From: Jouni Malinen <jouni@codeaurora.org>
Date: Thu, 28 Mar 2019 01:27:35 +0000 (+0200)
Subject: Prefer FT-SAE over FT-PSK if both are enabled
X-Git-Tag: hostap_2_8~149
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=9af1eea37a08bfa31f48d1c2b54f05805c2bf1e8;p=thirdparty%2Fhostap.git

Prefer FT-SAE over FT-PSK if both are enabled

FT-SAE is considered stronger than FT-PSK, so prefer it over FT-PSK
similarly to how SAE is preferred over WPA-PSK.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
---

diff --git a/wpa_supplicant/wpa_supplicant.c b/wpa_supplicant/wpa_supplicant.c
index 60e47a3e5..7c9f58105 100644
--- a/wpa_supplicant/wpa_supplicant.c
+++ b/wpa_supplicant/wpa_supplicant.c
@@ -1464,9 +1464,6 @@ int wpa_supplicant_set_suites(struct wpa_supplicant *wpa_s,
 				"WPA: Disable PMKSA caching for FT/802.1X connection");
 			pmksa_cache_clear_current(wpa_s->wpa);
 		}
-	} else if (sel & WPA_KEY_MGMT_FT_PSK) {
-		wpa_s->key_mgmt = WPA_KEY_MGMT_FT_PSK;
-		wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT FT/PSK");
 #endif /* CONFIG_IEEE80211R */
 #ifdef CONFIG_DPP
 	} else if (sel & WPA_KEY_MGMT_DPP) {
@@ -1481,6 +1478,11 @@ int wpa_supplicant_set_suites(struct wpa_supplicant *wpa_s,
 		wpa_s->key_mgmt = WPA_KEY_MGMT_SAE;
 		wpa_dbg(wpa_s, MSG_DEBUG, "RSN: using KEY_MGMT SAE");
 #endif /* CONFIG_SAE */
+#ifdef CONFIG_IEEE80211R
+	} else if (sel & WPA_KEY_MGMT_FT_PSK) {
+		wpa_s->key_mgmt = WPA_KEY_MGMT_FT_PSK;
+		wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT FT/PSK");
+#endif /* CONFIG_IEEE80211R */
 #ifdef CONFIG_IEEE80211W
 	} else if (sel & WPA_KEY_MGMT_IEEE8021X_SHA256) {
 		wpa_s->key_mgmt = WPA_KEY_MGMT_IEEE8021X_SHA256;