]> git.ipfire.org Git - thirdparty/hostap.git/commitdiff
projects / thirdparty / hostap.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 2da5256)
Reject the initial 4-way handshake if initial GTK setup fails
authorJouni Malinen <j@w1.fi>
Sun, 28 Jun 2015 18:40:37 +0000 (21:40 +0300)
committerJouni Malinen <j@w1.fi>
Mon, 29 Jun 2015 20:23:56 +0000 (23:23 +0300)
This makes the AP/Authenticator design more robust against unexpected
failures in random number generation.

Signed-off-by: Jouni Malinen <j@w1.fi>
src/ap/wpa_auth.c patch | blob | blame | history

diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c
index f23a57a09ed9ee3b7e1641f83f0c45103f9a4647..996946511d2ce9665a6338ea681cb108d199ca6d 100644 (file)
--- a/src/ap/wpa_auth.c
+++ b/src/ap/wpa_auth.c
@@ -1841,9 +1841,13 @@ static void wpa_group_ensure_init(struct wpa_authenticator *wpa_auth,
                group->reject_4way_hs_for_entropy = FALSE;
        }
 
-       wpa_group_init_gmk_and_counter(wpa_auth, group);
-       wpa_gtk_update(wpa_auth, group);
-       wpa_group_config_group_keys(wpa_auth, group);
+       if (wpa_group_init_gmk_and_counter(wpa_auth, group) < 0 ||
+           wpa_gtk_update(wpa_auth, group) < 0 ||
+           wpa_group_config_group_keys(wpa_auth, group) < 0) {
+               wpa_printf(MSG_INFO, "WPA: GMK/GTK setup failed");
+               group->first_sta_seen = FALSE;
+               group->reject_4way_hs_for_entropy = TRUE;
+       }
 }
 
 
Unnamed repository; edit this file 'description' to name the repository.