From ab3aebcce50eb84f11e75bc3cd52fd97a7396d1a Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Wed, 27 Mar 2019 04:03:12 +0200 Subject: [PATCH] SAE: Fix PMKSA cache entry search for FT-SAE case Previously, PMKSA cache entries were search for AKM=SAE and that did not find an entry that was created with FT-SAE when trying to use FT-SAE again. That resulted in having to use full SAE authentication instead of the faster PMKSA caching alternative. Signed-off-by: Jouni Malinen --- wpa_supplicant/sme.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/wpa_supplicant/sme.c b/wpa_supplicant/sme.c index e47597855..b0fb62bb0 100644 --- a/wpa_supplicant/sme.c +++ b/wpa_supplicant/sme.c @@ -638,7 +638,10 @@ static void sme_send_authentication(struct wpa_supplicant *wpa_s, #ifdef CONFIG_SAE if (!skip_auth && params.auth_alg == WPA_AUTH_ALG_SAE && pmksa_cache_set_current(wpa_s->wpa, NULL, bss->bssid, ssid, 0, - NULL, WPA_KEY_MGMT_SAE) == 0) { + NULL, + wpa_s->key_mgmt == WPA_KEY_MGMT_FT_SAE ? + WPA_KEY_MGMT_FT_SAE : + WPA_KEY_MGMT_SAE) == 0) { wpa_dbg(wpa_s, MSG_DEBUG, "PMKSA cache entry found - try to use PMKSA caching instead of new SAE authentication"); wpa_sm_set_pmk_from_pmksa(wpa_s->wpa);