diff --git a/wpa_supplicant/notify.c b/wpa_supplicant/notify.c index 0c3f291d2..8f3e10378 100644 --- a/wpa_supplicant/notify.c +++ b/wpa_supplicant/notify.c @@ -386,6 +386,10 @@ void wpas_notify_network_removed(struct wpa_supplicant *wpa_s, wpa_s->last_ssid = NULL; if (wpa_s->current_ssid == ssid) wpa_s->current_ssid = NULL; +#if defined(CONFIG_SME) && defined(CONFIG_SAE) + if (wpa_s->sme.ext_auth_wpa_ssid == ssid) + wpa_s->sme.ext_auth_wpa_ssid = NULL; +#endif /* CONFIG_SME && CONFIG_SAE */ if (wpa_s->wpa) wpa_sm_pmksa_cache_flush(wpa_s->wpa, ssid); if (!ssid->p2p_group && wpa_s->global->p2p_group_formation != wpa_s && diff --git a/wpa_supplicant/sme.c b/wpa_supplicant/sme.c index ecddb3576..41b67f8eb 100644 --- a/wpa_supplicant/sme.c +++ b/wpa_supplicant/sme.c @@ -1113,6 +1113,7 @@ static void sme_send_external_auth_status(struct wpa_supplicant *wpa_s, { struct external_auth params; + wpa_s->sme.ext_auth_wpa_ssid = NULL; os_memset(¶ms, 0, sizeof(params)); params.status = status; params.ssid = wpa_s->sme.ext_auth_ssid; @@ -1131,6 +1132,7 @@ static int sme_handle_external_auth_start(struct wpa_supplicant *wpa_s, size_t ssid_str_len = data->external_auth.ssid_len; const u8 *ssid_str = data->external_auth.ssid; + wpa_s->sme.ext_auth_wpa_ssid = NULL; /* Get the SSID conf from the ssid string obtained */ for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next) { if (!wpas_network_disabled(wpa_s, ssid) && @@ -1139,6 +1141,7 @@ static int sme_handle_external_auth_start(struct wpa_supplicant *wpa_s, wpa_key_mgmt_sae(ssid->key_mgmt)) { /* Make sure PT is derived */ wpa_s_setup_sae_pt(wpa_s->conf, ssid); + wpa_s->sme.ext_auth_wpa_ssid = ssid; break; } } @@ -1267,7 +1270,8 @@ static int sme_sae_auth(struct wpa_supplicant *wpa_s, u16 auth_transaction, if (auth_transaction == 1 && status_code == WLAN_STATUS_ANTI_CLOGGING_TOKEN_REQ && wpa_s->sme.sae.state == SAE_COMMITTED && - (external || wpa_s->current_bss) && wpa_s->current_ssid) { + ((external && wpa_s->sme.ext_auth_wpa_ssid) || + (!external && wpa_s->current_bss && wpa_s->current_ssid))) { int default_groups[] = { 19, 20, 21, 0 }; u16 group; const u8 *token_pos; @@ -1329,14 +1333,15 @@ static int sme_sae_auth(struct wpa_supplicant *wpa_s, u16 auth_transaction, else sme_external_auth_send_sae_commit( wpa_s, wpa_s->sme.ext_auth_bssid, - wpa_s->current_ssid); + wpa_s->sme.ext_auth_wpa_ssid); return 0; } if (auth_transaction == 1 && status_code == WLAN_STATUS_FINITE_CYCLIC_GROUP_NOT_SUPPORTED && wpa_s->sme.sae.state == SAE_COMMITTED && - (external || wpa_s->current_bss) && wpa_s->current_ssid) { + ((external && wpa_s->sme.ext_auth_wpa_ssid) || + (!external && wpa_s->current_bss && wpa_s->current_ssid))) { wpa_dbg(wpa_s, MSG_DEBUG, "SME: SAE group not supported"); int_array_add_unique(&wpa_s->sme.sae_rejected_groups, wpa_s->sme.sae.group); @@ -1350,7 +1355,7 @@ static int sme_sae_auth(struct wpa_supplicant *wpa_s, u16 auth_transaction, else sme_external_auth_send_sae_commit( wpa_s, wpa_s->sme.ext_auth_bssid, - wpa_s->current_ssid); + wpa_s->sme.ext_auth_wpa_ssid); return 0; } @@ -1382,8 +1387,9 @@ static int sme_sae_auth(struct wpa_supplicant *wpa_s, u16 auth_transaction, groups = wpa_s->conf->sae_groups; wpa_dbg(wpa_s, MSG_DEBUG, "SME SAE commit"); - if ((!external && wpa_s->current_bss == NULL) || - wpa_s->current_ssid == NULL) + if ((external && !wpa_s->sme.ext_auth_wpa_ssid) || + (!external && + (!wpa_s->current_bss || !wpa_s->current_ssid))) return -1; if (wpa_s->sme.sae.state != SAE_COMMITTED) { wpa_printf(MSG_DEBUG, diff --git a/wpa_supplicant/wpa_supplicant_i.h b/wpa_supplicant/wpa_supplicant_i.h index f027bd64b..84a22a296 100644 --- a/wpa_supplicant/wpa_supplicant_i.h +++ b/wpa_supplicant/wpa_supplicant_i.h @@ -1022,6 +1022,7 @@ struct wpa_supplicant { unsigned int sae_pmksa_caching:1; u16 seq_num; u8 ext_auth_bssid[ETH_ALEN]; + struct wpa_ssid *ext_auth_wpa_ssid; u8 ext_auth_ssid[SSID_MAX_LEN]; size_t ext_auth_ssid_len; int *sae_rejected_groups;