Revert "Cumulative patch from commit 4ec1fd8e42bad9390f14a58225b6e5f6fb691950"

This reverts commit 78a5dac804c22aa6e4ec8226a864d3b0d6ccddbb.

Test: None
diff --git a/wpa_supplicant/Android.mk b/wpa_supplicant/Android.mk
index 22a56b6..e52ff14 100644
--- a/wpa_supplicant/Android.mk
+++ b/wpa_supplicant/Android.mk
@@ -210,10 +210,6 @@
 NEED_AES_OMAC1=y
 endif
 
-ifdef CONFIG_IEEE80211R_AP
-CONFIG_IEEE80211R=y
-endif
-
 ifdef CONFIG_IEEE80211R
 L_CFLAGS += -DCONFIG_IEEE80211R
 OBJS += src/rsn_supp/wpa_ft.c
@@ -242,13 +238,6 @@
 NEED_DH_GROUPS=y
 endif
 
-ifdef CONFIG_FILS
-L_CFLAGS += -DCONFIG_FILS
-NEED_CRC32=y
-NEED_SHA384=y
-NEED_AES_SIV=y
-endif
-
 ifdef CONFIG_WNM
 L_CFLAGS += -DCONFIG_WNM
 OBJS += wnm_sta.c
@@ -845,6 +834,11 @@
 endif
 endif
 
+ifdef CONFIG_MBO
+OBJS += mbo.c
+L_CFLAGS += -DCONFIG_MBO
+endif
+
 ifdef NEED_AP_MLME
 OBJS += src/ap/wmm.c
 OBJS += src/ap/ap_list.c
@@ -866,19 +860,13 @@
 endif
 endif
 
-ifdef CONFIG_MBO
-OBJS += mbo.c
-L_CFLAGS += -DCONFIG_MBO
-endif
-
 ifdef NEED_RSN_AUTHENTICATOR
 L_CFLAGS += -DCONFIG_NO_RADIUS
 NEED_AES_WRAP=y
 OBJS += src/ap/wpa_auth.c
 OBJS += src/ap/wpa_auth_ie.c
 OBJS += src/ap/pmksa_cache_auth.c
-ifdef CONFIG_IEEE80211R_AP
-L_CFLAGS += -DCONFIG_IEEE80211R_AP
+ifdef CONFIG_IEEE80211R
 OBJS += src/ap/wpa_auth_ft.c
 endif
 ifdef CONFIG_PEERKEY
@@ -1296,10 +1284,6 @@
 L_CFLAGS += -DCONFIG_ECC
 endif
 
-ifdef NEED_CRC32
-OBJS += src/utils/crc32.c
-endif
-
 ifdef CONFIG_NO_RANDOM_POOL
 L_CFLAGS += -DCONFIG_NO_RANDOM_POOL
 else
diff --git a/wpa_supplicant/ChangeLog b/wpa_supplicant/ChangeLog
index f28055f..e62d8c7 100644
--- a/wpa_supplicant/ChangeLog
+++ b/wpa_supplicant/ChangeLog
@@ -1,6 +1,6 @@
 ChangeLog for wpa_supplicant
 
-2016-10-02 - v2.6
+????-??-?? - v2.6
 	* fixed WNM Sleep Mode processing when PMF is not enabled
 	  [http://w1.fi/security/2015-6/] (CVE-2015-5310)
 	* fixed EAP-pwd last fragment validation
diff --git a/wpa_supplicant/Makefile b/wpa_supplicant/Makefile
index e56ce97..f3e86c1 100644
--- a/wpa_supplicant/Makefile
+++ b/wpa_supplicant/Makefile
@@ -243,10 +243,6 @@
 NEED_AES_OMAC1=y
 endif
 
-ifdef CONFIG_IEEE80211R_AP
-CONFIG_IEEE80211R=y
-endif
-
 ifdef CONFIG_IEEE80211R
 CFLAGS += -DCONFIG_IEEE80211R
 OBJS += ../src/rsn_supp/wpa_ft.o
@@ -275,13 +271,6 @@
 NEED_DH_GROUPS=y
 endif
 
-ifdef CONFIG_FILS
-CFLAGS += -DCONFIG_FILS
-NEED_CRC32=y
-NEED_SHA384=y
-NEED_AES_SIV=y
-endif
-
 ifdef CONFIG_WNM
 CFLAGS += -DCONFIG_WNM
 OBJS += wnm_sta.o
@@ -886,6 +875,11 @@
 endif
 endif
 
+ifdef CONFIG_MBO
+OBJS += mbo.o
+CFLAGS += -DCONFIG_MBO
+endif
+
 ifdef NEED_AP_MLME
 OBJS += ../src/ap/wmm.o
 OBJS += ../src/ap/ap_list.o
@@ -907,19 +901,13 @@
 endif
 endif
 
-ifdef CONFIG_MBO
-OBJS += mbo.o
-CFLAGS += -DCONFIG_MBO
-endif
-
 ifdef NEED_RSN_AUTHENTICATOR
 CFLAGS += -DCONFIG_NO_RADIUS
 NEED_AES_WRAP=y
 OBJS += ../src/ap/wpa_auth.o
 OBJS += ../src/ap/wpa_auth_ie.o
 OBJS += ../src/ap/pmksa_cache_auth.o
-ifdef CONFIG_IEEE80211R_AP
-CFLAGS += -DCONFIG_IEEE80211R_AP
+ifdef CONFIG_IEEE80211R
 OBJS += ../src/ap/wpa_auth_ft.o
 endif
 ifdef CONFIG_PEERKEY
@@ -1342,10 +1330,6 @@
 CFLAGS += -DCONFIG_ECC
 endif
 
-ifdef NEED_CRC32
-OBJS += ../src/utils/crc32.o
-endif
-
 ifdef CONFIG_NO_RANDOM_POOL
 CFLAGS += -DCONFIG_NO_RANDOM_POOL
 else
diff --git a/wpa_supplicant/autoscan.c b/wpa_supplicant/autoscan.c
index 5056a93..072a1d5 100644
--- a/wpa_supplicant/autoscan.c
+++ b/wpa_supplicant/autoscan.c
@@ -47,16 +47,11 @@
 	struct sched_scan_plan *scan_plans;
 
 	/* Give preference to scheduled scan plans if supported/configured */
-	if (wpa_s->sched_scan_plans) {
-		wpa_printf(MSG_DEBUG,
-			   "autoscan: sched_scan_plans set - use it instead");
+	if (wpa_s->sched_scan_plans)
 		return 0;
-	}
 
-	if (wpa_s->autoscan && wpa_s->autoscan_priv) {
-		wpa_printf(MSG_DEBUG, "autoscan: Already initialized");
+	if (wpa_s->autoscan && wpa_s->autoscan_priv)
 		return 0;
-	}
 
 	if (name == NULL)
 		return 0;
diff --git a/wpa_supplicant/bss.c b/wpa_supplicant/bss.c
index 3a8778d..3687a2e 100644
--- a/wpa_supplicant/bss.c
+++ b/wpa_supplicant/bss.c
@@ -214,8 +214,8 @@
 }
 
 
-void wpa_bss_remove(struct wpa_supplicant *wpa_s, struct wpa_bss *bss,
-		    const char *reason)
+static void wpa_bss_remove(struct wpa_supplicant *wpa_s, struct wpa_bss *bss,
+			   const char *reason)
 {
 	if (wpa_s->last_scan_res) {
 		unsigned int i;
diff --git a/wpa_supplicant/bss.h b/wpa_supplicant/bss.h
index 84e8fb0..f7f72f3 100644
--- a/wpa_supplicant/bss.h
+++ b/wpa_supplicant/bss.h
@@ -113,8 +113,6 @@
 void wpa_bss_update_scan_res(struct wpa_supplicant *wpa_s,
 			     struct wpa_scan_res *res,
 			     struct os_reltime *fetch_time);
-void wpa_bss_remove(struct wpa_supplicant *wpa_s, struct wpa_bss *bss,
-		    const char *reason);
 void wpa_bss_update_end(struct wpa_supplicant *wpa_s, struct scan_info *info,
 			int new_scan);
 int wpa_bss_init(struct wpa_supplicant *wpa_s);
diff --git a/wpa_supplicant/config.c b/wpa_supplicant/config.c
index a0b64b2..dd922ca 100644
--- a/wpa_supplicant/config.c
+++ b/wpa_supplicant/config.c
@@ -719,18 +719,6 @@
 		else if (os_strcmp(start, "WPA-EAP-SUITE-B-192") == 0)
 			val |= WPA_KEY_MGMT_IEEE8021X_SUITE_B_192;
 #endif /* CONFIG_SUITEB192 */
-#ifdef CONFIG_FILS
-		else if (os_strcmp(start, "FILS-SHA256") == 0)
-			val |= WPA_KEY_MGMT_FILS_SHA256;
-		else if (os_strcmp(start, "FILS-SHA384") == 0)
-			val |= WPA_KEY_MGMT_FILS_SHA384;
-#ifdef CONFIG_IEEE80211R
-		else if (os_strcmp(start, "FT-FILS-SHA256") == 0)
-			val |= WPA_KEY_MGMT_FT_FILS_SHA256;
-		else if (os_strcmp(start, "FT-FILS-SHA384") == 0)
-			val |= WPA_KEY_MGMT_FT_FILS_SHA384;
-#endif /* CONFIG_IEEE80211R */
-#endif /* CONFIG_FILS */
 		else {
 			wpa_printf(MSG_ERROR, "Line %d: invalid key_mgmt '%s'",
 				   line, start);
diff --git a/wpa_supplicant/ctrl_iface.c b/wpa_supplicant/ctrl_iface.c
index a754943..1b81797 100644
--- a/wpa_supplicant/ctrl_iface.c
+++ b/wpa_supplicant/ctrl_iface.c
@@ -532,8 +532,6 @@
 #endif /* CONFIG_MBO */
 	} else if (os_strcasecmp(cmd, "lci") == 0) {
 		ret = wpas_ctrl_iface_set_lci(wpa_s, value);
-	} else if (os_strcasecmp(cmd, "tdls_trigger_control") == 0) {
-		ret = wpa_drv_set_tdls_mode(wpa_s, atoi(value));
 	} else {
 		value[-1] = '=';
 		ret = wpa_config_process_global(wpa_s->conf, cmd, -1);
@@ -2439,39 +2437,6 @@
 	}
 #endif /* CONFIG_SUITEB192 */
 
-#ifdef CONFIG_FILS
-	if (data.key_mgmt & WPA_KEY_MGMT_FILS_SHA256) {
-		ret = os_snprintf(pos, end - pos, "%sFILS-SHA256",
-				  pos == start ? "" : "+");
-		if (os_snprintf_error(end - pos, ret))
-			return pos;
-		pos += ret;
-	}
-	if (data.key_mgmt & WPA_KEY_MGMT_FILS_SHA384) {
-		ret = os_snprintf(pos, end - pos, "%sFILS-SHA384",
-				  pos == start ? "" : "+");
-		if (os_snprintf_error(end - pos, ret))
-			return pos;
-		pos += ret;
-	}
-#ifdef CONFIG_IEEE80211R
-	if (data.key_mgmt & WPA_KEY_MGMT_FT_FILS_SHA256) {
-		ret = os_snprintf(pos, end - pos, "%sFT-FILS-SHA256",
-				  pos == start ? "" : "+");
-		if (os_snprintf_error(end - pos, ret))
-			return pos;
-		pos += ret;
-	}
-	if (data.key_mgmt & WPA_KEY_MGMT_FT_FILS_SHA384) {
-		ret = os_snprintf(pos, end - pos, "%sFT-FILS-SHA384",
-				  pos == start ? "" : "+");
-		if (os_snprintf_error(end - pos, ret))
-			return pos;
-		pos += ret;
-	}
-#endif /* CONFIG_IEEE80211R */
-#endif /* CONFIG_FILS */
-
 	if (data.key_mgmt & WPA_KEY_MGMT_OSEN) {
 		ret = os_snprintf(pos, end - pos, "%sOSEN",
 				  pos == start ? "" : "+");
@@ -2643,14 +2608,6 @@
 		pos += ret;
 	}
 #endif /* CONFIG_HS20 */
-#ifdef CONFIG_FILS
-	if (wpa_bss_get_ie(bss, WLAN_EID_FILS_INDICATION)) {
-		ret = os_snprintf(pos, end - pos, "[FILS]");
-		if (os_snprintf_error(end - pos, ret))
-			return -1;
-		pos += ret;
-	}
-#endif /* CONFIG_FILS */
 #ifdef CONFIG_FST
 	if (wpa_bss_get_ie(bss, WLAN_EID_MULTI_BAND)) {
 		ret = os_snprintf(pos, end - pos, "[FST]");
@@ -4049,16 +4006,6 @@
 	}
 #endif /* CONFIG_ACS */
 
-#ifdef CONFIG_FILS
-	if (os_strcmp(field, "fils") == 0 &&
-	    (wpa_s->drv_flags & WPA_DRIVER_FLAGS_SUPPORT_FILS)) {
-		res = os_snprintf(buf, buflen, "FILS");
-		if (os_snprintf_error(buflen, res))
-			return -1;
-		return res;
-	}
-#endif /* CONFIG_FILS */
-
 	wpa_printf(MSG_DEBUG, "CTRL_IFACE: Unknown GET_CAPABILITY field '%s'",
 		   field);
 
@@ -4289,14 +4236,6 @@
 			pos += ret;
 		}
 #endif /* CONFIG_HS20 */
-#ifdef CONFIG_FILS
-		if (wpa_bss_get_ie(bss, WLAN_EID_FILS_INDICATION)) {
-			ret = os_snprintf(pos, end - pos, "[FILS]");
-			if (os_snprintf_error(end - pos, ret))
-				return 0;
-			pos += ret;
-		}
-#endif /* CONFIG_FILS */
 
 		ret = os_snprintf(pos, end - pos, "\n");
 		if (os_snprintf_error(end - pos, ret))
@@ -6444,7 +6383,6 @@
 	u16 id[MAX_ANQP_INFO_ID];
 	size_t num_id = 0;
 	u32 subtypes = 0;
-	int get_cell_pref = 0;
 
 	used = hwaddr_aton2(dst, dst_addr);
 	if (used < 0)
@@ -6462,15 +6400,6 @@
 #else /* CONFIG_HS20 */
 			return -1;
 #endif /* CONFIG_HS20 */
-		} else if (os_strncmp(pos, "mbo:", 4) == 0) {
-#ifdef CONFIG_MBO
-			int num = atoi(pos + 4);
-			if (num != MBO_ANQP_SUBTYPE_CELL_CONN_PREF)
-				return -1;
-			get_cell_pref = 1;
-#else /* CONFIG_MBO */
-			return -1;
-#endif /* CONFIG_MBO */
 		} else {
 			id[num_id] = atoi(pos);
 			if (id[num_id])
@@ -6485,8 +6414,7 @@
 	if (num_id == 0)
 		return -1;
 
-	return anqp_send_req(wpa_s, dst_addr, id, num_id, subtypes,
-			     get_cell_pref);
+	return anqp_send_req(wpa_s, dst_addr, id, num_id, subtypes);
 }
 
 
@@ -6823,9 +6751,6 @@
 		autoscan_init(wpa_s, 1);
 	else if (state == WPA_SCANNING)
 		wpa_supplicant_reinit_autoscan(wpa_s);
-	else
-		wpa_printf(MSG_DEBUG, "No autoscan update in state %s",
-			   wpa_supplicant_state_txt(state));
 
 	return 0;
 }
diff --git a/wpa_supplicant/dbus/dbus_new_handlers_wps.c b/wpa_supplicant/dbus/dbus_new_handlers_wps.c
index f16e229..1d5dd1c 100644
--- a/wpa_supplicant/dbus/dbus_new_handlers_wps.c
+++ b/wpa_supplicant/dbus/dbus_new_handlers_wps.c
@@ -325,7 +325,7 @@
  * @wpa_s: %wpa_supplicant data structure
  * Returns: NULL on success or DBus error on failure
  *
- * Handler for "Cancel" method call. Returns NULL if WPS cancel successful
+ * Handler for "Cancel" method call. Returns NULL if WPS cancel successfull
  * or DBus error on WPS cancel failure
  */
 DBusMessage * wpas_dbus_handler_wps_cancel(DBusMessage *message,
diff --git a/wpa_supplicant/defconfig b/wpa_supplicant/defconfig
index aca9e81..1d05198 100644
--- a/wpa_supplicant/defconfig
+++ b/wpa_supplicant/defconfig
@@ -370,13 +370,9 @@
 # amount of memory/flash.
 #CONFIG_DYNAMIC_EAP_METHODS=y
 
-# IEEE Std 802.11r-2008 (Fast BSS Transition) for station mode
+# IEEE Std 802.11r-2008 (Fast BSS Transition)
 #CONFIG_IEEE80211R=y
 
-# IEEE Std 802.11r-2008 (Fast BSS Transition) for AP mode (implies
-# CONFIG_IEEE80211R).
-#CONFIG_IEEE80211R_AP=y
-
 # Add support for writing debug log to a file (/tmp/wpa_supplicant-log-#.txt)
 #CONFIG_DEBUG_FILE=y
 
@@ -552,13 +548,3 @@
 
 # Support Multi Band Operation
 #CONFIG_MBO=y
-
-# Fast Initial Link Setup (FILS) (IEEE 802.11ai)
-# Note: This is an experimental and not yet complete implementation. This
-# should not be enabled for production use.
-#CONFIG_FILS=y
-
-# Support RSN on IBSS networks
-# This is needed to be able to use mode=1 network profile with proto=RSN and
-# key_mgmt=WPA-PSK (i.e., full key management instead of WPA-None).
-#CONFIG_IBSS_RSN=y
diff --git a/wpa_supplicant/driver_i.h b/wpa_supplicant/driver_i.h
index c9bb20d..220b7ba 100644
--- a/wpa_supplicant/driver_i.h
+++ b/wpa_supplicant/driver_i.h
@@ -715,14 +715,6 @@
 	return wpa_s->driver->macsec_deinit(wpa_s->drv_priv);
 }
 
-static inline int wpa_drv_macsec_get_capability(struct wpa_supplicant *wpa_s,
-						enum macsec_cap *cap)
-{
-	if (!wpa_s->driver->macsec_get_capability)
-		return -1;
-	return wpa_s->driver->macsec_get_capability(wpa_s->drv_priv, cap);
-}
-
 static inline int wpa_drv_enable_protect_frames(struct wpa_supplicant *wpa_s,
 						Boolean enabled)
 {
@@ -757,127 +749,145 @@
 }
 
 static inline int wpa_drv_get_receive_lowest_pn(struct wpa_supplicant *wpa_s,
-						struct receive_sa *sa)
+						u32 channel, u8 an,
+						u32 *lowest_pn)
 {
 	if (!wpa_s->driver->get_receive_lowest_pn)
 		return -1;
-	return wpa_s->driver->get_receive_lowest_pn(wpa_s->drv_priv, sa);
+	return wpa_s->driver->get_receive_lowest_pn(wpa_s->drv_priv, channel,
+						    an, lowest_pn);
 }
 
 static inline int wpa_drv_get_transmit_next_pn(struct wpa_supplicant *wpa_s,
-						struct transmit_sa *sa)
+						u32 channel, u8 an,
+						u32 *next_pn)
 {
 	if (!wpa_s->driver->get_transmit_next_pn)
 		return -1;
-	return wpa_s->driver->get_transmit_next_pn(wpa_s->drv_priv, sa);
+	return wpa_s->driver->get_transmit_next_pn(wpa_s->drv_priv, channel,
+						    an, next_pn);
 }
 
 static inline int wpa_drv_set_transmit_next_pn(struct wpa_supplicant *wpa_s,
-						struct transmit_sa *sa)
+						u32 channel, u8 an,
+						u32 next_pn)
 {
 	if (!wpa_s->driver->set_transmit_next_pn)
 		return -1;
-	return wpa_s->driver->set_transmit_next_pn(wpa_s->drv_priv, sa);
+	return wpa_s->driver->set_transmit_next_pn(wpa_s->drv_priv, channel,
+						    an, next_pn);
+}
+
+static inline int wpa_drv_get_available_receive_sc(struct wpa_supplicant *wpa_s,
+						   u32 *channel)
+{
+	if (!wpa_s->driver->get_available_receive_sc)
+		return -1;
+	return wpa_s->driver->get_available_receive_sc(wpa_s->drv_priv,
+						       channel);
 }
 
 static inline int
-wpa_drv_create_receive_sc(struct wpa_supplicant *wpa_s, struct receive_sc *sc,
+wpa_drv_create_receive_sc(struct wpa_supplicant *wpa_s, u32 channel,
+			  const u8 *sci_addr, u16 sci_port,
 			  unsigned int conf_offset, int validation)
 {
 	if (!wpa_s->driver->create_receive_sc)
 		return -1;
-	return wpa_s->driver->create_receive_sc(wpa_s->drv_priv, sc,
-						conf_offset, validation);
+	return wpa_s->driver->create_receive_sc(wpa_s->drv_priv, channel,
+						sci_addr, sci_port, conf_offset,
+						validation);
 }
 
 static inline int wpa_drv_delete_receive_sc(struct wpa_supplicant *wpa_s,
-					    struct receive_sc *sc)
+					    u32 channel)
 {
 	if (!wpa_s->driver->delete_receive_sc)
 		return -1;
-	return wpa_s->driver->delete_receive_sc(wpa_s->drv_priv, sc);
+	return wpa_s->driver->delete_receive_sc(wpa_s->drv_priv, channel);
 }
 
 static inline int wpa_drv_create_receive_sa(struct wpa_supplicant *wpa_s,
-					    struct receive_sa *sa)
+					    u32 channel, u8 an,
+					    u32 lowest_pn, const u8 *sak)
 {
 	if (!wpa_s->driver->create_receive_sa)
 		return -1;
-	return wpa_s->driver->create_receive_sa(wpa_s->drv_priv, sa);
-}
-
-static inline int wpa_drv_delete_receive_sa(struct wpa_supplicant *wpa_s,
-					    struct receive_sa *sa)
-{
-	if (!wpa_s->driver->delete_receive_sa)
-		return -1;
-	return wpa_s->driver->delete_receive_sa(wpa_s->drv_priv, sa);
+	return wpa_s->driver->create_receive_sa(wpa_s->drv_priv, channel, an,
+						lowest_pn, sak);
 }
 
 static inline int wpa_drv_enable_receive_sa(struct wpa_supplicant *wpa_s,
-					    struct receive_sa *sa)
+					    u32 channel, u8 an)
 {
 	if (!wpa_s->driver->enable_receive_sa)
 		return -1;
-	return wpa_s->driver->enable_receive_sa(wpa_s->drv_priv, sa);
+	return wpa_s->driver->enable_receive_sa(wpa_s->drv_priv, channel, an);
 }
 
 static inline int wpa_drv_disable_receive_sa(struct wpa_supplicant *wpa_s,
-					     struct receive_sa *sa)
+					     u32 channel, u8 an)
 {
 	if (!wpa_s->driver->disable_receive_sa)
 		return -1;
-	return wpa_s->driver->disable_receive_sa(wpa_s->drv_priv, sa);
+	return wpa_s->driver->disable_receive_sa(wpa_s->drv_priv, channel, an);
 }
 
 static inline int
-wpa_drv_create_transmit_sc(struct wpa_supplicant *wpa_s, struct transmit_sc *sc,
+wpa_drv_get_available_transmit_sc(struct wpa_supplicant *wpa_s, u32 *channel)
+{
+	if (!wpa_s->driver->get_available_transmit_sc)
+		return -1;
+	return wpa_s->driver->get_available_transmit_sc(wpa_s->drv_priv,
+							channel);
+}
+
+static inline int
+wpa_drv_create_transmit_sc(struct wpa_supplicant *wpa_s, u32 channel,
+			   const u8 *sci_addr, u16 sci_port,
 			   unsigned int conf_offset)
 {
 	if (!wpa_s->driver->create_transmit_sc)
 		return -1;
-	return wpa_s->driver->create_transmit_sc(wpa_s->drv_priv, sc,
+	return wpa_s->driver->create_transmit_sc(wpa_s->drv_priv, channel,
+						 sci_addr, sci_port,
 						 conf_offset);
 }
 
 static inline int wpa_drv_delete_transmit_sc(struct wpa_supplicant *wpa_s,
-					     struct transmit_sc *sc)
+					     u32 channel)
 {
 	if (!wpa_s->driver->delete_transmit_sc)
 		return -1;
-	return wpa_s->driver->delete_transmit_sc(wpa_s->drv_priv, sc);
+	return wpa_s->driver->delete_transmit_sc(wpa_s->drv_priv, channel);
 }
 
 static inline int wpa_drv_create_transmit_sa(struct wpa_supplicant *wpa_s,
-					     struct transmit_sa *sa)
+					     u32 channel, u8 an,
+					     u32 next_pn,
+					     Boolean confidentiality,
+					     const u8 *sak)
 {
 	if (!wpa_s->driver->create_transmit_sa)
 		return -1;
-	return wpa_s->driver->create_transmit_sa(wpa_s->drv_priv, sa);
-}
-
-static inline int wpa_drv_delete_transmit_sa(struct wpa_supplicant *wpa_s,
-					     struct transmit_sa *sa)
-{
-	if (!wpa_s->driver->delete_transmit_sa)
-		return -1;
-	return wpa_s->driver->delete_transmit_sa(wpa_s->drv_priv, sa);
+	return wpa_s->driver->create_transmit_sa(wpa_s->drv_priv, channel, an,
+						 next_pn, confidentiality, sak);
 }
 
 static inline int wpa_drv_enable_transmit_sa(struct wpa_supplicant *wpa_s,
-					     struct transmit_sa *sa)
+					     u32 channel, u8 an)
 {
 	if (!wpa_s->driver->enable_transmit_sa)
 		return -1;
-	return wpa_s->driver->enable_transmit_sa(wpa_s->drv_priv, sa);
+	return wpa_s->driver->enable_transmit_sa(wpa_s->drv_priv, channel, an);
 }
 
 static inline int wpa_drv_disable_transmit_sa(struct wpa_supplicant *wpa_s,
-					      struct transmit_sa *sa)
+					      u32 channel, u8 an)
 {
 	if (!wpa_s->driver->disable_transmit_sa)
 		return -1;
-	return wpa_s->driver->disable_transmit_sa(wpa_s->drv_priv, sa);
+	return wpa_s->driver->disable_transmit_sa(wpa_s->drv_priv, channel, an);
 }
 #endif /* CONFIG_MACSEC */
 
@@ -966,13 +976,4 @@
 	return wpa_s->driver->set_default_scan_ies(wpa_s->drv_priv, ies, len);
 }
 
-static inline int wpa_drv_set_tdls_mode(struct wpa_supplicant *wpa_s,
-					int tdls_external_control)
-{
-	if (!wpa_s->driver->set_tdls_mode)
-		return -1;
-	return wpa_s->driver->set_tdls_mode(wpa_s->drv_priv,
-					    tdls_external_control);
-}
-
 #endif /* DRIVER_I_H */
diff --git a/wpa_supplicant/events.c b/wpa_supplicant/events.c
index 17f057a..6f8fc81 100644
--- a/wpa_supplicant/events.c
+++ b/wpa_supplicant/events.c
@@ -1047,16 +1047,6 @@
 			continue;
 		}
 
-#ifndef CONFIG_IBSS_RSN
-		if (ssid->mode == WPAS_MODE_IBSS &&
-		    !(ssid->key_mgmt & (WPA_KEY_MGMT_NONE |
-					WPA_KEY_MGMT_WPA_NONE))) {
-			wpa_dbg(wpa_s, MSG_DEBUG,
-				"   skip - IBSS RSN not supported in the build");
-			continue;
-		}
-#endif /* !CONFIG_IBSS_RSN */
-
 #ifdef CONFIG_P2P
 		if (ssid->p2p_group &&
 		    !wpa_bss_get_vendor_ie(bss, P2P_IE_VENDOR_TYPE) &&
@@ -1342,17 +1332,6 @@
 		{
 			if (wpas_network_disabled(wpa_s, ssid))
 				continue;
-#ifndef CONFIG_IBSS_RSN
-			if (ssid->mode == WPAS_MODE_IBSS &&
-			    !(ssid->key_mgmt & (WPA_KEY_MGMT_NONE |
-						WPA_KEY_MGMT_WPA_NONE))) {
-				wpa_msg(wpa_s, MSG_INFO,
-					"IBSS RSN not supported in the build - cannot use the profile for SSID '%s'",
-					wpa_ssid_txt(ssid->ssid,
-						     ssid->ssid_len));
-				continue;
-			}
-#endif /* !CONFIG_IBSS_RSN */
 			if (ssid->mode == IEEE80211_MODE_IBSS ||
 			    ssid->mode == IEEE80211_MODE_AP ||
 			    ssid->mode == IEEE80211_MODE_MESH)
@@ -1495,18 +1474,11 @@
 }
 
 
-/*
- * Return a negative value if no scan results could be fetched or if scan
- * results should not be shared with other virtual interfaces.
- * Return 0 if scan results were fetched and may be shared with other
- * interfaces.
- * Return 1 if scan results may be shared with other virtual interfaces but may
- * not trigger any operations.
- * Return 2 if the interface was removed and cannot be used.
- */
+/* Return != 0 if no scan results could be fetched or if scan results should not
+ * be shared with other virtual interfaces. */
 static int _wpa_supplicant_event_scan_results(struct wpa_supplicant *wpa_s,
 					      union wpa_event_data *data,
-					      int own_request, int update_only)
+					      int own_request)
 {
 	struct wpa_scan_results *scan_res = NULL;
 	int ret = 0;
@@ -1556,11 +1528,6 @@
 	}
 #endif /* CONFIG_NO_RANDOM_POOL */
 
-	if (update_only) {
-		ret = 1;
-		goto scan_work_done;
-	}
-
 	if (own_request && wpa_s->scan_res_handler &&
 	    !(data && data->scan_info.external_scan)) {
 		void (*scan_res_handler)(struct wpa_supplicant *wpa_s,
@@ -1569,7 +1536,7 @@
 		scan_res_handler = wpa_s->scan_res_handler;
 		wpa_s->scan_res_handler = NULL;
 		scan_res_handler(wpa_s, scan_res);
-		ret = 1;
+		ret = -2;
 		goto scan_work_done;
 	}
 
@@ -1705,9 +1672,8 @@
 		if (new_scan)
 			wpa_supplicant_rsn_preauth_scan_results(wpa_s);
 		/*
-		 * Do not allow other virtual radios to trigger operations based
-		 * on these scan results since we do not want them to start
-		 * other associations at the same time.
+		 * Do not notify other virtual radios of scan results since we do not
+		 * want them to start other associations at the same time.
 		 */
 		return 1;
 	} else {
@@ -1791,7 +1757,7 @@
 	struct wpa_supplicant *ifs;
 	int res;
 
-	res = _wpa_supplicant_event_scan_results(wpa_s, data, 1, 0);
+	res = _wpa_supplicant_event_scan_results(wpa_s, data, 1);
 	if (res == 2) {
 		/*
 		 * Interface may have been removed, so must not dereference
@@ -1799,8 +1765,7 @@
 		 */
 		return 1;
 	}
-
-	if (res < 0) {
+	if (res != 0) {
 		/*
 		 * If no scan results could be fetched, then no need to
 		 * notify those interfaces that did not actually request
@@ -1820,10 +1785,7 @@
 		if (ifs != wpa_s) {
 			wpa_printf(MSG_DEBUG, "%s: Updating scan results from "
 				   "sibling", ifs->ifname);
-			res = _wpa_supplicant_event_scan_results(ifs, data, 0,
-								 res > 0);
-			if (res < 0)
-				return 0;
+			_wpa_supplicant_event_scan_results(ifs, data, 0);
 		}
 	}
 
@@ -2079,19 +2041,6 @@
 	if (!found && data->assoc_info.req_ies)
 		wpa_sm_set_assoc_wpa_ie(wpa_s->wpa, NULL, 0);
 
-#ifdef CONFIG_FILS
-#ifdef CONFIG_SME
-	if (wpa_s->sme.auth_alg == WPA_AUTH_ALG_FILS &&
-	    (!data->assoc_info.resp_frame ||
-	     fils_process_assoc_resp(wpa_s->wpa,
-				     data->assoc_info.resp_frame,
-				     data->assoc_info.resp_frame_len) < 0)) {
-		wpa_supplicant_deauthenticate(wpa_s, WLAN_REASON_UNSPECIFIED);
-		return -1;
-	}
-#endif /* CONFIG_SME */
-#endif /* CONFIG_FILS */
-
 #ifdef CONFIG_IEEE80211R
 #ifdef CONFIG_SME
 	if (wpa_s->sme.auth_alg == WPA_AUTH_ALG_FT) {
@@ -2313,13 +2262,6 @@
 	ft_completed = wpa_ft_is_completed(wpa_s->wpa);
 	if (data && wpa_supplicant_event_associnfo(wpa_s, data) < 0)
 		return;
-	/*
-	 * FILS authentication can share the same mechanism to mark the
-	 * connection fully authenticated, so set ft_completed also based on
-	 * FILS result.
-	 */
-	if (!ft_completed)
-		ft_completed = wpa_fils_is_completed(wpa_s->wpa);
 
 	if (wpa_drv_get_bssid(wpa_s, bssid) < 0) {
 		wpa_dbg(wpa_s, MSG_ERROR, "Failed to get BSSID");
@@ -2576,7 +2518,6 @@
 	struct wpa_bss *fast_reconnect = NULL;
 	struct wpa_ssid *fast_reconnect_ssid = NULL;
 	struct wpa_ssid *last_ssid;
-	struct wpa_bss *curr = NULL;
 
 	authenticating = wpa_s->wpa_state == WPA_AUTHENTICATING;
 	os_memcpy(prev_pending_bssid, wpa_s->pending_bssid, ETH_ALEN);
@@ -2592,19 +2533,6 @@
 		return;
 	}
 
-	if (!wpa_s->disconnected && wpa_s->wpa_state >= WPA_AUTHENTICATING &&
-	    reason_code == WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY &&
-	    locally_generated)
-		/*
-		 * Remove the inactive AP (which is probably out of range) from
-		 * the BSS list after marking disassociation. In particular
-		 * mac80211-based drivers use the
-		 * WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY reason code in
-		 * locally generated disconnection events for cases where the
-		 * AP does not reply anymore.
-		 */
-		curr = wpa_s->current_bss;
-
 	if (could_be_psk_mismatch(wpa_s, reason_code, locally_generated)) {
 		wpa_msg(wpa_s, MSG_INFO, "WPA: 4-Way Handshake failed - "
 			"pre-shared key may be incorrect");
@@ -2666,9 +2594,6 @@
 	last_ssid = wpa_s->current_ssid;
 	wpa_supplicant_mark_disassoc(wpa_s);
 
-	if (curr)
-		wpa_bss_remove(wpa_s, curr, "Connection to AP lost");
-
 	if (authenticating && (wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME)) {
 		sme_disassoc_while_authenticating(wpa_s, prev_pending_bssid);
 		wpa_s->current_ssid = last_ssid;
@@ -3294,16 +3219,14 @@
 		free_hw_features(ifs);
 		ifs->hw.modes = wpa_drv_get_hw_feature_data(
 			ifs, &ifs->hw.num_modes, &ifs->hw.flags);
+	}
 
-		/* Restart PNO/sched_scan with updated channel list */
-		if (ifs->pno) {
-			wpas_stop_pno(ifs);
-			wpas_start_pno(ifs);
-		} else if (ifs->sched_scanning && !ifs->pno_sched_pending) {
-			wpa_dbg(ifs, MSG_DEBUG,
-				"Channel list changed - restart sched_scan");
-			wpas_scan_restart_sched_scan(ifs);
-		}
+	/* Restart sched_scan with updated channel list */
+	if (wpa_s->sched_scanning) {
+		wpa_dbg(wpa_s, MSG_DEBUG,
+			"Channel list changed restart sched scan.");
+		wpa_supplicant_cancel_sched_scan(wpa_s);
+		wpa_supplicant_req_scan(wpa_s, 0, 0);
 	}
 
 	wpas_p2p_update_channel_list(wpa_s, WPAS_P2P_CHANNEL_UPDATE_DRIVER);
@@ -4124,20 +4047,6 @@
 			break;
 
 		/*
-		 * If the driver stopped scanning without being requested to,
-		 * request a new scan to continue scanning for networks.
-		 */
-		if (!wpa_s->sched_scan_stop_req &&
-		    wpa_s->wpa_state == WPA_SCANNING) {
-			wpa_dbg(wpa_s, MSG_DEBUG,
-				"Restart scanning after unexpected sched_scan stop event");
-			wpa_supplicant_req_scan(wpa_s, 1, 0);
-			break;
-		}
-
-		wpa_s->sched_scan_stop_req = 0;
-
-		/*
 		 * Start a new sched scan to continue searching for more SSIDs
 		 * either if timed out or PNO schedule scan is pending.
 		 */
diff --git a/wpa_supplicant/interworking.c b/wpa_supplicant/interworking.c
index 1fb40c7..697810e 100644
--- a/wpa_supplicant/interworking.c
+++ b/wpa_supplicant/interworking.c
@@ -2692,11 +2692,10 @@
 
 
 int anqp_send_req(struct wpa_supplicant *wpa_s, const u8 *dst,
-		  u16 info_ids[], size_t num_ids, u32 subtypes,
-		  int get_cell_pref)
+		  u16 info_ids[], size_t num_ids, u32 subtypes)
 {
 	struct wpabuf *buf;
-	struct wpabuf *extra_buf = NULL;
+	struct wpabuf *hs20_buf = NULL;
 	int ret = 0;
 	int freq;
 	struct wpa_bss *bss;
@@ -2719,31 +2718,15 @@
 
 #ifdef CONFIG_HS20
 	if (subtypes != 0) {
-		extra_buf = wpabuf_alloc(100);
-		if (extra_buf == NULL)
+		hs20_buf = wpabuf_alloc(100);
+		if (hs20_buf == NULL)
 			return -1;
-		hs20_put_anqp_req(subtypes, NULL, 0, extra_buf);
+		hs20_put_anqp_req(subtypes, NULL, 0, hs20_buf);
 	}
 #endif /* CONFIG_HS20 */
 
-#ifdef CONFIG_MBO
-	if (get_cell_pref) {
-		struct wpabuf *mbo;
-
-		mbo = mbo_build_anqp_buf(wpa_s, bss);
-		if (mbo) {
-			if (wpabuf_resize(&extra_buf, wpabuf_len(mbo))) {
-				wpabuf_free(extra_buf);
-				return -1;
-			}
-			wpabuf_put_buf(extra_buf, mbo);
-			wpabuf_free(mbo);
-		}
-	}
-#endif /* CONFIG_MBO */
-
-	buf = anqp_build_req(info_ids, num_ids, extra_buf);
-	wpabuf_free(extra_buf);
+	buf = anqp_build_req(info_ids, num_ids, hs20_buf);
+	wpabuf_free(hs20_buf);
 	if (buf == NULL)
 		return -1;
 
diff --git a/wpa_supplicant/interworking.h b/wpa_supplicant/interworking.h
index 3d22292..3743dc0 100644
--- a/wpa_supplicant/interworking.h
+++ b/wpa_supplicant/interworking.h
@@ -12,8 +12,7 @@
 enum gas_query_result;
 
 int anqp_send_req(struct wpa_supplicant *wpa_s, const u8 *dst,
-		  u16 info_ids[], size_t num_ids, u32 subtypes,
-		  int get_cell_pref);
+		  u16 info_ids[], size_t num_ids, u32 subtypes);
 void anqp_resp_cb(void *ctx, const u8 *dst, u8 dialog_token,
 		  enum gas_query_result result,
 		  const struct wpabuf *adv_proto,
diff --git a/wpa_supplicant/mbo.c b/wpa_supplicant/mbo.c
index 7e049be..13d764e 100644
--- a/wpa_supplicant/mbo.c
+++ b/wpa_supplicant/mbo.c
@@ -14,7 +14,6 @@
 
 #include "utils/common.h"
 #include "common/ieee802_11_defs.h"
-#include "common/gas.h"
 #include "config.h"
 #include "wpa_supplicant_i.h"
 #include "driver_i.h"
@@ -806,31 +805,3 @@
 	wpas_mbo_send_wnm_notification(wpa_s, cell_capa, 7);
 	wpa_supplicant_set_default_scan_ies(wpa_s);
 }
-
-
-struct wpabuf * mbo_build_anqp_buf(struct wpa_supplicant *wpa_s,
-				   struct wpa_bss *bss)
-{
-	struct wpabuf *anqp_buf;
-	u8 *len_pos;
-
-	if (!wpa_bss_get_vendor_ie(bss, MBO_IE_VENDOR_TYPE)) {
-		wpa_printf(MSG_INFO, "MBO: " MACSTR
-			   " does not support MBO - cannot request MBO ANQP elements from it",
-			   MAC2STR(bss->bssid));
-		return NULL;
-	}
-
-	anqp_buf = wpabuf_alloc(10);
-	if (!anqp_buf)
-		return NULL;
-
-	len_pos = gas_anqp_add_element(anqp_buf, ANQP_VENDOR_SPECIFIC);
-	wpabuf_put_be24(anqp_buf, OUI_WFA);
-	wpabuf_put_u8(anqp_buf, MBO_ANQP_OUI_TYPE);
-
-	wpabuf_put_u8(anqp_buf, MBO_ANQP_SUBTYPE_CELL_CONN_PREF);
-	gas_anqp_set_element_len(anqp_buf, len_pos);
-
-	return anqp_buf;
-}
diff --git a/wpa_supplicant/mesh_mpm.c b/wpa_supplicant/mesh_mpm.c
index 6c3fa14..d14c7e3 100644
--- a/wpa_supplicant/mesh_mpm.c
+++ b/wpa_supplicant/mesh_mpm.c
@@ -1135,7 +1135,7 @@
 	 */
 	if (!sta && action_field == PLINK_OPEN &&
 	    (!(mconf->security & MESH_CONF_SEC_AMPE) ||
-	     wpa_auth_pmksa_get(hapd->wpa_auth, mgmt->sa, NULL)))
+	     wpa_auth_pmksa_get(hapd->wpa_auth, mgmt->sa)))
 		sta = mesh_mpm_add_peer(wpa_s, mgmt->sa, &elems);
 
 	if (!sta) {
diff --git a/wpa_supplicant/mesh_rsn.c b/wpa_supplicant/mesh_rsn.c
index b1cf138..27ab8cb 100644
--- a/wpa_supplicant/mesh_rsn.c
+++ b/wpa_supplicant/mesh_rsn.c
@@ -333,7 +333,7 @@
 			return -1;
 	}
 
-	pmksa = wpa_auth_pmksa_get(hapd->wpa_auth, sta->addr, NULL);
+	pmksa = wpa_auth_pmksa_get(hapd->wpa_auth, sta->addr);
 	if (pmksa) {
 		if (!sta->wpa_sm)
 			sta->wpa_sm = wpa_auth_sta_init(hapd->wpa_auth,
@@ -579,7 +579,7 @@
 	/* encrypt after MIC */
 	mic_payload = wpabuf_put(buf, 2 + len + AES_BLOCK_SIZE);
 
-	if (aes_siv_encrypt(sta->aek, sizeof(sta->aek), ampe_ie, 2 + len, 3,
+	if (aes_siv_encrypt(sta->aek, ampe_ie, 2 + len, 3,
 			    aad, aad_len, mic_payload)) {
 		wpa_printf(MSG_ERROR, "protect frame: failed to encrypt");
 		ret = -ENOMEM;
@@ -611,7 +611,7 @@
 	if (!sta->sae) {
 		struct hostapd_data *hapd = wpa_s->ifmsh->bss[0];
 
-		if (!wpa_auth_pmksa_get(hapd->wpa_auth, sta->addr, NULL)) {
+		if (!wpa_auth_pmksa_get(hapd->wpa_auth, sta->addr)) {
 			wpa_printf(MSG_INFO,
 				   "Mesh RSN: SAE is not prepared yet");
 			return -1;
@@ -650,7 +650,7 @@
 
 	os_memcpy(crypt, elems->mic, crypt_len);
 
-	if (aes_siv_decrypt(sta->aek, sizeof(sta->aek), crypt, crypt_len, 3,
+	if (aes_siv_decrypt(sta->aek, crypt, crypt_len, 3,
 			    aad, aad_len, ampe_buf)) {
 		wpa_printf(MSG_ERROR, "Mesh RSN: frame verification failed!");
 		ret = -2;
diff --git a/wpa_supplicant/p2p_supplicant.c b/wpa_supplicant/p2p_supplicant.c
index 6465e2f..b1fdc28 100644
--- a/wpa_supplicant/p2p_supplicant.c
+++ b/wpa_supplicant/p2p_supplicant.c
@@ -807,7 +807,7 @@
 					      wpa_s->own_addr);
 		} else if (!s && !go_wpa_s) {
 			if (wpas_p2p_add_group_interface(wpa_s,
-							 WPA_IF_P2P_GROUP) < 0) {
+							 WPA_IF_P2P_GO) < 0) {
 				wpa_printf(MSG_ERROR,
 					   "P2P: Failed to allocate a new interface for the group");
 				return P2PS_SETUP_NONE;
@@ -5236,10 +5236,8 @@
 		if (!res && max_pref_freq > 0) {
 			*num_pref_freq = max_pref_freq;
 			i = 0;
-			while ((!p2p_supported_freq(wpa_s->global->p2p,
-						    pref_freq_list[i]) ||
-				wpas_p2p_disallowed_freq(wpa_s->global,
-							pref_freq_list[i])) &&
+			while (wpas_p2p_disallowed_freq(wpa_s->global,
+							pref_freq_list[i]) &&
 			       i < *num_pref_freq) {
 				wpa_printf(MSG_DEBUG,
 					   "P2P: preferred_freq_list[%d]=%d is disallowed",
diff --git a/wpa_supplicant/scan.c b/wpa_supplicant/scan.c
index 172772d..60e7b68 100644
--- a/wpa_supplicant/scan.c
+++ b/wpa_supplicant/scan.c
@@ -1256,8 +1256,6 @@
 	if (max_sched_scan_ssids < 1 || wpa_s->conf->disable_scan_offload)
 		return -1;
 
-	wpa_s->sched_scan_stop_req = 0;
-
 	if (wpa_s->sched_scanning) {
 		wpa_dbg(wpa_s, MSG_DEBUG, "Already sched scanning");
 		return 0;
@@ -1556,9 +1554,6 @@
 	if (!wpa_s->sched_scanning)
 		return;
 
-	if (wpa_s->sched_scanning)
-		wpa_s->sched_scan_stop_req = 1;
-
 	wpa_dbg(wpa_s, MSG_DEBUG, "Cancelling sched scan");
 	eloop_cancel_timeout(wpa_supplicant_sched_scan_timeout, wpa_s, NULL);
 	wpa_supplicant_stop_sched_scan(wpa_s);
@@ -1618,13 +1613,7 @@
  */
 const u8 * wpa_scan_get_ie(const struct wpa_scan_res *res, u8 ie)
 {
-	size_t ie_len = res->ie_len;
-
-	/* Use the Beacon frame IEs if res->ie_len is not available */
-	if (!ie_len)
-		ie_len = res->beacon_ie_len;
-
-	return get_ie((const u8 *) (res + 1), ie_len, ie);
+	return get_ie((const u8 *) (res + 1), res->ie_len, ie);
 }
 
 
@@ -2183,10 +2172,8 @@
 	}
 #endif /* CONFIG_WPS */
 
-	if (scan_res->res) {
-		qsort(scan_res->res, scan_res->num,
-		      sizeof(struct wpa_scan_res *), compar);
-	}
+	qsort(scan_res->res, scan_res->num, sizeof(struct wpa_scan_res *),
+	      compar);
 	dump_scan_res(scan_res);
 
 	wpa_bss_update_start(wpa_s);
@@ -2428,13 +2415,6 @@
 		}
 	}
 
-	if (wpa_s->sched_scan_stop_req) {
-		wpa_printf(MSG_DEBUG,
-			   "Schedule PNO after previous sched scan has stopped");
-		wpa_s->pno_sched_pending = 1;
-		return 0;
-	}
-
 	os_memset(&params, 0, sizeof(params));
 
 	num_ssid = num_match_ssid = 0;
@@ -2550,7 +2530,6 @@
 		return 0;
 
 	ret = wpa_supplicant_stop_sched_scan(wpa_s);
-	wpa_s->sched_scan_stop_req = 1;
 
 	wpa_s->pno = 0;
 	wpa_s->pno_sched_pending = 0;
diff --git a/wpa_supplicant/sme.c b/wpa_supplicant/sme.c
index ab71f6d..61fd3b2 100644
--- a/wpa_supplicant/sme.c
+++ b/wpa_supplicant/sme.c
@@ -543,37 +543,12 @@
 			wpas_connection_failed(wpa_s, bss->bssid);
 			return;
 		}
-		params.auth_data = wpabuf_head(resp);
-		params.auth_data_len = wpabuf_len(resp);
+		params.sae_data = wpabuf_head(resp);
+		params.sae_data_len = wpabuf_len(resp);
 		wpa_s->sme.sae.state = start ? SAE_COMMITTED : SAE_CONFIRMED;
 	}
 #endif /* CONFIG_SAE */
 
-	old_ssid = wpa_s->current_ssid;
-	wpa_s->current_ssid = ssid;
-	wpa_supplicant_rsn_supp_set_config(wpa_s, wpa_s->current_ssid);
-	wpa_supplicant_initiate_eapol(wpa_s);
-
-#ifdef CONFIG_FILS
-	/* TODO: FILS operations can in some cases be done between different
-	 * network_ctx (i.e., same credentials can be used with multiple
-	 * networks). */
-	if (params.auth_alg == WPA_AUTH_ALG_OPEN &&
-	    wpa_key_mgmt_fils(ssid->key_mgmt)) {
-		if (pmksa_cache_set_current(wpa_s->wpa, NULL, bss->bssid,
-					    ssid, 0) == 0)
-			wpa_printf(MSG_DEBUG,
-				   "SME: Try to use FILS with PMKSA caching");
-		resp = fils_build_auth(wpa_s->wpa);
-		if (resp) {
-			params.auth_alg = WPA_AUTH_ALG_FILS;
-			params.auth_data = wpabuf_head(resp);
-			params.auth_data_len = wpabuf_len(resp);
-			wpa_s->sme.auth_alg = WPA_AUTH_ALG_FILS;
-		}
-	}
-#endif /* CONFIG_FILS */
-
 	wpa_supplicant_cancel_sched_scan(wpa_s);
 	wpa_supplicant_cancel_scan(wpa_s);
 
@@ -583,6 +558,10 @@
 
 	wpa_clear_keys(wpa_s, bss->bssid);
 	wpa_supplicant_set_state(wpa_s, WPA_AUTHENTICATING);
+	old_ssid = wpa_s->current_ssid;
+	wpa_s->current_ssid = ssid;
+	wpa_supplicant_rsn_supp_set_config(wpa_s, wpa_s->current_ssid);
+	wpa_supplicant_initiate_eapol(wpa_s);
 	if (old_ssid != wpa_s->current_ssid)
 		wpas_notify_network_changed(wpa_s);
 
@@ -671,10 +650,6 @@
 		return;
 	}
 
-	/* Starting new connection, so clear the possibly used WPA IE from the
-	 * previous association. */
-	wpa_sm_set_assoc_wpa_ie(wpa_s->wpa, NULL, 0);
-
 	sme_send_authentication(wpa_s, cwork->bss, cwork->ssid, 1);
 }
 
@@ -958,24 +933,6 @@
 	}
 #endif /* CONFIG_IEEE80211R */
 
-#ifdef CONFIG_FILS
-	if (data->auth.auth_type == WLAN_AUTH_FILS_SK) {
-		if (fils_process_auth(wpa_s->wpa, data->auth.ies,
-				      data->auth.ies_len) < 0) {
-			wpa_dbg(wpa_s, MSG_DEBUG,
-				"SME: FILS Authentication response processing failed");
-			wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_DISCONNECTED "bssid="
-				MACSTR
-				" reason=%d locally_generated=1",
-				MAC2STR(wpa_s->pending_bssid),
-				WLAN_REASON_DEAUTH_LEAVING);
-			wpas_connection_failed(wpa_s, wpa_s->pending_bssid);
-			wpa_supplicant_mark_disassoc(wpa_s);
-			return;
-		}
-	}
-#endif /* CONFIG_FILS */
-
 	sme_associate(wpa_s, ssid->mode, data->auth.peer,
 		      data->auth.auth_type);
 }
@@ -986,9 +943,6 @@
 {
 	struct wpa_driver_associate_params params;
 	struct ieee802_11_elems elems;
-#ifdef CONFIG_FILS
-	u8 nonces[2 * FILS_NONCE_LEN];
-#endif /* CONFIG_FILS */
 #ifdef CONFIG_HT_OVERRIDES
 	struct ieee80211_ht_capabilities htcaps;
 	struct ieee80211_ht_capabilities htcaps_mask;
@@ -999,37 +953,6 @@
 #endif /* CONFIG_VHT_OVERRIDES */
 
 	os_memset(&params, 0, sizeof(params));
-
-#ifdef CONFIG_FILS
-	if (auth_type == WLAN_AUTH_FILS_SK) {
-		struct wpabuf *buf;
-		const u8 *snonce, *anonce;
-
-		buf = fils_build_assoc_req(wpa_s->wpa, &params.fils_kek,
-					   &params.fils_kek_len, &snonce,
-					   &anonce);
-		if (!buf)
-			return;
-		/* TODO: Make wpa_s->sme.assoc_req_ie use dynamic allocation */
-		if (wpa_s->sme.assoc_req_ie_len + wpabuf_len(buf) >
-		    sizeof(wpa_s->sme.assoc_req_ie)) {
-			wpa_printf(MSG_ERROR,
-				   "FILS: Not enough buffer room for own AssocReq elements");
-			wpabuf_free(buf);
-			return;
-		}
-		os_memcpy(wpa_s->sme.assoc_req_ie + wpa_s->sme.assoc_req_ie_len,
-			  wpabuf_head(buf), wpabuf_len(buf));
-		wpa_s->sme.assoc_req_ie_len += wpabuf_len(buf);
-		wpabuf_free(buf);
-
-		os_memcpy(nonces, snonce, FILS_NONCE_LEN);
-		os_memcpy(nonces + FILS_NONCE_LEN, anonce, FILS_NONCE_LEN);
-		params.fils_nonces = nonces;
-		params.fils_nonces_len = sizeof(nonces);
-	}
-#endif /* CONFIG_FILS */
-
 	params.bssid = bssid;
 	params.ssid = wpa_s->sme.ssid;
 	params.ssid_len = wpa_s->sme.ssid_len;
diff --git a/wpa_supplicant/wmm_ac.h b/wpa_supplicant/wmm_ac.h
index 0d15ad0..5171b16 100644
--- a/wpa_supplicant/wmm_ac.h
+++ b/wpa_supplicant/wmm_ac.h
@@ -88,7 +88,7 @@
  */
 struct wmm_ac_addts_request {
 	/*
-	 * dialog token - Used to link the received ADDTS response with this
+	 * dialog token - Used to link the recived ADDTS response with this
 	 * saved ADDTS request when ADDTS response is being handled
 	 */
 	u8 dialog_token;
diff --git a/wpa_supplicant/wpa_cli.c b/wpa_supplicant/wpa_cli.c
index 4877989..a848b77 100644
--- a/wpa_supplicant/wpa_cli.c
+++ b/wpa_supplicant/wpa_cli.c
@@ -60,9 +60,6 @@
 static DEFINE_DL_LIST(p2p_groups); /* struct cli_txt_entry */
 static DEFINE_DL_LIST(ifnames); /* struct cli_txt_entry */
 static DEFINE_DL_LIST(networks); /* struct cli_txt_entry */
-#ifdef CONFIG_AP
-static DEFINE_DL_LIST(stations); /* struct cli_txt_entry */
-#endif /* CONFIG_AP */
 
 
 static void print_help(const char *cmd);
@@ -71,7 +68,6 @@
 static char * wpa_cli_get_default_ifname(void);
 static char ** wpa_list_cmd_list(void);
 static void update_networks(struct wpa_ctrl *ctrl);
-static void update_stations(struct wpa_ctrl *ctrl);
 
 
 static void usage(void)
@@ -218,7 +214,7 @@
 }
 
 
-static int _wpa_ctrl_command(struct wpa_ctrl *ctrl, const char *cmd, int print)
+static int _wpa_ctrl_command(struct wpa_ctrl *ctrl, char *cmd, int print)
 {
 	char buf[4096];
 	size_t len;
@@ -254,7 +250,7 @@
 }
 
 
-static int wpa_ctrl_command(struct wpa_ctrl *ctrl, const char *cmd)
+static int wpa_ctrl_command(struct wpa_ctrl *ctrl, char *cmd)
 {
 	return _wpa_ctrl_command(ctrl, cmd, 1);
 }
@@ -1740,23 +1736,8 @@
 }
 
 
-static char ** wpa_cli_complete_sta(const char *str, int pos)
-{
-	int arg = get_cmd_arg_num(str, pos);
-	char **res = NULL;
-
-	switch (arg) {
-	case 1:
-		res = cli_txt_list_array(&stations);
-		break;
-	}
-
-	return res;
-}
-
-
-static int wpa_ctrl_command_sta(struct wpa_ctrl *ctrl, const char *cmd,
-				char *addr, size_t addr_len, int print)
+static int wpa_ctrl_command_sta(struct wpa_ctrl *ctrl, char *cmd,
+				char *addr, size_t addr_len)
 {
 	char buf[4096], *pos;
 	size_t len;
@@ -1786,8 +1767,7 @@
 	buf[len] = '\0';
 	if (os_memcmp(buf, "FAIL", 4) == 0)
 		return -1;
-	if (print)
-		printf("%s", buf);
+	printf("%s", buf);
 
 	pos = buf;
 	while (*pos != '\0' && *pos != '\n')
@@ -1802,33 +1782,16 @@
 {
 	char addr[32], cmd[64];
 
-	if (wpa_ctrl_command_sta(ctrl, "STA-FIRST", addr, sizeof(addr), 1))
+	if (wpa_ctrl_command_sta(ctrl, "STA-FIRST", addr, sizeof(addr)))
 		return 0;
 	do {
 		os_snprintf(cmd, sizeof(cmd), "STA-NEXT %s", addr);
-	} while (wpa_ctrl_command_sta(ctrl, cmd, addr, sizeof(addr), 1) == 0);
+	} while (wpa_ctrl_command_sta(ctrl, cmd, addr, sizeof(addr)) == 0);
 
 	return -1;
 }
 
 
-static int wpa_cli_cmd_list_sta(struct wpa_ctrl *ctrl, int argc,
-				char *argv[])
-{
-	char addr[32], cmd[64];
-
-	if (wpa_ctrl_command_sta(ctrl, "STA-FIRST", addr, sizeof(addr), 0))
-		return 0;
-	do {
-		if (os_strcmp(addr, "") != 0)
-			printf("%s\n", addr);
-		os_snprintf(cmd, sizeof(cmd), "STA-NEXT %s", addr);
-	} while (wpa_ctrl_command_sta(ctrl, cmd, addr, sizeof(addr), 0) == 0);
-
-	return 0;
-}
-
-
 static int wpa_cli_cmd_deauthenticate(struct wpa_ctrl *ctrl, int argc,
 				      char *argv[])
 {
@@ -1836,43 +1799,12 @@
 }
 
 
-static char ** wpa_cli_complete_deauthenticate(const char *str, int pos)
-{
-	int arg = get_cmd_arg_num(str, pos);
-	char **res = NULL;
-
-	switch (arg) {
-	case 1:
-		res = cli_txt_list_array(&stations);
-		break;
-	}
-
-	return res;
-}
-
-
 static int wpa_cli_cmd_disassociate(struct wpa_ctrl *ctrl, int argc,
 				    char *argv[])
 {
 	return wpa_cli_cmd(ctrl, "DISASSOCIATE", 1, argc, argv);
 }
 
-
-static char ** wpa_cli_complete_disassociate(const char *str, int pos)
-{
-	int arg = get_cmd_arg_num(str, pos);
-	char **res = NULL;
-
-	switch (arg) {
-	case 1:
-		res = cli_txt_list_array(&stations);
-		break;
-	}
-
-	return res;
-}
-
-
 static int wpa_cli_cmd_chanswitch(struct wpa_ctrl *ctrl, int argc,
 				    char *argv[])
 {
@@ -2244,7 +2176,7 @@
 }
 
 
-static int wpa_ctrl_command_p2p_peer(struct wpa_ctrl *ctrl, const char *cmd,
+static int wpa_ctrl_command_p2p_peer(struct wpa_ctrl *ctrl, char *cmd,
 				     char *addr, size_t addr_len,
 				     int discovered)
 {
@@ -2875,30 +2807,30 @@
 	{ "preauthenticate", wpa_cli_cmd_preauthenticate, wpa_cli_complete_bss,
 	  cli_cmd_flag_none,
 	  "<BSSID> = force preauthentication" },
-	{ "identity", wpa_cli_cmd_identity, wpa_cli_complete_network_id,
+	{ "identity", wpa_cli_cmd_identity, NULL,
 	  cli_cmd_flag_none,
 	  "<network id> <identity> = configure identity for an SSID" },
-	{ "password", wpa_cli_cmd_password, wpa_cli_complete_network_id,
+	{ "password", wpa_cli_cmd_password, NULL,
 	  cli_cmd_flag_sensitive,
 	  "<network id> <password> = configure password for an SSID" },
-	{ "new_password", wpa_cli_cmd_new_password,
-	  wpa_cli_complete_network_id, cli_cmd_flag_sensitive,
+	{ "new_password", wpa_cli_cmd_new_password, NULL,
+	  cli_cmd_flag_sensitive,
 	  "<network id> <password> = change password for an SSID" },
-	{ "pin", wpa_cli_cmd_pin, wpa_cli_complete_network_id,
+	{ "pin", wpa_cli_cmd_pin, NULL,
 	  cli_cmd_flag_sensitive,
 	  "<network id> <pin> = configure pin for an SSID" },
-	{ "otp", wpa_cli_cmd_otp, wpa_cli_complete_network_id,
+	{ "otp", wpa_cli_cmd_otp, NULL,
 	  cli_cmd_flag_sensitive,
 	  "<network id> <password> = configure one-time-password for an SSID"
 	},
-	{ "passphrase", wpa_cli_cmd_passphrase, wpa_cli_complete_network_id,
+	{ "passphrase", wpa_cli_cmd_passphrase, NULL,
 	  cli_cmd_flag_sensitive,
 	  "<network id> <passphrase> = configure private key passphrase\n"
 	  "  for an SSID" },
-	{ "sim", wpa_cli_cmd_sim, wpa_cli_complete_network_id,
+	{ "sim", wpa_cli_cmd_sim, NULL,
 	  cli_cmd_flag_sensitive,
 	  "<network id> <pin> = report SIM operation result" },
-	{ "bssid", wpa_cli_cmd_bssid, wpa_cli_complete_network_id,
+	{ "bssid", wpa_cli_cmd_bssid, NULL,
 	  cli_cmd_flag_none,
 	  "<network id> <BSSID> = set preferred BSSID for an SSID" },
 	{ "blacklist", wpa_cli_cmd_blacklist, wpa_cli_complete_bss,
@@ -3097,20 +3029,17 @@
 	  cli_cmd_flag_none,
 	  "<addr> = request RSN authentication with <addr> in IBSS" },
 #ifdef CONFIG_AP
-	{ "sta", wpa_cli_cmd_sta, wpa_cli_complete_sta,
+	{ "sta", wpa_cli_cmd_sta, NULL,
 	  cli_cmd_flag_none,
 	  "<addr> = get information about an associated station (AP)" },
 	{ "all_sta", wpa_cli_cmd_all_sta, NULL,
 	  cli_cmd_flag_none,
 	  "= get information about all associated stations (AP)" },
-	{ "list_sta", wpa_cli_cmd_list_sta, NULL,
+	{ "deauthenticate", wpa_cli_cmd_deauthenticate, NULL,
 	  cli_cmd_flag_none,
-	  "= list all stations (AP)" },
-	{ "deauthenticate", wpa_cli_cmd_deauthenticate,
-	  wpa_cli_complete_deauthenticate, cli_cmd_flag_none,
 	  "<addr> = deauthenticate a station" },
-	{ "disassociate", wpa_cli_cmd_disassociate,
-	  wpa_cli_complete_disassociate, cli_cmd_flag_none,
+	{ "disassociate", wpa_cli_cmd_disassociate, NULL,
+	  cli_cmd_flag_none,
 	  "<addr> = disassociate a station" },
 	{ "chan_switch", wpa_cli_cmd_chanswitch, NULL,
 	  cli_cmd_flag_none,
@@ -3746,7 +3675,6 @@
 		edit_clear_line();
 		printf("\rConnection to wpa_supplicant re-established\n");
 		edit_redraw();
-		update_stations(ctrl_conn);
 	}
 }
 
@@ -3969,7 +3897,7 @@
 	char buf[4096];
 	size_t len = sizeof(buf);
 	int ret;
-	const char *cmd = "BSS RANGE=ALL MASK=0x2";
+	char *cmd = "BSS RANGE=ALL MASK=0x2";
 	char *pos, *end;
 
 	if (ctrl == NULL)
@@ -4000,7 +3928,7 @@
 	char buf[4096];
 	size_t len = sizeof(buf);
 	int ret;
-	const char *cmd = "INTERFACES";
+	char *cmd = "INTERFACES";
 	char *pos, *end;
 	char txt[200];
 
@@ -4032,7 +3960,7 @@
 	char buf[4096];
 	size_t len = sizeof(buf);
 	int ret;
-	const char *cmd = "LIST_NETWORKS";
+	char *cmd = "LIST_NETWORKS";
 	char *pos, *end;
 	int header = 1;
 
@@ -4059,27 +3987,6 @@
 }
 
 
-static void update_stations(struct wpa_ctrl *ctrl)
-{
-#ifdef CONFIG_AP
-	char addr[32], cmd[64];
-
-	if (!ctrl || !interactive)
-		return;
-
-	cli_txt_list_flush(&stations);
-
-	if (wpa_ctrl_command_sta(ctrl, "STA-FIRST", addr, sizeof(addr), 0))
-		return;
-	do {
-		if (os_strcmp(addr, "") != 0)
-			cli_txt_list_add(&stations, addr);
-		os_snprintf(cmd, sizeof(cmd), "STA-NEXT %s", addr);
-	} while (wpa_ctrl_command_sta(ctrl, cmd, addr, sizeof(addr), 0) == 0);
-#endif /* CONFIG_AP */
-}
-
-
 static void try_connection(void *eloop_ctx, void *timeout_ctx)
 {
 	if (ctrl_conn)
@@ -4101,7 +4008,6 @@
 
 	update_bssid_list(ctrl_conn);
 	update_networks(ctrl_conn);
-	update_stations(ctrl_conn);
 
 	if (warning_displayed)
 		printf("Connection established.\n");
@@ -4348,7 +4254,6 @@
 					       "control interface\n");
 				}
 			}
-			update_stations(ctrl_conn);
 		}
 	}
 
diff --git a/wpa_supplicant/wpa_priv.c b/wpa_supplicant/wpa_priv.c
index b36d195..511df4f 100644
--- a/wpa_supplicant/wpa_priv.c
+++ b/wpa_supplicant/wpa_priv.c
@@ -218,7 +218,7 @@
 	}
 
 	auth = buf;
-	if (sizeof(*auth) + auth->ie_len + auth->auth_data_len > len) {
+	if (sizeof(*auth) + auth->ie_len + auth->sae_data_len > len) {
 		wpa_printf(MSG_DEBUG, "Authentication request overflow");
 		return;
 	}
@@ -244,9 +244,9 @@
 		params.ie = (u8 *) (auth + 1);
 		params.ie_len = auth->ie_len;
 	}
-	if (auth->auth_data_len) {
-		params.auth_data = ((u8 *) (auth + 1)) + auth->ie_len;
-		params.auth_data_len = auth->auth_data_len;
+	if (auth->sae_data_len) {
+		params.sae_data = ((u8 *) (auth + 1)) + auth->ie_len;
+		params.sae_data_len = auth->sae_data_len;
 	}
 
 	res = iface->driver->authenticate(iface->drv_priv, &params);
diff --git a/wpa_supplicant/wpa_supplicant.c b/wpa_supplicant/wpa_supplicant.c
index 25ec502..282ef66 100644
--- a/wpa_supplicant/wpa_supplicant.c
+++ b/wpa_supplicant/wpa_supplicant.c
@@ -1233,22 +1233,6 @@
 		wpa_dbg(wpa_s, MSG_DEBUG,
 			"WPA: using KEY_MGMT 802.1X with Suite B");
 #endif /* CONFIG_SUITEB */
-#ifdef CONFIG_FILS
-#ifdef CONFIG_IEEE80211R
-	} else if (sel & WPA_KEY_MGMT_FT_FILS_SHA384) {
-		wpa_s->key_mgmt = WPA_KEY_MGMT_FT_FILS_SHA384;
-		wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT FT-FILS-SHA384");
-	} else if (sel & WPA_KEY_MGMT_FT_FILS_SHA256) {
-		wpa_s->key_mgmt = WPA_KEY_MGMT_FT_FILS_SHA256;
-		wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT FT-FILS-SHA256");
-#endif /* CONFIG_IEEE80211R */
-	} else if (sel & WPA_KEY_MGMT_FILS_SHA384) {
-		wpa_s->key_mgmt = WPA_KEY_MGMT_FILS_SHA384;
-		wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT FILS-SHA384");
-	} else if (sel & WPA_KEY_MGMT_FILS_SHA256) {
-		wpa_s->key_mgmt = WPA_KEY_MGMT_FILS_SHA256;
-		wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT FILS-SHA256");
-#endif /* CONFIG_FILS */
 #ifdef CONFIG_IEEE80211R
 	} else if (sel & WPA_KEY_MGMT_FT_IEEE8021X) {
 		wpa_s->key_mgmt = WPA_KEY_MGMT_FT_IEEE8021X;
@@ -1482,11 +1466,6 @@
 		if (wpa_s->conf->ftm_initiator)
 			*pos |= 0x80; /* Bit 71 - FTM initiator */
 		break;
-	case 9: /* Bits 72-79 */
-#ifdef CONFIG_FILS
-		*pos |= 0x01;
-#endif /* CONFIG_FILS */
-		break;
 	}
 }
 
@@ -1494,8 +1473,11 @@
 int wpas_build_ext_capab(struct wpa_supplicant *wpa_s, u8 *buf, size_t buflen)
 {
 	u8 *pos = buf;
-	u8 len = 10, i;
+	u8 len = 6, i;
 
+	if (len < 9 &&
+	    (wpa_s->conf->ftm_initiator || wpa_s->conf->ftm_responder))
+		len = 9;
 	if (len < wpa_s->extended_capa_len)
 		len = wpa_s->extended_capa_len;
 	if (buflen < (size_t) len + 2) {
@@ -1691,13 +1673,11 @@
 			wmm_ac_save_tspecs(wpa_s);
 			wpa_s->reassoc_same_bss = 1;
 		}
-	}
-
-	if (rand_style > 0 && !wpa_s->reassoc_same_ess) {
+	} else if (rand_style > 0) {
 		if (wpas_update_random_addr(wpa_s, rand_style) < 0)
 			return;
 		wpa_sm_pmksa_cache_flush(wpa_s->wpa, ssid);
-	} else if (rand_style == 0 && wpa_s->mac_addr_changed) {
+	} else if (wpa_s->mac_addr_changed) {
 		if (wpa_drv_set_mac_addr(wpa_s, NULL) < 0) {
 			wpa_msg(wpa_s, MSG_INFO,
 				"Could not restore permanent MAC address");
@@ -1716,13 +1696,6 @@
 #ifdef CONFIG_IBSS_RSN
 	ibss_rsn_deinit(wpa_s->ibss_rsn);
 	wpa_s->ibss_rsn = NULL;
-#else /* CONFIG_IBSS_RSN */
-	if (ssid->mode == WPAS_MODE_IBSS &&
-	    !(ssid->key_mgmt & (WPA_KEY_MGMT_NONE | WPA_KEY_MGMT_WPA_NONE))) {
-		wpa_msg(wpa_s, MSG_INFO,
-			"IBSS RSN not supported in the build");
-		return;
-	}
 #endif /* CONFIG_IBSS_RSN */
 
 	if (ssid->mode == WPAS_MODE_AP || ssid->mode == WPAS_MODE_P2P_GO ||
@@ -2470,14 +2443,12 @@
 	if (bss) {
 		params.ssid = bss->ssid;
 		params.ssid_len = bss->ssid_len;
-		if (!wpas_driver_bss_selection(wpa_s) || ssid->bssid_set ||
-		    wpa_s->key_mgmt == WPA_KEY_MGMT_WPS) {
+		if (!wpas_driver_bss_selection(wpa_s) || ssid->bssid_set) {
 			wpa_printf(MSG_DEBUG, "Limit connection to BSSID "
 				   MACSTR " freq=%u MHz based on scan results "
-				   "(bssid_set=%d wps=%d)",
+				   "(bssid_set=%d)",
 				   MAC2STR(bss->bssid), bss->freq,
-				   ssid->bssid_set,
-				   wpa_s->key_mgmt == WPA_KEY_MGMT_WPS);
+				   ssid->bssid_set);
 			params.bssid = bss->bssid;
 			params.freq.freq = bss->freq;
 		}
diff --git a/wpa_supplicant/wpa_supplicant.conf b/wpa_supplicant/wpa_supplicant.conf
index 047ca90..b3138e3 100644
--- a/wpa_supplicant/wpa_supplicant.conf
+++ b/wpa_supplicant/wpa_supplicant.conf
@@ -822,10 +822,6 @@
 # WPA-EAP-SUITE-B = Suite B 128-bit level
 # WPA-EAP-SUITE-B-192 = Suite B 192-bit level
 # OSEN = Hotspot 2.0 Rel 2 online signup connection
-# FILS-SHA256 = Fast Initial Link Setup with SHA256
-# FILS-SHA384 = Fast Initial Link Setup with SHA384
-# FT-FILS-SHA256 = FT and Fast Initial Link Setup with SHA256
-# FT-FILS-SHA384 = FT and Fast Initial Link Setup with SHA384
 # If not set, this defaults to: WPA-PSK WPA-EAP
 #
 # ieee80211w: whether management frame protection is enabled
diff --git a/wpa_supplicant/wpa_supplicant_i.h b/wpa_supplicant/wpa_supplicant_i.h
index 4a7e3c7..4f5d41b 100644
--- a/wpa_supplicant/wpa_supplicant_i.h
+++ b/wpa_supplicant/wpa_supplicant_i.h
@@ -574,7 +574,6 @@
 	struct wpa_radio_work *scan_work;
 	int scanning;
 	int sched_scanning;
-	unsigned int sched_scan_stop_req:1;
 	int new_connection;
 
 	int eapol_received; /* number of EAPOL packets received after the
@@ -721,7 +720,7 @@
 		u8 ssid[SSID_MAX_LEN];
 		size_t ssid_len;
 		int freq;
-		u8 assoc_req_ie[300];
+		u8 assoc_req_ie[200];
 		size_t assoc_req_ie_len;
 		int mfp;
 		int ft_used;
@@ -1205,8 +1204,6 @@
 				    size_t len,
 				    enum mbo_transition_reject_reason reason);
 void wpas_mbo_update_cell_capa(struct wpa_supplicant *wpa_s, u8 mbo_cell_capa);
-struct wpabuf * mbo_build_anqp_buf(struct wpa_supplicant *wpa_s,
-				   struct wpa_bss *bss);
 
 /**
  * wpa_supplicant_ctrl_iface_ctrl_rsp_handle - Handle a control response
diff --git a/wpa_supplicant/wpas_kay.c b/wpa_supplicant/wpas_kay.c
index e032330..d6ec8c5 100644
--- a/wpa_supplicant/wpas_kay.c
+++ b/wpa_supplicant/wpas_kay.c
@@ -38,12 +38,6 @@
 }
 
 
-static int wpas_macsec_get_capability(void *priv, enum macsec_cap *cap)
-{
-	return wpa_drv_macsec_get_capability(priv, cap);
-}
-
-
 static int wpas_enable_protect_frames(void *wpa_s, Boolean enabled)
 {
 	return wpa_drv_enable_protect_frames(wpa_s, enabled);
@@ -68,21 +62,30 @@
 }
 
 
-static int wpas_get_receive_lowest_pn(void *wpa_s, struct receive_sa *sa)
+static int wpas_get_receive_lowest_pn(void *wpa_s, u32 channel,
+				      u8 an, u32 *lowest_pn)
 {
-	return wpa_drv_get_receive_lowest_pn(wpa_s, sa);
+	return wpa_drv_get_receive_lowest_pn(wpa_s, channel, an, lowest_pn);
 }
 
 
-static int wpas_get_transmit_next_pn(void *wpa_s, struct transmit_sa *sa)
+static int wpas_get_transmit_next_pn(void *wpa_s, u32 channel,
+				      u8 an, u32 *next_pn)
 {
-	return wpa_drv_get_transmit_next_pn(wpa_s, sa);
+	return wpa_drv_get_transmit_next_pn(wpa_s, channel, an, next_pn);
 }
 
 
-static int wpas_set_transmit_next_pn(void *wpa_s, struct transmit_sa *sa)
+static int wpas_set_transmit_next_pn(void *wpa_s, u32 channel,
+				      u8 an, u32 next_pn)
 {
-	return wpa_drv_set_transmit_next_pn(wpa_s, sa);
+	return wpa_drv_set_transmit_next_pn(wpa_s, channel, an, next_pn);
+}
+
+
+static int wpas_get_available_receive_sc(void *wpa_s, u32 *channel)
+{
+	return wpa_drv_get_available_receive_sc(wpa_s, channel);
 }
 
 
@@ -100,79 +103,83 @@
 }
 
 
-static int wpas_create_receive_sc(void *wpa_s, struct receive_sc *sc,
+static int wpas_create_receive_sc(void *wpa_s, u32 channel,
+				  struct ieee802_1x_mka_sci *sci,
 				  enum validate_frames vf,
 				  enum confidentiality_offset co)
 {
-	return wpa_drv_create_receive_sc(wpa_s, sc, conf_offset_val(co), vf);
+	return wpa_drv_create_receive_sc(wpa_s, channel, sci->addr,
+					 be_to_host16(sci->port),
+					 conf_offset_val(co), vf);
 }
 
 
-static int wpas_delete_receive_sc(void *wpa_s, struct receive_sc *sc)
+static int wpas_delete_receive_sc(void *wpa_s, u32 channel)
 {
-	return wpa_drv_delete_receive_sc(wpa_s, sc);
+	return wpa_drv_delete_receive_sc(wpa_s, channel);
 }
 
 
-static int wpas_create_receive_sa(void *wpa_s, struct receive_sa *sa)
+static int wpas_create_receive_sa(void *wpa_s, u32 channel, u8 an,
+				  u32 lowest_pn, const u8 *sak)
 {
-	return wpa_drv_create_receive_sa(wpa_s, sa);
+	return wpa_drv_create_receive_sa(wpa_s, channel, an, lowest_pn, sak);
 }
 
 
-static int wpas_delete_receive_sa(void *wpa_s, struct receive_sa *sa)
+static int wpas_enable_receive_sa(void *wpa_s, u32 channel, u8 an)
 {
-	return wpa_drv_delete_receive_sa(wpa_s, sa);
+	return wpa_drv_enable_receive_sa(wpa_s, channel, an);
 }
 
 
-static int wpas_enable_receive_sa(void *wpa_s, struct receive_sa *sa)
+static int wpas_disable_receive_sa(void *wpa_s, u32 channel, u8 an)
 {
-	return wpa_drv_enable_receive_sa(wpa_s, sa);
+	return wpa_drv_disable_receive_sa(wpa_s, channel, an);
 }
 
 
-static int wpas_disable_receive_sa(void *wpa_s, struct receive_sa *sa)
+static int wpas_get_available_transmit_sc(void *wpa_s, u32 *channel)
 {
-	return wpa_drv_disable_receive_sa(wpa_s, sa);
+	return wpa_drv_get_available_transmit_sc(wpa_s, channel);
 }
 
 
 static int
-wpas_create_transmit_sc(void *wpa_s, struct transmit_sc *sc,
+wpas_create_transmit_sc(void *wpa_s, u32 channel,
+			const struct ieee802_1x_mka_sci *sci,
 			enum confidentiality_offset co)
 {
-	return wpa_drv_create_transmit_sc(wpa_s, sc, conf_offset_val(co));
+	return wpa_drv_create_transmit_sc(wpa_s, channel, sci->addr,
+					  be_to_host16(sci->port),
+					  conf_offset_val(co));
 }
 
 
-static int wpas_delete_transmit_sc(void *wpa_s, struct transmit_sc *sc)
+static int wpas_delete_transmit_sc(void *wpa_s, u32 channel)
 {
-	return wpa_drv_delete_transmit_sc(wpa_s, sc);
+	return wpa_drv_delete_transmit_sc(wpa_s, channel);
 }
 
 
-static int wpas_create_transmit_sa(void *wpa_s, struct transmit_sa *sa)
+static int wpas_create_transmit_sa(void *wpa_s, u32 channel, u8 an,
+				   u32 next_pn, Boolean confidentiality,
+				   const u8 *sak)
 {
-	return wpa_drv_create_transmit_sa(wpa_s, sa);
+	return wpa_drv_create_transmit_sa(wpa_s, channel, an, next_pn,
+					  confidentiality, sak);
 }
 
 
-static int wpas_delete_transmit_sa(void *wpa_s, struct transmit_sa *sa)
+static int wpas_enable_transmit_sa(void *wpa_s, u32 channel, u8 an)
 {
-	return wpa_drv_delete_transmit_sa(wpa_s, sa);
+	return wpa_drv_enable_transmit_sa(wpa_s, channel, an);
 }
 
 
-static int wpas_enable_transmit_sa(void *wpa_s, struct transmit_sa *sa)
+static int wpas_disable_transmit_sa(void *wpa_s, u32 channel, u8 an)
 {
-	return wpa_drv_enable_transmit_sa(wpa_s, sa);
-}
-
-
-static int wpas_disable_transmit_sa(void *wpa_s, struct transmit_sa *sa)
-{
-	return wpa_drv_disable_transmit_sa(wpa_s, sa);
+	return wpa_drv_disable_transmit_sa(wpa_s, channel, an);
 }
 
 
@@ -197,7 +204,6 @@
 
 	kay_ctx->macsec_init = wpas_macsec_init;
 	kay_ctx->macsec_deinit = wpas_macsec_deinit;
-	kay_ctx->macsec_get_capability = wpas_macsec_get_capability;
 	kay_ctx->enable_protect_frames = wpas_enable_protect_frames;
 	kay_ctx->set_replay_protect = wpas_set_replay_protect;
 	kay_ctx->set_current_cipher_suite = wpas_set_current_cipher_suite;
@@ -205,16 +211,16 @@
 	kay_ctx->get_receive_lowest_pn = wpas_get_receive_lowest_pn;
 	kay_ctx->get_transmit_next_pn = wpas_get_transmit_next_pn;
 	kay_ctx->set_transmit_next_pn = wpas_set_transmit_next_pn;
+	kay_ctx->get_available_receive_sc = wpas_get_available_receive_sc;
 	kay_ctx->create_receive_sc = wpas_create_receive_sc;
 	kay_ctx->delete_receive_sc = wpas_delete_receive_sc;
 	kay_ctx->create_receive_sa = wpas_create_receive_sa;
-	kay_ctx->delete_receive_sa = wpas_delete_receive_sa;
 	kay_ctx->enable_receive_sa = wpas_enable_receive_sa;
 	kay_ctx->disable_receive_sa = wpas_disable_receive_sa;
+	kay_ctx->get_available_transmit_sc = wpas_get_available_transmit_sc;
 	kay_ctx->create_transmit_sc = wpas_create_transmit_sc;
 	kay_ctx->delete_transmit_sc = wpas_delete_transmit_sc;
 	kay_ctx->create_transmit_sa = wpas_create_transmit_sa;
-	kay_ctx->delete_transmit_sa = wpas_delete_transmit_sa;
 	kay_ctx->enable_transmit_sa = wpas_enable_transmit_sa;
 	kay_ctx->disable_transmit_sa = wpas_disable_transmit_sa;