mirror of
https://github.com/openwrt/openwrt.git
synced 2024-12-19 13:48:06 +00:00
hostapd: fail R0KH and R1KH derivation when wpa_psk_file is used
When wpa_psk_file is used, there is a chance that no PSK is set. This means that the FT key will be generated using only the mobility domain which could be considered a security vulnerability but only for a very specific and niche config. Signed-off-by: Rany Hany <rany_hany@riseup.net>
This commit is contained in:
parent
e2f6bfb833
commit
59f67b2010
@ -943,6 +943,10 @@ hostapd_set_bss_options() {
|
|||||||
set_default pmk_r1_push 0
|
set_default pmk_r1_push 0
|
||||||
|
|
||||||
[ -n "$r0kh" -a -n "$r1kh" ] || {
|
[ -n "$r0kh" -a -n "$r1kh" ] || {
|
||||||
|
if [ -z "$auth_secret" -a -z "$key" ]; then
|
||||||
|
wireless_setup_vif_failed FT_KEY_CANT_BE_DERIVED
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
ft_key=`echo -n "$mobility_domain/${auth_secret:-${key}}" | md5sum | awk '{print $1}'`
|
ft_key=`echo -n "$mobility_domain/${auth_secret:-${key}}" | md5sum | awk '{print $1}'`
|
||||||
|
|
||||||
set_default r0kh "ff:ff:ff:ff:ff:ff,*,$ft_key"
|
set_default r0kh "ff:ff:ff:ff:ff:ff,*,$ft_key"
|
||||||
|
Loading…
Reference in New Issue
Block a user