| Message ID | 20220624210552.1890987-1-prestwoj@gmail.com |
|---|---|
| State | Not Applicable |
| Headers | show |
| Series | fils: set sm->pairwise_set after setting TK to driver | expand |
You can ignore this. I was on an older commit which someone apparently fixed already. On Fri, 2022-06-24 at 14:05 -0700, James Prestwood wrote: > After FILS completed there was no path to setting sm->pairwise_set > since the 4-way handshake is not done for FILS. This posed a problem > on rekeys because the EAPoL frames would be sent without transport > encryption. Since there is in fact a PMK set in the driver all frames > should be sent with transport encryption even for a rekey. > > This patch sets sm->pairwise_set true after the TK is set into the > driver after FILS completes which allows a future rekey to use > encryption. > --- > src/ap/wpa_auth.c | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c > index 6d60f2629..6942764de 100644 > --- a/src/ap/wpa_auth.c > +++ b/src/ap/wpa_auth.c > @@ -2869,6 +2869,7 @@ int fils_set_tk(struct wpa_state_machine *sm) > return -1; > } > sm->tk_already_set = true; > + sm->pairwise_set = true; > > wpa_auth_store_ptksa(sm->wpa_auth, sm->addr, sm->pairwise, > dot11RSNAConfigPMKLifetime, &sm->PTK);
diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c index 6d60f2629..6942764de 100644 --- a/src/ap/wpa_auth.c +++ b/src/ap/wpa_auth.c @@ -2869,6 +2869,7 @@ int fils_set_tk(struct wpa_state_machine *sm) return -1; } sm->tk_already_set = true; + sm->pairwise_set = true; wpa_auth_store_ptksa(sm->wpa_auth, sm->addr, sm->pairwise, dot11RSNAConfigPMKLifetime, &sm->PTK);