macsec: Do not change eapol_version for non-MACsec cases in hostapd

It is safer to maintain the old EAPOL version (2) in EAPOL frames that
are not related to MACsec and only update the version to 3 for the
MACsec specific cases.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This commit is contained in:
Jouni Malinen 2019-06-03 20:00:57 +03:00
parent a93b369c17
commit 524dc5bf10
2 changed files with 12 additions and 0 deletions

View file

@ -64,6 +64,10 @@ static void ieee802_1x_send(struct hostapd_data *hapd, struct sta_info *sta,
xhdr = (struct ieee802_1x_hdr *) buf; xhdr = (struct ieee802_1x_hdr *) buf;
xhdr->version = hapd->conf->eapol_version; xhdr->version = hapd->conf->eapol_version;
#ifdef CONFIG_MACSEC
if (xhdr->version > 2 && hapd->conf->macsec_policy == 0)
xhdr->version = 2;
#endif /* CONFIG_MACSEC */
xhdr->type = type; xhdr->type = type;
xhdr->length = host_to_be16(datalen); xhdr->length = host_to_be16(datalen);
@ -213,6 +217,10 @@ static void ieee802_1x_tx_key_one(struct hostapd_data *hapd,
/* This header is needed here for HMAC-MD5, but it will be regenerated /* This header is needed here for HMAC-MD5, but it will be regenerated
* in ieee802_1x_send() */ * in ieee802_1x_send() */
hdr->version = hapd->conf->eapol_version; hdr->version = hapd->conf->eapol_version;
#ifdef CONFIG_MACSEC
if (hdr->version > 2)
hdr->version = 2;
#endif /* CONFIG_MACSEC */
hdr->type = IEEE802_1X_TYPE_EAPOL_KEY; hdr->type = IEEE802_1X_TYPE_EAPOL_KEY;
hdr->length = host_to_be16(len); hdr->length = host_to_be16(len);
hmac_md5(sm->eap_if->eapKeyData + 32, 32, buf, sizeof(*hdr) + len, hmac_md5(sm->eap_if->eapKeyData + 32, 32, buf, sizeof(*hdr) + len,

View file

@ -53,6 +53,10 @@ static void hostapd_wpa_auth_conf(struct hostapd_bss_config *conf,
wconf->rsn_pairwise = conf->rsn_pairwise; wconf->rsn_pairwise = conf->rsn_pairwise;
wconf->rsn_preauth = conf->rsn_preauth; wconf->rsn_preauth = conf->rsn_preauth;
wconf->eapol_version = conf->eapol_version; wconf->eapol_version = conf->eapol_version;
#ifdef CONFIG_MACSEC
if (wconf->eapol_version > 2)
wconf->eapol_version = 2;
#endif /* CONFIG_MACSEC */
wconf->wmm_enabled = conf->wmm_enabled; wconf->wmm_enabled = conf->wmm_enabled;
wconf->wmm_uapsd = conf->wmm_uapsd; wconf->wmm_uapsd = conf->wmm_uapsd;
wconf->disable_pmksa_caching = conf->disable_pmksa_caching; wconf->disable_pmksa_caching = conf->disable_pmksa_caching;