eapol: Use the require_handshake flag for FILS

In both FT or FILS EAPoL isn't used for the initial handshake and only
for the later re-keys.  For FT we added the
eapol_sm_set_require_handshake mechanism to tell EAPoL to not require
the initial handshake and we can re-use it for FILS.

src/eapol.c

@@ -2399,16 +2399,6 @@ bool eapol_start(struct eapol_sm *sm)
 
 	sm->started = true;
 
-	/*
-	 * FILS only uses the 4-way for rekeys, so only started needs to be set,
-	 * then we wait for a rekey.
-	 */
-	if (sm->handshake->akm_suite & (IE_RSN_AKM_SUITE_FILS_SHA256 |
-			IE_RSN_AKM_SUITE_FILS_SHA384 |
-			IE_RSN_AKM_SUITE_FT_OVER_FILS_SHA384 |
-			IE_RSN_AKM_SUITE_FT_OVER_FILS_SHA256))
-		return true;
-
 	if (sm->require_handshake)
 		sm->timeout = l_timeout_create(eapol_4way_handshake_time,
 				eapol_timeout, sm, NULL);

src/netdev.c

@@ -2071,6 +2071,12 @@ static void netdev_associate_event(struct l_genl_msg *msg,
 	if (netdev->ap) {
 		ret = auth_proto_rx_associate(netdev->ap, frame, frame_len);
 		if (ret == 0) {
+			bool fils = !!(netdev->handshake->akm_suite &
+					(IE_RSN_AKM_SUITE_FILS_SHA256 |
+					 IE_RSN_AKM_SUITE_FILS_SHA384 |
+					 IE_RSN_AKM_SUITE_FT_OVER_FILS_SHA384 |
+					 IE_RSN_AKM_SUITE_FT_OVER_FILS_SHA256));
+
 			auth_proto_free(netdev->ap);
 			netdev->ap = NULL;
 
@@ -2081,15 +2087,15 @@ static void netdev_associate_event(struct l_genl_msg *msg,
 			netdev->ignore_connect_event = false;
 
 			/*
-			 * If in FT we need to prevent the 4-way handshake from
+			 * If in FT and/or FILS we don't force an initial 4-way
-			 * happening, and instead just wait for rekeys
+			 * handshake and instead just keep the EAPoL state
+			 * machine for the rekeys.
 			 */
-			if (netdev->in_ft) {
+			if (netdev->in_ft || fils)
 				eapol_sm_set_require_handshake(netdev->sm,
 								false);
-				netdev->in_ft = false;
-			}
 
+			netdev->in_ft = false;
 			return;
 		} else if (ret == -EAGAIN) {
 			/*