From c0f83f31045ff815d00ed9b59baa334d628729ab Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Thu, 1 Dec 2011 21:46:19 +0200 Subject: [PATCH] WPS: Disable WPS(v2) in WPA/TKIP-only configuration When using wpa_supplicant AP mode, WPS support is enabled by default for WPA/WPA2-Personal. Change this to enforce the WPS2 rules on not allowing WPS to be used with WPA/TKIP-only configuration (i.e., at minimum, mixed mode with WPA/TKIP and WPA2/CCMP has to be used for WPS to be enabled). Signed-hostap: Jouni Malinen --- wpa_supplicant/ap.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/wpa_supplicant/ap.c b/wpa_supplicant/ap.c index 2a86436e4..db0259d86 100644 --- a/wpa_supplicant/ap.c +++ b/wpa_supplicant/ap.c @@ -237,6 +237,12 @@ static int wpa_supplicant_conf_ap(struct wpa_supplicant *wpa_s, if (bss->ssid.security_policy != SECURITY_WPA_PSK && bss->ssid.security_policy != SECURITY_PLAINTEXT) goto no_wps; +#ifdef CONFIG_WPS2 + if (bss->ssid.security_policy == SECURITY_WPA_PSK && + (!(pairwise & WPA_CIPHER_CCMP) || !(bss->wpa & 2))) + goto no_wps; /* WPS2 does not allow WPA/TKIP-only + * configuration */ +#endif /* CONFIG_WPS2 */ bss->eap_server = 1; bss->wps_state = 2; bss->ap_setup_locked = 2;