Do not prevent Michael MIC error report based on disallowed PTK0 rekey

EAPOL-Key Request frame with Error=1 is not really a request for a new
key, so allow that frame to be sent even if PTK0 rekey is not allowed
since the supplicant is required to report Michael MIC errors to the
authenticator.

Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen 2022-05-07 11:14:50 +03:00
parent 18c0ac8901
commit e6c0e12158

View file

@ -186,7 +186,7 @@ void wpa_sm_key_request(struct wpa_sm *sm, int error, int pairwise)
u8 bssid[ETH_ALEN], *rbuf, *key_mic, *mic;
if (pairwise && sm->wpa_deny_ptk0_rekey && !sm->use_ext_key_id &&
wpa_sm_get_state(sm) == WPA_COMPLETED) {
wpa_sm_get_state(sm) == WPA_COMPLETED && !error) {
wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
"WPA: PTK0 rekey not allowed, reconnecting");
wpa_sm_reconnect(sm);