Merge branch 'bugfix/fix_pmksa_cache_expired_after_sntp_issue_v5.3' into 'release/v5.3'

Bugfix/fix pmksa cache expired after sntp issue v5.3(Backport v5.3) See merge request espressif/esp-idf!40701
2025-08-04 13:14:32 +02:00 · 2025-07-19 09:06:03 +08:00
parent cb1f35027f dfe0c15f90
commit 30c47e8cef
5 changed files with 11 additions and 5 deletions
--- a/components/esp_rom/esp32c2/ld/esp32c2.rom.eco4.ld
+++ b/components/esp_rom/esp32c2/ld/esp32c2.rom.eco4.ld
@@ -109,6 +109,7 @@ ieee80211_output_do = 0x4000210c;
 ieee80211_send_nulldata = 0x40002110;
 //ieee80211_setup_robust_mgmtframe = 0x40002114;
 //ieee80211_mgmt_output = 0x40002118;
 ieee80211_encap_null_data = 0x4000211c;
 //ieee80211_send_deauth_no_bss = 0x40002120;
 //ieee80211_tx_mgt_cb = 0x4000212c;
 //sta_rx_csa = 0x40002134;
--- a/components/esp_rom/esp32c2/ld/esp32c2.rom.ld
+++ b/components/esp_rom/esp32c2/ld/esp32c2.rom.ld
@@ -940,7 +940,7 @@ ieee80211_alloc_tx_buf = 0x40002108;
 /* ieee80211_output_do = 0x4000210c; */
 /* ieee80211_send_nulldata = 0x40002110; */
 /* ieee80211_setup_robust_mgmtframe = 0x40002114; */
-ieee80211_encap_null_data = 0x4000211c;
+/* ieee80211_encap_null_data = 0x4000211c; */
 //ieee80211_send_deauth_no_bss = 0x40002120;
 ieee80211_alloc_deauth = 0x40002124;
 ieee80211_send_proberesp = 0x40002128;
--- a/components/wpa_supplicant/src/ap/pmksa_cache_auth.c
+++ b/components/wpa_supplicant/src/ap/pmksa_cache_auth.c
@@ -19,7 +19,7 @@
 #include "ap/ieee802_1x.h"
 static const int pmksa_cache_max_entries = 10;
-static const int dot11RSNAConfigPMKLifetime = 8640000;
+static const int dot11RSNAConfigPMKLifetime = INT32_MAX;
 struct rsn_pmksa_cache {
--- a/components/wpa_supplicant/src/rsn_supp/pmksa_cache.c
+++ b/components/wpa_supplicant/src/rsn_supp/pmksa_cache.c
@@ -18,7 +18,7 @@
 #ifdef IEEE8021X_EAPOL
 static const int pmksa_cache_max_entries = 10;
-static const int dot11RSNAConfigPMKLifetime = 8640000; // 100 days = 3600 x 24 x 100 Seconds
+static const int dot11RSNAConfigPMKLifetime = INT32_MAX;
 static const int dot11RSNAConfigPMKReauthThreshold = 70;
 struct rsn_pmksa_cache {
@@ -133,8 +133,7 @@ pmksa_cache_add(struct rsn_pmksa_cache *pmksa, const u8 *pmk, size_t pmk_len,
    os_get_reltime(&now);
    entry->expiration = now.sec + dot11RSNAConfigPMKLifetime;
-    entry->reauth_time = now.sec + dot11RSNAConfigPMKLifetime *
+    entry->reauth_time = now.sec + dot11RSNAConfigPMKLifetime / 100 * dot11RSNAConfigPMKReauthThreshold;
        dot11RSNAConfigPMKReauthThreshold / 100;
    entry->akmp = akmp;
    os_memcpy(entry->aa, aa, ETH_ALEN);
    entry->network_ctx = network_ctx;
--- a/components/wpa_supplicant/src/rsn_supp/wpa.c
+++ b/components/wpa_supplicant/src/rsn_supp/wpa.c
@@ -375,8 +375,14 @@ static void wpa_sm_pmksa_free_cb(struct rsn_pmksa_cache_entry *entry,
    }
    if (deauth) {
    /* For upstream supplicant, reconnection is handled internally, whereas in ESP-IDF, the user needs to initiate a new connection.
       To mitigate this, simply flush the PMK without disconnecting. This will prevent the device from disconnecting,
       while allowing it to derive a new PMK during the next connection attempt. */
 #ifndef ESP_SUPPLICANT
        os_memset(sm->pmk, 0, sizeof(sm->pmk));
        wpa_sm_deauthenticate(sm, WLAN_REASON_UNSPECIFIED);
 #endif
    }
 }