path: root/wpa_supplicant/ibss_rsn.c
diff options
authorAlexander Wetzel <alexander@wetzel-home.de>2020-01-10 22:19:09 (GMT)
committerJouni Malinen <j@w1.fi>2020-02-23 11:05:19 (GMT)
commit1f90a49d028debceb748ab91b7685ae774451e8f (patch)
tree039a94724d640b46232122ec7a9d311fe665be7f /wpa_supplicant/ibss_rsn.c
parent1a7963e36fa67b865fd1486ce863e612e6b6a052 (diff)
STA: Allow PTK rekeying without Ext KeyID to be disabled as a workaround
Rekeying a pairwise key using only keyid 0 (PTK0 rekey) has many broken implementations and should be avoided when using or interacting with one. The effects can be triggered by either end of the connection and range from hardly noticeable disconnects over long connection freezes up to leaking clear text MPDUs. To allow affected users to mitigate the issues, add a new configuration option "wpa_deny_ptk0_rekey" to replace all PTK0 rekeys with fast reconnects. Signed-off-by: Alexander Wetzel <alexander@wetzel-home.de>
Diffstat (limited to 'wpa_supplicant/ibss_rsn.c')
1 files changed, 7 insertions, 0 deletions
diff --git a/wpa_supplicant/ibss_rsn.c b/wpa_supplicant/ibss_rsn.c
index 37368c4..d143040 100644
--- a/wpa_supplicant/ibss_rsn.c
+++ b/wpa_supplicant/ibss_rsn.c
@@ -206,6 +206,12 @@ static void supp_deauthenticate(void * ctx, u16 reason_code)
+static void supp_reconnect(void *ctx)
+ wpa_printf(MSG_DEBUG, "SUPP: %s (TODO)", __func__);
static int ibss_rsn_supp_init(struct ibss_rsn_peer *peer, const u8 *own_addr,
const u8 *psk)
@@ -225,6 +231,7 @@ static int ibss_rsn_supp_init(struct ibss_rsn_peer *peer, const u8 *own_addr,
ctx->mlme_setprotection = supp_mlme_setprotection;
ctx->cancel_auth_timeout = supp_cancel_auth_timeout;
ctx->deauthenticate = supp_deauthenticate;
+ ctx->reconnect = supp_reconnect;
peer->supp = wpa_sm_init(ctx);
if (peer->supp == NULL) {
wpa_printf(MSG_DEBUG, "SUPP: wpa_sm_init() failed");