This fixes an issue where two AKA'/Challenge messages are received when
resynchronizing SEQ#. Previously, this used to trigger an authentication
failure since the second Challenge message did not duplicate AT_KDF.
u8 *network_name;
size_t network_name_len;
u16 kdf;
+ int kdf_negotiation;
};
{
struct eap_sim_msg *msg;
+ data->kdf_negotiation = 1;
data->kdf = kdf;
wpa_printf(MSG_DEBUG, "Generating EAP-AKA Challenge (id=%d) (KDF "
"select)", id);
/* The only allowed (and required) duplication of a KDF is the addition
* of the selected KDF into the beginning of the list. */
- if (data->kdf) {
+ if (data->kdf_negotiation) {
if (attr->kdf[0] != data->kdf) {
wpa_printf(MSG_WARNING, "EAP-AKA': The server did not "
"accept the selected KDF");
wpabuf_free(data->id_msgs);
data->id_msgs = NULL;
data->use_result_ind = 0;
+ data->kdf_negotiation = 0;
}