aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJouni Malinen <j@w1.fi>2017-12-27 16:38:12 (GMT)
committerJouni Malinen <j@w1.fi>2017-12-27 16:38:12 (GMT)
commit02b38d0ad53d733ac9526be9344bdb05550284bf (patch)
treedd190f884c31e5357e190d3f40bdc2b58113d7fb
parent5c8df74f18487330d28ff4f33f38f69ecf324ac6 (diff)
downloadhostap-02b38d0ad53d733ac9526be9344bdb05550284bf.zip
hostap-02b38d0ad53d733ac9526be9344bdb05550284bf.tar.gz
hostap-02b38d0ad53d733ac9526be9344bdb05550284bf.tar.bz2
Fix MFP-enabled test for disallowed TKIP
The test against use of TKIP was done only in MFP-required (ieee80211w=2) configuration. Fix this to check the pairwise cipher for MFP-enabled (ieee80211w=1) case as well. Signed-off-by: Jouni Malinen <j@w1.fi>
-rw-r--r--src/ap/wpa_auth_ie.c12
1 files changed, 6 insertions, 6 deletions
diff --git a/src/ap/wpa_auth_ie.c b/src/ap/wpa_auth_ie.c
index 64dd787..c394293 100644
--- a/src/ap/wpa_auth_ie.c
+++ b/src/ap/wpa_auth_ie.c
@@ -711,12 +711,6 @@ int wpa_validate_wpa_ie(struct wpa_authenticator *wpa_auth,
return WPA_MGMT_FRAME_PROTECTION_VIOLATION;
}
- if (ciphers & WPA_CIPHER_TKIP) {
- wpa_printf(MSG_DEBUG, "Management frame protection "
- "cannot use TKIP");
- return WPA_MGMT_FRAME_PROTECTION_VIOLATION;
- }
-
if (data.mgmt_group_cipher != wpa_auth->conf.group_mgmt_cipher)
{
wpa_printf(MSG_DEBUG, "Unsupported management group "
@@ -740,6 +734,12 @@ int wpa_validate_wpa_ie(struct wpa_authenticator *wpa_auth,
sm->mgmt_frame_prot = 0;
else
sm->mgmt_frame_prot = 1;
+
+ if (sm->mgmt_frame_prot && (ciphers & WPA_CIPHER_TKIP)) {
+ wpa_printf(MSG_DEBUG,
+ "Management frame protection cannot use TKIP");
+ return WPA_MGMT_FRAME_PROTECTION_VIOLATION;
+ }
#endif /* CONFIG_IEEE80211W */
#ifdef CONFIG_IEEE80211R_AP