From: Jouni Malinen <j@w1.fi>
Date: Sun, 27 Oct 2019 10:54:40 +0000 (+0200)
Subject: Do not indicate possible PSK failure when using SAE
X-Git-Tag: hostap_2_10~2238
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=50a2c8c906472732768b0e50fd259518e2279978;p=thirdparty%2Fhostap.git

Do not indicate possible PSK failure when using SAE

wpa_key_mgmt_wpa_psk() includes SAE AKMs. However, with SAE, there is no
way of reaching 4-way handshake without the password having already been
verified as part of SAE authentication. As such, a failure to complete
4-way handshake with SAE cannot indicate that the used password was
incorrect.

Signed-off-by: Jouni Malinen <j@w1.fi>
---

diff --git a/wpa_supplicant/events.c b/wpa_supplicant/events.c
index ac4274cfb..21ce943d6 100644
--- a/wpa_supplicant/events.c
+++ b/wpa_supplicant/events.c
@@ -3054,7 +3054,8 @@ static int could_be_psk_mismatch(struct wpa_supplicant *wpa_s, u16 reason_code,
 				 int locally_generated)
 {
 	if (wpa_s->wpa_state != WPA_4WAY_HANDSHAKE ||
-	    !wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt))
+	    !wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt) ||
+	    wpa_key_mgmt_sae(wpa_s->key_mgmt))
 		return 0; /* Not in 4-way handshake with PSK */
 
 	/*