From: Shiva Sankar Gajula Date: Wed, 13 Jan 2021 10:44:03 +0000 (+0530) Subject: FT: Update key mgmt properly in RSNE during roaming X-Git-Tag: hostap_2_10~708 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=71718b628b9f0b868dfa6d869db9b0ce4be1de88;p=thirdparty%2Fhostap.git FT: Update key mgmt properly in RSNE during roaming When STA is performing roam from WPA3 AP to WPA2 AP, the STA was including key mgmt FT-SAE instead of FT-PSK in FT Authentication request RSNE when using driver-based SME. This is because the RSNE/MDE/FTE were updated and forwarded to the driver using the NL80211_CMD_UPDATE_FT_IES command before updating key mgmt properly. Because of this, the AP is rejecting FT Authentication request with WLAN_REASON_UNSPECIFIED reason code which is due to the invalid keymgmt in RSNE. Fix this by reordering IE population to happen earlier in the sequence so that the updated key mgmt information can be provided when using NL80211_CMD_UPDATE_FT_IES. Signed-off-by: Shiva Sankar Gajula --- diff --git a/wpa_supplicant/wpa_supplicant.c b/wpa_supplicant/wpa_supplicant.c index fc0574e03..c3e747260 100644 --- a/wpa_supplicant/wpa_supplicant.c +++ b/wpa_supplicant/wpa_supplicant.c @@ -3487,6 +3487,20 @@ static void wpas_start_assoc_cb(struct wpa_radio_work *work, int deinit) os_memset(¶ms, 0, sizeof(params)); wpa_s->reassociate = 0; wpa_s->eap_expected_failure = 0; + + /* Starting new association, so clear the possibly used WPA IE from the + * previous association. */ + wpa_sm_set_assoc_wpa_ie(wpa_s->wpa, NULL, 0); + wpa_sm_set_assoc_rsnxe(wpa_s->wpa, NULL, 0); + wpa_s->rsnxe_len = 0; + wpa_s->mscs_setup_done = false; + + wpa_ie = wpas_populate_assoc_ies(wpa_s, bss, ssid, ¶ms, NULL); + if (!wpa_ie) { + wpas_connect_work_done(wpa_s); + return; + } + if (bss && (!wpas_driver_bss_selection(wpa_s) || wpas_wps_searching(wpa_s))) { #ifdef CONFIG_IEEE80211R @@ -3535,19 +3549,6 @@ static void wpas_start_assoc_cb(struct wpa_radio_work *work, int deinit) wpa_supplicant_cancel_scan(wpa_s); - /* Starting new association, so clear the possibly used WPA IE from the - * previous association. */ - wpa_sm_set_assoc_wpa_ie(wpa_s->wpa, NULL, 0); - wpa_sm_set_assoc_rsnxe(wpa_s->wpa, NULL, 0); - wpa_s->rsnxe_len = 0; - wpa_s->mscs_setup_done = false; - - wpa_ie = wpas_populate_assoc_ies(wpa_s, bss, ssid, ¶ms, NULL); - if (!wpa_ie) { - wpas_connect_work_done(wpa_s); - return; - } - wpa_clear_keys(wpa_s, bss ? bss->bssid : NULL); use_crypt = 1; cipher_pairwise = wpa_s->pairwise_cipher;