Fix 1: ieee802_1x_mka_decode_dist_sak_body is wrongly setting
to_use_sak flag to TRUE when body_len of distributed SAK is 0
Fix 2: if mode is PSK, default actor_priority should be DEFAULT_PRIO_INFRA_PORT.
-----------------------------------------------------
diff --git a/src/pae/ieee802_1x_kay.c b/src/pae/ieee802_1x_kay.c
index 3a495ca..986d2cb 100644
--- a/src/pae/ieee802_1x_kay.c
+++ b/src/pae/ieee802_1x_kay.c
@@ -1548,7 +1548,7 @@ ieee802_1x_mka_decode_dist_sak_body(
ieee802_1x_cp_connect_authenticated(kay->cp);
ieee802_1x_cp_sm_step(kay->cp);
wpa_printf(MSG_WARNING, "KaY:The Key server advise no MACsec");
- participant->to_use_sak = TRUE;
+ participant->to_use_sak = FALSE;
return 0;
}
@@ -3094,7 +3094,12 @@ ieee802_1x_kay_init(struct ieee802_1x_kay_ctx
*ctx, enum macsec_policy policy,
os_strlcpy(kay->if_name, ifname, IFNAMSIZ);
os_memcpy(kay->actor_sci.addr, addr, ETH_ALEN);
kay->actor_sci.port = host_to_be16(port ? port : 0x0001);
- kay->actor_priority = DEFAULT_PRIO_NOT_KEY_SERVER;
+
+ if (mode == PSK) {
+ kay->actor_priority = DEFAULT_PRIO_INFRA_PORT;
+ } else {
+ kay->actor_priority = DEFAULT_PRIO_NOT_KEY_SERVER;
+ }
/* While actor acts as a key server, shall distribute sakey */
kay->dist_kn = 1;
_______________________________________________
Hostap mailing list
Hostap@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/hostap
