I am using code similar to example "AnyCloud Code Snippet 1" (Cypress Enterprise Security Library: Overview (infineon.github.io)). But code invoke crash after expiration of certificates.
The cy_enterprise_security_join function may return error, before stopping of supplicant and tls_agent threads.
In result these threads try to access the freed memory. Because handle will be destroyed by cy_enterprise_security_delete after the cy_enterprise_security_join error .
Also as I understand, error is possible in supplicant_deinit (maybe I'm not right). When supplicant_deinit invoked from stack of cy_enterprise_security_join, it expects CY_RSLT_ENTERPRISE_SECURITY_SUPPLICANT_ABORTED state in order to join thread. But in my case it was CY_RSLT_ENTERPRISE_SECURITY_EAP_ERROR.
Working (but wrong) fix: increase delay in supplicant_stop function to 1000ms:
file enterprise-security/source/supplicant_core/cy_supplicant_process_et.c, line 1449
We will review the crash as well as the fix. I presume you had used client certificate, private key, CA on client device as well as server certificate, CA on RADIUS server to test EAP-TLS? Was both client and server certificates expired or one of them? Even with the delay, the connection should not pass because of expired certificate(s).
yes, I used:
- on board: client cert & key + CA cert
- on Radius server: CA cert + server cert/key
Server and client certificates are signed by same CA.
All certs are expired in current moment. Bug was reproduced at 6 September.
You can find certificates in attached file.
- wifi_certs.h - file from my code
- the 'certs' folder contains all used certificates
When the function supplicant_stop() is called, it would queue the event SUPPLICANT_EVENT_ABORT_REQUESTED followed by the 10ms delay. This event is expected to be processed by supplicant_process_event() callback in the supplicant thread as shown below:
switch ( message->event_type )
CY_SUPPLICANT_PROCESS_ET_INFO(CYLF_MIDDLEWARE, CY_LOG_INFO, "[%s()] : L%d : SUPPLICANT_EVENT_ABORT_REQUESTED\r\n", __FUNCTION__, __LINE__);
workspace->supplicant_result = CY_RSLT_ENTERPRISE_SECURITY_SUPPLICANT_ABORTED;
If a 1000ms delay fixes the issue, this would mean that the 10ms time is not sufficient for processing the above event. You can consider using semaphore instead of delay. Which means that a get semaphore could be used in place of cy_rtos_delay_milliseconds(10). When the event is received in the above switch case, the same semaphore could be set.