aboutsummaryrefslogtreecommitdiffstats
path: root/wpa_supplicant
diff options
context:
space:
mode:
authorVidyullatha Kanchanapally <vkanchan@qti.qualcomm.com>2017-07-12 09:29:16 (GMT)
committerJouni Malinen <j@w1.fi>2017-07-14 18:11:35 (GMT)
commitb377ec2585b9ab2839898c6f40d03a9a768bd89f (patch)
tree51da325f2834dac5b93f715004b0368ddeb1a08b /wpa_supplicant
parent9f44f7f3b520b45bcf28281e4ccc479851bbf04c (diff)
downloadhostap-b377ec2585b9ab2839898c6f40d03a9a768bd89f.zip
hostap-b377ec2585b9ab2839898c6f40d03a9a768bd89f.tar.gz
hostap-b377ec2585b9ab2839898c6f40d03a9a768bd89f.tar.bz2
FILS: Fix issuing FILS connect to a non-FILS AP in driver-FILS case
If an AP is not FILS capable and wpa_supplicant has a saved network block for the network with FILS key management and a saved erp info, wpa_supplicant might end up issuing a FILS connection to a non-FILS AP. Fix this by looking for the presence of FILS AKMs in wpa_s->key_mgmt, i.e., after deciding on the AKM suites to use for the current connection. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Diffstat (limited to 'wpa_supplicant')
-rw-r--r--wpa_supplicant/wpa_supplicant.c89
1 files changed, 43 insertions, 46 deletions
diff --git a/wpa_supplicant/wpa_supplicant.c b/wpa_supplicant/wpa_supplicant.c
index 08168d3..9263d8a 100644
--- a/wpa_supplicant/wpa_supplicant.c
+++ b/wpa_supplicant/wpa_supplicant.c
@@ -2305,6 +2305,7 @@ static void wpas_start_assoc_cb(struct wpa_radio_work *work, int deinit)
const u8 *realm, *username, *rrk;
size_t realm_len, username_len, rrk_len;
u16 next_seq_num;
+ struct fils_hlp_req *req;
#endif /* CONFIG_FILS */
if (deinit) {
@@ -2384,56 +2385,14 @@ static void wpas_start_assoc_cb(struct wpa_radio_work *work, int deinit)
* previous association. */
wpa_sm_set_assoc_wpa_ie(wpa_s->wpa, NULL, 0);
-#ifdef IEEE8021X_EAPOL
- if (ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
- if (ssid->leap) {
- if (ssid->non_leap == 0)
- algs = WPA_AUTH_ALG_LEAP;
- else
- algs |= WPA_AUTH_ALG_LEAP;
- }
- }
-
#ifdef CONFIG_FILS
- /* Clear FILS association */
- wpa_sm_set_reset_fils_completed(wpa_s->wpa, 0);
-
- if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_FILS_SK_OFFLOAD) &&
- ssid->eap.erp && wpa_key_mgmt_fils(ssid->key_mgmt) &&
- eapol_sm_get_erp_info(wpa_s->eapol, &ssid->eap, &username,
- &username_len, &realm, &realm_len,
- &next_seq_num, &rrk, &rrk_len) == 0) {
- algs = WPA_AUTH_ALG_FILS;
- params.fils_erp_username = username;
- params.fils_erp_username_len = username_len;
- params.fils_erp_realm = realm;
- params.fils_erp_realm_len = realm_len;
- params.fils_erp_next_seq_num = next_seq_num;
- params.fils_erp_rrk = rrk;
- params.fils_erp_rrk_len = rrk_len;
+ dl_list_for_each(req, &wpa_s->fils_hlp_req, struct fils_hlp_req,
+ list) {
+ max_wpa_ie_len += 3 + 2 * ETH_ALEN + 6 + wpabuf_len(req->pkt) +
+ 2 + 2 * wpabuf_len(req->pkt) / 255;
}
#endif /* CONFIG_FILS */
-#endif /* IEEE8021X_EAPOL */
- wpa_dbg(wpa_s, MSG_DEBUG, "Automatic auth_alg selection: 0x%x", algs);
- if (ssid->auth_alg) {
- algs = ssid->auth_alg;
- wpa_dbg(wpa_s, MSG_DEBUG, "Overriding auth_alg selection: "
- "0x%x", algs);
- }
-
-#ifdef CONFIG_FILS
- if (algs == WPA_AUTH_ALG_FILS) {
- struct fils_hlp_req *req;
-
- dl_list_for_each(req, &wpa_s->fils_hlp_req, struct fils_hlp_req,
- list) {
- max_wpa_ie_len += 3 + 2 * ETH_ALEN + 6 +
- wpabuf_len(req->pkt) +
- 2 + 2 * wpabuf_len(req->pkt) / 255;
- }
- }
-#endif /* CONFIG_FILS */
wpa_ie = os_malloc(max_wpa_ie_len);
if (!wpa_ie) {
wpa_printf(MSG_ERROR,
@@ -2514,6 +2473,44 @@ static void wpas_start_assoc_cb(struct wpa_radio_work *work, int deinit)
wpa_s->wpa_proto = 0;
}
+#ifdef IEEE8021X_EAPOL
+ if (ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
+ if (ssid->leap) {
+ if (ssid->non_leap == 0)
+ algs = WPA_AUTH_ALG_LEAP;
+ else
+ algs |= WPA_AUTH_ALG_LEAP;
+ }
+ }
+
+#ifdef CONFIG_FILS
+ /* Clear FILS association */
+ wpa_sm_set_reset_fils_completed(wpa_s->wpa, 0);
+
+ if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_FILS_SK_OFFLOAD) &&
+ ssid->eap.erp && wpa_key_mgmt_fils(wpa_s->key_mgmt) &&
+ eapol_sm_get_erp_info(wpa_s->eapol, &ssid->eap, &username,
+ &username_len, &realm, &realm_len,
+ &next_seq_num, &rrk, &rrk_len) == 0) {
+ algs = WPA_AUTH_ALG_FILS;
+ params.fils_erp_username = username;
+ params.fils_erp_username_len = username_len;
+ params.fils_erp_realm = realm;
+ params.fils_erp_realm_len = realm_len;
+ params.fils_erp_next_seq_num = next_seq_num;
+ params.fils_erp_rrk = rrk;
+ params.fils_erp_rrk_len = rrk_len;
+ }
+#endif /* CONFIG_FILS */
+#endif /* IEEE8021X_EAPOL */
+
+ wpa_dbg(wpa_s, MSG_DEBUG, "Automatic auth_alg selection: 0x%x", algs);
+ if (ssid->auth_alg) {
+ algs = ssid->auth_alg;
+ wpa_dbg(wpa_s, MSG_DEBUG,
+ "Overriding auth_alg selection: 0x%x", algs);
+ }
+
#ifdef CONFIG_P2P
if (wpa_s->global->p2p) {
u8 *pos;