aboutsummaryrefslogtreecommitdiffstats
path: root/src/rsn_supp
diff options
context:
space:
mode:
authorJouni Malinen <j@w1.fi>2015-08-01 20:37:07 (GMT)
committerJouni Malinen <j@w1.fi>2015-08-02 13:52:56 (GMT)
commit7cb53ded11a8e8f8436ceeb312a9ec643e3e3916 (patch)
treef42be500a97d7fcd772fb55ff8ecf2cd80931546 /src/rsn_supp
parenta1eabc74b8b799a80b615cfcc068862d94b827da (diff)
downloadhostap-7cb53ded11a8e8f8436ceeb312a9ec643e3e3916.zip
hostap-7cb53ded11a8e8f8436ceeb312a9ec643e3e3916.tar.gz
hostap-7cb53ded11a8e8f8436ceeb312a9ec643e3e3916.tar.bz2
Add build option to remove all internal RC4 uses
The new CONFIG_NO_RC4=y build option can be used to remove all internal hostapd and wpa_supplicant uses of RC4. It should be noted that external uses (e.g., within a TLS library) do not get disabled when doing this. This removes capability of supporting WPA/TKIP, dynamic WEP keys with IEEE 802.1X, WEP shared key authentication, and MSCHAPv2 password changes. Signed-off-by: Jouni Malinen <j@w1.fi>
Diffstat (limited to 'src/rsn_supp')
-rw-r--r--src/rsn_supp/wpa.c12
1 files changed, 12 insertions, 0 deletions
diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c
index faffe36..52c01b8 100644
--- a/src/rsn_supp/wpa.c
+++ b/src/rsn_supp/wpa.c
@@ -1344,6 +1344,11 @@ static int wpa_supplicant_process_1_of_2_wpa(struct wpa_sm *sm,
gd->keyidx = (key_info & WPA_KEY_INFO_KEY_INDEX_MASK) >>
WPA_KEY_INFO_KEY_INDEX_SHIFT;
if (ver == WPA_KEY_INFO_TYPE_HMAC_MD5_RC4 && sm->ptk.kek_len == 16) {
+#ifdef CONFIG_NO_RC4
+ wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
+ "WPA: RC4 not supported in the build");
+ return -1;
+#else /* CONFIG_NO_RC4 */
u8 ek[32];
if (key_data_len > sizeof(gd->gtk)) {
wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
@@ -1361,6 +1366,7 @@ static int wpa_supplicant_process_1_of_2_wpa(struct wpa_sm *sm,
return -1;
}
os_memset(ek, 0, sizeof(ek));
+#endif /* CONFIG_NO_RC4 */
} else if (ver == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) {
if (maxkeylen % 8) {
wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
@@ -1575,6 +1581,11 @@ static int wpa_supplicant_decrypt_key_data(struct wpa_sm *sm,
/* Decrypt key data here so that this operation does not need
* to be implemented separately for each message type. */
if (ver == WPA_KEY_INFO_TYPE_HMAC_MD5_RC4 && sm->ptk.kek_len == 16) {
+#ifdef CONFIG_NO_RC4
+ wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
+ "WPA: RC4 not supported in the build");
+ return -1;
+#else /* CONFIG_NO_RC4 */
u8 ek[32];
os_memcpy(ek, key->key_iv, 16);
os_memcpy(ek + 16, sm->ptk.kek, sm->ptk.kek_len);
@@ -1585,6 +1596,7 @@ static int wpa_supplicant_decrypt_key_data(struct wpa_sm *sm,
return -1;
}
os_memset(ek, 0, sizeof(ek));
+#endif /* CONFIG_NO_RC4 */
} else if (ver == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES ||
ver == WPA_KEY_INFO_TYPE_AES_128_CMAC ||
sm->key_mgmt == WPA_KEY_MGMT_OSEN ||