[PATCH] fils: set sm->pairwise_set after setting TK to driver
James Prestwood
prestwoj at gmail.com
Fri Jun 24 14:05:52 PDT 2022
After FILS completed there was no path to setting sm->pairwise_set
since the 4-way handshake is not done for FILS. This posed a problem
on rekeys because the EAPoL frames would be sent without transport
encryption. Since there is in fact a PMK set in the driver all frames
should be sent with transport encryption even for a rekey.
This patch sets sm->pairwise_set true after the TK is set into the
driver after FILS completes which allows a future rekey to use
encryption.
---
src/ap/wpa_auth.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c
index 6d60f2629..6942764de 100644
--- a/src/ap/wpa_auth.c
+++ b/src/ap/wpa_auth.c
@@ -2869,6 +2869,7 @@ int fils_set_tk(struct wpa_state_machine *sm)
return -1;
}
sm->tk_already_set = true;
+ sm->pairwise_set = true;
wpa_auth_store_ptksa(sm->wpa_auth, sm->addr, sm->pairwise,
dot11RSNAConfigPMKLifetime, &sm->PTK);
--
2.34.1
More information about the Hostap
mailing list