From 3bbc470502985ca1e11284e09004cdc07d6080ab Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Sun, 5 Feb 2017 13:28:42 +0200 Subject: [PATCH] Fix EAPOL-Key Install bit in Group Key 1/2 with FT and FILS auth sm->Pair needs to be initialized to TRUE since unicast cipher is supported and this is an ESS. However, the normal place for setting this (WPA_PTK::INITIALIZE) is skipped with using FT protocol or FILS authentication, so need to do that separately when forcing PTKINITDONE. Signed-off-by: Jouni Malinen --- src/ap/wpa_auth.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c index 66b2d506d..0e29e9f53 100644 --- a/src/ap/wpa_auth.c +++ b/src/ap/wpa_auth.c @@ -615,6 +615,7 @@ int wpa_auth_sta_associated(struct wpa_authenticator *wpa_auth, "start 4-way handshake"); /* Go to PTKINITDONE state to allow GTK rekeying */ sm->wpa_ptk_state = WPA_PTK_PTKINITDONE; + sm->Pair = TRUE; return 0; } #endif /* CONFIG_IEEE80211R_AP */ @@ -625,6 +626,7 @@ int wpa_auth_sta_associated(struct wpa_authenticator *wpa_auth, "FILS authentication already completed - do not start 4-way handshake"); /* Go to PTKINITDONE state to allow GTK rekeying */ sm->wpa_ptk_state = WPA_PTK_PTKINITDONE; + sm->Pair = TRUE; return 0; } #endif /* CONFIG_FILS */