Prism2/2.5/3 Host AP - new release v0.2.2 - 2004-05-31

Jouni Malinen jkmaline at
Mon May 31 21:07:28 EDT 2004

A new version of Prism2/2.5/3 Host AP was just released and is now
available from

This release is from the development (0.2.x) branch. Please note that
the stable branch (0.1.x releases) still continues to be the source of
stable releases, although all new development is happening on the
development branch. In addition, my current plan is to start calling
v0.2.x branch "stable" quite soon; maybe after one more development
release. In other words, testing and bug reports are very much welcome
for this v0.2.2 release.

The main change from the previous version is in wpa_supplicant getting
support for new EAP methods (EAP-TTLS, many new Phase 2 methods for
both EAP-PEAP and EAP-TTLS, EAP-GTC, EAP-SIM). In addition, number of
small issues found during WPA/WPA2 interop testing has been fixed.


2004-05-31 - v0.2.2

* fixed a buffer overflow in TKIP encryption (hostap_crypt_tkip
  module) on big endian hosts


No changes - v0.2.2 release skipped


2004-05-31 - v0.2.2

* fixed WPA/WPA2 group rekeying to use key index correctly (GN/GM)
* fixed group rekeying to send zero TSC in EAPOL-Key messages to fix
  cases where STAs dropped multicast frames as replay attacks
* added support for copying RADIUS Attribute 'Class' from
  authentication messages into accounting messages
* send canned EAP failure if RADIUS server sends Access-Reject without
  EAP message (previously, Supplicant was not notified in this case)
* fixed mixed WPA-PSK and WPA-EAP mode to work with WPA-PSK (i.e., do
  not start EAPOL state machines if the STA selected to use WPA-PSK)


2004-05-31 - v0.2.2

* added support for new EAP authentication methods:
  EAP-SIM (not yet complete; needs GSM/SIM authentication interface)
* added support for anonymous identity (to be used when identity is
  sent in plaintext; real identity will be used within TLS protected
  tunnel (e.g., with EAP-TTLS)
* added event messages from wpa_supplicant to frontends, e.g., wpa_cli
* added support for requesting identity and password information using
  control interface; in other words, the password for EAP-PEAP or
  EAP-TTLS does not need to be included in the configuration file since
  a frontand (e.g., wpa_cli) can ask it from the user
* improved RSN pre-authentication to use a candidate list and process
  all candidates from each scan; not only one per scan
* fixed RSN IE and WPA IE capabilities field parsing
* ignore Tx bit in GTK IE when Pairwise keys are used
* avoid making new scan requests during IEEE 802.1X negotiation
* use openssl/libcrypto for MD5 and SHA-1 when compiling wpa_supplicant
  with TLS support (this replaces the included implementation with
  library code to save about 8 kB since the library code is needed
  anyway for TLS)
* fixed WPA-PSK only mode when compiled without IEEE 802.1X support
  (i.e., without CONFIG_IEEE8021X_EAPOL=y in .config)

Jouni Malinen                                            PGP id EFC895FA

More information about the HostAP mailing list