From: Jouni Malinen <j@w1.fi>
Date: Sat, 7 May 2022 17:34:07 +0000 (+0300)
Subject: FILS: Set pairwise_set when configuring TK after association
X-Git-Tag: hostap_2_11~1938
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7ee814201b72ef963094fe71c805da061d1e0ef1;p=thirdparty%2Fhostap.git

FILS: Set pairwise_set when configuring TK after association

sm->pairwise_set needs to be set whenever the TK has been configured to
the driver to request following EAPOL frames to be encrypted (or more
specifically, not to request them to not be encrypted). The FILS case
missed this setting and that could result in rekeying or
reauthentication in an associated started with FILS not working
correctly.

Fixes: da24c5aa1c47 ("FILS: Set TK after association (AP)")
Signed-off-by: Jouni Malinen <j@w1.fi>
---

diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c
index 0cf603c10..f817c4a7e 100644
--- a/src/ap/wpa_auth.c
+++ b/src/ap/wpa_auth.c
@@ -2883,6 +2883,7 @@ int fils_set_tk(struct wpa_state_machine *sm)
 		wpa_printf(MSG_DEBUG, "FILS: Failed to set TK to the driver");
 		return -1;
 	}
+	sm->pairwise_set = true;
 	sm->tk_already_set = true;
 
 	wpa_auth_store_ptksa(sm->wpa_auth, sm->addr, sm->pairwise,