feat(esp_wifi): Add support to limit EAP methods

2025-10-16 17:02:41 +00:00 · 2025-07-10 11:44:14 +05:30
parent 0fde8d2012
commit 6c309b29e9
5 changed files with 125 additions and 11 deletions
--- a/components/wpa_supplicant/esp_supplicant/src/esp_eap_client.c
+++ b/components/wpa_supplicant/esp_supplicant/src/esp_eap_client.c
@@ -839,6 +839,8 @@ static esp_err_t esp_client_enable_fn(void *arg)
    }
 #endif
    g_wpa_config_changed = true;
+    /* Enable opportunistic key caching support */
+    esp_wifi_set_okc_support(true);
    return ESP_OK;
 }

@@ -859,9 +861,6 @@ esp_err_t esp_wifi_sta_enterprise_enable(void)
    esp_err_t ret;
    struct wpa_sm *sm = &gWpaSm;

-    /* Enable opportunistic key caching support */
-    esp_wifi_set_okc_support(true);
-
    wpa2_api_lock();

    if (wpa2_is_enabled()) {
@@ -887,6 +886,58 @@ esp_err_t esp_wifi_sta_enterprise_enable(void)
    return ret;
 }

+static void eap_globals_reset(void)
+{
+    os_free(g_wpa_anonymous_identity);
+    g_wpa_anonymous_identity = NULL;
+    g_wpa_anonymous_identity_len = 0;
+
+    os_free(g_wpa_username);
+    g_wpa_username = NULL;
+    g_wpa_username_len = 0;
+
+    g_wpa_client_cert = NULL;
+    g_wpa_client_cert_len = 0;
+
+    g_wpa_private_key = NULL;
+    g_wpa_private_key_len = 0;
+
+    g_wpa_private_key_passwd = NULL;
+    g_wpa_private_key_passwd_len = 0;
+
+    g_wpa_ca_cert = NULL;
+    g_wpa_ca_cert_len = 0;
+
+    os_free(g_wpa_password);
+    g_wpa_password = NULL;
+    g_wpa_password_len = 0;
+
+    os_free(g_wpa_new_password);
+    g_wpa_new_password = NULL;
+    g_wpa_new_password_len = 0;
+
+    g_wpa_ttls_phase2_type = NULL;
+    os_free(g_wpa_phase1_options);
+    g_wpa_phase1_options = NULL;
+
+    os_free(g_wpa_pac_file);
+    g_wpa_pac_file = NULL;
+    g_wpa_pac_file_len = 0;
+
+    g_wpa_suiteb_certification = false;
+
+#ifdef CONFIG_MBEDTLS_CERTIFICATE_BUNDLE
+    g_wpa_default_cert_bundle = false;
+    esp_crt_bundle_attach_fn = NULL;
+#endif
+
+#ifndef CONFIG_TLS_INTERNAL_CLIENT
+    os_free(g_wpa_domain_match);
+    g_wpa_domain_match = NULL;
+#endif
+    g_eap_method_mask = ESP_EAP_TYPE_ALL;
+}
+
 static esp_err_t eap_client_disable_fn(void *param)
 {
    struct wpa_sm *sm = &gWpaSm;
@@ -897,6 +948,7 @@ static esp_err_t eap_client_disable_fn(void *param)
        eap_peer_sm_deinit();
    }

+    eap_globals_reset();
 #ifdef EAP_PEER_METHOD
    eap_peer_unregister_methods();
 #endif
@@ -915,6 +967,7 @@ esp_err_t esp_wifi_sta_enterprise_disable(void)

    if (wpa2_is_disabled()) {
        wpa_printf(MSG_INFO, "EAP: already disabled");
+        eap_globals_reset();
        wpa2_api_unlock();
        return ESP_OK;
    }
@@ -1294,3 +1347,14 @@ esp_err_t esp_eap_client_set_domain_name(const char *domain_name)
    return ESP_OK;
 #endif
 }
+
+esp_err_t esp_eap_client_set_eap_methods(esp_eap_method_t methods)
+{
+
+    if ((methods & ~ESP_EAP_TYPE_ALL) != 0) {
+        return ESP_ERR_INVALID_ARG;
+    }
+
+    g_eap_method_mask = methods;
+    return ESP_OK;
+}