alex/esp-idf
alex/esp-idf
1
0
Fork 0
mirror of https://github.com/espressif/esp-idf.git synced 2024-09-21 06:56:11 -04:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge branch 'bugfix/esp32c2_eap_auth_v5.1' into 'release/v5.1'

Browse Source 
fix(wifi): Added low heap usage Kconfig option for eap enterprise (v5.1)

See merge request espressif/esp-idf!28825
This commit is contained in:
Jiang Jiang Jian 2024-02-27 19:59:52 +08:00
commit 6481fdf05e
2 changed files with 81 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
components/esp_wifi/Kconfig
View File

@ -479,6 +479,7 @@ menu "Wi-Fi"
if ESP_WIFI_MBEDTLS_CRYPTO if ESP_WIFI_MBEDTLS_CRYPTO
config ESP_WIFI_MBEDTLS_TLS_CLIENT config ESP_WIFI_MBEDTLS_TLS_CLIENT
bool "Use MbedTLS TLS client for WiFi Enterprise connection" bool "Use MbedTLS TLS client for WiFi Enterprise connection"
depends on ESP_WIFI_ENTERPRISE_SUPPORT
default y default y
select MBEDTLS_TLS_ENABLED select MBEDTLS_TLS_ENABLED
help help
@ -623,4 +624,13 @@ menu "Wi-Fi"
disabling this will reduce binary size. disabling this will reduce binary size.
disabling this will disable the use of any esp_wifi_sta_wpa2_ent_* (as APIs will be meaningless) disabling this will disable the use of any esp_wifi_sta_wpa2_ent_* (as APIs will be meaningless)
config ESP_WIFI_ENT_FREE_DYNAMIC_BUFFER
bool "Free dynamic buffers during WiFi enterprise connection"
depends on ESP_WIFI_ENTERPRISE_SUPPORT
default y if IDF_TARGET_ESP32C2
default n if !IDF_TARGET_ESP32C2
help
Select this configuration to free dynamic buffers during WiFi enterprise connection.
This will enable chip to reduce heap consumption during WiFi enterprise connection.
endmenu # Wi-Fi endmenu # Wi-Fi

74
components/wpa_supplicant/esp_supplicant/src/crypto/tls_mbedtls.c
View File

@ -1,5 +1,5 @@
/* /*
* SPDX-FileCopyrightText: 2020-2021 Espressif Systems (Shanghai) CO LTD * SPDX-FileCopyrightText: 2020-2024 Espressif Systems (Shanghai) CO LTD
* *
* SPDX-License-Identifier: Apache-2.0 * SPDX-License-Identifier: Apache-2.0
*/ */
@ -34,6 +34,7 @@
#else #else
#include "mbedtls/config.h" #include "mbedtls/config.h"
#endif #endif
#include "mbedtls/platform.h"
#include "eap_peer/eap.h" #include "eap_peer/eap.h"
@ -676,6 +677,59 @@ int tls_connection_set_verify(void *tls_ctx, struct tls_connection *conn,
return -1; return -1;
} }
#ifdef CONFIG_ESP_WIFI_ENT_FREE_DYNAMIC_BUFFER
static void esp_mbedtls_free_dhm(mbedtls_ssl_context *ssl)
{
#ifdef CONFIG_MBEDTLS_DHM_C
const mbedtls_ssl_config *conf = mbedtls_ssl_context_get_config(ssl);
mbedtls_mpi_free((mbedtls_mpi *)&conf->MBEDTLS_PRIVATE(dhm_P));
mbedtls_mpi_free((mbedtls_mpi *)&conf->MBEDTLS_PRIVATE(dhm_G));
#endif /* CONFIG_MBEDTLS_DHM_C */
}
static void esp_mbedtls_free_keycert(mbedtls_ssl_context *ssl)
{
mbedtls_ssl_config *conf = (mbedtls_ssl_config * )mbedtls_ssl_context_get_config(ssl);
mbedtls_ssl_key_cert *keycert = conf->MBEDTLS_PRIVATE(key_cert), *next;
while (keycert) {
next = keycert->next;
if (keycert) {
mbedtls_free(keycert);
}
keycert = next;
}
conf->MBEDTLS_PRIVATE(key_cert) = NULL;
}
static void esp_mbedtls_free_keycert_key(mbedtls_ssl_context *ssl)
{
const mbedtls_ssl_config *conf = mbedtls_ssl_context_get_config(ssl);
mbedtls_ssl_key_cert *keycert = conf->MBEDTLS_PRIVATE(key_cert);
while (keycert) {
if (keycert->key) {
mbedtls_pk_free(keycert->key);
keycert->key = NULL;
}
keycert = keycert->next;
}
}
static void esp_mbedtls_free_cacert(mbedtls_ssl_context *ssl)
{
if (ssl->MBEDTLS_PRIVATE(conf)->MBEDTLS_PRIVATE(ca_chain)) {
mbedtls_ssl_config *conf = (mbedtls_ssl_config * )mbedtls_ssl_context_get_config(ssl);
mbedtls_x509_crt_free(conf->MBEDTLS_PRIVATE(ca_chain));
conf->MBEDTLS_PRIVATE(ca_chain) = NULL;
}
}
#endif
struct wpabuf * tls_connection_handshake(void *tls_ctx, struct wpabuf * tls_connection_handshake(void *tls_ctx,
struct tls_connection *conn, struct tls_connection *conn,
const struct wpabuf *in_data, const struct wpabuf *in_data,
@ -684,6 +738,7 @@ struct wpabuf * tls_connection_handshake(void *tls_ctx,
tls_context_t *tls = conn->tls; tls_context_t *tls = conn->tls;
int ret = 0; int ret = 0;
struct wpabuf *resp; struct wpabuf *resp;
int cli_state;
/* data freed by sender */ /* data freed by sender */
conn->tls_io_data.out_data = NULL; conn->tls_io_data.out_data = NULL;
@ -693,7 +748,8 @@ struct wpabuf * tls_connection_handshake(void *tls_ctx,
/* Multiple reads */ /* Multiple reads */
while (!mbedtls_ssl_is_handshake_over(&tls->ssl)) { while (!mbedtls_ssl_is_handshake_over(&tls->ssl)) {
if (tls->ssl.MBEDTLS_PRIVATE(state) == MBEDTLS_SSL_CLIENT_CERTIFICATE) { cli_state = tls->ssl.MBEDTLS_PRIVATE(state);
if (cli_state == MBEDTLS_SSL_CLIENT_CERTIFICATE) {
/* Read random data before session completes, not present after handshake */ /* Read random data before session completes, not present after handshake */
if (tls->ssl.MBEDTLS_PRIVATE(handshake)) { if (tls->ssl.MBEDTLS_PRIVATE(handshake)) {
os_memcpy(conn->randbytes, tls->ssl.MBEDTLS_PRIVATE(handshake)->randbytes, os_memcpy(conn->randbytes, tls->ssl.MBEDTLS_PRIVATE(handshake)->randbytes,
@ -703,8 +759,20 @@ struct wpabuf * tls_connection_handshake(void *tls_ctx,
} }
ret = mbedtls_ssl_handshake_step(&tls->ssl); ret = mbedtls_ssl_handshake_step(&tls->ssl);
if (ret < 0) if (ret < 0) {
break; break;
}
#ifdef CONFIG_ESP_WIFI_ENT_FREE_DYNAMIC_BUFFER
if (mbedtls_ssl_get_version_number(&tls->ssl) == MBEDTLS_SSL_VERSION_TLS1_2) {
if (cli_state == MBEDTLS_SSL_SERVER_CERTIFICATE) {
esp_mbedtls_free_cacert(&tls->ssl);
} else if (cli_state == MBEDTLS_SSL_CERTIFICATE_VERIFY) {
esp_mbedtls_free_dhm(&tls->ssl);
esp_mbedtls_free_keycert_key(&tls->ssl);
esp_mbedtls_free_keycert(&tls->ssl);
}
}
#endif
} }
if (ret < 0 && ret != MBEDTLS_ERR_SSL_WANT_READ) { if (ret < 0 && ret != MBEDTLS_ERR_SSL_WANT_READ) {
wpa_printf(MSG_INFO, "%s: ret is %d line:%d", __func__, ret, __LINE__); wpa_printf(MSG_INFO, "%s: ret is %d line:%d", __func__, ret, __LINE__);