Dealing with bad EAPOL 4/4 messages

Ben Greear greearb at
Wed Jan 25 07:47:41 PST 2017

While testing my eapol corruptions patch, I noticed this behaviour:

station sends corrupted 4/4 EAPOL msg
AP appears to reject it, sends new 3/4 msg to station.

But, when STA tries to resend 4/4, it seems the driver (or firmware, specifically)
still has an encryption key set, and for ath10k, that causes a corrupted 4/4 on
the air.  I am not sure if this is just a CT ath10k firmware issue or

What is expected behaviour in the case where the 4/4 is rejected by the AP?

Should the supplicant clear the key, resend 4/4, and then re-apply the key?

Does it do that now?


Ben Greear <greearb at>
Candela Technologies Inc

More information about the Hostap mailing list