Merge branch 'bugfix/wpa2_fixes_2' into 'master'

wpa_supplicant: more fixes from github

See merge request idf/esp-idf!3255

components/wpa_supplicant/src/fast_crypto/fast_crypto_internal-cipher.c

@@ -77,9 +77,9 @@ struct crypto_cipher *  fast_crypto_cipher_init(enum crypto_cipher_alg alg,
             break;
         case CRYPTO_CIPHER_ALG_AES:                
             mbedtls_aes_init(&(ctx->u.aes.ctx_enc));
-            mbedtls_aes_setkey_enc(&(ctx->u.aes.ctx_enc), key, 256);
+            mbedtls_aes_setkey_enc(&(ctx->u.aes.ctx_enc), key, key_len * 8);
             mbedtls_aes_init(&(ctx->u.aes.ctx_dec));
-            mbedtls_aes_setkey_dec(&(ctx->u.aes.ctx_dec), key, 256);               
+            mbedtls_aes_setkey_dec(&(ctx->u.aes.ctx_dec), key, key_len * 8);               
             os_memcpy(ctx->u.aes.cbc, iv, AES_BLOCK_SIZE);
             break;
 #ifdef CONFIG_DES3

components/wpa_supplicant/src/wpa2/tls/tlsv1_client.c

@@ -463,7 +463,9 @@ struct tlsv1_client * tlsv1_client_init(void)
 	suites[count++] = TLS_RSA_WITH_AES_256_CBC_SHA;
 	suites[count++] = TLS_RSA_WITH_AES_128_CBC_SHA256;
 	suites[count++] = TLS_RSA_WITH_AES_128_CBC_SHA;
+#ifdef CONFIG_DES3
 	suites[count++] = TLS_RSA_WITH_3DES_EDE_CBC_SHA;
+#endif
 	suites[count++] = TLS_RSA_WITH_RC4_128_SHA;
 	suites[count++] = TLS_RSA_WITH_RC4_128_MD5;
 	conn->num_cipher_suites = count;
@@ -560,12 +562,16 @@ int tlsv1_client_get_cipher(struct tlsv1_client *conn, char *buf,
 	case TLS_RSA_WITH_RC4_128_SHA:
 		cipher = "RC4-SHA";
 		break;
+#ifdef CONFIG_DES
 	case TLS_RSA_WITH_DES_CBC_SHA:
 		cipher = "DES-CBC-SHA";
 		break;
+#endif
+#ifdef CONFIG_DES3
 	case TLS_RSA_WITH_3DES_EDE_CBC_SHA:
 		cipher = "DES-CBC3-SHA";
 		break;
+#endif
 	case TLS_DH_anon_WITH_AES_128_CBC_SHA256:
 		cipher = "ADH-AES-128-SHA256";
 		break;
@@ -601,12 +607,16 @@ int tlsv1_client_get_cipher(struct tlsv1_client *conn, char *buf,
         case TLS_RSA_WITH_RC4_128_SHA:
             strcpy(cipher, "RC4-SHA");
             break;
+#ifdef CONFIG_DES
         case TLS_RSA_WITH_DES_CBC_SHA:
             strcpy(cipher, "DES-CBC-SHA");
             break;
+#endif
+#ifdef CONFIG_DES3
         case TLS_RSA_WITH_3DES_EDE_CBC_SHA:
             strcpy(cipher, "DES-CBC3-SHA");
             break;
+#endif
         case TLS_DH_anon_WITH_AES_128_CBC_SHA256:
             strcpy(cipher, "ADH-AES-128-SHA256");
             break;
@@ -780,9 +790,13 @@ int tlsv1_client_set_cipher_list(struct tlsv1_client *conn, u8 *ciphers)
 		suites[count++] = TLS_DH_anon_WITH_AES_256_CBC_SHA;
 		suites[count++] = TLS_DH_anon_WITH_AES_128_CBC_SHA256;
 		suites[count++] = TLS_DH_anon_WITH_AES_128_CBC_SHA;
+#ifdef CONFIG_DES3
 		suites[count++] = TLS_DH_anon_WITH_3DES_EDE_CBC_SHA;
+#endif
 		suites[count++] = TLS_DH_anon_WITH_RC4_128_MD5;
+#ifdef CONFIG_DES
 		suites[count++] = TLS_DH_anon_WITH_DES_CBC_SHA;
+#endif
 
 		/*
 		 * Cisco AP (at least 350 and 1200 series) local authentication

components/wpa_supplicant/src/wpa2/tls/tlsv1_common.c

@@ -31,16 +31,24 @@ static const struct tls_cipher_suite tls_cipher_suites[] = {
 	  TLS_HASH_MD5 },
 	{ TLS_RSA_WITH_RC4_128_SHA, TLS_KEY_X_RSA, TLS_CIPHER_RC4_128,
 	  TLS_HASH_SHA },
+#ifdef CONFIG_DES
 	{ TLS_RSA_WITH_DES_CBC_SHA, TLS_KEY_X_RSA, TLS_CIPHER_DES_CBC,
 	  TLS_HASH_SHA },
+#endif
+#ifdef CONFIG_DES3
 	{ TLS_RSA_WITH_3DES_EDE_CBC_SHA, TLS_KEY_X_RSA,
 	  TLS_CIPHER_3DES_EDE_CBC, TLS_HASH_SHA },
+#endif
  	{ TLS_DH_anon_WITH_RC4_128_MD5, TLS_KEY_X_DH_anon,
 	  TLS_CIPHER_RC4_128, TLS_HASH_MD5 },
+#ifdef CONFIG_DES
  	{ TLS_DH_anon_WITH_DES_CBC_SHA, TLS_KEY_X_DH_anon,
 	  TLS_CIPHER_DES_CBC, TLS_HASH_SHA },
+#endif
+#ifdef CONFIG_DES3
  	{ TLS_DH_anon_WITH_3DES_EDE_CBC_SHA, TLS_KEY_X_DH_anon,
 	  TLS_CIPHER_3DES_EDE_CBC, TLS_HASH_SHA },
+#endif
 	{ TLS_RSA_WITH_AES_128_CBC_SHA, TLS_KEY_X_RSA, TLS_CIPHER_AES_128_CBC,
 	  TLS_HASH_SHA },
 	{ TLS_DH_anon_WITH_AES_128_CBC_SHA, TLS_KEY_X_DH_anon,
@@ -74,12 +82,16 @@ static const struct tls_cipher_data tls_ciphers[] = {
 	  CRYPTO_CIPHER_ALG_RC4 },
 	{ TLS_CIPHER_RC4_128,      TLS_CIPHER_STREAM, 16, 16,  0,
 	  CRYPTO_CIPHER_ALG_RC4 },
+#ifdef CONFIG_DES
 	{ TLS_CIPHER_DES40_CBC,    TLS_CIPHER_BLOCK,   5,  8,  8,
 	  CRYPTO_CIPHER_ALG_DES },
 	{ TLS_CIPHER_DES_CBC,      TLS_CIPHER_BLOCK,   8,  8,  8,
 	  CRYPTO_CIPHER_ALG_DES },
+#endif
+#ifdef CONFIG_DES3
 	{ TLS_CIPHER_3DES_EDE_CBC, TLS_CIPHER_BLOCK,  24, 24,  8,
 	  CRYPTO_CIPHER_ALG_3DES },
+#endif
 	{ TLS_CIPHER_AES_128_CBC,  TLS_CIPHER_BLOCK,  16, 16, 16,
 	  CRYPTO_CIPHER_ALG_AES },
 	{ TLS_CIPHER_AES_256_CBC,  TLS_CIPHER_BLOCK,  32, 32, 16,

components/wpa_supplicant/src/wpa2/tls/tlsv1_server.c

@@ -363,7 +363,9 @@ struct tlsv1_server * tlsv1_server_init(struct tlsv1_credentials *cred)
 	suites = conn->cipher_suites;
 	suites[count++] = TLS_RSA_WITH_AES_256_CBC_SHA;
 	suites[count++] = TLS_RSA_WITH_AES_128_CBC_SHA;
+#ifdef CONFIG_DES3
 	suites[count++] = TLS_RSA_WITH_3DES_EDE_CBC_SHA;
+#endif
 	suites[count++] = TLS_RSA_WITH_RC4_128_SHA;
 	suites[count++] = TLS_RSA_WITH_RC4_128_MD5;
 	conn->num_cipher_suites = count;
@@ -471,12 +473,16 @@ int tlsv1_server_get_cipher(struct tlsv1_server *conn, char *buf,
 	case TLS_RSA_WITH_RC4_128_SHA:
 		cipher = "RC4-SHA";
 		break;
+#ifdef CONFIG_DES
 	case TLS_RSA_WITH_DES_CBC_SHA:
 		cipher = "DES-CBC-SHA";
 		break;
+#endif
+#ifdef CONFIG_DES3
 	case TLS_RSA_WITH_3DES_EDE_CBC_SHA:
 		cipher = "DES-CBC3-SHA";
 		break;
+#endif
 	case TLS_DH_anon_WITH_AES_128_CBC_SHA:
 		cipher = "ADH-AES-128-SHA";
 		break;