[PATCH] fils: set sm->pairwise_set after setting TK to driver

James Prestwood prestwoj at gmail.com
Fri Jun 24 14:05:52 PDT 2022

After FILS completed there was no path to setting sm->pairwise_set
since the 4-way handshake is not done for FILS. This posed a problem
on rekeys because the EAPoL frames would be sent without transport
encryption. Since there is in fact a PMK set in the driver all frames
should be sent with transport encryption even for a rekey.

This patch sets sm->pairwise_set true after the TK is set into the
driver after FILS completes which allows a future rekey to use
 src/ap/wpa_auth.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c
index 6d60f2629..6942764de 100644
--- a/src/ap/wpa_auth.c
+++ b/src/ap/wpa_auth.c
@@ -2869,6 +2869,7 @@ int fils_set_tk(struct wpa_state_machine *sm)
 		return -1;
 	sm->tk_already_set = true;
+	sm->pairwise_set = true;
 	wpa_auth_store_ptksa(sm->wpa_auth, sm->addr, sm->pairwise,
 			     dot11RSNAConfigPMKLifetime, &sm->PTK);

More information about the Hostap mailing list