macsec: Do not change eapol_version for non-MACsec cases in hostapd

It is safer to maintain the old EAPOL version (2) in EAPOL frames that
are not related to MACsec and only update the version to 3 for the
MACsec specific cases.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>

diff --git a/src/ap/ieee802_1x.c b/src/ap/ieee802_1x.c
index 0edf743941a41149f1621f1934c2446bf8b18bbf..1a9a35ba2ad7c3c869e47bc1d9f85a391d78014e 100644 (file)
--- a/src/ap/ieee802_1x.c
+++ b/src/ap/ieee802_1x.c
@@ -64,6 +64,10 @@ static void ieee802_1x_send(struct hostapd_data *hapd, struct sta_info *sta,
 
        xhdr = (struct ieee802_1x_hdr *) buf;
        xhdr->version = hapd->conf->eapol_version;
+#ifdef CONFIG_MACSEC
+       if (xhdr->version > 2 && hapd->conf->macsec_policy == 0)
+               xhdr->version = 2;
+#endif /* CONFIG_MACSEC */
        xhdr->type = type;
        xhdr->length = host_to_be16(datalen);
 
@@ -213,6 +217,10 @@ static void ieee802_1x_tx_key_one(struct hostapd_data *hapd,
        /* This header is needed here for HMAC-MD5, but it will be regenerated
         * in ieee802_1x_send() */
        hdr->version = hapd->conf->eapol_version;
+#ifdef CONFIG_MACSEC
+       if (hdr->version > 2)
+               hdr->version = 2;
+#endif /* CONFIG_MACSEC */
        hdr->type = IEEE802_1X_TYPE_EAPOL_KEY;
        hdr->length = host_to_be16(len);
        hmac_md5(sm->eap_if->eapKeyData + 32, 32, buf, sizeof(*hdr) + len,

diff --git a/src/ap/wpa_auth_glue.c b/src/ap/wpa_auth_glue.c
index 45172c69a9fadb6798dfbe597bcf2ab6e8aa574f..0800a874875aa0aa0892efbfd77cc02f40d6ba06 100644 (file)
--- a/src/ap/wpa_auth_glue.c
+++ b/src/ap/wpa_auth_glue.c
@@ -53,6 +53,10 @@ static void hostapd_wpa_auth_conf(struct hostapd_bss_config *conf,
        wconf->rsn_pairwise = conf->rsn_pairwise;
        wconf->rsn_preauth = conf->rsn_preauth;
        wconf->eapol_version = conf->eapol_version;
+#ifdef CONFIG_MACSEC
+       if (wconf->eapol_version > 2)
+               wconf->eapol_version = 2;
+#endif /* CONFIG_MACSEC */
        wconf->wmm_enabled = conf->wmm_enabled;
        wconf->wmm_uapsd = conf->wmm_uapsd;
        wconf->disable_pmksa_caching = conf->disable_pmksa_caching;