In hostap mode, after completing a new group key handshake with all

associated clients and before switching over to the new group key,
purge the AP's global power-save frame queue. This queue may contain
group-addressed frames which were encrypted with the old group key.

Clients will not be able to decrypt such frames, and purging the queue
prevents a panic ("key unset for sw crypto") where athn(4) attempts to
transmit such frames from its software beacon alert interrupt handler.
This is another variant of the problem fixed in CVS commit ufdFLtcLfPRrbshM.

Panic reported and fix tested by Mikolaj Kucharski on bugs@

1 files changed, 7 insertions, 1 deletions

diff --git a/sys/net80211/ieee80211_proto.c b/sys/net80211/ieee80211_proto.c
index b44405af414..e7cee8c9b1a 100644
--- a/sys/net80211/ieee80211_proto.c
+++ b/sys/net80211/ieee80211_proto.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ieee80211_proto.c,v 1.96 2019/11/06 13:55:44 stsp Exp $	*/
+/*	$OpenBSD: ieee80211_proto.c,v 1.97 2020/05/29 07:34:19 stsp Exp $	*/
 /*	$NetBSD: ieee80211_proto.c,v 1.8 2004/04/30 23:58:20 dyoung Exp $	*/
 
 /*-
@@ -467,6 +467,12 @@ ieee80211_setkeysdone(struct ieee80211com *ic)
 {
 	u_int8_t kid;
 
+	/*
+	 * Discard frames buffered for power-saving which were encrypted with
+	 * the old group key. Clients are no longer able to decrypt them.
+	 */
+	mq_purge(&ic->ic_bss->ni_savedq);
+
 	/* install GTK */
 	kid = (ic->ic_def_txkey == 1) ? 2 : 1;
 	if ((*ic->ic_set_key)(ic, ic->ic_bss, &ic->ic_nw_keys[kid]) == 0)