wpa_supplicant: update Murata wireless support to release v5.10.9-2022_0511

https://onedigi.atlassian.net/browse/DEL-8025

Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>

meta-digi-dey/recipes-connectivity/wpa-supplicant/wpa-supplicant/murata/0021-SAE-Fix-for-PMK-expiration-issue-through-supplicant.patch

@@ -0,0 +1,156 @@
+From: Kurt Lee <kurt.lee@cypress.com>
+Date: Mon, 14 Feb 2022 00:08:23 -0600
+Subject: [PATCH] SAE: Fix for PMK expiration issue through supplicant
+ (first)
+
+Description : Sending Deauth from AP once PMK timeout occurs, So that
+STA will initiate the Auth process.
+Changes : 1) Added support to get the dot11RSNAConfigPMKLifetime conf
+element in wpa_authenticator structure to pass to the lower API's
+2) Sending deauth from the wpa_auth_pmksa_free_cb once PMK time out
+occurs.
+Tested: Confirmed once PMK timeout occurs AP is sending deauth and STA
+starting AUTH frame.
+
+Porting from project: hostap_upstream, branch: IOT_HOSTAP_BRANCH_1_201
+ID: 587411dd with modified hostapd/config_file.c for configuration of
+hostapd
+
+First part: changes not touching 'hostapd' directory.
+
+Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
+---
+ src/ap/ap_config.h  | 2 ++
+ src/ap/ieee802_11.c | 1 +
+ src/ap/wpa_auth.c   | 9 ++++++++-
+ src/ap/wpa_auth.h   | 1 +
+ src/ap/wpa_auth_i.h | 1 +
+ wpa_supplicant/ap.c | 2 ++
+ 6 files changed, 15 insertions(+), 1 deletion(-)
+
+diff --git a/src/ap/ap_config.h b/src/ap/ap_config.h
+index 49cd3168a..a82ca1853 100644
+--- a/src/ap/ap_config.h
++++ b/src/ap/ap_config.h
+@@ -896,10 +896,12 @@ struct hostapd_bss_config {
+
+ 	u8 ext_capa_mask[EXT_CAPA_MAX_LEN];
+ 	u8 ext_capa[EXT_CAPA_MAX_LEN];
+
+ 	u8 rnr;
++
++	unsigned int dot11RSNAConfigPMKLifetime;
+ };
+
+ /**
+  * struct he_phy_capabilities_info - HE PHY capabilities
+  */
+diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c
+index 3b735c09f..c4f7d00cc 100644
+--- a/src/ap/ieee802_11.c
++++ b/src/ap/ieee802_11.c
+@@ -978,10 +978,11 @@ void sae_accept_sta(struct hostapd_data *hapd, struct sta_info *sta)
+ 	wpa_auth_sm_event(sta->wpa_sm, WPA_AUTH);
+ 	sae_set_state(sta, SAE_ACCEPTED, "Accept Confirm");
+ 	crypto_bignum_deinit(sta->sae->peer_commit_scalar_accepted, 0);
+ 	sta->sae->peer_commit_scalar_accepted = sta->sae->peer_commit_scalar;
+ 	sta->sae->peer_commit_scalar = NULL;
++	wpa_auth_set_pmk_life_time(hapd->wpa_auth,hapd->conf->dot11RSNAConfigPMKLifetime);
+ 	wpa_auth_pmksa_add_sae(hapd->wpa_auth, sta->addr,
+ 			       sta->sae->pmk, sta->sae->pmkid);
+ #ifndef CONFIG_WPA3_SAE_AUTH_EARLY_SET
+ 	sae_sme_send_external_auth_status(hapd, sta, WLAN_STATUS_SUCCESS);
+ #endif /* CONFIG_WPA3_SAE_AUTH_EARLY_SET */
+diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c
+index 4b506c1db..e92ea4302 100644
+--- a/src/ap/wpa_auth.c
++++ b/src/ap/wpa_auth.c
+@@ -388,10 +388,11 @@ static int wpa_auth_pmksa_clear_cb(struct wpa_state_machine *sm, void *ctx)
+
+ static void wpa_auth_pmksa_free_cb(struct rsn_pmksa_cache_entry *entry,
+ 				   void *ctx)
+ {
+ 	struct wpa_authenticator *wpa_auth = ctx;
++	wpa_sta_disconnect(wpa_auth, entry->spa, WLAN_REASON_PREV_AUTH_NOT_VALID);
+ 	wpa_auth_for_each_sta(wpa_auth, wpa_auth_pmksa_clear_cb, entry);
+ }
+
+
+ static int wpa_group_init_gmk_and_counter(struct wpa_authenticator *wpa_auth,
+@@ -4833,20 +4834,26 @@ int wpa_auth_pmksa_add_preauth(struct wpa_authenticator *wpa_auth,
+
+ 	return -1;
+ }
+
+
++void wpa_auth_set_pmk_life_time(struct wpa_authenticator *wpa_auth, unsigned int pmk_life_time)
++{
++        wpa_auth->pmk_life_time = pmk_life_time;
++}
++
++
+ int wpa_auth_pmksa_add_sae(struct wpa_authenticator *wpa_auth, const u8 *addr,
+ 			   const u8 *pmk, const u8 *pmkid)
+ {
+ 	if (wpa_auth->conf.disable_pmksa_caching)
+ 		return -1;
+
+ 	wpa_hexdump_key(MSG_DEBUG, "RSN: Cache PMK from SAE", pmk, PMK_LEN);
+ 	if (pmksa_cache_auth_add(wpa_auth->pmksa, pmk, PMK_LEN, pmkid,
+ 				 NULL, 0,
+-				 wpa_auth->addr, addr, 0, NULL,
++				 wpa_auth->addr, addr, wpa_auth->pmk_life_time, NULL,
+ 				 WPA_KEY_MGMT_SAE))
+ 		return 0;
+
+ 	return -1;
+ }
+diff --git a/src/ap/wpa_auth.h b/src/ap/wpa_auth.h
+index 140147e79..06fe4d708 100644
+--- a/src/ap/wpa_auth.h
++++ b/src/ap/wpa_auth.h
+@@ -423,10 +423,11 @@ int wpa_auth_pmksa_add_preauth(struct wpa_authenticator *wpa_auth,
+ 			       const u8 *pmk, size_t len, const u8 *sta_addr,
+ 			       int session_timeout,
+ 			       struct eapol_state_machine *eapol);
+ int wpa_auth_pmksa_add_sae(struct wpa_authenticator *wpa_auth, const u8 *addr,
+ 			   const u8 *pmk, const u8 *pmkid);
++void wpa_auth_set_pmk_life_time(struct wpa_authenticator *wpa_auth, unsigned int pmk_life_time);
+ void wpa_auth_add_sae_pmkid(struct wpa_state_machine *sm, const u8 *pmkid);
+ int wpa_auth_pmksa_add2(struct wpa_authenticator *wpa_auth, const u8 *addr,
+ 			const u8 *pmk, size_t pmk_len, const u8 *pmkid,
+ 			int session_timeout, int akmp);
+ void wpa_auth_pmksa_remove(struct wpa_authenticator *wpa_auth,
+diff --git a/src/ap/wpa_auth_i.h b/src/ap/wpa_auth_i.h
+index a6dc1a591..f46bdabdd 100644
+--- a/src/ap/wpa_auth_i.h
++++ b/src/ap/wpa_auth_i.h
+@@ -235,10 +235,11 @@ struct wpa_authenticator {
+ 	struct wpa_ft_pmk_cache *ft_pmk_cache;
+
+ #ifdef CONFIG_P2P
+ 	struct bitfield *ip_pool;
+ #endif /* CONFIG_P2P */
++	unsigned int pmk_life_time;
+ };
+
+
+ #ifdef CONFIG_IEEE80211R_AP
+
+diff --git a/wpa_supplicant/ap.c b/wpa_supplicant/ap.c
+index 6a0a69e68..cade9512b 100644
+--- a/wpa_supplicant/ap.c
++++ b/wpa_supplicant/ap.c
+@@ -603,10 +603,12 @@ static int wpa_supplicant_conf_ap(struct wpa_supplicant *wpa_s,
+
+ 	if (ssid->sae_pwe != DEFAULT_SAE_PWE)
+ 		bss->sae_pwe = ssid->sae_pwe;
+ 	else
+ 		bss->sae_pwe = wpa_s->conf->sae_pwe;
++
++	bss->dot11RSNAConfigPMKLifetime = wpa_s->conf->dot11RSNAConfigPMKLifetime;
+ #endif /* CONFIG_SAE */
+
+ 	if (wpa_s->conf->go_interworking) {
+ 		wpa_printf(MSG_DEBUG,
+ 			   "P2P: Enable Interworking with access_network_type: %d",

meta-digi-dey/recipes-connectivity/wpa-supplicant/wpa-supplicant/murata/0022-SAE-Fix-for-PMK-expiration-issue-through-supplicant.patch

@@ -0,0 +1,42 @@
+From: Kurt Lee <kurt.lee@cypress.com>
+Date: Mon, 14 Feb 2022 00:08:23 -0600
+Subject: [PATCH] SAE: Fix for PMK expiration issue through supplicant
+ (second)
+
+Description : Sending Deauth from AP once PMK timeout occurs, So that
+STA will initiate the Auth process.
+Changes : 1) Added support to get the dot11RSNAConfigPMKLifetime conf
+element in wpa_authenticator structure to pass to the lower API's
+2) Sending deauth from the wpa_auth_pmksa_free_cb once PMK time out
+occurs.
+Tested: Confirmed once PMK timeout occurs AP is sending deauth and STA
+starting AUTH frame.
+
+Porting from project: hostap_upstream, branch: IOT_HOSTAP_BRANCH_1_201
+ID: 587411dd with modified hostapd/config_file.c for configuration of
+hostapd
+
+Second part: changes to 'hostapd' directory.
+
+Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
+---
+ hostapd/config_file.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/hostapd/config_file.c b/hostapd/config_file.c
+index b14728d1b..386499323 100644
+--- a/hostapd/config_file.c
++++ b/hostapd/config_file.c
+@@ -3669,10 +3669,12 @@ static int hostapd_config_fill(struct hostapd_config *conf,
+ #endif /* CONFIG_IEEE80211AX */
+ 	} else if (os_strcmp(buf, "max_listen_interval") == 0) {
+ 		bss->max_listen_interval = atoi(pos);
+ 	} else if (os_strcmp(buf, "disable_pmksa_caching") == 0) {
+ 		bss->disable_pmksa_caching = atoi(pos);
++	} else if (os_strcmp(buf, "dot11RSNAConfigPMKLifetime") == 0) {
++		bss->dot11RSNAConfigPMKLifetime = atoi(pos);
+ 	} else if (os_strcmp(buf, "okc") == 0) {
+ 		bss->okc = atoi(pos);
+ #ifdef CONFIG_WPS
+ 	} else if (os_strcmp(buf, "wps_state") == 0) {
+ 		bss->wps_state = atoi(pos);

meta-digi-dey/recipes-connectivity/wpa-supplicant/wpa-supplicant/murata/0023-SAE-Drop-PMKSA-cache-after-receiving-specific-deauth.patch

@@ -0,0 +1,42 @@
+From: Kurt Lee <kurt.lee@cypress.com>
+Date: Thu, 24 Feb 2022 03:57:22 -0600
+Subject: [PATCH] SAE: Drop PMKSA cache after receiving specific deauth
+
+As a STA mode, when receiving deauth frame with reason code
+WLAN_REASON_PREV_AUTH_NOT_VALID, it should drop its PMKSA cache.
+---
+ wpa_supplicant/events.c | 19 +++++++++++++++++++
+ 1 file changed, 19 insertions(+)
+
+diff --git a/wpa_supplicant/events.c b/wpa_supplicant/events.c
+index fe8dbd91d..bfd49ee43 100644
+--- a/wpa_supplicant/events.c
++++ b/wpa_supplicant/events.c
+@@ -4157,10 +4157,29 @@ static void wpas_event_disconnect(struct wpa_supplicant *wpa_s, const u8 *addr,
+ 			return;
+ 		}
+ 	}
+ #endif /* CONFIG_P2P */
+
++#ifdef CONFIG_SAE
++	if (reason_code == WLAN_REASON_PREV_AUTH_NOT_VALID) {
++		const u8 *bssid = wpa_s->bssid;
++
++		if (is_zero_ether_addr(bssid))
++			bssid = wpa_s->pending_bssid;
++
++		if ((!is_zero_ether_addr(bssid) ||
++			(wpa_s->wpa_state >= WPA_AUTHENTICATING)) &&
++			wpa_s->current_ssid &&
++			wpa_key_mgmt_sae(wpa_s->current_ssid->key_mgmt)) {
++			wpa_dbg(wpa_s, MSG_DEBUG, "SAE: Drop PMKSA "
++				"cache entry");
++			wpa_sm_aborted_cached(wpa_s->wpa);
++			wpa_sm_pmksa_cache_flush(wpa_s->wpa,
++				wpa_s->current_ssid);
++		}
++	}
++#endif /* CONFIG_SAE */
+ 	wpa_supplicant_event_disassoc_finish(wpa_s, reason_code,
+ 					     locally_generated);
+ }

meta-digi-dey/recipes-connectivity/wpa-supplicant/wpa-supplicant/murata/0024-Deauthenticate-STA-only-if-PMK-expired.patch

@@ -0,0 +1,210 @@
+From: Kurt Lee <kurt.lee@cypress.com>
+Date: Mon, 28 Mar 2022 03:53:29 -0500
+Subject: [PATCH] Deauthenticate STA only if PMK expired
+
+Porting from commit 6aaac006af7fd39d618c6546939bed9f0f0cea37
+which acts on hostapd. Don't deauthenticate STA when PMK is freed or
+replaced
+---
+ src/ap/pmksa_cache_auth.c | 22 ++++++++++++----------
+ src/ap/pmksa_cache_auth.h | 12 ++++++++++--
+ src/ap/wpa_auth.c         |  7 ++++---
+ 3 files changed, 26 insertions(+), 15 deletions(-)
+
+diff --git a/src/ap/pmksa_cache_auth.c b/src/ap/pmksa_cache_auth.c
+index b67b8522e..8c733cde0 100644
+--- a/src/ap/pmksa_cache_auth.c
++++ b/src/ap/pmksa_cache_auth.c
+@@ -26,11 +26,12 @@ struct rsn_pmksa_cache {
+ #define PMKID_HASH(pmkid) (unsigned int) ((pmkid)[0] & 0x7f)
+ 	struct rsn_pmksa_cache_entry *pmkid[PMKID_HASH_SIZE];
+ 	struct rsn_pmksa_cache_entry *pmksa;
+ 	int pmksa_count;
+
+-	void (*free_cb)(struct rsn_pmksa_cache_entry *entry, void *ctx);
++	void (*free_cb)(struct rsn_pmksa_cache_entry *entry, void *ctx,
++			enum pmksa_free_reason reason);
+ 	void *ctx;
+ };
+
+
+ static void pmksa_cache_set_expiration(struct rsn_pmksa_cache *pmksa);
+@@ -47,17 +48,18 @@ static void _pmksa_cache_free_entry(struct rsn_pmksa_cache_entry *entry)
+ 	bin_clear_free(entry, sizeof(*entry));
+ }
+
+
+ void pmksa_cache_free_entry(struct rsn_pmksa_cache *pmksa,
+-			    struct rsn_pmksa_cache_entry *entry)
++			    struct rsn_pmksa_cache_entry *entry,
++			    enum pmksa_free_reason reason)
+ {
+ 	struct rsn_pmksa_cache_entry *pos, *prev;
+ 	unsigned int hash;
+
+ 	pmksa->pmksa_count--;
+-	pmksa->free_cb(entry, pmksa->ctx);
++	pmksa->free_cb(entry, pmksa->ctx, reason);
+
+ 	/* unlink from hash list */
+ 	hash = PMKID_HASH(entry->pmkid);
+ 	pos = pmksa->pmkid[hash];
+ 	prev = NULL;
+@@ -99,11 +101,11 @@ void pmksa_cache_free_entry(struct rsn_pmksa_cache *pmksa,
+ void pmksa_cache_auth_flush(struct rsn_pmksa_cache *pmksa)
+ {
+ 	while (pmksa->pmksa) {
+ 		wpa_printf(MSG_DEBUG, "RSN: Flush PMKSA cache entry for "
+ 			   MACSTR, MAC2STR(pmksa->pmksa->spa));
+-		pmksa_cache_free_entry(pmksa, pmksa->pmksa);
++		pmksa_cache_free_entry(pmksa, pmksa->pmksa, PMKSA_FREE);
+ 	}
+ }
+
+
+ static void pmksa_cache_expire(void *eloop_ctx, void *timeout_ctx)
+@@ -113,17 +115,16 @@ static void pmksa_cache_expire(void *eloop_ctx, void *timeout_ctx)
+
+ 	os_get_reltime(&now);
+ 	while (pmksa->pmksa && pmksa->pmksa->expiration <= now.sec) {
+ 		wpa_printf(MSG_DEBUG, "RSN: expired PMKSA cache entry for "
+ 			   MACSTR, MAC2STR(pmksa->pmksa->spa));
+-		pmksa_cache_free_entry(pmksa, pmksa->pmksa);
++		pmksa_cache_free_entry(pmksa, pmksa->pmksa, PMKSA_EXPIRE);
+ 	}
+
+ 	pmksa_cache_set_expiration(pmksa);
+ }
+
+-
+ static void pmksa_cache_set_expiration(struct rsn_pmksa_cache *pmksa)
+ {
+ 	int sec;
+ 	struct os_reltime now;
+
+@@ -372,18 +373,18 @@ int pmksa_cache_auth_add_entry(struct rsn_pmksa_cache *pmksa,
+
+ 	/* Replace an old entry for the same STA (if found) with the new entry
+ 	 */
+ 	pos = pmksa_cache_auth_get(pmksa, entry->spa, NULL);
+ 	if (pos)
+-		pmksa_cache_free_entry(pmksa, pos);
++		pmksa_cache_free_entry(pmksa, pos, PMKSA_REPLACE);
+
+ 	if (pmksa->pmksa_count >= pmksa_cache_max_entries && pmksa->pmksa) {
+ 		/* Remove the oldest entry to make room for the new entry */
+ 		wpa_printf(MSG_DEBUG, "RSN: removed the oldest PMKSA cache "
+ 			   "entry (for " MACSTR ") to make room for new one",
+ 			   MAC2STR(pmksa->pmksa->spa));
+-		pmksa_cache_free_entry(pmksa, pmksa->pmksa);
++		pmksa_cache_free_entry(pmksa, pmksa->pmksa, PMKSA_FREE);
+ 	}
+
+ 	pmksa_cache_link_entry(pmksa, entry);
+
+ 	return 0;
+@@ -537,11 +538,12 @@ struct rsn_pmksa_cache_entry * pmksa_cache_get_okc(
+  * @ctx: Context pointer for free_cb function
+  * Returns: Pointer to PMKSA cache data or %NULL on failure
+  */
+ struct rsn_pmksa_cache *
+ pmksa_cache_auth_init(void (*free_cb)(struct rsn_pmksa_cache_entry *entry,
+-				      void *ctx), void *ctx)
++				      void *ctx, enum pmksa_free_reason reason),
++		      void *ctx)
+ {
+ 	struct rsn_pmksa_cache *pmksa;
+
+ 	pmksa = os_zalloc(sizeof(*pmksa));
+ 	if (pmksa) {
+@@ -611,11 +613,11 @@ int pmksa_cache_auth_radius_das_disconnect(struct rsn_pmksa_cache *pmksa,
+ 	while (entry) {
+ 		if (das_attr_match(entry, attr)) {
+ 			found++;
+ 			prev = entry;
+ 			entry = entry->next;
+-			pmksa_cache_free_entry(pmksa, prev);
++			pmksa_cache_free_entry(pmksa, prev, PMKSA_FREE);
+ 			continue;
+ 		}
+ 		entry = entry->next;
+ 	}
+
+diff --git a/src/ap/pmksa_cache_auth.h b/src/ap/pmksa_cache_auth.h
+index 2ef217435..9c942024d 100644
+--- a/src/ap/pmksa_cache_auth.h
++++ b/src/ap/pmksa_cache_auth.h
+@@ -32,16 +32,23 @@ struct rsn_pmksa_cache_entry {
+ 	int opportunistic;
+
+ 	u64 acct_multi_session_id;
+ };
+
++enum pmksa_free_reason {
++	PMKSA_FREE,
++	PMKSA_REPLACE,
++	PMKSA_EXPIRE,
++};
++
+ struct rsn_pmksa_cache;
+ struct radius_das_attrs;
+
+ struct rsn_pmksa_cache *
+ pmksa_cache_auth_init(void (*free_cb)(struct rsn_pmksa_cache_entry *entry,
+-				      void *ctx), void *ctx);
++				      void *ctx, enum pmksa_free_reason reason),
++		      void *ctx);
+ void pmksa_cache_auth_deinit(struct rsn_pmksa_cache *pmksa);
+ struct rsn_pmksa_cache_entry *
+ pmksa_cache_auth_get(struct rsn_pmksa_cache *pmksa,
+ 		     const u8 *spa, const u8 *pmkid);
+ struct rsn_pmksa_cache_entry * pmksa_cache_get_okc(
+@@ -66,11 +73,12 @@ pmksa_cache_add_okc(struct rsn_pmksa_cache *pmksa,
+ 		    const u8 *aa, const u8 *pmkid);
+ void pmksa_cache_to_eapol_data(struct hostapd_data *hapd,
+ 			       struct rsn_pmksa_cache_entry *entry,
+ 			       struct eapol_state_machine *eapol);
+ void pmksa_cache_free_entry(struct rsn_pmksa_cache *pmksa,
+-			    struct rsn_pmksa_cache_entry *entry);
++			    struct rsn_pmksa_cache_entry *entry,
++			    enum pmksa_free_reason reason);
+ int pmksa_cache_auth_radius_das_disconnect(struct rsn_pmksa_cache *pmksa,
+ 					   struct radius_das_attrs *attr);
+ int pmksa_cache_auth_list(struct rsn_pmksa_cache *pmksa, char *buf, size_t len);
+ void pmksa_cache_auth_flush(struct rsn_pmksa_cache *pmksa);
+ int pmksa_cache_auth_list_mesh(struct rsn_pmksa_cache *pmksa, const u8 *addr,
+diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c
+index e92ea4302..36ab7e5b5 100644
+--- a/src/ap/wpa_auth.c
++++ b/src/ap/wpa_auth.c
+@@ -385,14 +385,15 @@ static int wpa_auth_pmksa_clear_cb(struct wpa_state_machine *sm, void *ctx)
+ 	return 0;
+ }
+
+
+ static void wpa_auth_pmksa_free_cb(struct rsn_pmksa_cache_entry *entry,
+-				   void *ctx)
++				   void *ctx, enum pmksa_free_reason reason)
+ {
+ 	struct wpa_authenticator *wpa_auth = ctx;
+-	wpa_sta_disconnect(wpa_auth, entry->spa, WLAN_REASON_PREV_AUTH_NOT_VALID);
++	if (reason == PMKSA_EXPIRE)
++		wpa_sta_disconnect(wpa_auth, entry->spa, WLAN_REASON_PREV_AUTH_NOT_VALID);
+ 	wpa_auth_for_each_sta(wpa_auth, wpa_auth_pmksa_clear_cb, entry);
+ }
+
+
+ static int wpa_group_init_gmk_and_counter(struct wpa_authenticator *wpa_auth,
+@@ -4892,11 +4893,11 @@ void wpa_auth_pmksa_remove(struct wpa_authenticator *wpa_auth,
+ 		return;
+ 	pmksa = pmksa_cache_auth_get(wpa_auth->pmksa, sta_addr, NULL);
+ 	if (pmksa) {
+ 		wpa_printf(MSG_DEBUG, "WPA: Remove PMKSA cache entry for "
+ 			   MACSTR " based on request", MAC2STR(sta_addr));
+-		pmksa_cache_free_entry(wpa_auth->pmksa, pmksa);
++		pmksa_cache_free_entry(wpa_auth->pmksa, pmksa, PMKSA_FREE);
+ 	}
+ }
+
+
+ int wpa_auth_pmksa_list(struct wpa_authenticator *wpa_auth, char *buf,

meta-digi-dey/recipes-connectivity/wpa-supplicant/wpa-supplicant_%.bbappend

@@ -34,6 +34,10 @@ MURATA_COMMON_PATCHES = " \
     file://murata/0018-wpa_supplicant-Support-WPA_KEY_MGMT_FT-for-eapol-off.patch \
     file://murata/0019-wpa_supplicant-suppress-deauth-for-PMKSA-caching-dis.patch \
     file://murata/0020-Fix-to-check-Invalid-GTK-IE-length-in-M3-at-STA.patch \
+    file://murata/0021-SAE-Fix-for-PMK-expiration-issue-through-supplicant.patch \
+    file://murata/0022-SAE-Fix-for-PMK-expiration-issue-through-supplicant.patch;apply=no \
+    file://murata/0023-SAE-Drop-PMKSA-cache-after-receiving-specific-deauth.patch \
+    file://murata/0024-Deauthenticate-STA-only-if-PMK-expired.patch \
 "
 
 SRC_URI:append:ccimx6sbc = " file://wpa_supplicant_p2p.conf_atheros"