DPP2: Use the PFS fallback if multiple key_mgmt values are enabled

Previously this fallback from PFS enabled to disabled (and back to
enabled) was used only if the local network profile used key_mgmt=DPP,
i.e., did not enable another other AKM. That leaves out some valid cases
since the local network profile could actually enable both DPP and SAE.
Extend this check to accept cases DPP AKM is enabled and it was selected
for the connection even if there other enabled AKMs.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This commit is contained in:
Jouni Malinen 2020-09-23 23:06:55 +03:00 committed by Jouni Malinen
parent cab139ebc2
commit 90e478aa0a

View file

@ -4494,7 +4494,9 @@ static void wpas_event_assoc_reject(struct wpa_supplicant *wpa_s,
* WLAN_STATUS_AKMP_NOT_VALID is addressed in the same manner as an
* interoperability workaround with older hostapd implementation. */
if (DPP_VERSION > 1 && wpa_s->current_ssid &&
wpa_s->current_ssid->key_mgmt == WPA_KEY_MGMT_DPP &&
(wpa_s->current_ssid->key_mgmt == WPA_KEY_MGMT_DPP ||
((wpa_s->current_ssid->key_mgmt & WPA_KEY_MGMT_DPP) &&
wpa_s->key_mgmt == WPA_KEY_MGMT_DPP)) &&
wpa_s->current_ssid->dpp_pfs == 0 &&
(data->assoc_reject.status_code ==
WLAN_STATUS_ASSOC_DENIED_UNSPEC ||