From: Seongsu Choi Date: Tue, 30 Aug 2022 04:21:16 +0000 (+0900) Subject: Fix wrong AKM priority for FILS X-Git-Tag: hostap_2_11~1755 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=03f7f633a2511dc9200d39c89979e926f28fb53c;p=thirdparty%2Fhostap.git Fix wrong AKM priority for FILS According to the OCE specification, the STA shall select the AKM in priority order from the list below. 1. FT Authentication over FILS (SHA-384) 00-0F-AC:17 2. FILS (SHA-384) 00-0F-AC:15 3. FT Authentication over FILS (SHA-256) 00-0F-AC:16 4. FILS (SHA-256) 00-0F-AC:14 5. FT Authentication using IEEE Std 802.1X (SHA-256) 00-0F-AC:3 6. Authentication using IEEE Std 802.1X (SHA-256) 00-0F-AC:5 7. Authentication using IEEE Std 802.1X 00-0F-AC:1 Move the FT-FILS-SHA256 check to be after the FILS-SHA384 one to match this. Signed-off-by: Seongsu Choi --- diff --git a/wpa_supplicant/wpa_supplicant.c b/wpa_supplicant/wpa_supplicant.c index f91609bd7..09ba7cda9 100644 --- a/wpa_supplicant/wpa_supplicant.c +++ b/wpa_supplicant/wpa_supplicant.c @@ -1691,13 +1691,15 @@ int wpa_supplicant_set_suites(struct wpa_supplicant *wpa_s, } else if (sel & WPA_KEY_MGMT_FT_FILS_SHA384) { wpa_s->key_mgmt = WPA_KEY_MGMT_FT_FILS_SHA384; wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT FT-FILS-SHA384"); - } else if (sel & WPA_KEY_MGMT_FT_FILS_SHA256) { - wpa_s->key_mgmt = WPA_KEY_MGMT_FT_FILS_SHA256; - wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT FT-FILS-SHA256"); #endif /* CONFIG_IEEE80211R */ } else if (sel & WPA_KEY_MGMT_FILS_SHA384) { wpa_s->key_mgmt = WPA_KEY_MGMT_FILS_SHA384; wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT FILS-SHA384"); +#ifdef CONFIG_IEEE80211R + } else if (sel & WPA_KEY_MGMT_FT_FILS_SHA256) { + wpa_s->key_mgmt = WPA_KEY_MGMT_FT_FILS_SHA256; + wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT FT-FILS-SHA256"); +#endif /* CONFIG_IEEE80211R */ } else if (sel & WPA_KEY_MGMT_FILS_SHA256) { wpa_s->key_mgmt = WPA_KEY_MGMT_FILS_SHA256; wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT FILS-SHA256");