aboutsummaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorJouni Malinen <jouni@qca.qualcomm.com>2015-10-13 22:12:44 (GMT)
committerJouni Malinen <j@w1.fi>2015-10-14 15:43:26 (GMT)
commitae7d9fbd3d037f7e123f71cbe29f858c901a1532 (patch)
treedc60630758720e341782dfb0035b714fff258a08 /src
parent1b822f52e6356e78938f285d511d458e202fbc76 (diff)
downloadhostap-ae7d9fbd3d037f7e123f71cbe29f858c901a1532.zip
hostap-ae7d9fbd3d037f7e123f71cbe29f858c901a1532.tar.gz
hostap-ae7d9fbd3d037f7e123f71cbe29f858c901a1532.tar.bz2
Remove unreachable PMKSA cache entry addition on Access-Accept
The previous implementation used an obsolete sm->eapol_key_crypt pointer which was not set anywhere (i.e., was always NULL). In addition, the condition of sm->eap_if->eapKeyAvailable was not valid here since this is the case of MSK from an external authentication server and not the internal EAP server. Consequently, the wpa_auth_pmksa_add() call here was never used. The PMKSA cache was still added, but it happened at the completion of the 4-way handshake rather than at the completion of EAP authentication. That later location looks better, so delete the unreachable code in Access-Accept handling. In addition, remove the now complete unused struct eapol_state_machine eapol_key_* variables. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Diffstat (limited to 'src')
-rw-r--r--src/ap/ieee802_1x.c9
-rw-r--r--src/eapol_auth/eapol_auth_sm_i.h6
2 files changed, 0 insertions, 15 deletions
diff --git a/src/ap/ieee802_1x.c b/src/ap/ieee802_1x.c
index c184493..0c4d6ae 100644
--- a/src/ap/ieee802_1x.c
+++ b/src/ap/ieee802_1x.c
@@ -1715,15 +1715,6 @@ ieee802_1x_receive_auth(struct radius_msg *msg, struct radius_msg *req,
ieee802_1x_check_hs20(hapd, sta, msg,
session_timeout_set ?
(int) session_timeout : -1);
- if (sm->eap_if->eapKeyAvailable && !sta->remediation &&
- !sta->hs20_deauth_requested &&
- wpa_auth_pmksa_add(sta->wpa_sm, sm->eapol_key_crypt,
- session_timeout_set ?
- (int) session_timeout : -1, sm) == 0) {
- hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_WPA,
- HOSTAPD_LEVEL_DEBUG,
- "Added PMKSA cache entry");
- }
break;
case RADIUS_CODE_ACCESS_REJECT:
sm->eap_if->aaaFail = TRUE;
diff --git a/src/eapol_auth/eapol_auth_sm_i.h b/src/eapol_auth/eapol_auth_sm_i.h
index a29b49c..aa3e117 100644
--- a/src/eapol_auth/eapol_auth_sm_i.h
+++ b/src/eapol_auth/eapol_auth_sm_i.h
@@ -162,12 +162,6 @@ struct eapol_state_machine {
struct radius_class_data radius_class;
struct wpabuf *radius_cui; /* Chargeable-User-Identity */
- /* Keys for encrypting and signing EAPOL-Key frames */
- u8 *eapol_key_sign;
- size_t eapol_key_sign_len;
- u8 *eapol_key_crypt;
- size_t eapol_key_crypt_len;
-
struct eap_sm *eap;
Boolean initializing; /* in process of initializing state machines */