Merge "Add multiple AKMs and td_policy for Synaptics Wi-Fi" into tm-qpr-dev am: c55112f265
Original change: https://googleplex-android-review.googlesource.com/c/platform/external/wpa_supplicant_8/+/20580317
Change-Id: I959f8061e4fa8a584dccb21a59837b8b102c94b5
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
diff --git a/Android.bp b/Android.bp
index cbb1a90..35cdb4f 100644
--- a/Android.bp
+++ b/Android.bp
@@ -26,3 +26,11 @@
],
license_text: ["LICENSE"],
}
+
+cc_library_headers {
+ name: "libnetlink_iface_headers",
+ vendor_available: true,
+ export_include_dirs: [
+ "src/drivers",
+ ],
+}
diff --git a/hostapd/Android.bp b/hostapd/Android.bp
index 2a25208..020396d 100644
--- a/hostapd/Android.bp
+++ b/hostapd/Android.bp
@@ -169,6 +169,35 @@
"-Wno-unused-variable",
"-Wno-macro-redefined",
],
+ // Similar to suppressing clang compiler warnings, here we
+ // suppress clang-tidy warnings to reduce noises in Android build.log.
+ tidy_checks: [
+ "-android-cloexec-*",
+ "-bugprone-branch-clone",
+ "-bugprone-macro-parentheses",
+ "-bugprone-misplaced-widening-cast",
+ "-bugprone-signal-handler",
+ "-bugprone-signed-char-misuse",
+ "-bugprone-sizeof-expression",
+ "-bugprone-suspicious-string-compare",
+ "-bugprone-too-small-loop-variable",
+ "-cert-err34-c",
+ "-cert-msc30-c",
+ "-cert-msc50-cpp",
+ "-cert-msc54-cpp",
+ "-cert-sig30-c",
+ "-cert-str34-c",
+ "-clang-analyzer-core.NullDereference",
+ "-clang-analyzer-core.UndefinedBinaryOperatorResult",
+ "-clang-analyzer-deadcode.DeadStores",
+ "-clang-analyzer-optin.performance.Padding",
+ "-clang-analyzer-optin.portability.UnixAPI",
+ "-clang-analyzer-security.insecureAPI.UncheckedReturn",
+ "-clang-analyzer-unix.cstring.NullArg",
+ "-clang-analyzer-unix.Malloc",
+ "-clang-diagnostic-unused-but-set-variable",
+ "-misc-redundant-expression",
+ ],
}
@@ -318,3 +347,9 @@
],
}
+
+// This manifest can used by a vendor apex module for hostapd as well.
+filegroup {
+ name: "android.hardware.wifi.hostapd.xml",
+ srcs: ["android.hardware.wifi.hostapd.xml"],
+}
diff --git a/hostapd/aidl/hostapd.cpp b/hostapd/aidl/hostapd.cpp
index 3e9f0f1..b7d7e06 100644
--- a/hostapd/aidl/hostapd.cpp
+++ b/hostapd/aidl/hostapd.cpp
@@ -547,17 +547,18 @@
iface_params.hwModeParams.enable80211AC ? 2 : 0);
break;
default:
- if (!is_2Ghz_band_only && !is_60Ghz_used
- && iface_params.hwModeParams.enable80211AC) {
- ht_cap_vht_oper_he_oper_chwidth_as_string =
+ if (!is_2Ghz_band_only && !is_60Ghz_used) {
+ if (iface_params.hwModeParams.enable80211AC) {
+ ht_cap_vht_oper_he_oper_chwidth_as_string =
"ht_capab=[HT40+]\n"
"vht_oper_chwidth=1\n";
- }
+ }
#ifdef CONFIG_IEEE80211AX
- if (iface_params.hwModeParams.enable80211AX && !is_60Ghz_used) {
- ht_cap_vht_oper_he_oper_chwidth_as_string += "he_oper_chwidth=1";
- }
+ if (iface_params.hwModeParams.enable80211AX) {
+ ht_cap_vht_oper_he_oper_chwidth_as_string += "he_oper_chwidth=1";
+ }
#endif
+ }
break;
}
diff --git a/hs20/client/est.c b/hs20/client/est.c
index 97f9132..c3f27e1 100644
--- a/hs20/client/est.c
+++ b/hs20/client/est.c
@@ -17,9 +17,7 @@
#include <openssl/x509.h>
#include <openssl/x509v3.h>
#include <openssl/opensslv.h>
-#ifdef OPENSSL_IS_BORINGSSL
-#include <openssl/buf.h>
-#endif /* OPENSSL_IS_BORINGSSL */
+#include <openssl/buffer.h>
#include "common.h"
#include "utils/base64.h"
@@ -220,9 +218,7 @@
} d;
} AttrOrOID;
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(OPENSSL_IS_BORINGSSL)
DEFINE_STACK_OF(AttrOrOID)
-#endif
typedef struct {
int type;
@@ -340,30 +336,13 @@
if (!csrattrs || ! csrattrs->attrs)
return;
-#ifdef OPENSSL_IS_BORINGSSL
- num = sk_num(CHECKED_CAST(_STACK *, STACK_OF(AttrOrOID) *,
- csrattrs->attrs));
- for (i = 0; i < num; i++) {
- AttrOrOID *ao = sk_value(
- CHECKED_CAST(_STACK *, const STACK_OF(AttrOrOID) *,
- csrattrs->attrs), i);
- switch (ao->type) {
- case 0:
- add_csrattrs_oid(ctx, ao->d.oid, exts);
- break;
- case 1:
- add_csrattrs_attr(ctx, ao->d.attribute, exts);
- break;
- }
- }
-#else /* OPENSSL_IS_BORINGSSL */
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(OPENSSL_IS_BORINGSSL)
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
num = sk_AttrOrOID_num(csrattrs->attrs);
#else
num = SKM_sk_num(AttrOrOID, csrattrs->attrs);
#endif
for (i = 0; i < num; i++) {
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(OPENSSL_IS_BORINGSSL)
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
AttrOrOID *ao = sk_AttrOrOID_value(csrattrs->attrs, i);
#else
AttrOrOID *ao = SKM_sk_value(AttrOrOID, csrattrs->attrs, i);
@@ -377,7 +356,6 @@
break;
}
}
-#endif /* OPENSSL_IS_BORINGSSL */
}
diff --git a/src/crypto/tls_openssl_ocsp.c b/src/crypto/tls_openssl_ocsp.c
index b570bea..a74e6f3 100644
--- a/src/crypto/tls_openssl_ocsp.c
+++ b/src/crypto/tls_openssl_ocsp.c
@@ -216,13 +216,7 @@
IMPLEMENT_ASN1_FUNCTIONS(BasicOCSPResponse);
-#define sk_SingleResponse_num(sk) \
-sk_num(CHECKED_CAST(_STACK *, STACK_OF(SingleResponse) *, sk))
-
-#define sk_SingleResponse_value(sk, i) \
- ((SingleResponse *) \
- sk_value(CHECKED_CAST(_STACK *, STACK_OF(SingleResponse) *, sk), (i)))
-
+DEFINE_STACK_OF(SingleResponse)
static char * mem_bio_to_str(BIO *out)
{
diff --git a/src/pae/ieee802_1x_kay.c b/src/pae/ieee802_1x_kay.c
index a1f8ae9..3c55c5a 100644
--- a/src/pae/ieee802_1x_kay.c
+++ b/src/pae/ieee802_1x_kay.c
@@ -592,6 +592,7 @@
ieee802_1x_kay_create_peer(const u8 *mi, u32 mn)
{
struct ieee802_1x_kay_peer *peer;
+ struct os_reltime now;
peer = os_zalloc(sizeof(*peer));
if (!peer) {
@@ -601,7 +602,8 @@
os_memcpy(peer->mi, mi, MI_LEN);
peer->mn = mn;
- peer->expire = time(NULL) + MKA_LIFE_TIME / 1000;
+ os_get_reltime(&now);
+ peer->expire = now.sec + MKA_LIFE_TIME / 1000;
peer->sak_used = false;
peer->missing_sak_use_count = 0;
@@ -678,6 +680,7 @@
{
struct ieee802_1x_kay_peer *peer;
struct receive_sc *rxsc;
+ struct os_reltime now;
peer = ieee802_1x_kay_get_potential_peer(participant, mi);
if (!peer)
@@ -690,7 +693,8 @@
os_memcpy(&peer->sci, &participant->current_peer_sci,
sizeof(peer->sci));
peer->mn = mn;
- peer->expire = time(NULL) + MKA_LIFE_TIME / 1000;
+ os_get_reltime(&now);
+ peer->expire = now.sec + MKA_LIFE_TIME / 1000;
wpa_printf(MSG_DEBUG, "KaY: Move potential peer to live peer");
ieee802_1x_kay_dump_peer(peer);
@@ -873,13 +877,15 @@
peer = ieee802_1x_kay_get_peer_sci(participant,
&body->actor_sci);
if (peer) {
- time_t new_expire;
+ os_time_t new_expire;
+ struct os_reltime now;
wpa_printf(MSG_WARNING,
"KaY: duplicated SCI detected - maybe active attacker or peer selected new MI - ignore MKPDU");
/* Reduce timeout to speed up this process but left the
* chance for old one to prove aliveness. */
- new_expire = time(NULL) + MKA_HELLO_TIME * 1.5 / 1000;
+ os_get_reltime(&now);
+ new_expire = now.sec + MKA_HELLO_TIME * 1.5 / 1000;
if (peer->expire > new_expire)
peer->expire = new_expire;
return NULL;
@@ -2130,6 +2136,7 @@
unsigned int key_len;
u8 *key;
struct macsec_ciphersuite *cs;
+ struct os_reltime now;
/* check condition for generating a fresh SAK:
* must have one live peer
@@ -2150,7 +2157,8 @@
* here only check first item and ingore
* && (!dl_list_empty(&participant->potential_peers))) {
*/
- if ((time(NULL) - kay->dist_time) < MKA_LIFE_TIME / 1000) {
+ os_get_reltime(&now);
+ if ((now.sec - kay->dist_time) < MKA_LIFE_TIME / 1000) {
wpa_printf(MSG_ERROR,
"KaY: Life time has not elapsed since prior SAK distributed");
return -1;
@@ -2244,7 +2252,7 @@
if (kay->dist_an > 3)
kay->dist_an = 0;
- kay->dist_time = time(NULL);
+ kay->dist_time = now.sec;
return 0;
@@ -2548,17 +2556,19 @@
struct ieee802_1x_mka_participant *participant;
struct ieee802_1x_kay *kay;
struct ieee802_1x_kay_peer *peer, *pre_peer;
- time_t now = time(NULL);
+ struct os_reltime now;
bool lp_changed;
struct receive_sc *rxsc, *pre_rxsc;
struct transmit_sa *txsa, *pre_txsa;
+ os_get_reltime(&now);
+
participant = (struct ieee802_1x_mka_participant *)eloop_ctx;
kay = participant->kay;
wpa_printf(MSG_DEBUG, "KaY: Participant timer (ifname=%s)",
kay->if_name);
if (participant->cak_life) {
- if (now > participant->cak_life)
+ if (now.sec > participant->cak_life)
goto delete_mka;
}
@@ -2566,7 +2576,7 @@
* when the MKA life elapsed since its creating */
if (participant->mka_life) {
if (dl_list_empty(&participant->live_peers)) {
- if (now > participant->mka_life)
+ if (now.sec > participant->mka_life)
goto delete_mka;
} else {
participant->mka_life = 0;
@@ -2576,7 +2586,7 @@
lp_changed = false;
dl_list_for_each_safe(peer, pre_peer, &participant->live_peers,
struct ieee802_1x_kay_peer, list) {
- if (now > peer->expire) {
+ if (now.sec > peer->expire) {
wpa_printf(MSG_DEBUG, "KaY: Live peer removed");
wpa_hexdump(MSG_DEBUG, "\tMI: ", peer->mi,
sizeof(peer->mi));
@@ -2634,7 +2644,7 @@
dl_list_for_each_safe(peer, pre_peer, &participant->potential_peers,
struct ieee802_1x_kay_peer, list) {
- if (now > peer->expire) {
+ if (now.sec > peer->expire) {
wpa_printf(MSG_DEBUG, "KaY: Potential peer removed");
wpa_hexdump(MSG_DEBUG, "\tMI: ", peer->mi,
sizeof(peer->mi));
@@ -3371,11 +3381,14 @@
return -1;
}
} else {
+ struct os_reltime now;
+
+ os_get_reltime(&now);
peer->missing_sak_use_count = 0;
/* Only update live peer watchdog after successful
* decode of all parameter sets */
- peer->expire = time(NULL) + MKA_LIFE_TIME / 1000;
+ peer->expire = now.sec + MKA_LIFE_TIME / 1000;
}
} else {
/* MKPDU is from new or potential peer */
@@ -3674,8 +3687,12 @@
os_memcpy(participant->cak.key, cak->key, cak->len);
wpa_hexdump_key(MSG_DEBUG, "KaY: CAK", participant->cak.key,
participant->cak.len);
- if (life)
- participant->cak_life = life + time(NULL);
+ if (life) {
+ struct os_reltime now;
+ os_get_reltime(&now);
+
+ participant->cak_life = life + now.sec;
+ }
switch (mode) {
case EAP_EXCHANGE:
@@ -3783,7 +3800,10 @@
* some peer appears.
*/
if (mode != PSK) {
- participant->mka_life = MKA_LIFE_TIME / 1000 + time(NULL) +
+ struct os_reltime now;
+ os_get_reltime(&now);
+
+ participant->mka_life = MKA_LIFE_TIME / 1000 + now.sec +
usecs / 1000000;
}
participant->mode = mode;
diff --git a/src/pae/ieee802_1x_kay.h b/src/pae/ieee802_1x_kay.h
index 11cf7b7..525679f 100644
--- a/src/pae/ieee802_1x_kay.h
+++ b/src/pae/ieee802_1x_kay.h
@@ -213,7 +213,7 @@
u32 dist_kn;
u32 rcvd_keys;
u8 dist_an;
- time_t dist_time;
+ os_time_t dist_time;
u8 mka_version;
u8 algo_agility[4];
diff --git a/src/pae/ieee802_1x_kay_i.h b/src/pae/ieee802_1x_kay_i.h
index 7a04169..e4650b5 100644
--- a/src/pae/ieee802_1x_kay_i.h
+++ b/src/pae/ieee802_1x_kay_i.h
@@ -45,7 +45,7 @@
struct ieee802_1x_mka_sci sci;
u8 mi[MI_LEN];
u32 mn;
- time_t expire;
+ os_time_t expire;
bool is_key_server;
u8 key_server_priority;
bool macsec_desired;
@@ -135,8 +135,8 @@
struct ieee802_1x_mka_peer_id current_peer_id;
struct ieee802_1x_mka_sci current_peer_sci;
- time_t cak_life;
- time_t mka_life;
+ os_time_t cak_life;
+ os_time_t mka_life;
bool to_dist_sak;
bool to_use_sak;
bool new_sak;
diff --git a/src/utils/http_curl.c b/src/utils/http_curl.c
index 30b07f2..77d5b35 100644
--- a/src/utils/http_curl.c
+++ b/src/utils/http_curl.c
@@ -433,28 +433,6 @@
IMPLEMENT_ASN1_FUNCTIONS(LogotypeExtn);
-#ifdef OPENSSL_IS_BORINGSSL
-#define sk_LogotypeInfo_num(st) \
-sk_num(CHECKED_CAST(_STACK *, STACK_OF(LogotypeInfo) *, (st)))
-#define sk_LogotypeInfo_value(st, i) (LogotypeInfo *) \
-sk_value(CHECKED_CAST(_STACK *, const STACK_OF(LogotypeInfo) *, (st)), (i))
-#define sk_LogotypeImage_num(st) \
-sk_num(CHECKED_CAST(_STACK *, STACK_OF(LogotypeImage) *, (st)))
-#define sk_LogotypeImage_value(st, i) (LogotypeImage *) \
-sk_value(CHECKED_CAST(_STACK *, const STACK_OF(LogotypeImage) *, (st)), (i))
-#define sk_LogotypeAudio_num(st) \
-sk_num(CHECKED_CAST(_STACK *, STACK_OF(LogotypeAudio) *, (st)))
-#define sk_LogotypeAudio_value(st, i) (LogotypeAudio *) \
-sk_value(CHECK_CAST(_STACK *, const STACK_OF(LogotypeAudio) *, (st)), (i))
-#define sk_HashAlgAndValue_num(st) \
-sk_num(CHECKED_CAST(_STACK *, STACK_OF(HashAlgAndValue) *, (st)))
-#define sk_HashAlgAndValue_value(st, i) (HashAlgAndValue *) \
-sk_value(CHECKED_CAST(_STACK *, const STACK_OF(HashAlgAndValue) *, (st)), (i))
-#define sk_ASN1_IA5STRING_num(st) \
-sk_num(CHECKED_CAST(_STACK *, STACK_OF(ASN1_IA5STRING) *, (st)))
-#define sk_ASN1_IA5STRING_value(st, i) (ASN1_IA5STRING *) \
-sk_value(CHECKED_CAST(_STACK *, const STACK_OF(ASN1_IA5STRING) *, (st)), (i))
-#else /* OPENSSL_IS_BORINGSSL */
#if OPENSSL_VERSION_NUMBER < 0x10100000L
#define sk_LogotypeInfo_num(st) SKM_sk_num(LogotypeInfo, (st))
#define sk_LogotypeInfo_value(st, i) SKM_sk_value(LogotypeInfo, (st), (i))
@@ -473,7 +451,6 @@
DEFINE_STACK_OF(HashAlgAndValue)
DEFINE_STACK_OF(ASN1_IA5STRING)
#endif
-#endif /* OPENSSL_IS_BORINGSSL */
static void add_logo(struct http_ctx *ctx, struct http_cert *hcert,
diff --git a/src/utils/xml_libxml2.c b/src/utils/xml_libxml2.c
index d73654e..e47e564 100644
--- a/src/utils/xml_libxml2.c
+++ b/src/utils/xml_libxml2.c
@@ -452,7 +452,6 @@
void xml_node_deinit_ctx(struct xml_node_ctx *ctx)
{
- xmlSchemaCleanupTypes();
xmlCleanupParser();
xmlMemoryDump();
os_free(ctx);
diff --git a/wpa_supplicant/Android.bp b/wpa_supplicant/Android.bp
index db11387..25b5b31 100644
--- a/wpa_supplicant/Android.bp
+++ b/wpa_supplicant/Android.bp
@@ -216,6 +216,35 @@
"-Wno-unused-parameter",
"-Wno-unused-variable",
],
+ // Similar to suppressing clang compiler warnings, here we
+ // suppress clang-tidy warnings to reduce noises in Android build.log.
+ tidy_checks: [
+ "-android-cloexec-*",
+ "-bugprone-branch-clone",
+ "-bugprone-macro-parentheses",
+ "-bugprone-misplaced-widening-cast",
+ "-bugprone-signal-handler",
+ "-bugprone-signed-char-misuse",
+ "-bugprone-sizeof-expression",
+ "-bugprone-suspicious-string-compare",
+ "-bugprone-too-small-loop-variable",
+ "-cert-err34-c",
+ "-cert-msc30-c",
+ "-cert-msc50-cpp",
+ "-cert-msc54-cpp",
+ "-cert-sig30-c",
+ "-cert-str34-c",
+ "-clang-analyzer-core.NullDereference",
+ "-clang-analyzer-core.UndefinedBinaryOperatorResult",
+ "-clang-analyzer-deadcode.DeadStores",
+ "-clang-analyzer-optin.performance.Padding",
+ "-clang-analyzer-optin.portability.UnixAPI",
+ "-clang-analyzer-security.insecureAPI.UncheckedReturn",
+ "-clang-analyzer-unix.cstring.NullArg",
+ "-clang-analyzer-unix.Malloc",
+ "-clang-diagnostic-unused-but-set-variable",
+ "-misc-redundant-expression",
+ ],
}
// Generated by building wpa_supplicant and printing LOCAL_SRC_FILES.
