie->nonce_len = pos[1] - RSN_SELECTOR_LEN;
-		return 0;
-	}
-
-	if (pos[1] > RSN_SELECTOR_LEN + 2 &&
-	    RSN_SELECTOR_GET(pos + 2) == RSN_KEY_DATA_LIFETIME) {
-		ie->lifetime = pos + 2 + RSN_SELECTOR_LEN;
-		ie->lifetime_len = pos[1] - RSN_SELECTOR_LEN;
-		return 0;
-	}
-
-	if (pos[1] > RSN_SELECTOR_LEN + 2 &&
-	    RSN_SELECTOR_GET(pos + 2) == RSN_KEY_DATA_ERROR) {
-		ie->error = pos + 2 + RSN_SELECTOR_LEN;
-		ie->error_len = pos[1] - RSN_SELECTOR_LEN;
-		return 0;
-	}
-#endif /* CONFIG_PEERKEY */
-
 #ifdef CONFIG_IEEE80211W
 	if (pos[1] > RSN_SELECTOR_LEN + 2 &&
 	    RSN_SELECTOR_GET(pos + 2) == RSN_KEY_DATA_IGTK) {

components/wpa_supplicant/src/ap/wpa_auth_ie.h

@@ -19,16 +19,6 @@ struct wpa_eapol_ie_parse {
 	size_t gtk_len;
 	const u8 *mac_addr;
 	size_t mac_addr_len;
-#ifdef CONFIG_PEERKEY
-	const u8 *smk;
-	size_t smk_len;
-	const u8 *nonce;
-	size_t nonce_len;
-	const u8 *lifetime;
-	size_t lifetime_len;
-	const u8 *error;
-	size_t error_len;
-#endif /* CONFIG_PEERKEY */
 #ifdef CONFIG_IEEE80211W
 	const u8 *igtk;
 	size_t igtk_len;