Merge "Explicitly set a user for the wpa_supplicant service" into main am: 05c525178d am: 93b42145a9 am: 799416ad6b am: 76346ceb0c am: 7b6b1a63bf

Original change: https://android-review.googlesource.com/c/platform/external/wpa_supplicant_8/+/2651763

Change-Id: I531020466c8fa983c6d1a2e9c74b058bc7063cfe
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
diff --git a/wpa_supplicant/Android.mk b/wpa_supplicant/Android.mk
index 03dc209..c3a7bc6 100644
--- a/wpa_supplicant/Android.mk
+++ b/wpa_supplicant/Android.mk
@@ -1835,7 +1835,7 @@
 PASNOBJS += src/crypto/crypto_openssl.c
 ifdef TLS_FUNCS
 PASNOBJS += src/crypto/tls_openssl.c
-#PASNOBJS += -lssl -lcrypto
+PASNOBJS += src/crypto/tls_openssl_ocsp.c
 NEED_TLS_PRF_SHA256=y
 endif
 endif
@@ -2038,13 +2038,20 @@
 include $(BUILD_STATIC_LIBRARY)
 endif # WPA_SUPPLICANT_USE_AIDL == y
 
-#include $(CLEAR_VARS)
-#LOCAL_MODULE = libpasn
-#LOCAL_CFLAGS = $(L_CFLAGS)
-#LOCAL_SRC_FILES = $(PASNOBJS)
-#LOCAL_C_INCLUDES = $(INCLUDES)
-#LOCAL_SHARED_LIBRARIES := libc libcutils liblog
-#ifeq ($(CONFIG_TLS), openssl)
-#LOCAL_SHARED_LIBRARIES := libcrypto libssl
-#endif
-#include $(BUILD_SHARED_LIBRARY)
+ifeq ($(CONFIG_PASN), y)
+include $(CLEAR_VARS)
+LOCAL_MODULE = libpasn
+LOCAL_LICENSE_KINDS := SPDX-license-identifier-BSD SPDX-license-identifier-BSD-3-Clause SPDX-license-identifier-ISC legacy_unencumbered
+LOCAL_LICENSE_CONDITIONS := notice unencumbered
+LOCAL_NOTICE_FILE := $(LOCAL_PATH)/../LICENSE
+LOCAL_VENDOR_MODULE := true
+LOCAL_CFLAGS = $(L_CFLAGS)
+LOCAL_SRC_FILES = $(PASNOBJS)
+LOCAL_C_INCLUDES = $(INCLUDES)
+LOCAL_SHARED_LIBRARIES := libc libcutils liblog
+ifeq ($(CONFIG_TLS), openssl)
+LOCAL_SHARED_LIBRARIES += libcrypto libssl libkeystore-wifi-hidl
+LOCAL_SHARED_LIBRARIES += libkeystore-engine-wifi-hidl
+endif
+include $(BUILD_SHARED_LIBRARY)
+endif # CONFIG_PASN == y
diff --git a/wpa_supplicant/aidl/sta_network.cpp b/wpa_supplicant/aidl/sta_network.cpp
index bb3045c..2604d2e 100644
--- a/wpa_supplicant/aidl/sta_network.cpp
+++ b/wpa_supplicant/aidl/sta_network.cpp
@@ -2689,9 +2689,9 @@
 			FALLTHROUGH_INTENDED;
 		case TlsVersion::TLS_V1_1:
 			tlsFlags |= TLS_CONN_DISABLE_TLSv1_0;
-			FALLTHROUGH_INTENDED;
-		default:
 			break;
+		default:
+			return createStatus(SupplicantStatusCode::FAILURE_UNSUPPORTED);
 	}
 
 	generateTlsParams();
diff --git a/wpa_supplicant/android.config b/wpa_supplicant/android.config
index bfdd53e..4cc3808 100644
--- a/wpa_supplicant/android.config
+++ b/wpa_supplicant/android.config
@@ -541,6 +541,9 @@
 # WPA3-Personal (SAE)
 CONFIG_SAE=y
 
+# PASN
+CONFIG_PASN=y
+
 # WPA3-Enterprise (SuiteB-192)
 CONFIG_SUITEB=y
 CONFIG_SUITEB192=y