aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJouni Malinen <j@w1.fi>2016-12-18 17:56:05 (GMT)
committerJouni Malinen <j@w1.fi>2016-12-18 17:56:05 (GMT)
commite414f4f021bf8ece07178266c3da7965fbf66c74 (patch)
tree40b5163faa17127edeed1b9420cb933829fe6398
parent28fb9bb195761303345945d95b3f23716c3c70af (diff)
downloadhostap-e414f4f021bf8ece07178266c3da7965fbf66c74.zip
hostap-e414f4f021bf8ece07178266c3da7965fbf66c74.tar.gz
hostap-e414f4f021bf8ece07178266c3da7965fbf66c74.tar.bz2
PeerKey: Fix STK 4-way handshake regression
Commit c93b7e18885b07bf198e230019185b50ed622d9f ('RSN: Check result of EAPOL-Key frame send request') forgot to update two PeerKey users of EAPOL-Key TX functions. That resulted in STK handshake failing since message 2/4 and 4/4 TX calls were assumed to have failed when the return value was changed from 0 to a positive value for success case. This resulted in not updating nonce information properly and hitting following error when processing STK 4-way handshake message 3/4: RSN: INonce from message 1 of STK 4-Way Handshake differs from 3 of STK 4-Way Handshake - drop packet (src=<addr>) Signed-off-by: Jouni Malinen <j@w1.fi>
-rw-r--r--src/rsn_supp/peerkey.c7
1 files changed, 5 insertions, 2 deletions
diff --git a/src/rsn_supp/peerkey.c b/src/rsn_supp/peerkey.c
index eb51355..ce338f8 100644
--- a/src/rsn_supp/peerkey.c
+++ b/src/rsn_supp/peerkey.c
@@ -715,7 +715,8 @@ static void wpa_supplicant_process_stk_1_of_4(struct wpa_sm *sm,
if (wpa_supplicant_send_2_of_4(sm, peerkey->addr, key, ver,
peerkey->pnonce, kde_buf, kde_buf_len,
- stk)) {
+ stk) < 0) {
+ wpa_printf(MSG_INFO, "RSN: Failed to send STK message 2/4");
os_free(kde_buf);
return;
}
@@ -854,8 +855,10 @@ static void wpa_supplicant_process_stk_3_of_4(struct wpa_sm *sm,
if (wpa_supplicant_send_4_of_4(sm, peerkey->addr, key, ver,
WPA_GET_BE16(key->key_info),
- &peerkey->stk))
+ &peerkey->stk) < 0) {
+ wpa_printf(MSG_INFO, "RSN: Failed to send STK message 4/4");
return;
+ }
_key = peerkey->stk.tk;
if (peerkey->cipher == WPA_CIPHER_TKIP) {