aboutsummaryrefslogtreecommitdiffstats
path: root/src/wps
diff options
context:
space:
mode:
authorJouni Malinen <j@w1.fi>2016-01-01 10:49:27 (GMT)
committerJouni Malinen <j@w1.fi>2016-01-01 11:42:04 (GMT)
commitea319127e4ad93a62ca7b730f5698c360ae1ac88 (patch)
treed83d589329938f0cdebf293674d3392312ef018b /src/wps
parentdb671e0aee588f9e4f60ffa6a3c322e6b16b9c33 (diff)
downloadhostap-ea319127e4ad93a62ca7b730f5698c360ae1ac88.zip
hostap-ea319127e4ad93a62ca7b730f5698c360ae1ac88.tar.gz
hostap-ea319127e4ad93a62ca7b730f5698c360ae1ac88.tar.bz2
WPS: Add a workaround for WPA2PSK missing from Enrollee auth flags
Some deployed implementations seem to advertise incorrect information in this attribute. A value of 0x1b (WPA2 + WPA + WPAPSK + OPEN, but no WPA2PSK) has been reported to be used. Add WPA2PSK to the list to avoid issues with building Credentials that do not use the strongest actually supported authentication option (that device does support WPA2PSK even when it does not claim it here). Signed-off-by: Jouni Malinen <j@w1.fi>
Diffstat (limited to 'src/wps')
-rw-r--r--src/wps/wps_registrar.c17
1 files changed, 17 insertions, 0 deletions
diff --git a/src/wps/wps_registrar.c b/src/wps/wps_registrar.c
index 22b68af..25e88d5 100644
--- a/src/wps/wps_registrar.c
+++ b/src/wps/wps_registrar.c
@@ -2354,6 +2354,23 @@ static int wps_process_auth_type_flags(struct wps_data *wps, const u8 *auth)
wpa_printf(MSG_DEBUG, "WPS: Enrollee Authentication Type flags 0x%x",
auth_types);
+#ifdef WPS_WORKAROUNDS
+ /*
+ * Some deployed implementations seem to advertise incorrect information
+ * in this attribute. A value of 0x1b (WPA2 + WPA + WPAPSK + OPEN, but
+ * no WPA2PSK) has been reported to be used. Add WPA2PSK to the list to
+ * avoid issues with building Credentials that do not use the strongest
+ * actually supported authentication option (that device does support
+ * WPA2PSK even when it does not claim it here).
+ */
+ if ((auth_types &
+ (WPS_AUTH_WPA2 | WPS_AUTH_WPA2PSK | WPS_AUTH_WPAPSK)) ==
+ (WPS_AUTH_WPA2 | WPS_AUTH_WPAPSK)) {
+ wpa_printf(MSG_DEBUG,
+ "WPS: Workaround - assume Enrollee supports WPA2PSK based on claimed WPA2 support");
+ auth_types |= WPS_AUTH_WPA2PSK;
+ }
+#endif /* WPS_WORKAROUNDS */
wps->auth_type = wps->wps->auth_types & auth_types;
if (wps->auth_type == 0) {
wpa_printf(MSG_DEBUG, "WPS: No match in supported "