Merge branch 'bugfix/fix_pmksa_cache_expired_after_sntp_issue_v5.2' into 'release/v5.2'

fix(wifi): fix pmksa cache expiration caused by sntp time synchronization issue(Backport v5.2) See merge request espressif/esp-idf!40831
2025-08-03 20:54:32 +02:00 · 2025-07-28 14:23:45 +08:00
parent 6f0fd4eb42 849fc76430
commit a75f3cb446
3 changed files with 9 additions and 4 deletions
--- a/components/wpa_supplicant/src/ap/pmksa_cache_auth.c
+++ b/components/wpa_supplicant/src/ap/pmksa_cache_auth.c
@@ -19,7 +19,7 @@
 #include "ap/ieee802_1x.h"

 static const int pmksa_cache_max_entries = 10;
-static const int dot11RSNAConfigPMKLifetime = 8640000;
+static const int dot11RSNAConfigPMKLifetime = INT32_MAX;


 struct rsn_pmksa_cache {
--- a/components/wpa_supplicant/src/rsn_supp/pmksa_cache.c
+++ b/components/wpa_supplicant/src/rsn_supp/pmksa_cache.c
@@ -18,7 +18,7 @@
 #ifdef IEEE8021X_EAPOL

 static const int pmksa_cache_max_entries = 10;
-static const int dot11RSNAConfigPMKLifetime = 8640000; // 100 days = 3600 x 24 x 100 Seconds
+static const int dot11RSNAConfigPMKLifetime = INT32_MAX;
 static const int dot11RSNAConfigPMKReauthThreshold = 70;

 struct rsn_pmksa_cache {
@@ -133,8 +133,7 @@ pmksa_cache_add(struct rsn_pmksa_cache *pmksa, const u8 *pmk, size_t pmk_len,

    os_get_reltime(&now);
    entry->expiration = now.sec + dot11RSNAConfigPMKLifetime;
-    entry->reauth_time = now.sec + dot11RSNAConfigPMKLifetime *
-        dot11RSNAConfigPMKReauthThreshold / 100;
+    entry->reauth_time = now.sec + dot11RSNAConfigPMKLifetime / 100 * dot11RSNAConfigPMKReauthThreshold;
    entry->akmp = akmp;
    os_memcpy(entry->aa, aa, ETH_ALEN);
    entry->network_ctx = network_ctx;
--- a/components/wpa_supplicant/src/rsn_supp/wpa.c
+++ b/components/wpa_supplicant/src/rsn_supp/wpa.c
@@ -370,8 +370,14 @@ static void wpa_sm_pmksa_free_cb(struct rsn_pmksa_cache_entry *entry,
    }

    if (deauth) {
+    /* For upstream supplicant, reconnection is handled internally, whereas in ESP-IDF, the user needs to initiate a new connection.
+       To mitigate this, simply flush the PMK without disconnecting. This will prevent the device from disconnecting,
+       while allowing it to derive a new PMK during the next connection attempt. */
+
+#ifndef ESP_SUPPLICANT
        os_memset(sm->pmk, 0, sizeof(sm->pmk));
        wpa_sm_deauthenticate(sm, WLAN_REASON_UNSPECIFIED);
+#endif
    }
 }