RSN: Set EAPOL-Key Request Secure bit to 1 if PTK is set

The Secure bit in the Key Information field of EAPOL-Key frames is
supposed to be set to 1 when there is a security association. This was
done for other frames, but not for the EAPOL-Key Request frame where
supplicant is requesting a new PTK to be derived (either due to Michael
MIC failure report Error=1 or for other reasons with Error=0). In
practice, EAPOL-Key Request frame is only sent when there is a PTK in
place, so all such frames should have Secure=1.

Signed-off-by: Jouni Malinen <j@w1.fi>

diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c
index e8501197a32898c3e9d13eb7e762fe83821b99cc..3c4787925e20ada918ad6ffb483a445b30069ebb 100644 (file)
--- a/src/rsn_supp/wpa.c
+++ b/src/rsn_supp/wpa.c
@@ -131,7 +131,7 @@ void wpa_sm_key_request(struct wpa_sm *sm, int error, int pairwise)
                EAPOL_KEY_TYPE_RSN : EAPOL_KEY_TYPE_WPA;
        key_info = WPA_KEY_INFO_REQUEST | ver;
        if (sm->ptk_set)
-               key_info |= WPA_KEY_INFO_MIC;
+               key_info |= WPA_KEY_INFO_MIC | WPA_KEY_INFO_SECURE;
        if (error)
                key_info |= WPA_KEY_INFO_ERROR;
        if (pairwise)