Fix FILS ERP association event with 4-way HS offload drivers

When FILS authentication is used with ERP, no EAPOL frames are expected
after association. However, for drivers that set the
WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_8021X capability flag, the EAP state
machine was not configured correctly and was waiting for EAPOL frames,
which leads to disconnection.

Fix this by reordering the if branches to set the EAPOL/EAP state
machines to success when FILS authentication was already completed.

Signed-off-by: Avraham Stern <avraham.stern@intel.com>

diff --git a/wpa_supplicant/events.c b/wpa_supplicant/events.c
index a46ef187cb9b3762e5414a20631955534fca450c..f6ec111b77b6eb6d720012c9874d28c3838d866b 100644 (file)
--- a/wpa_supplicant/events.c
+++ b/wpa_supplicant/events.c
@@ -2859,8 +2859,17 @@ static void wpa_supplicant_event_assoc(struct wpa_supplicant *wpa_s,
        }
        wpa_supplicant_cancel_scan(wpa_s);
 
-       if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_PSK) &&
-           wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt)) {
+       if (ft_completed) {
+               /*
+                * FT protocol completed - make sure EAPOL state machine ends
+                * up in authenticated.
+                */
+               wpa_supplicant_cancel_auth_timeout(wpa_s);
+               wpa_supplicant_set_state(wpa_s, WPA_COMPLETED);
+               eapol_sm_notify_portValid(wpa_s->eapol, TRUE);
+               eapol_sm_notify_eap_success(wpa_s->eapol, TRUE);
+       } else if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_PSK) &&
+                  wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt)) {
                /*
                 * We are done; the driver will take care of RSN 4-way
                 * handshake.
@@ -2877,15 +2886,6 @@ static void wpa_supplicant_event_assoc(struct wpa_supplicant *wpa_s,
                 * waiting for WPA supplicant.
                 */
                eapol_sm_notify_portValid(wpa_s->eapol, TRUE);
-       } else if (ft_completed) {
-               /*
-                * FT protocol completed - make sure EAPOL state machine ends
-                * up in authenticated.
-                */
-               wpa_supplicant_cancel_auth_timeout(wpa_s);
-               wpa_supplicant_set_state(wpa_s, WPA_COMPLETED);
-               eapol_sm_notify_portValid(wpa_s->eapol, TRUE);
-               eapol_sm_notify_eap_success(wpa_s->eapol, TRUE);
        }
 
        wpa_s->last_eapol_matches_bssid = 0;