SAE: Fix PMKSA cache entry search for FT-SAE case

Previously, PMKSA cache entries were search for AKM=SAE and that did not find an entry that was created with FT-SAE when trying to use FT-SAE again. That resulted in having to use full SAE authentication instead of the faster PMKSA caching alternative. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-03-27 04:03:12 +02:00 · 2019-03-27 04:03:12 +02:00 · ab3aebcce5
parent 253ce212ee
commit ab3aebcce5
1 changed files with 4 additions and 1 deletions
--- a/wpa_supplicant/sme.c
+++ b/wpa_supplicant/sme.c
@ -638,7 +638,10 @@ static void sme_send_authentication(struct wpa_supplicant *wpa_s,
 #ifdef CONFIG_SAE
 	if (!skip_auth && params.auth_alg == WPA_AUTH_ALG_SAE &&
 	    pmksa_cache_set_current(wpa_s->wpa, NULL, bss->bssid, ssid, 0,
-				    NULL, WPA_KEY_MGMT_SAE) == 0) {
+				    NULL,
+				    wpa_s->key_mgmt == WPA_KEY_MGMT_FT_SAE ?
+				    WPA_KEY_MGMT_FT_SAE :
+				    WPA_KEY_MGMT_SAE) == 0) {
 		wpa_dbg(wpa_s, MSG_DEBUG,
 			"PMKSA cache entry found - try to use PMKSA caching instead of new SAE authentication");
 		wpa_sm_set_pmk_from_pmksa(wpa_s->wpa);