Revert "[wpa_supplicant] Cumulative patch from commit 0c5ededed"

This reverts commit 1a1e642fd6c1200e7e1979ea70103c484062f3a9.

Reason for revert: Droidcop: Potential culprit for Bug 154881734 - verifying through Forrest before revert submission

Change-Id: I85f75adeb43554b0ebbf295fea51e1b68b169ed2
diff --git a/src/ap/ap_config.c b/src/ap/ap_config.c
index 35a32a1..5bf4502 100644
--- a/src/ap/ap_config.c
+++ b/src/ap/ap_config.c
@@ -74,13 +74,8 @@
 	bss->wpa_disable_eapol_key_retries =
 		DEFAULT_WPA_DISABLE_EAPOL_KEY_RETRIES;
 	bss->wpa_key_mgmt = WPA_KEY_MGMT_PSK;
-#ifdef CONFIG_NO_TKIP
-	bss->wpa_pairwise = WPA_CIPHER_CCMP;
-	bss->wpa_group = WPA_CIPHER_CCMP;
-#else /* CONFIG_NO_TKIP */
 	bss->wpa_pairwise = WPA_CIPHER_TKIP;
 	bss->wpa_group = WPA_CIPHER_TKIP;
-#endif /* CONFIG_NO_TKIP */
 	bss->rsn_pairwise = 0;
 
 	bss->max_num_sta = MAX_STA_COUNT;
diff --git a/src/ap/ap_config.h b/src/ap/ap_config.h
index 0503400..2a0bf07 100644
--- a/src/ap/ap_config.h
+++ b/src/ap/ap_config.h
@@ -686,7 +686,6 @@
 	struct wpabuf *igtk_rsc_override;
 	int no_beacon_rsnxe;
 	int skip_prune_assoc;
-	int ft_rsnxe_used;
 #endif /* CONFIG_TESTING_OPTIONS */
 
 #define MESH_ENABLED BIT(0)
diff --git a/src/ap/drv_callbacks.c b/src/ap/drv_callbacks.c
index 524a151..559bb87 100644
--- a/src/ap/drv_callbacks.c
+++ b/src/ap/drv_callbacks.c
@@ -117,7 +117,7 @@
 	u8 buf[sizeof(struct ieee80211_mgmt) + 1024];
 	u8 *p = buf;
 	u16 reason = WLAN_REASON_UNSPECIFIED;
-	int status = WLAN_STATUS_SUCCESS;
+	u16 status = WLAN_STATUS_SUCCESS;
 	const u8 *p2p_dev_addr = NULL;
 
 	if (addr == NULL) {
@@ -606,19 +606,17 @@
 	    wpa_auth_sta_key_mgmt(sta->wpa_sm) == WPA_KEY_MGMT_OWE &&
 	    elems.owe_dh) {
 		u8 *npos;
-		u16 ret_status;
 
 		npos = owe_assoc_req_process(hapd, sta,
 					     elems.owe_dh, elems.owe_dh_len,
 					     p, sizeof(buf) - (p - buf),
-					     &ret_status);
-		status = ret_status;
+					     &status);
 		if (npos)
 			p = npos;
 
 		if (!npos &&
 		    status == WLAN_STATUS_FINITE_CYCLIC_GROUP_NOT_SUPPORTED) {
-			hostapd_sta_assoc(hapd, addr, reassoc, ret_status, buf,
+			hostapd_sta_assoc(hapd, addr, reassoc, status, buf,
 					  p - buf);
 			return 0;
 		}
@@ -711,8 +709,7 @@
 
 fail:
 #ifdef CONFIG_IEEE80211R_AP
-	if (status >= 0)
-		hostapd_sta_assoc(hapd, addr, reassoc, status, buf, p - buf);
+	hostapd_sta_assoc(hapd, addr, reassoc, status, buf, p - buf);
 #endif /* CONFIG_IEEE80211R_AP */
 	hostapd_drv_sta_disassoc(hapd, sta->addr, reason);
 	ap_free_sta(hapd, sta);
diff --git a/src/ap/hostapd.h b/src/ap/hostapd.h
index c8f691e..439e727 100644
--- a/src/ap/hostapd.h
+++ b/src/ap/hostapd.h
@@ -476,7 +476,6 @@
 	struct ap_info *ap_hash[STA_HASH_SIZE];
 
 	u64 drv_flags;
-	u64 drv_flags2;
 
 	/*
 	 * A bitmap of supported protocols for probe response offload. See
diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c
index e6aa83d..e54217c 100644
--- a/src/ap/ieee802_11.c
+++ b/src/ap/ieee802_11.c
@@ -2526,10 +2526,32 @@
 	    (!(sta->flags & WLAN_STA_MFP) || !ap_sta_is_authorized(sta)) &&
 	    !(hapd->conf->mesh & MESH_ENABLED) &&
 	    !(sta->added_unassoc)) {
-		if (ap_sta_re_add(hapd, sta) < 0) {
+		/*
+		 * If a station that is already associated to the AP, is trying
+		 * to authenticate again, remove the STA entry, in order to make
+		 * sure the STA PS state gets cleared and configuration gets
+		 * updated. To handle this, station's added_unassoc flag is
+		 * cleared once the station has completed association.
+		 */
+		ap_sta_set_authorized(hapd, sta, 0);
+		hostapd_drv_sta_remove(hapd, sta->addr);
+		sta->flags &= ~(WLAN_STA_ASSOC | WLAN_STA_AUTH |
+				WLAN_STA_AUTHORIZED);
+
+		if (hostapd_sta_add(hapd, sta->addr, 0, 0,
+				    sta->supported_rates,
+				    sta->supported_rates_len,
+				    0, NULL, NULL, NULL, 0,
+				    sta->flags, 0, 0, 0, 0)) {
+			hostapd_logger(hapd, sta->addr,
+				       HOSTAPD_MODULE_IEEE80211,
+				       HOSTAPD_LEVEL_NOTICE,
+				       "Could not add STA to kernel driver");
 			resp = WLAN_STATUS_AP_UNABLE_TO_HANDLE_NEW_STA;
 			goto fail;
 		}
+
+		sta->added_unassoc = 1;
 	}
 
 	switch (auth_alg) {
@@ -3104,11 +3126,11 @@
 #endif /* CONFIG_OWE */
 
 
-static int check_assoc_ies(struct hostapd_data *hapd, struct sta_info *sta,
+static u16 check_assoc_ies(struct hostapd_data *hapd, struct sta_info *sta,
 			   const u8 *ies, size_t ies_len, int reassoc)
 {
 	struct ieee802_11_elems elems;
-	int resp;
+	u16 resp;
 	const u8 *wpa_ie;
 	size_t wpa_ie_len;
 	const u8 *p2p_dev_addr = NULL;
@@ -4075,8 +4097,7 @@
 			 int reassoc, int rssi)
 {
 	u16 capab_info, listen_interval, seq_ctrl, fc;
-	int resp = WLAN_STATUS_SUCCESS;
-	u16 reply_res;
+	u16 resp = WLAN_STATUS_SUCCESS, reply_res;
 	const u8 *pos;
 	int left, i;
 	struct sta_info *sta;
@@ -4450,9 +4471,8 @@
 	}
 #endif /* CONFIG_FILS */
 
-	if (resp >= 0)
-		reply_res = send_assoc_resp(hapd, sta, mgmt->sa, resp, reassoc,
-					    pos, left, rssi, omit_rsnxe);
+	reply_res = send_assoc_resp(hapd, sta, mgmt->sa, resp, reassoc, pos,
+				    left, rssi, omit_rsnxe);
 	os_free(tmp);
 
 	/*
diff --git a/src/ap/sta_info.c b/src/ap/sta_info.c
index 93f1f0c..903be28 100644
--- a/src/ap/sta_info.c
+++ b/src/ap/sta_info.c
@@ -1497,33 +1497,3 @@
 	return eloop_is_timeout_registered(ap_sta_delayed_1x_auth_fail_cb,
 					   hapd, sta);
 }
-
-
-int ap_sta_re_add(struct hostapd_data *hapd, struct sta_info *sta)
-{
-	/*
-	 * If a station that is already associated to the AP, is trying to
-	 * authenticate again, remove the STA entry, in order to make sure the
-	 * STA PS state gets cleared and configuration gets updated. To handle
-	 * this, station's added_unassoc flag is cleared once the station has
-	 * completed association.
-	 */
-	ap_sta_set_authorized(hapd, sta, 0);
-	hostapd_drv_sta_remove(hapd, sta->addr);
-	sta->flags &= ~(WLAN_STA_ASSOC | WLAN_STA_AUTH | WLAN_STA_AUTHORIZED);
-
-	if (hostapd_sta_add(hapd, sta->addr, 0, 0,
-			    sta->supported_rates,
-			    sta->supported_rates_len,
-			    0, NULL, NULL, NULL, 0,
-			    sta->flags, 0, 0, 0, 0)) {
-		hostapd_logger(hapd, sta->addr,
-			       HOSTAPD_MODULE_IEEE80211,
-			       HOSTAPD_LEVEL_NOTICE,
-			       "Could not add STA to kernel driver");
-		return -1;
-	}
-
-	sta->added_unassoc = 1;
-	return 0;
-}
diff --git a/src/ap/sta_info.h b/src/ap/sta_info.h
index 308aa29..8ff6ac6 100644
--- a/src/ap/sta_info.h
+++ b/src/ap/sta_info.h
@@ -358,6 +358,5 @@
 					    struct sta_info *sta);
 int ap_sta_pending_delayed_1x_auth_fail_disconnect(struct hostapd_data *hapd,
 						   struct sta_info *sta);
-int ap_sta_re_add(struct hostapd_data *hapd, struct sta_info *sta);
 
 #endif /* STA_INFO_H */
diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c
index 8ecb173..e0ffb27 100644
--- a/src/ap/wpa_auth.c
+++ b/src/ap/wpa_auth.c
@@ -1836,7 +1836,7 @@
 #ifdef CONFIG_IEEE80211R_AP
 		wpa_printf(MSG_DEBUG,
 			   "FT: Retry PTK configuration after association");
-		wpa_ft_install_ptk(sm, 1);
+		wpa_ft_install_ptk(sm);
 
 		/* Using FT protocol, not WPA auth state machine */
 		sm->ft_completed = 1;
@@ -5459,11 +5459,4 @@
 	return eloop_register_timeout(0, 0, wpa_rekey_gtk, wpa_auth, NULL);
 }
 
-
-void wpa_auth_set_ft_rsnxe_used(struct wpa_authenticator *wpa_auth, int val)
-{
-	if (wpa_auth)
-		wpa_auth->conf.ft_rsnxe_used = val;
-}
-
 #endif /* CONFIG_TESTING_OPTIONS */
diff --git a/src/ap/wpa_auth.h b/src/ap/wpa_auth.h
index 1ea067b..868aaa1 100644
--- a/src/ap/wpa_auth.h
+++ b/src/ap/wpa_auth.h
@@ -238,7 +238,6 @@
 	unsigned int rsnxe_override_ft_set:1;
 	unsigned int gtk_rsc_override_set:1;
 	unsigned int igtk_rsc_override_set:1;
-	int ft_rsnxe_used;
 #endif /* CONFIG_TESTING_OPTIONS */
 #ifdef CONFIG_P2P
 	u8 ip_addr_go[4];
@@ -302,7 +301,6 @@
 				 int *bandwidth, int *seg1_idx);
 #ifdef CONFIG_IEEE80211R_AP
 	struct wpa_state_machine * (*add_sta)(void *ctx, const u8 *sta_addr);
-	int (*add_sta_ft)(void *ctx, const u8 *sta_addr);
 	int (*set_vlan)(void *ctx, const u8 *sta_addr,
 			struct vlan_description *vlan);
 	int (*get_vlan)(void *ctx, const u8 *sta_addr,
@@ -442,7 +440,7 @@
 				    u16 auth_transaction, u16 resp,
 				    const u8 *ies, size_t ies_len),
 			 void *ctx);
-int wpa_ft_validate_reassoc(struct wpa_state_machine *sm, const u8 *ies,
+u16 wpa_ft_validate_reassoc(struct wpa_state_machine *sm, const u8 *ies,
 			    size_t ies_len);
 int wpa_ft_action_rx(struct wpa_state_machine *sm, const u8 *data, size_t len);
 int wpa_ft_rrb_rx(struct wpa_authenticator *wpa_auth, const u8 *src_addr,
@@ -523,6 +521,5 @@
 			     void *ctx1, void *ctx2);
 int wpa_auth_rekey_gtk(struct wpa_authenticator *wpa_auth);
 void wpa_auth_set_ptk_rekey_timer(struct wpa_state_machine *sm);
-void wpa_auth_set_ft_rsnxe_used(struct wpa_authenticator *wpa_auth, int val);
 
 #endif /* WPA_AUTH_H */
diff --git a/src/ap/wpa_auth_ft.c b/src/ap/wpa_auth_ft.c
index 4b17da7..476a2be 100644
--- a/src/ap/wpa_auth_ft.c
+++ b/src/ap/wpa_auth_ft.c
@@ -2647,13 +2647,6 @@
 	}
 	rsnxe_used = (auth_alg == WLAN_AUTH_FT) &&
 		(conf->sae_pwe == 1 || conf->sae_pwe == 2);
-#ifdef CONFIG_TESTING_OPTIONS
-	if (sm->wpa_auth->conf.ft_rsnxe_used) {
-		rsnxe_used = sm->wpa_auth->conf.ft_rsnxe_used == 1;
-		wpa_printf(MSG_DEBUG, "TESTING: FT: Force RSNXE Used %d",
-			   rsnxe_used);
-	}
-#endif /* CONFIG_TESTING_OPTIONS */
 	res = wpa_write_ftie(conf, use_sha384, r0kh_id, r0kh_id_len,
 			     anonce, snonce, pos, end - pos,
 			     subelem, subelem_len, rsnxe_used);
@@ -2754,16 +2747,7 @@
 }
 
 
-static inline int wpa_auth_add_sta_ft(struct wpa_authenticator *wpa_auth,
-				      const u8 *addr)
-{
-	if (!wpa_auth->cb->add_sta_ft)
-		return -1;
-	return wpa_auth->cb->add_sta_ft(wpa_auth->cb_ctx, addr);
-}
-
-
-void wpa_ft_install_ptk(struct wpa_state_machine *sm, int retry)
+void wpa_ft_install_ptk(struct wpa_state_machine *sm)
 {
 	enum wpa_alg alg;
 	int klen;
@@ -2785,9 +2769,6 @@
 		return;
 	}
 
-	if (!retry)
-		wpa_auth_add_sta_ft(sm->wpa_auth, sm->addr);
-
 	/* FIX: add STA entry to kernel/driver here? The set_key will fail
 	 * most likely without this.. At the moment, STA entry is added only
 	 * after association has been completed. This function will be called
@@ -3159,7 +3140,7 @@
 	sm->pairwise = pairwise;
 	sm->PTK_valid = TRUE;
 	sm->tk_already_set = FALSE;
-	wpa_ft_install_ptk(sm, 0);
+	wpa_ft_install_ptk(sm);
 
 	if (wpa_ft_set_vlan(sm->wpa_auth, sm->addr, &vlan) < 0) {
 		wpa_printf(MSG_DEBUG, "FT: Failed to configure VLAN");
@@ -3254,7 +3235,7 @@
 }
 
 
-int wpa_ft_validate_reassoc(struct wpa_state_machine *sm, const u8 *ies,
+u16 wpa_ft_validate_reassoc(struct wpa_state_machine *sm, const u8 *ies,
 			    size_t ies_len)
 {
 	struct wpa_ft_ies parse;
@@ -3452,7 +3433,7 @@
 	    !parse.rsnxe) {
 		wpa_printf(MSG_INFO,
 			   "FT: FTE indicated that STA uses RSNXE, but RSNXE was not included");
-		return -1; /* discard request */
+		return WLAN_STATUS_UNSPECIFIED_FAILURE;
 	}
 
 #ifdef CONFIG_OCV
@@ -4579,6 +4560,7 @@
 			return -1;
 		}
 		status_code = WPA_GET_LE16(pos);
+		pos += 2;
 
 		wpa_printf(MSG_DEBUG, "FT: FT Packet Type - Response "
 			   "(status_code=%d)", status_code);
@@ -4591,6 +4573,11 @@
 		return -1;
 	}
 
+	if (end > pos) {
+		wpa_hexdump(MSG_DEBUG, "FT: Ignore extra data in end",
+			    pos, end - pos);
+	}
+
 	return 0;
 }
 
diff --git a/src/ap/wpa_auth_glue.c b/src/ap/wpa_auth_glue.c
index 058b34c..7a1ed24 100644
--- a/src/ap/wpa_auth_glue.c
+++ b/src/ap/wpa_auth_glue.c
@@ -174,7 +174,6 @@
 			  wpabuf_len(conf->igtk_rsc_override));
 		wconf->igtk_rsc_override_set = 1;
 	}
-	wconf->ft_rsnxe_used = conf->ft_rsnxe_used;
 #endif /* CONFIG_TESTING_OPTIONS */
 #ifdef CONFIG_P2P
 	os_memcpy(wconf->ip_addr_go, conf->ip_addr_go, 4);
@@ -1039,34 +1038,6 @@
 }
 
 
-static int hostapd_wpa_auth_add_sta_ft(void *ctx, const u8 *sta_addr)
-{
-	struct hostapd_data *hapd = ctx;
-	struct sta_info *sta;
-
-	sta = ap_get_sta(hapd, sta_addr);
-	if (!sta)
-		return -1;
-
-	if (FULL_AP_CLIENT_STATE_SUPP(hapd->iface->drv_flags) &&
-	    (sta->flags & WLAN_STA_MFP) && ap_sta_is_authorized(sta) &&
-	    !(hapd->conf->mesh & MESH_ENABLED) && !(sta->added_unassoc)) {
-		/* We could not do this in handle_auth() since there was a
-		 * PMF-enabled association for the STA and the new
-		 * authentication attempt was not yet fully processed. Now that
-		 * we are ready to configure the TK to the driver,
-		 * authentication has succeeded and we can clean up the driver
-		 * STA entry to avoid issues with any maintained state from the
-		 * previous association. */
-		wpa_printf(MSG_DEBUG,
-			   "FT: Remove and re-add driver STA entry after successful FT authentication");
-		return ap_sta_re_add(hapd, sta);
-	}
-
-	return 0;
-}
-
-
 static int hostapd_wpa_auth_set_vlan(void *ctx, const u8 *sta_addr,
 				     struct vlan_description *vlan)
 {
@@ -1428,7 +1399,6 @@
 #ifdef CONFIG_IEEE80211R_AP
 		.send_ft_action = hostapd_wpa_auth_send_ft_action,
 		.add_sta = hostapd_wpa_auth_add_sta,
-		.add_sta_ft = hostapd_wpa_auth_add_sta_ft,
 		.add_tspec = hostapd_wpa_auth_add_tspec,
 		.set_vlan = hostapd_wpa_auth_set_vlan,
 		.get_vlan = hostapd_wpa_auth_get_vlan,
diff --git a/src/ap/wpa_auth_i.h b/src/ap/wpa_auth_i.h
index 813612e..bc59d6a 100644
--- a/src/ap/wpa_auth_i.h
+++ b/src/ap/wpa_auth_i.h
@@ -300,7 +300,7 @@
 int wpa_auth_derive_ptk_ft(struct wpa_state_machine *sm, struct wpa_ptk *ptk);
 struct wpa_ft_pmk_cache * wpa_ft_pmk_cache_init(void);
 void wpa_ft_pmk_cache_deinit(struct wpa_ft_pmk_cache *cache);
-void wpa_ft_install_ptk(struct wpa_state_machine *sm, int retry);
+void wpa_ft_install_ptk(struct wpa_state_machine *sm);
 int wpa_ft_store_pmk_fils(struct wpa_state_machine *sm, const u8 *pmk_r0,
 			  const u8 *pmk_r0_name);
 #endif /* CONFIG_IEEE80211R_AP */
diff --git a/src/ap/wpa_auth_ie.c b/src/ap/wpa_auth_ie.c
index 9bcb997..2ac1df4 100644
--- a/src/ap/wpa_auth_ie.c
+++ b/src/ap/wpa_auth_ie.c
@@ -851,6 +851,17 @@
 			   "OWE: No Diffie-Hellman Parameter element");
 		return WPA_INVALID_AKMP;
 	}
+#ifdef CONFIG_DPP
+	if (sm->wpa_key_mgmt == WPA_KEY_MGMT_DPP && owe_dh) {
+		/* Diffie-Hellman Parameter element can be used with DPP as
+		 * well, so allow this to proceed. */
+	} else
+#endif /* CONFIG_DPP */
+	if (sm->wpa_key_mgmt != WPA_KEY_MGMT_OWE && owe_dh) {
+		wpa_printf(MSG_DEBUG,
+			   "OWE: Unexpected Diffie-Hellman Parameter element with non-OWE AKM");
+		return WPA_INVALID_AKMP;
+	}
 #endif /* CONFIG_OWE */
 
 #ifdef CONFIG_DPP2
diff --git a/src/ap/wps_hostapd.c b/src/ap/wps_hostapd.c
index dc8aa8f..1d77b94 100644
--- a/src/ap/wps_hostapd.c
+++ b/src/ap/wps_hostapd.c
@@ -364,13 +364,6 @@
 		bss->ssid.ssid_set = 1;
 	}
 
-#ifdef CONFIG_NO_TKIP
-	if (cred->auth_type & (WPS_AUTH_WPA2 | WPS_AUTH_WPA2PSK |
-			       WPS_AUTH_WPA | WPS_AUTH_WPAPSK))
-		bss->wpa = 2;
-	else
-		bss->wpa = 0;
-#else /* CONFIG_NO_TKIP */
 	if ((cred->auth_type & (WPS_AUTH_WPA2 | WPS_AUTH_WPA2PSK)) &&
 	    (cred->auth_type & (WPS_AUTH_WPA | WPS_AUTH_WPAPSK)))
 		bss->wpa = 3;
@@ -380,7 +373,6 @@
 		bss->wpa = 1;
 	else
 		bss->wpa = 0;
-#endif /* CONFIG_NO_TKIP */
 
 	if (bss->wpa) {
 		if (cred->auth_type & (WPS_AUTH_WPA2 | WPS_AUTH_WPA))
@@ -395,10 +387,8 @@
 			else
 				bss->wpa_pairwise |= WPA_CIPHER_CCMP;
 		}
-#ifndef CONFIG_NO_TKIP
 		if (cred->encr_type & WPS_ENCR_TKIP)
 			bss->wpa_pairwise |= WPA_CIPHER_TKIP;
-#endif /* CONFIG_NO_TKIP */
 		bss->rsn_pairwise = bss->wpa_pairwise;
 		bss->wpa_group = wpa_select_ap_group_cipher(bss->wpa,
 							    bss->wpa_pairwise,
@@ -569,13 +559,6 @@
 		fprintf(nconf, "\n");
 	}
 
-#ifdef CONFIG_NO_TKIP
-	if (cred->auth_type & (WPS_AUTH_WPA2 | WPS_AUTH_WPA2PSK |
-			       WPS_AUTH_WPA | WPS_AUTH_WPAPSK))
-		wpa = 2;
-	else
-		wpa = 0;
-#else /* CONFIG_NO_TKIP */
 	if ((cred->auth_type & (WPS_AUTH_WPA2 | WPS_AUTH_WPA2PSK)) &&
 	    (cred->auth_type & (WPS_AUTH_WPA | WPS_AUTH_WPAPSK)))
 		wpa = 3;
@@ -585,7 +568,6 @@
 		wpa = 1;
 	else
 		wpa = 0;
-#endif /* CONFIG_NO_TKIP */
 
 	if (wpa) {
 		char *prefix;
@@ -629,11 +611,9 @@
 
 			prefix = " ";
 		}
-#ifndef CONFIG_NO_TKIP
 		if (cred->encr_type & WPS_ENCR_TKIP) {
 			fprintf(nconf, "%sTKIP", prefix);
 		}
-#endif /* CONFIG_NO_TKIP */
 		fprintf(nconf, "\n");
 
 		if (cred->key_len >= 8 && cred->key_len < 64) {
@@ -1180,24 +1160,12 @@
 			wps->encr_types_rsn |= WPS_ENCR_AES;
 		}
 		if (conf->rsn_pairwise & WPA_CIPHER_TKIP) {
-#ifdef CONFIG_NO_TKIP
-			wpa_printf(MSG_INFO, "WPS: TKIP not supported");
-			goto fail;
-#else /* CONFIG_NO_TKIP */
 			wps->encr_types |= WPS_ENCR_TKIP;
 			wps->encr_types_rsn |= WPS_ENCR_TKIP;
-#endif /* CONFIG_NO_TKIP */
 		}
 	}
 
 	if (conf->wpa & WPA_PROTO_WPA) {
-#ifdef CONFIG_NO_TKIP
-		if (!(conf->wpa & WPA_PROTO_RSN)) {
-			wpa_printf(MSG_INFO, "WPS: WPA(v1) not supported");
-			goto fail;
-		}
-		conf->wpa &= ~WPA_PROTO_WPA;
-#else /* CONFIG_NO_TKIP */
 		if (conf->wpa_key_mgmt & WPA_KEY_MGMT_PSK)
 			wps->auth_types |= WPS_AUTH_WPAPSK;
 		if (conf->wpa_key_mgmt & WPA_KEY_MGMT_IEEE8021X)
@@ -1211,7 +1179,6 @@
 			wps->encr_types |= WPS_ENCR_TKIP;
 			wps->encr_types_wpa |= WPS_ENCR_TKIP;
 		}
-#endif /* CONFIG_NO_TKIP */
 	}
 
 	if (conf->ssid.security_policy == SECURITY_PLAINTEXT) {
@@ -1251,17 +1218,10 @@
 	wps->ap_encr_type = wps->encr_types;
 	if (conf->wps_state == WPS_STATE_NOT_CONFIGURED) {
 		/* Override parameters to enable security by default */
-#ifdef CONFIG_NO_TKIP
-		wps->auth_types = WPS_AUTH_WPA2PSK;
-		wps->encr_types = WPS_ENCR_AES;
-		wps->encr_types_rsn = WPS_ENCR_AES;
-		wps->encr_types_wpa = WPS_ENCR_AES;
-#else /* CONFIG_NO_TKIP */
 		wps->auth_types = WPS_AUTH_WPA2PSK | WPS_AUTH_WPAPSK;
 		wps->encr_types = WPS_ENCR_AES | WPS_ENCR_TKIP;
 		wps->encr_types_rsn = WPS_ENCR_AES | WPS_ENCR_TKIP;
 		wps->encr_types_wpa = WPS_ENCR_AES | WPS_ENCR_TKIP;
-#endif /* CONFIG_NO_TKIP */
 	}
 
 	if ((hapd->conf->multi_ap & FRONTHAUL_BSS) &&
@@ -1841,10 +1801,8 @@
 
 	if (os_strncmp(auth, "OPEN", 4) == 0)
 		cred.auth_type = WPS_AUTH_OPEN;
-#ifndef CONFIG_NO_TKIP
 	else if (os_strncmp(auth, "WPAPSK", 6) == 0)
 		cred.auth_type = WPS_AUTH_WPAPSK;
-#endif /* CONFIG_NO_TKIP */
 	else if (os_strncmp(auth, "WPA2PSK", 7) == 0)
 		cred.auth_type = WPS_AUTH_WPA2PSK;
 	else
@@ -1853,10 +1811,8 @@
 	if (encr) {
 		if (os_strncmp(encr, "NONE", 4) == 0)
 			cred.encr_type = WPS_ENCR_NONE;
-#ifndef CONFIG_NO_TKIP
 		else if (os_strncmp(encr, "TKIP", 4) == 0)
 			cred.encr_type = WPS_ENCR_TKIP;
-#endif /* CONFIG_NO_TKIP */
 		else if (os_strncmp(encr, "CCMP", 4) == 0)
 			cred.encr_type = WPS_ENCR_AES;
 		else