This cipher can be used only as a group management frame cipher and as
such, there is no point in validating that it is not used with non-zero
key-index. Instead, verify that it is not used as a pairwise cipher
regardless of the key index.
Signed-off-by: Jouni Malinen <jouni@xxxxxxxxxxxxxxxx>
---
net/wireless/util.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/net/wireless/util.c b/net/wireless/util.c
index 3535e8a..f608ba0 100644
--- a/net/wireless/util.c
+++ b/net/wireless/util.c
@@ -236,8 +236,11 @@ int cfg80211_validate_key_settings(struct cfg80211_registered_device *rdev,
*/
if (pairwise && key_idx &&
((params->cipher == WLAN_CIPHER_SUITE_TKIP) ||
- (params->cipher == WLAN_CIPHER_SUITE_CCMP) ||
- (params->cipher == WLAN_CIPHER_SUITE_AES_CMAC)))
+ (params->cipher == WLAN_CIPHER_SUITE_CCMP)))
+ return -EINVAL;
+
+ /* Disallow BIP (group-only) cipher as pairwise cipher */
+ if (pairwise && params->cipher == WLAN_CIPHER_SUITE_AES_CMAC)
return -EINVAL;
switch (params->cipher) {
--
1.9.1
--
To unsubscribe from this list: send the line "unsubscribe linux-wireless" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
