@@ -861,6 +861,10 @@ static int wpa_try_alt_snonce(struct wpa_state_machine *sm, u8 *data,
sm->p2p_dev_addr, pmk, &pmk_len);
if (pmk == NULL)
break;
+#ifdef CONFIG_IEEE80211R_AP
+ if (wpa_key_mgmt_ft_psk(sm->wpa_key_mgmt))
+ memcpy(sm->xxkey, pmk, pmk_len);
+#endif
} else {
pmk = sm->PMK;
pmk_len = sm->pmk_len;
@@ -2643,6 +2647,10 @@ SM_STATE(WPA_PTK, PTKCALCNEGOTIATING)
if (pmk == NULL)
break;
psk_found = 1;
+#ifdef CONFIG_IEEE80211R_AP
+ if (wpa_key_mgmt_ft_psk(sm->wpa_key_mgmt))
+ memcpy(sm->xxkey, pmk, pmk_len);
+#endif
} else {
pmk = sm->PMK;
pmk_len = sm->pmk_len;
For FT-PSK sm->xxkey was populated with only first password on the linked list (i.e. last matching password in the wpa_psk_file) in INITPSK. This caused only that password to be recognized and accepted. All other passwords were not verified properly and subsequently prevented clients from connecting. Hostapd would report: Jan 30 12:55:44 hostapd: ap0: STA xx:xx:xx:xx:xx:xx WPA: sending 1/4 msg of 4-Way Handshake Jan 30 12:55:44 hostapd: ap0: STA xx:xx:xx:xx:xx:xx WPA: received EAPOL-Key frame (2/4 Pairwise) Jan 30 12:55:44 hostapd: ap0: STA xx:xx:xx:xx:xx:xx WPA: invalid MIC in msg 2/4 of 4-Way Handshake Jan 30 12:55:45 hostapd: ap0: STA xx:xx:xx:xx:xx:xx WPA: EAPOL-Key timeout Signed-off-by: Michal Kazior <michal@plumewifi.com> --- src/ap/wpa_auth.c | 8 ++++++++ 1 file changed, 8 insertions(+)