DPP2: Use the PFS fallback if multiple key_mgmt values are enabled

Previously this fallback from PFS enabled to disabled (and back to
enabled) was used only if the local network profile used key_mgmt=DPP,
i.e., did not enable another other AKM. That leaves out some valid cases
since the local network profile could actually enable both DPP and SAE.
Extend this check to accept cases DPP AKM is enabled and it was selected
for the connection even if there other enabled AKMs.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>

diff --git a/wpa_supplicant/events.c b/wpa_supplicant/events.c
index 80b803f5c7a1fedaaa9a8827f728a7db63e1e4d6..15c572f11bdf85b8b2dc05610372e406b40acdfb 100644 (file)
--- a/wpa_supplicant/events.c
+++ b/wpa_supplicant/events.c
@@ -4494,7 +4494,9 @@ static void wpas_event_assoc_reject(struct wpa_supplicant *wpa_s,
         * WLAN_STATUS_AKMP_NOT_VALID is addressed in the same manner as an
         * interoperability workaround with older hostapd implementation. */
        if (DPP_VERSION > 1 && wpa_s->current_ssid &&
-           wpa_s->current_ssid->key_mgmt == WPA_KEY_MGMT_DPP &&
+           (wpa_s->current_ssid->key_mgmt == WPA_KEY_MGMT_DPP ||
+            ((wpa_s->current_ssid->key_mgmt & WPA_KEY_MGMT_DPP) &&
+             wpa_s->key_mgmt == WPA_KEY_MGMT_DPP)) &&
            wpa_s->current_ssid->dpp_pfs == 0 &&
            (data->assoc_reject.status_code ==
             WLAN_STATUS_ASSOC_DENIED_UNSPEC ||