From 7ca81190a8e2e8198629402f6522e2a1198bb885 Mon Sep 17 00:00:00 2001
From: Jouni Malinen <jouni@codeaurora.org>
Date: Thu, 6 Aug 2020 23:49:19 +0300
Subject: [PATCH] SAE-PK: Allow SAE-PK style wpa_passphrase if SAE-PK is
 enabled with same

This prevents use of a SAE-PK style password as the WPA-PSK passphrase
only if the same password is not also enabled through sae_password for
use with SAE-PK.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
---
 src/ap/ap_config.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/src/ap/ap_config.c b/src/ap/ap_config.c
index 1c6b4a00e..769f7fab6 100644
--- a/src/ap/ap_config.c
+++ b/src/ap/ap_config.c
@@ -1123,17 +1123,21 @@ const u8 * hostapd_get_psk(const struct hostapd_bss_config *conf,
 static bool hostapd_sae_pk_password_without_pk(struct hostapd_bss_config *bss)
 {
 	struct sae_password_entry *pw;
+	bool res = false;
 
 	if (bss->ssid.wpa_passphrase &&
 	    sae_pk_valid_password(bss->ssid.wpa_passphrase))
-		return true;
+		res = true;
 
 	for (pw = bss->sae_passwords; pw; pw = pw->next) {
 		if (!pw->pk && sae_pk_valid_password(pw->password))
 			return true;
+		if (bss->ssid.wpa_passphrase && res && pw->pk &&
+		    os_strcmp(bss->ssid.wpa_passphrase, pw->password) == 0)
+			res = false;
 	}
 
-	return false;
+	return res;
 }
 #endif /* CONFIG_SAE_PK */