]> git.ipfire.org Git - thirdparty/hostap.git/commit
projects / thirdparty / hostap.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 35da7c2) | patch
AP: Allow PTK rekeying without Ext KeyID to be disabled as a workaround
authorAlexander Wetzel <alexander@wetzel-home.de>
Fri, 10 Jan 2020 22:19:08 +0000 (23:19 +0100)
committerJouni Malinen <j@w1.fi>
Sun, 23 Feb 2020 10:22:49 +0000 (12:22 +0200)
commit1a7963e36fa67b865fd1486ce863e612e6b6a052
treed59c96ec051a074ac2156ba0414d6942286d8004tree | snapshot
parent35da7c20acec5d0c447d2f3eb219f4fb2a2683d9commit | diff
AP: Allow PTK rekeying without Ext KeyID to be disabled as a workaround

Rekeying a pairwise key using only keyid 0 (PTK0 rekey) has many broken
implementations and should be avoided when using or interacting with
one. The effects can be triggered by either end of the connection and
range from hardly noticeable disconnects over long connection freezes up
to leaking clear text MPDUs.

To allow affected users to mitigate the issues, add a new hostapd
configuration option "wpa_deny_ptk0_rekey" to replace all PTK0 rekeys
with disconnection. This requires the station to reassociate to get
connected again and as such, can result in connectivity issues as well.

Signed-off-by: Alexander Wetzel <alexander@wetzel-home.de>
hostapd/config_file.c diff | blob | blame | history
hostapd/hostapd.conf diff | blob | blame | history
src/ap/ap_config.c diff | blob | blame | history
src/ap/ap_config.h diff | blob | blame | history
src/ap/wpa_auth.c diff | blob | blame | history
src/ap/wpa_auth.h diff | blob | blame | history
src/ap/wpa_auth_glue.c diff | blob | blame | history
src/common/defs.h diff | blob | blame | history
Unnamed repository; edit this file 'description' to name the repository.