From e19c1d2cc7080fd7b25ca0b5c9109bd091d51e23 Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Wed, 25 Mar 2015 11:41:26 +0200 Subject: [PATCH] Fix pairwise cipher suite bitfields to the driver in mixed mode Commit 95b6bca66de9dc0a2ddd9164ec052a7d5f58804b ('Add rsn_pairwise bits to set_ieee8021x() driver_ops') modified cipher configuration to use unconditionally wpa_pairwise | rsn_pairwise. While that works for many cases, it does not handle the case of dynamic configuration changes over the control interface where wpa_pairwise or rsn_pairwise values may not get cleared when the wpa parameter is modified. Fix this inconsistency by configuring the driver with only the bits that are valid for the currently enabled WPA/WPA2 version(s). Signed-off-by: Jouni Malinen --- src/ap/ap_drv_ops.c | 10 ++++++++-- src/ap/beacon.c | 10 ++++++++-- 2 files changed, 16 insertions(+), 4 deletions(-) diff --git a/src/ap/ap_drv_ops.c b/src/ap/ap_drv_ops.c index 9ee88b4ba..60c8f8c75 100644 --- a/src/ap/ap_drv_ops.c +++ b/src/ap/ap_drv_ops.c @@ -290,8 +290,14 @@ int hostapd_set_drv_ieee8021x(struct hostapd_data *hapd, const char *ifname, params.wpa = hapd->conf->wpa; params.ieee802_1x = hapd->conf->ieee802_1x; params.wpa_group = hapd->conf->wpa_group; - params.wpa_pairwise = hapd->conf->wpa_pairwise | - hapd->conf->rsn_pairwise; + if ((hapd->conf->wpa & (WPA_PROTO_WPA | WPA_PROTO_RSN)) == + (WPA_PROTO_WPA | WPA_PROTO_RSN)) + params.wpa_pairwise = hapd->conf->wpa_pairwise | + hapd->conf->rsn_pairwise; + else if (hapd->conf->wpa & WPA_PROTO_RSN) + params.wpa_pairwise = hapd->conf->rsn_pairwise; + else if (hapd->conf->wpa & WPA_PROTO_WPA) + params.wpa_pairwise = hapd->conf->wpa_pairwise; params.wpa_key_mgmt = hapd->conf->wpa_key_mgmt; params.rsn_preauth = hapd->conf->rsn_preauth; #ifdef CONFIG_IEEE80211W diff --git a/src/ap/beacon.c b/src/ap/beacon.c index 700985595..51d0c1504 100644 --- a/src/ap/beacon.c +++ b/src/ap/beacon.c @@ -956,8 +956,14 @@ int ieee802_11_build_ap_params(struct hostapd_data *hapd, params->basic_rates = hapd->iface->basic_rates; params->ssid = hapd->conf->ssid.ssid; params->ssid_len = hapd->conf->ssid.ssid_len; - params->pairwise_ciphers = hapd->conf->wpa_pairwise | - hapd->conf->rsn_pairwise; + if ((hapd->conf->wpa & (WPA_PROTO_WPA | WPA_PROTO_RSN)) == + (WPA_PROTO_WPA | WPA_PROTO_RSN)) + params->pairwise_ciphers = hapd->conf->wpa_pairwise | + hapd->conf->rsn_pairwise; + else if (hapd->conf->wpa & WPA_PROTO_RSN) + params->pairwise_ciphers = hapd->conf->rsn_pairwise; + else if (hapd->conf->wpa & WPA_PROTO_WPA) + params->pairwise_ciphers = hapd->conf->wpa_pairwise; params->group_cipher = hapd->conf->wpa_group; params->key_mgmt_suites = hapd->conf->wpa_key_mgmt; params->auth_algs = hapd->conf->auth_algs;