An issue with supplicant receiving retranmitted M3

Atul Joshi jatul at
Mon Sep 28 03:06:27 EDT 2015

While testing with supplicant 2.4 we  observed one scenarios as follows
1. We as a STA received M1
2. We sent M2 
3. Then we received M3
4. We send M4 and  install PTK & GTK  
5. We received M3 again
6. We send M4 and  install PTK & GTK  
In this case we can see that
wpa_supplicant_process_3_of_4 calls wpa_supplicant_install_ptk
Just before the function  there is a note

	/* SNonce was successfully used in msg 3/4, so mark it to be renewed
	 * for the next 4-Way Handshake. If msg 3 is received again, the old
	 * SNonce will still be used to avoid changing PTK. */

But in function wpa_supplicant_install_ptk immediately after wpa_sm_set_key
We see that
/* TK is not needed anymore in supplicant */
	os_memset(sm->, 0, WPA_TK_MAX_LEN);

This would mean that at step (4) above, the PTK is cleaned and we install it as 0 again in (6).
I think the PKT should not be cleared..
Am I  missing something?


More information about the HostAP mailing list