Clear OKC-based PMKSA caching entries if PMK is changed

Whenever PMK gets changed (e.g., due to re-authentication), all PMKSA
caching entries that were created using the previous PMK needs to be
replaced. Previously, only the entry for the current AP was cleared.
Flush the other entries based on network_ctx matches to get rid of the
OKC entries. These entries can then be re-creating using OKC with the
new PMK.

diff --git a/src/rsn_supp/pmksa_cache.c b/src/rsn_supp/pmksa_cache.c
index fe3d8da2bd53f117add29463998a1e30395a9acf..04c9d297220dffff845a8bef865bcb525f458125 100644 (file)
--- a/src/rsn_supp/pmksa_cache.c
+++ b/src/rsn_supp/pmksa_cache.c
@@ -186,6 +186,14 @@ pmksa_cache_add(struct rsn_pmksa_cache *pmksa, const u8 *pmk, size_t pmk_len,
                        wpa_printf(MSG_DEBUG, "RSN: Replace PMKSA entry for "
                                   "the current AP");
                        pmksa_cache_free_entry(pmksa, pos, 1);
+
+                       /*
+                        * If OKC is used, there may be other PMKSA cache
+                        * entries based on the same PMK. These needs to be
+                        * flushed so that a new entry can be created based on
+                        * the new PMK.
+                        */
+                       pmksa_cache_flush(pmksa, network_ctx);
                        break;
                }
                prev = pos;