aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJouni Malinen <jouni@codeaurora.org>2019-11-28 22:07:57 (GMT)
committerJouni Malinen <j@w1.fi>2019-11-28 22:07:57 (GMT)
commit9f50538e1302776aa84bf05e40229bcc6b3fa9bf (patch)
treebe3fa14de7b2bba1257de0a97df1ef38e370f98e
parentee275671980fdb095572535ddac6ede44e82c898 (diff)
downloadhostap-9f50538e1302776aa84bf05e40229bcc6b3fa9bf.zip
hostap-9f50538e1302776aa84bf05e40229bcc6b3fa9bf.tar.gz
hostap-9f50538e1302776aa84bf05e40229bcc6b3fa9bf.tar.bz2
SAE H2E: Do not use sae_h2e param in AP mode if SAE is disabled
Previously, nonzero sae_h2e parameter values were used to perform SAE H2E specific operations (deriving PT, adding RSNXE, adding H2E-only BSS membership selector) in AP mode even if SAE was not enabled for the network. This could result in unexpected behavior if sae_pwe=1 or sae_pwe=2 were set in the configuration. Fix this by making the SAE operations conditional on SAE being actually enabled. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
-rw-r--r--src/ap/ap_config.c2
-rw-r--r--src/ap/ieee802_11.c13
-rw-r--r--src/ap/ieee802_11_shared.c1
3 files changed, 11 insertions, 5 deletions
diff --git a/src/ap/ap_config.c b/src/ap/ap_config.c
index 58fc3e9..d4a3404 100644
--- a/src/ap/ap_config.c
+++ b/src/ap/ap_config.c
@@ -441,7 +441,7 @@ int hostapd_setup_sae_pt(struct hostapd_bss_config *conf)
struct hostapd_ssid *ssid = &conf->ssid;
struct sae_password_entry *pw;
- if (conf->sae_pwe == 0)
+ if (conf->sae_pwe == 0 || !wpa_key_mgmt_sae(conf->wpa_key_mgmt))
return 0; /* PT not needed */
sae_deinit_pt(ssid->pt);
diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c
index 92ae026..07723d0 100644
--- a/src/ap/ieee802_11.c
+++ b/src/ap/ieee802_11.c
@@ -98,7 +98,8 @@ u8 * hostapd_eid_supp_rates(struct hostapd_data *hapd, u8 *eid)
num++;
if (hapd->iconf->ieee80211ac && hapd->iconf->require_vht)
num++;
- if (hapd->conf->sae_pwe == 1)
+ if (hapd->conf->sae_pwe == 1 &&
+ wpa_key_mgmt_sae(hapd->conf->wpa_key_mgmt))
num++;
if (num > 8) {
/* rest of the rates are encoded in Extended supported
@@ -126,7 +127,9 @@ u8 * hostapd_eid_supp_rates(struct hostapd_data *hapd, u8 *eid)
*pos++ = 0x80 | BSS_MEMBERSHIP_SELECTOR_VHT_PHY;
}
- if (hapd->conf->sae_pwe == 1 && count < 8) {
+ if (hapd->conf->sae_pwe == 1 &&
+ wpa_key_mgmt_sae(hapd->conf->wpa_key_mgmt) &&
+ count < 8) {
count++;
*pos++ = 0x80 | BSS_MEMBERSHIP_SELECTOR_SAE_H2E_ONLY;
}
@@ -148,7 +151,8 @@ u8 * hostapd_eid_ext_supp_rates(struct hostapd_data *hapd, u8 *eid)
num++;
if (hapd->iconf->ieee80211ac && hapd->iconf->require_vht)
num++;
- if (hapd->conf->sae_pwe == 1)
+ if (hapd->conf->sae_pwe == 1 &&
+ wpa_key_mgmt_sae(hapd->conf->wpa_key_mgmt))
num++;
if (num <= 8)
return eid;
@@ -179,7 +183,8 @@ u8 * hostapd_eid_ext_supp_rates(struct hostapd_data *hapd, u8 *eid)
*pos++ = 0x80 | BSS_MEMBERSHIP_SELECTOR_VHT_PHY;
}
- if (hapd->conf->sae_pwe == 1) {
+ if (hapd->conf->sae_pwe == 1 &&
+ wpa_key_mgmt_sae(hapd->conf->wpa_key_mgmt)) {
count++;
if (count > 8)
*pos++ = 0x80 | BSS_MEMBERSHIP_SELECTOR_SAE_H2E_ONLY;
diff --git a/src/ap/ieee802_11_shared.c b/src/ap/ieee802_11_shared.c
index 0b828e9..1e1cc38 100644
--- a/src/ap/ieee802_11_shared.c
+++ b/src/ap/ieee802_11_shared.c
@@ -1011,6 +1011,7 @@ u8 * hostapd_eid_rsnxe(struct hostapd_data *hapd, u8 *eid, size_t len)
u8 *pos = eid;
if (!(hapd->conf->wpa & WPA_PROTO_RSN) ||
+ !wpa_key_mgmt_sae(hapd->conf->wpa_key_mgmt) ||
(hapd->conf->sae_pwe != 1 && hapd->conf->sae_pwe != 2) ||
len < 3)
return pos;