We have to delete PTK keys when either BIT(0) or BIT(15) are zero and
not only when both are zero.
Signed-off-by: Alexander Wetzel <alexander@xxxxxxxxxxxxxx>
---
I think that is a regression for "normal" cases which keep keys
installed in HW we wanted to remove. (I've not tried that with tests.)
By using ~wpa_s->keys_cleared we basically get "wpa_s->keys_set" and we
can then check if either PTK ID 0 or PTK ID 1 are installed.
Maybe a sample:
1111 1111 1111 1110 = only PTK ID 0 installed
wpa_s->keys_cleared & (BIT(0) | BIT(15)) == TRUE
!(wpa_s->keys_cleared & (BIT(0) | BIT(15)) == FALSE
With the logic from the patch:
0000 0000 0000 0001 = only PTK ID 0 installed after reverting the bits
~wpa_s->keys_cleared & (BIT(0) | BIT(15)) == TRUE
And we enter the block which will check both bits and remove the keys
when necessary.
wpa_supplicant/wpa_supplicant.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/wpa_supplicant/wpa_supplicant.c b/wpa_supplicant/wpa_supplicant.c
index f11bac017..a01a3e748 100644
--- a/wpa_supplicant/wpa_supplicant.c
+++ b/wpa_supplicant/wpa_supplicant.c
@@ -749,7 +749,7 @@ void wpa_clear_keys(struct wpa_supplicant *wpa_s, const u8 *addr)
NULL, 0, KEY_FLAG_GROUP);
}
/* Pairwise Key ID 1 for Extended Key ID is tracked in bit 15 */
- if (!(wpa_s->keys_cleared & (BIT(0) | BIT(15))) && addr &&
+ if (~wpa_s->keys_cleared & (BIT(0) | BIT(15)) && addr &&
!is_zero_ether_addr(addr)) {
if (!(wpa_s->keys_cleared & BIT(0)))
wpa_drv_set_key(wpa_s, WPA_ALG_NONE, addr, 0, 0, NULL,
--
2.25.2
_______________________________________________
Hostap mailing list
Hostap@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/hostap
