DGNum/hostapd
6
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

Fix validation of RSN EAPOL-Key version for GCMP with PMF

Browse source 
If PMF was enabled, the validation step for EAPOL-Key descriptor version
ended up rejecting the message if GCMP had been negotiated as the
pairwise cipher. Fix this by making the GCMP check skipped similarly to
the CCMP case if a SHA256-based AKM is used.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This commit is contained in:
Ashok Kumar Ponnaiah 2014-06-02 17:03:33 +03:00 committed by Jouni Malinen
parent a7fb2f2f4f
commit 801e117376
1 changed files with 2 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
src/rsn_supp/wpa.c
View file

@ -1734,9 +1734,8 @@ int wpa_sm_rx_eapol(struct wpa_sm *sm, const u8 *src_addr,
"version for non-CCMP group keys");
} else
goto out;
}
if (sm->pairwise_cipher == WPA_CIPHER_GCMP &&
ver != WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) {
} else if (sm->pairwise_cipher == WPA_CIPHER_GCMP &&
ver != WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) {
wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
"WPA: GCMP is used, but EAPOL-Key "
"descriptor version (%d) is not 2", ver);