[PATCH 1/2] mka: ICV not encoded correctly, causing receive side to drop MKPDU

msiedzik at extremenetworks.com msiedzik at extremenetworks.com
Fri Mar 9 12:53:04 PST 2018

From: Mike Siedzik <msiedzik at extremenetworks.com>

The previously submitted "PATCH 06/15 mka: KaY setting Parameter Set
Body Length Incorrectly" introduced a new bug where
ieee802_1x_mka_encode_icv_body() encodes 4 fewer octets than required.

Thanks to Jaap Keuter <jaap.keuter at xs4all.nl> for finding this bug and
working with me to resolve it.

Signed-off-by: Michael Siedzik <msiedzik at extremenetworks.com>
 src/pae/ieee802_1x_kay.c | 2 --
 1 file changed, 2 deletions(-)
 mode change 100644 => 100755 src/pae/ieee802_1x_kay.c

diff --git a/src/pae/ieee802_1x_kay.c b/src/pae/ieee802_1x_kay.c
old mode 100644
new mode 100755
index 6ac7d02d1..9fa2c211f
--- a/src/pae/ieee802_1x_kay.c
+++ b/src/pae/ieee802_1x_kay.c
@@ -1746,8 +1746,6 @@ ieee802_1x_mka_encode_icv_body(struct ieee802_1x_mka_participant *participant,
                return -1;

-       if (length != DEFAULT_ICV_LEN)
-               length -= MKA_HDR_LEN;
        os_memcpy(wpabuf_put(buf, MKA_ALIGN_LENGTH(length - MKA_HDR_LEN)), cmac, length - MKA_HDR_LEN);

        return 0;


This e-mail and any attachments to it may contain confidential and proprietary material and is solely for the use of the intended recipient. Any review, use, disclosure, distribution or copying of this transmittal is prohibited except by or on behalf of the intended recipient. If you have received this transmittal in error, please notify the sender and destroy this e-mail and any attachments and all copies, whether electronic or printed.

More information about the Hostap mailing list