lede-project
diff --git a/‎package/network/services/hostapd/Makefile‎
Lines changed: 3 additions & 3 deletions b/‎package/network/services/hostapd/Makefile‎
Lines changed: 3 additions & 3 deletions
diff --git a/‎package/network/services/hostapd/patches/010-mesh-Allow-DFS-channels-to-be-selected-if-dfs-is-ena.patch‎
Lines changed: 12 additions & 12 deletions b/‎package/network/services/hostapd/patches/010-mesh-Allow-DFS-channels-to-be-selected-if-dfs-is-ena.patch‎
Lines changed: 12 additions & 12 deletions
diff --git a/‎package/network/services/hostapd/patches/011-mesh-use-deterministic-channel-on-channel-switch.patch‎
Lines changed: 1 addition & 1 deletion b/‎package/network/services/hostapd/patches/011-mesh-use-deterministic-channel-on-channel-switch.patch‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎package/network/services/hostapd/patches/021-fix-sta-add-after-previous-connection.patch‎
Lines changed: 2 additions & 2 deletions b/‎package/network/services/hostapd/patches/021-fix-sta-add-after-previous-connection.patch‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎package/network/services/hostapd/patches/050-Fix-OpenWrt-13156.patch‎
Lines changed: 3 additions & 3 deletions b/‎package/network/services/hostapd/patches/050-Fix-OpenWrt-13156.patch‎
Lines changed: 3 additions & 3 deletions
diff --git a/‎package/network/services/hostapd/patches/051-nl80211-add-extra-ies-only-if-allowed-by-driver.patch‎
Lines changed: 3 additions & 3 deletions b/‎package/network/services/hostapd/patches/051-nl80211-add-extra-ies-only-if-allowed-by-driver.patch‎
Lines changed: 3 additions & 3 deletions
diff --git a/‎package/network/services/hostapd/patches/110-mbedtls-TLS-crypto-option-initial-port.patch‎
Lines changed: 19 additions & 19 deletions b/‎package/network/services/hostapd/patches/110-mbedtls-TLS-crypto-option-initial-port.patch‎
Lines changed: 19 additions & 19 deletions
diff --git a/‎package/network/services/hostapd/patches/120-mbedtls-fips186_2_prf.patch‎
Lines changed: 2 additions & 2 deletions b/‎package/network/services/hostapd/patches/120-mbedtls-fips186_2_prf.patch‎
Lines changed: 2 additions & 2 deletions
@@ -9,9 +9,9 @@ PKG_RELEASE:=1
 
 PKG_SOURCE_URL:=https://w1.fi/hostap.git
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_DATE:=2026-03-23
-PKG_SOURCE_VERSION:=3f9b7ae0780973446d3feea27b4caf6dbf43f0c6
-PKG_MIRROR_HASH:=5421a6bfe145559d27930010f1aba7781a483898e6de5462024871388f114661
+PKG_SOURCE_DATE:=2026-04-02
+PKG_SOURCE_VERSION:=b004de0bf1b54d669d358b7f33d6f474bd9719a6
+PKG_MIRROR_HASH:=0b0184e600c994a1f0415f52e8af26b39f13e376a30cdf0b4f3ca1a206e52fc8
 
 PKG_MAINTAINER:=Felix Fietkau <nbd@nbd.name>
 PKG_LICENSE:=BSD-3-Clause
 
@@ -14,7 +14,7 @@ Signed-off-by: Peter Oh <peter.oh@bowerswilkins.com>
 
 --- a/wpa_supplicant/wpa_supplicant.c
 +++ b/wpa_supplicant/wpa_supplicant.c
-@@ -3047,7 +3047,7 @@ static int drv_supports_vht(struct wpa_s
+@@ -3048,7 +3048,7 @@ static int drv_supports_vht(struct wpa_s
  }
 
 
@@ -23,7 +23,7 @@ Signed-off-by: Peter Oh <peter.oh@bowerswilkins.com>
  {
  	int i;
 
-@@ -3056,7 +3056,10 @@ static bool ibss_mesh_is_80mhz_avail(int
+@@ -3057,7 +3057,10 @@ static bool ibss_mesh_is_80mhz_avail(int
 
  		chan = hw_get_channel_chan(mode, i, NULL);
  		if (!chan ||
@@ -35,7 +35,7 @@ Signed-off-by: Peter Oh <peter.oh@bowerswilkins.com>
  			return false;
  	}
 
-@@ -3183,7 +3186,7 @@ static void ibss_mesh_select_40mhz(struc
+@@ -3184,7 +3187,7 @@ static void ibss_mesh_select_40mhz(struc
  				   const struct wpa_ssid *ssid,
  				   struct hostapd_hw_modes *mode,
  				   struct hostapd_freq_params *freq,
@@ -44,7 +44,7 @@ Signed-off-by: Peter Oh <peter.oh@bowerswilkins.com>
  {
  	int chan_idx;
  	struct hostapd_channel_data *pri_chan = NULL, *sec_chan = NULL;
-@@ -3214,8 +3217,11 @@ static void ibss_mesh_select_40mhz(struc
+@@ -3215,8 +3218,11 @@ static void ibss_mesh_select_40mhz(struc
  		return;
 
  	/* Check primary channel flags */
@@ -58,7 +58,7 @@ Signed-off-by: Peter Oh <peter.oh@bowerswilkins.com>
 
  #ifdef CONFIG_HT_OVERRIDES
  	if (ssid->disable_ht40)
-@@ -3250,8 +3256,11 @@ static void ibss_mesh_select_40mhz(struc
+@@ -3251,8 +3257,11 @@ static void ibss_mesh_select_40mhz(struc
  		return;
 
  	/* Check secondary channel flags */
@@ -72,7 +72,7 @@ Signed-off-by: Peter Oh <peter.oh@bowerswilkins.com>
 
  	if (freq->ht_enabled) {
  		if (ht40 == -1) {
-@@ -3329,7 +3338,7 @@ static bool ibss_mesh_select_80_160mhz(s
+@@ -3330,7 +3339,7 @@ static bool ibss_mesh_select_80_160mhz(s
  				       const struct wpa_ssid *ssid,
  				       struct hostapd_hw_modes *mode,
  				       struct hostapd_freq_params *freq,
@@ -81,7 +81,7 @@ Signed-off-by: Peter Oh <peter.oh@bowerswilkins.com>
  	static const int bw80[] = {
  		5180, 5260, 5500, 5580, 5660, 5745, 5825,
  		5955, 6035, 6115, 6195, 6275, 6355, 6435,
-@@ -3382,7 +3391,7 @@ static bool ibss_mesh_select_80_160mhz(s
+@@ -3383,7 +3392,7 @@ static bool ibss_mesh_select_80_160mhz(s
  		goto skip_80mhz;
 
  	/* Use 40 MHz if channel not usable */
@@ -90,7 +90,7 @@ Signed-off-by: Peter Oh <peter.oh@bowerswilkins.com>
  		goto skip_80mhz;
 
  	chwidth = CONF_OPER_CHWIDTH_80MHZ;
-@@ -3424,7 +3433,7 @@ static bool ibss_mesh_select_80_160mhz(s
+@@ -3425,7 +3434,7 @@ static bool ibss_mesh_select_80_160mhz(s
  	     HE_PHYCAP_CHANNEL_WIDTH_SET_160MHZ_IN_5G) &&
  	    (ssid->max_oper_chwidth == CONF_OPER_CHWIDTH_160MHZ ||
  	     ssid->max_oper_chwidth == CONF_OPER_CHWIDTH_320MHZ) &&
@@ -99,7 +99,7 @@ Signed-off-by: Peter Oh <peter.oh@bowerswilkins.com>
  		for (j = 0; j < ARRAY_SIZE(bw160); j++) {
  			u8 start_chan;
 
-@@ -3447,11 +3456,11 @@ static bool ibss_mesh_select_80_160mhz(s
+@@ -3448,11 +3457,11 @@ static bool ibss_mesh_select_80_160mhz(s
  	     EHT_PHYCAP_320MHZ_IN_6GHZ_SUPPORT_MASK) && is_6ghz &&
  	    ssid->max_oper_chwidth == CONF_OPER_CHWIDTH_320MHZ &&
  	    ibss_mesh_is_80mhz_avail(channel + 16 -
@@ -114,7 +114,7 @@ Signed-off-by: Peter Oh <peter.oh@bowerswilkins.com>
  		for (j = 0; j < ARRAY_SIZE(bw320); j += 2) {
  			if (freq->freq >= bw320[j] &&
  			    freq->freq <= bw320[j + 1]) {
-@@ -3480,10 +3489,12 @@ static bool ibss_mesh_select_80_160mhz(s
+@@ -3481,10 +3490,12 @@ static bool ibss_mesh_select_80_160mhz(s
  				if (!chan)
  					continue;
 
@@ -131,15 +131,15 @@ Signed-off-by: Peter Oh <peter.oh@bowerswilkins.com>
 
  				/* Found a suitable second segment for 80+80 */
  				chwidth = CONF_OPER_CHWIDTH_80P80MHZ;
-@@ -3538,6 +3549,7 @@ void ibss_mesh_setup_freq(struct wpa_sup
+@@ -3539,6 +3550,7 @@ void ibss_mesh_setup_freq(struct wpa_sup
  	int obss_scan = 1;
  	u8 channel;
  	bool is_6ghz, is_24ghz;
 +	bool dfs_enabled = wpa_s->conf->country[0] && (wpa_s->drv_flags & WPA_DRIVER_FLAGS_RADAR);
 
  	freq->freq = ssid->frequency;
 
-@@ -3581,9 +3593,9 @@ void ibss_mesh_setup_freq(struct wpa_sup
+@@ -3582,9 +3594,9 @@ void ibss_mesh_setup_freq(struct wpa_sup
  	/* Setup higher BW only for 5 and 6 GHz */
  	if (mode->mode == HOSTAPD_MODE_IEEE80211A) {
  		ibss_mesh_select_40mhz(wpa_s, ssid, mode, freq, obss_scan,
 
@@ -68,7 +68,7 @@ Signed-off-by: Markus Theil <markus.theil@tu-ilmenau.de>
  		   chan_idx, num_available_chandefs);
 --- a/src/drivers/driver_nl80211.c
 +++ b/src/drivers/driver_nl80211.c
-@@ -12010,6 +12010,10 @@ static int nl80211_switch_channel(void *
+@@ -12012,6 +12012,10 @@ static int nl80211_switch_channel(void *
  	if (ret)
  		goto error;
 
 
@@ -4,7 +4,7 @@ Subject: [PATCH] fix adding back stations after a missed deauth/disassoc
 
 --- a/src/ap/ieee802_11.c
 +++ b/src/ap/ieee802_11.c
-@@ -5566,6 +5566,13 @@ static int add_associated_sta(struct hos
+@@ -6370,6 +6370,13 @@ static int add_associated_sta(struct hos
  	 * drivers to accept the STA parameter configuration. Since this is
  	 * after a new FT-over-DS exchange, a new TK has been derived, so key
  	 * reinstallation is not a concern for this case.
@@ -18,7 +18,7 @@ Subject: [PATCH] fix adding back stations after a missed deauth/disassoc
  	 */
  	wpa_printf(MSG_DEBUG, "Add associated STA " MACSTR
  		   " (added_unassoc=%d auth_alg=%u ft_over_ds=%u reassoc=%d authorized=%d ft_tk=%d fils_tk=%d)",
-@@ -5579,7 +5586,8 @@ static int add_associated_sta(struct hos
+@@ -6383,7 +6390,8 @@ static int add_associated_sta(struct hos
  	    (!(sta->flags & WLAN_STA_AUTHORIZED) ||
  	     (reassoc && sta->ft_over_ds && sta->auth_alg == WLAN_AUTH_FT) ||
  	     (!wpa_auth_sta_ft_tk_already_set(sta->wpa_sm) &&
 
@@ -20,7 +20,7 @@ Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
 
 --- a/src/ap/hostapd.c
 +++ b/src/ap/hostapd.c
-@@ -4123,6 +4123,8 @@ int hostapd_remove_iface(struct hapd_int
+@@ -4126,6 +4126,8 @@ int hostapd_remove_iface(struct hapd_int
  void hostapd_new_assoc_sta(struct hostapd_data *hapd, struct sta_info *sta,
  			   int reassoc)
  {
@@ -29,7 +29,7 @@ Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
  	if (hapd->tkip_countermeasures) {
  		hostapd_drv_sta_deauth(hapd, sta->addr,
  				       WLAN_REASON_MICHAEL_MIC_FAILURE);
-@@ -4130,10 +4132,16 @@ void hostapd_new_assoc_sta(struct hostap
+@@ -4133,10 +4135,16 @@ void hostapd_new_assoc_sta(struct hostap
  	}
 
  #ifdef CONFIG_IEEE80211BE
@@ -51,7 +51,7 @@ Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
  	ap_sta_clear_assoc_timeout(hapd, sta);
 --- a/src/ap/sta_info.c
 +++ b/src/ap/sta_info.c
-@@ -1736,9 +1736,6 @@ bool ap_sta_set_authorized_flag(struct h
+@@ -1742,9 +1742,6 @@ bool ap_sta_set_authorized_flag(struct h
  				mld_assoc_link_id = -2;
  		}
  #endif /* CONFIG_IEEE80211BE */
 
@@ -26,7 +26,7 @@ Signed-off-by: David Bauer <mail@david-bauer.net>
 
 --- a/src/drivers/driver.h
 +++ b/src/drivers/driver.h
-@@ -2467,6 +2467,9 @@ struct wpa_driver_capa {
+@@ -2469,6 +2469,9 @@ struct wpa_driver_capa {
  	/** Maximum number of iterations in a single scan plan */
  	u32 max_sched_scan_plan_iterations;
 
@@ -38,7 +38,7 @@ Signed-off-by: David Bauer <mail@david-bauer.net>
 
 --- a/src/drivers/driver_nl80211_capa.c
 +++ b/src/drivers/driver_nl80211_capa.c
-@@ -1000,6 +1000,10 @@ static int wiphy_info_handler(struct nl_
+@@ -1004,6 +1004,10 @@ static int wiphy_info_handler(struct nl_
  			nla_get_u32(tb[NL80211_ATTR_MAX_SCAN_PLAN_ITERATIONS]);
  	}
 
@@ -51,7 +51,7 @@ Signed-off-by: David Bauer <mail@david-bauer.net>
  			nla_get_u8(tb[NL80211_ATTR_MAX_MATCH_SETS]);
 --- a/src/drivers/driver_nl80211_scan.c
 +++ b/src/drivers/driver_nl80211_scan.c
-@@ -235,7 +235,7 @@ nl80211_scan_common(struct i802_bss *bss
+@@ -236,7 +236,7 @@ nl80211_scan_common(struct i802_bss *bss
  		wpa_printf(MSG_DEBUG, "nl80211: Passive scan requested");
  	}
 
 
@@ -21,7 +21,7 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 
 --- a/hostapd/Makefile
 +++ b/hostapd/Makefile
-@@ -769,6 +769,40 @@ endif
+@@ -774,6 +774,40 @@ endif
  CFLAGS += -DTLS_DEFAULT_CIPHERS=\"$(CONFIG_TLS_DEFAULT_CIPHERS)\"
  endif
 
@@ -62,7 +62,7 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
  ifeq ($(CONFIG_TLS), gnutls)
  ifndef CONFIG_CRYPTO
  # default to libgcrypt
-@@ -948,9 +982,11 @@ endif
+@@ -953,9 +987,11 @@ endif
 
  ifneq ($(CONFIG_TLS), openssl)
  ifneq ($(CONFIG_TLS), wolfssl)
@@ -74,7 +74,7 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
  ifdef NEED_AES_EAX
  AESOBJS += ../src/crypto/aes-eax.o
  NEED_AES_CTR=y
-@@ -960,38 +996,48 @@ AESOBJS += ../src/crypto/aes-siv.o
+@@ -965,38 +1001,48 @@ AESOBJS += ../src/crypto/aes-siv.o
  NEED_AES_CTR=y
  endif
  ifdef NEED_AES_CTR
@@ -123,7 +123,7 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
  ifdef NEED_AES_DEC
  ifdef CONFIG_INTERNAL_AES
  AESOBJS += ../src/crypto/aes-internal-dec.o
-@@ -1006,12 +1052,16 @@ ifneq ($(CONFIG_TLS), openssl)
+@@ -1011,12 +1057,16 @@ ifneq ($(CONFIG_TLS), openssl)
  ifneq ($(CONFIG_TLS), linux)
  ifneq ($(CONFIG_TLS), gnutls)
  ifneq ($(CONFIG_TLS), wolfssl)
@@ -140,7 +140,7 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
  ifdef CONFIG_INTERNAL_SHA1
  SHA1OBJS += ../src/crypto/sha1-internal.o
  ifdef NEED_FIPS186_2_PRF
-@@ -1020,16 +1070,22 @@ endif
+@@ -1025,16 +1075,22 @@ endif
  endif
  ifneq ($(CONFIG_TLS), openssl)
  ifneq ($(CONFIG_TLS), wolfssl)
@@ -163,7 +163,7 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 
  ifdef NEED_SHA1
  OBJS += $(SHA1OBJS)
-@@ -1039,11 +1095,13 @@ ifneq ($(CONFIG_TLS), openssl)
+@@ -1044,11 +1100,13 @@ ifneq ($(CONFIG_TLS), openssl)
  ifneq ($(CONFIG_TLS), linux)
  ifneq ($(CONFIG_TLS), gnutls)
  ifneq ($(CONFIG_TLS), wolfssl)
@@ -177,7 +177,7 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 
  ifdef NEED_MD5
  ifdef CONFIG_INTERNAL_MD5
-@@ -1096,56 +1154,81 @@ ifneq ($(CONFIG_TLS), openssl)
+@@ -1101,56 +1159,81 @@ ifneq ($(CONFIG_TLS), openssl)
  ifneq ($(CONFIG_TLS), linux)
  ifneq ($(CONFIG_TLS), gnutls)
  ifneq ($(CONFIG_TLS), wolfssl)
@@ -259,7 +259,7 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 
  ifdef CONFIG_INTERNAL_SHA384
  CFLAGS += -DCONFIG_INTERNAL_SHA384
-@@ -1190,11 +1273,13 @@ HOBJS += $(SHA1OBJS)
+@@ -1195,11 +1278,13 @@ HOBJS += $(SHA1OBJS)
  ifneq ($(CONFIG_TLS), openssl)
  ifneq ($(CONFIG_TLS), linux)
  ifneq ($(CONFIG_TLS), wolfssl)
@@ -273,7 +273,7 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 
  ifdef CONFIG_RADIUS_SERVER
  CFLAGS += -DRADIUS_SERVER
-@@ -1374,7 +1459,9 @@ NOBJS += ../src/utils/trace.o
+@@ -1379,7 +1464,9 @@ NOBJS += ../src/utils/trace.o
  endif
 
  HOBJS += hlr_auc_gw.o ../src/utils/common.o ../src/utils/wpa_debug.o ../src/utils/os_$(CONFIG_OS).o ../src/utils/wpabuf.o ../src/crypto/milenage.o
@@ -283,7 +283,7 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
  ifdef CONFIG_INTERNAL_AES
  HOBJS += ../src/crypto/aes-internal.o
  HOBJS += ../src/crypto/aes-internal-enc.o
-@@ -1397,18 +1484,24 @@ SOBJS += ../src/common/sae.o
+@@ -1402,18 +1489,24 @@ SOBJS += ../src/common/sae.o
  SOBJS += ../src/common/sae_pk.o
  SOBJS += ../src/common/dragonfly.o
  SOBJS += $(AESOBJS)
@@ -7770,7 +7770,7 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
  CONFIG_SIM_SIMULATOR=y
 --- a/wpa_supplicant/Makefile
 +++ b/wpa_supplicant/Makefile
-@@ -1266,6 +1266,29 @@ endif
+@@ -1271,6 +1271,29 @@ endif
  CFLAGS += -DTLS_DEFAULT_CIPHERS=\"$(CONFIG_TLS_DEFAULT_CIPHERS)\"
  endif
 
@@ -7800,7 +7800,7 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
  ifeq ($(CONFIG_TLS), gnutls)
  ifndef CONFIG_CRYPTO
  # default to libgcrypt
-@@ -1458,9 +1481,11 @@ endif
+@@ -1463,9 +1486,11 @@ endif
 
  ifneq ($(CONFIG_TLS), openssl)
  ifneq ($(CONFIG_TLS), wolfssl)
@@ -7812,7 +7812,7 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
  ifdef CONFIG_OPENSSL_INTERNAL_AES_WRAP
  # Seems to be needed at least with BoringSSL
  NEED_INTERNAL_AES_WRAP=y
-@@ -1474,9 +1499,11 @@ endif
+@@ -1479,9 +1504,11 @@ endif
 
  ifdef NEED_INTERNAL_AES_WRAP
  ifneq ($(CONFIG_TLS), linux)
@@ -7824,7 +7824,7 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
  ifdef NEED_AES_EAX
  AESOBJS += ../src/crypto/aes-eax.o
  NEED_AES_CTR=y
-@@ -1486,35 +1513,45 @@ AESOBJS += ../src/crypto/aes-siv.o
+@@ -1491,35 +1518,45 @@ AESOBJS += ../src/crypto/aes-siv.o
  NEED_AES_CTR=y
  endif
  ifdef NEED_AES_CTR
@@ -7870,7 +7870,7 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
  ifdef NEED_AES_ENC
  ifdef CONFIG_INTERNAL_AES
  AESOBJS += ../src/crypto/aes-internal-enc.o
-@@ -1529,12 +1566,16 @@ ifneq ($(CONFIG_TLS), openssl)
+@@ -1534,12 +1571,16 @@ ifneq ($(CONFIG_TLS), openssl)
  ifneq ($(CONFIG_TLS), linux)
  ifneq ($(CONFIG_TLS), gnutls)
  ifneq ($(CONFIG_TLS), wolfssl)
@@ -7887,7 +7887,7 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
  ifdef CONFIG_INTERNAL_SHA1
  SHA1OBJS += ../src/crypto/sha1-internal.o
  ifdef NEED_FIPS186_2_PRF
-@@ -1546,29 +1587,37 @@ CFLAGS += -DCONFIG_NO_PBKDF2
+@@ -1551,29 +1592,37 @@ CFLAGS += -DCONFIG_NO_PBKDF2
  else
  ifneq ($(CONFIG_TLS), openssl)
  ifneq ($(CONFIG_TLS), wolfssl)
@@ -7925,7 +7925,7 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
  ifdef NEED_MD5
  ifdef CONFIG_INTERNAL_MD5
  MD5OBJS += ../src/crypto/md5-internal.o
-@@ -1623,12 +1672,17 @@ ifneq ($(CONFIG_TLS), openssl)
+@@ -1628,12 +1677,17 @@ ifneq ($(CONFIG_TLS), openssl)
  ifneq ($(CONFIG_TLS), linux)
  ifneq ($(CONFIG_TLS), gnutls)
  ifneq ($(CONFIG_TLS), wolfssl)
@@ -7943,7 +7943,7 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
  ifdef CONFIG_INTERNAL_SHA256
  SHA256OBJS += ../src/crypto/sha256-internal.o
  endif
-@@ -1641,50 +1695,68 @@ CFLAGS += -DCONFIG_INTERNAL_SHA512
+@@ -1646,50 +1700,68 @@ CFLAGS += -DCONFIG_INTERNAL_SHA512
  SHA256OBJS += ../src/crypto/sha512-internal.o
  endif
  ifdef NEED_TLS_PRF_SHA256
@@ -8012,7 +8012,7 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 
  ifdef NEED_ASN1
  OBJS += ../src/tls/asn1.o
-@@ -1859,10 +1931,12 @@ ifdef CONFIG_FIPS
+@@ -1864,10 +1936,12 @@ ifdef CONFIG_FIPS
  CFLAGS += -DCONFIG_FIPS
  ifneq ($(CONFIG_TLS), openssl)
  ifneq ($(CONFIG_TLS), wolfssl)
 
@@ -12,7 +12,7 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 
 --- a/hostapd/Makefile
 +++ b/hostapd/Makefile
-@@ -783,10 +783,6 @@ endif
+@@ -788,10 +788,6 @@ endif
  OBJS += ../src/crypto/crypto_$(CONFIG_CRYPTO).o
  HOBJS += ../src/crypto/crypto_$(CONFIG_CRYPTO).o
  SOBJS += ../src/crypto/crypto_$(CONFIG_CRYPTO).o
@@ -101,7 +101,7 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 
 --- a/wpa_supplicant/Makefile
 +++ b/wpa_supplicant/Makefile
-@@ -1277,10 +1277,6 @@ endif
+@@ -1282,10 +1282,6 @@ endif
  OBJS += ../src/crypto/crypto_$(CONFIG_CRYPTO).o
  OBJS_p += ../src/crypto/crypto_$(CONFIG_CRYPTO).o
  OBJS_priv += ../src/crypto/crypto_$(CONFIG_CRYPTO).o