diff options
author | Jouni Malinen <j@w1.fi> | 2009-02-15 08:28:55 (GMT) |
---|---|---|
committer | Jouni Malinen <j@w1.fi> | 2009-02-15 13:13:37 (GMT) |
commit | cca6c32ed48df5d838d1b6d81f6cb13fab7e7a7e (patch) | |
tree | f55b7a923a666a99871f734c4b47cd022b0b6d04 /src | |
parent | 56a43462cb952733cd9498adc4386a6d0ad6bf82 (diff) | |
download | hostap-06-cca6c32ed48df5d838d1b6d81f6cb13fab7e7a7e.zip hostap-06-cca6c32ed48df5d838d1b6d81f6cb13fab7e7a7e.tar.gz hostap-06-cca6c32ed48df5d838d1b6d81f6cb13fab7e7a7e.tar.bz2 |
Check EAP-AKA' AT_KDF duplication only if KDF was negotiated
This fixes an issue where two AKA'/Challenge messages are received when
resynchronizing SEQ#. Previously, this used to trigger an authentication
failure since the second Challenge message did not duplicate AT_KDF.
(cherry picked from commit 2cfcd014f4e2c9886af2e7433c40119091ff1535)
Diffstat (limited to 'src')
-rw-r--r-- | src/eap_peer/eap_aka.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/src/eap_peer/eap_aka.c b/src/eap_peer/eap_aka.c index da3df0d..f237141 100644 --- a/src/eap_peer/eap_aka.c +++ b/src/eap_peer/eap_aka.c @@ -60,6 +60,7 @@ struct eap_aka_data { u8 *network_name; size_t network_name_len; u16 kdf; + int kdf_negotiation; }; @@ -665,6 +666,7 @@ static struct wpabuf * eap_aka_prime_kdf_select(struct eap_aka_data *data, { struct eap_sim_msg *msg; + data->kdf_negotiation = 1; data->kdf = kdf; wpa_printf(MSG_DEBUG, "Generating EAP-AKA Challenge (id=%d) (KDF " "select)", id); @@ -704,7 +706,7 @@ static int eap_aka_prime_kdf_valid(struct eap_aka_data *data, /* The only allowed (and required) duplication of a KDF is the addition * of the selected KDF into the beginning of the list. */ - if (data->kdf) { + if (data->kdf_negotiation) { if (attr->kdf[0] != data->kdf) { wpa_printf(MSG_WARNING, "EAP-AKA': The server did not " "accept the selected KDF"); @@ -1251,6 +1253,7 @@ static void eap_aka_deinit_for_reauth(struct eap_sm *sm, void *priv) wpabuf_free(data->id_msgs); data->id_msgs = NULL; data->use_result_ind = 0; + data->kdf_negotiation = 0; } |