path: root/src/rsn_supp/pmksa_cache.h
diff options
authorJouni Malinen <jouni@qca.qualcomm.com>2013-05-22 10:24:30 (GMT)
committerJouni Malinen <j@w1.fi>2013-05-22 10:24:30 (GMT)
commit4033935dd9098938838d6d7934ceb65f92a1fa3c (patch)
treefcdeab2522f0e981e81c35a399fec7a27bab3db3 /src/rsn_supp/pmksa_cache.h
parent1045ec36a38ff583b2629f37ca90a7a1f4de5336 (diff)
Fix OKC-based PMKSA cache entry clearing
Commit c3fea272747f738f5723fc577371fe03711d988f added a call to clear all other PMKSA cache entries for the same network if the PMKSA cache entry of the current AP changed. This was needed to fix OKC cases since the other APs would likely use the new PMK in the future. However, this ended up clearing entries in cases where that is not desired and this resulted in needing additional full EAP authentication with networks that did not support OKC if wpa_supplicant was configured to try to use it. Make PMKSA cache entry flushing more limited so that the other entries are removed only if they used the old PMK that was replaced for the current AP and only if that PMK had previously been used successfully (i.e., opportunistic flag was already cleared back to 0 in wpa_supplicant_key_neg_complete()). This is still enough to fix the issue described in that older commit while not causing problems for standard PMKSA caching operations even if OKC is enabled in wpa_supplicant configuration. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Diffstat (limited to 'src/rsn_supp/pmksa_cache.h')
1 files changed, 2 insertions, 1 deletions
diff --git a/src/rsn_supp/pmksa_cache.h b/src/rsn_supp/pmksa_cache.h
index 6f3dfb3..d5aa229 100644
--- a/src/rsn_supp/pmksa_cache.h
+++ b/src/rsn_supp/pmksa_cache.h
@@ -66,7 +66,8 @@ int pmksa_cache_set_current(struct wpa_sm *sm, const u8 *pmkid,
struct rsn_pmksa_cache_entry *
pmksa_cache_get_opportunistic(struct rsn_pmksa_cache *pmksa,
void *network_ctx, const u8 *aa);
-void pmksa_cache_flush(struct rsn_pmksa_cache *pmksa, void *network_ctx);
+void pmksa_cache_flush(struct rsn_pmksa_cache *pmksa, void *network_ctx,
+ const u8 *pmk, size_t pmk_len);
#else /* IEEE8021X_EAPOL and !CONFIG_NO_WPA2 */