basebuilder_pel7x64builder0
6 years ago
5 changed files with 411 additions and 11 deletions
@ -0,0 +1,96 @@ |
|||||||
|
From d89edb6112f54fb65036c31eba291bda5fcad2b3 Mon Sep 17 00:00:00 2001 |
||||||
|
Message-Id: <d89edb6112f54fb65036c31eba291bda5fcad2b3.1522770749.git.davide.caratti@gmail.com> |
||||||
|
From: Davide Caratti <davide.caratti@gmail.com> |
||||||
|
Date: Wed, 28 Mar 2018 16:34:56 +0200 |
||||||
|
Subject: [PATCH] wpa_supplicant: Don't reply to EAPOL if pkt_type is |
||||||
|
PACKET_OTHERHOST |
||||||
|
|
||||||
|
When wpa_supplicant is running on a Linux interface that is configured in |
||||||
|
promiscuous mode, and it is not a member of a bridge, incoming EAPOL |
||||||
|
packets are processed regardless of the Destination Address in the frame. |
||||||
|
As a consequence, there are situations where wpa_supplicant replies to |
||||||
|
EAPOL packets that are not destined for it. |
||||||
|
|
||||||
|
This behavior seems undesired (see IEEE Std 802.1X-2010, 11.4.a), and can |
||||||
|
be avoided by attaching a BPF filter that lets the kernel discard packets |
||||||
|
having pkt_type equal to PACKET_OTHERHOST. |
||||||
|
|
||||||
|
Signed-off-by: Davide Caratti <davide.caratti@gmail.com> |
||||||
|
--- |
||||||
|
src/l2_packet/l2_packet.h | 1 + |
||||||
|
src/l2_packet/l2_packet_linux.c | 23 +++++++++++++++++++++++ |
||||||
|
wpa_supplicant/wpa_supplicant.c | 5 +++++ |
||||||
|
3 files changed, 29 insertions(+) |
||||||
|
|
||||||
|
diff --git a/src/l2_packet/l2_packet.h b/src/l2_packet/l2_packet.h |
||||||
|
index 2a4524582..53871774b 100644 |
||||||
|
--- a/src/l2_packet/l2_packet.h |
||||||
|
+++ b/src/l2_packet/l2_packet.h |
||||||
|
@@ -42,6 +42,7 @@ struct l2_ethhdr { |
||||||
|
enum l2_packet_filter_type { |
||||||
|
L2_PACKET_FILTER_DHCP, |
||||||
|
L2_PACKET_FILTER_NDISC, |
||||||
|
+ L2_PACKET_FILTER_PKTTYPE, |
||||||
|
}; |
||||||
|
|
||||||
|
/** |
||||||
|
diff --git a/src/l2_packet/l2_packet_linux.c b/src/l2_packet/l2_packet_linux.c |
||||||
|
index 65b490679..291c9dd26 100644 |
||||||
|
--- a/src/l2_packet/l2_packet_linux.c |
||||||
|
+++ b/src/l2_packet/l2_packet_linux.c |
||||||
|
@@ -84,6 +84,26 @@ static const struct sock_fprog ndisc_sock_filter = { |
||||||
|
.filter = ndisc_sock_filter_insns, |
||||||
|
}; |
||||||
|
|
||||||
|
+/* drop packet if skb->pkt_type is PACKET_OTHERHOST (0x03). Generated by: |
||||||
|
+ * $ bpfc - <<EOF |
||||||
|
+ * > ldb #type |
||||||
|
+ * > jeq #0x03, drop |
||||||
|
+ * > pass: ret #-1 |
||||||
|
+ * > drop: ret #0 |
||||||
|
+ * > EOF |
||||||
|
+ */ |
||||||
|
+static struct sock_filter pkt_type_filter_insns[] = { |
||||||
|
+ { 0x30, 0, 0, 0xfffff004 }, |
||||||
|
+ { 0x15, 1, 0, 0x00000003 }, |
||||||
|
+ { 0x6, 0, 0, 0xffffffff }, |
||||||
|
+ { 0x6, 0, 0, 0x00000000 }, |
||||||
|
+}; |
||||||
|
+ |
||||||
|
+static const struct sock_fprog pkt_type_sock_filter = { |
||||||
|
+ .len = ARRAY_SIZE(pkt_type_filter_insns), |
||||||
|
+ .filter = pkt_type_filter_insns, |
||||||
|
+}; |
||||||
|
+ |
||||||
|
|
||||||
|
int l2_packet_get_own_addr(struct l2_packet_data *l2, u8 *addr) |
||||||
|
{ |
||||||
|
@@ -471,6 +491,9 @@ int l2_packet_set_packet_filter(struct l2_packet_data *l2, |
||||||
|
case L2_PACKET_FILTER_NDISC: |
||||||
|
sock_filter = &ndisc_sock_filter; |
||||||
|
break; |
||||||
|
+ case L2_PACKET_FILTER_PKTTYPE: |
||||||
|
+ sock_filter = &pkt_type_sock_filter; |
||||||
|
+ break; |
||||||
|
default: |
||||||
|
return -1; |
||||||
|
} |
||||||
|
diff --git a/wpa_supplicant/wpa_supplicant.c b/wpa_supplicant/wpa_supplicant.c |
||||||
|
index 2a05ef910..dcec68a03 100644 |
||||||
|
--- a/wpa_supplicant/wpa_supplicant.c |
||||||
|
+++ b/wpa_supplicant/wpa_supplicant.c |
||||||
|
@@ -4014,6 +4014,11 @@ int wpa_supplicant_update_mac_addr(struct wpa_supplicant *wpa_s) |
||||||
|
wpa_supplicant_rx_eapol, wpa_s, 0); |
||||||
|
if (wpa_s->l2 == NULL) |
||||||
|
return -1; |
||||||
|
+ |
||||||
|
+ if (l2_packet_set_packet_filter(wpa_s->l2, |
||||||
|
+ L2_PACKET_FILTER_PKTTYPE)) |
||||||
|
+ wpa_dbg(wpa_s, MSG_DEBUG, |
||||||
|
+ "Failed to attach pkt_type filter"); |
||||||
|
} else { |
||||||
|
const u8 *addr = wpa_drv_get_mac_addr(wpa_s); |
||||||
|
if (addr) |
||||||
|
-- |
||||||
|
2.14.3 |
||||||
|
|
@ -0,0 +1,158 @@ |
|||||||
|
From 175c8ec5f46fbe544eb71b80d83ed517a3c81ba4 Mon Sep 17 00:00:00 2001 |
||||||
|
From: Beniamino Galvani <bgalvani@redhat.com> |
||||||
|
Date: Thu, 15 Feb 2018 11:50:01 +0100 |
||||||
|
Subject: [PATCH] wpa_supplicant: Fix auth failure when the MAC is updated |
||||||
|
externally |
||||||
|
|
||||||
|
When connecting to a WPA-EAP network and the MAC address is changed |
||||||
|
just before the association (for example by NetworkManager, which sets |
||||||
|
a random MAC during scans), the authentication sometimes fails in the |
||||||
|
following way ('####' logs added by me): |
||||||
|
|
||||||
|
wpa_supplicant logs: |
||||||
|
wlan0: WPA: RX message 1 of 4-Way Handshake from 02:00:00:00:01:00 (ver=1) |
||||||
|
RSN: msg 1/4 key data - hexdump(len=22): dd 14 00 0f ac 04 d8 21 9d a5 73 98 88 26 ef 03 d2 ce f7 04 7d 23 |
||||||
|
WPA: PMKID in EAPOL-Key - hexdump(len=22): dd 14 00 0f ac 04 d8 21 9d a5 73 98 88 26 ef 03 d2 ce f7 04 7d 23 |
||||||
|
RSN: PMKID from Authenticator - hexdump(len=16): d8 21 9d a5 73 98 88 26 ef 03 d2 ce f7 04 7d 23 |
||||||
|
wlan0: RSN: no matching PMKID found |
||||||
|
EAPOL: Successfully fetched key (len=32) |
||||||
|
WPA: PMK from EAPOL state machines - hexdump(len=32): [REMOVED] |
||||||
|
#### WPA: rsn_pmkid(): |
||||||
|
#### WPA: aa - hexdump(len=6): 02 00 00 00 01 00 |
||||||
|
#### WPA: spa - hexdump(len=6): 66 20 cf ab 8c dc |
||||||
|
#### WPA: PMK - hexdump(len=32): b5 24 76 4f 6f 50 8c f6 a1 2e 24 b8 07 4e 9a 13 1b 94 c4 a8 1f 7e 22 d6 ed fc 7d 43 c7 77 b6 f7 |
||||||
|
#### WPA: computed PMKID - hexdump(len=16): ea 73 67 b1 8e 5f 18 43 58 24 e8 1c 47 23 87 71 |
||||||
|
RSN: Replace PMKSA entry for the current AP and any PMKSA cache entry that was based on the old PMK |
||||||
|
nl80211: Delete PMKID for 02:00:00:00:01:00 |
||||||
|
wlan0: RSN: PMKSA cache entry free_cb: 02:00:00:00:01:00 reason=1 |
||||||
|
RSN: Added PMKSA cache entry for 02:00:00:00:01:00 network_ctx=0x5630bf85a270 |
||||||
|
nl80211: Add PMKID for 02:00:00:00:01:00 |
||||||
|
wlan0: RSN: PMKID mismatch - authentication server may have derived different MSK?! |
||||||
|
|
||||||
|
hostapd logs: |
||||||
|
WPA: PMK from EAPOL state machine (MSK len=64 PMK len=32) |
||||||
|
WPA: 02:00:00:00:00:00 WPA_PTK entering state PTKSTART |
||||||
|
wlan1: STA 02:00:00:00:00:00 WPA: sending 1/4 msg of 4-Way Handshake |
||||||
|
#### WPA: rsn_pmkid(): |
||||||
|
#### WPA: aa - hexdump(len=6): 02 00 00 00 01 00 |
||||||
|
#### WPA: spa - hexdump(len=6): 02 00 00 00 00 00 |
||||||
|
#### WPA: PMK - hexdump(len=32): b5 24 76 4f 6f 50 8c f6 a1 2e 24 b8 07 4e 9a 13 1b 94 c4 a8 1f 7e 22 d6 ed fc 7d 43 c7 77 b6 f7 |
||||||
|
#### WPA: computed PMKID - hexdump(len=16): d8 21 9d a5 73 98 88 26 ef 03 d2 ce f7 04 7d 23 |
||||||
|
WPA: Send EAPOL(version=1 secure=0 mic=0 ack=1 install=0 pairwise=1 kde_len=22 keyidx=0 encr=0) |
||||||
|
|
||||||
|
That's because wpa_supplicant computed the PMKID using the wrong (old) |
||||||
|
MAC address used during the scan. wpa_supplicant updates own_addr when |
||||||
|
the interface goes up, as the MAC can only change while the interface |
||||||
|
is down. However, drivers don't report all interface state changes: |
||||||
|
for example the nl80211 driver may ignore a down-up cycle if the down |
||||||
|
message is processed later, when the interface is already up. In such |
||||||
|
cases, wpa_supplicant (and in particular, the EAP state machine) would |
||||||
|
continue to use the old MAC. |
||||||
|
|
||||||
|
Add a new driver event that notifies of MAC address changes while the |
||||||
|
interface is active. |
||||||
|
|
||||||
|
Signed-off-by: Beniamino Galvani <bgalvani@redhat.com> |
||||||
|
(cherry picked from commit 77a020a118168e05e7cc0d28a7bf661772e531af) |
||||||
|
--- |
||||||
|
src/drivers/driver.h | 9 +++++++++ |
||||||
|
src/drivers/driver_common.c | 1 + |
||||||
|
src/drivers/driver_nl80211.c | 11 +++++++---- |
||||||
|
wpa_supplicant/events.c | 3 +++ |
||||||
|
4 files changed, 20 insertions(+), 4 deletions(-) |
||||||
|
|
||||||
|
diff --git a/src/drivers/driver.h b/src/drivers/driver.h |
||||||
|
index df996dc21..f8d556133 100644 |
||||||
|
--- a/src/drivers/driver.h |
||||||
|
+++ b/src/drivers/driver.h |
||||||
|
@@ -4106,6 +4106,15 @@ enum wpa_event_type { |
||||||
|
* EVENT_P2P_LO_STOP - Notify that P2P listen offload is stopped |
||||||
|
*/ |
||||||
|
EVENT_P2P_LO_STOP, |
||||||
|
+ |
||||||
|
+ /** |
||||||
|
+ * EVENT_INTERFACE_MAC_CHANGED - Notify that interface MAC changed |
||||||
|
+ * |
||||||
|
+ * This event is emitted when the MAC changes while the interface is |
||||||
|
+ * enabled. When an interface was disabled and becomes enabled, it |
||||||
|
+ * must be always assumed that the MAC possibly changed. |
||||||
|
+ */ |
||||||
|
+ EVENT_INTERFACE_MAC_CHANGED, |
||||||
|
}; |
||||||
|
|
||||||
|
|
||||||
|
diff --git a/src/drivers/driver_common.c b/src/drivers/driver_common.c |
||||||
|
index c7107ba89..bdddc0a48 100644 |
||||||
|
--- a/src/drivers/driver_common.c |
||||||
|
+++ b/src/drivers/driver_common.c |
||||||
|
@@ -81,6 +81,7 @@ const char * event_to_string(enum wpa_event_type event) |
||||||
|
E2S(ACS_CHANNEL_SELECTED); |
||||||
|
E2S(DFS_CAC_STARTED); |
||||||
|
E2S(P2P_LO_STOP); |
||||||
|
+ E2S(INTERFACE_MAC_CHANGED); |
||||||
|
} |
||||||
|
|
||||||
|
return "UNKNOWN"; |
||||||
|
diff --git a/src/drivers/driver_nl80211.c b/src/drivers/driver_nl80211.c |
||||||
|
index f7f3cfebc..d4a879836 100644 |
||||||
|
--- a/src/drivers/driver_nl80211.c |
||||||
|
+++ b/src/drivers/driver_nl80211.c |
||||||
|
@@ -923,7 +923,7 @@ nl80211_find_drv(struct nl80211_global *global, int idx, u8 *buf, size_t len) |
||||||
|
|
||||||
|
|
||||||
|
static void nl80211_refresh_mac(struct wpa_driver_nl80211_data *drv, |
||||||
|
- int ifindex) |
||||||
|
+ int ifindex, int notify) |
||||||
|
{ |
||||||
|
struct i802_bss *bss; |
||||||
|
u8 addr[ETH_ALEN]; |
||||||
|
@@ -942,6 +942,9 @@ static void nl80211_refresh_mac(struct wpa_driver_nl80211_data *drv, |
||||||
|
ifindex, bss->ifname, |
||||||
|
MAC2STR(bss->addr), MAC2STR(addr)); |
||||||
|
os_memcpy(bss->addr, addr, ETH_ALEN); |
||||||
|
+ if (notify) |
||||||
|
+ wpa_supplicant_event(drv->ctx, |
||||||
|
+ EVENT_INTERFACE_MAC_CHANGED, NULL); |
||||||
|
} |
||||||
|
} |
||||||
|
|
||||||
|
@@ -1010,11 +1013,11 @@ static void wpa_driver_nl80211_event_rtm_newlink(void *ctx, |
||||||
|
namebuf[0] = '\0'; |
||||||
|
if (if_indextoname(ifi->ifi_index, namebuf) && |
||||||
|
linux_iface_up(drv->global->ioctl_sock, namebuf) > 0) { |
||||||
|
- /* Re-read MAC address as it may have changed */ |
||||||
|
- nl80211_refresh_mac(drv, ifi->ifi_index); |
||||||
|
wpa_printf(MSG_DEBUG, "nl80211: Ignore interface down " |
||||||
|
"event since interface %s is up", namebuf); |
||||||
|
drv->ignore_if_down_event = 0; |
||||||
|
+ /* Re-read MAC address as it may have changed */ |
||||||
|
+ nl80211_refresh_mac(drv, ifi->ifi_index, 1); |
||||||
|
return; |
||||||
|
} |
||||||
|
wpa_printf(MSG_DEBUG, "nl80211: Interface down (%s/%s)", |
||||||
|
@@ -1060,7 +1063,7 @@ static void wpa_driver_nl80211_event_rtm_newlink(void *ctx, |
||||||
|
"removed", drv->first_bss->ifname); |
||||||
|
} else { |
||||||
|
/* Re-read MAC address as it may have changed */ |
||||||
|
- nl80211_refresh_mac(drv, ifi->ifi_index); |
||||||
|
+ nl80211_refresh_mac(drv, ifi->ifi_index, 0); |
||||||
|
|
||||||
|
wpa_printf(MSG_DEBUG, "nl80211: Interface up"); |
||||||
|
drv->if_disabled = 0; |
||||||
|
diff --git a/wpa_supplicant/events.c b/wpa_supplicant/events.c |
||||||
|
index 4dc044c2b..6eb35104c 100644 |
||||||
|
--- a/wpa_supplicant/events.c |
||||||
|
+++ b/wpa_supplicant/events.c |
||||||
|
@@ -3927,6 +3927,9 @@ void wpa_supplicant_event(void *ctx, enum wpa_event_type event, |
||||||
|
data->signal_change.current_noise, |
||||||
|
data->signal_change.current_txrate); |
||||||
|
break; |
||||||
|
+ case EVENT_INTERFACE_MAC_CHANGED: |
||||||
|
+ wpa_supplicant_update_mac_addr(wpa_s); |
||||||
|
+ break; |
||||||
|
case EVENT_INTERFACE_ENABLED: |
||||||
|
wpa_dbg(wpa_s, MSG_DEBUG, "Interface was enabled"); |
||||||
|
if (wpa_s->wpa_state == WPA_INTERFACE_DISABLED) { |
||||||
|
-- |
||||||
|
2.14.3 |
||||||
|
|
@ -0,0 +1,83 @@ |
|||||||
|
From 22151b111b493d4604c9490327c40fdac7bc4b37 Mon Sep 17 00:00:00 2001 |
||||||
|
Message-Id: <22151b111b493d4604c9490327c40fdac7bc4b37.1525684664.git.davide.caratti@gmail.com> |
||||||
|
From: Davide Caratti <davide.caratti@gmail.com> |
||||||
|
Date: Thu, 8 Mar 2018 17:15:02 +0100 |
||||||
|
Subject: [PATCH] wpa_supplicant: Fix memory leaks in |
||||||
|
ieee802_1x_create_preshared_mka() |
||||||
|
|
||||||
|
In case MKA is initialized successfully, local copies of CAK and CKN |
||||||
|
were allocated, but never freed. Ensure that such memory is released |
||||||
|
also when ieee802_1x_kay_create_mka() returns a valid pointer. |
||||||
|
|
||||||
|
Fixes: ad51731abf06 ("wpa_supplicant: Allow pre-shared (CAK,CKN) pair for MKA") |
||||||
|
Signed-off-by: Davide Caratti <davide.caratti@gmail.com> |
||||||
|
--- |
||||||
|
wpa_supplicant/wpas_kay.c | 32 +++++++++++++++----------------- |
||||||
|
1 file changed, 15 insertions(+), 17 deletions(-) |
||||||
|
|
||||||
|
diff --git a/wpa_supplicant/wpas_kay.c b/wpa_supplicant/wpas_kay.c |
||||||
|
index 11708b8a6..d3d06b8ae 100644 |
||||||
|
--- a/wpa_supplicant/wpas_kay.c |
||||||
|
+++ b/wpa_supplicant/wpas_kay.c |
||||||
|
@@ -392,25 +392,25 @@ void * ieee802_1x_create_preshared_mka(struct wpa_supplicant *wpa_s, |
||||||
|
{ |
||||||
|
struct mka_key *cak; |
||||||
|
struct mka_key_name *ckn; |
||||||
|
- void *res; |
||||||
|
+ void *res = NULL; |
||||||
|
|
||||||
|
if ((ssid->mka_psk_set & MKA_PSK_SET) != MKA_PSK_SET) |
||||||
|
- return NULL; |
||||||
|
- |
||||||
|
- if (ieee802_1x_alloc_kay_sm(wpa_s, ssid) < 0) |
||||||
|
- return NULL; |
||||||
|
- |
||||||
|
- if (!wpa_s->kay || wpa_s->kay->policy == DO_NOT_SECURE) |
||||||
|
- return NULL; |
||||||
|
+ goto end; |
||||||
|
|
||||||
|
ckn = os_zalloc(sizeof(*ckn)); |
||||||
|
if (!ckn) |
||||||
|
- goto dealloc; |
||||||
|
+ goto end; |
||||||
|
|
||||||
|
cak = os_zalloc(sizeof(*cak)); |
||||||
|
if (!cak) |
||||||
|
goto free_ckn; |
||||||
|
|
||||||
|
+ if (ieee802_1x_alloc_kay_sm(wpa_s, ssid) < 0 || !wpa_s->kay) |
||||||
|
+ goto free_cak; |
||||||
|
+ |
||||||
|
+ if (wpa_s->kay->policy == DO_NOT_SECURE) |
||||||
|
+ goto dealloc; |
||||||
|
+ |
||||||
|
cak->len = MACSEC_CAK_LEN; |
||||||
|
os_memcpy(cak->key, ssid->mka_cak, cak->len); |
||||||
|
|
||||||
|
@@ -419,17 +419,15 @@ void * ieee802_1x_create_preshared_mka(struct wpa_supplicant *wpa_s, |
||||||
|
|
||||||
|
res = ieee802_1x_kay_create_mka(wpa_s->kay, ckn, cak, 0, PSK, FALSE); |
||||||
|
if (res) |
||||||
|
- return res; |
||||||
|
+ goto free_cak; |
||||||
|
|
||||||
|
+dealloc: |
||||||
|
/* Failed to create MKA */ |
||||||
|
+ ieee802_1x_dealloc_kay_sm(wpa_s); |
||||||
|
+free_cak: |
||||||
|
os_free(cak); |
||||||
|
- |
||||||
|
- /* fallthrough */ |
||||||
|
- |
||||||
|
free_ckn: |
||||||
|
os_free(ckn); |
||||||
|
-dealloc: |
||||||
|
- ieee802_1x_dealloc_kay_sm(wpa_s); |
||||||
|
- |
||||||
|
- return NULL; |
||||||
|
+end: |
||||||
|
+ return res; |
||||||
|
} |
||||||
|
-- |
||||||
|
2.14.3 |
||||||
|
|
@ -0,0 +1,44 @@ |
|||||||
|
From 3e34cfdff6b192fe337c6fb3f487f73e96582961 Mon Sep 17 00:00:00 2001 |
||||||
|
From: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be> |
||||||
|
Date: Sun, 15 Jul 2018 01:25:53 +0200 |
||||||
|
Subject: [PATCH] WPA: Ignore unauthenticated encrypted EAPOL-Key data |
||||||
|
|
||||||
|
Ignore unauthenticated encrypted EAPOL-Key data in supplicant |
||||||
|
processing. When using WPA2, these are frames that have the Encrypted |
||||||
|
flag set, but not the MIC flag. |
||||||
|
|
||||||
|
When using WPA2, EAPOL-Key frames that had the Encrypted flag set but |
||||||
|
not the MIC flag, had their data field decrypted without first verifying |
||||||
|
the MIC. In case the data field was encrypted using RC4 (i.e., when |
||||||
|
negotiating TKIP as the pairwise cipher), this meant that |
||||||
|
unauthenticated but decrypted data would then be processed. An adversary |
||||||
|
could abuse this as a decryption oracle to recover sensitive information |
||||||
|
in the data field of EAPOL-Key messages (e.g., the group key). |
||||||
|
(CVE-2018-14526) |
||||||
|
|
||||||
|
Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be> |
||||||
|
--- |
||||||
|
src/rsn_supp/wpa.c | 11 +++++++++++ |
||||||
|
1 file changed, 11 insertions(+) |
||||||
|
|
||||||
|
diff -upr wpa_supplicant-2.6.orig/src/rsn_supp/wpa.c wpa_supplicant-2.6/src/rsn_supp/wpa.c |
||||||
|
--- wpa_supplicant-2.6.orig/src/rsn_supp/wpa.c 2016-10-02 21:51:11.000000000 +0300 |
||||||
|
+++ wpa_supplicant-2.6/src/rsn_supp/wpa.c 2018-08-08 16:55:11.506831029 +0300 |
||||||
|
@@ -2016,6 +2016,17 @@ int wpa_sm_rx_eapol(struct wpa_sm *sm, c |
||||||
|
|
||||||
|
if ((sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN) && |
||||||
|
(key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) { |
||||||
|
+ /* |
||||||
|
+ * Only decrypt the Key Data field if the frame's authenticity |
||||||
|
+ * was verified. When using AES-SIV (FILS), the MIC flag is not |
||||||
|
+ * set, so this check should only be performed if mic_len != 0 |
||||||
|
+ * which is the case in this code branch. |
||||||
|
+ */ |
||||||
|
+ if (!(key_info & WPA_KEY_INFO_MIC)) { |
||||||
|
+ wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, |
||||||
|
+ "WPA: Ignore EAPOL-Key with encrypted but unauthenticated data"); |
||||||
|
+ goto out; |
||||||
|
+ } |
||||||
|
if (wpa_supplicant_decrypt_key_data(sm, key, ver, key_data, |
||||||
|
&key_data_len)) |
||||||
|
goto out; |
Loading…
Reference in new issue