mirror of
https://github.com/espressif/esp-idf.git
synced 2025-11-15 15:00:02 +01:00
252dd1b976
EAP peer does not expect data present when beginning the Phase 2 in
EAP-{TTLS,PEAP} but in TLS 1.3 session tickets are sent after the
handshake completes.
There are several strategies that can be used to handle this, but this
patch picks up from the discussion[1] and implements the proposed use of
SSL_MODE_AUTO_RETRY. SSL_MODE_AUTO_RETRY has already been enabled by
default in OpenSSL 1.1.1, but it needs to be enabled for older versions.
The main OpenSSL wrapper change in tls_connection_decrypt() takes care
of the new possible case with SSL_MODE_AUTO_RETRY for
SSL_ERROR_WANT_READ to indicate that a non-application_data was
processed. That is not really an error case with TLS 1.3, so allow it to
complete and return an empty decrypted application data buffer.
EAP-PEAP/TTLS processing can then use this to move ahead with starting
Phase 2.
[1] https://www.spinics.net/lists/hostap/msg05376.html
Signed-off-by: Alexander Clouter <alex@digriz.org.uk>
'wpa_supplicant'
This component contains the upstream wpa_supplicant ported for ESP family of platforms. The code is tightly coupled with esp_wifi component which has ESP WiFi libraries and header files that are used in ported supplicant.
ESP uses MbedTLS as crypto library therefore MbedTLS component is also required for some features to work(see ESP_WIFI_MBEDTLS_CRYPTO).
To port it for different OS, esp_wifi and wpa_supplicant should be picked up a whole system(preferably with MbedTLS if we want all features to work.)