aboutsummaryrefslogtreecommitdiffstats
path: root/src/eap_peer
diff options
context:
space:
mode:
authorJouni Malinen <j@w1.fi>2009-02-15 08:28:55 (GMT)
committerJouni Malinen <j@w1.fi>2009-02-15 13:13:37 (GMT)
commitcca6c32ed48df5d838d1b6d81f6cb13fab7e7a7e (patch)
treef55b7a923a666a99871f734c4b47cd022b0b6d04 /src/eap_peer
parent56a43462cb952733cd9498adc4386a6d0ad6bf82 (diff)
downloadhostap-06-cca6c32ed48df5d838d1b6d81f6cb13fab7e7a7e.zip
hostap-06-cca6c32ed48df5d838d1b6d81f6cb13fab7e7a7e.tar.gz
hostap-06-cca6c32ed48df5d838d1b6d81f6cb13fab7e7a7e.tar.bz2
Check EAP-AKA' AT_KDF duplication only if KDF was negotiated
This fixes an issue where two AKA'/Challenge messages are received when resynchronizing SEQ#. Previously, this used to trigger an authentication failure since the second Challenge message did not duplicate AT_KDF. (cherry picked from commit 2cfcd014f4e2c9886af2e7433c40119091ff1535)
Diffstat (limited to 'src/eap_peer')
-rw-r--r--src/eap_peer/eap_aka.c5
1 files changed, 4 insertions, 1 deletions
diff --git a/src/eap_peer/eap_aka.c b/src/eap_peer/eap_aka.c
index da3df0d..f237141 100644
--- a/src/eap_peer/eap_aka.c
+++ b/src/eap_peer/eap_aka.c
@@ -60,6 +60,7 @@ struct eap_aka_data {
u8 *network_name;
size_t network_name_len;
u16 kdf;
+ int kdf_negotiation;
};
@@ -665,6 +666,7 @@ static struct wpabuf * eap_aka_prime_kdf_select(struct eap_aka_data *data,
{
struct eap_sim_msg *msg;
+ data->kdf_negotiation = 1;
data->kdf = kdf;
wpa_printf(MSG_DEBUG, "Generating EAP-AKA Challenge (id=%d) (KDF "
"select)", id);
@@ -704,7 +706,7 @@ static int eap_aka_prime_kdf_valid(struct eap_aka_data *data,
/* The only allowed (and required) duplication of a KDF is the addition
* of the selected KDF into the beginning of the list. */
- if (data->kdf) {
+ if (data->kdf_negotiation) {
if (attr->kdf[0] != data->kdf) {
wpa_printf(MSG_WARNING, "EAP-AKA': The server did not "
"accept the selected KDF");
@@ -1251,6 +1253,7 @@ static void eap_aka_deinit_for_reauth(struct eap_sm *sm, void *priv)
wpabuf_free(data->id_msgs);
data->id_msgs = NULL;
data->use_result_ind = 0;
+ data->kdf_negotiation = 0;
}