WPA2-PSK and madwifi Fail [ 3/4 msg of 4-Way Handshake ]

Jouni Malinen jkmaline
Wed Mar 23 19:47:56 PST 2005

On Wed, Mar 23, 2005 at 06:02:53PM -0800, Gopalakrishnan Raman wrote:

> Please also mail us the log of wpa_supplicant. I'm pretty sure that the
> failure is because hostapd sends out the RSN IE in msg 3/4 and
> the supplicant compares this with the IE that it saw in the beacon. There
> must be a mismatch in the 2 IEs.

I would agree that this is the most likely reason for the authentication
failing here.

> I see that you have enabled RSN in
> hostapd.conf. It turns out that the madwifi driver file ieee80211_output.c
> has the function ieee80211_setup_rsn_ie() that does not always add the
> 2-byte RSN capabilities in the beacon. It adds it only if RSN capabilities
> are configured. The hostapd on the other hand always adds the 2 byte
> capabilites field (even if it is all 0). The fix is simple. Change the
> following lines in the function ieee80211_setup_rsh_ie() as follows

This is not really a generic fix, just a workaround for one of the
cases. The main problem is in madwifi driver not providing
synchronization for the WPA/RSN IE with hostapd. Either the driver would
need to use the IE that hostapd generates or it would need to provide a
mechanism for hostapd to update its IE based on what the driver

In this particular case, both WPA2-PSK and WPA2-EAP seemed to be enabled
in hostapd.conf, which will make hostapd to advertise both key
management suites. The driver is unlikely to do this and the IEs end up
being different which will make the supplicant to drop message 3/4.

Jouni Malinen                                            PGP id EFC895FA

More information about the Hostap mailing list