diff --git a/components/wpa_supplicant/esp_supplicant/src/esp_wps.c b/components/wpa_supplicant/esp_supplicant/src/esp_wps.c
index 1f069c8b1a..912042d6ef 100644
--- a/components/wpa_supplicant/esp_supplicant/src/esp_wps.c
+++ b/components/wpa_supplicant/esp_supplicant/src/esp_wps.c
@@ -796,6 +796,20 @@ int wps_process_wps_mX_req(u8 *ubuf, int len, enum wps_process_res *res)
     expd = (struct eap_expand *) ubuf;
     wpa_printf(MSG_DEBUG, "wps process mX req: len %d, tlen %d", len, tlen);
 
+    if (sm->state == WAIT_START) {
+        if (expd->opcode != WSC_Start) {
+            wpa_printf(MSG_DEBUG, "EAP-WSC: Unexpected Op-Code %d "
+                   "in WAIT_START state", expd->opcode);
+            return ESP_FAIL;
+        }
+        wpa_printf(MSG_DEBUG, "EAP-WSC: Received start");
+        sm->state = WPA_MESG;
+    } else if (expd->opcode == WSC_Start){
+        wpa_printf(MSG_DEBUG, "EAP-WSC: Unexpected Op-Code %d",
+                expd->opcode);
+        return ESP_FAIL;
+    }
+
     flag = *(u8 *)(ubuf + sizeof(struct eap_expand));
     if (flag & WPS_MSG_FLAG_LEN) {
         tbuf = ubuf + sizeof(struct eap_expand) + 1 + 2;//two bytes total length
@@ -848,6 +862,10 @@ int wps_process_wps_mX_req(u8 *ubuf, int len, enum wps_process_res *res)
         wps_enrollee_process_msg(sm->wps, expd->opcode, wps_buf);
     }
 
+    if (res && *res == WPS_FAILURE) {
+        sm->state = WPA_FAIL;
+    }
+
     if (wps_buf) {
         wpabuf_free(wps_buf);
         wps_buf = NULL;
@@ -983,6 +1001,7 @@ int wps_stop_process(wifi_event_sta_wps_fail_reason_t reason_code)
 
     esp_wifi_disconnect();
 
+    sm->state = WPA_FAIL;
     wpa_printf(MSG_DEBUG, "Write wps_fail_information");
 
     esp_event_send_internal(WIFI_EVENT, WIFI_EVENT_STA_WPS_ER_FAILED, &reason_code, sizeof(reason_code), portMAX_DELAY);
@@ -1867,6 +1886,7 @@ wifi_wps_scan_done(void *arg, STATUS status)
 
         wpa_printf(MSG_DEBUG, "WPS: neg start");
         esp_wifi_connect();
+        sm->state = WAIT_START;
         ets_timer_disarm(&sm->wps_msg_timeout_timer);
         ets_timer_arm(&sm->wps_msg_timeout_timer, 2000, 0);
     } else if (wps_get_status() == WPS_STATUS_SCANNING) {
@@ -1908,7 +1928,7 @@ int wifi_station_wps_start(void)
     struct wps_sm *sm = wps_sm_get();
 
     if (!sm) {
-        wpa_printf(MSG_ERROR, "WPS: wps not initial");
+        wpa_printf(MSG_ERROR, "WPS: wps is not initialized");
         return ESP_FAIL;
     }
 
diff --git a/components/wpa_supplicant/src/wps/wps.h b/components/wpa_supplicant/src/wps/wps.h
index 4164340450..d2c3e70de2 100644
--- a/components/wpa_supplicant/src/wps/wps.h
+++ b/components/wpa_supplicant/src/wps/wps.h
@@ -1021,9 +1021,18 @@ enum wps_sig_type {
 };
 #endif
 
+#ifdef ESP_SUPPLICANT
+enum wps_sm_state{
+     WAIT_START,
+     WPA_MESG,
+     WPA_FAIL
+};
+#endif /* ESP_SUPPLICANT */
+
 #define WPS_EAP_EXT_VENDOR_TYPE "WFA-SimpleConfig-Enrollee-1-0"
 #define WPS_OUTBUF_SIZE 500
 struct wps_sm {
+    u8 state;
     struct wps_config *wps_cfg;
     struct wps_context *wps_ctx;
     struct wps_data *wps;
diff --git a/components/wpa_supplicant/src/wps/wps_enrollee.c b/components/wpa_supplicant/src/wps/wps_enrollee.c
index a124713e45..2c5107eac8 100644
--- a/components/wpa_supplicant/src/wps/wps_enrollee.c
+++ b/components/wpa_supplicant/src/wps/wps_enrollee.c
@@ -1532,8 +1532,8 @@ enum wps_process_res wps_enrollee_process_msg(struct wps_data *wps,
 	}
 
 	switch (op_code) {
-        case WSC_Start:
-                return wps_process_wsc_start(wps, msg);
+	case WSC_Start:
+		return wps_process_wsc_start(wps, msg);
 	case WSC_MSG:
 	case WSC_UPnP:
 		return wps_process_wsc_msg(wps, msg);