fix(wifi): add low memory options for eap enterprise

This commit is contained in:
Kapil Gupta 2024-01-02 21:08:10 +05:30 committed by BOT
parent 462dfaf45c
commit c62022b312
2 changed files with 81 additions and 4 deletions

View File

@ -454,4 +454,13 @@ menu "Wi-Fi"
disabling this will reduce binary size.
disabling this will disable the use of any esp_wifi_sta_wpa2_ent_* (as APIs will be meaningless)
config ESP_WIFI_ENT_FREE_DYNAMIC_BUFFER
bool "Free dynamic buffers during WiFi enterprise connection"
depends on ESP_WIFI_ENTERPRISE_SUPPORT
default y if IDF_TARGET_ESP32C2
default n if !IDF_TARGET_ESP32C2
help
Select this configuration to free dynamic buffers during WiFi enterprise connection.
This will enable chip to reduce heap consumption during WiFi enterprise connection.
endmenu # Wi-Fi

View File

@ -1,5 +1,5 @@
/*
* SPDX-FileCopyrightText: 2020-2021 Espressif Systems (Shanghai) CO LTD
* SPDX-FileCopyrightText: 2020-2024 Espressif Systems (Shanghai) CO LTD
*
* SPDX-License-Identifier: Apache-2.0
*/
@ -31,6 +31,7 @@ which are undefined if the following flag is not defined */
#else
#include "mbedtls/config.h"
#endif
#include "mbedtls/platform.h"
#include "eap_peer/eap.h"
@ -677,6 +678,59 @@ int tls_connection_set_verify(void *tls_ctx, struct tls_connection *conn,
return -1;
}
#ifdef CONFIG_ESP_WIFI_ENT_FREE_DYNAMIC_BUFFER
static void esp_mbedtls_free_dhm(mbedtls_ssl_context *ssl)
{
#ifdef CONFIG_MBEDTLS_DHM_C
const mbedtls_ssl_config *conf = mbedtls_ssl_context_get_config(ssl);
mbedtls_mpi_free((mbedtls_mpi *)&conf->MBEDTLS_PRIVATE(dhm_P));
mbedtls_mpi_free((mbedtls_mpi *)&conf->MBEDTLS_PRIVATE(dhm_G));
#endif /* CONFIG_MBEDTLS_DHM_C */
}
static void esp_mbedtls_free_keycert(mbedtls_ssl_context *ssl)
{
mbedtls_ssl_config *conf = (mbedtls_ssl_config * )mbedtls_ssl_context_get_config(ssl);
mbedtls_ssl_key_cert *keycert = conf->MBEDTLS_PRIVATE(key_cert), *next;
while (keycert) {
next = keycert->next;
if (keycert) {
mbedtls_free(keycert);
}
keycert = next;
}
conf->MBEDTLS_PRIVATE(key_cert) = NULL;
}
static void esp_mbedtls_free_keycert_key(mbedtls_ssl_context *ssl)
{
const mbedtls_ssl_config *conf = mbedtls_ssl_context_get_config(ssl);
mbedtls_ssl_key_cert *keycert = conf->MBEDTLS_PRIVATE(key_cert);
while (keycert) {
if (keycert->key) {
mbedtls_pk_free(keycert->key);
keycert->key = NULL;
}
keycert = keycert->next;
}
}
static void esp_mbedtls_free_cacert(mbedtls_ssl_context *ssl)
{
if (ssl->MBEDTLS_PRIVATE(conf)->MBEDTLS_PRIVATE(ca_chain)) {
mbedtls_ssl_config *conf = (mbedtls_ssl_config * )mbedtls_ssl_context_get_config(ssl);
mbedtls_x509_crt_free(conf->MBEDTLS_PRIVATE(ca_chain));
conf->MBEDTLS_PRIVATE(ca_chain) = NULL;
}
}
#endif
struct wpabuf * tls_connection_handshake(void *tls_ctx,
struct tls_connection *conn,
const struct wpabuf *in_data,
@ -685,6 +739,7 @@ struct wpabuf * tls_connection_handshake(void *tls_ctx,
tls_context_t *tls = conn->tls;
int ret = 0;
struct wpabuf *resp;
int cli_state;
/* data freed by sender */
conn->tls_io_data.out_data = NULL;
@ -693,8 +748,9 @@ struct wpabuf * tls_connection_handshake(void *tls_ctx,
}
/* Multiple reads */
while (tls->ssl.MBEDTLS_PRIVATE(state) != MBEDTLS_SSL_HANDSHAKE_OVER) {
if (tls->ssl.MBEDTLS_PRIVATE(state) == MBEDTLS_SSL_CLIENT_CERTIFICATE) {
while (!mbedtls_ssl_is_handshake_over(&tls->ssl)) {
cli_state = tls->ssl.MBEDTLS_PRIVATE(state);
if (cli_state == MBEDTLS_SSL_CLIENT_CERTIFICATE) {
/* Read random data before session completes, not present after handshake */
if (tls->ssl.MBEDTLS_PRIVATE(handshake)) {
os_memcpy(conn->randbytes, tls->ssl.MBEDTLS_PRIVATE(handshake)->randbytes,
@ -704,8 +760,20 @@ struct wpabuf * tls_connection_handshake(void *tls_ctx,
}
ret = mbedtls_ssl_handshake_step(&tls->ssl);
if (ret < 0)
if (ret < 0) {
break;
}
#ifdef CONFIG_ESP_WIFI_ENT_FREE_DYNAMIC_BUFFER
if (mbedtls_ssl_get_version_number(&tls->ssl) == MBEDTLS_SSL_VERSION_TLS1_2) {
if (cli_state == MBEDTLS_SSL_SERVER_CERTIFICATE) {
esp_mbedtls_free_cacert(&tls->ssl);
} else if (cli_state == MBEDTLS_SSL_CERTIFICATE_VERIFY) {
esp_mbedtls_free_dhm(&tls->ssl);
esp_mbedtls_free_keycert_key(&tls->ssl);
esp_mbedtls_free_keycert(&tls->ssl);
}
}
#endif
}
if (ret < 0 && ret != MBEDTLS_ERR_SSL_WANT_READ) {
wpa_printf(MSG_INFO, "%s: ret is %d line:%d", __func__, ret, __LINE__);