WPS: Set EAPOL workarounds dynamically based on association

Previously, the shorter startWhen value was used based on build
parameters (i.e., if WPS was enabled). This is not really ideal and the
knowledge of WPS use can be provided to the EAPOL state machine to allow
this (and similar WPS workarounds) to be done only when the association
is for the purpose of WPS.

Reduce the default startWhen value from 3 to 2 seconds for non-WPS case
since WPS builds have likely received most testing for the past years
with the 1 second value and there is no strong justification for forcing
the longer 3 second wait should a frame be lost or something else
require the EAPOL-Start to initiate operation after a connection.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

diff --git a/src/eapol_supp/eapol_supp_sm.c b/src/eapol_supp/eapol_supp_sm.c
index cf3506d..70258be 100644 (file)
--- a/src/eapol_supp/eapol_supp_sm.c
+++ b/src/eapol_supp/eapol_supp_sm.c
@@ -255,12 +255,14 @@ SM_STATE(SUPP_PAE, CONNECTING)
                 * delay authentication. Use a short timeout to send the first
                 * EAPOL-Start if Authenticator does not start authentication.
                 */
-#ifdef CONFIG_WPS
-               /* Reduce latency on starting WPS negotiation. */
-               sm->startWhen = 1;
-#else /* CONFIG_WPS */
-               sm->startWhen = 3;
-#endif /* CONFIG_WPS */
+               if (sm->conf.wps) {
+                       /* Reduce latency on starting WPS negotiation. */
+                       wpa_printf(MSG_DEBUG,
+                                  "EAPOL: Using shorter startWhen for WPS");
+                       sm->startWhen = 1;
+               } else {
+                       sm->startWhen = 2;
+               }
        }
        eapol_enable_timer_tick(sm);
        sm->eapolEap = FALSE;
@@ -1242,7 +1244,7 @@ int eapol_sm_rx_eapol(struct eapol_sm *sm, const u8 *src, const u8 *buf,
                return 0;
        }
 #ifdef CONFIG_WPS
-       if (sm->conf.workaround &&
+       if (sm->conf.wps && sm->conf.workaround &&
            plen < len - sizeof(*hdr) &&
            hdr->type == IEEE802_1X_TYPE_EAP_PACKET &&
            len - sizeof(*hdr) > sizeof(struct eap_hdr)) {
@@ -1491,6 +1493,7 @@ void eapol_sm_notify_config(struct eapol_sm *sm,
        sm->conf.required_keys = conf->required_keys;
        sm->conf.fast_reauth = conf->fast_reauth;
        sm->conf.workaround = conf->workaround;
+       sm->conf.wps = conf->wps;
 #ifdef CONFIG_EAP_PROXY
        if (sm->use_eap_proxy) {
                /* Using EAP Proxy, so skip EAP state machine update */

diff --git a/src/eapol_supp/eapol_supp_sm.h b/src/eapol_supp/eapol_supp_sm.h
index d76c8c2..5b37314 100644 (file)
--- a/src/eapol_supp/eapol_supp_sm.h
+++ b/src/eapol_supp/eapol_supp_sm.h
@@ -58,6 +58,11 @@ struct eapol_config {
         * external_sim - Use external processing for SIM/USIM operations
         */
        int external_sim;
+
+       /**
+        * wps - Whether this connection is used for WPS
+        */
+       int wps;
 };
 
 struct eapol_sm;

diff --git a/wpa_supplicant/wpa_supplicant.c b/wpa_supplicant/wpa_supplicant.c
index 9414e8f..9e3fe84 100644 (file)
--- a/wpa_supplicant/wpa_supplicant.c
+++ b/wpa_supplicant/wpa_supplicant.c
@@ -297,6 +297,7 @@ void wpa_supplicant_initiate_eapol(struct wpa_supplicant *wpa_s)
                wpa_s->key_mgmt != WPA_KEY_MGMT_IEEE8021X_NO_WPA &&
                wpa_s->key_mgmt != WPA_KEY_MGMT_WPS;
        eapol_conf.external_sim = wpa_s->conf->external_sim;
+       eapol_conf.wps = wpa_s->key_mgmt == WPA_KEY_MGMT_WPS;
        eapol_sm_notify_config(wpa_s->eapol, &ssid->eap, &eapol_conf);
 #endif /* IEEE8021X_EAPOL */