From ae7d9fbd3d037f7e123f71cbe29f858c901a1532 Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Wed, 14 Oct 2015 01:12:44 +0300 Subject: [PATCH] Remove unreachable PMKSA cache entry addition on Access-Accept The previous implementation used an obsolete sm->eapol_key_crypt pointer which was not set anywhere (i.e., was always NULL). In addition, the condition of sm->eap_if->eapKeyAvailable was not valid here since this is the case of MSK from an external authentication server and not the internal EAP server. Consequently, the wpa_auth_pmksa_add() call here was never used. The PMKSA cache was still added, but it happened at the completion of the 4-way handshake rather than at the completion of EAP authentication. That later location looks better, so delete the unreachable code in Access-Accept handling. In addition, remove the now complete unused struct eapol_state_machine eapol_key_* variables. Signed-off-by: Jouni Malinen --- src/ap/ieee802_1x.c | 9 --------- src/eapol_auth/eapol_auth_sm_i.h | 6 ------ 2 files changed, 15 deletions(-) diff --git a/src/ap/ieee802_1x.c b/src/ap/ieee802_1x.c index c18449322..0c4d6aecd 100644 --- a/src/ap/ieee802_1x.c +++ b/src/ap/ieee802_1x.c @@ -1715,15 +1715,6 @@ ieee802_1x_receive_auth(struct radius_msg *msg, struct radius_msg *req, ieee802_1x_check_hs20(hapd, sta, msg, session_timeout_set ? (int) session_timeout : -1); - if (sm->eap_if->eapKeyAvailable && !sta->remediation && - !sta->hs20_deauth_requested && - wpa_auth_pmksa_add(sta->wpa_sm, sm->eapol_key_crypt, - session_timeout_set ? - (int) session_timeout : -1, sm) == 0) { - hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_WPA, - HOSTAPD_LEVEL_DEBUG, - "Added PMKSA cache entry"); - } break; case RADIUS_CODE_ACCESS_REJECT: sm->eap_if->aaaFail = TRUE; diff --git a/src/eapol_auth/eapol_auth_sm_i.h b/src/eapol_auth/eapol_auth_sm_i.h index a29b49c90..aa3e117e1 100644 --- a/src/eapol_auth/eapol_auth_sm_i.h +++ b/src/eapol_auth/eapol_auth_sm_i.h @@ -162,12 +162,6 @@ struct eapol_state_machine { struct radius_class_data radius_class; struct wpabuf *radius_cui; /* Chargeable-User-Identity */ - /* Keys for encrypting and signing EAPOL-Key frames */ - u8 *eapol_key_sign; - size_t eapol_key_sign_len; - u8 *eapol_key_crypt; - size_t eapol_key_crypt_len; - struct eap_sm *eap; Boolean initializing; /* in process of initializing state machines */