From 6c8842f0e025a3cb08cb2d47db154e0eaeaa0706 Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Sat, 20 Mar 2021 13:36:55 +0200 Subject: [PATCH] Fix full EAP authentication after PMKSA cache add failure Need to get EAP state machine into a state where it is willing to proceed with a new EAP-Request/Identity if PMKSA cache addition fails after a successful EAP authentication before the initial 4-way handshake can be completed. Signed-off-by: Jouni Malinen --- src/rsn_supp/wpa.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c index 9a5ba7b87..672d66428 100644 --- a/src/rsn_supp/wpa.c +++ b/src/rsn_supp/wpa.c @@ -451,6 +451,10 @@ static int wpa_supplicant_get_pmk(struct wpa_sm *sm, buf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_START, NULL, 0, &buflen, NULL); if (buf) { + /* Set and reset eapFail to allow EAP state machine to + * proceed with new authentication. */ + eapol_sm_notify_eap_fail(sm->eapol, true); + eapol_sm_notify_eap_fail(sm->eapol, false); wpa_sm_ether_send(sm, sm->bssid, ETH_P_EAPOL, buf, buflen); os_free(buf);