Fix validation of RSN EAPOL-Key version for GCMP with PMF

If PMF was enabled, the validation step for EAPOL-Key descriptor version
ended up rejecting the message if GCMP had been negotiated as the
pairwise cipher. Fix this by making the GCMP check skipped similarly to
the CCMP case if a SHA256-based AKM is used.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This commit is contained in:
Ashok Kumar Ponnaiah 2014-06-02 17:03:33 +03:00 committed by Jouni Malinen
parent a7fb2f2f4f
commit 801e117376

View file

@ -1734,8 +1734,7 @@ int wpa_sm_rx_eapol(struct wpa_sm *sm, const u8 *src_addr,
"version for non-CCMP group keys");
} else
goto out;
}
if (sm->pairwise_cipher == WPA_CIPHER_GCMP &&
} else if (sm->pairwise_cipher == WPA_CIPHER_GCMP &&
ver != WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) {
wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
"WPA: GCMP is used, but EAPOL-Key "