diff --git a/src/common/wpa_common.c b/src/common/wpa_common.c index 82a5a174f..3d04650d3 100644 --- a/src/common/wpa_common.c +++ b/src/common/wpa_common.c @@ -1216,7 +1216,8 @@ int wpa_cipher_valid_group(int cipher) int wpa_cipher_valid_mgmt_group(int cipher) { - return cipher == WPA_CIPHER_AES_128_CMAC || + return cipher == WPA_CIPHER_GTK_NOT_USED || + cipher == WPA_CIPHER_AES_128_CMAC || cipher == WPA_CIPHER_BIP_GMAC_128 || cipher == WPA_CIPHER_BIP_GMAC_256 || cipher == WPA_CIPHER_BIP_CMAC_256; diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c index e07527ba5..834658324 100644 --- a/src/rsn_supp/wpa.c +++ b/src/rsn_supp/wpa.c @@ -1306,7 +1306,8 @@ static int ieee80211w_set_keys(struct wpa_sm *sm, { size_t len; - if (!wpa_cipher_valid_mgmt_group(sm->mgmt_group_cipher)) + if (!wpa_cipher_valid_mgmt_group(sm->mgmt_group_cipher) || + sm->mgmt_group_cipher == WPA_CIPHER_GTK_NOT_USED) return 0; if (ie->igtk) { @@ -1665,6 +1666,7 @@ static void wpa_supplicant_process_3_of_4(struct wpa_sm *sm, } if (ie.igtk && + sm->mgmt_group_cipher != WPA_CIPHER_GTK_NOT_USED && wpa_cipher_valid_mgmt_group(sm->mgmt_group_cipher) && ie.igtk_len != WPA_IGTK_KDE_PREFIX_LEN + (unsigned int) wpa_cipher_key_len(sm->mgmt_group_cipher)) {