From e4d1588416902ea1994c0da1286bc4835f670017 Mon Sep 17 00:00:00 2001 From: muhaidong Date: Fri, 30 May 2025 16:40:32 +0800 Subject: [PATCH] fix(wifi): fix pmksa cache expiration caused by sntp time synchronization issue --- components/wpa_supplicant/src/ap/pmksa_cache_auth.c | 2 +- components/wpa_supplicant/src/rsn_supp/pmksa_cache.c | 5 ++--- components/wpa_supplicant/src/rsn_supp/wpa.c | 6 ++++++ 3 files changed, 9 insertions(+), 4 deletions(-) diff --git a/components/wpa_supplicant/src/ap/pmksa_cache_auth.c b/components/wpa_supplicant/src/ap/pmksa_cache_auth.c index 277967c086..f16ced9981 100644 --- a/components/wpa_supplicant/src/ap/pmksa_cache_auth.c +++ b/components/wpa_supplicant/src/ap/pmksa_cache_auth.c @@ -19,7 +19,7 @@ #include "ap/ieee802_1x.h" static const int pmksa_cache_max_entries = 10; -static const int dot11RSNAConfigPMKLifetime = 8640000; +static const int dot11RSNAConfigPMKLifetime = INT32_MAX; struct rsn_pmksa_cache { diff --git a/components/wpa_supplicant/src/rsn_supp/pmksa_cache.c b/components/wpa_supplicant/src/rsn_supp/pmksa_cache.c index 8ed1bdc2e7..87f8b6871d 100644 --- a/components/wpa_supplicant/src/rsn_supp/pmksa_cache.c +++ b/components/wpa_supplicant/src/rsn_supp/pmksa_cache.c @@ -18,7 +18,7 @@ #ifdef IEEE8021X_EAPOL static const int pmksa_cache_max_entries = 10; -static const int dot11RSNAConfigPMKLifetime = 8640000; // 100 days = 3600 x 24 x 100 Seconds +static const int dot11RSNAConfigPMKLifetime = INT32_MAX; static const int dot11RSNAConfigPMKReauthThreshold = 70; struct rsn_pmksa_cache { @@ -133,8 +133,7 @@ pmksa_cache_add(struct rsn_pmksa_cache *pmksa, const u8 *pmk, size_t pmk_len, os_get_reltime(&now); entry->expiration = now.sec + dot11RSNAConfigPMKLifetime; - entry->reauth_time = now.sec + dot11RSNAConfigPMKLifetime * - dot11RSNAConfigPMKReauthThreshold / 100; + entry->reauth_time = now.sec + dot11RSNAConfigPMKLifetime / 100 * dot11RSNAConfigPMKReauthThreshold; entry->akmp = akmp; os_memcpy(entry->aa, aa, ETH_ALEN); entry->network_ctx = network_ctx; diff --git a/components/wpa_supplicant/src/rsn_supp/wpa.c b/components/wpa_supplicant/src/rsn_supp/wpa.c index 9a1ad92386..353360138d 100644 --- a/components/wpa_supplicant/src/rsn_supp/wpa.c +++ b/components/wpa_supplicant/src/rsn_supp/wpa.c @@ -375,8 +375,14 @@ static void wpa_sm_pmksa_free_cb(struct rsn_pmksa_cache_entry *entry, } if (deauth) { + /* For upstream supplicant, reconnection is handled internally, whereas in ESP-IDF, the user needs to initiate a new connection. + To mitigate this, simply flush the PMK without disconnecting. This will prevent the device from disconnecting, + while allowing it to derive a new PMK during the next connection attempt. */ + +#ifndef ESP_SUPPLICANT os_memset(sm->pmk, 0, sizeof(sm->pmk)); wpa_sm_deauthenticate(sm, WLAN_REASON_UNSPECIFIED); +#endif } }