mirror of
https://github.com/espressif/esp-idf.git
synced 2024-09-21 06:56:11 -04:00
Merge branch 'bugfix/esp32c2_eap_auth_v5.1' into 'release/v5.1'
fix(wifi): Added low heap usage Kconfig option for eap enterprise (v5.1) See merge request espressif/esp-idf!28825
This commit is contained in:
commit
6481fdf05e
@ -479,6 +479,7 @@ menu "Wi-Fi"
|
|||||||
if ESP_WIFI_MBEDTLS_CRYPTO
|
if ESP_WIFI_MBEDTLS_CRYPTO
|
||||||
config ESP_WIFI_MBEDTLS_TLS_CLIENT
|
config ESP_WIFI_MBEDTLS_TLS_CLIENT
|
||||||
bool "Use MbedTLS TLS client for WiFi Enterprise connection"
|
bool "Use MbedTLS TLS client for WiFi Enterprise connection"
|
||||||
|
depends on ESP_WIFI_ENTERPRISE_SUPPORT
|
||||||
default y
|
default y
|
||||||
select MBEDTLS_TLS_ENABLED
|
select MBEDTLS_TLS_ENABLED
|
||||||
help
|
help
|
||||||
@ -623,4 +624,13 @@ menu "Wi-Fi"
|
|||||||
disabling this will reduce binary size.
|
disabling this will reduce binary size.
|
||||||
disabling this will disable the use of any esp_wifi_sta_wpa2_ent_* (as APIs will be meaningless)
|
disabling this will disable the use of any esp_wifi_sta_wpa2_ent_* (as APIs will be meaningless)
|
||||||
|
|
||||||
|
config ESP_WIFI_ENT_FREE_DYNAMIC_BUFFER
|
||||||
|
bool "Free dynamic buffers during WiFi enterprise connection"
|
||||||
|
depends on ESP_WIFI_ENTERPRISE_SUPPORT
|
||||||
|
default y if IDF_TARGET_ESP32C2
|
||||||
|
default n if !IDF_TARGET_ESP32C2
|
||||||
|
help
|
||||||
|
Select this configuration to free dynamic buffers during WiFi enterprise connection.
|
||||||
|
This will enable chip to reduce heap consumption during WiFi enterprise connection.
|
||||||
|
|
||||||
endmenu # Wi-Fi
|
endmenu # Wi-Fi
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* SPDX-FileCopyrightText: 2020-2021 Espressif Systems (Shanghai) CO LTD
|
* SPDX-FileCopyrightText: 2020-2024 Espressif Systems (Shanghai) CO LTD
|
||||||
*
|
*
|
||||||
* SPDX-License-Identifier: Apache-2.0
|
* SPDX-License-Identifier: Apache-2.0
|
||||||
*/
|
*/
|
||||||
@ -34,6 +34,7 @@
|
|||||||
#else
|
#else
|
||||||
#include "mbedtls/config.h"
|
#include "mbedtls/config.h"
|
||||||
#endif
|
#endif
|
||||||
|
#include "mbedtls/platform.h"
|
||||||
#include "eap_peer/eap.h"
|
#include "eap_peer/eap.h"
|
||||||
|
|
||||||
|
|
||||||
@ -676,6 +677,59 @@ int tls_connection_set_verify(void *tls_ctx, struct tls_connection *conn,
|
|||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#ifdef CONFIG_ESP_WIFI_ENT_FREE_DYNAMIC_BUFFER
|
||||||
|
static void esp_mbedtls_free_dhm(mbedtls_ssl_context *ssl)
|
||||||
|
{
|
||||||
|
#ifdef CONFIG_MBEDTLS_DHM_C
|
||||||
|
const mbedtls_ssl_config *conf = mbedtls_ssl_context_get_config(ssl);
|
||||||
|
mbedtls_mpi_free((mbedtls_mpi *)&conf->MBEDTLS_PRIVATE(dhm_P));
|
||||||
|
mbedtls_mpi_free((mbedtls_mpi *)&conf->MBEDTLS_PRIVATE(dhm_G));
|
||||||
|
#endif /* CONFIG_MBEDTLS_DHM_C */
|
||||||
|
}
|
||||||
|
|
||||||
|
static void esp_mbedtls_free_keycert(mbedtls_ssl_context *ssl)
|
||||||
|
{
|
||||||
|
mbedtls_ssl_config *conf = (mbedtls_ssl_config * )mbedtls_ssl_context_get_config(ssl);
|
||||||
|
mbedtls_ssl_key_cert *keycert = conf->MBEDTLS_PRIVATE(key_cert), *next;
|
||||||
|
|
||||||
|
while (keycert) {
|
||||||
|
next = keycert->next;
|
||||||
|
|
||||||
|
if (keycert) {
|
||||||
|
mbedtls_free(keycert);
|
||||||
|
}
|
||||||
|
|
||||||
|
keycert = next;
|
||||||
|
}
|
||||||
|
|
||||||
|
conf->MBEDTLS_PRIVATE(key_cert) = NULL;
|
||||||
|
}
|
||||||
|
|
||||||
|
static void esp_mbedtls_free_keycert_key(mbedtls_ssl_context *ssl)
|
||||||
|
{
|
||||||
|
const mbedtls_ssl_config *conf = mbedtls_ssl_context_get_config(ssl);
|
||||||
|
mbedtls_ssl_key_cert *keycert = conf->MBEDTLS_PRIVATE(key_cert);
|
||||||
|
|
||||||
|
while (keycert) {
|
||||||
|
if (keycert->key) {
|
||||||
|
mbedtls_pk_free(keycert->key);
|
||||||
|
keycert->key = NULL;
|
||||||
|
}
|
||||||
|
keycert = keycert->next;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
static void esp_mbedtls_free_cacert(mbedtls_ssl_context *ssl)
|
||||||
|
{
|
||||||
|
if (ssl->MBEDTLS_PRIVATE(conf)->MBEDTLS_PRIVATE(ca_chain)) {
|
||||||
|
mbedtls_ssl_config *conf = (mbedtls_ssl_config * )mbedtls_ssl_context_get_config(ssl);
|
||||||
|
|
||||||
|
mbedtls_x509_crt_free(conf->MBEDTLS_PRIVATE(ca_chain));
|
||||||
|
conf->MBEDTLS_PRIVATE(ca_chain) = NULL;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
struct wpabuf * tls_connection_handshake(void *tls_ctx,
|
struct wpabuf * tls_connection_handshake(void *tls_ctx,
|
||||||
struct tls_connection *conn,
|
struct tls_connection *conn,
|
||||||
const struct wpabuf *in_data,
|
const struct wpabuf *in_data,
|
||||||
@ -684,6 +738,7 @@ struct wpabuf * tls_connection_handshake(void *tls_ctx,
|
|||||||
tls_context_t *tls = conn->tls;
|
tls_context_t *tls = conn->tls;
|
||||||
int ret = 0;
|
int ret = 0;
|
||||||
struct wpabuf *resp;
|
struct wpabuf *resp;
|
||||||
|
int cli_state;
|
||||||
|
|
||||||
/* data freed by sender */
|
/* data freed by sender */
|
||||||
conn->tls_io_data.out_data = NULL;
|
conn->tls_io_data.out_data = NULL;
|
||||||
@ -693,7 +748,8 @@ struct wpabuf * tls_connection_handshake(void *tls_ctx,
|
|||||||
|
|
||||||
/* Multiple reads */
|
/* Multiple reads */
|
||||||
while (!mbedtls_ssl_is_handshake_over(&tls->ssl)) {
|
while (!mbedtls_ssl_is_handshake_over(&tls->ssl)) {
|
||||||
if (tls->ssl.MBEDTLS_PRIVATE(state) == MBEDTLS_SSL_CLIENT_CERTIFICATE) {
|
cli_state = tls->ssl.MBEDTLS_PRIVATE(state);
|
||||||
|
if (cli_state == MBEDTLS_SSL_CLIENT_CERTIFICATE) {
|
||||||
/* Read random data before session completes, not present after handshake */
|
/* Read random data before session completes, not present after handshake */
|
||||||
if (tls->ssl.MBEDTLS_PRIVATE(handshake)) {
|
if (tls->ssl.MBEDTLS_PRIVATE(handshake)) {
|
||||||
os_memcpy(conn->randbytes, tls->ssl.MBEDTLS_PRIVATE(handshake)->randbytes,
|
os_memcpy(conn->randbytes, tls->ssl.MBEDTLS_PRIVATE(handshake)->randbytes,
|
||||||
@ -703,8 +759,20 @@ struct wpabuf * tls_connection_handshake(void *tls_ctx,
|
|||||||
}
|
}
|
||||||
ret = mbedtls_ssl_handshake_step(&tls->ssl);
|
ret = mbedtls_ssl_handshake_step(&tls->ssl);
|
||||||
|
|
||||||
if (ret < 0)
|
if (ret < 0) {
|
||||||
break;
|
break;
|
||||||
|
}
|
||||||
|
#ifdef CONFIG_ESP_WIFI_ENT_FREE_DYNAMIC_BUFFER
|
||||||
|
if (mbedtls_ssl_get_version_number(&tls->ssl) == MBEDTLS_SSL_VERSION_TLS1_2) {
|
||||||
|
if (cli_state == MBEDTLS_SSL_SERVER_CERTIFICATE) {
|
||||||
|
esp_mbedtls_free_cacert(&tls->ssl);
|
||||||
|
} else if (cli_state == MBEDTLS_SSL_CERTIFICATE_VERIFY) {
|
||||||
|
esp_mbedtls_free_dhm(&tls->ssl);
|
||||||
|
esp_mbedtls_free_keycert_key(&tls->ssl);
|
||||||
|
esp_mbedtls_free_keycert(&tls->ssl);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
#endif
|
||||||
}
|
}
|
||||||
if (ret < 0 && ret != MBEDTLS_ERR_SSL_WANT_READ) {
|
if (ret < 0 && ret != MBEDTLS_ERR_SSL_WANT_READ) {
|
||||||
wpa_printf(MSG_INFO, "%s: ret is %d line:%d", __func__, ret, __LINE__);
|
wpa_printf(MSG_INFO, "%s: ret is %d line:%d", __func__, ret, __LINE__);
|
||||||
|
Loading…
Reference in New Issue
Block a user