Fix pairwise cipher suite bitfields to the driver in mixed mode

Commit 95b6bca66de9dc0a2ddd9164ec052a7d5f58804b ('Add rsn_pairwise bits
to set_ieee8021x() driver_ops') modified cipher configuration to use
unconditionally wpa_pairwise | rsn_pairwise. While that works for many
cases, it does not handle the case of dynamic configuration changes over
the control interface where wpa_pairwise or rsn_pairwise values may not
get cleared when the wpa parameter is modified. Fix this inconsistency
by configuring the driver with only the bits that are valid for the
currently enabled WPA/WPA2 version(s).

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

diff --git a/src/ap/ap_drv_ops.c b/src/ap/ap_drv_ops.c
index 9ee88b4..60c8f8c 100644 (file)
--- a/src/ap/ap_drv_ops.c
+++ b/src/ap/ap_drv_ops.c
@@ -290,8 +290,14 @@ int hostapd_set_drv_ieee8021x(struct hostapd_data *hapd, const char *ifname,
                params.wpa = hapd->conf->wpa;
                params.ieee802_1x = hapd->conf->ieee802_1x;
                params.wpa_group = hapd->conf->wpa_group;
-               params.wpa_pairwise = hapd->conf->wpa_pairwise |
-                       hapd->conf->rsn_pairwise;
+               if ((hapd->conf->wpa & (WPA_PROTO_WPA | WPA_PROTO_RSN)) ==
+                   (WPA_PROTO_WPA | WPA_PROTO_RSN))
+                       params.wpa_pairwise = hapd->conf->wpa_pairwise |
+                               hapd->conf->rsn_pairwise;
+               else if (hapd->conf->wpa & WPA_PROTO_RSN)
+                       params.wpa_pairwise = hapd->conf->rsn_pairwise;
+               else if (hapd->conf->wpa & WPA_PROTO_WPA)
+                       params.wpa_pairwise = hapd->conf->wpa_pairwise;
                params.wpa_key_mgmt = hapd->conf->wpa_key_mgmt;
                params.rsn_preauth = hapd->conf->rsn_preauth;
 #ifdef CONFIG_IEEE80211W

diff --git a/src/ap/beacon.c b/src/ap/beacon.c
index 7009855..51d0c15 100644 (file)
--- a/src/ap/beacon.c
+++ b/src/ap/beacon.c
@@ -956,8 +956,14 @@ int ieee802_11_build_ap_params(struct hostapd_data *hapd,
        params->basic_rates = hapd->iface->basic_rates;
        params->ssid = hapd->conf->ssid.ssid;
        params->ssid_len = hapd->conf->ssid.ssid_len;
-       params->pairwise_ciphers = hapd->conf->wpa_pairwise |
-               hapd->conf->rsn_pairwise;
+       if ((hapd->conf->wpa & (WPA_PROTO_WPA | WPA_PROTO_RSN)) ==
+           (WPA_PROTO_WPA | WPA_PROTO_RSN))
+               params->pairwise_ciphers = hapd->conf->wpa_pairwise |
+                       hapd->conf->rsn_pairwise;
+       else if (hapd->conf->wpa & WPA_PROTO_RSN)
+               params->pairwise_ciphers = hapd->conf->rsn_pairwise;
+       else if (hapd->conf->wpa & WPA_PROTO_WPA)
+               params->pairwise_ciphers = hapd->conf->wpa_pairwise;
        params->group_cipher = hapd->conf->wpa_group;
        params->key_mgmt_suites = hapd->conf->wpa_key_mgmt;
        params->auth_algs = hapd->conf->auth_algs;