From fc106b3dbdc36e6a578d83d4638432cded531f9f Mon Sep 17 00:00:00 2001 From: Kapil Gupta Date: Fri, 4 Jul 2025 17:37:47 +0530 Subject: [PATCH] fix(esp_wifi): Address review comments --- .../esp_supplicant/include/esp_eap_client.h | 6 +++--- .../esp_supplicant/src/esp_eap_client.c | 14 +++++++++----- components/wpa_supplicant/src/eap_peer/eap.c | 10 +++++----- .../wifi_enterprise/main/wifi_enterprise_main.c | 2 +- 4 files changed, 18 insertions(+), 14 deletions(-) diff --git a/components/wpa_supplicant/esp_supplicant/include/esp_eap_client.h b/components/wpa_supplicant/esp_supplicant/include/esp_eap_client.h index 8ffae93095..0dcfc7644c 100644 --- a/components/wpa_supplicant/esp_supplicant/include/esp_eap_client.h +++ b/components/wpa_supplicant/esp_supplicant/include/esp_eap_client.h @@ -37,7 +37,8 @@ typedef enum { ESP_EAP_TYPE_TLS = (1 << 0), /*!< EAP-TLS method */ ESP_EAP_TYPE_TTLS = (1 << 1), /*!< EAP-TTLS method */ ESP_EAP_TYPE_PEAP = (1 << 2), /*!< EAP-PEAP method */ - ESP_EAP_TYPE_FAST = (1 << 3) /*!< EAP-FAST method */ + ESP_EAP_TYPE_FAST = (1 << 3), /*!< EAP-FAST method */ + ESP_EAP_TYPE_ALL = (ESP_EAP_TYPE_TLS | ESP_EAP_TYPE_TTLS | ESP_EAP_TYPE_PEAP | ESP_EAP_TYPE_FAST), /*!< All supported EAP methods */ } esp_eap_method_t; /** @@ -361,8 +362,7 @@ esp_err_t esp_eap_client_set_domain_name(const char *domain_name); * - ESP_ERR_INVALID_ARG if none of the methods are valid * * @note - * If this API is not called or `EAP_TYPE_NONE` is passed, EAP methods will be dynamically - * selected at runtime based on configuration from other `esp_eap_client_*` APIs. + * If this API is not called, all supported EAP methods will be considered. * If one or more methods are set using this API, only the specified methods will be considered. */ esp_err_t esp_eap_client_set_eap_methods(esp_eap_method_t methods); diff --git a/components/wpa_supplicant/esp_supplicant/src/esp_eap_client.c b/components/wpa_supplicant/esp_supplicant/src/esp_eap_client.c index 92c58bea7e..6e83d646f7 100644 --- a/components/wpa_supplicant/esp_supplicant/src/esp_eap_client.c +++ b/components/wpa_supplicant/esp_supplicant/src/esp_eap_client.c @@ -820,8 +820,6 @@ static esp_err_t esp_client_enable_fn(void *arg) } #endif g_wpa_config_changed = true; - /* Enable opportunistic key caching support */ - esp_wifi_set_okc_support(true); return ESP_OK; } @@ -858,9 +856,11 @@ esp_err_t esp_wifi_sta_enterprise_enable(void) static void eap_globals_reset(void) { + os_free(g_wpa_anonymous_identity); g_wpa_anonymous_identity = NULL; g_wpa_anonymous_identity_len = 0; + os_free(g_wpa_username); g_wpa_username = NULL; g_wpa_username_len = 0; @@ -876,15 +876,19 @@ static void eap_globals_reset(void) g_wpa_ca_cert = NULL; g_wpa_ca_cert_len = 0; + os_free(g_wpa_password); g_wpa_password = NULL; g_wpa_password_len = 0; + os_free(g_wpa_new_password); g_wpa_new_password = NULL; g_wpa_new_password_len = 0; g_wpa_ttls_phase2_type = NULL; + os_free(g_wpa_phase1_options); g_wpa_phase1_options = NULL; + os_free(g_wpa_pac_file); g_wpa_pac_file = NULL; g_wpa_pac_file_len = 0; @@ -896,9 +900,10 @@ static void eap_globals_reset(void) #endif #ifndef CONFIG_TLS_INTERNAL_CLIENT + os_free(g_wpa_domain_match); g_wpa_domain_match = NULL; #endif - g_eap_method_mask = 0; + g_eap_method_mask = ESP_EAP_TYPE_ALL; } static esp_err_t eap_client_disable_fn(void *param) @@ -1313,9 +1318,8 @@ esp_err_t esp_eap_client_set_domain_name(const char *domain_name) esp_err_t esp_eap_client_set_eap_methods(esp_eap_method_t methods) { - const esp_eap_method_t supported_methods = EAP_TYPE_TLS | EAP_TYPE_TTLS | EAP_TYPE_PEAP | EAP_TYPE_FAST; - if ((methods & ~supported_methods) != 0) { + if ((methods & ~ESP_EAP_TYPE_ALL) != 0) { return ESP_ERR_INVALID_ARG; } diff --git a/components/wpa_supplicant/src/eap_peer/eap.c b/components/wpa_supplicant/src/eap_peer/eap.c index 817ddea0e9..c1e2d10f26 100644 --- a/components/wpa_supplicant/src/eap_peer/eap.c +++ b/components/wpa_supplicant/src/eap_peer/eap.c @@ -71,7 +71,7 @@ int (*esp_crt_bundle_attach_fn)(void *conf); #ifndef CONFIG_TLS_INTERNAL_CLIENT char *g_wpa_domain_match; #endif -uint32_t g_eap_method_mask; +uint32_t g_eap_method_mask = ESP_EAP_TYPE_ALL; void eap_peer_config_deinit(struct eap_sm *sm); void eap_peer_blob_deinit(struct eap_sm *sm); @@ -625,19 +625,19 @@ int eap_peer_config_init( if (g_wpa_username) { //set EAP-PEAP - if ((g_eap_method_mask == 0) || (g_eap_method_mask & ESP_EAP_TYPE_PEAP)) { + if (g_eap_method_mask & ESP_EAP_TYPE_PEAP) { config_methods[allowed_method_count].vendor = EAP_VENDOR_IETF; config_methods[allowed_method_count++].method = EAP_TYPE_PEAP; } //set EAP-TTLS - if ((g_eap_method_mask == 0) || (g_eap_method_mask & ESP_EAP_TYPE_TTLS)) { + if (g_eap_method_mask & ESP_EAP_TYPE_TTLS) { config_methods[allowed_method_count].vendor = EAP_VENDOR_IETF; config_methods[allowed_method_count++].method = EAP_TYPE_TTLS; } } if (g_wpa_private_key) { //set EAP-TLS - if ((g_eap_method_mask == 0) || (g_eap_method_mask & ESP_EAP_TYPE_TLS)) { + if (g_eap_method_mask & ESP_EAP_TYPE_TLS) { config_methods[allowed_method_count].vendor = EAP_VENDOR_IETF; config_methods[allowed_method_count++].method = EAP_TYPE_TLS; } @@ -645,7 +645,7 @@ int eap_peer_config_init( #ifdef EAP_FAST if (g_wpa_pac_file) { //set EAP-FAST - if ((g_eap_method_mask == 0) || (g_eap_method_mask & ESP_EAP_TYPE_FAST)) { + if (g_eap_method_mask & ESP_EAP_TYPE_FAST) { config_methods[allowed_method_count].vendor = EAP_VENDOR_IETF; config_methods[allowed_method_count++].method = EAP_TYPE_FAST; } diff --git a/examples/wifi/wifi_enterprise/main/wifi_enterprise_main.c b/examples/wifi/wifi_enterprise/main/wifi_enterprise_main.c index 8146bcff66..ba524c76e6 100644 --- a/examples/wifi/wifi_enterprise/main/wifi_enterprise_main.c +++ b/examples/wifi/wifi_enterprise/main/wifi_enterprise_main.c @@ -96,7 +96,7 @@ static void event_handler(void* arg, esp_event_base_t event_base, static void initialise_wifi(void) { - esp_eap_method_t eap_methods = ESP_EAP_TYPE_NONE; + esp_eap_method_t eap_methods = ESP_EAP_TYPE_ALL; #ifdef SERVER_CERT_VALIDATION_ENABLED unsigned int ca_pem_bytes = ca_pem_end - ca_pem_start; #endif /* SERVER_CERT_VALIDATION_ENABLED */