|
|
@@ -2354,6 +2354,23 @@ static int wps_process_auth_type_flags(struct wps_data *wps, const u8 *auth)
|
|
|
|
|
|
wpa_printf(MSG_DEBUG, "WPS: Enrollee Authentication Type flags 0x%x",
|
|
|
auth_types);
|
|
|
+#ifdef WPS_WORKAROUNDS
|
|
|
+ /*
|
|
|
+ * Some deployed implementations seem to advertise incorrect information
|
|
|
+ * in this attribute. A value of 0x1b (WPA2 + WPA + WPAPSK + OPEN, but
|
|
|
+ * no WPA2PSK) has been reported to be used. Add WPA2PSK to the list to
|
|
|
+ * avoid issues with building Credentials that do not use the strongest
|
|
|
+ * actually supported authentication option (that device does support
|
|
|
+ * WPA2PSK even when it does not claim it here).
|
|
|
+ */
|
|
|
+ if ((auth_types &
|
|
|
+ (WPS_AUTH_WPA2 | WPS_AUTH_WPA2PSK | WPS_AUTH_WPAPSK)) ==
|
|
|
+ (WPS_AUTH_WPA2 | WPS_AUTH_WPAPSK)) {
|
|
|
+ wpa_printf(MSG_DEBUG,
|
|
|
+ "WPS: Workaround - assume Enrollee supports WPA2PSK based on claimed WPA2 support");
|
|
|
+ auth_types |= WPS_AUTH_WPA2PSK;
|
|
|
+ }
|
|
|
+#endif /* WPS_WORKAROUNDS */
|
|
|
wps->auth_type = wps->wps->auth_types & auth_types;
|
|
|
if (wps->auth_type == 0) {
|
|
|
wpa_printf(MSG_DEBUG, "WPS: No match in supported "
|
Jouni Malinen