From: Ashok Kumar Ponnaiah <aponnaia@qti.qualcomm.com>
Date: Mon, 2 Jun 2014 14:03:33 +0000 (+0300)
Subject: Fix validation of RSN EAPOL-Key version for GCMP with PMF
X-Git-Tag: hostap_2_2~9
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=801e117376e13d5b3c50f1627b93a949529fdf99;p=thirdparty%2Fhostap.git

Fix validation of RSN EAPOL-Key version for GCMP with PMF

If PMF was enabled, the validation step for EAPOL-Key descriptor version
ended up rejecting the message if GCMP had been negotiated as the
pairwise cipher. Fix this by making the GCMP check skipped similarly to
the CCMP case if a SHA256-based AKM is used.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
---

diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c
index d45f5dc1c..ba2a8c87d 100644
--- a/src/rsn_supp/wpa.c
+++ b/src/rsn_supp/wpa.c
@@ -1734,9 +1734,8 @@ int wpa_sm_rx_eapol(struct wpa_sm *sm, const u8 *src_addr,
 				"version for non-CCMP group keys");
 		} else
 			goto out;
-	}
-	if (sm->pairwise_cipher == WPA_CIPHER_GCMP &&
-	    ver != WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) {
+	} else if (sm->pairwise_cipher == WPA_CIPHER_GCMP &&
+		   ver != WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) {
 		wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
 			"WPA: GCMP is used, but EAPOL-Key "
 			"descriptor version (%d) is not 2", ver);