From 2598e693031810acb1aef6d50f54d12ac48d0c2f Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Mon, 23 Apr 2018 18:25:59 +0300 Subject: [PATCH] FILS: Enable SHA256 KDF even without PMF/SAE in the build While it is unlikely that FILS would be used without PMF or SAE in the build, it is possible to generate such a build and as such, it would be good for the KDF selection to work properly. Add CONFIG_FILS as an independent condition for the SHA256-based KDF. Previously, this combination would have resulted in failure to derive keys and terminated key management exchange. Signed-off-by: Jouni Malinen --- src/common/wpa_common.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/common/wpa_common.c b/src/common/wpa_common.c index 8fca56960..6587b29c4 100644 --- a/src/common/wpa_common.c +++ b/src/common/wpa_common.c @@ -382,14 +382,14 @@ int wpa_pmk_to_ptk(const u8 *pmk, size_t pmk_len, const char *label, return -1; #endif /* CONFIG_SUITEB192 || CONFIG_FILS */ } else if (wpa_key_mgmt_sha256(akmp) || akmp == WPA_KEY_MGMT_OWE) { -#if defined(CONFIG_IEEE80211W) || defined(CONFIG_SAE) +#if defined(CONFIG_IEEE80211W) || defined(CONFIG_SAE) || defined(CONFIG_FILS) wpa_printf(MSG_DEBUG, "WPA: PTK derivation using PRF(SHA256)"); if (sha256_prf(pmk, pmk_len, label, data, sizeof(data), tmp, ptk_len) < 0) return -1; -#else /* CONFIG_IEEE80211W or CONFIG_SAE */ +#else /* CONFIG_IEEE80211W or CONFIG_SAE or CONFIG_FILS */ return -1; -#endif /* CONFIG_IEEE80211W or CONFIG_SAE */ +#endif /* CONFIG_IEEE80211W or CONFIG_SAE or CONFIG_FILS */ #ifdef CONFIG_DPP } else if (akmp == WPA_KEY_MGMT_DPP && pmk_len == 32) { wpa_printf(MSG_DEBUG, "WPA: PTK derivation using PRF(SHA256)");