mirror of
https://github.com/espressif/esp-idf.git
synced 2024-10-05 20:47:46 -04:00
fix(wifi): add low memory options for eap enterprise
This commit is contained in:
parent
462dfaf45c
commit
c62022b312
@ -454,4 +454,13 @@ menu "Wi-Fi"
|
||||
disabling this will reduce binary size.
|
||||
disabling this will disable the use of any esp_wifi_sta_wpa2_ent_* (as APIs will be meaningless)
|
||||
|
||||
config ESP_WIFI_ENT_FREE_DYNAMIC_BUFFER
|
||||
bool "Free dynamic buffers during WiFi enterprise connection"
|
||||
depends on ESP_WIFI_ENTERPRISE_SUPPORT
|
||||
default y if IDF_TARGET_ESP32C2
|
||||
default n if !IDF_TARGET_ESP32C2
|
||||
help
|
||||
Select this configuration to free dynamic buffers during WiFi enterprise connection.
|
||||
This will enable chip to reduce heap consumption during WiFi enterprise connection.
|
||||
|
||||
endmenu # Wi-Fi
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* SPDX-FileCopyrightText: 2020-2021 Espressif Systems (Shanghai) CO LTD
|
||||
* SPDX-FileCopyrightText: 2020-2024 Espressif Systems (Shanghai) CO LTD
|
||||
*
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*/
|
||||
@ -31,6 +31,7 @@ which are undefined if the following flag is not defined */
|
||||
#else
|
||||
#include "mbedtls/config.h"
|
||||
#endif
|
||||
#include "mbedtls/platform.h"
|
||||
#include "eap_peer/eap.h"
|
||||
|
||||
|
||||
@ -677,6 +678,59 @@ int tls_connection_set_verify(void *tls_ctx, struct tls_connection *conn,
|
||||
return -1;
|
||||
}
|
||||
|
||||
#ifdef CONFIG_ESP_WIFI_ENT_FREE_DYNAMIC_BUFFER
|
||||
static void esp_mbedtls_free_dhm(mbedtls_ssl_context *ssl)
|
||||
{
|
||||
#ifdef CONFIG_MBEDTLS_DHM_C
|
||||
const mbedtls_ssl_config *conf = mbedtls_ssl_context_get_config(ssl);
|
||||
mbedtls_mpi_free((mbedtls_mpi *)&conf->MBEDTLS_PRIVATE(dhm_P));
|
||||
mbedtls_mpi_free((mbedtls_mpi *)&conf->MBEDTLS_PRIVATE(dhm_G));
|
||||
#endif /* CONFIG_MBEDTLS_DHM_C */
|
||||
}
|
||||
|
||||
static void esp_mbedtls_free_keycert(mbedtls_ssl_context *ssl)
|
||||
{
|
||||
mbedtls_ssl_config *conf = (mbedtls_ssl_config * )mbedtls_ssl_context_get_config(ssl);
|
||||
mbedtls_ssl_key_cert *keycert = conf->MBEDTLS_PRIVATE(key_cert), *next;
|
||||
|
||||
while (keycert) {
|
||||
next = keycert->next;
|
||||
|
||||
if (keycert) {
|
||||
mbedtls_free(keycert);
|
||||
}
|
||||
|
||||
keycert = next;
|
||||
}
|
||||
|
||||
conf->MBEDTLS_PRIVATE(key_cert) = NULL;
|
||||
}
|
||||
|
||||
static void esp_mbedtls_free_keycert_key(mbedtls_ssl_context *ssl)
|
||||
{
|
||||
const mbedtls_ssl_config *conf = mbedtls_ssl_context_get_config(ssl);
|
||||
mbedtls_ssl_key_cert *keycert = conf->MBEDTLS_PRIVATE(key_cert);
|
||||
|
||||
while (keycert) {
|
||||
if (keycert->key) {
|
||||
mbedtls_pk_free(keycert->key);
|
||||
keycert->key = NULL;
|
||||
}
|
||||
keycert = keycert->next;
|
||||
}
|
||||
}
|
||||
|
||||
static void esp_mbedtls_free_cacert(mbedtls_ssl_context *ssl)
|
||||
{
|
||||
if (ssl->MBEDTLS_PRIVATE(conf)->MBEDTLS_PRIVATE(ca_chain)) {
|
||||
mbedtls_ssl_config *conf = (mbedtls_ssl_config * )mbedtls_ssl_context_get_config(ssl);
|
||||
|
||||
mbedtls_x509_crt_free(conf->MBEDTLS_PRIVATE(ca_chain));
|
||||
conf->MBEDTLS_PRIVATE(ca_chain) = NULL;
|
||||
}
|
||||
}
|
||||
#endif
|
||||
|
||||
struct wpabuf * tls_connection_handshake(void *tls_ctx,
|
||||
struct tls_connection *conn,
|
||||
const struct wpabuf *in_data,
|
||||
@ -685,6 +739,7 @@ struct wpabuf * tls_connection_handshake(void *tls_ctx,
|
||||
tls_context_t *tls = conn->tls;
|
||||
int ret = 0;
|
||||
struct wpabuf *resp;
|
||||
int cli_state;
|
||||
|
||||
/* data freed by sender */
|
||||
conn->tls_io_data.out_data = NULL;
|
||||
@ -693,8 +748,9 @@ struct wpabuf * tls_connection_handshake(void *tls_ctx,
|
||||
}
|
||||
|
||||
/* Multiple reads */
|
||||
while (tls->ssl.MBEDTLS_PRIVATE(state) != MBEDTLS_SSL_HANDSHAKE_OVER) {
|
||||
if (tls->ssl.MBEDTLS_PRIVATE(state) == MBEDTLS_SSL_CLIENT_CERTIFICATE) {
|
||||
while (!mbedtls_ssl_is_handshake_over(&tls->ssl)) {
|
||||
cli_state = tls->ssl.MBEDTLS_PRIVATE(state);
|
||||
if (cli_state == MBEDTLS_SSL_CLIENT_CERTIFICATE) {
|
||||
/* Read random data before session completes, not present after handshake */
|
||||
if (tls->ssl.MBEDTLS_PRIVATE(handshake)) {
|
||||
os_memcpy(conn->randbytes, tls->ssl.MBEDTLS_PRIVATE(handshake)->randbytes,
|
||||
@ -704,8 +760,20 @@ struct wpabuf * tls_connection_handshake(void *tls_ctx,
|
||||
}
|
||||
ret = mbedtls_ssl_handshake_step(&tls->ssl);
|
||||
|
||||
if (ret < 0)
|
||||
if (ret < 0) {
|
||||
break;
|
||||
}
|
||||
#ifdef CONFIG_ESP_WIFI_ENT_FREE_DYNAMIC_BUFFER
|
||||
if (mbedtls_ssl_get_version_number(&tls->ssl) == MBEDTLS_SSL_VERSION_TLS1_2) {
|
||||
if (cli_state == MBEDTLS_SSL_SERVER_CERTIFICATE) {
|
||||
esp_mbedtls_free_cacert(&tls->ssl);
|
||||
} else if (cli_state == MBEDTLS_SSL_CERTIFICATE_VERIFY) {
|
||||
esp_mbedtls_free_dhm(&tls->ssl);
|
||||
esp_mbedtls_free_keycert_key(&tls->ssl);
|
||||
esp_mbedtls_free_keycert(&tls->ssl);
|
||||
}
|
||||
}
|
||||
#endif
|
||||
}
|
||||
if (ret < 0 && ret != MBEDTLS_ERR_SSL_WANT_READ) {
|
||||
wpa_printf(MSG_INFO, "%s: ret is %d line:%d", __func__, ret, __LINE__);
|
||||
|
Loading…
Reference in New Issue
Block a user