aboutsummaryrefslogtreecommitdiffstats
path: root/wpa_supplicant
diff options
context:
space:
mode:
authorJouni Malinen <jouni@codeaurora.org>2018-04-23 10:40:39 (GMT)
committerJouni Malinen <j@w1.fi>2018-04-23 21:35:43 (GMT)
commit72b6e5d1e2dec31f775bd7a71effb4d63a8fa96f (patch)
tree0614c274f05637c10f64d62e60911e93a80ae3b6 /wpa_supplicant
parent440e9f0bbe37720a42ac8a9ae40ae66234ac841c (diff)
downloadhostap-72b6e5d1e2dec31f775bd7a71effb4d63a8fa96f.zip
hostap-72b6e5d1e2dec31f775bd7a71effb4d63a8fa96f.tar.gz
hostap-72b6e5d1e2dec31f775bd7a71effb4d63a8fa96f.tar.bz2
Do not remove CCMP group cipher if any CCMP/GCMP cipher is enabled
CCMP group cipher was removed if CCMP was not allowed as a pairwise cipher when loading a configuration file (but not actually when changing configuration during runtime). This is needed to avoid issues with configurations that use the default group cipher (TKIP CCMP) while modifying pairwise cipher from the default CCMP TKIP) to TKIP. However, there is not really a need to remove the CCMP group cipher if any GCMP or CCMP cipher is enabled as a pairwise cipher. Change the network profile validation routine to not remove CCMP as group cipher if CCMP-256, GCMP, or GCMP-256 is enabled as a pairwise cipher even if CCMP is not. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Diffstat (limited to 'wpa_supplicant')
-rw-r--r--wpa_supplicant/config_file.c5
1 files changed, 3 insertions, 2 deletions
diff --git a/wpa_supplicant/config_file.c b/wpa_supplicant/config_file.c
index 985c371..d186f78 100644
--- a/wpa_supplicant/config_file.c
+++ b/wpa_supplicant/config_file.c
@@ -141,8 +141,9 @@ static int wpa_config_validate_network(struct wpa_ssid *ssid, int line)
ssid->p2p_persistent_group = 1;
if ((ssid->group_cipher & WPA_CIPHER_CCMP) &&
- !(ssid->pairwise_cipher & WPA_CIPHER_CCMP) &&
- !(ssid->pairwise_cipher & WPA_CIPHER_NONE)) {
+ !(ssid->pairwise_cipher & (WPA_CIPHER_CCMP | WPA_CIPHER_CCMP_256 |
+ WPA_CIPHER_GCMP | WPA_CIPHER_GCMP_256 |
+ WPA_CIPHER_NONE))) {
/* Group cipher cannot be stronger than the pairwise cipher. */
wpa_printf(MSG_DEBUG, "Line %d: removed CCMP from group cipher"
" list since it was not allowed for pairwise "