SAE-PK: Allow SAE-PK style wpa_passphrase if SAE-PK is enabled with same

This prevents use of a SAE-PK style password as the WPA-PSK passphrase
only if the same password is not also enabled through sae_password for
use with SAE-PK.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>

diff --git a/src/ap/ap_config.c b/src/ap/ap_config.c
index 1c6b4a00ec26e32d35e894303fc778a2b24aa2b8..769f7fab6d55b5c146b3ce63320d7dd73dc4cc94 100644 (file)
--- a/src/ap/ap_config.c
+++ b/src/ap/ap_config.c
@@ -1123,17 +1123,21 @@ const u8 * hostapd_get_psk(const struct hostapd_bss_config *conf,
 static bool hostapd_sae_pk_password_without_pk(struct hostapd_bss_config *bss)
 {
        struct sae_password_entry *pw;
+       bool res = false;
 
        if (bss->ssid.wpa_passphrase &&
            sae_pk_valid_password(bss->ssid.wpa_passphrase))
-               return true;
+               res = true;
 
        for (pw = bss->sae_passwords; pw; pw = pw->next) {
                if (!pw->pk && sae_pk_valid_password(pw->password))
                        return true;
+               if (bss->ssid.wpa_passphrase && res && pw->pk &&
+                   os_strcmp(bss->ssid.wpa_passphrase, pw->password) == 0)
+                       res = false;
        }
 
-       return false;
+       return res;
 }
 #endif /* CONFIG_SAE_PK */