[LEDE-DEV] [PATCH] hostapd: update to git snapshot of 2018-03-13
Daniel Golle
daniel at makrotopia.org
Tue Mar 27 09:40:32 PDT 2018
Runs nice and stable since this post.
Should I just push it?
Tested on: ramips/mt7621, ar71xx/generic
On Thu, Mar 15, 2018 at 01:29:03AM +0100, Daniel Golle wrote:
> Update hostapd sources to current git snapshot to get rid of local
> patches and pave the road towards using WPA3 features.
>
> For SAE key management in mesh mode, use the newly introduce
> sae_password parameter instead of the psk parameter to also support
> SAE keys which would fail the checks applied on the psk field (ie.
> length and such).
>
> The following patches were merged upstream:
> 000-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch
> replaced by commit 0e3bd7ac6
> 001-Prevent-reinstallation-of-an-already-in-use-group-ke.patch
> replaced by commit cb5132bb3
> 002-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch
> replaced by commit 87e2db16b
> 003-Prevent-installation-of-an-all-zero-TK.patch
> replaced by commit 53bb18cc8
> 004-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch
> replaced by commit 0adc9b28b
> 005-TDLS-Reject-TPK-TK-reconfiguration.patch
> replaced by commit ff89af96e
> 006-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch
> replaced by commit adae51f8b
> 007-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch
> replaced by commit 2a9c5217b
> 008-WPA-Extra-defense-against-PTK-reinstalls-in-4-way-ha.patch
> replaced by commit a00e946c1
> 009-Clear-PMK-length-and-check-for-this-when-deriving-PT.patch
> replaced by commit b488a1294
> 010-Optional-AP-side-workaround-for-key-reinstallation-a.patch
> replaced by commit 6f234c1e2
> 011-Additional-consistentcy-checks-for-PTK-component-len.patch
> replaced by commit a6ea66530
> 012-Clear-BSSID-information-in-supplicant-state-machine-.patch
> replaced by commit c0fe5f125
> 013-WNM-Ignore-WNM-Sleep-Mode-Request-in-wnm_sleep_mode-.patch
> replaced by commit 114f2830d
>
> Some patches had to be modified to work with changed upstream source:
> 380-disable_ctrl_iface_mib.patch
> add more ifdef'ery
> plus some minor knits needed for other patches to apply which are not
> worth being explicitely listed here.
>
> Signed-off-by: Daniel Golle <daniel at makrotopia.org>
> ---
> Compile tested: ar71xx/generic, ramips/mt7621
> Run tested: ramips/mt7621 (MT7603E+MT7612E)
>
> package/network/services/hostapd/Makefile | 8 +-
> package/network/services/hostapd/files/hostapd.sh | 6 +-
> ...-Avoid-key-reinstallation-in-FT-handshake.patch | 154 -------------
> ...nstallation-of-an-already-in-use-group-ke.patch | 244 ---------------------
> ...ection-of-GTK-IGTK-reinstallation-of-WNM-.patch | 182 ---------------
> ...03-Prevent-installation-of-an-all-zero-TK.patch | 73 ------
> ...Fix-PTK-rekeying-to-generate-a-new-ANonce.patch | 56 -----
> .../005-TDLS-Reject-TPK-TK-reconfiguration.patch | 124 -----------
> ...WNM-Sleep-Mode-Response-without-pending-r.patch | 35 ---
> ...llow-multiple-Reassociation-Response-fram.patch | 68 ------
> ...efense-against-PTK-reinstalls-in-4-way-ha.patch | 34 ---
> ...ength-and-check-for-this-when-deriving-PT.patch | 53 -----
> ...-side-workaround-for-key-reinstallation-a.patch | 221 -------------------
> ...consistentcy-checks-for-PTK-component-len.patch | 100 ---------
> ...-information-in-supplicant-state-machine-.patch | 25 ---
> ...WNM-Sleep-Mode-Request-in-wnm_sleep_mode-.patch | 35 ---
> .../hostapd/patches/110-no_eapol_fix.patch | 2 +-
> .../services/hostapd/patches/200-multicall.patch | 48 ++--
> .../services/hostapd/patches/300-noscan.patch | 4 +-
> .../hostapd/patches/310-rescan_immediately.patch | 2 +-
> .../hostapd/patches/330-nl80211_fix_set_freq.patch | 2 +-
> .../patches/350-nl80211_del_beacon_bss.patch | 10 +-
> .../hostapd/patches/360-ctrl_iface_reload.patch | 10 +-
> .../hostapd/patches/370-ap_sta_support.patch | 18 +-
> .../patches/380-disable_ctrl_iface_mib.patch | 53 +++--
> .../patches/390-wpa_ie_cap_workaround.patch | 4 +-
> .../patches/400-wps_single_auth_enc_type.patch | 4 +-
> .../hostapd/patches/420-indicate-features.patch | 4 +-
> .../hostapd/patches/430-hostapd_cli_ifdef.patch | 4 +-
> .../services/hostapd/patches/450-scan_wait.patch | 12 +-
> ...ant-add-new-config-params-to-be-used-with.patch | 12 +-
> ...80211-use-new-parameters-during-ibss-join.patch | 4 +-
> .../patches/463-add-mcast_rate-to-11s.patch | 6 +-
> .../hostapd/patches/464-fix-mesh-obss-check.patch | 2 +-
> .../hostapd/patches/600-ubus_support.patch | 52 +++--
> 35 files changed, 147 insertions(+), 1524 deletions(-)
> delete mode 100644 package/network/services/hostapd/patches/000-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch
> delete mode 100644 package/network/services/hostapd/patches/001-Prevent-reinstallation-of-an-already-in-use-group-ke.patch
> delete mode 100644 package/network/services/hostapd/patches/002-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch
> delete mode 100644 package/network/services/hostapd/patches/003-Prevent-installation-of-an-all-zero-TK.patch
> delete mode 100644 package/network/services/hostapd/patches/004-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch
> delete mode 100644 package/network/services/hostapd/patches/005-TDLS-Reject-TPK-TK-reconfiguration.patch
> delete mode 100644 package/network/services/hostapd/patches/006-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch
> delete mode 100644 package/network/services/hostapd/patches/007-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch
> delete mode 100644 package/network/services/hostapd/patches/008-WPA-Extra-defense-against-PTK-reinstalls-in-4-way-ha.patch
> delete mode 100644 package/network/services/hostapd/patches/009-Clear-PMK-length-and-check-for-this-when-deriving-PT.patch
> delete mode 100644 package/network/services/hostapd/patches/010-Optional-AP-side-workaround-for-key-reinstallation-a.patch
> delete mode 100644 package/network/services/hostapd/patches/011-Additional-consistentcy-checks-for-PTK-component-len.patch
> delete mode 100644 package/network/services/hostapd/patches/012-Clear-BSSID-information-in-supplicant-state-machine-.patch
> delete mode 100644 package/network/services/hostapd/patches/013-WNM-Ignore-WNM-Sleep-Mode-Request-in-wnm_sleep_mode-.patch
>
> diff --git a/package/network/services/hostapd/Makefile b/package/network/services/hostapd/Makefile
> index 51f1692933..bd5832aa75 100644
> --- a/package/network/services/hostapd/Makefile
> +++ b/package/network/services/hostapd/Makefile
> @@ -7,13 +7,13 @@
> include $(TOPDIR)/rules.mk
>
> PKG_NAME:=hostapd
> -PKG_RELEASE:=6
> +PKG_RELEASE:=1
>
> PKG_SOURCE_URL:=http://w1.fi/hostap.git
> PKG_SOURCE_PROTO:=git
> -PKG_SOURCE_DATE:=2017-08-24
> -PKG_SOURCE_VERSION:=c2d4f2eb5dba0b5c5a8c5805823084da958a9b52
> -PKG_MIRROR_HASH:=c6ad9a73fc1ae0ba8bc48f71cf14394b274bc9c2c1d1b53c2775f08312597e74
> +PKG_SOURCE_DATE:=2018-03-13
> +PKG_SOURCE_VERSION:=c63e69c3799bd7eb89c6bd4f1b0d1932b8869247
> +PKG_MIRROR_HASH:=0c3a5cf6499c31b8f6bd6973edc38cd7f6d92b6eb8735aaf43b3680d499c273a
>
> PKG_MAINTAINER:=Felix Fietkau <nbd at nbd.name>
> PKG_LICENSE:=BSD-3-Clause
> diff --git a/package/network/services/hostapd/files/hostapd.sh b/package/network/services/hostapd/files/hostapd.sh
> index 334694abfa..2d2c6a7c79 100644
> --- a/package/network/services/hostapd/files/hostapd.sh
> +++ b/package/network/services/hostapd/files/hostapd.sh
> @@ -706,7 +706,11 @@ wpa_supplicant_add_network() {
> if [ ${#key} -eq 64 ]; then
> passphrase="psk=${key}"
> else
> - passphrase="psk=\"${key}\""
> + if [ "$_w_mode" = "mesh" ]; then
> + passphrase="sae_password=\"${key}\""
> + else
> + passphrase="psk=\"${key}\""
> + fi
> fi
> append network_data "$passphrase" "$N$T"
> ;;
> diff --git a/package/network/services/hostapd/patches/000-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch b/package/network/services/hostapd/patches/000-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch
> deleted file mode 100644
> index 14b2d7c717..0000000000
> --- a/package/network/services/hostapd/patches/000-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch
> +++ /dev/null
> @@ -1,154 +0,0 @@
> -From: Mathy Vanhoef <Mathy.Vanhoef at cs.kuleuven.be>
> -Date: Fri, 14 Jul 2017 15:15:35 +0200
> -Subject: [PATCH] hostapd: Avoid key reinstallation in FT handshake
> -
> -Do not reinstall TK to the driver during Reassociation Response frame
> -processing if the first attempt of setting the TK succeeded. This avoids
> -issues related to clearing the TX/RX PN that could result in reusing
> -same PN values for transmitted frames (e.g., due to CCM nonce reuse and
> -also hitting replay protection on the receiver) and accepting replayed
> -frames on RX side.
> -
> -This issue was introduced by the commit
> -0e84c25434e6a1f283c7b4e62e483729085b78d2 ('FT: Fix PTK configuration in
> -authenticator') which allowed wpa_ft_install_ptk() to be called multiple
> -times with the same PTK. While the second configuration attempt is
> -needed with some drivers, it must be done only if the first attempt
> -failed.
> -
> -Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef at cs.kuleuven.be>
> ----
> -
> ---- a/src/ap/ieee802_11.c
> -+++ b/src/ap/ieee802_11.c
> -@@ -2522,6 +2522,7 @@ static int add_associated_sta(struct hos
> - {
> - struct ieee80211_ht_capabilities ht_cap;
> - struct ieee80211_vht_capabilities vht_cap;
> -+ int set = 1;
> -
> - /*
> - * Remove the STA entry to ensure the STA PS state gets cleared and
> -@@ -2529,9 +2530,18 @@ static int add_associated_sta(struct hos
> - * FT-over-the-DS, where a station re-associates back to the same AP but
> - * skips the authentication flow, or if working with a driver that
> - * does not support full AP client state.
> -+ *
> -+ * Skip this if the STA has already completed FT reassociation and the
> -+ * TK has been configured since the TX/RX PN must not be reset to 0 for
> -+ * the same key.
> - */
> -- if (!sta->added_unassoc)
> -+ if (!sta->added_unassoc &&
> -+ (!(sta->flags & WLAN_STA_AUTHORIZED) ||
> -+ !wpa_auth_sta_ft_tk_already_set(sta->wpa_sm))) {
> - hostapd_drv_sta_remove(hapd, sta->addr);
> -+ wpa_auth_sm_event(sta->wpa_sm, WPA_DRV_STA_REMOVED);
> -+ set = 0;
> -+ }
> -
> - #ifdef CONFIG_IEEE80211N
> - if (sta->flags & WLAN_STA_HT)
> -@@ -2554,11 +2564,11 @@ static int add_associated_sta(struct hos
> - sta->flags & WLAN_STA_VHT ? &vht_cap : NULL,
> - sta->flags | WLAN_STA_ASSOC, sta->qosinfo,
> - sta->vht_opmode, sta->p2p_ie ? 1 : 0,
> -- sta->added_unassoc)) {
> -+ set)) {
> - hostapd_logger(hapd, sta->addr,
> - HOSTAPD_MODULE_IEEE80211, HOSTAPD_LEVEL_NOTICE,
> - "Could not %s STA to kernel driver",
> -- sta->added_unassoc ? "set" : "add");
> -+ set ? "set" : "add");
> -
> - if (sta->added_unassoc) {
> - hostapd_drv_sta_remove(hapd, sta->addr);
> ---- a/src/ap/wpa_auth.c
> -+++ b/src/ap/wpa_auth.c
> -@@ -1783,6 +1783,9 @@ int wpa_auth_sm_event(struct wpa_state_m
> - #else /* CONFIG_FILS */
> - break;
> - #endif /* CONFIG_FILS */
> -+ case WPA_DRV_STA_REMOVED:
> -+ sm->tk_already_set = FALSE;
> -+ return 0;
> - }
> -
> - #ifdef CONFIG_IEEE80211R_AP
> -@@ -3922,6 +3925,14 @@ int wpa_auth_sta_wpa_version(struct wpa_
> - }
> -
> -
> -+int wpa_auth_sta_ft_tk_already_set(struct wpa_state_machine *sm)
> -+{
> -+ if (!sm || !wpa_key_mgmt_ft(sm->wpa_key_mgmt))
> -+ return 0;
> -+ return sm->tk_already_set;
> -+}
> -+
> -+
> - int wpa_auth_sta_clear_pmksa(struct wpa_state_machine *sm,
> - struct rsn_pmksa_cache_entry *entry)
> - {
> ---- a/src/ap/wpa_auth.h
> -+++ b/src/ap/wpa_auth.h
> -@@ -300,7 +300,7 @@ void wpa_receive(struct wpa_authenticato
> - u8 *data, size_t data_len);
> - enum wpa_event {
> - WPA_AUTH, WPA_ASSOC, WPA_DISASSOC, WPA_DEAUTH, WPA_REAUTH,
> -- WPA_REAUTH_EAPOL, WPA_ASSOC_FT, WPA_ASSOC_FILS
> -+ WPA_REAUTH_EAPOL, WPA_ASSOC_FT, WPA_ASSOC_FILS, WPA_DRV_STA_REMOVED
> - };
> - void wpa_remove_ptk(struct wpa_state_machine *sm);
> - int wpa_auth_sm_event(struct wpa_state_machine *sm, enum wpa_event event);
> -@@ -313,6 +313,7 @@ int wpa_auth_pairwise_set(struct wpa_sta
> - int wpa_auth_get_pairwise(struct wpa_state_machine *sm);
> - int wpa_auth_sta_key_mgmt(struct wpa_state_machine *sm);
> - int wpa_auth_sta_wpa_version(struct wpa_state_machine *sm);
> -+int wpa_auth_sta_ft_tk_already_set(struct wpa_state_machine *sm);
> - int wpa_auth_sta_clear_pmksa(struct wpa_state_machine *sm,
> - struct rsn_pmksa_cache_entry *entry);
> - struct rsn_pmksa_cache_entry *
> ---- a/src/ap/wpa_auth_ft.c
> -+++ b/src/ap/wpa_auth_ft.c
> -@@ -1937,6 +1937,14 @@ void wpa_ft_install_ptk(struct wpa_state
> - return;
> - }
> -
> -+ if (sm->tk_already_set) {
> -+ /* Must avoid TK reconfiguration to prevent clearing of TX/RX
> -+ * PN in the driver */
> -+ wpa_printf(MSG_DEBUG,
> -+ "FT: Do not re-install same PTK to the driver");
> -+ return;
> -+ }
> -+
> - /* FIX: add STA entry to kernel/driver here? The set_key will fail
> - * most likely without this.. At the moment, STA entry is added only
> - * after association has been completed. This function will be called
> -@@ -1949,6 +1957,7 @@ void wpa_ft_install_ptk(struct wpa_state
> -
> - /* FIX: MLME-SetProtection.Request(TA, Tx_Rx) */
> - sm->pairwise_set = TRUE;
> -+ sm->tk_already_set = TRUE;
> - }
> -
> -
> -@@ -2152,6 +2161,7 @@ static int wpa_ft_process_auth_req(struc
> -
> - sm->pairwise = pairwise;
> - sm->PTK_valid = TRUE;
> -+ sm->tk_already_set = FALSE;
> - wpa_ft_install_ptk(sm);
> -
> - buflen = 2 + sizeof(struct rsn_mdie) + 2 + sizeof(struct rsn_ftie) +
> ---- a/src/ap/wpa_auth_i.h
> -+++ b/src/ap/wpa_auth_i.h
> -@@ -61,6 +61,7 @@ struct wpa_state_machine {
> - struct wpa_ptk PTK;
> - Boolean PTK_valid;
> - Boolean pairwise_set;
> -+ Boolean tk_already_set;
> - int keycount;
> - Boolean Pair;
> - struct wpa_key_replay_counter {
> diff --git a/package/network/services/hostapd/patches/001-Prevent-reinstallation-of-an-already-in-use-group-ke.patch b/package/network/services/hostapd/patches/001-Prevent-reinstallation-of-an-already-in-use-group-ke.patch
> deleted file mode 100644
> index b283bf887d..0000000000
> --- a/package/network/services/hostapd/patches/001-Prevent-reinstallation-of-an-already-in-use-group-ke.patch
> +++ /dev/null
> @@ -1,244 +0,0 @@
> -From: Mathy Vanhoef <Mathy.Vanhoef at cs.kuleuven.be>
> -Date: Wed, 12 Jul 2017 16:03:24 +0200
> -Subject: [PATCH] Prevent reinstallation of an already in-use group key
> -
> -Track the current GTK and IGTK that is in use and when receiving a
> -(possibly retransmitted) Group Message 1 or WNM-Sleep Mode Response, do
> -not install the given key if it is already in use. This prevents an
> -attacker from trying to trick the client into resetting or lowering the
> -sequence counter associated to the group key.
> -
> -Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef at cs.kuleuven.be>
> ----
> -
> ---- a/src/common/wpa_common.h
> -+++ b/src/common/wpa_common.h
> -@@ -218,6 +218,17 @@ struct wpa_ptk {
> - size_t tk_len;
> - };
> -
> -+struct wpa_gtk {
> -+ u8 gtk[WPA_GTK_MAX_LEN];
> -+ size_t gtk_len;
> -+};
> -+
> -+#ifdef CONFIG_IEEE80211W
> -+struct wpa_igtk {
> -+ u8 igtk[WPA_IGTK_MAX_LEN];
> -+ size_t igtk_len;
> -+};
> -+#endif /* CONFIG_IEEE80211W */
> -
> - /* WPA IE version 1
> - * 00-50-f2:1 (OUI:OUI type)
> ---- a/src/rsn_supp/wpa.c
> -+++ b/src/rsn_supp/wpa.c
> -@@ -800,6 +800,15 @@ static int wpa_supplicant_install_gtk(st
> - const u8 *_gtk = gd->gtk;
> - u8 gtk_buf[32];
> -
> -+ /* Detect possible key reinstallation */
> -+ if (sm->gtk.gtk_len == (size_t) gd->gtk_len &&
> -+ os_memcmp(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len) == 0) {
> -+ wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
> -+ "WPA: Not reinstalling already in-use GTK to the driver (keyidx=%d tx=%d len=%d)",
> -+ gd->keyidx, gd->tx, gd->gtk_len);
> -+ return 0;
> -+ }
> -+
> - wpa_hexdump_key(MSG_DEBUG, "WPA: Group Key", gd->gtk, gd->gtk_len);
> - wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
> - "WPA: Installing GTK to the driver (keyidx=%d tx=%d len=%d)",
> -@@ -834,6 +843,9 @@ static int wpa_supplicant_install_gtk(st
> - }
> - os_memset(gtk_buf, 0, sizeof(gtk_buf));
> -
> -+ sm->gtk.gtk_len = gd->gtk_len;
> -+ os_memcpy(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len);
> -+
> - return 0;
> - }
> -
> -@@ -940,6 +952,48 @@ static int wpa_supplicant_pairwise_gtk(s
> - }
> -
> -
> -+#ifdef CONFIG_IEEE80211W
> -+static int wpa_supplicant_install_igtk(struct wpa_sm *sm,
> -+ const struct wpa_igtk_kde *igtk)
> -+{
> -+ size_t len = wpa_cipher_key_len(sm->mgmt_group_cipher);
> -+ u16 keyidx = WPA_GET_LE16(igtk->keyid);
> -+
> -+ /* Detect possible key reinstallation */
> -+ if (sm->igtk.igtk_len == len &&
> -+ os_memcmp(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len) == 0) {
> -+ wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
> -+ "WPA: Not reinstalling already in-use IGTK to the driver (keyidx=%d)",
> -+ keyidx);
> -+ return 0;
> -+ }
> -+
> -+ wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
> -+ "WPA: IGTK keyid %d pn %02x%02x%02x%02x%02x%02x",
> -+ keyidx, MAC2STR(igtk->pn));
> -+ wpa_hexdump_key(MSG_DEBUG, "WPA: IGTK", igtk->igtk, len);
> -+ if (keyidx > 4095) {
> -+ wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
> -+ "WPA: Invalid IGTK KeyID %d", keyidx);
> -+ return -1;
> -+ }
> -+ if (wpa_sm_set_key(sm, wpa_cipher_to_alg(sm->mgmt_group_cipher),
> -+ broadcast_ether_addr,
> -+ keyidx, 0, igtk->pn, sizeof(igtk->pn),
> -+ igtk->igtk, len) < 0) {
> -+ wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
> -+ "WPA: Failed to configure IGTK to the driver");
> -+ return -1;
> -+ }
> -+
> -+ sm->igtk.igtk_len = len;
> -+ os_memcpy(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len);
> -+
> -+ return 0;
> -+}
> -+#endif /* CONFIG_IEEE80211W */
> -+
> -+
> - static int ieee80211w_set_keys(struct wpa_sm *sm,
> - struct wpa_eapol_ie_parse *ie)
> - {
> -@@ -950,30 +1004,14 @@ static int ieee80211w_set_keys(struct wp
> - if (ie->igtk) {
> - size_t len;
> - const struct wpa_igtk_kde *igtk;
> -- u16 keyidx;
> -+
> - len = wpa_cipher_key_len(sm->mgmt_group_cipher);
> - if (ie->igtk_len != WPA_IGTK_KDE_PREFIX_LEN + len)
> - return -1;
> -+
> - igtk = (const struct wpa_igtk_kde *) ie->igtk;
> -- keyidx = WPA_GET_LE16(igtk->keyid);
> -- wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: IGTK keyid %d "
> -- "pn %02x%02x%02x%02x%02x%02x",
> -- keyidx, MAC2STR(igtk->pn));
> -- wpa_hexdump_key(MSG_DEBUG, "WPA: IGTK",
> -- igtk->igtk, len);
> -- if (keyidx > 4095) {
> -- wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
> -- "WPA: Invalid IGTK KeyID %d", keyidx);
> -+ if (wpa_supplicant_install_igtk(sm, igtk) < 0)
> - return -1;
> -- }
> -- if (wpa_sm_set_key(sm, wpa_cipher_to_alg(sm->mgmt_group_cipher),
> -- broadcast_ether_addr,
> -- keyidx, 0, igtk->pn, sizeof(igtk->pn),
> -- igtk->igtk, len) < 0) {
> -- wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
> -- "WPA: Failed to configure IGTK to the driver");
> -- return -1;
> -- }
> - }
> -
> - return 0;
> -@@ -2491,7 +2529,7 @@ void wpa_sm_deinit(struct wpa_sm *sm)
> - */
> - void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid)
> - {
> -- int clear_ptk = 1;
> -+ int clear_keys = 1;
> -
> - if (sm == NULL)
> - return;
> -@@ -2517,7 +2555,7 @@ void wpa_sm_notify_assoc(struct wpa_sm *
> - /* Prepare for the next transition */
> - wpa_ft_prepare_auth_request(sm, NULL);
> -
> -- clear_ptk = 0;
> -+ clear_keys = 0;
> - }
> - #endif /* CONFIG_IEEE80211R */
> - #ifdef CONFIG_FILS
> -@@ -2527,11 +2565,11 @@ void wpa_sm_notify_assoc(struct wpa_sm *
> - * AUTHENTICATED state to get the EAPOL port Authorized.
> - */
> - wpa_supplicant_key_neg_complete(sm, sm->bssid, 1);
> -- clear_ptk = 0;
> -+ clear_keys = 0;
> - }
> - #endif /* CONFIG_FILS */
> -
> -- if (clear_ptk) {
> -+ if (clear_keys) {
> - /*
> - * IEEE 802.11, 8.4.10: Delete PTK SA on (re)association if
> - * this is not part of a Fast BSS Transition.
> -@@ -2541,6 +2579,10 @@ void wpa_sm_notify_assoc(struct wpa_sm *
> - os_memset(&sm->ptk, 0, sizeof(sm->ptk));
> - sm->tptk_set = 0;
> - os_memset(&sm->tptk, 0, sizeof(sm->tptk));
> -+ os_memset(&sm->gtk, 0, sizeof(sm->gtk));
> -+#ifdef CONFIG_IEEE80211W
> -+ os_memset(&sm->igtk, 0, sizeof(sm->igtk));
> -+#endif /* CONFIG_IEEE80211W */
> - }
> -
> - #ifdef CONFIG_TDLS
> -@@ -3117,6 +3159,10 @@ void wpa_sm_drop_sa(struct wpa_sm *sm)
> - os_memset(sm->pmk, 0, sizeof(sm->pmk));
> - os_memset(&sm->ptk, 0, sizeof(sm->ptk));
> - os_memset(&sm->tptk, 0, sizeof(sm->tptk));
> -+ os_memset(&sm->gtk, 0, sizeof(sm->gtk));
> -+#ifdef CONFIG_IEEE80211W
> -+ os_memset(&sm->igtk, 0, sizeof(sm->igtk));
> -+#endif /* CONFIG_IEEE80211W */
> - #ifdef CONFIG_IEEE80211R
> - os_memset(sm->xxkey, 0, sizeof(sm->xxkey));
> - os_memset(sm->pmk_r0, 0, sizeof(sm->pmk_r0));
> -@@ -3189,29 +3235,11 @@ int wpa_wnmsleep_install_key(struct wpa_
> - os_memset(&gd, 0, sizeof(gd));
> - #ifdef CONFIG_IEEE80211W
> - } else if (subelem_id == WNM_SLEEP_SUBELEM_IGTK) {
> -- struct wpa_igtk_kde igd;
> -- u16 keyidx;
> -+ const struct wpa_igtk_kde *igtk;
> -
> -- os_memset(&igd, 0, sizeof(igd));
> -- keylen = wpa_cipher_key_len(sm->mgmt_group_cipher);
> -- os_memcpy(igd.keyid, buf + 2, 2);
> -- os_memcpy(igd.pn, buf + 4, 6);
> --
> -- keyidx = WPA_GET_LE16(igd.keyid);
> -- os_memcpy(igd.igtk, buf + 10, keylen);
> --
> -- wpa_hexdump_key(MSG_DEBUG, "Install IGTK (WNM SLEEP)",
> -- igd.igtk, keylen);
> -- if (wpa_sm_set_key(sm, wpa_cipher_to_alg(sm->mgmt_group_cipher),
> -- broadcast_ether_addr,
> -- keyidx, 0, igd.pn, sizeof(igd.pn),
> -- igd.igtk, keylen) < 0) {
> -- wpa_printf(MSG_DEBUG, "Failed to install the IGTK in "
> -- "WNM mode");
> -- os_memset(&igd, 0, sizeof(igd));
> -+ igtk = (const struct wpa_igtk_kde *) (buf + 2);
> -+ if (wpa_supplicant_install_igtk(sm, igtk) < 0)
> - return -1;
> -- }
> -- os_memset(&igd, 0, sizeof(igd));
> - #endif /* CONFIG_IEEE80211W */
> - } else {
> - wpa_printf(MSG_DEBUG, "Unknown element id");
> ---- a/src/rsn_supp/wpa_i.h
> -+++ b/src/rsn_supp/wpa_i.h
> -@@ -31,6 +31,10 @@ struct wpa_sm {
> - u8 rx_replay_counter[WPA_REPLAY_COUNTER_LEN];
> - int rx_replay_counter_set;
> - u8 request_counter[WPA_REPLAY_COUNTER_LEN];
> -+ struct wpa_gtk gtk;
> -+#ifdef CONFIG_IEEE80211W
> -+ struct wpa_igtk igtk;
> -+#endif /* CONFIG_IEEE80211W */
> -
> - struct eapol_sm *eapol; /* EAPOL state machine from upper level code */
> -
> diff --git a/package/network/services/hostapd/patches/002-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch b/package/network/services/hostapd/patches/002-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch
> deleted file mode 100644
> index 2093d25e9c..0000000000
> --- a/package/network/services/hostapd/patches/002-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch
> +++ /dev/null
> @@ -1,182 +0,0 @@
> -From: Jouni Malinen <j at w1.fi>
> -Date: Sun, 1 Oct 2017 12:12:24 +0300
> -Subject: [PATCH] Extend protection of GTK/IGTK reinstallation of WNM-Sleep
> - Mode cases
> -
> -This extends the protection to track last configured GTK/IGTK value
> -separately from EAPOL-Key frames and WNM-Sleep Mode frames to cover a
> -corner case where these two different mechanisms may get used when the
> -GTK/IGTK has changed and tracking a single value is not sufficient to
> -detect a possible key reconfiguration.
> -
> -Signed-off-by: Jouni Malinen <j at w1.fi>
> ----
> -
> ---- a/src/rsn_supp/wpa.c
> -+++ b/src/rsn_supp/wpa.c
> -@@ -795,14 +795,17 @@ struct wpa_gtk_data {
> -
> - static int wpa_supplicant_install_gtk(struct wpa_sm *sm,
> - const struct wpa_gtk_data *gd,
> -- const u8 *key_rsc)
> -+ const u8 *key_rsc, int wnm_sleep)
> - {
> - const u8 *_gtk = gd->gtk;
> - u8 gtk_buf[32];
> -
> - /* Detect possible key reinstallation */
> -- if (sm->gtk.gtk_len == (size_t) gd->gtk_len &&
> -- os_memcmp(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len) == 0) {
> -+ if ((sm->gtk.gtk_len == (size_t) gd->gtk_len &&
> -+ os_memcmp(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len) == 0) ||
> -+ (sm->gtk_wnm_sleep.gtk_len == (size_t) gd->gtk_len &&
> -+ os_memcmp(sm->gtk_wnm_sleep.gtk, gd->gtk,
> -+ sm->gtk_wnm_sleep.gtk_len) == 0)) {
> - wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
> - "WPA: Not reinstalling already in-use GTK to the driver (keyidx=%d tx=%d len=%d)",
> - gd->keyidx, gd->tx, gd->gtk_len);
> -@@ -843,8 +846,14 @@ static int wpa_supplicant_install_gtk(st
> - }
> - os_memset(gtk_buf, 0, sizeof(gtk_buf));
> -
> -- sm->gtk.gtk_len = gd->gtk_len;
> -- os_memcpy(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len);
> -+ if (wnm_sleep) {
> -+ sm->gtk_wnm_sleep.gtk_len = gd->gtk_len;
> -+ os_memcpy(sm->gtk_wnm_sleep.gtk, gd->gtk,
> -+ sm->gtk_wnm_sleep.gtk_len);
> -+ } else {
> -+ sm->gtk.gtk_len = gd->gtk_len;
> -+ os_memcpy(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len);
> -+ }
> -
> - return 0;
> - }
> -@@ -938,7 +947,7 @@ static int wpa_supplicant_pairwise_gtk(s
> - (wpa_supplicant_check_group_cipher(sm, sm->group_cipher,
> - gtk_len, gtk_len,
> - &gd.key_rsc_len, &gd.alg) ||
> -- wpa_supplicant_install_gtk(sm, &gd, key_rsc))) {
> -+ wpa_supplicant_install_gtk(sm, &gd, key_rsc, 0))) {
> - wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
> - "RSN: Failed to install GTK");
> - os_memset(&gd, 0, sizeof(gd));
> -@@ -954,14 +963,18 @@ static int wpa_supplicant_pairwise_gtk(s
> -
> - #ifdef CONFIG_IEEE80211W
> - static int wpa_supplicant_install_igtk(struct wpa_sm *sm,
> -- const struct wpa_igtk_kde *igtk)
> -+ const struct wpa_igtk_kde *igtk,
> -+ int wnm_sleep)
> - {
> - size_t len = wpa_cipher_key_len(sm->mgmt_group_cipher);
> - u16 keyidx = WPA_GET_LE16(igtk->keyid);
> -
> - /* Detect possible key reinstallation */
> -- if (sm->igtk.igtk_len == len &&
> -- os_memcmp(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len) == 0) {
> -+ if ((sm->igtk.igtk_len == len &&
> -+ os_memcmp(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len) == 0) ||
> -+ (sm->igtk_wnm_sleep.igtk_len == len &&
> -+ os_memcmp(sm->igtk_wnm_sleep.igtk, igtk->igtk,
> -+ sm->igtk_wnm_sleep.igtk_len) == 0)) {
> - wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
> - "WPA: Not reinstalling already in-use IGTK to the driver (keyidx=%d)",
> - keyidx);
> -@@ -986,8 +999,14 @@ static int wpa_supplicant_install_igtk(s
> - return -1;
> - }
> -
> -- sm->igtk.igtk_len = len;
> -- os_memcpy(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len);
> -+ if (wnm_sleep) {
> -+ sm->igtk_wnm_sleep.igtk_len = len;
> -+ os_memcpy(sm->igtk_wnm_sleep.igtk, igtk->igtk,
> -+ sm->igtk_wnm_sleep.igtk_len);
> -+ } else {
> -+ sm->igtk.igtk_len = len;
> -+ os_memcpy(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len);
> -+ }
> -
> - return 0;
> - }
> -@@ -1010,7 +1029,7 @@ static int ieee80211w_set_keys(struct wp
> - return -1;
> -
> - igtk = (const struct wpa_igtk_kde *) ie->igtk;
> -- if (wpa_supplicant_install_igtk(sm, igtk) < 0)
> -+ if (wpa_supplicant_install_igtk(sm, igtk, 0) < 0)
> - return -1;
> - }
> -
> -@@ -1659,7 +1678,7 @@ static void wpa_supplicant_process_1_of_
> - if (wpa_supplicant_rsc_relaxation(sm, key->key_rsc))
> - key_rsc = null_rsc;
> -
> -- if (wpa_supplicant_install_gtk(sm, &gd, key_rsc) ||
> -+ if (wpa_supplicant_install_gtk(sm, &gd, key_rsc, 0) ||
> - wpa_supplicant_send_2_of_2(sm, key, ver, key_info) < 0)
> - goto failed;
> - os_memset(&gd, 0, sizeof(gd));
> -@@ -2580,8 +2599,10 @@ void wpa_sm_notify_assoc(struct wpa_sm *
> - sm->tptk_set = 0;
> - os_memset(&sm->tptk, 0, sizeof(sm->tptk));
> - os_memset(&sm->gtk, 0, sizeof(sm->gtk));
> -+ os_memset(&sm->gtk_wnm_sleep, 0, sizeof(sm->gtk_wnm_sleep));
> - #ifdef CONFIG_IEEE80211W
> - os_memset(&sm->igtk, 0, sizeof(sm->igtk));
> -+ os_memset(&sm->igtk_wnm_sleep, 0, sizeof(sm->igtk_wnm_sleep));
> - #endif /* CONFIG_IEEE80211W */
> - }
> -
> -@@ -3160,8 +3181,10 @@ void wpa_sm_drop_sa(struct wpa_sm *sm)
> - os_memset(&sm->ptk, 0, sizeof(sm->ptk));
> - os_memset(&sm->tptk, 0, sizeof(sm->tptk));
> - os_memset(&sm->gtk, 0, sizeof(sm->gtk));
> -+ os_memset(&sm->gtk_wnm_sleep, 0, sizeof(sm->gtk_wnm_sleep));
> - #ifdef CONFIG_IEEE80211W
> - os_memset(&sm->igtk, 0, sizeof(sm->igtk));
> -+ os_memset(&sm->igtk_wnm_sleep, 0, sizeof(sm->igtk_wnm_sleep));
> - #endif /* CONFIG_IEEE80211W */
> - #ifdef CONFIG_IEEE80211R
> - os_memset(sm->xxkey, 0, sizeof(sm->xxkey));
> -@@ -3226,7 +3249,7 @@ int wpa_wnmsleep_install_key(struct wpa_
> -
> - wpa_hexdump_key(MSG_DEBUG, "Install GTK (WNM SLEEP)",
> - gd.gtk, gd.gtk_len);
> -- if (wpa_supplicant_install_gtk(sm, &gd, key_rsc)) {
> -+ if (wpa_supplicant_install_gtk(sm, &gd, key_rsc, 1)) {
> - os_memset(&gd, 0, sizeof(gd));
> - wpa_printf(MSG_DEBUG, "Failed to install the GTK in "
> - "WNM mode");
> -@@ -3238,7 +3261,7 @@ int wpa_wnmsleep_install_key(struct wpa_
> - const struct wpa_igtk_kde *igtk;
> -
> - igtk = (const struct wpa_igtk_kde *) (buf + 2);
> -- if (wpa_supplicant_install_igtk(sm, igtk) < 0)
> -+ if (wpa_supplicant_install_igtk(sm, igtk, 1) < 0)
> - return -1;
> - #endif /* CONFIG_IEEE80211W */
> - } else {
> -@@ -4121,7 +4144,7 @@ int fils_process_assoc_resp(struct wpa_s
> - os_memcpy(gd.gtk, kde.gtk + 2, kde.gtk_len - 2);
> -
> - wpa_printf(MSG_DEBUG, "FILS: Set GTK to driver");
> -- if (wpa_supplicant_install_gtk(sm, &gd, elems.key_delivery) < 0) {
> -+ if (wpa_supplicant_install_gtk(sm, &gd, elems.key_delivery, 0) < 0) {
> - wpa_printf(MSG_DEBUG, "FILS: Failed to set GTK");
> - goto fail;
> - }
> ---- a/src/rsn_supp/wpa_i.h
> -+++ b/src/rsn_supp/wpa_i.h
> -@@ -32,8 +32,10 @@ struct wpa_sm {
> - int rx_replay_counter_set;
> - u8 request_counter[WPA_REPLAY_COUNTER_LEN];
> - struct wpa_gtk gtk;
> -+ struct wpa_gtk gtk_wnm_sleep;
> - #ifdef CONFIG_IEEE80211W
> - struct wpa_igtk igtk;
> -+ struct wpa_igtk igtk_wnm_sleep;
> - #endif /* CONFIG_IEEE80211W */
> -
> - struct eapol_sm *eapol; /* EAPOL state machine from upper level code */
> diff --git a/package/network/services/hostapd/patches/003-Prevent-installation-of-an-all-zero-TK.patch b/package/network/services/hostapd/patches/003-Prevent-installation-of-an-all-zero-TK.patch
> deleted file mode 100644
> index 30679e25c2..0000000000
> --- a/package/network/services/hostapd/patches/003-Prevent-installation-of-an-all-zero-TK.patch
> +++ /dev/null
> @@ -1,73 +0,0 @@
> -From: Mathy Vanhoef <Mathy.Vanhoef at cs.kuleuven.be>
> -Date: Fri, 29 Sep 2017 04:22:51 +0200
> -Subject: [PATCH] Prevent installation of an all-zero TK
> -
> -Properly track whether a PTK has already been installed to the driver
> -and the TK part cleared from memory. This prevents an attacker from
> -trying to trick the client into installing an all-zero TK.
> -
> -This fixes the earlier fix in commit
> -ad00d64e7d8827b3cebd665a0ceb08adabf15e1e ('Fix TK configuration to the
> -driver in EAPOL-Key 3/4 retry case') which did not take into account
> -possibility of an extra message 1/4 showing up between retries of
> -message 3/4.
> -
> -Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef at cs.kuleuven.be>
> ----
> -
> ---- a/src/common/wpa_common.h
> -+++ b/src/common/wpa_common.h
> -@@ -216,6 +216,7 @@ struct wpa_ptk {
> - size_t kck_len;
> - size_t kek_len;
> - size_t tk_len;
> -+ int installed; /* 1 if key has already been installed to driver */
> - };
> -
> - struct wpa_gtk {
> ---- a/src/rsn_supp/wpa.c
> -+++ b/src/rsn_supp/wpa.c
> -@@ -594,7 +594,6 @@ static void wpa_supplicant_process_1_of_
> - os_memset(buf, 0, sizeof(buf));
> - }
> - sm->tptk_set = 1;
> -- sm->tk_to_set = 1;
> -
> - kde = sm->assoc_wpa_ie;
> - kde_len = sm->assoc_wpa_ie_len;
> -@@ -701,7 +700,7 @@ static int wpa_supplicant_install_ptk(st
> - enum wpa_alg alg;
> - const u8 *key_rsc;
> -
> -- if (!sm->tk_to_set) {
> -+ if (sm->ptk.installed) {
> - wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
> - "WPA: Do not re-install same PTK to the driver");
> - return 0;
> -@@ -745,7 +744,7 @@ static int wpa_supplicant_install_ptk(st
> -
> - /* TK is not needed anymore in supplicant */
> - os_memset(sm->ptk.tk, 0, WPA_TK_MAX_LEN);
> -- sm->tk_to_set = 0;
> -+ sm->ptk.installed = 1;
> -
> - if (sm->wpa_ptk_rekey) {
> - eloop_cancel_timeout(wpa_sm_rekey_ptk, sm, NULL);
> -@@ -4172,6 +4171,7 @@ int fils_process_assoc_resp(struct wpa_s
> - * takes care of association frame encryption/decryption. */
> - /* TK is not needed anymore in supplicant */
> - os_memset(sm->ptk.tk, 0, WPA_TK_MAX_LEN);
> -+ sm->ptk.installed = 1;
> -
> - /* FILS HLP Container */
> - fils_process_hlp_container(sm, ie_start, end - ie_start);
> ---- a/src/rsn_supp/wpa_i.h
> -+++ b/src/rsn_supp/wpa_i.h
> -@@ -24,7 +24,6 @@ struct wpa_sm {
> - struct wpa_ptk ptk, tptk;
> - int ptk_set, tptk_set;
> - unsigned int msg_3_of_4_ok:1;
> -- unsigned int tk_to_set:1;
> - u8 snonce[WPA_NONCE_LEN];
> - u8 anonce[WPA_NONCE_LEN]; /* ANonce from the last 1/4 msg */
> - int renew_snonce;
> diff --git a/package/network/services/hostapd/patches/004-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch b/package/network/services/hostapd/patches/004-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch
> deleted file mode 100644
> index 6f28e74314..0000000000
> --- a/package/network/services/hostapd/patches/004-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch
> +++ /dev/null
> @@ -1,56 +0,0 @@
> -From: Jouni Malinen <j at w1.fi>
> -Date: Sun, 1 Oct 2017 12:32:57 +0300
> -Subject: [PATCH] Fix PTK rekeying to generate a new ANonce
> -
> -The Authenticator state machine path for PTK rekeying ended up bypassing
> -the AUTHENTICATION2 state where a new ANonce is generated when going
> -directly to the PTKSTART state since there is no need to try to
> -determine the PMK again in such a case. This is far from ideal since the
> -new PTK would depend on a new nonce only from the supplicant.
> -
> -Fix this by generating a new ANonce when moving to the PTKSTART state
> -for the purpose of starting new 4-way handshake to rekey PTK.
> -
> -Signed-off-by: Jouni Malinen <j at w1.fi>
> ----
> -
> ---- a/src/ap/wpa_auth.c
> -+++ b/src/ap/wpa_auth.c
> -@@ -1951,6 +1951,21 @@ SM_STATE(WPA_PTK, AUTHENTICATION2)
> - }
> -
> -
> -+static int wpa_auth_sm_ptk_update(struct wpa_state_machine *sm)
> -+{
> -+ if (random_get_bytes(sm->ANonce, WPA_NONCE_LEN)) {
> -+ wpa_printf(MSG_ERROR,
> -+ "WPA: Failed to get random data for ANonce");
> -+ sm->Disconnect = TRUE;
> -+ return -1;
> -+ }
> -+ wpa_hexdump(MSG_DEBUG, "WPA: Assign new ANonce", sm->ANonce,
> -+ WPA_NONCE_LEN);
> -+ sm->TimeoutCtr = 0;
> -+ return 0;
> -+}
> -+
> -+
> - SM_STATE(WPA_PTK, INITPMK)
> - {
> - u8 msk[2 * PMK_LEN];
> -@@ -3116,9 +3131,12 @@ SM_STEP(WPA_PTK)
> - SM_ENTER(WPA_PTK, AUTHENTICATION);
> - else if (sm->ReAuthenticationRequest)
> - SM_ENTER(WPA_PTK, AUTHENTICATION2);
> -- else if (sm->PTKRequest)
> -- SM_ENTER(WPA_PTK, PTKSTART);
> -- else switch (sm->wpa_ptk_state) {
> -+ else if (sm->PTKRequest) {
> -+ if (wpa_auth_sm_ptk_update(sm) < 0)
> -+ SM_ENTER(WPA_PTK, DISCONNECTED);
> -+ else
> -+ SM_ENTER(WPA_PTK, PTKSTART);
> -+ } else switch (sm->wpa_ptk_state) {
> - case WPA_PTK_INITIALIZE:
> - break;
> - case WPA_PTK_DISCONNECT:
> diff --git a/package/network/services/hostapd/patches/005-TDLS-Reject-TPK-TK-reconfiguration.patch b/package/network/services/hostapd/patches/005-TDLS-Reject-TPK-TK-reconfiguration.patch
> deleted file mode 100644
> index 2ca05dd643..0000000000
> --- a/package/network/services/hostapd/patches/005-TDLS-Reject-TPK-TK-reconfiguration.patch
> +++ /dev/null
> @@ -1,124 +0,0 @@
> -From: Jouni Malinen <j at w1.fi>
> -Date: Fri, 22 Sep 2017 11:03:15 +0300
> -Subject: [PATCH] TDLS: Reject TPK-TK reconfiguration
> -
> -Do not try to reconfigure the same TPK-TK to the driver after it has
> -been successfully configured. This is an explicit check to avoid issues
> -related to resetting the TX/RX packet number. There was already a check
> -for this for TPK M2 (retries of that message are ignored completely), so
> -that behavior does not get modified.
> -
> -For TPK M3, the TPK-TK could have been reconfigured, but that was
> -followed by immediate teardown of the link due to an issue in updating
> -the STA entry. Furthermore, for TDLS with any real security (i.e.,
> -ignoring open/WEP), the TPK message exchange is protected on the AP path
> -and simple replay attacks are not feasible.
> -
> -As an additional corner case, make sure the local nonce gets updated if
> -the peer uses a very unlikely "random nonce" of all zeros.
> -
> -Signed-off-by: Jouni Malinen <j at w1.fi>
> ----
> -
> ---- a/src/rsn_supp/tdls.c
> -+++ b/src/rsn_supp/tdls.c
> -@@ -112,6 +112,7 @@ struct wpa_tdls_peer {
> - u8 tk[16]; /* TPK-TK; assuming only CCMP will be used */
> - } tpk;
> - int tpk_set;
> -+ int tk_set; /* TPK-TK configured to the driver */
> - int tpk_success;
> - int tpk_in_progress;
> -
> -@@ -192,6 +193,20 @@ static int wpa_tdls_set_key(struct wpa_s
> - u8 rsc[6];
> - enum wpa_alg alg;
> -
> -+ if (peer->tk_set) {
> -+ /*
> -+ * This same TPK-TK has already been configured to the driver
> -+ * and this new configuration attempt (likely due to an
> -+ * unexpected retransmitted frame) would result in clearing
> -+ * the TX/RX sequence number which can break security, so must
> -+ * not allow that to happen.
> -+ */
> -+ wpa_printf(MSG_INFO, "TDLS: TPK-TK for the peer " MACSTR
> -+ " has already been configured to the driver - do not reconfigure",
> -+ MAC2STR(peer->addr));
> -+ return -1;
> -+ }
> -+
> - os_memset(rsc, 0, 6);
> -
> - switch (peer->cipher) {
> -@@ -209,12 +224,15 @@ static int wpa_tdls_set_key(struct wpa_s
> - return -1;
> - }
> -
> -+ wpa_printf(MSG_DEBUG, "TDLS: Configure pairwise key for peer " MACSTR,
> -+ MAC2STR(peer->addr));
> - if (wpa_sm_set_key(sm, alg, peer->addr, -1, 1,
> - rsc, sizeof(rsc), peer->tpk.tk, key_len) < 0) {
> - wpa_printf(MSG_WARNING, "TDLS: Failed to set TPK to the "
> - "driver");
> - return -1;
> - }
> -+ peer->tk_set = 1;
> - return 0;
> - }
> -
> -@@ -695,7 +713,7 @@ static void wpa_tdls_peer_clear(struct w
> - peer->cipher = 0;
> - peer->qos_info = 0;
> - peer->wmm_capable = 0;
> -- peer->tpk_set = peer->tpk_success = 0;
> -+ peer->tk_set = peer->tpk_set = peer->tpk_success = 0;
> - peer->chan_switch_enabled = 0;
> - os_memset(&peer->tpk, 0, sizeof(peer->tpk));
> - os_memset(peer->inonce, 0, WPA_NONCE_LEN);
> -@@ -1158,6 +1176,7 @@ skip_rsnie:
> - wpa_tdls_peer_free(sm, peer);
> - return -1;
> - }
> -+ peer->tk_set = 0; /* A new nonce results in a new TK */
> - wpa_hexdump(MSG_DEBUG, "TDLS: Initiator Nonce for TPK handshake",
> - peer->inonce, WPA_NONCE_LEN);
> - os_memcpy(ftie->Snonce, peer->inonce, WPA_NONCE_LEN);
> -@@ -1751,6 +1770,19 @@ static int wpa_tdls_addset_peer(struct w
> - }
> -
> -
> -+static int tdls_nonce_set(const u8 *nonce)
> -+{
> -+ int i;
> -+
> -+ for (i = 0; i < WPA_NONCE_LEN; i++) {
> -+ if (nonce[i])
> -+ return 1;
> -+ }
> -+
> -+ return 0;
> -+}
> -+
> -+
> - static int wpa_tdls_process_tpk_m1(struct wpa_sm *sm, const u8 *src_addr,
> - const u8 *buf, size_t len)
> - {
> -@@ -2004,7 +2036,8 @@ skip_rsn:
> - peer->rsnie_i_len = kde.rsn_ie_len;
> - peer->cipher = cipher;
> -
> -- if (os_memcmp(peer->inonce, ftie->Snonce, WPA_NONCE_LEN) != 0) {
> -+ if (os_memcmp(peer->inonce, ftie->Snonce, WPA_NONCE_LEN) != 0 ||
> -+ !tdls_nonce_set(peer->inonce)) {
> - /*
> - * There is no point in updating the RNonce for every obtained
> - * TPK M1 frame (e.g., retransmission due to timeout) with the
> -@@ -2020,6 +2053,7 @@ skip_rsn:
> - "TDLS: Failed to get random data for responder nonce");
> - goto error;
> - }
> -+ peer->tk_set = 0; /* A new nonce results in a new TK */
> - }
> -
> - #if 0
> diff --git a/package/network/services/hostapd/patches/006-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch b/package/network/services/hostapd/patches/006-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch
> deleted file mode 100644
> index 13d78b8cbd..0000000000
> --- a/package/network/services/hostapd/patches/006-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch
> +++ /dev/null
> @@ -1,35 +0,0 @@
> -From: Jouni Malinen <j at w1.fi>
> -Date: Fri, 22 Sep 2017 11:25:02 +0300
> -Subject: [PATCH] WNM: Ignore WNM-Sleep Mode Response without pending
> - request
> -
> -Commit 03ed0a52393710be6bdae657d1b36efa146520e5 ('WNM: Ignore WNM-Sleep
> -Mode Response if WNM-Sleep Mode has not been used') started ignoring the
> -response when no WNM-Sleep Mode Request had been used during the
> -association. This can be made tighter by clearing the used flag when
> -successfully processing a response. This adds an additional layer of
> -protection against unexpected retransmissions of the response frame.
> -
> -Signed-off-by: Jouni Malinen <j at w1.fi>
> ----
> -
> ---- a/wpa_supplicant/wnm_sta.c
> -+++ b/wpa_supplicant/wnm_sta.c
> -@@ -260,7 +260,7 @@ static void ieee802_11_rx_wnmsleep_resp(
> -
> - if (!wpa_s->wnmsleep_used) {
> - wpa_printf(MSG_DEBUG,
> -- "WNM: Ignore WNM-Sleep Mode Response frame since WNM-Sleep Mode has not been used in this association");
> -+ "WNM: Ignore WNM-Sleep Mode Response frame since WNM-Sleep Mode operation has not been requested");
> - return;
> - }
> -
> -@@ -299,6 +299,8 @@ static void ieee802_11_rx_wnmsleep_resp(
> - return;
> - }
> -
> -+ wpa_s->wnmsleep_used = 0;
> -+
> - if (wnmsleep_ie->status == WNM_STATUS_SLEEP_ACCEPT ||
> - wnmsleep_ie->status == WNM_STATUS_SLEEP_EXIT_ACCEPT_GTK_UPDATE) {
> - wpa_printf(MSG_DEBUG, "Successfully recv WNM-Sleep Response "
> diff --git a/package/network/services/hostapd/patches/007-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch b/package/network/services/hostapd/patches/007-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch
> deleted file mode 100644
> index 7712ce5198..0000000000
> --- a/package/network/services/hostapd/patches/007-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch
> +++ /dev/null
> @@ -1,68 +0,0 @@
> -From: Jouni Malinen <j at w1.fi>
> -Date: Fri, 22 Sep 2017 12:06:37 +0300
> -Subject: [PATCH] FT: Do not allow multiple Reassociation Response frames
> -
> -The driver is expected to not report a second association event without
> -the station having explicitly request a new association. As such, this
> -case should not be reachable. However, since reconfiguring the same
> -pairwise or group keys to the driver could result in nonce reuse issues,
> -be extra careful here and do an additional state check to avoid this
> -even if the local driver ends up somehow accepting an unexpected
> -Reassociation Response frame.
> -
> -Signed-off-by: Jouni Malinen <j at w1.fi>
> ----
> -
> ---- a/src/rsn_supp/wpa.c
> -+++ b/src/rsn_supp/wpa.c
> -@@ -2637,6 +2637,9 @@ void wpa_sm_notify_disassoc(struct wpa_s
> - #ifdef CONFIG_FILS
> - sm->fils_completed = 0;
> - #endif /* CONFIG_FILS */
> -+#ifdef CONFIG_IEEE80211R
> -+ sm->ft_reassoc_completed = 0;
> -+#endif /* CONFIG_IEEE80211R */
> -
> - /* Keys are not needed in the WPA state machine anymore */
> - wpa_sm_drop_sa(sm);
> ---- a/src/rsn_supp/wpa_ft.c
> -+++ b/src/rsn_supp/wpa_ft.c
> -@@ -153,6 +153,7 @@ static u8 * wpa_ft_gen_req_ies(struct wp
> - u16 capab;
> -
> - sm->ft_completed = 0;
> -+ sm->ft_reassoc_completed = 0;
> -
> - buf_len = 2 + sizeof(struct rsn_mdie) + 2 + sizeof(struct rsn_ftie) +
> - 2 + sm->r0kh_id_len + ric_ies_len + 100;
> -@@ -687,6 +688,11 @@ int wpa_ft_validate_reassoc_resp(struct
> - return -1;
> - }
> -
> -+ if (sm->ft_reassoc_completed) {
> -+ wpa_printf(MSG_DEBUG, "FT: Reassociation has already been completed for this FT protocol instance - ignore unexpected retransmission");
> -+ return 0;
> -+ }
> -+
> - if (wpa_ft_parse_ies(ies, ies_len, &parse) < 0) {
> - wpa_printf(MSG_DEBUG, "FT: Failed to parse IEs");
> - return -1;
> -@@ -787,6 +793,8 @@ int wpa_ft_validate_reassoc_resp(struct
> - return -1;
> - }
> -
> -+ sm->ft_reassoc_completed = 1;
> -+
> - if (wpa_ft_process_gtk_subelem(sm, parse.gtk, parse.gtk_len) < 0)
> - return -1;
> -
> ---- a/src/rsn_supp/wpa_i.h
> -+++ b/src/rsn_supp/wpa_i.h
> -@@ -128,6 +128,7 @@ struct wpa_sm {
> - size_t r0kh_id_len;
> - u8 r1kh_id[FT_R1KH_ID_LEN];
> - int ft_completed;
> -+ int ft_reassoc_completed;
> - int over_the_ds_in_progress;
> - u8 target_ap[ETH_ALEN]; /* over-the-DS target AP */
> - int set_ptk_after_assoc;
> diff --git a/package/network/services/hostapd/patches/008-WPA-Extra-defense-against-PTK-reinstalls-in-4-way-ha.patch b/package/network/services/hostapd/patches/008-WPA-Extra-defense-against-PTK-reinstalls-in-4-way-ha.patch
> deleted file mode 100644
> index 40f6b56965..0000000000
> --- a/package/network/services/hostapd/patches/008-WPA-Extra-defense-against-PTK-reinstalls-in-4-way-ha.patch
> +++ /dev/null
> @@ -1,34 +0,0 @@
> -From a00e946c1c9a1f9cc65c72900d2a444ceb1f872e Mon Sep 17 00:00:00 2001
> -From: Mathy Vanhoef <Mathy.Vanhoef at cs.kuleuven.be>
> -Date: Thu, 5 Oct 2017 23:53:01 +0200
> -Subject: [PATCH] WPA: Extra defense against PTK reinstalls in 4-way handshake
> -
> -Currently, reinstallations of the PTK are prevented by (1) assuring the
> -same TPTK is only set once as the PTK, and (2) that one particular PTK
> -is only installed once. This patch makes it more explicit that point (1)
> -is required to prevent key reinstallations. At the same time, this patch
> -hardens wpa_supplicant such that future changes do not accidentally
> -break this property.
> -
> -Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef at cs.kuleuven.be>
> ----
> - src/rsn_supp/wpa.c | 8 ++++++++
> - 1 file changed, 8 insertions(+)
> -
> ---- a/src/rsn_supp/wpa.c
> -+++ b/src/rsn_supp/wpa.c
> -@@ -1728,6 +1728,14 @@ static int wpa_supplicant_verify_eapol_k
> - sm->ptk_set = 1;
> - os_memcpy(&sm->ptk, &sm->tptk, sizeof(sm->ptk));
> - os_memset(&sm->tptk, 0, sizeof(sm->tptk));
> -+ /*
> -+ * This assures the same TPTK in sm->tptk can never be
> -+ * copied twice to sm->pkt as the new PTK. In
> -+ * combination with the installed flag in the wpa_ptk
> -+ * struct, this assures the same PTK is only installed
> -+ * once.
> -+ */
> -+ sm->renew_snonce = 1;
> - }
> - }
> -
> diff --git a/package/network/services/hostapd/patches/009-Clear-PMK-length-and-check-for-this-when-deriving-PT.patch b/package/network/services/hostapd/patches/009-Clear-PMK-length-and-check-for-this-when-deriving-PT.patch
> deleted file mode 100644
> index ed7d79ec1b..0000000000
> --- a/package/network/services/hostapd/patches/009-Clear-PMK-length-and-check-for-this-when-deriving-PT.patch
> +++ /dev/null
> @@ -1,53 +0,0 @@
> -From b488a12948751f57871f09baa345e59b23959a41 Mon Sep 17 00:00:00 2001
> -From: Jouni Malinen <j at w1.fi>
> -Date: Sun, 8 Oct 2017 13:18:02 +0300
> -Subject: [PATCH] Clear PMK length and check for this when deriving PTK
> -
> -Instead of setting the default PMK length for the cleared PMK, set the
> -length to 0 and explicitly check for this when deriving PTK to avoid
> -unexpected key derivation with an all-zeroes key should it be possible
> -to somehow trigger PTK derivation to happen before PMK derivation.
> -
> -Signed-off-by: Jouni Malinen <j at w1.fi>
> ----
> - src/common/wpa_common.c | 5 +++++
> - src/rsn_supp/wpa.c | 7 ++++---
> - 2 files changed, 9 insertions(+), 3 deletions(-)
> -
> ---- a/src/common/wpa_common.c
> -+++ b/src/common/wpa_common.c
> -@@ -225,6 +225,11 @@ int wpa_pmk_to_ptk(const u8 *pmk, size_t
> - u8 tmp[WPA_KCK_MAX_LEN + WPA_KEK_MAX_LEN + WPA_TK_MAX_LEN];
> - size_t ptk_len;
> -
> -+ if (pmk_len == 0) {
> -+ wpa_printf(MSG_ERROR, "WPA: No PMK set for PT derivation");
> -+ return -1;
> -+ }
> -+
> - if (os_memcmp(addr1, addr2, ETH_ALEN) < 0) {
> - os_memcpy(data, addr1, ETH_ALEN);
> - os_memcpy(data + ETH_ALEN, addr2, ETH_ALEN);
> ---- a/src/rsn_supp/wpa.c
> -+++ b/src/rsn_supp/wpa.c
> -@@ -584,7 +584,8 @@ static void wpa_supplicant_process_1_of_
> - /* Calculate PTK which will be stored as a temporary PTK until it has
> - * been verified when processing message 3/4. */
> - ptk = &sm->tptk;
> -- wpa_derive_ptk(sm, src_addr, key, ptk);
> -+ if (wpa_derive_ptk(sm, src_addr, key, ptk) < 0)
> -+ goto failed;
> - if (sm->pairwise_cipher == WPA_CIPHER_TKIP) {
> - u8 buf[8];
> - /* Supplicant: swap tx/rx Mic keys */
> -@@ -2705,8 +2706,8 @@ void wpa_sm_set_pmk_from_pmksa(struct wp
> - sm->pmk_len = sm->cur_pmksa->pmk_len;
> - os_memcpy(sm->pmk, sm->cur_pmksa->pmk, sm->pmk_len);
> - } else {
> -- sm->pmk_len = PMK_LEN;
> -- os_memset(sm->pmk, 0, PMK_LEN);
> -+ sm->pmk_len = 0;
> -+ os_memset(sm->pmk, 0, PMK_LEN_MAX);
> - }
> - }
> -
> diff --git a/package/network/services/hostapd/patches/010-Optional-AP-side-workaround-for-key-reinstallation-a.patch b/package/network/services/hostapd/patches/010-Optional-AP-side-workaround-for-key-reinstallation-a.patch
> deleted file mode 100644
> index 19165cce2d..0000000000
> --- a/package/network/services/hostapd/patches/010-Optional-AP-side-workaround-for-key-reinstallation-a.patch
> +++ /dev/null
> @@ -1,221 +0,0 @@
> -From 6f234c1e2ee1ede29f2412b7012b3345ed8e52d3 Mon Sep 17 00:00:00 2001
> -From: Jouni Malinen <j at w1.fi>
> -Date: Mon, 16 Oct 2017 18:37:43 +0300
> -Subject: [PATCH] Optional AP side workaround for key reinstallation attacks
> -
> -This adds a new hostapd configuration parameter
> -wpa_disable_eapol_key_retries=1 that can be used to disable
> -retransmission of EAPOL-Key frames that are used to install
> -keys (EAPOL-Key message 3/4 and group message 1/2). This is
> -similar to setting wpa_group_update_count=1 and
> -wpa_pairwise_update_count=1, but with no impact to message 1/4
> -retries and with extended timeout for messages 4/4 and group
> -message 2/2 to avoid causing issues with stations that may use
> -aggressive power saving have very long time in replying to the
> -EAPOL-Key messages.
> -
> -This option can be used to work around key reinstallation attacks
> -on the station (supplicant) side in cases those station devices
> -cannot be updated for some reason. By removing the
> -retransmissions the attacker cannot cause key reinstallation with
> -a delayed frame transmission. This is related to the station side
> -vulnerabilities CVE-2017-13077, CVE-2017-13078, CVE-2017-13079,
> -CVE-2017-13080, and CVE-2017-13081.
> -
> -This workaround might cause interoperability issues and reduced
> -robustness of key negotiation especially in environments with
> -heavy traffic load due to the number of attempts to perform the
> -key exchange is reduced significantly. As such, this workaround
> -is disabled by default (unless overridden in build
> -configuration). To enable this, set the parameter to 1.
> -
> -It is also possible to enable this in the build by default by
> -adding the following to the build configuration:
> -
> -CFLAGS += -DDEFAULT_WPA_DISABLE_EAPOL_KEY_RETRIES=1
> -
> -Signed-off-by: Jouni Malinen <j at w1.fi>
> ----
> - hostapd/config_file.c | 2 ++
> - hostapd/defconfig | 4 ++++
> - hostapd/hostapd.conf | 24 ++++++++++++++++++++++++
> - src/ap/ap_config.c | 6 ++++++
> - src/ap/ap_config.h | 1 +
> - src/ap/wpa_auth.c | 22 ++++++++++++++++++++--
> - src/ap/wpa_auth.h | 1 +
> - src/ap/wpa_auth_glue.c | 2 ++
> - 8 files changed, 60 insertions(+), 2 deletions(-)
> -
> ---- a/hostapd/config_file.c
> -+++ b/hostapd/config_file.c
> -@@ -2542,6 +2542,8 @@ static int hostapd_config_fill(struct ho
> - return 1;
> - }
> - bss->wpa_pairwise_update_count = (u32) val;
> -+ } else if (os_strcmp(buf, "wpa_disable_eapol_key_retries") == 0) {
> -+ bss->wpa_disable_eapol_key_retries = atoi(pos);
> - } else if (os_strcmp(buf, "wpa_passphrase") == 0) {
> - int len = os_strlen(pos);
> - if (len < 8 || len > 63) {
> ---- a/hostapd/defconfig
> -+++ b/hostapd/defconfig
> -@@ -372,3 +372,7 @@ CONFIG_IPV6=y
> - # Opportunistic Wireless Encryption (OWE)
> - # Experimental implementation of draft-harkins-owe-07.txt
> - #CONFIG_OWE=y
> -+
> -+# Override default value for the wpa_disable_eapol_key_retries configuration
> -+# parameter. See that parameter in hostapd.conf for more details.
> -+#CFLAGS += -DDEFAULT_WPA_DISABLE_EAPOL_KEY_RETRIES=1
> ---- a/hostapd/hostapd.conf
> -+++ b/hostapd/hostapd.conf
> -@@ -1315,6 +1315,30 @@ own_ip_addr=127.0.0.1
> - # Range 1..4294967295; default: 4
> - #wpa_pairwise_update_count=4
> -
> -+# Workaround for key reinstallation attacks
> -+#
> -+# This parameter can be used to disable retransmission of EAPOL-Key frames that
> -+# are used to install keys (EAPOL-Key message 3/4 and group message 1/2). This
> -+# is similar to setting wpa_group_update_count=1 and
> -+# wpa_pairwise_update_count=1, but with no impact to message 1/4 and with
> -+# extended timeout on the response to avoid causing issues with stations that
> -+# may use aggressive power saving have very long time in replying to the
> -+# EAPOL-Key messages.
> -+#
> -+# This option can be used to work around key reinstallation attacks on the
> -+# station (supplicant) side in cases those station devices cannot be updated
> -+# for some reason. By removing the retransmissions the attacker cannot cause
> -+# key reinstallation with a delayed frame transmission. This is related to the
> -+# station side vulnerabilities CVE-2017-13077, CVE-2017-13078, CVE-2017-13079,
> -+# CVE-2017-13080, and CVE-2017-13081.
> -+#
> -+# This workaround might cause interoperability issues and reduced robustness of
> -+# key negotiation especially in environments with heavy traffic load due to the
> -+# number of attempts to perform the key exchange is reduced significantly. As
> -+# such, this workaround is disabled by default (unless overridden in build
> -+# configuration). To enable this, set the parameter to 1.
> -+#wpa_disable_eapol_key_retries=1
> -+
> - # Enable IEEE 802.11i/RSN/WPA2 pre-authentication. This is used to speed up
> - # roaming be pre-authenticating IEEE 802.1X/EAP part of the full RSN
> - # authentication and key handshake before actually associating with a new AP.
> ---- a/src/ap/ap_config.c
> -+++ b/src/ap/ap_config.c
> -@@ -37,6 +37,10 @@ static void hostapd_config_free_vlan(str
> - }
> -
> -
> -+#ifndef DEFAULT_WPA_DISABLE_EAPOL_KEY_RETRIES
> -+#define DEFAULT_WPA_DISABLE_EAPOL_KEY_RETRIES 0
> -+#endif /* DEFAULT_WPA_DISABLE_EAPOL_KEY_RETRIES */
> -+
> - void hostapd_config_defaults_bss(struct hostapd_bss_config *bss)
> - {
> - dl_list_init(&bss->anqp_elem);
> -@@ -58,6 +62,8 @@ void hostapd_config_defaults_bss(struct
> - bss->wpa_gmk_rekey = 86400;
> - bss->wpa_group_update_count = 4;
> - bss->wpa_pairwise_update_count = 4;
> -+ bss->wpa_disable_eapol_key_retries =
> -+ DEFAULT_WPA_DISABLE_EAPOL_KEY_RETRIES;
> - bss->wpa_key_mgmt = WPA_KEY_MGMT_PSK;
> - bss->wpa_pairwise = WPA_CIPHER_TKIP;
> - bss->wpa_group = WPA_CIPHER_TKIP;
> ---- a/src/ap/ap_config.h
> -+++ b/src/ap/ap_config.h
> -@@ -333,6 +333,7 @@ struct hostapd_bss_config {
> - int wpa_ptk_rekey;
> - u32 wpa_group_update_count;
> - u32 wpa_pairwise_update_count;
> -+ int wpa_disable_eapol_key_retries;
> - int rsn_pairwise;
> - int rsn_preauth;
> - char *rsn_preauth_interfaces;
> ---- a/src/ap/wpa_auth.c
> -+++ b/src/ap/wpa_auth.c
> -@@ -65,6 +65,7 @@ static u8 * ieee80211w_kde_add(struct wp
> - static const u32 eapol_key_timeout_first = 100; /* ms */
> - static const u32 eapol_key_timeout_subseq = 1000; /* ms */
> - static const u32 eapol_key_timeout_first_group = 500; /* ms */
> -+static const u32 eapol_key_timeout_no_retrans = 4000; /* ms */
> -
> - /* TODO: make these configurable */
> - static const int dot11RSNAConfigPMKLifetime = 43200;
> -@@ -1653,6 +1654,9 @@ static void wpa_send_eapol(struct wpa_au
> - eapol_key_timeout_first_group;
> - else
> - timeout_ms = eapol_key_timeout_subseq;
> -+ if (wpa_auth->conf.wpa_disable_eapol_key_retries &&
> -+ (!pairwise || (key_info & WPA_KEY_INFO_MIC)))
> -+ timeout_ms = eapol_key_timeout_no_retrans;
> - if (pairwise && ctr == 1 && !(key_info & WPA_KEY_INFO_MIC))
> - sm->pending_1_of_4_timeout = 1;
> - wpa_printf(MSG_DEBUG, "WPA: Use EAPOL-Key timeout of %u ms (retry "
> -@@ -2882,6 +2886,11 @@ SM_STATE(WPA_PTK, PTKINITNEGOTIATING)
> - sm->TimeoutEvt = FALSE;
> -
> - sm->TimeoutCtr++;
> -+ if (sm->wpa_auth->conf.wpa_disable_eapol_key_retries &&
> -+ sm->TimeoutCtr > 1) {
> -+ /* Do not allow retransmission of EAPOL-Key msg 3/4 */
> -+ return;
> -+ }
> - if (sm->TimeoutCtr > sm->wpa_auth->conf.wpa_pairwise_update_count) {
> - /* No point in sending the EAPOL-Key - we will disconnect
> - * immediately following this. */
> -@@ -3220,7 +3229,9 @@ SM_STEP(WPA_PTK)
> - sm->EAPOLKeyPairwise && sm->MICVerified)
> - SM_ENTER(WPA_PTK, PTKINITDONE);
> - else if (sm->TimeoutCtr >
> -- sm->wpa_auth->conf.wpa_pairwise_update_count) {
> -+ sm->wpa_auth->conf.wpa_pairwise_update_count ||
> -+ (sm->wpa_auth->conf.wpa_disable_eapol_key_retries &&
> -+ sm->TimeoutCtr > 1)) {
> - wpa_auth->dot11RSNA4WayHandshakeFailures++;
> - wpa_auth_vlogger(
> - sm->wpa_auth, sm->addr, LOGGER_DEBUG,
> -@@ -3260,6 +3271,11 @@ SM_STATE(WPA_PTK_GROUP, REKEYNEGOTIATING
> - SM_ENTRY_MA(WPA_PTK_GROUP, REKEYNEGOTIATING, wpa_ptk_group);
> -
> - sm->GTimeoutCtr++;
> -+ if (sm->wpa_auth->conf.wpa_disable_eapol_key_retries &&
> -+ sm->GTimeoutCtr > 1) {
> -+ /* Do not allow retransmission of EAPOL-Key group msg 1/2 */
> -+ return;
> -+ }
> - if (sm->GTimeoutCtr > sm->wpa_auth->conf.wpa_group_update_count) {
> - /* No point in sending the EAPOL-Key - we will disconnect
> - * immediately following this. */
> -@@ -3363,7 +3379,9 @@ SM_STEP(WPA_PTK_GROUP)
> - !sm->EAPOLKeyPairwise && sm->MICVerified)
> - SM_ENTER(WPA_PTK_GROUP, REKEYESTABLISHED);
> - else if (sm->GTimeoutCtr >
> -- sm->wpa_auth->conf.wpa_group_update_count)
> -+ sm->wpa_auth->conf.wpa_group_update_count ||
> -+ (sm->wpa_auth->conf.wpa_disable_eapol_key_retries &&
> -+ sm->GTimeoutCtr > 1))
> - SM_ENTER(WPA_PTK_GROUP, KEYERROR);
> - else if (sm->TimeoutEvt)
> - SM_ENTER(WPA_PTK_GROUP, REKEYNEGOTIATING);
> ---- a/src/ap/wpa_auth.h
> -+++ b/src/ap/wpa_auth.h
> -@@ -165,6 +165,7 @@ struct wpa_auth_config {
> - int wpa_ptk_rekey;
> - u32 wpa_group_update_count;
> - u32 wpa_pairwise_update_count;
> -+ int wpa_disable_eapol_key_retries;
> - int rsn_pairwise;
> - int rsn_preauth;
> - int eapol_version;
> ---- a/src/ap/wpa_auth_glue.c
> -+++ b/src/ap/wpa_auth_glue.c
> -@@ -45,6 +45,8 @@ static void hostapd_wpa_auth_conf(struct
> - wconf->wpa_gmk_rekey = conf->wpa_gmk_rekey;
> - wconf->wpa_ptk_rekey = conf->wpa_ptk_rekey;
> - wconf->wpa_group_update_count = conf->wpa_group_update_count;
> -+ wconf->wpa_disable_eapol_key_retries =
> -+ conf->wpa_disable_eapol_key_retries;
> - wconf->wpa_pairwise_update_count = conf->wpa_pairwise_update_count;
> - wconf->rsn_pairwise = conf->rsn_pairwise;
> - wconf->rsn_preauth = conf->rsn_preauth;
> diff --git a/package/network/services/hostapd/patches/011-Additional-consistentcy-checks-for-PTK-component-len.patch b/package/network/services/hostapd/patches/011-Additional-consistentcy-checks-for-PTK-component-len.patch
> deleted file mode 100644
> index 5cc2f7b17d..0000000000
> --- a/package/network/services/hostapd/patches/011-Additional-consistentcy-checks-for-PTK-component-len.patch
> +++ /dev/null
> @@ -1,100 +0,0 @@
> -From a6ea665300919d6a3af22b1f4237203647fda93a Mon Sep 17 00:00:00 2001
> -From: Jouni Malinen <j at w1.fi>
> -Date: Tue, 17 Oct 2017 00:01:11 +0300
> -Subject: [PATCH] Additional consistentcy checks for PTK component lengths
> -
> -Verify that TK, KCK, and KEK lengths are set to consistent values within
> -struct wpa_ptk before using them in supplicant. This is an additional
> -layer of protection against unexpected states.
> -
> -Signed-off-by: Jouni Malinen <j at w1.fi>
> ----
> - src/common/wpa_common.c | 6 ++++++
> - src/rsn_supp/wpa.c | 26 ++++++++++++++++++++------
> - 2 files changed, 26 insertions(+), 6 deletions(-)
> -
> ---- a/src/common/wpa_common.c
> -+++ b/src/common/wpa_common.c
> -@@ -100,6 +100,12 @@ int wpa_eapol_key_mic(const u8 *key, siz
> - {
> - u8 hash[SHA512_MAC_LEN];
> -
> -+ if (key_len == 0) {
> -+ wpa_printf(MSG_DEBUG,
> -+ "WPA: KCK not set - cannot calculate MIC");
> -+ return -1;
> -+ }
> -+
> - switch (ver) {
> - #ifndef CONFIG_FIPS
> - case WPA_KEY_INFO_TYPE_HMAC_MD5_RC4:
> ---- a/src/rsn_supp/wpa.c
> -+++ b/src/rsn_supp/wpa.c
> -@@ -725,6 +725,11 @@ static int wpa_supplicant_install_ptk(st
> -
> - alg = wpa_cipher_to_alg(sm->pairwise_cipher);
> - keylen = wpa_cipher_key_len(sm->pairwise_cipher);
> -+ if (keylen <= 0 || (unsigned int) keylen != sm->ptk.tk_len) {
> -+ wpa_printf(MSG_DEBUG, "WPA: TK length mismatch: %d != %lu",
> -+ keylen, (long unsigned int) sm->ptk.tk_len);
> -+ return -1;
> -+ }
> - rsclen = wpa_cipher_rsc_len(sm->pairwise_cipher);
> -
> - if (sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN) {
> -@@ -745,6 +750,7 @@ static int wpa_supplicant_install_ptk(st
> -
> - /* TK is not needed anymore in supplicant */
> - os_memset(sm->ptk.tk, 0, WPA_TK_MAX_LEN);
> -+ sm->ptk.tk_len = 0;
> - sm->ptk.installed = 1;
> -
> - if (sm->wpa_ptk_rekey) {
> -@@ -1717,9 +1723,10 @@ static int wpa_supplicant_verify_eapol_k
> - os_memcpy(mic, key + 1, mic_len);
> - if (sm->tptk_set) {
> - os_memset(key + 1, 0, mic_len);
> -- wpa_eapol_key_mic(sm->tptk.kck, sm->tptk.kck_len, sm->key_mgmt,
> -- ver, buf, len, (u8 *) (key + 1));
> -- if (os_memcmp_const(mic, key + 1, mic_len) != 0) {
> -+ if (wpa_eapol_key_mic(sm->tptk.kck, sm->tptk.kck_len,
> -+ sm->key_mgmt,
> -+ ver, buf, len, (u8 *) (key + 1)) < 0 ||
> -+ os_memcmp_const(mic, key + 1, mic_len) != 0) {
> - wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
> - "WPA: Invalid EAPOL-Key MIC "
> - "when using TPTK - ignoring TPTK");
> -@@ -1742,9 +1749,10 @@ static int wpa_supplicant_verify_eapol_k
> -
> - if (!ok && sm->ptk_set) {
> - os_memset(key + 1, 0, mic_len);
> -- wpa_eapol_key_mic(sm->ptk.kck, sm->ptk.kck_len, sm->key_mgmt,
> -- ver, buf, len, (u8 *) (key + 1));
> -- if (os_memcmp_const(mic, key + 1, mic_len) != 0) {
> -+ if (wpa_eapol_key_mic(sm->ptk.kck, sm->ptk.kck_len,
> -+ sm->key_mgmt,
> -+ ver, buf, len, (u8 *) (key + 1)) < 0 ||
> -+ os_memcmp_const(mic, key + 1, mic_len) != 0) {
> - wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
> - "WPA: Invalid EAPOL-Key MIC - "
> - "dropping packet");
> -@@ -4167,6 +4175,11 @@ int fils_process_assoc_resp(struct wpa_s
> -
> - alg = wpa_cipher_to_alg(sm->pairwise_cipher);
> - keylen = wpa_cipher_key_len(sm->pairwise_cipher);
> -+ if (keylen <= 0 || (unsigned int) keylen != sm->ptk.tk_len) {
> -+ wpa_printf(MSG_DEBUG, "FILS: TK length mismatch: %u != %lu",
> -+ keylen, (long unsigned int) sm->ptk.tk_len);
> -+ goto fail;
> -+ }
> - rsclen = wpa_cipher_rsc_len(sm->pairwise_cipher);
> - wpa_hexdump_key(MSG_DEBUG, "FILS: Set TK to driver",
> - sm->ptk.tk, keylen);
> -@@ -4183,6 +4196,7 @@ int fils_process_assoc_resp(struct wpa_s
> - * takes care of association frame encryption/decryption. */
> - /* TK is not needed anymore in supplicant */
> - os_memset(sm->ptk.tk, 0, WPA_TK_MAX_LEN);
> -+ sm->ptk.tk_len = 0;
> - sm->ptk.installed = 1;
> -
> - /* FILS HLP Container */
> diff --git a/package/network/services/hostapd/patches/012-Clear-BSSID-information-in-supplicant-state-machine-.patch b/package/network/services/hostapd/patches/012-Clear-BSSID-information-in-supplicant-state-machine-.patch
> deleted file mode 100644
> index 808d34586b..0000000000
> --- a/package/network/services/hostapd/patches/012-Clear-BSSID-information-in-supplicant-state-machine-.patch
> +++ /dev/null
> @@ -1,25 +0,0 @@
> -From c0fe5f125a9d4a6564e1f4956ccc3809bf2fd69d Mon Sep 17 00:00:00 2001
> -From: Jouni Malinen <j at w1.fi>
> -Date: Tue, 17 Oct 2017 01:15:24 +0300
> -Subject: [PATCH] Clear BSSID information in supplicant state machine on
> - disconnection
> -
> -This fixes a corner case where RSN pre-authentication candidate from
> -scan results was ignored if the station was associated with that BSS
> -just before running the new scan for the connection.
> -
> -Signed-off-by: Jouni Malinen <j at w1.fi>
> ----
> - src/rsn_supp/wpa.c | 1 +
> - 1 file changed, 1 insertion(+)
> -
> ---- a/src/rsn_supp/wpa.c
> -+++ b/src/rsn_supp/wpa.c
> -@@ -2662,6 +2662,7 @@ void wpa_sm_notify_disassoc(struct wpa_s
> - wpa_sm_drop_sa(sm);
> -
> - sm->msg_3_of_4_ok = 0;
> -+ os_memset(sm->bssid, 0, ETH_ALEN);
> - }
> -
> -
> diff --git a/package/network/services/hostapd/patches/013-WNM-Ignore-WNM-Sleep-Mode-Request-in-wnm_sleep_mode-.patch b/package/network/services/hostapd/patches/013-WNM-Ignore-WNM-Sleep-Mode-Request-in-wnm_sleep_mode-.patch
> deleted file mode 100644
> index 13426e4db1..0000000000
> --- a/package/network/services/hostapd/patches/013-WNM-Ignore-WNM-Sleep-Mode-Request-in-wnm_sleep_mode-.patch
> +++ /dev/null
> @@ -1,35 +0,0 @@
> -From 114f2830d2c2aee6db23d48240e93415a256a37c Mon Sep 17 00:00:00 2001
> -From: Jouni Malinen <jouni at qca.qualcomm.com>
> -Date: Fri, 20 Oct 2017 17:39:42 +0300
> -Subject: [PATCH] WNM: Ignore WNM-Sleep Mode Request in wnm_sleep_mode=0 case
> -
> -The hostapd wnm_sleep_mode parameter was previously used to control
> -advertisement of WNM-Sleep Mode support, but it was not used when
> -processing a request to use WNM-Sleep Mode. Add an explicit check during
> -request processing as well so that any misbehaving station is ignored.
> -
> -Signed-off-by: Jouni Malinen <jouni at qca.qualcomm.com>
> ----
> - src/ap/wnm_ap.c | 7 +++++++
> - 1 file changed, 7 insertions(+)
> -
> -diff --git a/src/ap/wnm_ap.c b/src/ap/wnm_ap.c
> -index 7c4fde0..973e4d3 100644
> ---- a/src/ap/wnm_ap.c
> -+++ b/src/ap/wnm_ap.c
> -@@ -200,6 +200,13 @@ static void ieee802_11_rx_wnmsleep_req(struct hostapd_data *hapd,
> - u8 *tfsreq_ie_end = NULL;
> - u16 tfsreq_ie_len = 0;
> -
> -+ if (!hapd->conf->wnm_sleep_mode) {
> -+ wpa_printf(MSG_DEBUG, "Ignore WNM-Sleep Mode Request from "
> -+ MACSTR " since WNM-Sleep Mode is disabled",
> -+ MAC2STR(addr));
> -+ return;
> -+ }
> -+
> - dialog_token = *pos++;
> - while (pos + 1 < frm + len) {
> - u8 ie_len = pos[1];
> ---
> -2.1.4
> diff --git a/package/network/services/hostapd/patches/110-no_eapol_fix.patch b/package/network/services/hostapd/patches/110-no_eapol_fix.patch
> index 3a48a7a95f..b8e057e2fa 100644
> --- a/package/network/services/hostapd/patches/110-no_eapol_fix.patch
> +++ b/package/network/services/hostapd/patches/110-no_eapol_fix.patch
> @@ -1,6 +1,6 @@
> --- a/wpa_supplicant/wpa_supplicant.c
> +++ b/wpa_supplicant/wpa_supplicant.c
> -@@ -265,9 +265,10 @@ void wpa_supplicant_cancel_auth_timeout(
> +@@ -272,9 +272,10 @@ void wpa_supplicant_cancel_auth_timeout(
> */
> void wpa_supplicant_initiate_eapol(struct wpa_supplicant *wpa_s)
> {
> diff --git a/package/network/services/hostapd/patches/200-multicall.patch b/package/network/services/hostapd/patches/200-multicall.patch
> index 0d289d53a3..70b2aaea7f 100644
> --- a/package/network/services/hostapd/patches/200-multicall.patch
> +++ b/package/network/services/hostapd/patches/200-multicall.patch
> @@ -36,7 +36,7 @@
> LIBS += $(DRV_AP_LIBS)
>
> ifdef CONFIG_L2_PACKET
> -@@ -1204,6 +1210,12 @@ install: $(addprefix $(DESTDIR)$(BINDIR)
> +@@ -1270,6 +1276,12 @@ install: $(addprefix $(DESTDIR)$(BINDIR)
>
> BCHECK=../src/drivers/build.hostapd
>
> @@ -49,7 +49,7 @@
> hostapd: $(BCHECK) $(OBJS)
> $(Q)$(CC) $(LDFLAGS) -o hostapd $(OBJS) $(LIBS)
> @$(E) " LD " $@
> -@@ -1248,6 +1260,12 @@ ifeq ($(CONFIG_TLS), linux)
> +@@ -1315,6 +1327,12 @@ ifeq ($(CONFIG_TLS), linux)
> HOBJS += ../src/crypto/crypto_linux.o
> endif
>
> @@ -72,7 +72,7 @@
>
> ifndef CONFIG_NO_GITVER
> # Add VERSION_STR postfix for builds from a git repository
> -@@ -357,7 +358,9 @@ endif
> +@@ -358,7 +359,9 @@ endif
> ifdef CONFIG_IBSS_RSN
> NEED_RSN_AUTHENTICATOR=y
> CFLAGS += -DCONFIG_IBSS_RSN
> @@ -82,7 +82,7 @@
> OBJS += ibss_rsn.o
> endif
>
> -@@ -861,6 +864,10 @@ ifdef CONFIG_DYNAMIC_EAP_METHODS
> +@@ -866,6 +869,10 @@ ifdef CONFIG_DYNAMIC_EAP_METHODS
> CFLAGS += -DCONFIG_DYNAMIC_EAP_METHODS
> LIBS += -ldl -rdynamic
> endif
> @@ -93,7 +93,7 @@
> endif
>
> ifdef CONFIG_AP
> -@@ -868,9 +875,11 @@ NEED_EAP_COMMON=y
> +@@ -873,9 +880,11 @@ NEED_EAP_COMMON=y
> NEED_RSN_AUTHENTICATOR=y
> CFLAGS += -DCONFIG_AP
> OBJS += ap.o
> @@ -105,7 +105,7 @@
> OBJS += ../src/ap/hostapd.o
> OBJS += ../src/ap/wpa_auth_glue.o
> OBJS += ../src/ap/utils.o
> -@@ -952,6 +961,12 @@ endif
> +@@ -957,6 +966,12 @@ endif
> ifdef CONFIG_HS20
> OBJS += ../src/ap/hs20.o
> endif
> @@ -118,7 +118,7 @@
> endif
>
> ifdef CONFIG_MBO
> -@@ -960,7 +975,9 @@ CFLAGS += -DCONFIG_MBO
> +@@ -965,7 +980,9 @@ CFLAGS += -DCONFIG_MBO
> endif
>
> ifdef NEED_RSN_AUTHENTICATOR
> @@ -128,7 +128,7 @@
> NEED_AES_WRAP=y
> OBJS += ../src/ap/wpa_auth.o
> OBJS += ../src/ap/wpa_auth_ie.o
> -@@ -1835,6 +1852,12 @@ wpa_priv: $(BCHECK) $(OBJS_priv)
> +@@ -1895,6 +1912,12 @@ wpa_priv: $(BCHECK) $(OBJS_priv)
>
> $(OBJS_c) $(OBJS_t) $(OBJS_t2) $(OBJS) $(BCHECK) $(EXTRA_progs): .config
>
> @@ -141,7 +141,7 @@
> wpa_supplicant: $(BCHECK) $(OBJS) $(EXTRA_progs)
> $(Q)$(LDO) $(LDFLAGS) -o wpa_supplicant $(OBJS) $(LIBS) $(EXTRALIBS)
> @$(E) " LD " $@
> -@@ -1937,6 +1960,12 @@ endif
> +@@ -1997,6 +2020,12 @@ endif
> -e 's|\@DBUS_INTERFACE\@|$(DBUS_INTERFACE)|g' $< >$@
> @$(E) " sed" $<
>
> @@ -156,7 +156,7 @@
> wpa_cli.exe: wpa_cli
> --- a/src/drivers/driver.h
> +++ b/src/drivers/driver.h
> -@@ -5317,8 +5317,8 @@ union wpa_event_data {
> +@@ -5385,8 +5385,8 @@ union wpa_event_data {
> * Driver wrapper code should call this function whenever an event is received
> * from the driver.
> */
> @@ -167,7 +167,7 @@
>
> /**
> * wpa_supplicant_event_global - Report a driver event for wpa_supplicant
> -@@ -5330,7 +5330,7 @@ void wpa_supplicant_event(void *ctx, enu
> +@@ -5398,7 +5398,7 @@ void wpa_supplicant_event(void *ctx, enu
> * Same as wpa_supplicant_event(), but we search for the interface in
> * wpa_global.
> */
> @@ -178,7 +178,7 @@
> /*
> --- a/src/ap/drv_callbacks.c
> +++ b/src/ap/drv_callbacks.c
> -@@ -1375,8 +1375,8 @@ static void hostapd_event_dfs_cac_starte
> +@@ -1406,8 +1406,8 @@ static void hostapd_event_dfs_cac_starte
> #endif /* NEED_AP_MLME */
>
>
> @@ -189,7 +189,7 @@
> {
> struct hostapd_data *hapd = ctx;
> #ifndef CONFIG_NO_STDOUT_DEBUG
> -@@ -1590,7 +1590,7 @@ void wpa_supplicant_event(void *ctx, enu
> +@@ -1621,7 +1621,7 @@ void wpa_supplicant_event(void *ctx, enu
> }
>
>
> @@ -211,7 +211,7 @@
> {
> struct wpa_priv_interface *iface = ctx;
>
> -@@ -1101,7 +1101,7 @@ void wpa_supplicant_event(void *ctx, enu
> +@@ -1095,7 +1095,7 @@ void wpa_supplicant_event(void *ctx, enu
> }
>
>
> @@ -220,7 +220,7 @@
> union wpa_event_data *data)
> {
> struct wpa_priv_global *global = ctx;
> -@@ -1213,6 +1213,8 @@ int main(int argc, char *argv[])
> +@@ -1207,6 +1207,8 @@ int main(int argc, char *argv[])
> if (os_program_init())
> return -1;
>
> @@ -231,7 +231,7 @@
> os_memset(&global, 0, sizeof(global));
> --- a/wpa_supplicant/events.c
> +++ b/wpa_supplicant/events.c
> -@@ -3709,8 +3709,8 @@ static void wpa_supplicant_event_assoc_a
> +@@ -3812,8 +3812,8 @@ static void wpa_supplicant_event_assoc_a
> }
>
>
> @@ -242,7 +242,7 @@
> {
> struct wpa_supplicant *wpa_s = ctx;
> int resched;
> -@@ -4466,7 +4466,7 @@ void wpa_supplicant_event(void *ctx, enu
> +@@ -4616,7 +4616,7 @@ void wpa_supplicant_event(void *ctx, enu
> }
>
>
> @@ -253,7 +253,7 @@
> struct wpa_supplicant *wpa_s;
> --- a/wpa_supplicant/wpa_supplicant.c
> +++ b/wpa_supplicant/wpa_supplicant.c
> -@@ -5457,7 +5457,6 @@ struct wpa_interface * wpa_supplicant_ma
> +@@ -5678,7 +5678,6 @@ struct wpa_interface * wpa_supplicant_ma
> return NULL;
> }
>
> @@ -261,7 +261,7 @@
> /**
> * wpa_supplicant_match_existing - Match existing interfaces
> * @global: Pointer to global data from wpa_supplicant_init()
> -@@ -5494,6 +5493,11 @@ static int wpa_supplicant_match_existing
> +@@ -5715,6 +5714,11 @@ static int wpa_supplicant_match_existing
>
> #endif /* CONFIG_MATCH_IFACE */
>
> @@ -273,7 +273,7 @@
>
> /**
> * wpa_supplicant_add_iface - Add a new network interface
> -@@ -5750,6 +5754,8 @@ struct wpa_global * wpa_supplicant_init(
> +@@ -5971,6 +5975,8 @@ struct wpa_global * wpa_supplicant_init(
> #ifndef CONFIG_NO_WPA_MSG
> wpa_msg_register_ifname_cb(wpa_supplicant_msg_ifname_cb);
> #endif /* CONFIG_NO_WPA_MSG */
> @@ -284,7 +284,7 @@
> wpa_debug_open_file(params->wpa_debug_file_path);
> --- a/hostapd/main.c
> +++ b/hostapd/main.c
> -@@ -590,6 +590,11 @@ fail:
> +@@ -591,6 +591,11 @@ fail:
> return -1;
> }
>
> @@ -296,9 +296,9 @@
>
> #ifdef CONFIG_WPS
> static int gen_uuid(const char *txt_addr)
> -@@ -670,6 +675,8 @@ int main(int argc, char *argv[])
> - dl_list_init(&interfaces.eth_p_oui);
> - #endif /* CONFIG_ETH_P_OUI */
> +@@ -674,6 +679,8 @@ int main(int argc, char *argv[])
> + hostapd_dpp_init_global(&interfaces);
> + #endif /* CONFIG_DPP */
>
> + wpa_supplicant_event = hostapd_wpa_event;
> + wpa_supplicant_event_global = hostapd_wpa_event_global;
> diff --git a/package/network/services/hostapd/patches/300-noscan.patch b/package/network/services/hostapd/patches/300-noscan.patch
> index c8ca3694c0..d07fe9bb84 100644
> --- a/package/network/services/hostapd/patches/300-noscan.patch
> +++ b/package/network/services/hostapd/patches/300-noscan.patch
> @@ -1,6 +1,6 @@
> --- a/hostapd/config_file.c
> +++ b/hostapd/config_file.c
> -@@ -3016,6 +3016,10 @@ static int hostapd_config_fill(struct ho
> +@@ -3086,6 +3086,10 @@ static int hostapd_config_fill(struct ho
> }
> #endif /* CONFIG_IEEE80211W */
> #ifdef CONFIG_IEEE80211N
> @@ -13,7 +13,7 @@
> } else if (os_strcmp(buf, "ht_capab") == 0) {
> --- a/src/ap/ap_config.h
> +++ b/src/ap/ap_config.h
> -@@ -735,6 +735,8 @@ struct hostapd_config {
> +@@ -750,6 +750,8 @@ struct hostapd_config {
>
> int ht_op_mode_fixed;
> u16 ht_capab;
> diff --git a/package/network/services/hostapd/patches/310-rescan_immediately.patch b/package/network/services/hostapd/patches/310-rescan_immediately.patch
> index 6846db2750..552fd182e4 100644
> --- a/package/network/services/hostapd/patches/310-rescan_immediately.patch
> +++ b/package/network/services/hostapd/patches/310-rescan_immediately.patch
> @@ -1,6 +1,6 @@
> --- a/wpa_supplicant/wpa_supplicant.c
> +++ b/wpa_supplicant/wpa_supplicant.c
> -@@ -3927,7 +3927,7 @@ wpa_supplicant_alloc(struct wpa_supplica
> +@@ -4126,7 +4126,7 @@ wpa_supplicant_alloc(struct wpa_supplica
> if (wpa_s == NULL)
> return NULL;
> wpa_s->scan_req = INITIAL_SCAN_REQ;
> diff --git a/package/network/services/hostapd/patches/330-nl80211_fix_set_freq.patch b/package/network/services/hostapd/patches/330-nl80211_fix_set_freq.patch
> index 3bc916b6b8..272d4f9240 100644
> --- a/package/network/services/hostapd/patches/330-nl80211_fix_set_freq.patch
> +++ b/package/network/services/hostapd/patches/330-nl80211_fix_set_freq.patch
> @@ -1,6 +1,6 @@
> --- a/src/drivers/driver_nl80211.c
> +++ b/src/drivers/driver_nl80211.c
> -@@ -4152,7 +4152,7 @@ static int nl80211_set_channel(struct i8
> +@@ -4231,7 +4231,7 @@ static int nl80211_set_channel(struct i8
> freq->freq, freq->ht_enabled, freq->vht_enabled,
> freq->bandwidth, freq->center_freq1, freq->center_freq2);
>
> diff --git a/package/network/services/hostapd/patches/350-nl80211_del_beacon_bss.patch b/package/network/services/hostapd/patches/350-nl80211_del_beacon_bss.patch
> index 92e6ae9ae0..ca3d61e890 100644
> --- a/package/network/services/hostapd/patches/350-nl80211_del_beacon_bss.patch
> +++ b/package/network/services/hostapd/patches/350-nl80211_del_beacon_bss.patch
> @@ -1,6 +1,6 @@
> --- a/src/drivers/driver_nl80211.c
> +++ b/src/drivers/driver_nl80211.c
> -@@ -2536,10 +2536,15 @@ static int wpa_driver_nl80211_del_beacon
> +@@ -2563,10 +2563,15 @@ static int wpa_driver_nl80211_del_beacon
> struct nl_msg *msg;
> struct wpa_driver_nl80211_data *drv = bss->drv;
>
> @@ -18,7 +18,7 @@
> return send_and_recv_msgs(drv, msg, NULL, NULL);
> }
>
> -@@ -4753,7 +4758,7 @@ static void nl80211_teardown_ap(struct i
> +@@ -4832,7 +4837,7 @@ static void nl80211_teardown_ap(struct i
> nl80211_mgmt_unsubscribe(bss, "AP teardown");
>
> nl80211_put_wiphy_data_ap(bss);
> @@ -27,7 +27,7 @@
> }
>
>
> -@@ -6853,8 +6858,6 @@ static int wpa_driver_nl80211_if_remove(
> +@@ -7031,8 +7036,6 @@ static int wpa_driver_nl80211_if_remove(
> } else {
> wpa_printf(MSG_DEBUG, "nl80211: First BSS - reassign context");
> nl80211_teardown_ap(bss);
> @@ -36,7 +36,7 @@
> nl80211_destroy_bss(bss);
> if (!bss->added_if)
> i802_set_iface_flags(bss, 0);
> -@@ -7225,7 +7228,6 @@ static int wpa_driver_nl80211_deinit_ap(
> +@@ -7403,7 +7406,6 @@ static int wpa_driver_nl80211_deinit_ap(
> if (!is_ap_interface(drv->nlmode))
> return -1;
> wpa_driver_nl80211_del_beacon(bss);
> @@ -44,7 +44,7 @@
>
> /*
> * If the P2P GO interface was dynamically added, then it is
> -@@ -7245,7 +7247,6 @@ static int wpa_driver_nl80211_stop_ap(vo
> +@@ -7423,7 +7425,6 @@ static int wpa_driver_nl80211_stop_ap(vo
> if (!is_ap_interface(drv->nlmode))
> return -1;
> wpa_driver_nl80211_del_beacon(bss);
> diff --git a/package/network/services/hostapd/patches/360-ctrl_iface_reload.patch b/package/network/services/hostapd/patches/360-ctrl_iface_reload.patch
> index 043ddbf889..f174f8fe7f 100644
> --- a/package/network/services/hostapd/patches/360-ctrl_iface_reload.patch
> +++ b/package/network/services/hostapd/patches/360-ctrl_iface_reload.patch
> @@ -1,6 +1,6 @@
> --- a/hostapd/ctrl_iface.c
> +++ b/hostapd/ctrl_iface.c
> -@@ -56,6 +56,7 @@
> +@@ -60,6 +60,7 @@
> #include "fst/fst_ctrl_iface.h"
> #include "config_file.h"
> #include "ctrl_iface.h"
> @@ -8,7 +8,7 @@
>
>
> #define HOSTAPD_CLI_DUP_VALUE_MAX_LEN 256
> -@@ -74,6 +75,7 @@ static void hostapd_ctrl_iface_send(stru
> +@@ -78,6 +79,7 @@ static void hostapd_ctrl_iface_send(stru
> enum wpa_msg_type type,
> const char *buf, size_t len);
>
> @@ -16,7 +16,7 @@
>
> static int hostapd_ctrl_iface_attach(struct hostapd_data *hapd,
> struct sockaddr_storage *from,
> -@@ -125,6 +127,61 @@ static int hostapd_ctrl_iface_new_sta(st
> +@@ -129,6 +131,61 @@ static int hostapd_ctrl_iface_new_sta(st
> return 0;
> }
>
> @@ -78,7 +78,7 @@
>
> #ifdef CONFIG_IEEE80211W
> #ifdef NEED_AP_MLME
> -@@ -2607,6 +2664,8 @@ static int hostapd_ctrl_iface_receive_pr
> +@@ -3024,6 +3081,8 @@ static int hostapd_ctrl_iface_receive_pr
> } else if (os_strncmp(buf, "VENDOR ", 7) == 0) {
> reply_len = hostapd_ctrl_iface_vendor(hapd, buf + 7, reply,
> reply_size);
> @@ -89,7 +89,7 @@
> #ifdef RADIUS_SERVER
> --- a/src/ap/ctrl_iface_ap.c
> +++ b/src/ap/ctrl_iface_ap.c
> -@@ -624,7 +624,13 @@ int hostapd_parse_csa_settings(const cha
> +@@ -850,7 +850,13 @@ int hostapd_parse_csa_settings(const cha
>
> int hostapd_ctrl_iface_stop_ap(struct hostapd_data *hapd)
> {
> diff --git a/package/network/services/hostapd/patches/370-ap_sta_support.patch b/package/network/services/hostapd/patches/370-ap_sta_support.patch
> index a37b193b6b..91731d34c0 100644
> --- a/package/network/services/hostapd/patches/370-ap_sta_support.patch
> +++ b/package/network/services/hostapd/patches/370-ap_sta_support.patch
> @@ -12,7 +12,7 @@
> * bridge_ifname - Optional bridge interface name
> *
> * If the driver interface (ifname) is included in a Linux bridge
> -@@ -512,6 +517,8 @@ struct wpa_supplicant {
> +@@ -513,6 +518,8 @@ struct wpa_supplicant {
> #endif /* CONFIG_CTRL_IFACE_BINDER */
> char bridge_ifname[16];
>
> @@ -45,8 +45,8 @@
> CONFIG_OS=win32
> --- a/wpa_supplicant/wpa_supplicant.c
> +++ b/wpa_supplicant/wpa_supplicant.c
> -@@ -118,6 +118,55 @@ const char *const wpa_supplicant_full_li
> - static void wpa_bss_tmp_disallow_timeout(void *eloop_ctx, void *timeout_ctx);
> +@@ -125,6 +125,55 @@ static void wpas_update_fils_connect_par
> + #endif /* CONFIG_FILS && IEEE8021X_EAPOL */
>
>
> +static int hostapd_stop(struct wpa_supplicant *wpa_s)
> @@ -101,12 +101,16 @@
> /* Configure default/group WEP keys for static WEP */
> int wpa_set_wep_keys(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid)
> {
> -@@ -883,8 +932,12 @@ void wpa_supplicant_set_state(struct wpa
> - wpas_p2p_completed(wpa_s);
> +@@ -893,12 +942,16 @@ void wpa_supplicant_set_state(struct wpa
>
> sme_sched_obss_scan(wpa_s, 1);
> +
> + if (wpa_s->hostapd)
> + hostapd_reload(wpa_s, wpa_s->current_bss);
> + #if defined(CONFIG_FILS) && defined(IEEE8021X_EAPOL)
> + if (!fils_hlp_sent && ssid && ssid->eap.erp)
> + wpas_update_fils_connect_params(wpa_s);
> + #endif /* CONFIG_FILS && IEEE8021X_EAPOL */
> } else if (state == WPA_DISCONNECTED || state == WPA_ASSOCIATING ||
> state == WPA_ASSOCIATED) {
> + if (wpa_s->hostapd)
> @@ -114,7 +118,7 @@
> wpa_s->new_connection = 1;
> wpa_drv_set_operstate(wpa_s, 0);
> #ifndef IEEE8021X_EAPOL
> -@@ -5080,6 +5133,20 @@ static int wpa_supplicant_init_iface(str
> +@@ -5301,6 +5354,20 @@ static int wpa_supplicant_init_iface(str
> sizeof(wpa_s->bridge_ifname));
> }
>
> @@ -135,7 +139,7 @@
> /* RSNA Supplicant Key Management - INITIALIZE */
> eapol_sm_notify_portEnabled(wpa_s->eapol, FALSE);
> eapol_sm_notify_portValid(wpa_s->eapol, FALSE);
> -@@ -5404,6 +5471,11 @@ static void wpa_supplicant_deinit_iface(
> +@@ -5625,6 +5692,11 @@ static void wpa_supplicant_deinit_iface(
> if (terminate)
> wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_TERMINATING);
>
> diff --git a/package/network/services/hostapd/patches/380-disable_ctrl_iface_mib.patch b/package/network/services/hostapd/patches/380-disable_ctrl_iface_mib.patch
> index e977f00a25..6dfe26cb4e 100644
> --- a/package/network/services/hostapd/patches/380-disable_ctrl_iface_mib.patch
> +++ b/package/network/services/hostapd/patches/380-disable_ctrl_iface_mib.patch
> @@ -12,7 +12,7 @@
> else
> --- a/hostapd/ctrl_iface.c
> +++ b/hostapd/ctrl_iface.c
> -@@ -2458,6 +2458,7 @@ static int hostapd_ctrl_iface_receive_pr
> +@@ -2850,6 +2850,7 @@ static int hostapd_ctrl_iface_receive_pr
> reply_size);
> } else if (os_strcmp(buf, "STATUS-DRIVER") == 0) {
> reply_len = hostapd_drv_status(hapd, reply, reply_size);
> @@ -20,17 +20,17 @@
> } else if (os_strcmp(buf, "MIB") == 0) {
> reply_len = ieee802_11_get_mib(hapd, reply, reply_size);
> if (reply_len >= 0) {
> -@@ -2499,6 +2500,7 @@ static int hostapd_ctrl_iface_receive_pr
> +@@ -2891,6 +2892,7 @@ static int hostapd_ctrl_iface_receive_pr
> } else if (os_strncmp(buf, "STA-NEXT ", 9) == 0) {
> reply_len = hostapd_ctrl_iface_sta_next(hapd, buf + 9, reply,
> reply_size);
> +#endif
> } else if (os_strcmp(buf, "ATTACH") == 0) {
> - if (hostapd_ctrl_iface_attach(hapd, from, fromlen))
> + if (hostapd_ctrl_iface_attach(hapd, from, fromlen, NULL))
> reply_len = -1;
> --- a/wpa_supplicant/Makefile
> +++ b/wpa_supplicant/Makefile
> -@@ -926,6 +926,9 @@ ifdef CONFIG_FILS
> +@@ -931,6 +931,9 @@ ifdef CONFIG_FILS
> OBJS += ../src/ap/fils_hlp.o
> endif
> ifdef CONFIG_CTRL_IFACE
> @@ -42,7 +42,7 @@
>
> --- a/wpa_supplicant/ctrl_iface.c
> +++ b/wpa_supplicant/ctrl_iface.c
> -@@ -2070,7 +2070,7 @@ static int wpa_supplicant_ctrl_iface_sta
> +@@ -2130,7 +2130,7 @@ static int wpa_supplicant_ctrl_iface_sta
> pos += ret;
> }
>
> @@ -51,7 +51,7 @@
> if (wpa_s->ap_iface) {
> pos += ap_ctrl_iface_wpa_get_status(wpa_s, pos,
> end - pos,
> -@@ -9631,6 +9631,7 @@ char * wpa_supplicant_ctrl_iface_process
> +@@ -9831,6 +9831,7 @@ char * wpa_supplicant_ctrl_iface_process
> reply_len = -1;
> } else if (os_strncmp(buf, "NOTE ", 5) == 0) {
> wpa_printf(MSG_INFO, "NOTE: %s", buf + 5);
> @@ -59,7 +59,7 @@
> } else if (os_strcmp(buf, "MIB") == 0) {
> reply_len = wpa_sm_get_mib(wpa_s->wpa, reply, reply_size);
> if (reply_len >= 0) {
> -@@ -9638,6 +9639,7 @@ char * wpa_supplicant_ctrl_iface_process
> +@@ -9838,6 +9839,7 @@ char * wpa_supplicant_ctrl_iface_process
> reply + reply_len,
> reply_size - reply_len);
> }
> @@ -67,7 +67,7 @@
> } else if (os_strncmp(buf, "STATUS", 6) == 0) {
> reply_len = wpa_supplicant_ctrl_iface_status(
> wpa_s, buf + 6, reply, reply_size);
> -@@ -10124,6 +10126,7 @@ char * wpa_supplicant_ctrl_iface_process
> +@@ -10319,6 +10321,7 @@ char * wpa_supplicant_ctrl_iface_process
> reply_len = wpa_supplicant_ctrl_iface_bss(
> wpa_s, buf + 4, reply, reply_size);
> #ifdef CONFIG_AP
> @@ -75,7 +75,7 @@
> } else if (os_strcmp(buf, "STA-FIRST") == 0) {
> reply_len = ap_ctrl_iface_sta_first(wpa_s, reply, reply_size);
> } else if (os_strncmp(buf, "STA ", 4) == 0) {
> -@@ -10132,12 +10135,15 @@ char * wpa_supplicant_ctrl_iface_process
> +@@ -10327,12 +10330,15 @@ char * wpa_supplicant_ctrl_iface_process
> } else if (os_strncmp(buf, "STA-NEXT ", 9) == 0) {
> reply_len = ap_ctrl_iface_sta_next(wpa_s, buf + 9, reply,
> reply_size);
> @@ -99,9 +99,9 @@
>
> +#ifdef CONFIG_CTRL_IFACE_MIB
>
> - static int hostapd_get_sta_tx_rx(struct hostapd_data *hapd,
> - struct sta_info *sta,
> -@@ -250,6 +251,7 @@ int hostapd_ctrl_iface_sta_next(struct h
> + static size_t hostapd_write_ht_mcs_bitmask(char *buf, size_t buflen,
> + size_t curr_len, const u8 *mcs_set)
> +@@ -401,6 +402,7 @@ int hostapd_ctrl_iface_sta_next(struct h
> return hostapd_ctrl_iface_sta_mib(hapd, sta->next, buf, buflen);
> }
>
> @@ -109,9 +109,24 @@
>
> #ifdef CONFIG_P2P_MANAGER
> static int p2p_manager_disconnect(struct hostapd_data *hapd, u16 stype,
> +@@ -739,12 +741,12 @@ int hostapd_ctrl_iface_status(struct hos
> + return len;
> + len += ret;
> + }
> +-
> ++#ifdef CONFIG_CTRL_IFACE_MIB
> + if (iface->conf->ieee80211n && !hapd->conf->disable_11n && mode) {
> + len = hostapd_write_ht_mcs_bitmask(buf, buflen, len,
> + mode->mcs_set);
> + }
> +-
> ++#endif /* CONFIG_CTRL_IFACE_MIB */
> + if (iface->current_rates && iface->num_rates) {
> + ret = os_snprintf(buf + len, buflen - len, "supported_rates=");
> + if (os_snprintf_error(buflen - len, ret))
> --- a/src/ap/ieee802_1x.c
> +++ b/src/ap/ieee802_1x.c
> -@@ -2492,6 +2492,7 @@ static const char * bool_txt(Boolean val
> +@@ -2501,6 +2501,7 @@ static const char * bool_txt(Boolean val
> return val ? "TRUE" : "FALSE";
> }
>
> @@ -119,7 +134,7 @@
>
> int ieee802_1x_get_mib(struct hostapd_data *hapd, char *buf, size_t buflen)
> {
> -@@ -2667,6 +2668,7 @@ int ieee802_1x_get_mib_sta(struct hostap
> +@@ -2676,6 +2677,7 @@ int ieee802_1x_get_mib_sta(struct hostap
> return len;
> }
>
> @@ -129,7 +144,7 @@
> static void ieee802_1x_wnm_notif_send(void *eloop_ctx, void *timeout_ctx)
> --- a/src/ap/wpa_auth.c
> +++ b/src/ap/wpa_auth.c
> -@@ -3780,6 +3780,7 @@ static const char * wpa_bool_txt(int val
> +@@ -3785,6 +3785,7 @@ static const char * wpa_bool_txt(int val
> return val ? "TRUE" : "FALSE";
> }
>
> @@ -137,7 +152,7 @@
>
> #define RSN_SUITE "%02x-%02x-%02x-%d"
> #define RSN_SUITE_ARG(s) \
> -@@ -3924,7 +3925,7 @@ int wpa_get_mib_sta(struct wpa_state_mac
> +@@ -3929,7 +3930,7 @@ int wpa_get_mib_sta(struct wpa_state_mac
>
> return len;
> }
> @@ -148,7 +163,7 @@
> {
> --- a/src/rsn_supp/wpa.c
> +++ b/src/rsn_supp/wpa.c
> -@@ -2356,6 +2356,8 @@ static u32 wpa_key_mgmt_suite(struct wpa
> +@@ -2306,6 +2306,8 @@ static u32 wpa_key_mgmt_suite(struct wpa
> }
>
>
> @@ -157,7 +172,7 @@
> #define RSN_SUITE "%02x-%02x-%02x-%d"
> #define RSN_SUITE_ARG(s) \
> ((s) >> 24) & 0xff, ((s) >> 16) & 0xff, ((s) >> 8) & 0xff, (s) & 0xff
> -@@ -2439,6 +2441,7 @@ int wpa_sm_get_mib(struct wpa_sm *sm, ch
> +@@ -2389,6 +2391,7 @@ int wpa_sm_get_mib(struct wpa_sm *sm, ch
>
> return (int) len;
> }
> @@ -167,7 +182,7 @@
>
> --- a/wpa_supplicant/ap.c
> +++ b/wpa_supplicant/ap.c
> -@@ -1139,7 +1139,7 @@ int wpas_ap_wps_nfc_report_handover(stru
> +@@ -1170,7 +1170,7 @@ int wpas_ap_wps_nfc_report_handover(stru
> #endif /* CONFIG_WPS */
>
>
> diff --git a/package/network/services/hostapd/patches/390-wpa_ie_cap_workaround.patch b/package/network/services/hostapd/patches/390-wpa_ie_cap_workaround.patch
> index 8f7a6879ca..a62cb3afcd 100644
> --- a/package/network/services/hostapd/patches/390-wpa_ie_cap_workaround.patch
> +++ b/package/network/services/hostapd/patches/390-wpa_ie_cap_workaround.patch
> @@ -1,6 +1,6 @@
> --- a/src/common/wpa_common.c
> +++ b/src/common/wpa_common.c
> -@@ -1675,6 +1675,31 @@ u32 wpa_akm_to_suite(int akm)
> +@@ -1735,6 +1735,31 @@ u32 wpa_akm_to_suite(int akm)
> }
>
>
> @@ -32,7 +32,7 @@
> int wpa_compare_rsn_ie(int ft_initial_assoc,
> const u8 *ie1, size_t ie1len,
> const u8 *ie2, size_t ie2len)
> -@@ -1682,8 +1707,19 @@ int wpa_compare_rsn_ie(int ft_initial_as
> +@@ -1742,8 +1767,19 @@ int wpa_compare_rsn_ie(int ft_initial_as
> if (ie1 == NULL || ie2 == NULL)
> return -1;
>
> diff --git a/package/network/services/hostapd/patches/400-wps_single_auth_enc_type.patch b/package/network/services/hostapd/patches/400-wps_single_auth_enc_type.patch
> index c10176371f..ea144f4def 100644
> --- a/package/network/services/hostapd/patches/400-wps_single_auth_enc_type.patch
> +++ b/package/network/services/hostapd/patches/400-wps_single_auth_enc_type.patch
> @@ -10,8 +10,8 @@
> bss->wpa_pairwise |= WPA_CIPHER_TKIP;
> bss->rsn_pairwise = bss->wpa_pairwise;
> bss->wpa_group = wpa_select_ap_group_cipher(bss->wpa,
> -@@ -1067,8 +1066,7 @@ int hostapd_init_wps(struct hostapd_data
> - if (conf->rsn_pairwise & (WPA_CIPHER_CCMP | WPA_CIPHER_GCMP)) {
> +@@ -1069,8 +1068,7 @@ int hostapd_init_wps(struct hostapd_data
> + WPA_CIPHER_GCMP_256)) {
> wps->encr_types |= WPS_ENCR_AES;
> wps->encr_types_rsn |= WPS_ENCR_AES;
> - }
> diff --git a/package/network/services/hostapd/patches/420-indicate-features.patch b/package/network/services/hostapd/patches/420-indicate-features.patch
> index 2b529ca3e6..d582c8574c 100644
> --- a/package/network/services/hostapd/patches/420-indicate-features.patch
> +++ b/package/network/services/hostapd/patches/420-indicate-features.patch
> @@ -8,7 +8,7 @@
> #include "crypto/random.h"
> #include "crypto/tls.h"
> #include "common/version.h"
> -@@ -678,7 +679,7 @@ int main(int argc, char *argv[])
> +@@ -682,7 +683,7 @@ int main(int argc, char *argv[])
> wpa_supplicant_event = hostapd_wpa_event;
> wpa_supplicant_event_global = hostapd_wpa_event_global;
> for (;;) {
> @@ -17,7 +17,7 @@
> if (c < 0)
> break;
> switch (c) {
> -@@ -715,6 +716,8 @@ int main(int argc, char *argv[])
> +@@ -719,6 +720,8 @@ int main(int argc, char *argv[])
> break;
> #endif /* CONFIG_DEBUG_LINUX_TRACING */
> case 'v':
> diff --git a/package/network/services/hostapd/patches/430-hostapd_cli_ifdef.patch b/package/network/services/hostapd/patches/430-hostapd_cli_ifdef.patch
> index 32cab7ff62..07b4cc3cb0 100644
> --- a/package/network/services/hostapd/patches/430-hostapd_cli_ifdef.patch
> +++ b/package/network/services/hostapd/patches/430-hostapd_cli_ifdef.patch
> @@ -16,7 +16,7 @@
>
>
> static int hostapd_cli_cmd_disassoc_imminent(struct wpa_ctrl *ctrl, int argc,
> -@@ -1476,7 +1474,6 @@ static const struct hostapd_cli_cmd host
> +@@ -1504,7 +1502,6 @@ static const struct hostapd_cli_cmd host
> { "sa_query", hostapd_cli_cmd_sa_query, hostapd_complete_stations,
> "<addr> = send SA Query to a station" },
> #endif /* CONFIG_IEEE80211W */
> @@ -24,7 +24,7 @@
> { "wps_pin", hostapd_cli_cmd_wps_pin, NULL,
> "<uuid> <pin> [timeout] [addr] = add WPS Enrollee PIN" },
> { "wps_check_pin", hostapd_cli_cmd_wps_check_pin, NULL,
> -@@ -1501,7 +1498,6 @@ static const struct hostapd_cli_cmd host
> +@@ -1529,7 +1526,6 @@ static const struct hostapd_cli_cmd host
> "<SSID> <auth> <encr> <key> = configure AP" },
> { "wps_get_status", hostapd_cli_cmd_wps_get_status, NULL,
> "= show current WPS status" },
> diff --git a/package/network/services/hostapd/patches/450-scan_wait.patch b/package/network/services/hostapd/patches/450-scan_wait.patch
> index 463a362911..9620ecc520 100644
> --- a/package/network/services/hostapd/patches/450-scan_wait.patch
> +++ b/package/network/services/hostapd/patches/450-scan_wait.patch
> @@ -1,6 +1,6 @@
> --- a/hostapd/main.c
> +++ b/hostapd/main.c
> -@@ -37,6 +37,8 @@ struct hapd_global {
> +@@ -38,6 +38,8 @@ struct hapd_global {
> };
>
> static struct hapd_global global;
> @@ -9,7 +9,7 @@
>
>
> #ifndef CONFIG_NO_HOSTAPD_LOGGER
> -@@ -147,6 +149,14 @@ static void hostapd_logger_cb(void *ctx,
> +@@ -148,6 +150,14 @@ static void hostapd_logger_cb(void *ctx,
> }
> #endif /* CONFIG_NO_HOSTAPD_LOGGER */
>
> @@ -24,7 +24,7 @@
>
> /**
> * hostapd_driver_init - Preparate driver interface
> -@@ -165,6 +175,8 @@ static int hostapd_driver_init(struct ho
> +@@ -166,6 +176,8 @@ static int hostapd_driver_init(struct ho
> return -1;
> }
>
> @@ -33,7 +33,7 @@
> /* Initialize the driver interface */
> if (!(b[0] | b[1] | b[2] | b[3] | b[4] | b[5]))
> b = NULL;
> -@@ -405,8 +417,6 @@ static void hostapd_global_deinit(const
> +@@ -406,8 +418,6 @@ static void hostapd_global_deinit(const
> #endif /* CONFIG_NATIVE_WINDOWS */
>
> eap_server_unregister_methods();
> @@ -42,7 +42,7 @@
> }
>
>
> -@@ -432,18 +442,6 @@ static int hostapd_global_run(struct hap
> +@@ -433,18 +443,6 @@ static int hostapd_global_run(struct hap
> }
> #endif /* EAP_SERVER_TNC */
>
> @@ -61,7 +61,7 @@
> eloop_run();
>
> return 0;
> -@@ -645,8 +643,7 @@ int main(int argc, char *argv[])
> +@@ -646,8 +644,7 @@ int main(int argc, char *argv[])
> struct hapd_interfaces interfaces;
> int ret = 1;
> size_t i, j;
> diff --git a/package/network/services/hostapd/patches/460-wpa_supplicant-add-new-config-params-to-be-used-with.patch b/package/network/services/hostapd/patches/460-wpa_supplicant-add-new-config-params-to-be-used-with.patch
> index 213ee6d726..9df9239cb4 100644
> --- a/package/network/services/hostapd/patches/460-wpa_supplicant-add-new-config-params-to-be-used-with.patch
> +++ b/package/network/services/hostapd/patches/460-wpa_supplicant-add-new-config-params-to-be-used-with.patch
> @@ -42,8 +42,8 @@ Signed-hostap: Antonio Quartulli <ordex at autistici.org>
> #include "config.h"
>
>
> -@@ -1985,6 +1986,97 @@ static char * wpa_config_write_mka_ckn(c
> - #endif /* CONFIG_MACSEC */
> +@@ -2037,6 +2038,97 @@ static char * wpa_config_write_peerkey(c
> + #endif /* NO_CONFIG_WRITE */
>
>
> +static int wpa_config_parse_mcast_rate(const struct parse_data *data,
> @@ -140,7 +140,7 @@ Signed-hostap: Antonio Quartulli <ordex at autistici.org>
> /* Helper macros for network block parser */
>
> #ifdef OFFSET
> -@@ -2224,6 +2316,8 @@ static const struct parse_data ssid_fiel
> +@@ -2279,6 +2371,8 @@ static const struct parse_data ssid_fiel
> { INT(ap_max_inactivity) },
> { INT(dtim_period) },
> { INT(beacon_int) },
> @@ -162,7 +162,7 @@ Signed-hostap: Antonio Quartulli <ordex at autistici.org>
>
>
> #define DEFAULT_EAP_WORKAROUND ((unsigned int) -1)
> -@@ -735,6 +737,9 @@ struct wpa_ssid {
> +@@ -743,6 +745,9 @@ struct wpa_ssid {
> */
> void *parent_cred;
>
> @@ -174,7 +174,7 @@ Signed-hostap: Antonio Quartulli <ordex at autistici.org>
> * macsec_policy - Determines the policy for MACsec secure session
> --- a/wpa_supplicant/wpa_supplicant.c
> +++ b/wpa_supplicant/wpa_supplicant.c
> -@@ -2781,6 +2781,12 @@ static void wpas_start_assoc_cb(struct w
> +@@ -2942,6 +2942,12 @@ static void wpas_start_assoc_cb(struct w
> params.beacon_int = ssid->beacon_int;
> else
> params.beacon_int = wpa_s->conf->beacon_int;
> @@ -186,4 +186,4 @@ Signed-hostap: Antonio Quartulli <ordex at autistici.org>
> + params.mcast_rate = ssid->mcast_rate;
> }
>
> - params.wpa_ie = wpa_ie;
> + params.pairwise_suite = cipher_pairwise;
> diff --git a/package/network/services/hostapd/patches/461-driver_nl80211-use-new-parameters-during-ibss-join.patch b/package/network/services/hostapd/patches/461-driver_nl80211-use-new-parameters-during-ibss-join.patch
> index 11822366de..bf9020e2b6 100644
> --- a/package/network/services/hostapd/patches/461-driver_nl80211-use-new-parameters-during-ibss-join.patch
> +++ b/package/network/services/hostapd/patches/461-driver_nl80211-use-new-parameters-during-ibss-join.patch
> @@ -10,7 +10,7 @@ Signed-hostap: Antonio Quartulli <ordex at autistici.org>
>
> --- a/src/drivers/driver_nl80211.c
> +++ b/src/drivers/driver_nl80211.c
> -@@ -5012,7 +5012,7 @@ static int wpa_driver_nl80211_ibss(struc
> +@@ -5091,7 +5091,7 @@ static int wpa_driver_nl80211_ibss(struc
> struct wpa_driver_associate_params *params)
> {
> struct nl_msg *msg;
> @@ -19,7 +19,7 @@ Signed-hostap: Antonio Quartulli <ordex at autistici.org>
> int count = 0;
>
> wpa_printf(MSG_DEBUG, "nl80211: Join IBSS (ifindex=%d)", drv->ifindex);
> -@@ -5039,6 +5039,37 @@ retry:
> +@@ -5118,6 +5118,37 @@ retry:
> nl80211_put_beacon_int(msg, params->beacon_int))
> goto fail;
>
> diff --git a/package/network/services/hostapd/patches/463-add-mcast_rate-to-11s.patch b/package/network/services/hostapd/patches/463-add-mcast_rate-to-11s.patch
> index 9b5ee4bbb3..80433b93be 100644
> --- a/package/network/services/hostapd/patches/463-add-mcast_rate-to-11s.patch
> +++ b/package/network/services/hostapd/patches/463-add-mcast_rate-to-11s.patch
> @@ -19,7 +19,7 @@ Tested-by: Simon Wunderlich <simon.wunderlich at openmesh.com>
>
> --- a/src/drivers/driver.h
> +++ b/src/drivers/driver.h
> -@@ -1424,6 +1424,7 @@ struct wpa_driver_mesh_join_params {
> +@@ -1394,6 +1394,7 @@ struct wpa_driver_mesh_join_params {
> #define WPA_DRIVER_MESH_FLAG_SAE_AUTH 0x00000004
> #define WPA_DRIVER_MESH_FLAG_AMPE 0x00000008
> unsigned int flags;
> @@ -29,7 +29,7 @@ Tested-by: Simon Wunderlich <simon.wunderlich at openmesh.com>
> /**
> --- a/src/drivers/driver_nl80211.c
> +++ b/src/drivers/driver_nl80211.c
> -@@ -8981,6 +8981,18 @@ static int nl80211_put_mesh_id(struct nl
> +@@ -9204,6 +9204,18 @@ static int nl80211_put_mesh_id(struct nl
> }
>
>
> @@ -48,7 +48,7 @@ Tested-by: Simon Wunderlich <simon.wunderlich at openmesh.com>
> static int nl80211_put_mesh_config(struct nl_msg *msg,
> struct wpa_driver_mesh_bss_params *params)
> {
> -@@ -9039,6 +9051,7 @@ static int nl80211_join_mesh(struct i802
> +@@ -9262,6 +9274,7 @@ static int nl80211_join_mesh(struct i802
> nl80211_put_basic_rates(msg, params->basic_rates) ||
> nl80211_put_mesh_id(msg, params->meshid, params->meshid_len) ||
> nl80211_put_beacon_int(msg, params->beacon_int) ||
> diff --git a/package/network/services/hostapd/patches/464-fix-mesh-obss-check.patch b/package/network/services/hostapd/patches/464-fix-mesh-obss-check.patch
> index 3833539489..4f8ea499c0 100644
> --- a/package/network/services/hostapd/patches/464-fix-mesh-obss-check.patch
> +++ b/package/network/services/hostapd/patches/464-fix-mesh-obss-check.patch
> @@ -1,6 +1,6 @@
> --- a/wpa_supplicant/wpa_supplicant.c
> +++ b/wpa_supplicant/wpa_supplicant.c
> -@@ -2010,11 +2010,13 @@ void ibss_mesh_setup_freq(struct wpa_sup
> +@@ -2081,11 +2081,13 @@ void ibss_mesh_setup_freq(struct wpa_sup
> for (j = 0; j < wpa_s->last_scan_res_used; j++) {
> struct wpa_bss *bss = wpa_s->last_scan_res[j];
>
> diff --git a/package/network/services/hostapd/patches/600-ubus_support.patch b/package/network/services/hostapd/patches/600-ubus_support.patch
> index acdc668a7b..6a0a89ece4 100644
> --- a/package/network/services/hostapd/patches/600-ubus_support.patch
> +++ b/package/network/services/hostapd/patches/600-ubus_support.patch
> @@ -22,7 +22,7 @@
>
> struct wpa_ctrl_dst;
> struct radius_server_data;
> -@@ -122,6 +123,7 @@ struct hostapd_data {
> +@@ -129,6 +130,7 @@ struct hostapd_data {
> struct hostapd_iface *iface;
> struct hostapd_config *iconf;
> struct hostapd_bss_config *conf;
> @@ -30,7 +30,7 @@
> int interface_added; /* virtual interface added for this BSS */
> unsigned int started:1;
> unsigned int disabled:1;
> -@@ -370,6 +372,8 @@ struct hostapd_iface {
> +@@ -392,6 +394,8 @@ struct hostapd_iface {
> struct hostapd_config *conf;
> char phy[16]; /* Name of the PHY (radio) */
>
> @@ -39,7 +39,7 @@
> enum hostapd_iface_state {
> HAPD_IFACE_UNINITIALIZED,
> HAPD_IFACE_DISABLED,
> -@@ -518,6 +522,7 @@ hostapd_alloc_bss_data(struct hostapd_if
> +@@ -544,6 +548,7 @@ hostapd_alloc_bss_data(struct hostapd_if
> struct hostapd_bss_config *bss);
> int hostapd_setup_interface(struct hostapd_iface *iface);
> int hostapd_setup_interface_complete(struct hostapd_iface *iface, int err);
> @@ -75,7 +75,7 @@
> {
> #ifdef NEED_AP_MLME
> u16 capab = hostapd_own_capab_info(hapd);
> -@@ -1711,6 +1714,7 @@ static int hostapd_setup_interface_compl
> +@@ -1807,6 +1810,7 @@ static int hostapd_setup_interface_compl
> if (err)
> goto fail;
>
> @@ -83,7 +83,7 @@
> wpa_printf(MSG_DEBUG, "Completing interface initialization");
> if (iface->conf->channel) {
> #ifdef NEED_AP_MLME
> -@@ -1890,6 +1894,7 @@ dfs_offload:
> +@@ -1987,6 +1991,7 @@ dfs_offload:
>
> fail:
> wpa_printf(MSG_ERROR, "Interface initialization failed");
> @@ -91,7 +91,7 @@
> hostapd_set_state(iface, HAPD_IFACE_DISABLED);
> wpa_msg(hapd->msg_ctx, MSG_INFO, AP_EVENT_DISABLED);
> #ifdef CONFIG_FST
> -@@ -2344,6 +2349,7 @@ void hostapd_interface_deinit_free(struc
> +@@ -2441,6 +2446,7 @@ void hostapd_interface_deinit_free(struc
> (unsigned int) iface->conf->num_bss);
> driver = iface->bss[0]->driver;
> drv_priv = iface->bss[0]->drv_priv;
> @@ -101,7 +101,7 @@
> __func__, driver, drv_priv);
> --- a/src/ap/ieee802_11.c
> +++ b/src/ap/ieee802_11.c
> -@@ -1587,12 +1587,13 @@ ieee802_11_set_radius_info(struct hostap
> +@@ -1662,12 +1662,13 @@ ieee802_11_set_radius_info(struct hostap
>
>
> static void handle_auth(struct hostapd_data *hapd,
> @@ -117,7 +117,7 @@
> u16 fc;
> const u8 *challenge = NULL;
> u32 session_timeout, acct_interim_interval;
> -@@ -1603,6 +1604,11 @@ static void handle_auth(struct hostapd_d
> +@@ -1678,6 +1679,11 @@ static void handle_auth(struct hostapd_d
> char *identity = NULL;
> char *radius_cui = NULL;
> u16 seq_ctrl;
> @@ -129,7 +129,7 @@
>
> if (len < IEEE80211_HDRLEN + sizeof(mgmt->u.auth)) {
> wpa_printf(MSG_INFO, "handle_auth - too short payload (len=%lu)",
> -@@ -1757,6 +1763,13 @@ static void handle_auth(struct hostapd_d
> +@@ -1836,6 +1842,13 @@ static void handle_auth(struct hostapd_d
> resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
> goto fail;
> }
> @@ -143,7 +143,7 @@
> if (res == HOSTAPD_ACL_PENDING)
> return;
>
> -@@ -2870,12 +2883,12 @@ void fils_hlp_timeout(void *eloop_ctx, v
> +@@ -3098,12 +3111,12 @@ void fils_hlp_timeout(void *eloop_ctx, v
>
> static void handle_assoc(struct hostapd_data *hapd,
> const struct ieee80211_mgmt *mgmt, size_t len,
> @@ -158,7 +158,7 @@
> struct sta_info *sta;
> u8 *tmp = NULL;
> struct hostapd_sta_wpa_psk_short *psk = NULL;
> -@@ -2884,6 +2897,11 @@ static void handle_assoc(struct hostapd_
> +@@ -3112,6 +3125,11 @@ static void handle_assoc(struct hostapd_
> #ifdef CONFIG_FILS
> int delay_assoc = 0;
> #endif /* CONFIG_FILS */
> @@ -170,7 +170,7 @@
>
> if (len < IEEE80211_HDRLEN + (reassoc ? sizeof(mgmt->u.reassoc_req) :
> sizeof(mgmt->u.assoc_req))) {
> -@@ -3051,6 +3069,14 @@ static void handle_assoc(struct hostapd_
> +@@ -3283,6 +3301,14 @@ static void handle_assoc(struct hostapd_
> }
> #endif /* CONFIG_MBO */
>
> @@ -185,7 +185,7 @@
> /*
> * sta->capability is used in check_assoc_ies() for RRM enabled
> * capability element.
> -@@ -3258,6 +3284,7 @@ static void handle_disassoc(struct hosta
> +@@ -3496,6 +3522,7 @@ static void handle_disassoc(struct hosta
> wpa_printf(MSG_DEBUG, "disassocation: STA=" MACSTR " reason_code=%d",
> MAC2STR(mgmt->sa),
> le_to_host16(mgmt->u.disassoc.reason_code));
> @@ -193,7 +193,7 @@
>
> sta = ap_get_sta(hapd, mgmt->sa);
> if (sta == NULL) {
> -@@ -3323,6 +3350,8 @@ static void handle_deauth(struct hostapd
> +@@ -3561,6 +3588,8 @@ static void handle_deauth(struct hostapd
> " reason_code=%d",
> MAC2STR(mgmt->sa), le_to_host16(mgmt->u.deauth.reason_code));
>
> @@ -202,16 +202,16 @@
> sta = ap_get_sta(hapd, mgmt->sa);
> if (sta == NULL) {
> wpa_msg(hapd->msg_ctx, MSG_DEBUG, "Station " MACSTR " trying "
> -@@ -3637,7 +3666,7 @@ int ieee802_11_mgmt(struct hostapd_data
> +@@ -3883,7 +3912,7 @@ int ieee802_11_mgmt(struct hostapd_data
>
>
> if (stype == WLAN_FC_STYPE_PROBE_REQ) {
> -- handle_probe_req(hapd, mgmt, len, fi->ssi_signal);
> +- handle_probe_req(hapd, mgmt, len, ssi_signal);
> + handle_probe_req(hapd, mgmt, len, fi);
> return 1;
> }
>
> -@@ -3657,17 +3686,17 @@ int ieee802_11_mgmt(struct hostapd_data
> +@@ -3903,17 +3932,17 @@ int ieee802_11_mgmt(struct hostapd_data
> switch (stype) {
> case WLAN_FC_STYPE_AUTH:
> wpa_printf(MSG_DEBUG, "mgmt::auth");
> @@ -234,7 +234,7 @@
> case WLAN_FC_STYPE_DISASSOC:
> --- a/src/ap/beacon.c
> +++ b/src/ap/beacon.c
> -@@ -716,7 +716,7 @@ void sta_track_claim_taxonomy_info(struc
> +@@ -720,7 +720,7 @@ void sta_track_claim_taxonomy_info(struc
>
> void handle_probe_req(struct hostapd_data *hapd,
> const struct ieee80211_mgmt *mgmt, size_t len,
> @@ -243,7 +243,7 @@
> {
> u8 *resp;
> struct ieee802_11_elems elems;
> -@@ -725,9 +725,15 @@ void handle_probe_req(struct hostapd_dat
> +@@ -729,6 +729,7 @@ void handle_probe_req(struct hostapd_dat
> size_t i, resp_len;
> int noack;
> enum ssid_match_result res;
> @@ -251,6 +251,10 @@
> int ret;
> u16 csa_offs[2];
> size_t csa_offs_len;
> +@@ -737,6 +738,11 @@ void handle_probe_req(struct hostapd_dat
> + struct hostapd_sta_wpa_psk_short *psk = NULL;
> + char *identity = NULL;
> + char *radius_cui = NULL;
> + struct hostapd_ubus_request req = {
> + .type = HOSTAPD_UBUS_PROBE_REQ,
> + .mgmt_frame = mgmt,
> @@ -259,7 +263,7 @@
>
> if (len < IEEE80211_HDRLEN)
> return;
> -@@ -894,6 +900,12 @@ void handle_probe_req(struct hostapd_dat
> +@@ -914,6 +920,12 @@ void handle_probe_req(struct hostapd_dat
> }
> #endif /* CONFIG_P2P */
>
> @@ -311,7 +315,7 @@
> wpabuf_free(sta->p2p_ie);
> --- a/src/ap/sta_info.c
> +++ b/src/ap/sta_info.c
> -@@ -404,6 +404,7 @@ void ap_handle_timer(void *eloop_ctx, vo
> +@@ -408,6 +408,7 @@ void ap_handle_timer(void *eloop_ctx, vo
> HOSTAPD_LEVEL_INFO, "deauthenticated due to "
> "local deauth request");
> ap_free_sta(hapd, sta);
> @@ -319,7 +323,7 @@
> return;
> }
>
> -@@ -551,6 +552,7 @@ skip_poll:
> +@@ -555,6 +556,7 @@ skip_poll:
> hapd, sta,
> WLAN_REASON_PREV_AUTH_NOT_VALID);
> ap_free_sta(hapd, sta);
> @@ -327,7 +331,7 @@
> break;
> }
> }
> -@@ -1212,6 +1214,7 @@ void ap_sta_set_authorized(struct hostap
> +@@ -1216,6 +1218,7 @@ void ap_sta_set_authorized(struct hostap
> buf, ip_addr);
> } else {
> wpa_msg(hapd->msg_ctx, MSG_INFO, AP_STA_DISCONNECTED "%s", buf);
> @@ -337,7 +341,7 @@
> hapd->msg_ctx_parent != hapd->msg_ctx)
> --- a/src/ap/wpa_auth_glue.c
> +++ b/src/ap/wpa_auth_glue.c
> -@@ -175,6 +175,7 @@ static void hostapd_wpa_auth_psk_failure
> +@@ -176,6 +176,7 @@ static void hostapd_wpa_auth_psk_failure
> struct hostapd_data *hapd = ctx;
> wpa_msg(hapd->msg_ctx, MSG_INFO, AP_STA_POSSIBLE_PSK_MISMATCH MACSTR,
> MAC2STR(addr));
> --
> 2.16.2
>
>
> _______________________________________________
> Lede-dev mailing list
> Lede-dev at lists.infradead.org
> http://lists.infradead.org/mailman/listinfo/lede-dev
More information about the Lede-dev
mailing list