!75 [sync] PR-68: fix CVE-2024-5290

From: @openeuler-sync-bot 
Reviewed-by: @dillon_chen 
Signed-off-by: @dillon_chen

CVE-2021-0326.patch

@@ -0,0 +1,38 @@
+From 947272febe24a8f0ea828b5b2f35f13c3821901e Mon Sep 17 00:00:00 2001
+From: Jouni Malinen <jouni@codeaurora.org>
+Date: Mon, 9 Nov 2020 11:43:12 +0200
+Subject: [PATCH] P2P: Fix copying of secondary device types for P2P group
+ client
+
+Parsing and copying of WPS secondary device types list was verifying
+that the contents is not too long for the internal maximum in the case
+of WPS messages, but similar validation was missing from the case of P2P
+group information which encodes this information in a different
+attribute. This could result in writing beyond the memory area assigned
+for these entries and corrupting memory within an instance of struct
+p2p_device. This could result in invalid operations and unexpected
+behavior when trying to free pointers from that corrupted memory.
+
+Credit to OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=27269
+Fixes: e57ae6e19edf ("P2P: Keep track of secondary device types for peers")
+Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
+---
+ src/p2p/p2p.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/src/p2p/p2p.c b/src/p2p/p2p.c
+index 74b7b52..5cbfc21 100644
+--- a/src/p2p/p2p.c
++++ b/src/p2p/p2p.c
+@@ -453,6 +453,8 @@ static void p2p_copy_client_info(struct p2p_device *dev,
+ 	dev->info.config_methods = cli->config_methods;
+ 	os_memcpy(dev->info.pri_dev_type, cli->pri_dev_type, 8);
+ 	dev->info.wps_sec_dev_type_list_len = 8 * cli->num_sec_dev_types;
++	if (dev->info.wps_sec_dev_type_list_len > WPS_SEC_DEV_TYPE_MAX_LEN)
++		dev->info.wps_sec_dev_type_list_len = WPS_SEC_DEV_TYPE_MAX_LEN;
+ 	os_memcpy(dev->info.wps_sec_dev_type_list, cli->sec_dev_types,
+ 		  dev->info.wps_sec_dev_type_list_len);
+ }
+-- 
+1.8.3.1
+

CVE-2021-27803.patch

@@ -0,0 +1,50 @@
+From 8460e3230988ef2ec13ce6b69b687e941f6cdb32 Mon Sep 17 00:00:00 2001
+From: Jouni Malinen <jouni@codeaurora.org>
+Date: Tue, 8 Dec 2020 23:52:50 +0200
+Subject: P2P: Fix a corner case in peer addition based on PD Request
+
+p2p_add_device() may remove the oldest entry if there is no room in the
+peer table for a new peer. This would result in any pointer to that
+removed entry becoming stale. A corner case with an invalid PD Request
+frame could result in such a case ending up using (read+write) freed
+memory. This could only by triggered when the peer table has reached its
+maximum size and the PD Request frame is received from the P2P Device
+Address of the oldest remaining entry and the frame has incorrect P2P
+Device Address in the payload.
+
+Fix this by fetching the dev pointer again after having called
+p2p_add_device() so that the stale pointer cannot be used.
+
+Fixes: 17bef1e97a50 ("P2P: Add peer entry based on Provision Discovery Request")
+Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
+---
+ src/p2p/p2p_pd.c | 12 +++++-------
+ 1 file changed, 5 insertions(+), 7 deletions(-)
+
+diff --git a/src/p2p/p2p_pd.c b/src/p2p/p2p_pd.c
+index 3994ec0..05fd593 100644
+--- a/src/p2p/p2p_pd.c
++++ b/src/p2p/p2p_pd.c
+@@ -595,14 +595,12 @@ void p2p_process_prov_disc_req(struct p2p_data *p2p, const u8 *sa,
+ 			goto out;
+ 		}
+ 
++		dev = p2p_get_device(p2p, sa);
+ 		if (!dev) {
+-			dev = p2p_get_device(p2p, sa);
+-			if (!dev) {
+-				p2p_dbg(p2p,
+-					"Provision Discovery device not found "
+-					MACSTR, MAC2STR(sa));
+-				goto out;
+-			}
++			p2p_dbg(p2p,
++				"Provision Discovery device not found "
++				MACSTR, MAC2STR(sa));
++			goto out;
+ 		}
+ 	} else if (msg.wfd_subelems) {
+ 		wpabuf_free(dev->info.wfd_subelems);
+-- 
+cgit v0.12
+

CVE-2023-52160.patch

@@ -0,0 +1,219 @@
+From: Jouni Malinen <j@w1.fi>
+Date: Sat, 8 Jul 2023 19:55:32 +0300
+Subject: PEAP client: Update Phase 2 authentication requirements
+
+The previous PEAP client behavior allowed the server to skip Phase 2
+authentication with the expectation that the server was authenticated
+during Phase 1 through TLS server certificate validation. Various PEAP
+specifications are not exactly clear on what the behavior on this front
+is supposed to be and as such, this ended up being more flexible than
+the TTLS/FAST/TEAP cases. However, this is not really ideal when
+unfortunately common misconfiguration of PEAP is used in deployed
+devices where the server trust root (ca_cert) is not configured or the
+user has an easy option for allowing this validation step to be skipped.
+
+Change the default PEAP client behavior to be to require Phase 2
+authentication to be successfully completed for cases where TLS session
+resumption is not used and the client certificate has not been
+configured. Those two exceptions are the main cases where a deployed
+authentication server might skip Phase 2 and as such, where a more
+strict default behavior could result in undesired interoperability
+issues. Requiring Phase 2 authentication will end up disabling TLS
+session resumption automatically to avoid interoperability issues.
+
+Allow Phase 2 authentication behavior to be configured with a new phase1
+configuration parameter option:
+'phase2_auth' option can be used to control Phase 2 (i.e., within TLS
+tunnel) behavior for PEAP:
+ * 0 = do not require Phase 2 authentication
+ * 1 = require Phase 2 authentication when client certificate
+   (private_key/client_cert) is no used and TLS session resumption was
+   not used (default)
+ * 2 = require Phase 2 authentication in all cases
+
+Signed-off-by: Jouni Malinen <j@w1.fi>
+---
+ src/eap_peer/eap_config.h          |  8 ++++++++
+ src/eap_peer/eap_peap.c            | 40 +++++++++++++++++++++++++++++++++++---
+ src/eap_peer/eap_tls_common.c      |  6 ++++++
+ src/eap_peer/eap_tls_common.h      |  5 +++++
+ src/utils/includes.h               |  1 +
+ wpa_supplicant/wpa_supplicant.conf |  7 +++++++
+ 6 files changed, 64 insertions(+), 3 deletions(-)
+
+diff --git a/src/eap_peer/eap_config.h b/src/eap_peer/eap_config.h
+index d416afd..f803488 100644
+--- a/src/eap_peer/eap_config.h
++++ b/src/eap_peer/eap_config.h
+@@ -419,6 +419,14 @@ struct eap_peer_config {
+ 	 * 1 = use cryptobinding if server supports it
+ 	 * 2 = require cryptobinding
+ 	 *
++	 * phase2_auth option can be used to control Phase 2 (i.e., within TLS
++	 * tunnel) behavior for PEAP:
++	 * 0 = do not require Phase 2 authentication
++	 * 1 = require Phase 2 authentication when client certificate
++	 *  (private_key/client_cert) is no used and TLS session resumption was
++	 *  not used (default)
++	 * 2 = require Phase 2 authentication in all cases
++	 *
+ 	 * EAP-WSC (WPS) uses following options: pin=Device_Password and
+ 	 * uuid=Device_UUID
+ 	 *
+diff --git a/src/eap_peer/eap_peap.c b/src/eap_peer/eap_peap.c
+index 34075b1..79a36b0 100644
+--- a/src/eap_peer/eap_peap.c
++++ b/src/eap_peer/eap_peap.c
+@@ -67,6 +67,7 @@ struct eap_peap_data {
+ 	u8 cmk[20];
+ 	int soh; /* Whether IF-TNCCS-SOH (Statement of Health; Microsoft NAP)
+ 		  * is enabled. */
++	enum { NO_AUTH, FOR_INITIAL, ALWAYS } phase2_auth;
+ };
+ 
+ 
+@@ -114,6 +115,19 @@ static void eap_peap_parse_phase1(struct eap_peap_data *data,
+ 		wpa_printf(MSG_DEBUG, "EAP-PEAP: Require cryptobinding");
+ 	}
+ 
++	if (os_strstr(phase1, "phase2_auth=0")) {
++		data->phase2_auth = NO_AUTH;
++		wpa_printf(MSG_DEBUG,
++			   "EAP-PEAP: Do not require Phase 2 authentication");
++	} else if (os_strstr(phase1, "phase2_auth=1")) {
++		data->phase2_auth = FOR_INITIAL;
++		wpa_printf(MSG_DEBUG,
++			   "EAP-PEAP: Require Phase 2 authentication for initial connection");
++	} else if (os_strstr(phase1, "phase2_auth=2")) {
++		data->phase2_auth = ALWAYS;
++		wpa_printf(MSG_DEBUG,
++			   "EAP-PEAP: Require Phase 2 authentication for all cases");
++	}
+ #ifdef EAP_TNC
+ 	if (os_strstr(phase1, "tnc=soh2")) {
+ 		data->soh = 2;
+@@ -142,6 +156,7 @@ static void * eap_peap_init(struct eap_sm *sm)
+ 	data->force_peap_version = -1;
+ 	data->peap_outer_success = 2;
+ 	data->crypto_binding = OPTIONAL_BINDING;
++	data->phase2_auth = FOR_INITIAL;
+ 
+ 	if (config && config->phase1)
+ 		eap_peap_parse_phase1(data, config->phase1);
+@@ -451,6 +466,20 @@ static int eap_tlv_validate_cryptobinding(struct eap_sm *sm,
+ }
+ 
+ 
++static bool peap_phase2_sufficient(struct eap_sm *sm,
++				   struct eap_peap_data *data)
++{
++	if ((data->phase2_auth == ALWAYS ||
++	     (data->phase2_auth == FOR_INITIAL &&
++	      !tls_connection_resumed(sm->ssl_ctx, data->ssl.conn) &&
++	      !data->ssl.client_cert_conf) ||
++	     data->phase2_eap_started) &&
++	    !data->phase2_eap_success)
++		return false;
++	return true;
++}
++
++
+ /**
+  * eap_tlv_process - Process a received EAP-TLV message and generate a response
+  * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init()
+@@ -565,6 +594,11 @@ static int eap_tlv_process(struct eap_sm *sm, struct eap_peap_data *data,
+ 					   " - force failed Phase 2");
+ 				resp_status = EAP_TLV_RESULT_FAILURE;
+ 				ret->decision = DECISION_FAIL;
++			} else if (!peap_phase2_sufficient(sm, data)) {
++				wpa_printf(MSG_INFO,
++					   "EAP-PEAP: Server indicated Phase 2 success, but sufficient Phase 2 authentication has not been completed");
++				resp_status = EAP_TLV_RESULT_FAILURE;
++				ret->decision = DECISION_FAIL;
+ 			} else {
+ 				resp_status = EAP_TLV_RESULT_SUCCESS;
+ 				ret->decision = DECISION_UNCOND_SUCC;
+@@ -864,8 +898,7 @@ continue_req:
+ 			/* EAP-Success within TLS tunnel is used to indicate
+ 			 * shutdown of the TLS channel. The authentication has
+ 			 * been completed. */
+-			if (data->phase2_eap_started &&
+-			    !data->phase2_eap_success) {
++			if (!peap_phase2_sufficient(sm, data)) {
+ 				wpa_printf(MSG_DEBUG, "EAP-PEAP: Phase 2 "
+ 					   "Success used to indicate success, "
+ 					   "but Phase 2 EAP was not yet "
+@@ -1156,8 +1189,9 @@ static struct wpabuf * eap_peap_process(struct eap_sm *sm, void *priv,
+ static Boolean eap_peap_has_reauth_data(struct eap_sm *sm, void *priv)
+ {
+ 	struct eap_peap_data *data = priv;
++
+ 	return tls_connection_established(sm->ssl_ctx, data->ssl.conn) &&
+-		data->phase2_success;
++		data->phase2_success && data->phase2_auth != ALWAYS;
+ }
+ 
+ 
+diff --git a/src/eap_peer/eap_tls_common.c b/src/eap_peer/eap_tls_common.c
+index 7dbd364..6c586ba 100644
+--- a/src/eap_peer/eap_tls_common.c
++++ b/src/eap_peer/eap_tls_common.c
+@@ -220,6 +220,12 @@ static int eap_tls_params_from_conf(struct eap_sm *sm,
+ 
+ 	sm->ext_cert_check = !!(params->flags & TLS_CONN_EXT_CERT_CHECK);
+ 
++	if (!phase2)
++		data->client_cert_conf = params->client_cert ||
++			params->client_cert_blob ||
++			params->private_key ||
++			params->private_key_blob;
++
+ 	return 0;
+ }
+ 
+diff --git a/src/eap_peer/eap_tls_common.h b/src/eap_peer/eap_tls_common.h
+index 306e6a9..e2cf829 100644
+--- a/src/eap_peer/eap_tls_common.h
++++ b/src/eap_peer/eap_tls_common.h
+@@ -73,6 +73,11 @@
+ 	 * eap_type - EAP method used in Phase 1 (EAP_TYPE_TLS/PEAP/TTLS/FAST)
+ 	 */
+ 	u8 eap_type;
++
++	/**
++	 * client_cert_conf: Whether client certificate has been configured
++	 */
++	bool client_cert_conf;
+ };
+ 
+ 
+diff --git a/src/utils/includes.h b/src/utils/includes.h
+index 75513fc..4166d0e 100644
+--- a/src/utils/includes.h
++++ b/src/utils/includes.h
+@@ -20,6 +20,7 @@
+ #include <stddef.h>
+ #include <stdio.h>
+ #include <stdarg.h>
++#include <stdbool.h>
+ #include <string.h>
+ #ifndef _WIN32_WCE
+ #include <signal.h>
+diff --git a/wpa_supplicant/wpa_supplicant.conf b/wpa_supplicant/wpa_supplicant.conf
+index 1bd43b2..4e4e2e0 100644
+--- a/wpa_supplicant/wpa_supplicant.conf
++++ b/wpa_supplicant/wpa_supplicant.conf
+@@ -1205,6 +1205,13 @@ fast_reauth=1
+ #	 * 0 = do not use cryptobinding (default)
+ #	 * 1 = use cryptobinding if server supports it
+ #	 * 2 = require cryptobinding
++#	'phase2_auth' option can be used to control Phase 2 (i.e., within TLS
++#	tunnel) behavior for PEAP:
++#	 * 0 = do not require Phase 2 authentication
++#	 * 1 = require Phase 2 authentication when client certificate
++#	   (private_key/client_cert) is no used and TLS session resumption was
++#	   not used (default)
++#	 * 2 = require Phase 2 authentication in all cases
+ #	EAP-WSC (WPS) uses following options: pin=<Device Password> or
+ #	pbc=1.
+ #

backport-0001-CVE-2022-23303-CVE-2022-23304.patch

@@ -0,0 +1,318 @@
+From 208e5687ff2e48622e28d8888ce5444a54353bbd Mon Sep 17 00:00:00 2001
+From: Jouni Malinen <jouni@codeaurora.org>
+Date: Tue, 27 Aug 2019 16:33:15 +0300
+Subject: [PATCH 1/4] crypto: Add more bignum/EC helper functions
+
+These are needed for implementing SAE hash-to-element.
+
+Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
+---
+ src/crypto/crypto.h         | 45 ++++++++++++++++++++++
+ src/crypto/crypto_openssl.c | 94 +++++++++++++++++++++++++++++++++++++++++++++
+ src/crypto/crypto_wolfssl.c | 66 +++++++++++++++++++++++++++++++
+ 3 files changed, 205 insertions(+)
+
+diff --git a/src/crypto/crypto.h b/src/crypto/crypto.h
+index bdc3ba6..0bc9df4 100644
+--- a/src/crypto/crypto.h
++++ b/src/crypto/crypto.h
+@@ -508,6 +508,13 @@ struct crypto_bignum * crypto_bignum_init(void);
+ struct crypto_bignum * crypto_bignum_init_set(const u8 *buf, size_t len);
+ 
+ /**
++ * crypto_bignum_init_set - Allocate memory for bignum and set the value (uint)
++ * @val: Value to set
++ * Returns: Pointer to allocated bignum or %NULL on failure
++ */
++struct crypto_bignum * crypto_bignum_init_uint(unsigned int val);
++
++/**
+  * crypto_bignum_deinit - Free bignum
+  * @n: Bignum from crypto_bignum_init() or crypto_bignum_init_set()
+  * @clear: Whether to clear the value from memory
+@@ -594,6 +601,19 @@ int crypto_bignum_div(const struct crypto_bignum *a,
+ 		      struct crypto_bignum *c);
+ 
+ /**
++ * crypto_bignum_addmod - d = a + b (mod c)
++ * @a: Bignum
++ * @b: Bignum
++ * @c: Bignum
++ * @d: Bignum; used to store the result of (a + b) % c
++ * Returns: 0 on success, -1 on failure
++ */
++int crypto_bignum_addmod(const struct crypto_bignum *a,
++			 const struct crypto_bignum *b,
++			 const struct crypto_bignum *c,
++			 struct crypto_bignum *d);
++
++/**
+  * crypto_bignum_mulmod - d = a * b (mod c)
+  * @a: Bignum
+  * @b: Bignum
+@@ -607,6 +627,28 @@ int crypto_bignum_mulmod(const struct crypto_bignum *a,
+ 			 struct crypto_bignum *d);
+ 
+ /**
++ * crypto_bignum_sqrmod - c = a^2 (mod b)
++ * @a: Bignum
++ * @b: Bignum
++ * @c: Bignum; used to store the result of a^2 % b
++ * Returns: 0 on success, -1 on failure
++ */
++int crypto_bignum_sqrmod(const struct crypto_bignum *a,
++			 const struct crypto_bignum *b,
++			 struct crypto_bignum *c);
++
++/**
++ * crypto_bignum_sqrtmod - returns sqrt(a) (mod b)
++ * @a: Bignum
++ * @b: Bignum
++ * @c: Bignum; used to store the result
++ * Returns: 0 on success, -1 on failure
++ */
++int crypto_bignum_sqrtmod(const struct crypto_bignum *a,
++			  const struct crypto_bignum *b,
++			  struct crypto_bignum *c);
++
++/**
+  * crypto_bignum_cmp - Compare two bignums
+  * @a: Bignum
+  * @b: Bignum
+@@ -695,6 +737,9 @@ const struct crypto_bignum * crypto_ec_get_prime(struct crypto_ec *e);
+  */
+ const struct crypto_bignum * crypto_ec_get_order(struct crypto_ec *e);
+ 
++const struct crypto_bignum * crypto_ec_get_a(struct crypto_ec *e);
++const struct crypto_bignum * crypto_ec_get_b(struct crypto_ec *e);
++
+ /**
+  * struct crypto_ec_point - Elliptic curve point
+  *
+diff --git a/src/crypto/crypto_openssl.c b/src/crypto/crypto_openssl.c
+index 00b61b9..80867b6 100644
+--- a/src/crypto/crypto_openssl.c
++++ b/src/crypto/crypto_openssl.c
+@@ -1117,6 +1117,24 @@ struct crypto_bignum * crypto_bignum_init_set(const u8 *buf, size_t len)
+ }
+ 
+ 
++struct crypto_bignum * crypto_bignum_init_uint(unsigned int val)
++{
++	BIGNUM *bn;
++
++	if (TEST_FAIL())
++		return NULL;
++
++	bn = BN_new();
++	if (!bn)
++		return NULL;
++	if (BN_set_word(bn, val) != 1) {
++		BN_free(bn);
++		return NULL;
++	}
++	return (struct crypto_bignum *) bn;
++}
++
++
+ void crypto_bignum_deinit(struct crypto_bignum *n, int clear)
+ {
+ 	if (clear)
+@@ -1278,6 +1296,28 @@ int crypto_bignum_div(const struct crypto_bignum *a,
+ }
+ 
+ 
++int crypto_bignum_addmod(const struct crypto_bignum *a,
++			 const struct crypto_bignum *b,
++			 const struct crypto_bignum *c,
++			 struct crypto_bignum *d)
++{
++	int res;
++	BN_CTX *bnctx;
++
++	if (TEST_FAIL())
++		return -1;
++
++	bnctx = BN_CTX_new();
++	if (!bnctx)
++		return -1;
++	res = BN_mod_add((BIGNUM *) d, (const BIGNUM *) a, (const BIGNUM *) b,
++			 (const BIGNUM *) c, bnctx);
++	BN_CTX_free(bnctx);
++
++	return res ? 0 : -1;
++}
++
++
+ int crypto_bignum_mulmod(const struct crypto_bignum *a,
+ 			 const struct crypto_bignum *b,
+ 			 const struct crypto_bignum *c,
+@@ -1301,6 +1341,48 @@ int crypto_bignum_mulmod(const struct crypto_bignum *a,
+ }
+ 
+ 
++int crypto_bignum_sqrmod(const struct crypto_bignum *a,
++                        const struct crypto_bignum *b,
++                        struct crypto_bignum *c)
++{
++       int res;
++       BN_CTX *bnctx;
++
++       if (TEST_FAIL())
++               return -1;
++
++       bnctx = BN_CTX_new();
++       if (!bnctx)
++               return -1;
++       res = BN_mod_sqr((BIGNUM *) c, (const BIGNUM *) a, (const BIGNUM *) b,
++                        bnctx);
++       BN_CTX_free(bnctx);
++
++       return res ? 0 : -1;
++}
++
++
++int crypto_bignum_sqrtmod(const struct crypto_bignum *a,
++                         const struct crypto_bignum *b,
++                         struct crypto_bignum *c)
++{
++       BN_CTX *bnctx;
++       BIGNUM *res;
++
++       if (TEST_FAIL())
++               return -1;
++
++       bnctx = BN_CTX_new();
++       if (!bnctx)
++               return -1;
++       res = BN_mod_sqrt((BIGNUM *) c, (const BIGNUM *) a, (const BIGNUM *) b,
++                         bnctx);
++       BN_CTX_free(bnctx);
++
++       return res ? 0 : -1;
++}
++
++
+ int crypto_bignum_cmp(const struct crypto_bignum *a,
+ 		      const struct crypto_bignum *b)
+ {
+@@ -1494,6 +1576,18 @@ const struct crypto_bignum * crypto_ec_get_order(struct crypto_ec *e)
+ }
+ 
+ 
++const struct crypto_bignum * crypto_ec_get_a(struct crypto_ec *e)
++{
++	return (const struct crypto_bignum *) e->a;
++}
++
++
++const struct crypto_bignum * crypto_ec_get_b(struct crypto_ec *e)
++{
++	return (const struct crypto_bignum *) e->b;
++}
++
++
+ void crypto_ec_point_deinit(struct crypto_ec_point *p, int clear)
+ {
+ 	if (clear)
+diff --git a/src/crypto/crypto_wolfssl.c b/src/crypto/crypto_wolfssl.c
+index 90163c4..683c553 100644
+--- a/src/crypto/crypto_wolfssl.c
++++ b/src/crypto/crypto_wolfssl.c
+@@ -1043,6 +1043,26 @@ struct crypto_bignum * crypto_bignum_init_set(const u8 *buf, size_t len)
+ }
+ 
+ 
++struct crypto_bignum * crypto_bignum_init_uint(unsigned int val)
++{
++	mp_int *a;
++
++	if (TEST_FAIL())
++		return NULL;
++
++	a = (mp_int *) crypto_bignum_init();
++	if (!a)
++		return NULL;
++
++	if (mp_set_int(a, val) != MP_OKAY) {
++		os_free(a);
++		a = NULL;
++	}
++
++	return (struct crypto_bignum *) a;
++}
++
++
+ void crypto_bignum_deinit(struct crypto_bignum *n, int clear)
+ {
+ 	if (!n)
+@@ -1167,6 +1187,19 @@ int crypto_bignum_div(const struct crypto_bignum *a,
+ }
+ 
+ 
++int crypto_bignum_addmod(const struct crypto_bignum *a,
++			 const struct crypto_bignum *b,
++			 const struct crypto_bignum *c,
++			 struct crypto_bignum *d)
++{
++	if (TEST_FAIL())
++		return -1;
++
++	return mp_addmod((mp_int *) a, (mp_int *) b, (mp_int *) c,
++			 (mp_int *) d) == MP_OKAY ?  0 : -1;
++}
++
++
+ int crypto_bignum_mulmod(const struct crypto_bignum *a,
+ 			 const struct crypto_bignum *b,
+ 			 const struct crypto_bignum *m,
+@@ -1180,6 +1213,27 @@ int crypto_bignum_mulmod(const struct crypto_bignum *a,
+ }
+ 
+ 
++int crypto_bignum_sqrmod(const struct crypto_bignum *a,
++			 const struct crypto_bignum *b,
++			 struct crypto_bignum *c)
++{
++	if (TEST_FAIL())
++		return -1;
++
++	return mp_sqrmod((mp_int *) a, (mp_int *) b,
++			 (mp_int *) c) == MP_OKAY ?  0 : -1;
++}
++
++
++int crypto_bignum_sqrtmod(const struct crypto_bignum *a,
++			  const struct crypto_bignum *b,
++			  struct crypto_bignum *c)
++{
++	/* TODO */
++	return -1;
++}
++
++
+ int crypto_bignum_rshift(const struct crypto_bignum *a, int n,
+ 			 struct crypto_bignum *r)
+ {
+@@ -1401,6 +1455,18 @@ const struct crypto_bignum * crypto_ec_get_order(struct crypto_ec *e)
+ }
+ 
+ 
++const struct crypto_bignum * crypto_ec_get_a(struct crypto_ec *e)
++{
++	return (const struct crypto_bignum *) &e->a;
++}
++
++
++const struct crypto_bignum * crypto_ec_get_b(struct crypto_ec *e)
++{
++	return (const struct crypto_bignum *) &e->b;
++}
++
++
+ void crypto_ec_point_deinit(struct crypto_ec_point *p, int clear)
+ {
+ 	ecc_point *point = (ecc_point *) p;
+-- 
+1.8.3.1
+

backport-0002-CVE-2022-23303-CVE-2022-23304.patch

@@ -0,0 +1,72 @@
+From 2232d3d5f188b65dbb6c823ac62175412739eb16 Mon Sep 17 00:00:00 2001
+From: Jouni Malinen <j@w1.fi>
+Date: Fri, 7 Jan 2022 13:47:16 +0200
+Subject: [PATCH 2/4] dragonfly: Add sqrt() helper function
+
+This is a backport of "SAE: Move sqrt() implementation into a helper
+function" to introduce the helper function needed for the following
+patches.
+
+Signed-off-by: Jouni Malinen <j@w1.fi>
+---
+ src/common/dragonfly.c | 34 ++++++++++++++++++++++++++++++++++
+ src/common/dragonfly.h |  3 +++
+ 2 files changed, 37 insertions(+)
+
+diff --git a/src/common/dragonfly.c b/src/common/dragonfly.c
+index 1e80404..7dcc6de 100644
+--- a/src/common/dragonfly.c
++++ b/src/common/dragonfly.c
+@@ -25,3 +25,37 @@ int dragonfly_suitable_group(int group, int ecc_only)
+ 		(!ecc_only &&
+ 		 (group == 15 || group == 16 || group == 17 || group == 18));
+ }
++
++
++/* res = sqrt(val) */
++int dragonfly_sqrt(struct crypto_ec *ec, const struct crypto_bignum *val,
++		   struct crypto_bignum *res)
++{
++	const struct crypto_bignum *prime;
++	struct crypto_bignum *tmp, *one;
++	int ret = 0;
++	u8 prime_bin[DRAGONFLY_MAX_ECC_PRIME_LEN];
++	size_t prime_len;
++
++	/* For prime p such that p = 3 mod 4, sqrt(w) = w^((p+1)/4) mod p */
++
++	prime = crypto_ec_get_prime(ec);
++	prime_len = crypto_ec_prime_len(ec);
++	tmp = crypto_bignum_init();
++	one = crypto_bignum_init_uint(1);
++
++	if (crypto_bignum_to_bin(prime, prime_bin, sizeof(prime_bin),
++				 prime_len) < 0 ||
++	    (prime_bin[prime_len - 1] & 0x03) != 3 ||
++	    !tmp || !one ||
++	    /* tmp = (p+1)/4 */
++	    crypto_bignum_add(prime, one, tmp) < 0 ||
++	    crypto_bignum_rshift(tmp, 2, tmp) < 0 ||
++	    /* res = sqrt(val) */
++	    crypto_bignum_exptmod(val, tmp, prime, res) < 0)
++		ret = -1;
++
++	crypto_bignum_deinit(tmp, 0);
++	crypto_bignum_deinit(one, 0);
++	return ret;
++}
+diff --git a/src/common/dragonfly.h b/src/common/dragonfly.h
+index 9f3c428..f0f49d0 100644
+--- a/src/common/dragonfly.h
++++ b/src/common/dragonfly.h
+@@ -12,4 +12,7 @@
+ 
+ int dragonfly_suitable_group(int group, int ecc_only);
+ 
++int dragonfly_sqrt(struct crypto_ec *ec, const struct crypto_bignum *val,
++                   struct crypto_bignum *res);
++
+ #endif /* DRAGONFLY_H */
+-- 
+1.8.3.1
+

backport-0003-CVE-2022-23303-CVE-2022-23304.patch

@@ -0,0 +1,100 @@
+From fe534b0baaa8c0e6ddeb24cf529d6e50e33dc501 Mon Sep 17 00:00:00 2001
+From: Jouni Malinen <j@w1.fi>
+Date: Fri, 7 Jan 2022 13:47:16 +0200
+Subject: [PATCH 3/4] SAE: Derive the y coordinate for PWE with own
+ implementation
+
+The crypto_ec_point_solve_y_coord() wrapper function might not use
+constant time operations in the crypto library and as such, could leak
+side channel information about the password that is used to generate the
+PWE in the hunting and pecking loop. As such, calculate the two possible
+y coordinate values and pick the correct one to use with constant time
+selection.
+
+Signed-off-by: Jouni Malinen <j@w1.fi>
+---
+ src/common/sae.c | 47 +++++++++++++++++++++++++++++++++--------------
+ 1 file changed, 33 insertions(+), 14 deletions(-)
+
+diff --git a/src/common/sae.c b/src/common/sae.c
+index b35821d..c168bf1 100644
+--- a/src/common/sae.c
++++ b/src/common/sae.c
+@@ -459,15 +459,17 @@ static int sae_derive_pwe_ecc(struct sae_data *sae, const u8 *addr1,
+ 	int pwd_seed_odd = 0;
+ 	u8 prime[SAE_MAX_ECC_PRIME_LEN];
+ 	size_t prime_len;
+-       struct crypto_bignum *x = NULL, *qr = NULL, *qnr = NULL;
++        struct crypto_bignum *x = NULL, *y = NULL, *qr = NULL, *qnr = NULL;
+        u8 x_bin[SAE_MAX_ECC_PRIME_LEN];
+        u8 x_cand_bin[SAE_MAX_ECC_PRIME_LEN];
+        u8 qr_bin[SAE_MAX_ECC_PRIME_LEN];
+        u8 qnr_bin[SAE_MAX_ECC_PRIME_LEN];
++       u8 x_y[2 * SAE_MAX_ECC_PRIME_LEN];
+ 	size_t bits;
+        int res = -1;
+        u8 found = 0; /* 0 (false) or 0xff (true) to be used as const_time_*
+                       * mask */
++       unsigned int is_eq;
+ 
+        os_memset(x_bin, 0, sizeof(x_bin));
+ 
+@@ -567,25 +569,42 @@ static int sae_derive_pwe_ecc(struct sae_data *sae, const u8 *addr1,
+ 		goto fail;
+ 	}
+ 
+-	if (!sae->tmp->pwe_ecc)
+-		sae->tmp->pwe_ecc = crypto_ec_point_init(sae->tmp->ec);
+-	if (!sae->tmp->pwe_ecc)
+-		res = -1;
+-	else
+-		res = crypto_ec_point_solve_y_coord(sae->tmp->ec,
+-						    sae->tmp->pwe_ecc, x,
+-						    pwd_seed_odd);
+-	if (res < 0) {
+-		/*
+-		 * This should not happen since we already checked that there
+-		 * is a result.
+-		 */
++	/* y = sqrt(x^3 + ax + b) mod p
++	 * if LSB(save) == LSB(y): PWE = (x, y)
++	 * else: PWE = (x, p - y)
++	 *
++	 * Calculate y and the two possible values for PWE and after that,
++	 * use constant time selection to copy the correct alternative.
++	 */
++	y = crypto_ec_point_compute_y_sqr(sae->tmp->ec, x);
++	if (!y ||
++	    dragonfly_sqrt(sae->tmp->ec, y, y) < 0 ||
++	    crypto_bignum_to_bin(y, x_y, SAE_MAX_ECC_PRIME_LEN,
++				 prime_len) < 0 ||
++	    crypto_bignum_sub(sae->tmp->prime, y, y) < 0 ||
++	    crypto_bignum_to_bin(y, x_y + SAE_MAX_ECC_PRIME_LEN,
++				 SAE_MAX_ECC_PRIME_LEN, prime_len) < 0) {
+ 		wpa_printf(MSG_DEBUG, "SAE: Could not solve y");
++		goto fail;
++	}
++
++	is_eq = const_time_eq(pwd_seed_odd, x_y[prime_len - 1] & 0x01);
++	const_time_select_bin(is_eq, x_y, x_y + SAE_MAX_ECC_PRIME_LEN,
++			      prime_len, x_y + prime_len);
++	os_memcpy(x_y, x_bin, prime_len);
++	wpa_hexdump_key(MSG_DEBUG, "SAE: PWE", x_y, 2 * prime_len);
++	crypto_ec_point_deinit(sae->tmp->pwe_ecc, 1);
++	sae->tmp->pwe_ecc = crypto_ec_point_from_bin(sae->tmp->ec, x_y);
++	if (!sae->tmp->pwe_ecc) {
++		wpa_printf(MSG_DEBUG, "SAE: Could not generate PWE");
++		res = -1;
+ 	}
+ 
+ fail:
++	forced_memzero(x_y, sizeof(x_y));
+ 	crypto_bignum_deinit(qr, 0);
+ 	crypto_bignum_deinit(qnr, 0);
++	crypto_bignum_deinit(y, 1);
+ 	os_free(dummy_password);
+ 	bin_clear_free(tmp_password, password_len);
+ 	crypto_bignum_deinit(x, 1);
+-- 
+1.8.3.1
+

backport-0004-CVE-2022-23303-CVE-2022-23304.patch

@@ -0,0 +1,109 @@
+From 603cd880e7f90595482658a7136fa6a7be5cb485 Mon Sep 17 00:00:00 2001
+From: Jouni Malinen <j@w1.fi>
+Date: Fri, 7 Jan 2022 18:52:27 +0200
+Subject: [PATCH 4/4] EAP-pwd: Derive the y coordinate for PWE with own
+ implementation
+
+The crypto_ec_point_solve_y_coord() wrapper function might not use
+constant time operations in the crypto library and as such, could leak
+side channel information about the password that is used to generate the
+PWE in the hunting and pecking loop. As such, calculate the two possible
+y coordinate values and pick the correct one to use with constant time
+selection.
+
+Signed-off-by: Jouni Malinen <j@w1.fi>
+---
+ src/eap_common/eap_pwd_common.c | 42 +++++++++++++++++++++++++++++++++++------
+ 1 file changed, 36 insertions(+), 6 deletions(-)
+
+diff --git a/src/eap_common/eap_pwd_common.c b/src/eap_common/eap_pwd_common.c
+index 755aafb..ab8eb92 100644
+--- a/src/eap_common/eap_pwd_common.c
++++ b/src/eap_common/eap_pwd_common.c
+@@ -137,7 +137,8 @@ int compute_password_element(EAP_PWD_group *grp, u16 num,
+         u8 qr_or_qnr_bin[MAX_ECC_PRIME_LEN];
+         u8 x_bin[MAX_ECC_PRIME_LEN];
+         u8 prime_bin[MAX_ECC_PRIME_LEN];
+-        struct crypto_bignum *tmp1 = NULL, *tmp2 = NULL, *pm1 = NULL;
++        u8 x_y[2 * MAX_ECC_PRIME_LEN];
++        struct crypto_bignum *tmp1 = NULL, *tmp2 = NULL, *pm1 = NULL, *y = NULL;
+ 	struct crypto_hash *hash;
+ 	unsigned char pwe_digest[SHA256_MAC_LEN], *prfbuf = NULL, ctr;
+         int ret = 0, check, res;
+@@ -149,6 +150,7 @@ int compute_password_element(EAP_PWD_group *grp, u16 num,
+         u8 mask, found_ctr = 0, is_odd = 0;
+ 	int cmp_prime;
+ 	unsigned int in_range;
++	unsigned int is_eq;
+ 
+         if (grp->pwe)
+                 return -1;
+@@ -161,7 +163,6 @@ int compute_password_element(EAP_PWD_group *grp, u16 num,
+         if (crypto_bignum_to_bin(prime, prime_bin, sizeof(prime_bin),
+                                  primebytelen) < 0)
+                 return -1;
+-        grp->pwe = crypto_ec_point_init(grp->group);
+         tmp1 = crypto_bignum_init();
+         pm1 = crypto_bignum_init();
+         one = crypto_bignum_init_set((const u8 *) "\x01", 1);
+@@ -323,10 +324,37 @@ int compute_password_element(EAP_PWD_group *grp, u16 num,
+          */
+         crypto_bignum_deinit(x_candidate, 1);
+         x_candidate = crypto_bignum_init_set(x_bin, primebytelen);
+-        if (!x_candidate ||
+-            crypto_ec_point_solve_y_coord(grp->group, grp->pwe, x_candidate,
+-                                          is_odd) != 0) {
+-                wpa_printf(MSG_INFO, "EAP-pwd: Could not solve for y");
++       if (!x_candidate)
++               goto fail;
++
++       /* y = sqrt(x^3 + ax + b) mod p
++        * if LSB(y) == LSB(pwd-seed): PWE = (x, y)
++        * else: PWE = (x, p - y)
++        *
++        * Calculate y and the two possible values for PWE and after that,
++        * use constant time selection to copy the correct alternative.
++        */
++       y = crypto_ec_point_compute_y_sqr(grp->group, x_candidate);
++       if (!y ||
++           dragonfly_sqrt(grp->group, y, y) < 0 ||
++           crypto_bignum_to_bin(y, x_y, MAX_ECC_PRIME_LEN, primebytelen) < 0 ||
++           crypto_bignum_sub(prime, y, y) < 0 ||
++           crypto_bignum_to_bin(y, x_y + MAX_ECC_PRIME_LEN,
++                                MAX_ECC_PRIME_LEN, primebytelen) < 0) {
++               wpa_printf(MSG_DEBUG, "SAE: Could not solve y");
++               goto fail;
++       }
++
++       /* Constant time selection of the y coordinate from the two
++        * options */
++       is_eq = const_time_eq(is_odd, x_y[primebytelen - 1] & 0x01);
++       const_time_select_bin(is_eq, x_y, x_y + MAX_ECC_PRIME_LEN,
++                             primebytelen, x_y + primebytelen);
++       os_memcpy(x_y, x_bin, primebytelen);
++       wpa_hexdump_key(MSG_DEBUG, "EAP-pwd: PWE", x_y, 2 * primebytelen);
++       grp->pwe = crypto_ec_point_from_bin(grp->group, x_y);
++       if (!grp->pwe) {
++                wpa_printf(MSG_DEBUG, "EAP-pwd: Could not generate PWE");
+                 goto fail;
+         }
+ 
+@@ -353,6 +381,7 @@ int compute_password_element(EAP_PWD_group *grp, u16 num,
+         crypto_bignum_deinit(pm1, 0);
+         crypto_bignum_deinit(tmp1, 1);
+         crypto_bignum_deinit(tmp2, 1);
++        crypto_bignum_deinit(y, 1);
+         crypto_bignum_deinit(qr, 1);
+         crypto_bignum_deinit(qnr, 1);
+         crypto_bignum_deinit(qr_or_qnr, 1);
+@@ -362,6 +391,7 @@ int compute_password_element(EAP_PWD_group *grp, u16 num,
+         os_memset(qnr_bin, 0, sizeof(qnr_bin));
+         os_memset(qr_or_qnr_bin, 0, sizeof(qr_or_qnr_bin));
+         os_memset(pwe_digest, 0, sizeof(pwe_digest));
++        forced_memzero(x_y, sizeof(x_y));
+ 
+ 	return ret;
+ }
+-- 
+1.8.3.1
+

backport-CVE-2024-5290.patch

@@ -0,0 +1,34 @@
+https://github.com/deepin-community/wpa/commit/512af510f0ae65392ff128008252fa37fbafa26b
+Description: slow certification.
+ When using PEAP certification, the server may use Identity's Request message
+ as a heartbeat; there will be many clients on the Internet to send address
+ 01: 80: C2: 00: 03 Identity's Response message as a heartbeat; at this time
+ When a client is broken and reconnect, it is easy to receive this message,
+ resulting in triggering restart of EAPOL authentication, resulting in a slow
+ authentication. So Ignore the response message in the Connecting state.
+
+Author: xinpeng wang <wangxinpeng@uniontech.com>
+
+
+Origin: https://gerrit.uniontech.com/plugins/gitiles/base/wpa/+/accd188752a1b2656a92dabca48616cb9889f386
+Bug: https://pms.uniontech.com/zentao/bug-view-105383.html
+Last-Update: 2022-05-19
+
+--- wpa-2.10.orig/src/eapol_supp/eapol_supp_sm.c
++++ wpa-2.10/src/eapol_supp/eapol_supp_sm.c
+@@ -1357,6 +1357,15 @@ int eapol_sm_rx_eapol(struct eapol_sm *s
+ 				break;
+ 			}
+ 		}
++		{
++			const struct eap_hdr *ehdr =
++				(const struct eap_hdr *) (hdr + 1);
++			if (plen >= sizeof(*ehdr) && ehdr->code == EAP_CODE_RESPONSE &&
++				sm->SUPP_PAE_state == SUPP_PAE_CONNECTING) {
++				wpa_printf(MSG_DEBUG, "EAPOL: Ignore EAP packet with response when connecting workaround %d",sm->conf.workaround);
++				break;
++			}
++		}
+
+ 		if (sm->cached_pmk) {
+ 			/* Trying to use PMKSA caching, but Authenticator did

backport-Share-common-SAE-and-EAP-pwd-functionality-suitable-.patch

@@ -0,0 +1,219 @@
+From 2b84ca4dd96459b661b0ebaf40ec43074fc9f42c Mon Sep 17 00:00:00 2001
+From: Jouni Malinen <jouni@codeaurora.org>
+Date: Thu, 25 Apr 2019 19:45:27 +0300
+Subject: Share common SAE and EAP-pwd functionality: suitable groups
+
+Start sharing common SAE and EAP-pwd functionality by adding a new
+source code file that can be included into both. This first step is
+bringing in a shared function to check whether a group is suitable.
+
+Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
+---
+ src/common/dragonfly.c          | 27 +++++++++++++++++++++++++++
+ src/common/dragonfly.h          | 15 +++++++++++++++
+ src/common/sae.c                | 27 ++++++---------------------
+ src/eap_common/eap_pwd_common.c |  9 ++-------
+ wpa_supplicant/Android.mk       |  6 ++++++
+ wpa_supplicant/Makefile         |  6 ++++++
+ 6 files changed, 62 insertions(+), 28 deletions(-)
+ create mode 100644 src/common/dragonfly.c
+ create mode 100644 src/common/dragonfly.h
+
+diff --git a/src/common/dragonfly.c b/src/common/dragonfly.c
+new file mode 100644
+index 0000000..1e80404
+--- /dev/null
++++ b/src/common/dragonfly.c
+@@ -0,0 +1,27 @@
++/*
++ * Shared Dragonfly functionality
++ * Copyright (c) 2012-2016, Jouni Malinen <j@w1.fi>
++ * Copyright (c) 2019, The Linux Foundation
++ *
++ * This software may be distributed under the terms of the BSD license.
++ * See README for more details.
++ */
++
++#include "utils/includes.h"
++
++#include "utils/common.h"
++#include "dragonfly.h"
++
++
++int dragonfly_suitable_group(int group, int ecc_only)
++{
++	/* Enforce REVmd rules on which SAE groups are suitable for production
++	 * purposes: FFC groups whose prime is >= 3072 bits and ECC groups
++	 * defined over a prime field whose prime is >= 256 bits. Furthermore,
++	 * ECC groups defined over a characteristic 2 finite field and ECC
++	 * groups with a co-factor greater than 1 are not suitable. */
++	return group == 19 || group == 20 || group == 21 ||
++		group == 28 || group == 29 || group == 30 ||
++		(!ecc_only &&
++		 (group == 15 || group == 16 || group == 17 || group == 18));
++}
+diff --git a/src/common/dragonfly.h b/src/common/dragonfly.h
+new file mode 100644
+index 0000000..9f3c428
+--- /dev/null
++++ b/src/common/dragonfly.h
+@@ -0,0 +1,15 @@
++/*
++ * Shared Dragonfly functionality
++ * Copyright (c) 2012-2016, Jouni Malinen <j@w1.fi>
++ * Copyright (c) 2019, The Linux Foundation
++ *
++ * This software may be distributed under the terms of the BSD license.
++ * See README for more details.
++ */
++
++#ifndef DRAGONFLY_H
++#define DRAGONFLY_H
++
++int dragonfly_suitable_group(int group, int ecc_only);
++
++#endif /* DRAGONFLY_H */
+diff --git a/src/common/sae.c b/src/common/sae.c
+index 5ef6c4c..b35821d 100644
+--- a/src/common/sae.c
++++ b/src/common/sae.c
+@@ -15,36 +15,21 @@
+ #include "crypto/random.h"
+ #include "crypto/dh_groups.h"
+ #include "ieee802_11_defs.h"
++#include "dragonfly.h"
+ #include "sae.h"
+ 
+-static int sae_suitable_group(int group)
+-{
+-#ifdef CONFIG_TESTING_OPTIONS
+-	/* Allow all groups for testing purposes in non-production builds. */
+-	return 1;
+-#else /* CONFIG_TESTING_OPTIONS */
+-	/* Enforce REVmd rules on which SAE groups are suitable for production
+-	 * purposes: FFC groups whose prime is >= 3072 bits and ECC groups
+-	 * defined over a prime field whose prime is >= 256 bits. Furthermore,
+-	 * ECC groups defined over a characteristic 2 finite field and ECC
+-	 * groups with a co-factor greater than 1 are not suitable. Disable
+-	 * groups that use Brainpool curves as well for now since they leak more
+-	 * timing information due to the prime not being close to a power of
+-	 * two. */
+-
+-	return group == 19 || group == 20 || group == 21 ||
+-		group == 15 || group == 16 || group == 17 || group == 18;
+-#endif /* CONFIG_TESTING_OPTIONS */
+-}
+-
+ int sae_set_group(struct sae_data *sae, int group)
+ {
+ 	struct sae_temporary_data *tmp;
+ 
+-	if (!sae_suitable_group(group)) {
++#ifdef CONFIG_TESTING_OPTIONS
++       /* Allow all groups for testing purposes in non-production builds. */
++#else /* CONFIG_TESTING_OPTIONS */
++       if (!dragonfly_suitable_group(group, 0)) {
+ 		wpa_printf(MSG_DEBUG, "SAE: Reject unsuitable group %d", group);
+ 		return -1;
+ 	}
++#endif /* CONFIG_TESTING_OPTIONS */
+ 
+ 	sae_clear_data(sae);
+ 	tmp = sae->tmp = os_zalloc(sizeof(*tmp));
+diff --git a/src/eap_common/eap_pwd_common.c b/src/eap_common/eap_pwd_common.c
+index bac2796..755aafb 100644
+--- a/src/eap_common/eap_pwd_common.c
++++ b/src/eap_common/eap_pwd_common.c
+@@ -9,6 +9,7 @@
+ #include "includes.h"
+ #include "common.h"
+ #include "utils/const_time.h"
++#include "common/dragonfly.h"
+ #include "crypto/sha256.h"
+ #include "crypto/crypto.h"
+ #include "eap_defs.h"
+@@ -84,18 +85,12 @@ static int eap_pwd_kdf(const u8 *key, size_t keylen, const u8 *label,
+ 	return 0;
+ }
+ 
+-static int eap_pwd_suitable_group(u16 num)
+-{
+-	/* Do not allow ECC groups with prime under 256 bits based on guidance
+-	* for the similar design in SAE. */
+-	return num == 19 || num == 20 || num == 21;
+-}
+ EAP_PWD_group * get_eap_pwd_group(u16 num)
+ {
+         EAP_PWD_group *grp;
+ 
+         grp = os_zalloc(sizeof(EAP_PWD_group));
+-        if (!eap_pwd_suitable_group(num)) {
++        if (!dragonfly_suitable_group(num, 1)) {
+                 wpa_printf(MSG_INFO, "EAP-pwd: unsuitable group %u", num);
+                 return NULL;
+        }
+diff --git a/wpa_supplicant/Android.mk b/wpa_supplicant/Android.mk
+index 924ac07..aa5ac8c 100644
+--- a/wpa_supplicant/Android.mk
++++ b/wpa_supplicant/Android.mk
+@@ -236,6 +236,7 @@ L_CFLAGS += -DCONFIG_SAE
+ OBJS += src/common/sae.c
+ NEED_ECC=y
+ NEED_DH_GROUPS=y
++NEED_DRAGONFLY=y
+ endif
+ 
+ ifdef CONFIG_WNM
+@@ -641,6 +642,7 @@ OBJS += src/eap_peer/eap_pwd.c src/eap_common/eap_pwd_common.c
+ CONFIG_IEEE8021X_EAPOL=y
+ NEED_SHA256=y
+ NEED_ECC=y
++NEED_DRAGONFLY=y
+ endif
+ 
+ ifdef CONFIG_EAP_EKE
+@@ -918,6 +920,10 @@ ifdef CONFIG_SMARTCARD
+ L_CFLAGS += -DCONFIG_SMARTCARD
+ endif
+ 
++ifdef NEED_DRAGONFLY
++OBJS += src/common/dragonfly.c
++endif
++
+ ifdef MS_FUNCS
+ OBJS += src/crypto/ms_funcs.c
+ NEED_DES=y
+diff --git a/wpa_supplicant/Makefile b/wpa_supplicant/Makefile
+index d70189b..8fce344 100644
+--- a/wpa_supplicant/Makefile
++++ b/wpa_supplicant/Makefile
+@@ -270,6 +270,7 @@ CFLAGS += -DCONFIG_SAE
+ OBJS += ../src/common/sae.o
+ NEED_ECC=y
+ NEED_DH_GROUPS=y
++NEED_DRAGONFLY=y
+ endif
+ 
+ ifdef CONFIG_WNM
+@@ -673,6 +674,7 @@ OBJS += ../src/eap_peer/eap_pwd.o ../src/eap_common/eap_pwd_common.o
+ CONFIG_IEEE8021X_EAPOL=y
+ NEED_SHA256=y
+ NEED_ECC=y
++NEED_DRAGONFLY=y
+ endif
+ 
+ ifdef CONFIG_EAP_EKE
+@@ -967,6 +969,10 @@ ifdef CONFIG_SMARTCARD
+ CFLAGS += -DCONFIG_SMARTCARD
+ endif
+ 
++ifdef NEED_DRAGONFLY
++OBJS += ../src/common/dragonfly.o
++endif
++
+ ifdef MS_FUNCS
+ OBJS += ../src/crypto/ms_funcs.o
+ NEED_DES=y
+-- 
+1.8.3.1
+

wpa_supplicant.spec

@@ -1,9 +1,9 @@
 Name:          wpa_supplicant
 Epoch:         1
 Version:       2.6
-Release:       27
+Release:       32
 Summary:       A WPA Supplicant with support for WPA and WPA2 (IEEE 802.11i / RSN)
-License:       BSD
+License:       BSD or GPLv2
 Url:           https://w1.fi/wpa_supplicant/
 Source0:       http://w1.fi/releases/%{name}-%{version}.tar.gz
 Source1:       build-config
@@ -13,92 +13,101 @@ Source5:       %{name}.logrotate
 
 #patches number ranging between [0,6000) are from fedora/redhat upstream
 #patches number ranging between [6000,9000) are backport from higher versions, including some CVE fixes
-Patch6000:     macsec-0001-mka-Move-structs-transmit-receive-_-sa-sc-to-a-commo.patch
-Patch6001:     macsec-0002-mka-Pass-full-structures-down-to-macsec-drivers-pack.patch
-Patch6002:     macsec-0003-mka-Pass-full-structures-down-to-macsec-drivers-tran.patch
-Patch6003:     macsec-0004-mka-Pass-full-structures-down-to-macsec-drivers-rece.patch
-Patch6004:     macsec-0005-mka-Pass-full-structures-down-to-macsec-drivers-tran.patch
-Patch6005:     macsec-0006-mka-Pass-full-structures-down-to-macsec-drivers-rece.patch
-Patch6006:     macsec-0007-mka-Add-driver-op-to-get-macsec-capabilities.patch
-Patch6007:     macsec-0008-mka-Remove-channel-hacks-from-the-stack-and-the-macs.patch
-Patch6008:     macsec-0009-mka-Sync-structs-definitions-with-IEEE-Std-802.1X-20.patch
-Patch6009:     macsec-0010-mka-Add-support-for-removing-SAs.patch
-Patch6010:     macsec-0011-mka-Implement-reference-counting-on-data_key.patch
-Patch6011:     macsec-0012-mka-Fix-getting-capabilities-from-the-driver.patch
-Patch6012:     macsec-0013-wpa_supplicant-Allow-pre-shared-CAK-CKN-pair-for-MKA.patch
-Patch6013:     macsec-0014-mka-Disable-peer-detection-timeout-for-PSK-mode.patch
-Patch6014:     macsec-0015-wpa_supplicant-Add-macsec_integ_only-setting-for-MKA.patch
-Patch6015:     macsec-0016-mka-Add-enable_encrypt-op-and-call-it-from-CP-state-.patch
-Patch6016:     macsec-0017-wpa_supplicant-Allow-configuring-the-MACsec-port-for.patch
-Patch6017:     macsec-0018-drivers-Move-common-definitions-for-wired-drivers-ou.patch
-Patch6018:     macsec-0019-drivers-Move-wired_multicast_membership-to-a-common-.patch
-Patch6019:     macsec-0020-drivers-Move-driver_wired_multi-to-a-common-file.patch
-Patch6020:     macsec-0021-drivers-Move-driver_wired_get_ifflags-to-a-common-fi.patch
-Patch6021:     macsec-0022-drivers-Move-driver_wired_set_ifflags-to-a-common-fi.patch
-Patch6022:     macsec-0023-drivers-Move-driver_wired_get_ifstatus-to-a-common-f.patch
-Patch6023:     macsec-0024-drivers-Move-driver_wired_init_common-to-a-common-fi.patch
-Patch6024:     macsec-0025-drivers-Move-driver_wired_deinit_common-to-a-common-.patch
-Patch6025:     macsec-0026-drivers-Move-driver_wired_get_capa-to-a-common-file.patch
-Patch6026:     macsec-0027-drivers-Move-driver_wired_get_bssid-to-a-common-file.patch
-Patch6027:     macsec-0028-drivers-Move-driver_wired_get_ssid-to-a-common-file.patch
-Patch6028:     macsec-0029-macsec_linux-Add-a-driver-for-macsec-on-Linux-kernel.patch
-Patch6029:     macsec-0030-mka-Remove-references-to-macsec_qca-from-wpa_supplic.patch
-Patch6030:     macsec-0031-PAE-Make-KaY-specific-details-available-via-control-.patch
-Patch6031:     macsec-0032-mka-Make-MKA-actor-priority-configurable.patch
-Patch6032:     macsec-0033-mka-Fix-an-incorrect-update-of-participant-to_use_sa.patch
-Patch6033:     macsec-0034-mka-Some-bug-fixes-for-MACsec-in-PSK-mode.patch
-Patch6034:     macsec-0035-mka-Send-MKPDUs-forever-if-mode-is-PSK.patch
-Patch6035:     macsec-0036-mka-Fix-the-order-of-operations-in-secure-channel-de.patch
-Patch6036:     macsec-0037-mka-Fix-use-after-free-when-receive-secure-channels-.patch
-Patch6037:     macsec-0038-mka-Fix-use-after-free-when-transmit-secure-channels.patch
-Patch6038:     macsec-0039-macsec_linux-Fix-NULL-pointer-dereference-on-error-c.patch
-Patch6039:     rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch
-Patch6040:     rebased-v2.6-0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch
-Patch6041:     rebased-v2.6-0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch
-Patch6042:     rebased-v2.6-0004-Prevent-installation-of-an-all-zero-TK.patch
-Patch6043:     rebased-v2.6-0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch
-Patch6044:     rebased-v2.6-0006-TDLS-Reject-TPK-TK-reconfiguration.patch
-Patch6045:     rebased-v2.6-0007-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch
-Patch6046:     rebased-v2.6-0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch
-Patch6047:     rh1451834-nl80211-Fix-race-condition-in-detecting-MAC-change.patch
-Patch6048:     rh1462262-use-system-openssl-ciphers.patch
-Patch6049:     rh1465138-openssl-Fix-openssl-1-1-private-key-callback.patch
-Patch6050:     rh1497640-mka-add-error-handling-for-secy_init_macsec.patch
-Patch6051:     rh1497640-pae-validate-input-before-pointer.patch
-Patch6052:     rh1567474-0002-D-Bus-Add-pmf-to-global-capabilities.patch
-Patch6053:     rh1570903-nl80211-Fix-NL80211_ATTR_SMPS_MODE-encoding.patch
-Patch6054:     CVE-2019-9496-SAE-Fix-confirm-message-validation-in-error-cases.patch
-Patch6055:     CVE-2019-9494-1.patch
-Patch6056:     CVE-2019-9494-2.patch
-Patch6057:     CVE-2019-9494-3.patch
-Patch6058:     CVE-2019-9494-4.patch
-Patch6059:     CVE-2019-9494-5.patch
-Patch6060:     CVE-2019-9494-6.patch
-Patch6061:     CVE-2019-9494-7.patch
-Patch6062:     CVE-2019-9494-8.patch
-Patch6063:     CVE-2019-16275.patch
-Patch6064:     CVE-2019-9497.patch
-Patch6065:     CVE-2019-9498-and-CVE-2019-9499.patch
-Patch6066:     CVE-2019-11555-1.patch
-Patch6067:     CVE-2019-11555-2.patch
-Patch6068:     rebased-v2.6-0001-WPA-Ignore-unauthenticated-encrypted-EAPOL-Key-data.patch
-Patch6069:     CVE-2019-9499.patch
-Patch6070:     CVE-2019-9495-pre1.patch
-Patch6071:     CVE-2019-9495-pre2.patch
-Patch6072:     CVE-2019-9495-pre3.patch
-Patch6073:     CVE-2019-9495.patch
-Patch6074:     CVE-2019-13377-1.patch
-Patch6075:     CVE-2019-13377-2-pre1.patch
-Patch6076:     CVE-2019-13377-2-pre.patch
-Patch6077:     CVE-2019-13377-2.patch
-Patch6078:     CVE-2019-13377-3.patch
-Patch6079:     CVE-2019-13377-4.patch
-Patch60710:    CVE-2019-13377-5.patch
-Patch60711:    CVE-2019-13377-6-pre.patch
-Patch60712:    CVE-2019-13377-6.patch
-
-Patch9000:     add-options-of-wpa_supplicant-service.patch
-Patch9001:     allow-to-override-names-of-qt4-tools.patch
+Patch0:        macsec-0001-mka-Move-structs-transmit-receive-_-sa-sc-to-a-commo.patch
+Patch1:        macsec-0002-mka-Pass-full-structures-down-to-macsec-drivers-pack.patch
+Patch2:        macsec-0003-mka-Pass-full-structures-down-to-macsec-drivers-tran.patch
+Patch3:        macsec-0004-mka-Pass-full-structures-down-to-macsec-drivers-rece.patch
+Patch4:        macsec-0005-mka-Pass-full-structures-down-to-macsec-drivers-tran.patch
+Patch5:        macsec-0006-mka-Pass-full-structures-down-to-macsec-drivers-rece.patch
+Patch6:        macsec-0007-mka-Add-driver-op-to-get-macsec-capabilities.patch
+Patch7:        macsec-0008-mka-Remove-channel-hacks-from-the-stack-and-the-macs.patch
+Patch8:        macsec-0009-mka-Sync-structs-definitions-with-IEEE-Std-802.1X-20.patch
+Patch9:        macsec-0010-mka-Add-support-for-removing-SAs.patch
+Patch10:       macsec-0011-mka-Implement-reference-counting-on-data_key.patch
+Patch11:       macsec-0012-mka-Fix-getting-capabilities-from-the-driver.patch
+Patch12:       macsec-0013-wpa_supplicant-Allow-pre-shared-CAK-CKN-pair-for-MKA.patch
+Patch13:       macsec-0014-mka-Disable-peer-detection-timeout-for-PSK-mode.patch
+Patch14:       macsec-0015-wpa_supplicant-Add-macsec_integ_only-setting-for-MKA.patch
+Patch15:       macsec-0016-mka-Add-enable_encrypt-op-and-call-it-from-CP-state-.patch
+Patch16:       macsec-0017-wpa_supplicant-Allow-configuring-the-MACsec-port-for.patch
+Patch17:       macsec-0018-drivers-Move-common-definitions-for-wired-drivers-ou.patch
+Patch18:       macsec-0019-drivers-Move-wired_multicast_membership-to-a-common-.patch
+Patch19:       macsec-0020-drivers-Move-driver_wired_multi-to-a-common-file.patch
+Patch20:       macsec-0021-drivers-Move-driver_wired_get_ifflags-to-a-common-fi.patch
+Patch21:       macsec-0022-drivers-Move-driver_wired_set_ifflags-to-a-common-fi.patch
+Patch22:       macsec-0023-drivers-Move-driver_wired_get_ifstatus-to-a-common-f.patch
+Patch23:       macsec-0024-drivers-Move-driver_wired_init_common-to-a-common-fi.patch
+Patch24:       macsec-0025-drivers-Move-driver_wired_deinit_common-to-a-common-.patch
+Patch25:       macsec-0026-drivers-Move-driver_wired_get_capa-to-a-common-file.patch
+Patch26:       macsec-0027-drivers-Move-driver_wired_get_bssid-to-a-common-file.patch
+Patch27:       macsec-0028-drivers-Move-driver_wired_get_ssid-to-a-common-file.patch
+Patch28:       macsec-0029-macsec_linux-Add-a-driver-for-macsec-on-Linux-kernel.patch
+Patch29:       macsec-0030-mka-Remove-references-to-macsec_qca-from-wpa_supplic.patch
+Patch30:       macsec-0031-PAE-Make-KaY-specific-details-available-via-control-.patch
+Patch31:       macsec-0032-mka-Make-MKA-actor-priority-configurable.patch
+Patch32:       macsec-0033-mka-Fix-an-incorrect-update-of-participant-to_use_sa.patch
+Patch33:       macsec-0034-mka-Some-bug-fixes-for-MACsec-in-PSK-mode.patch
+Patch34:       macsec-0035-mka-Send-MKPDUs-forever-if-mode-is-PSK.patch
+Patch35:       macsec-0036-mka-Fix-the-order-of-operations-in-secure-channel-de.patch
+Patch36:       macsec-0037-mka-Fix-use-after-free-when-receive-secure-channels-.patch
+Patch37:       macsec-0038-mka-Fix-use-after-free-when-transmit-secure-channels.patch
+Patch38:       macsec-0039-macsec_linux-Fix-NULL-pointer-dereference-on-error-c.patch
+Patch39:       rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch
+Patch40:       rebased-v2.6-0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch
+Patch41:       rebased-v2.6-0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch
+Patch42:       rebased-v2.6-0004-Prevent-installation-of-an-all-zero-TK.patch
+Patch43:       rebased-v2.6-0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch
+Patch44:       rebased-v2.6-0006-TDLS-Reject-TPK-TK-reconfiguration.patch
+Patch45:       rebased-v2.6-0007-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch
+Patch46:       rebased-v2.6-0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch
+Patch47:       rh1451834-nl80211-Fix-race-condition-in-detecting-MAC-change.patch
+Patch48:       rh1462262-use-system-openssl-ciphers.patch
+Patch49:       rh1465138-openssl-Fix-openssl-1-1-private-key-callback.patch
+Patch50:       rh1497640-mka-add-error-handling-for-secy_init_macsec.patch
+Patch51:       rh1497640-pae-validate-input-before-pointer.patch
+Patch52:       rh1567474-0002-D-Bus-Add-pmf-to-global-capabilities.patch
+Patch53:       rh1570903-nl80211-Fix-NL80211_ATTR_SMPS_MODE-encoding.patch
+Patch54:       CVE-2019-9496-SAE-Fix-confirm-message-validation-in-error-cases.patch
+Patch55:       CVE-2019-9494-1.patch
+Patch56:       CVE-2019-9494-2.patch
+Patch57:       CVE-2019-9494-3.patch
+Patch58:       CVE-2019-9494-4.patch
+Patch59:       CVE-2019-9494-5.patch
+Patch60:       CVE-2019-9494-6.patch
+Patch61:       CVE-2019-9494-7.patch
+Patch62:       CVE-2019-9494-8.patch
+Patch63:       CVE-2019-16275.patch
+Patch64:       CVE-2019-9497.patch
+Patch65:       CVE-2019-9498-and-CVE-2019-9499.patch
+Patch66:       CVE-2019-11555-1.patch
+Patch67:       CVE-2019-11555-2.patch
+Patch68:       rebased-v2.6-0001-WPA-Ignore-unauthenticated-encrypted-EAPOL-Key-data.patch
+Patch69:       CVE-2019-9499.patch
+Patch70:       CVE-2019-9495-pre1.patch
+Patch71:       CVE-2019-9495-pre2.patch
+Patch72:       CVE-2019-9495-pre3.patch
+Patch73:       CVE-2019-9495.patch
+Patch74:       CVE-2019-13377-1.patch
+Patch75:       CVE-2019-13377-2-pre1.patch
+Patch76:       CVE-2019-13377-2-pre.patch
+Patch77:       CVE-2019-13377-2.patch
+Patch78:       CVE-2019-13377-3.patch
+Patch79:       CVE-2019-13377-4.patch
+Patch80:       CVE-2019-13377-5.patch
+Patch81:       CVE-2019-13377-6-pre.patch
+Patch82:       CVE-2019-13377-6.patch
+Patch83:       add-options-of-wpa_supplicant-service.patch
+Patch84:       allow-to-override-names-of-qt4-tools.patch
+Patch85:       CVE-2021-27803.patch
+Patch86:       CVE-2021-0326.patch
+Patch87:       backport-Add-support-for-wolfSSL-cryptographic-library.patch
+Patch88:       backport-Share-common-SAE-and-EAP-pwd-functionality-suitable-.patch
+Patch89:       backport-0001-CVE-2022-23303-CVE-2022-23304.patch
+Patch90:       backport-0002-CVE-2022-23303-CVE-2022-23304.patch
+Patch91:       backport-0003-CVE-2022-23303-CVE-2022-23304.patch
+Patch92:       backport-0004-CVE-2022-23303-CVE-2022-23304.patch
+Patch93:       CVE-2023-52160.patch
+Patch94:       backport-CVE-2024-5290.patch
 
 BuildRequires: qt-devel >= 4.0 openssl-devel readline-devel dbus-devel libnl3-devel systemd-units docbook-utils
 Requires(post): systemd-sysv
@@ -192,6 +201,33 @@ install -m644 %{name}/doc/docbook/*.5 %{buildroot}%{_mandir}/man5
 %{_mandir}/man5/*
 
 %changelog
+* Fri Aug 09 2024 zhangxianting <zhangxianting@uniontech.com> - 1:2.6-32
+- Type:cves
+- ID:CVE-2024-5290
+- SUG:NA
+- DESC:fix CVE-2024-5290
+
+* Thu Apr 25 2024 dillon chen <dillon.chen@gmail.com> - 1:2.6-31
+- Type:cves
+- ID:CVE-2023-52160
+- SUG:NA
+- DESC:fix CVE-2023-52160
+
+* Wed Jan 26 2022 shixuantong <shixuantong@huawei.com> - 1:2.6-30
+- Type:cves
+- ID:CVE-2022-23303 CVE-2022-23304
+- SUG:NA
+- DESC:fix CVE-2022-23303 CVE-2022-23304
+
+* Thu Sep 23 2021 gaoyusong <gaoyusong1@huawei.com> - 1:2.6-29
+- Type:cves
+- ID: CVE-2021-0326
+- SUG:NA
+- DESC: fix CVE-2021-0326
+
+* Thu Mar 11 2021 openEuler Buildteam <buildteam@openeuler.org> - 1:2.6-28
+- fix CVE-2021-27803
+
 * Thu Dec 24 2020 wuchaochao <wuchaochao4@huawei.com> - 1:2.6-27
 - Type:cves
 - ID: CVE-2019-13377