AP: Set pairwise/group cipher for non-WPA modes

This is needed to avoid confusing configuration in some nl80211
drivers that the new AP mode configuration alternatives for
setting security policy.

diff --git a/hostapd/config_file.c b/hostapd/config_file.c
index bfd480983c0c22cb927b19435abe460dde701605..6ffa98137c0d25706d13d0a70a6cee818b72e050 100644 (file)
--- a/hostapd/config_file.c
+++ b/hostapd/config_file.c
@@ -2099,12 +2099,29 @@ struct hostapd_config * hostapd_config_read(const char *fname)
                } else if (bss->wpa) {
                        bss->ssid.security_policy = SECURITY_WPA_PSK;
                } else if (bss->ieee802_1x) {
+                       int cipher = WPA_CIPHER_NONE;
                        bss->ssid.security_policy = SECURITY_IEEE_802_1X;
                        bss->ssid.wep.default_len = bss->default_wep_key_len;
-               } else if (bss->ssid.wep.keys_set)
+                       if (bss->default_wep_key_len)
+                               cipher = bss->default_wep_key_len >= 13 ?
+                                       WPA_CIPHER_WEP104 : WPA_CIPHER_WEP40;
+                       bss->wpa_group = cipher;
+                       bss->wpa_pairwise = cipher;
+                       bss->rsn_pairwise = cipher;
+               } else if (bss->ssid.wep.keys_set) {
+                       int cipher = WPA_CIPHER_WEP40;
+                       if (bss->ssid.wep.len[0] >= 13)
+                               cipher = WPA_CIPHER_WEP104;
                        bss->ssid.security_policy = SECURITY_STATIC_WEP;
-               else
+                       bss->wpa_group = cipher;
+                       bss->wpa_pairwise = cipher;
+                       bss->rsn_pairwise = cipher;
+               } else {
                        bss->ssid.security_policy = SECURITY_PLAINTEXT;
+                       bss->wpa_group = WPA_CIPHER_NONE;
+                       bss->wpa_pairwise = WPA_CIPHER_NONE;
+                       bss->rsn_pairwise = WPA_CIPHER_NONE;
+               }
        }
 
        if (hostapd_config_check(conf))

diff --git a/wpa_supplicant/ap.c b/wpa_supplicant/ap.c
index b5ae6ddfded0b89be5372d4168e9cd6297f0e961..dd44523f2b0f1d79aa5deb7f83f231c4a143c734 100644 (file)
--- a/wpa_supplicant/ap.c
+++ b/wpa_supplicant/ap.c
@@ -181,12 +181,29 @@ static int wpa_supplicant_conf_ap(struct wpa_supplicant *wpa_s,
        else if (bss->wpa)
                bss->ssid.security_policy = SECURITY_WPA_PSK;
        else if (bss->ieee802_1x) {
+               int cipher = WPA_CIPHER_NONE;
                bss->ssid.security_policy = SECURITY_IEEE_802_1X;
                bss->ssid.wep.default_len = bss->default_wep_key_len;
-       } else if (bss->ssid.wep.keys_set)
+               if (bss->default_wep_key_len)
+                       cipher = bss->default_wep_key_len >= 13 ?
+                               WPA_CIPHER_WEP104 : WPA_CIPHER_WEP40;
+               bss->wpa_group = cipher;
+               bss->wpa_pairwise = cipher;
+               bss->rsn_pairwise = cipher;
+       } else if (bss->ssid.wep.keys_set) {
+               int cipher = WPA_CIPHER_WEP40;
+               if (bss->ssid.wep.len[0] >= 13)
+                       cipher = WPA_CIPHER_WEP104;
                bss->ssid.security_policy = SECURITY_STATIC_WEP;
-       else
+               bss->wpa_group = cipher;
+               bss->wpa_pairwise = cipher;
+               bss->rsn_pairwise = cipher;
+       } else {
                bss->ssid.security_policy = SECURITY_PLAINTEXT;
+               bss->wpa_group = WPA_CIPHER_NONE;
+               bss->wpa_pairwise = WPA_CIPHER_NONE;
+               bss->rsn_pairwise = WPA_CIPHER_NONE;
+       }
 
 #ifdef CONFIG_WPS
        /*