diff options
| author | Stefan Sperling <stsp@cvs.openbsd.org> | 2016-12-17 18:35:55 +0000 |
|---|---|---|
| committer | Stefan Sperling <stsp@cvs.openbsd.org> | 2016-12-17 18:35:55 +0000 |
| commit | e360199e14d4cf1f7db89b1d46ab714a69467030 (patch) | |
| tree | d4b1d0e0f249fb940ba37ab926fc59c0d575dfee /sys/net80211/ieee80211_crypto.c | |
| parent | 00709c599a534d3431863ee2ec32667c7b7070dd (diff) | |
Complete our half-done implementation of TKIP countermeasures in hostap mode.
The previous code would disable the AP until next reboot upon MIC failure.
Instead, disable the AP for 60 seconds, as required by the 802.11 standard.
I randomly added a bit of time (up to 120 seconds total) just because we can.
Problem reported by Mathy Vanhoef, thanks!
ok deraadt@
random input reyk@
Diffstat (limited to 'sys/net80211/ieee80211_crypto.c')
| -rw-r--r-- | sys/net80211/ieee80211_crypto.c | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/sys/net80211/ieee80211_crypto.c b/sys/net80211/ieee80211_crypto.c index 33d33a008ba..6b9e26416b2 100644 --- a/sys/net80211/ieee80211_crypto.c +++ b/sys/net80211/ieee80211_crypto.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ieee80211_crypto.c,v 1.66 2015/11/24 13:45:06 mpi Exp $ */ +/* $OpenBSD: ieee80211_crypto.c,v 1.67 2016/12/17 18:35:54 stsp Exp $ */ /*- * Copyright (c) 2008 Damien Bergamini <damien.bergamini@free.fr> @@ -69,8 +69,13 @@ ieee80211_crypto_attach(struct ifnet *ifp) } ic->ic_set_key = ieee80211_set_key; ic->ic_delete_key = ieee80211_delete_key; +#ifndef IEEE80211_STA_ONLY + timeout_set(&ic->ic_tkip_micfail_timeout, + ieee80211_michael_mic_failure_timeout, ic); +#endif } + void ieee80211_crypto_detach(struct ifnet *ifp) { @@ -95,6 +100,10 @@ ieee80211_crypto_detach(struct ifnet *ifp) /* clear pre-shared key from memory */ explicit_bzero(ic->ic_psk, IEEE80211_PMK_LEN); + +#ifndef IEEE80211_STA_ONLY + timeout_del(&ic->ic_tkip_micfail_timeout); +#endif } /* |