OWE: Do not try to enable PMF for non-RSN associations

Explicitly set the PMF configuration to 0 (NO_MGMT_FRAME_PROTECTION) for non-RSN associations. This specifically helps with OWE transition mode when the network block is configured with PMF set to required, but the BSS selected is in open mode. There is no point to try to enable PMF for such an association. This fixes issues with drivers that use the NL80211_ATTR_USE_MFP attribute to set expectations for PMF use. The combination of non-RSN connection with claimed requirement for PMF (NL80211_MFP_REQUIRED) could cause such drivers to reject the connection in OWE transition mode. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2024-11-28 10:18:21 -05:00 · 2018-09-18 16:34:09 +05:30 · 2018-09-18 16:34:09 +05:30 · cf94626c50
commit cf94626c50
parent 0fa415a835
1 changed files with 5 additions and 0 deletions
--- a/wpa_supplicant/wpa_supplicant.c
+++ b/wpa_supplicant/wpa_supplicant.c
@ -3075,6 +3075,11 @@ static void wpas_start_assoc_cb(struct wpa_radio_work *work, int deinit)
 				"MFP: require MFP");
 			params.mgmt_frame_protection =
 				MGMT_FRAME_PROTECTION_REQUIRED;
+#ifdef CONFIG_OWE
+		} else if (!rsn && (ssid->key_mgmt & WPA_KEY_MGMT_OWE) &&
+			   !ssid->owe_only) {
+			params.mgmt_frame_protection = NO_MGMT_FRAME_PROTECTION;
+#endif /* CONFIG_OWE */
 		}
 	}
 #endif /* CONFIG_IEEE80211W */