jeltz/hostap
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Reject the initial 4-way handshake if initial GTK setup fails

Browse source 
This makes the AP/Authenticator design more robust against unexpected
failures in random number generation.

Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen 2015-06-28 21:40:37 +03:00
parent 2da525651d
commit aac1efec34
1 changed files with 7 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
src/ap/wpa_auth.c
View file

@ -1841,9 +1841,13 @@ static void wpa_group_ensure_init(struct wpa_authenticator *wpa_auth,
group->reject_4way_hs_for_entropy = FALSE; group->reject_4way_hs_for_entropy = FALSE;
} }
wpa_group_init_gmk_and_counter(wpa_auth, group); if (wpa_group_init_gmk_and_counter(wpa_auth, group) < 0 ||
wpa_gtk_update(wpa_auth, group); wpa_gtk_update(wpa_auth, group) < 0 ||
wpa_group_config_group_keys(wpa_auth, group); wpa_group_config_group_keys(wpa_auth, group) < 0) {
wpa_printf(MSG_INFO, "WPA: GMK/GTK setup failed");
group->first_sta_seen = FALSE;
group->reject_4way_hs_for_entropy = TRUE;
}
} }