Fix validation of RSN EAPOL-Key version for GCMP with PMF
If PMF was enabled, the validation step for EAPOL-Key descriptor version ended up rejecting the message if GCMP had been negotiated as the pairwise cipher. Fix this by making the GCMP check skipped similarly to the CCMP case if a SHA256-based AKM is used. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This commit is contained in:
		
							parent
							
								
									a7fb2f2f4f
								
							
						
					
					
						commit
						801e117376
					
				
					 1 changed files with 2 additions and 3 deletions
				
			
		|  | @ -1734,9 +1734,8 @@ int wpa_sm_rx_eapol(struct wpa_sm *sm, const u8 *src_addr, | ||||||
| 				"version for non-CCMP group keys"); | 				"version for non-CCMP group keys"); | ||||||
| 		} else | 		} else | ||||||
| 			goto out; | 			goto out; | ||||||
| 	} | 	} else if (sm->pairwise_cipher == WPA_CIPHER_GCMP && | ||||||
| 	if (sm->pairwise_cipher == WPA_CIPHER_GCMP && | 		   ver != WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) { | ||||||
| 	    ver != WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) { |  | ||||||
| 		wpa_msg(sm->ctx->msg_ctx, MSG_INFO, | 		wpa_msg(sm->ctx->msg_ctx, MSG_INFO, | ||||||
| 			"WPA: GCMP is used, but EAPOL-Key " | 			"WPA: GCMP is used, but EAPOL-Key " | ||||||
| 			"descriptor version (%d) is not 2", ver); | 			"descriptor version (%d) is not 2", ver); | ||||||
|  |  | ||||||
		Loading…
	
		Reference in a new issue
	
	 Ashok Kumar Ponnaiah
						Ashok Kumar Ponnaiah