RSNO: Do not enforce SNonce cookie and RSN Selection match if RSNO not used
A STA that supports RSN overriding will always use the SNonce cookie. An AP that does not advertise RSN overriding elements must not enforce that SNonce cookie is used with RSN Selection element since a STA includes the latter only when it sees the AP advertising RSN overriding elements. Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
This commit is contained in:
parent
70b8f64faf
commit
66d8ac8ccc
1 changed files with 10 additions and 8 deletions
|
@ -3920,14 +3920,16 @@ SM_STATE(WPA_PTK, PTKCALCNEGOTIATING)
|
|||
#endif /* CONFIG_IEEE80211R_AP */
|
||||
|
||||
/* Verify RSN Selection element for RSN overriding */
|
||||
if ((rsn_is_snonce_cookie(sm->SNonce) && !kde.rsn_selection) ||
|
||||
if ((wpa_auth->conf.rsn_override_key_mgmt ||
|
||||
wpa_auth->conf.rsn_override_key_mgmt_2) &&
|
||||
((rsn_is_snonce_cookie(sm->SNonce) && !kde.rsn_selection) ||
|
||||
(!rsn_is_snonce_cookie(sm->SNonce) && kde.rsn_selection) ||
|
||||
(sm->rsn_selection && !kde.rsn_selection) ||
|
||||
(!sm->rsn_selection && kde.rsn_selection) ||
|
||||
(sm->rsn_selection && kde.rsn_selection &&
|
||||
(sm->rsn_selection_len != kde.rsn_selection_len ||
|
||||
os_memcmp(sm->rsn_selection, kde.rsn_selection,
|
||||
sm->rsn_selection_len) != 0))) {
|
||||
sm->rsn_selection_len) != 0)))) {
|
||||
wpa_auth_logger(wpa_auth, wpa_auth_get_spa(sm), LOGGER_INFO,
|
||||
"RSN Selection element from (Re)AssocReq did not match the one in EAPOL-Key msg 2/4");
|
||||
wpa_printf(MSG_DEBUG,
|
||||
|
|
Loading…
Reference in a new issue