From fdd731bd4adc5c012c99da5a1b83717814d5ac1a Mon Sep 17 00:00:00 2001
From: Jouni Malinen <j@w1.fi>
Date: Wed, 24 Jun 2015 20:42:48 +0300
Subject: [PATCH] SAE: Fix PWE generation to use minimum loop count (k)
 properly

The implementation did not match the comment, i.e., only k-1 rounds were
required instead of k.

Signed-off-by: Jouni Malinen <j@w1.fi>
---
 src/common/sae.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/common/sae.c b/src/common/sae.c
index 850dd5f15..9d25b2b34 100644
--- a/src/common/sae.c
+++ b/src/common/sae.c
@@ -326,7 +326,7 @@ static int sae_derive_pwe_ecc(struct sae_data *sae, const u8 *addr1,
 	 * attacks that attempt to determine the number of iterations required
 	 * in the loop.
 	 */
-	for (counter = 1; counter < k || !found; counter++) {
+	for (counter = 1; counter <= k || !found; counter++) {
 		u8 pwd_seed[SHA256_MAC_LEN];
 		int res;