Merge branch 'bugfix/minor_enterprise_fixes_v4.3' into 'release/v4.3'

Drop Eapol msg if EAP success is not processed (Backport v4.3)

See merge request espressif/esp-idf!25070

components/wpa_supplicant/src/esp_supplicant/esp_wpa2.c

@@ -45,6 +45,7 @@
 #include "esp_wifi_driver.h"
 #include "esp_private/wifi.h"
 #include "esp_wpa_err.h"
+#include "esp_wpa2_i.h"
 
 #define WPA2_VERSION    "v2.0"
 
@@ -72,6 +73,7 @@ static int wpa2_start_eapol_internal(void);
 int wpa2_post(uint32_t sig, uint32_t par);
 
 #ifdef USE_WPA2_TASK
+#define WPA2_TASK_PRIORITY 7
 static TaskHandle_t s_wpa2_task_hdl = NULL;
 static void *s_wpa2_queue = NULL;
 static wpa2_state_t s_wpa2_state = WPA2_STATE_DISABLED;
@@ -124,6 +126,15 @@ static void wpa2_set_eap_state(wpa2_ent_eap_state_t state)
     esp_wifi_set_wpa2_ent_state_internal(state);
 }
 
+wpa2_ent_eap_state_t wpa2_get_eap_state(void)
+{
+    if (!gEapSm) {
+        return WPA2_ENT_EAP_STATE_NOT_START;
+    }
+
+    return gEapSm->finish_state;
+}
+
 static inline void wpa2_task_delete(void *arg)
 {
     void *my_task_hdl = xTaskGetCurrentTaskHandle();
@@ -799,7 +810,7 @@ static int eap_peer_sm_init(void)
     gEapSm = sm;
 #ifdef USE_WPA2_TASK
     s_wpa2_queue = xQueueCreate(SIG_WPA2_MAX, sizeof( s_wpa2_queue ) );
-    ret = xTaskCreate(wpa2_task, "wpa2T", WPA2_TASK_STACK_SIZE, NULL, 2, &s_wpa2_task_hdl);
+    ret = xTaskCreate(wpa2_task, "wpa2T", WPA2_TASK_STACK_SIZE, NULL, WPA2_TASK_PRIORITY, &s_wpa2_task_hdl);
     if (ret != pdPASS) {
         wpa_printf(MSG_ERROR, "wps enable: failed to create task");
         ret = ESP_FAIL;

components/wpa_supplicant/src/esp_supplicant/esp_wpa2_i.h

@@ -0,0 +1,14 @@
+/*
+ * SPDX-FileCopyrightText: 2023 Espressif Systems (Shanghai) CO LTD
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+#ifndef ESP_WPA2_I_H
+#define ESP_WPA2_I_H
+
+#include "esp_wifi_driver.h"
+
+wpa2_ent_eap_state_t wpa2_get_eap_state(void);
+
+#endif

components/wpa_supplicant/src/rsn_supp/wpa.c

@@ -30,6 +30,7 @@
 #include "crypto/aes_wrap.h"
 #include "crypto/ccmp.h"
 #include "esp_rom_sys.h"
+#include "esp_supplicant/esp_wpa2_i.h"
 
 /**
  * eapol_sm_notify_eap_success - Notification of external EAP success trigger
@@ -484,7 +485,7 @@ static int wpa_supplicant_get_pmk(struct wpa_sm *sm,
 		if (buf) {
 			wpa_sm_ether_send(sm, sm->bssid, ETH_P_EAPOL,
 					  buf, buflen);
-			os_free(buf);
+			wpa_sm_free_eapol(buf);
 			return -2;
 		}
 
@@ -584,6 +585,14 @@ void   wpa_supplicant_process_1_of_4(struct wpa_sm *sm,
     u8 *kde, *kde_buf = NULL;
     size_t kde_len;
 
+    if (is_wpa2_enterprise_connection()) {
+        wpa2_ent_eap_state_t state = wpa2_get_eap_state();
+        if (state == WPA2_ENT_EAP_STATE_IN_PROGRESS) {
+            wpa_printf(MSG_INFO, "EAP Success has not been processed yet."
+               " Drop EAPOL message.");
+            return;
+        }
+    }
     wpa_sm_set_state(WPA_FIRST_HALF_4WAY_HANDSHAKE);
 
     wpa_printf(MSG_DEBUG, "WPA 1/4-Way Handshake\n");