Commit
b0f457b6191 ("SAE: Do not expire the current PMKSA cache entry")
depends on sm->cur_pmksa to determine if it is the current PMKSA cache
entry, but sm->cur_pmksa was not always correct for SAE in the current
implementation.
Set sm->cur_pmksa in wpa_sm_set_pmk() (which is used with SAE), and skip
clearing of sm->cur_pmksa for SAE in wpa_find_assoc_pmkid(). This latter
case was added by commit
c2080e8657f8 ("Clear current PMKSA cache
selection on association/roam") for driver-based roaming indication and
Suite B, so skipping it for SAE should be fine.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
#endif /* CONFIG_IEEE80211R */
if (bssid) {
- pmksa_cache_add(sm->pmksa, pmk, pmk_len, pmkid, NULL, 0,
- bssid, sm->own_addr,
- sm->network_ctx, sm->key_mgmt, NULL);
+ sm->cur_pmksa = pmksa_cache_add(sm->pmksa, pmk, pmk_len,
+ pmkid, NULL, 0, bssid,
+ sm->own_addr,
+ sm->network_ctx, sm->key_mgmt,
+ NULL);
}
}
struct wpa_ie_data ie;
int pmksa_set = -1;
size_t i;
-
- /* Start with assumption of no PMKSA cache entry match */
- pmksa_cache_clear_current(wpa_s->wpa);
+ struct rsn_pmksa_cache_entry *cur_pmksa;
+
+ /* Start with assumption of no PMKSA cache entry match for cases other
+ * than SAE. In particular, this is needed to generate the PMKSA cache
+ * entries for Suite B cases with driver-based roaming indication. */
+ cur_pmksa = pmksa_cache_get_current(wpa_s->wpa);
+ if (cur_pmksa && !wpa_key_mgmt_sae(cur_pmksa->akmp))
+ pmksa_cache_clear_current(wpa_s->wpa);
if (wpa_sm_parse_own_wpa_ie(wpa_s->wpa, &ie) < 0 ||
ie.pmkid == NULL)
projects / thirdparty / hostap.git / commitdiff
