Remove unreachable PMKSA cache entry addition on Access-Accept
The previous implementation used an obsolete sm->eapol_key_crypt pointer which was not set anywhere (i.e., was always NULL). In addition, the condition of sm->eap_if->eapKeyAvailable was not valid here since this is the case of MSK from an external authentication server and not the internal EAP server. Consequently, the wpa_auth_pmksa_add() call here was never used. The PMKSA cache was still added, but it happened at the completion of the 4-way handshake rather than at the completion of EAP authentication. That later location looks better, so delete the unreachable code in Access-Accept handling. In addition, remove the now complete unused struct eapol_state_machine eapol_key_* variables. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This commit is contained in:
parent
1b822f52e6
commit
ae7d9fbd3d
2 changed files with 0 additions and 15 deletions
|
@ -1715,15 +1715,6 @@ ieee802_1x_receive_auth(struct radius_msg *msg, struct radius_msg *req,
|
|||
ieee802_1x_check_hs20(hapd, sta, msg,
|
||||
session_timeout_set ?
|
||||
(int) session_timeout : -1);
|
||||
if (sm->eap_if->eapKeyAvailable && !sta->remediation &&
|
||||
!sta->hs20_deauth_requested &&
|
||||
wpa_auth_pmksa_add(sta->wpa_sm, sm->eapol_key_crypt,
|
||||
session_timeout_set ?
|
||||
(int) session_timeout : -1, sm) == 0) {
|
||||
hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_WPA,
|
||||
HOSTAPD_LEVEL_DEBUG,
|
||||
"Added PMKSA cache entry");
|
||||
}
|
||||
break;
|
||||
case RADIUS_CODE_ACCESS_REJECT:
|
||||
sm->eap_if->aaaFail = TRUE;
|
||||
|
|
|
@ -162,12 +162,6 @@ struct eapol_state_machine {
|
|||
struct radius_class_data radius_class;
|
||||
struct wpabuf *radius_cui; /* Chargeable-User-Identity */
|
||||
|
||||
/* Keys for encrypting and signing EAPOL-Key frames */
|
||||
u8 *eapol_key_sign;
|
||||
size_t eapol_key_sign_len;
|
||||
u8 *eapol_key_crypt;
|
||||
size_t eapol_key_crypt_len;
|
||||
|
||||
struct eap_sm *eap;
|
||||
|
||||
Boolean initializing; /* in process of initializing state machines */
|
||||
|
|
Loading…
Reference in a new issue