Fix pairwise cipher suite bitfields to the driver in mixed mode

Commit 95b6bca66de9dc0a2ddd9164ec052a7d5f58804b ('Add rsn_pairwise bits
to set_ieee8021x() driver_ops') modified cipher configuration to use
unconditionally wpa_pairwise | rsn_pairwise. While that works for many
cases, it does not handle the case of dynamic configuration changes over
the control interface where wpa_pairwise or rsn_pairwise values may not
get cleared when the wpa parameter is modified. Fix this inconsistency
by configuring the driver with only the bits that are valid for the
currently enabled WPA/WPA2 version(s).

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

diff --git a/src/ap/ap_drv_ops.c b/src/ap/ap_drv_ops.c
index 9ee88b4ba29f666a96ddb79b05d1d9ef745b95f9..60c8f8c75558c6a6d7da339a734952827bb24482 100644 (file)
--- a/src/ap/ap_drv_ops.c
+++ b/src/ap/ap_drv_ops.c
@@ -290,8 +290,14 @@ int hostapd_set_drv_ieee8021x(struct hostapd_data *hapd, const char *ifname,
                params.wpa = hapd->conf->wpa;
                params.ieee802_1x = hapd->conf->ieee802_1x;
                params.wpa_group = hapd->conf->wpa_group;
-               params.wpa_pairwise = hapd->conf->wpa_pairwise |
-                       hapd->conf->rsn_pairwise;
+               if ((hapd->conf->wpa & (WPA_PROTO_WPA | WPA_PROTO_RSN)) ==
+                   (WPA_PROTO_WPA | WPA_PROTO_RSN))
+                       params.wpa_pairwise = hapd->conf->wpa_pairwise |
+                               hapd->conf->rsn_pairwise;
+               else if (hapd->conf->wpa & WPA_PROTO_RSN)
+                       params.wpa_pairwise = hapd->conf->rsn_pairwise;
+               else if (hapd->conf->wpa & WPA_PROTO_WPA)
+                       params.wpa_pairwise = hapd->conf->wpa_pairwise;
                params.wpa_key_mgmt = hapd->conf->wpa_key_mgmt;
                params.rsn_preauth = hapd->conf->rsn_preauth;
 #ifdef CONFIG_IEEE80211W

diff --git a/src/ap/beacon.c b/src/ap/beacon.c
index 700985595847f748bb787f5038c689c9dc57a045..51d0c1504a48f25253adfd3c0bdb33fa10402766 100644 (file)
--- a/src/ap/beacon.c
+++ b/src/ap/beacon.c
@@ -956,8 +956,14 @@ int ieee802_11_build_ap_params(struct hostapd_data *hapd,
        params->basic_rates = hapd->iface->basic_rates;
        params->ssid = hapd->conf->ssid.ssid;
        params->ssid_len = hapd->conf->ssid.ssid_len;
-       params->pairwise_ciphers = hapd->conf->wpa_pairwise |
-               hapd->conf->rsn_pairwise;
+       if ((hapd->conf->wpa & (WPA_PROTO_WPA | WPA_PROTO_RSN)) ==
+           (WPA_PROTO_WPA | WPA_PROTO_RSN))
+               params->pairwise_ciphers = hapd->conf->wpa_pairwise |
+                       hapd->conf->rsn_pairwise;
+       else if (hapd->conf->wpa & WPA_PROTO_RSN)
+               params->pairwise_ciphers = hapd->conf->rsn_pairwise;
+       else if (hapd->conf->wpa & WPA_PROTO_WPA)
+               params->pairwise_ciphers = hapd->conf->wpa_pairwise;
        params->group_cipher = hapd->conf->wpa_group;
        params->key_mgmt_suites = hapd->conf->wpa_key_mgmt;
        params->auth_algs = hapd->conf->auth_algs;