diff --git a/hostapd/config_file.c b/hostapd/config_file.c index 6c04ce480..7b22dfd0e 100644 --- a/hostapd/config_file.c +++ b/hostapd/config_file.c @@ -2919,31 +2919,16 @@ static int hostapd_config_fill(struct hostapd_config *conf, static void hostapd_set_security_params(struct hostapd_bss_config *bss) { - int pairwise; - if (bss->individual_wep_key_len == 0) { /* individual keys are not use; can use key idx0 for * broadcast keys */ bss->broadcast_key_idx_min = 0; } - /* Select group cipher based on the enabled pairwise cipher - * suites */ - pairwise = 0; - if (bss->wpa & 1) - pairwise |= bss->wpa_pairwise; - if (bss->wpa & 2) { - if (bss->rsn_pairwise == 0) - bss->rsn_pairwise = bss->wpa_pairwise; - pairwise |= bss->rsn_pairwise; - } - if (pairwise & WPA_CIPHER_TKIP) - bss->wpa_group = WPA_CIPHER_TKIP; - else if ((pairwise & (WPA_CIPHER_CCMP | WPA_CIPHER_GCMP)) == - WPA_CIPHER_GCMP) - bss->wpa_group = WPA_CIPHER_GCMP; - else - bss->wpa_group = WPA_CIPHER_CCMP; + if ((bss->wpa & 2) && bss->rsn_pairwise == 0) + bss->rsn_pairwise = bss->wpa_pairwise; + bss->wpa_group = wpa_select_ap_group_cipher(bss->wpa, bss->wpa_pairwise, + bss->rsn_pairwise); bss->radius->auth_server = bss->radius->auth_servers; bss->radius->acct_server = bss->radius->acct_servers; diff --git a/src/common/wpa_common.c b/src/common/wpa_common.c index fdf418f44..c786b0a25 100644 --- a/src/common/wpa_common.c +++ b/src/common/wpa_common.c @@ -1343,3 +1343,21 @@ int wpa_write_ciphers(char *start, char *end, int ciphers, const char *delim) return pos - start; } + + +int wpa_select_ap_group_cipher(int wpa, int wpa_pairwise, int rsn_pairwise) +{ + int pairwise = 0; + + /* Select group cipher based on the enabled pairwise cipher suites */ + if (wpa & 1) + pairwise |= wpa_pairwise; + if (wpa & 2) + pairwise |= rsn_pairwise; + + if (pairwise & WPA_CIPHER_TKIP) + return WPA_CIPHER_TKIP; + if ((pairwise & (WPA_CIPHER_CCMP | WPA_CIPHER_GCMP)) == WPA_CIPHER_GCMP) + return WPA_CIPHER_GCMP; + return WPA_CIPHER_CCMP; +} diff --git a/src/common/wpa_common.h b/src/common/wpa_common.h index a23038a05..a326950c6 100644 --- a/src/common/wpa_common.h +++ b/src/common/wpa_common.h @@ -400,5 +400,6 @@ int wpa_pick_pairwise_cipher(int ciphers, int none_allowed); int wpa_pick_group_cipher(int ciphers); int wpa_parse_cipher(const char *value); int wpa_write_ciphers(char *start, char *end, int ciphers, const char *delim); +int wpa_select_ap_group_cipher(int wpa, int wpa_pairwise, int rsn_pairwise); #endif /* WPA_COMMON_H */ diff --git a/wpa_supplicant/ap.c b/wpa_supplicant/ap.c index c6d98797e..ee53c37d4 100644 --- a/wpa_supplicant/ap.c +++ b/wpa_supplicant/ap.c @@ -46,7 +46,6 @@ static int wpa_supplicant_conf_ap(struct wpa_supplicant *wpa_s, struct hostapd_config *conf) { struct hostapd_bss_config *bss = &conf->bss[0]; - int pairwise; conf->driver = wpa_s->driver; @@ -211,22 +210,10 @@ static int wpa_supplicant_conf_ap(struct wpa_supplicant *wpa_s, if (ssid->dtim_period) bss->dtim_period = ssid->dtim_period; - /* Select group cipher based on the enabled pairwise cipher suites */ - pairwise = 0; - if (bss->wpa & 1) - pairwise |= bss->wpa_pairwise; - if (bss->wpa & 2) { - if (bss->rsn_pairwise == 0) - bss->rsn_pairwise = bss->wpa_pairwise; - pairwise |= bss->rsn_pairwise; - } - if (pairwise & WPA_CIPHER_TKIP) - bss->wpa_group = WPA_CIPHER_TKIP; - else if ((pairwise & (WPA_CIPHER_CCMP | WPA_CIPHER_GCMP)) == - WPA_CIPHER_GCMP) - bss->wpa_group = WPA_CIPHER_GCMP; - else - bss->wpa_group = WPA_CIPHER_CCMP; + if ((bss->wpa & 2) && bss->rsn_pairwise == 0) + bss->rsn_pairwise = bss->wpa_pairwise; + bss->wpa_group = wpa_select_ap_group_cipher(bss->wpa, bss->wpa_pairwise, + bss->rsn_pairwise); if (bss->wpa && bss->ieee802_1x) bss->ssid.security_policy = SECURITY_WPA; @@ -268,7 +255,7 @@ static int wpa_supplicant_conf_ap(struct wpa_supplicant *wpa_s, goto no_wps; #ifdef CONFIG_WPS2 if (bss->ssid.security_policy == SECURITY_WPA_PSK && - (!(pairwise & WPA_CIPHER_CCMP) || !(bss->wpa & 2))) + (!(bss->rsn_pairwise & WPA_CIPHER_CCMP) || !(bss->wpa & 2))) goto no_wps; /* WPS2 does not allow WPA/TKIP-only * configuration */ #endif /* CONFIG_WPS2 */