mka: Some bug fixes

Message ID	CAGNNFCYG-fF4ao7YzD2JiqSNcvJ6kfKt2gwG=b5vo3CNDGMOLA@mail.gmail.com
State	Superseded
Headers	show Return-Path: <hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org> MIME-Version: 1.0 From: Badrish Adiga H R <badrish.adigahr@gmail.com> Date: Mon, 5 Dec 2016 15:14:53 +0530 Message-ID: <CAGNNFCYG-fF4ao7YzD2JiqSNcvJ6kfKt2gwG=b5vo3CNDGMOLA@mail.gmail.com> Subject: [PATCH] mka: Some bug fixes To: hostap@lists.infradead.org summary: Content analysis details: (-2.7 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.7 RCVD_IN_DNSWL_LOW RBL: Sender listed at http://www.dnswl.org/, low trust [2607:f8b0:4002:c05:0:0:0:241 listed in] [list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (badrish.adigahr[at]gmail.com) -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1% [score: 0.0000] -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid Precedence: list Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "Hostap" <hostap-bounces@lists.infradead.org> Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org

Message ID

CAGNNFCYG-fF4ao7YzD2JiqSNcvJ6kfKt2gwG=b5vo3CNDGMOLA@mail.gmail.com

State

Superseded

Headers

MIME-Version: 1.0
From: Badrish Adiga H R <badrish.adigahr@gmail.com>
Date: Mon, 5 Dec 2016 15:14:53 +0530
Message-ID: <CAGNNFCYG-fF4ao7YzD2JiqSNcvJ6kfKt2gwG=b5vo3CNDGMOLA@mail.gmail.com>
Subject: [PATCH] mka: Some bug fixes
To: hostap@lists.infradead.org
Precedence: list
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: "Hostap" <hostap-bounces@lists.infradead.org>
Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org

Commit Message

Badrish Adiga H R Dec. 5, 2016, 9:44 a.m. UTC

1. API ieee802_1x_mka_decode_dist_sak_body wrongly puts
participant->to_use_sak to TRUE, if invalid DIstributed SAK Parameter
Set is received
2. when number of live peers become 0, the flags such lrx, ltx, orx,
otx etc. needs to be cleared. In MACsec PSK mode, these stale values
create problems, while re-establishing CA...




Signed-off-by: Badrish Adiga H R <badrish.adigahr@gmail.com>
---
 src/pae/ieee802_1x_kay.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

                        kay->failed = FALSE;

diff --git a/src/pae/ieee802_1x_kay.c b/src/pae/ieee802_1x_kay.c
index 1d6d9a9..e81ae0c 100644
--- a/src/pae/ieee802_1x_kay.c
+++ b/src/pae/ieee802_1x_kay.c
@@ -1559,7 +1559,7 @@  ieee802_1x_mka_decode_dist_sak_body(
                ieee802_1x_cp_connect_authenticated(kay->cp);
                ieee802_1x_cp_sm_step(kay->cp);
                wpa_printf(MSG_WARNING, "KaY:The Key server advise no MACsec");
-               participant->to_use_sak = TRUE;
+               participant->to_use_sak = FALSE;
                return 0;
        }

@@ -2377,6 +2377,12 @@  static void ieee802_1x_participant_timer(void
*eloop_ctx, void *timeout_ctx)
                        participant->advised_capability =
                                MACSEC_CAP_NOT_IMPLEMENTED;
                        participant->to_use_sak = FALSE;
+                       participant->ltx = FALSE;
+                       participant->lrx = FALSE;
+                       participant->otx = FALSE;
+                       participant->orx = FALSE;
+                       participant->is_key_server = FALSE;
+                       participant->is_elected = FALSE;
                        kay->authenticated = TRUE;
                        kay->secured = FALSE;

mka: Some bug fixes

Commit Message

Patch