aboutsummaryrefslogtreecommitdiffstats
path: root/wpa_supplicant/events.c
diff options
context:
space:
mode:
authorJouni Malinen <jouni@qca.qualcomm.com>2013-08-23 16:27:25 (GMT)
committerJouni Malinen <j@w1.fi>2013-08-23 16:27:25 (GMT)
commit86bd1410503913b719417f32457631a2ee1095ed (patch)
treedbfaeade521b0993e90212a3ab6c2a6e7ee15e10 /wpa_supplicant/events.c
parent2e145e91e7b83b7bef9e513bd57c121a62f2e15d (diff)
downloadhostap-86bd1410503913b719417f32457631a2ee1095ed.zip
hostap-86bd1410503913b719417f32457631a2ee1095ed.tar.gz
hostap-86bd1410503913b719417f32457631a2ee1095ed.tar.bz2
Change WEP network selection to reject WPA/WPA2 APs
Previously, wpa_supplicant behavior in WEP configuration was to try to mimic a device that is not aware of WPA/WPA2 and as such, it tried to connect to a WPA/WPA2 AP with the assumption that the AP could be providing support for both WEP and WPA/WPA2 stations in the same BSS. Such APs could have been used during transition from WEP to more secure options, but that type of deployment have not been used in large number and are not really of much use anymore taken into account that more or less all new devices support WPA/WPA2. That combined with the preference to deprecate WEP justifies removing this use case and making WEP networking matching more strict by using the knowledge of AP advertising WPA/WPA2 as an indication of WEP not being supported. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Diffstat (limited to 'wpa_supplicant/events.c')
-rw-r--r--wpa_supplicant/events.c31
1 files changed, 24 insertions, 7 deletions
diff --git a/wpa_supplicant/events.c b/wpa_supplicant/events.c
index bcfac21..3ecb0ce 100644
--- a/wpa_supplicant/events.c
+++ b/wpa_supplicant/events.c
@@ -334,10 +334,24 @@ int wpa_supplicant_scard_init(struct wpa_supplicant *wpa_s,
#ifndef CONFIG_NO_SCAN_PROCESSING
+
+static int has_wep_key(struct wpa_ssid *ssid)
+{
+ int i;
+
+ for (i = 0; i < NUM_WEP_KEYS; i++) {
+ if (ssid->wep_key_len[i])
+ return 1;
+ }
+
+ return 0;
+}
+
+
static int wpa_supplicant_match_privacy(struct wpa_bss *bss,
struct wpa_ssid *ssid)
{
- int i, privacy = 0;
+ int privacy = 0;
if (ssid->mixed_cell)
return 1;
@@ -347,12 +361,9 @@ static int wpa_supplicant_match_privacy(struct wpa_bss *bss,
return 1;
#endif /* CONFIG_WPS */
- for (i = 0; i < NUM_WEP_KEYS; i++) {
- if (ssid->wep_key_len[i]) {
- privacy = 1;
- break;
- }
- }
+ if (has_wep_key(ssid))
+ privacy = 1;
+
#ifdef IEEE8021X_EAPOL
if ((ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA) &&
ssid->eapol_flags & (EAPOL_FLAG_REQUIRE_KEY_UNICAST |
@@ -818,6 +829,12 @@ static struct wpa_ssid * wpa_scan_res_match(struct wpa_supplicant *wpa_s,
continue;
}
+ if (wpa && !wpa_key_mgmt_wpa(ssid->key_mgmt) &&
+ has_wep_key(ssid)) {
+ wpa_dbg(wpa_s, MSG_DEBUG, " skip - ignore WPA/WPA2 AP for WEP network block");
+ continue;
+ }
+
if (!wpa_supplicant_match_privacy(bss, ssid)) {
wpa_dbg(wpa_s, MSG_DEBUG, " skip - privacy "
"mismatch");