mesh: Fix PMKSA cache entry addition with external PMKSA management

The length of the PMK ended up getting lost when a PMKSA cache entry was
added based on externally managed information. Set the PMK length in SAE
context to get the correct length stored into the actual PMKSA cache
entry that gets created in this path.

Signed-off-by: Jouni Malinen <j@w1.fi>

diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c
index bffbc64d9910347b9f5b797706e808e5a3ed8769..74a10a4af4d8ea6bab653dcf2620a83c2d51b0f0 100644 (file)
--- a/src/ap/wpa_auth.c
+++ b/src/ap/wpa_auth.c
@@ -5868,13 +5868,14 @@ wpa_auth_pmksa_get(struct wpa_authenticator *wpa_auth, const u8 *sta_addr,
 void wpa_auth_pmksa_set_to_sm(struct rsn_pmksa_cache_entry *pmksa,
                              struct wpa_state_machine *sm,
                              struct wpa_authenticator *wpa_auth,
-                             u8 *pmkid, u8 *pmk)
+                             u8 *pmkid, u8 *pmk, size_t *pmk_len)
 {
        if (!sm)
                return;
 
        sm->pmksa = pmksa;
-       os_memcpy(pmk, pmksa->pmk, PMK_LEN);
+       os_memcpy(pmk, pmksa->pmk, pmksa->pmk_len);
+       *pmk_len = pmksa->pmk_len;
        os_memcpy(pmkid, pmksa->pmkid, PMKID_LEN);
        os_memcpy(wpa_auth->dot11RSNAPMKIDUsed, pmksa->pmkid, PMKID_LEN);
 }

diff --git a/src/ap/wpa_auth.h b/src/ap/wpa_auth.h
index 7e3dcbf3991feb3c6fc23a3ecd405e12c39c2643..058d999025512c77c6b1612673019920c3ce7414 100644 (file)
--- a/src/ap/wpa_auth.h
+++ b/src/ap/wpa_auth.h
@@ -507,7 +507,7 @@ wpa_auth_pmksa_get_fils_cache_id(struct wpa_authenticator *wpa_auth,
 void wpa_auth_pmksa_set_to_sm(struct rsn_pmksa_cache_entry *pmksa,
                              struct wpa_state_machine *sm,
                              struct wpa_authenticator *wpa_auth,
-                             u8 *pmkid, u8 *pmk);
+                             u8 *pmkid, u8 *pmk, size_t *pmk_len);
 int wpa_auth_sta_set_vlan(struct wpa_state_machine *sm, int vlan_id);
 void wpa_auth_eapol_key_tx_status(struct wpa_authenticator *wpa_auth,
                                  struct wpa_state_machine *sm, int ack);

diff --git a/wpa_supplicant/mesh_rsn.c b/wpa_supplicant/mesh_rsn.c
index 12dcc302d03faf8750793e0976845ef9b79587d1..902c4bb7f40b42f1bea8660e00749058e0428637 100644 (file)
--- a/wpa_supplicant/mesh_rsn.c
+++ b/wpa_supplicant/mesh_rsn.c
@@ -386,7 +386,8 @@ int mesh_rsn_auth_sae_sta(struct wpa_supplicant *wpa_s,
                           " - try to use PMKSA caching instead of new SAE authentication",
                           MAC2STR(sta->addr));
                wpa_auth_pmksa_set_to_sm(pmksa, sta->wpa_sm, hapd->wpa_auth,
-                                        sta->sae->pmkid, sta->sae->pmk);
+                                        sta->sae->pmkid, sta->sae->pmk,
+                                        &sta->sae->pmk_len);
                sae_accept_sta(hapd, sta);
                sta->mesh_sae_pmksa_caching = 1;
                return 0;