diff mbox series

wpa_supplicant: Fix FILS ERP association

Message ID 20190403103630.30804-1-andrei.otcheretianski@intel.com
State Accepted
Headers show
Series wpa_supplicant: Fix FILS ERP association | expand

Commit Message

Otcheretianski, Andrei April 3, 2019, 10:36 a.m. UTC 
From: Avraham Stern <avraham.stern@intel.com>

When FILS authentication is used with ERP, no EAPOL frames are
expected after association. However, for drivers that set the
WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_8021X capability flag, the EAP
state machine was not configured correctly and was waiting for
EAPOL frames, which leads to disconnection.

Fix it by setting the EAP state machine to success when FILS
authentication was already completed.

Signed-off-by: Avraham Stern <avraham.stern@intel.com>
---
 wpa_supplicant/events.c | 22 +++++++++++-----------
 1 file changed, 11 insertions(+), 11 deletions(-)

Comments

Jouni Malinen April 16, 2019, 8:11 a.m. UTC | #1 
On Wed, Apr 03, 2019 at 01:36:30PM +0300, Andrei Otcheretianski wrote:
> When FILS authentication is used with ERP, no EAPOL frames are
> expected after association. However, for drivers that set the
> WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_8021X capability flag, the EAP
> state machine was not configured correctly and was waiting for
> EAPOL frames, which leads to disconnection.
> 
> Fix it by setting the EAP state machine to success when FILS
> authentication was already completed.

Thanks, applied.
diff mbox series

Patch

diff --git a/wpa_supplicant/events.c b/wpa_supplicant/events.c
index a46ef187cb..f6ec111b77 100644
--- a/wpa_supplicant/events.c
+++ b/wpa_supplicant/events.c
@@ -2859,8 +2859,17 @@  static void wpa_supplicant_event_assoc(struct wpa_supplicant *wpa_s,
 	}
 	wpa_supplicant_cancel_scan(wpa_s);
 
-	if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_PSK) &&
-	    wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt)) {
+	if (ft_completed) {
+		/*
+		 * FT protocol completed - make sure EAPOL state machine ends
+		 * up in authenticated.
+		 */
+		wpa_supplicant_cancel_auth_timeout(wpa_s);
+		wpa_supplicant_set_state(wpa_s, WPA_COMPLETED);
+		eapol_sm_notify_portValid(wpa_s->eapol, TRUE);
+		eapol_sm_notify_eap_success(wpa_s->eapol, TRUE);
+	} else if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_PSK) &&
+		   wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt)) {
 		/*
 		 * We are done; the driver will take care of RSN 4-way
 		 * handshake.
@@ -2877,15 +2886,6 @@  static void wpa_supplicant_event_assoc(struct wpa_supplicant *wpa_s,
 		 * waiting for WPA supplicant.
 		 */
 		eapol_sm_notify_portValid(wpa_s->eapol, TRUE);
-	} else if (ft_completed) {
-		/*
-		 * FT protocol completed - make sure EAPOL state machine ends
-		 * up in authenticated.
-		 */
-		wpa_supplicant_cancel_auth_timeout(wpa_s);
-		wpa_supplicant_set_state(wpa_s, WPA_COMPLETED);
-		eapol_sm_notify_portValid(wpa_s->eapol, TRUE);
-		eapol_sm_notify_eap_success(wpa_s->eapol, TRUE);
 	}
 
 	wpa_s->last_eapol_matches_bssid = 0;