After FILS completed there was no path to setting sm->pairwise_set since the 4-way handshake is not done for FILS. This posed a problem on rekeys because the EAPoL frames would be sent without transport encryption. Since there is in fact a PMK set in the driver all frames should be sent with transport encryption even for a rekey. This patch sets sm->pairwise_set true after the TK is set into the driver after FILS completes which allows a future rekey to use encryption. --- src/ap/wpa_auth.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c index 6d60f2629..6942764de 100644 --- a/src/ap/wpa_auth.c +++ b/src/ap/wpa_auth.c @@ -2869,6 +2869,7 @@ int fils_set_tk(struct wpa_state_machine *sm) return -1; } sm->tk_already_set = true; + sm->pairwise_set = true; wpa_auth_store_ptksa(sm->wpa_auth, sm->addr, sm->pairwise, dot11RSNAConfigPMKLifetime, &sm->PTK); -- 2.34.1 _______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap
