diff --git a/src/rsn_supp/pmksa_cache.c b/src/rsn_supp/pmksa_cache.c index 4a175f166..e481dd5d6 100644 --- a/src/rsn_supp/pmksa_cache.c +++ b/src/rsn_supp/pmksa_cache.c @@ -269,7 +269,8 @@ pmksa_cache_add_entry(struct rsn_pmksa_cache *pmksa, entry->fils_cache_id_set ? entry->fils_cache_id : NULL, entry->pmk, entry->pmk_len, pmksa->sm->dot11RSNAConfigPMKLifetime, - pmksa->sm->dot11RSNAConfigPMKReauthThreshold); + pmksa->sm->dot11RSNAConfigPMKReauthThreshold, + entry->akmp); return entry; } diff --git a/src/rsn_supp/preauth.c b/src/rsn_supp/preauth.c index d4d1307a9..1a38bf6bc 100644 --- a/src/rsn_supp/preauth.c +++ b/src/rsn_supp/preauth.c @@ -349,7 +349,8 @@ void rsn_preauth_candidate_process(struct wpa_sm *sm) * PMKIDs again, so report the existing data now. */ if (p) { wpa_sm_add_pmkid(sm, NULL, candidate->bssid, p->pmkid, - NULL, p->pmk, p->pmk_len, 0, 0); + NULL, p->pmk, p->pmk_len, 0, 0, + p->akmp); } dl_list_del(&candidate->list); diff --git a/src/rsn_supp/wpa.h b/src/rsn_supp/wpa.h index f3901e01b..a4512eadc 100644 --- a/src/rsn_supp/wpa.h +++ b/src/rsn_supp/wpa.h @@ -43,7 +43,7 @@ struct wpa_sm_ctx { int (*add_pmkid)(void *ctx, void *network_ctx, const u8 *bssid, const u8 *pmkid, const u8 *fils_cache_id, const u8 *pmk, size_t pmk_len, u32 pmk_lifetime, - u8 pmk_reauth_threshold); + u8 pmk_reauth_threshold, int akmp); int (*remove_pmkid)(void *ctx, void *network_ctx, const u8 *bssid, const u8 *pmkid, const u8 *fils_cache_id); void (*set_config_blob)(void *ctx, struct wpa_config_blob *blob); diff --git a/src/rsn_supp/wpa_i.h b/src/rsn_supp/wpa_i.h index 4db925619..b2b43f4f0 100644 --- a/src/rsn_supp/wpa_i.h +++ b/src/rsn_supp/wpa_i.h @@ -268,12 +268,12 @@ static inline int wpa_sm_add_pmkid(struct wpa_sm *sm, void *network_ctx, const u8 *bssid, const u8 *pmkid, const u8 *cache_id, const u8 *pmk, size_t pmk_len, u32 pmk_lifetime, - u8 pmk_reauth_threshold) + u8 pmk_reauth_threshold, int akmp) { WPA_ASSERT(sm->ctx->add_pmkid); return sm->ctx->add_pmkid(sm->ctx->ctx, network_ctx, bssid, pmkid, cache_id, pmk, pmk_len, pmk_lifetime, - pmk_reauth_threshold); + pmk_reauth_threshold, akmp); } static inline int wpa_sm_remove_pmkid(struct wpa_sm *sm, void *network_ctx, diff --git a/wpa_supplicant/preauth_test.c b/wpa_supplicant/preauth_test.c index 4a8f4ff8f..de49948f7 100644 --- a/wpa_supplicant/preauth_test.c +++ b/wpa_supplicant/preauth_test.c @@ -154,7 +154,8 @@ static int wpa_supplicant_add_pmkid(void *wpa_s, void *network_ctx, const u8 *bssid, const u8 *pmkid, const u8 *fils_cache_id, const u8 *pmk, size_t pmk_len, - u32 pmk_lifetime, u8 pmk_reauth_threshold) + u32 pmk_lifetime, u8 pmk_reauth_threshold, + int akmp) { printf("%s - not implemented\n", __func__); return -1; diff --git a/wpa_supplicant/wpas_glue.c b/wpa_supplicant/wpas_glue.c index ec6d7858d..bafcb00e0 100644 --- a/wpa_supplicant/wpas_glue.c +++ b/wpa_supplicant/wpas_glue.c @@ -575,7 +575,8 @@ static int wpa_supplicant_add_pmkid(void *_wpa_s, void *network_ctx, const u8 *bssid, const u8 *pmkid, const u8 *fils_cache_id, const u8 *pmk, size_t pmk_len, - u32 pmk_lifetime, u8 pmk_reauth_threshold) + u32 pmk_lifetime, u8 pmk_reauth_threshold, + int akmp) { struct wpa_supplicant *wpa_s = _wpa_s; struct wpa_ssid *ssid; @@ -583,9 +584,22 @@ static int wpa_supplicant_add_pmkid(void *_wpa_s, void *network_ctx, os_memset(¶ms, 0, sizeof(params)); ssid = wpas_get_network_ctx(wpa_s, network_ctx); - if (ssid) + if (ssid) { wpa_msg(wpa_s, MSG_INFO, PMKSA_CACHE_ADDED MACSTR " %d", MAC2STR(bssid), ssid->id); + if ((akmp == WPA_KEY_MGMT_FT_IEEE8021X || + akmp == WPA_KEY_MGMT_FT_IEEE8021X_SHA384) && + !ssid->ft_eap_pmksa_caching) { + /* Since we will not be using PMKSA caching for FT-EAP + * within wpa_supplicant to avoid known interop issues + * with APs, do not add this PMKID to the driver either + * so that we won't be hitting those interop issues + * with driver-based RSNE generation. */ + wpa_printf(MSG_DEBUG, + "FT: Do not add PMKID entry to the driver since FT-EAP PMKSA caching is not enabled in configuration"); + return 0; + } + } if (ssid && fils_cache_id) { params.ssid = ssid->ssid; params.ssid_len = ssid->ssid_len;