From 7c245cbd68702ee5c55a3f0d55157d090eb5b231 Mon Sep 17 00:00:00 2001 From: Arturo Buzarra Date: Fri, 15 Jul 2022 09:17:45 +0200 Subject: [PATCH] wpa_supplicant: update Murata wireless support to release v5.10.9-2022_0511 https://onedigi.atlassian.net/browse/DEL-8025 Signed-off-by: Arturo Buzarra --- ...-expiration-issue-through-supplicant.patch | 156 +++++++++++++ ...-expiration-issue-through-supplicant.patch | 42 ++++ ...ache-after-receiving-specific-deauth.patch | 42 ++++ ...authenticate-STA-only-if-PMK-expired.patch | 210 ++++++++++++++++++ .../wpa-supplicant/wpa-supplicant_%.bbappend | 4 + 5 files changed, 454 insertions(+) create mode 100644 meta-digi-dey/recipes-connectivity/wpa-supplicant/wpa-supplicant/murata/0021-SAE-Fix-for-PMK-expiration-issue-through-supplicant.patch create mode 100644 meta-digi-dey/recipes-connectivity/wpa-supplicant/wpa-supplicant/murata/0022-SAE-Fix-for-PMK-expiration-issue-through-supplicant.patch create mode 100644 meta-digi-dey/recipes-connectivity/wpa-supplicant/wpa-supplicant/murata/0023-SAE-Drop-PMKSA-cache-after-receiving-specific-deauth.patch create mode 100644 meta-digi-dey/recipes-connectivity/wpa-supplicant/wpa-supplicant/murata/0024-Deauthenticate-STA-only-if-PMK-expired.patch diff --git a/meta-digi-dey/recipes-connectivity/wpa-supplicant/wpa-supplicant/murata/0021-SAE-Fix-for-PMK-expiration-issue-through-supplicant.patch b/meta-digi-dey/recipes-connectivity/wpa-supplicant/wpa-supplicant/murata/0021-SAE-Fix-for-PMK-expiration-issue-through-supplicant.patch new file mode 100644 index 000000000..1ddf8074a --- /dev/null +++ b/meta-digi-dey/recipes-connectivity/wpa-supplicant/wpa-supplicant/murata/0021-SAE-Fix-for-PMK-expiration-issue-through-supplicant.patch @@ -0,0 +1,156 @@ +From: Kurt Lee +Date: Mon, 14 Feb 2022 00:08:23 -0600 +Subject: [PATCH] SAE: Fix for PMK expiration issue through supplicant + (first) + +Description : Sending Deauth from AP once PMK timeout occurs, So that +STA will initiate the Auth process. +Changes : 1) Added support to get the dot11RSNAConfigPMKLifetime conf +element in wpa_authenticator structure to pass to the lower API's +2) Sending deauth from the wpa_auth_pmksa_free_cb once PMK time out +occurs. +Tested: Confirmed once PMK timeout occurs AP is sending deauth and STA +starting AUTH frame. + +Porting from project: hostap_upstream, branch: IOT_HOSTAP_BRANCH_1_201 +ID: 587411dd with modified hostapd/config_file.c for configuration of +hostapd + +First part: changes not touching 'hostapd' directory. + +Signed-off-by: Arturo Buzarra +--- + src/ap/ap_config.h | 2 ++ + src/ap/ieee802_11.c | 1 + + src/ap/wpa_auth.c | 9 ++++++++- + src/ap/wpa_auth.h | 1 + + src/ap/wpa_auth_i.h | 1 + + wpa_supplicant/ap.c | 2 ++ + 6 files changed, 15 insertions(+), 1 deletion(-) + +diff --git a/src/ap/ap_config.h b/src/ap/ap_config.h +index 49cd3168a..a82ca1853 100644 +--- a/src/ap/ap_config.h ++++ b/src/ap/ap_config.h +@@ -896,10 +896,12 @@ struct hostapd_bss_config { + + u8 ext_capa_mask[EXT_CAPA_MAX_LEN]; + u8 ext_capa[EXT_CAPA_MAX_LEN]; + + u8 rnr; ++ ++ unsigned int dot11RSNAConfigPMKLifetime; + }; + + /** + * struct he_phy_capabilities_info - HE PHY capabilities + */ +diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c +index 3b735c09f..c4f7d00cc 100644 +--- a/src/ap/ieee802_11.c ++++ b/src/ap/ieee802_11.c +@@ -978,10 +978,11 @@ void sae_accept_sta(struct hostapd_data *hapd, struct sta_info *sta) + wpa_auth_sm_event(sta->wpa_sm, WPA_AUTH); + sae_set_state(sta, SAE_ACCEPTED, "Accept Confirm"); + crypto_bignum_deinit(sta->sae->peer_commit_scalar_accepted, 0); + sta->sae->peer_commit_scalar_accepted = sta->sae->peer_commit_scalar; + sta->sae->peer_commit_scalar = NULL; ++ wpa_auth_set_pmk_life_time(hapd->wpa_auth,hapd->conf->dot11RSNAConfigPMKLifetime); + wpa_auth_pmksa_add_sae(hapd->wpa_auth, sta->addr, + sta->sae->pmk, sta->sae->pmkid); + #ifndef CONFIG_WPA3_SAE_AUTH_EARLY_SET + sae_sme_send_external_auth_status(hapd, sta, WLAN_STATUS_SUCCESS); + #endif /* CONFIG_WPA3_SAE_AUTH_EARLY_SET */ +diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c +index 4b506c1db..e92ea4302 100644 +--- a/src/ap/wpa_auth.c ++++ b/src/ap/wpa_auth.c +@@ -388,10 +388,11 @@ static int wpa_auth_pmksa_clear_cb(struct wpa_state_machine *sm, void *ctx) + + static void wpa_auth_pmksa_free_cb(struct rsn_pmksa_cache_entry *entry, + void *ctx) + { + struct wpa_authenticator *wpa_auth = ctx; ++ wpa_sta_disconnect(wpa_auth, entry->spa, WLAN_REASON_PREV_AUTH_NOT_VALID); + wpa_auth_for_each_sta(wpa_auth, wpa_auth_pmksa_clear_cb, entry); + } + + + static int wpa_group_init_gmk_and_counter(struct wpa_authenticator *wpa_auth, +@@ -4833,20 +4834,26 @@ int wpa_auth_pmksa_add_preauth(struct wpa_authenticator *wpa_auth, + + return -1; + } + + ++void wpa_auth_set_pmk_life_time(struct wpa_authenticator *wpa_auth, unsigned int pmk_life_time) ++{ ++ wpa_auth->pmk_life_time = pmk_life_time; ++} ++ ++ + int wpa_auth_pmksa_add_sae(struct wpa_authenticator *wpa_auth, const u8 *addr, + const u8 *pmk, const u8 *pmkid) + { + if (wpa_auth->conf.disable_pmksa_caching) + return -1; + + wpa_hexdump_key(MSG_DEBUG, "RSN: Cache PMK from SAE", pmk, PMK_LEN); + if (pmksa_cache_auth_add(wpa_auth->pmksa, pmk, PMK_LEN, pmkid, + NULL, 0, +- wpa_auth->addr, addr, 0, NULL, ++ wpa_auth->addr, addr, wpa_auth->pmk_life_time, NULL, + WPA_KEY_MGMT_SAE)) + return 0; + + return -1; + } +diff --git a/src/ap/wpa_auth.h b/src/ap/wpa_auth.h +index 140147e79..06fe4d708 100644 +--- a/src/ap/wpa_auth.h ++++ b/src/ap/wpa_auth.h +@@ -423,10 +423,11 @@ int wpa_auth_pmksa_add_preauth(struct wpa_authenticator *wpa_auth, + const u8 *pmk, size_t len, const u8 *sta_addr, + int session_timeout, + struct eapol_state_machine *eapol); + int wpa_auth_pmksa_add_sae(struct wpa_authenticator *wpa_auth, const u8 *addr, + const u8 *pmk, const u8 *pmkid); ++void wpa_auth_set_pmk_life_time(struct wpa_authenticator *wpa_auth, unsigned int pmk_life_time); + void wpa_auth_add_sae_pmkid(struct wpa_state_machine *sm, const u8 *pmkid); + int wpa_auth_pmksa_add2(struct wpa_authenticator *wpa_auth, const u8 *addr, + const u8 *pmk, size_t pmk_len, const u8 *pmkid, + int session_timeout, int akmp); + void wpa_auth_pmksa_remove(struct wpa_authenticator *wpa_auth, +diff --git a/src/ap/wpa_auth_i.h b/src/ap/wpa_auth_i.h +index a6dc1a591..f46bdabdd 100644 +--- a/src/ap/wpa_auth_i.h ++++ b/src/ap/wpa_auth_i.h +@@ -235,10 +235,11 @@ struct wpa_authenticator { + struct wpa_ft_pmk_cache *ft_pmk_cache; + + #ifdef CONFIG_P2P + struct bitfield *ip_pool; + #endif /* CONFIG_P2P */ ++ unsigned int pmk_life_time; + }; + + + #ifdef CONFIG_IEEE80211R_AP + +diff --git a/wpa_supplicant/ap.c b/wpa_supplicant/ap.c +index 6a0a69e68..cade9512b 100644 +--- a/wpa_supplicant/ap.c ++++ b/wpa_supplicant/ap.c +@@ -603,10 +603,12 @@ static int wpa_supplicant_conf_ap(struct wpa_supplicant *wpa_s, + + if (ssid->sae_pwe != DEFAULT_SAE_PWE) + bss->sae_pwe = ssid->sae_pwe; + else + bss->sae_pwe = wpa_s->conf->sae_pwe; ++ ++ bss->dot11RSNAConfigPMKLifetime = wpa_s->conf->dot11RSNAConfigPMKLifetime; + #endif /* CONFIG_SAE */ + + if (wpa_s->conf->go_interworking) { + wpa_printf(MSG_DEBUG, + "P2P: Enable Interworking with access_network_type: %d", diff --git a/meta-digi-dey/recipes-connectivity/wpa-supplicant/wpa-supplicant/murata/0022-SAE-Fix-for-PMK-expiration-issue-through-supplicant.patch b/meta-digi-dey/recipes-connectivity/wpa-supplicant/wpa-supplicant/murata/0022-SAE-Fix-for-PMK-expiration-issue-through-supplicant.patch new file mode 100644 index 000000000..88160f4f0 --- /dev/null +++ b/meta-digi-dey/recipes-connectivity/wpa-supplicant/wpa-supplicant/murata/0022-SAE-Fix-for-PMK-expiration-issue-through-supplicant.patch @@ -0,0 +1,42 @@ +From: Kurt Lee +Date: Mon, 14 Feb 2022 00:08:23 -0600 +Subject: [PATCH] SAE: Fix for PMK expiration issue through supplicant + (second) + +Description : Sending Deauth from AP once PMK timeout occurs, So that +STA will initiate the Auth process. +Changes : 1) Added support to get the dot11RSNAConfigPMKLifetime conf +element in wpa_authenticator structure to pass to the lower API's +2) Sending deauth from the wpa_auth_pmksa_free_cb once PMK time out +occurs. +Tested: Confirmed once PMK timeout occurs AP is sending deauth and STA +starting AUTH frame. + +Porting from project: hostap_upstream, branch: IOT_HOSTAP_BRANCH_1_201 +ID: 587411dd with modified hostapd/config_file.c for configuration of +hostapd + +Second part: changes to 'hostapd' directory. + +Signed-off-by: Arturo Buzarra +--- + hostapd/config_file.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/hostapd/config_file.c b/hostapd/config_file.c +index b14728d1b..386499323 100644 +--- a/hostapd/config_file.c ++++ b/hostapd/config_file.c +@@ -3669,10 +3669,12 @@ static int hostapd_config_fill(struct hostapd_config *conf, + #endif /* CONFIG_IEEE80211AX */ + } else if (os_strcmp(buf, "max_listen_interval") == 0) { + bss->max_listen_interval = atoi(pos); + } else if (os_strcmp(buf, "disable_pmksa_caching") == 0) { + bss->disable_pmksa_caching = atoi(pos); ++ } else if (os_strcmp(buf, "dot11RSNAConfigPMKLifetime") == 0) { ++ bss->dot11RSNAConfigPMKLifetime = atoi(pos); + } else if (os_strcmp(buf, "okc") == 0) { + bss->okc = atoi(pos); + #ifdef CONFIG_WPS + } else if (os_strcmp(buf, "wps_state") == 0) { + bss->wps_state = atoi(pos); diff --git a/meta-digi-dey/recipes-connectivity/wpa-supplicant/wpa-supplicant/murata/0023-SAE-Drop-PMKSA-cache-after-receiving-specific-deauth.patch b/meta-digi-dey/recipes-connectivity/wpa-supplicant/wpa-supplicant/murata/0023-SAE-Drop-PMKSA-cache-after-receiving-specific-deauth.patch new file mode 100644 index 000000000..251663feb --- /dev/null +++ b/meta-digi-dey/recipes-connectivity/wpa-supplicant/wpa-supplicant/murata/0023-SAE-Drop-PMKSA-cache-after-receiving-specific-deauth.patch @@ -0,0 +1,42 @@ +From: Kurt Lee +Date: Thu, 24 Feb 2022 03:57:22 -0600 +Subject: [PATCH] SAE: Drop PMKSA cache after receiving specific deauth + +As a STA mode, when receiving deauth frame with reason code +WLAN_REASON_PREV_AUTH_NOT_VALID, it should drop its PMKSA cache. +--- + wpa_supplicant/events.c | 19 +++++++++++++++++++ + 1 file changed, 19 insertions(+) + +diff --git a/wpa_supplicant/events.c b/wpa_supplicant/events.c +index fe8dbd91d..bfd49ee43 100644 +--- a/wpa_supplicant/events.c ++++ b/wpa_supplicant/events.c +@@ -4157,10 +4157,29 @@ static void wpas_event_disconnect(struct wpa_supplicant *wpa_s, const u8 *addr, + return; + } + } + #endif /* CONFIG_P2P */ + ++#ifdef CONFIG_SAE ++ if (reason_code == WLAN_REASON_PREV_AUTH_NOT_VALID) { ++ const u8 *bssid = wpa_s->bssid; ++ ++ if (is_zero_ether_addr(bssid)) ++ bssid = wpa_s->pending_bssid; ++ ++ if ((!is_zero_ether_addr(bssid) || ++ (wpa_s->wpa_state >= WPA_AUTHENTICATING)) && ++ wpa_s->current_ssid && ++ wpa_key_mgmt_sae(wpa_s->current_ssid->key_mgmt)) { ++ wpa_dbg(wpa_s, MSG_DEBUG, "SAE: Drop PMKSA " ++ "cache entry"); ++ wpa_sm_aborted_cached(wpa_s->wpa); ++ wpa_sm_pmksa_cache_flush(wpa_s->wpa, ++ wpa_s->current_ssid); ++ } ++ } ++#endif /* CONFIG_SAE */ + wpa_supplicant_event_disassoc_finish(wpa_s, reason_code, + locally_generated); + } diff --git a/meta-digi-dey/recipes-connectivity/wpa-supplicant/wpa-supplicant/murata/0024-Deauthenticate-STA-only-if-PMK-expired.patch b/meta-digi-dey/recipes-connectivity/wpa-supplicant/wpa-supplicant/murata/0024-Deauthenticate-STA-only-if-PMK-expired.patch new file mode 100644 index 000000000..8fe287040 --- /dev/null +++ b/meta-digi-dey/recipes-connectivity/wpa-supplicant/wpa-supplicant/murata/0024-Deauthenticate-STA-only-if-PMK-expired.patch @@ -0,0 +1,210 @@ +From: Kurt Lee +Date: Mon, 28 Mar 2022 03:53:29 -0500 +Subject: [PATCH] Deauthenticate STA only if PMK expired + +Porting from commit 6aaac006af7fd39d618c6546939bed9f0f0cea37 +which acts on hostapd. Don't deauthenticate STA when PMK is freed or +replaced +--- + src/ap/pmksa_cache_auth.c | 22 ++++++++++++---------- + src/ap/pmksa_cache_auth.h | 12 ++++++++++-- + src/ap/wpa_auth.c | 7 ++++--- + 3 files changed, 26 insertions(+), 15 deletions(-) + +diff --git a/src/ap/pmksa_cache_auth.c b/src/ap/pmksa_cache_auth.c +index b67b8522e..8c733cde0 100644 +--- a/src/ap/pmksa_cache_auth.c ++++ b/src/ap/pmksa_cache_auth.c +@@ -26,11 +26,12 @@ struct rsn_pmksa_cache { + #define PMKID_HASH(pmkid) (unsigned int) ((pmkid)[0] & 0x7f) + struct rsn_pmksa_cache_entry *pmkid[PMKID_HASH_SIZE]; + struct rsn_pmksa_cache_entry *pmksa; + int pmksa_count; + +- void (*free_cb)(struct rsn_pmksa_cache_entry *entry, void *ctx); ++ void (*free_cb)(struct rsn_pmksa_cache_entry *entry, void *ctx, ++ enum pmksa_free_reason reason); + void *ctx; + }; + + + static void pmksa_cache_set_expiration(struct rsn_pmksa_cache *pmksa); +@@ -47,17 +48,18 @@ static void _pmksa_cache_free_entry(struct rsn_pmksa_cache_entry *entry) + bin_clear_free(entry, sizeof(*entry)); + } + + + void pmksa_cache_free_entry(struct rsn_pmksa_cache *pmksa, +- struct rsn_pmksa_cache_entry *entry) ++ struct rsn_pmksa_cache_entry *entry, ++ enum pmksa_free_reason reason) + { + struct rsn_pmksa_cache_entry *pos, *prev; + unsigned int hash; + + pmksa->pmksa_count--; +- pmksa->free_cb(entry, pmksa->ctx); ++ pmksa->free_cb(entry, pmksa->ctx, reason); + + /* unlink from hash list */ + hash = PMKID_HASH(entry->pmkid); + pos = pmksa->pmkid[hash]; + prev = NULL; +@@ -99,11 +101,11 @@ void pmksa_cache_free_entry(struct rsn_pmksa_cache *pmksa, + void pmksa_cache_auth_flush(struct rsn_pmksa_cache *pmksa) + { + while (pmksa->pmksa) { + wpa_printf(MSG_DEBUG, "RSN: Flush PMKSA cache entry for " + MACSTR, MAC2STR(pmksa->pmksa->spa)); +- pmksa_cache_free_entry(pmksa, pmksa->pmksa); ++ pmksa_cache_free_entry(pmksa, pmksa->pmksa, PMKSA_FREE); + } + } + + + static void pmksa_cache_expire(void *eloop_ctx, void *timeout_ctx) +@@ -113,17 +115,16 @@ static void pmksa_cache_expire(void *eloop_ctx, void *timeout_ctx) + + os_get_reltime(&now); + while (pmksa->pmksa && pmksa->pmksa->expiration <= now.sec) { + wpa_printf(MSG_DEBUG, "RSN: expired PMKSA cache entry for " + MACSTR, MAC2STR(pmksa->pmksa->spa)); +- pmksa_cache_free_entry(pmksa, pmksa->pmksa); ++ pmksa_cache_free_entry(pmksa, pmksa->pmksa, PMKSA_EXPIRE); + } + + pmksa_cache_set_expiration(pmksa); + } + +- + static void pmksa_cache_set_expiration(struct rsn_pmksa_cache *pmksa) + { + int sec; + struct os_reltime now; + +@@ -372,18 +373,18 @@ int pmksa_cache_auth_add_entry(struct rsn_pmksa_cache *pmksa, + + /* Replace an old entry for the same STA (if found) with the new entry + */ + pos = pmksa_cache_auth_get(pmksa, entry->spa, NULL); + if (pos) +- pmksa_cache_free_entry(pmksa, pos); ++ pmksa_cache_free_entry(pmksa, pos, PMKSA_REPLACE); + + if (pmksa->pmksa_count >= pmksa_cache_max_entries && pmksa->pmksa) { + /* Remove the oldest entry to make room for the new entry */ + wpa_printf(MSG_DEBUG, "RSN: removed the oldest PMKSA cache " + "entry (for " MACSTR ") to make room for new one", + MAC2STR(pmksa->pmksa->spa)); +- pmksa_cache_free_entry(pmksa, pmksa->pmksa); ++ pmksa_cache_free_entry(pmksa, pmksa->pmksa, PMKSA_FREE); + } + + pmksa_cache_link_entry(pmksa, entry); + + return 0; +@@ -537,11 +538,12 @@ struct rsn_pmksa_cache_entry * pmksa_cache_get_okc( + * @ctx: Context pointer for free_cb function + * Returns: Pointer to PMKSA cache data or %NULL on failure + */ + struct rsn_pmksa_cache * + pmksa_cache_auth_init(void (*free_cb)(struct rsn_pmksa_cache_entry *entry, +- void *ctx), void *ctx) ++ void *ctx, enum pmksa_free_reason reason), ++ void *ctx) + { + struct rsn_pmksa_cache *pmksa; + + pmksa = os_zalloc(sizeof(*pmksa)); + if (pmksa) { +@@ -611,11 +613,11 @@ int pmksa_cache_auth_radius_das_disconnect(struct rsn_pmksa_cache *pmksa, + while (entry) { + if (das_attr_match(entry, attr)) { + found++; + prev = entry; + entry = entry->next; +- pmksa_cache_free_entry(pmksa, prev); ++ pmksa_cache_free_entry(pmksa, prev, PMKSA_FREE); + continue; + } + entry = entry->next; + } + +diff --git a/src/ap/pmksa_cache_auth.h b/src/ap/pmksa_cache_auth.h +index 2ef217435..9c942024d 100644 +--- a/src/ap/pmksa_cache_auth.h ++++ b/src/ap/pmksa_cache_auth.h +@@ -32,16 +32,23 @@ struct rsn_pmksa_cache_entry { + int opportunistic; + + u64 acct_multi_session_id; + }; + ++enum pmksa_free_reason { ++ PMKSA_FREE, ++ PMKSA_REPLACE, ++ PMKSA_EXPIRE, ++}; ++ + struct rsn_pmksa_cache; + struct radius_das_attrs; + + struct rsn_pmksa_cache * + pmksa_cache_auth_init(void (*free_cb)(struct rsn_pmksa_cache_entry *entry, +- void *ctx), void *ctx); ++ void *ctx, enum pmksa_free_reason reason), ++ void *ctx); + void pmksa_cache_auth_deinit(struct rsn_pmksa_cache *pmksa); + struct rsn_pmksa_cache_entry * + pmksa_cache_auth_get(struct rsn_pmksa_cache *pmksa, + const u8 *spa, const u8 *pmkid); + struct rsn_pmksa_cache_entry * pmksa_cache_get_okc( +@@ -66,11 +73,12 @@ pmksa_cache_add_okc(struct rsn_pmksa_cache *pmksa, + const u8 *aa, const u8 *pmkid); + void pmksa_cache_to_eapol_data(struct hostapd_data *hapd, + struct rsn_pmksa_cache_entry *entry, + struct eapol_state_machine *eapol); + void pmksa_cache_free_entry(struct rsn_pmksa_cache *pmksa, +- struct rsn_pmksa_cache_entry *entry); ++ struct rsn_pmksa_cache_entry *entry, ++ enum pmksa_free_reason reason); + int pmksa_cache_auth_radius_das_disconnect(struct rsn_pmksa_cache *pmksa, + struct radius_das_attrs *attr); + int pmksa_cache_auth_list(struct rsn_pmksa_cache *pmksa, char *buf, size_t len); + void pmksa_cache_auth_flush(struct rsn_pmksa_cache *pmksa); + int pmksa_cache_auth_list_mesh(struct rsn_pmksa_cache *pmksa, const u8 *addr, +diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c +index e92ea4302..36ab7e5b5 100644 +--- a/src/ap/wpa_auth.c ++++ b/src/ap/wpa_auth.c +@@ -385,14 +385,15 @@ static int wpa_auth_pmksa_clear_cb(struct wpa_state_machine *sm, void *ctx) + return 0; + } + + + static void wpa_auth_pmksa_free_cb(struct rsn_pmksa_cache_entry *entry, +- void *ctx) ++ void *ctx, enum pmksa_free_reason reason) + { + struct wpa_authenticator *wpa_auth = ctx; +- wpa_sta_disconnect(wpa_auth, entry->spa, WLAN_REASON_PREV_AUTH_NOT_VALID); ++ if (reason == PMKSA_EXPIRE) ++ wpa_sta_disconnect(wpa_auth, entry->spa, WLAN_REASON_PREV_AUTH_NOT_VALID); + wpa_auth_for_each_sta(wpa_auth, wpa_auth_pmksa_clear_cb, entry); + } + + + static int wpa_group_init_gmk_and_counter(struct wpa_authenticator *wpa_auth, +@@ -4892,11 +4893,11 @@ void wpa_auth_pmksa_remove(struct wpa_authenticator *wpa_auth, + return; + pmksa = pmksa_cache_auth_get(wpa_auth->pmksa, sta_addr, NULL); + if (pmksa) { + wpa_printf(MSG_DEBUG, "WPA: Remove PMKSA cache entry for " + MACSTR " based on request", MAC2STR(sta_addr)); +- pmksa_cache_free_entry(wpa_auth->pmksa, pmksa); ++ pmksa_cache_free_entry(wpa_auth->pmksa, pmksa, PMKSA_FREE); + } + } + + + int wpa_auth_pmksa_list(struct wpa_authenticator *wpa_auth, char *buf, diff --git a/meta-digi-dey/recipes-connectivity/wpa-supplicant/wpa-supplicant_%.bbappend b/meta-digi-dey/recipes-connectivity/wpa-supplicant/wpa-supplicant_%.bbappend index 382e3272e..d9596a6c7 100644 --- a/meta-digi-dey/recipes-connectivity/wpa-supplicant/wpa-supplicant_%.bbappend +++ b/meta-digi-dey/recipes-connectivity/wpa-supplicant/wpa-supplicant_%.bbappend @@ -34,6 +34,10 @@ MURATA_COMMON_PATCHES = " \ file://murata/0018-wpa_supplicant-Support-WPA_KEY_MGMT_FT-for-eapol-off.patch \ file://murata/0019-wpa_supplicant-suppress-deauth-for-PMKSA-caching-dis.patch \ file://murata/0020-Fix-to-check-Invalid-GTK-IE-length-in-M3-at-STA.patch \ + file://murata/0021-SAE-Fix-for-PMK-expiration-issue-through-supplicant.patch \ + file://murata/0022-SAE-Fix-for-PMK-expiration-issue-through-supplicant.patch;apply=no \ + file://murata/0023-SAE-Drop-PMKSA-cache-after-receiving-specific-deauth.patch \ + file://murata/0024-Deauthenticate-STA-only-if-PMK-expired.patch \ " SRC_URI:append:ccimx6sbc = " file://wpa_supplicant_p2p.conf_atheros"