hostapd/wpa_supplicant - new development release v0.6.4
Jouni Malinen
j at w1.fi
Sun Aug 10 13:49:48 EDT 2008
New versions of wpa_supplicant and hostapd were just
released and are now available from http://w1.fi/
This release is from the development branch (0.6.x). Please note that
the 0.5.x branch continues to be the current source of stable releases.
hostapd:
* added peer identity into EAP-FAST PAC-Opaque and skip Phase 2
Identity Request if identity is already known
* added support for EAP Sequences in EAP-FAST Phase 2
* added support for EAP-TNC (Trusted Network Connect)
(this version implements the EAP-TNC method and EAP-TTLS/EAP-FAST
changes needed to run two methods in sequence (IF-T) and the IF-IMV
and IF-TNCCS interfaces from TNCS)
* added support for optional cryptobinding with PEAPv0
* added fragmentation support for EAP-TNC
* added support for fragmenting EAP-TTLS/PEAP/FAST Phase 2 (tunneled)
data
* added support for opportunistic key caching (OKC)
wpa_supplicant:
* added support for EAP Sequences in EAP-FAST Phase 2
* added support for using TNC with EAP-FAST
* added driver_ps3 for the PS3 Linux wireless driver
* added support for optional cryptobinding with PEAPv0
* fixed the OpenSSL patches (0.9.8g and 0.9.9) for EAP-FAST to
allow fallback to full handshake if server rejects PAC-Opaque
* added fragmentation support for EAP-TNC
* added support for parsing PKCS #8 formatted private keys into the
internal TLS implementation (both PKCS #1 RSA key and PKCS #8
encapsulated RSA key can now be used)
* added option of using faster, but larger, routines in the internal
LibTomMath (for internal TLS implementation) to speed up DH and RSA
calculations (CONFIG_INTERNAL_LIBTOMMATH_FAST=y)
* fixed race condition between disassociation event and group key
handshake to avoid getting stuck in incorrect state [Bug 261]
* fixed opportunistic key caching (proactive_key_caching)
git-shortlog for 0.6.3 -> 0.6.4:
Artem Antonov (1):
Fix nl80211 driver to receive EAPOL response
Bernhard Michael (1):
driver_nl80211: Use customizable netlink callbacks
Chris Zimmermann (2):
hostapd_allowed_address() is called from hostapd_config_reload_sta() with
Support for RADIUS ACLs with drivers that do not use hostapd MLME
Dan Williams (7):
Fix potential use-after-free in dbus byte array demarshaling code
Fix qt3 wpa_gui build
wext: don't overwrite BSS frequency
Do not continually reschedule specific scans to help finding hidden SSIDs
wext: handle mode switches correctly for mac80211
Give adhoc associations a bit more time
wext: fix maxrate calculation
Daniel Wagner (1):
Rename NL80211_[ATTR]_STA_STAT_* to NL80211_[ATTR_]STA_INFO_
David Smith (4):
Add setSmartcardModules DBus message to set pkcs11 and opensc options
Add support to crypto/tls for client cert and CA cert from smartcard
Add support to eap_peer for client cert and CA cert on smartcard and in
Add support to wpa_supplicant configuring eap_peer for client cert and CA
Henrik Brix Andersen (1):
Fix compilation without IEEE8021X_EAPOL defined
Johannes Berg (1):
nl80211 driver: fix beacon interval setting
Jouni Malinen (110):
Added listen interval to hostapd sta_add() driver function
Silence SIOCSIWAUTH ioctl failure message.
Enforce non-zero MPPE key length
Fixed base64_decode() reject empty input buffers
Verify that os_get_time() does not fail before using the time value when
driver_ralink: Fixed couple of memory leaks on error path
driver_ralink: Use os_strlcpy instead of os_strncpy to ensure null
driver_ralink: Make sure assoc_{req,resp}_ies do not get double-freed
Added max_listen_interval configuration option
Preparations for 0.4.11 release
EAP-FAST: Add peer identity into EAP-FAST PAC-Opaque
EAP-FAST: Added shared helper functions for building TLVs
EAP-FAST: Moved common peer/server functionality into a shared file
EAP-FAST: Divided eap_fast_process() into number of helper functions
Removed extra '_' from struct eap_tlv_crypto_binding__tlv name
EAP-FAST: Define and use EAP_FAST_CMK_LEN
EAP-FAST: Cleaned up TLV processing and added support for EAP Sequences
EAP-FAST: Verify that identity from PAC-Opaque matches with Phase 2 (GTC)
Renamed local DBUS_VERSION define to avoid conflict with dbus 1.1 headers
Added a missing '#' to indicate a comment.
Make the "invalid group" error show up with default verbosity level
TNC: Added preliminary TNC implementation for hostapd
TNC: Provide 'tnc' configuration option for EAP server and methods
TNC: Added support for using TNC with EAP-FAST
TNC: Integrated TNC support into EAP-FAST server
TNC: Fixed TNC when using EAP-TTLS with non-EAP Phase 2
TNC: Integrated TNC support into EAP-TTLS server
TNC: Added TNC server support into documentation and ChangeLogs
Silence gcc 4.3.0 warnings about invalid array indexes
Delete PTK SA on (re)association if this is not part of a Fast BSS
FT: Use correct BSSID when deriving PTK and verifying MIC
Some cleanup for the new driver wrapper for PS3
EAP-PEAP: Moved EAP-TLV processing into eap_peap.c
EAP-PEAP: Moved EAP-TLV processing into eap_peap.c
EAP-PEAP: Added preliminary code for PEAPv0 and PEAPv2 cryptobinding
EAP-PEAP: Swap MS-CHAP-v2 MPPE keys for EAP-PEAP ISK derivation
EAP-PEAP: Fixed interop issues in key derivation with cryptobinding
EAP-TTLS: Fixed implicit challenge derivation to use correct output length
TNC: Added preliminary code for IF-TNCCS-SOH server side support
PEAPv0: Added crypto_binding configuration option (part of phase1)
TNC: Added preliminary code for IF-TNCCS-SOH client side support
Small whitespace cleanup
Fixed tls_prf() to handle keys with odd length
Fixed fallback to full handshake when server rejects PAC-Opaque
Fixed fallback to full handshake when server rejects PAC-Opaque
Fixed xsi:schemaLocation to use whitespace to separate members of the pair.
Updated the comment on 'bridge' variable to mention nl80211 which needs
Disable TLS compression since the EAP-TTLS/PEAP/FAST payload processing
Only use SSL_OP_NO_COMPRESSION if it is defined
Added instructions on how to create the DH parameters files.
Example configuration for EAP-TLS authentication using PKCS#11 TPM token
Added fragmentation support for EAP-TNC
Do not define tls_engine_get_cert() if OpenSSL engine is disabled
Added a workaround for handling TLS compression
Fixed EAP-IKEv2 server fragment processing
Redesigned EAP-TLS/PEAP/TTLS/FAST fragmentation/reassembly
Do not refer to Flags::Version field as 'PEAP version'
Share EAP-TLS/PEAP/TTLS/FAST core process() functionality
Add eap_tls_state() to get closer to EAP-TTLS/PEAP/FAST code
Added the EAP-FAST patch for OpenSSL 0.9.8h
Updated the EAP-FAST patch for the latest OpenSSL 0.9.9 snapshot
Changed TLS server to use OpenSSL SSL_accept() instead of SSL_read()
Fixed build without CONFIG_IEEE8021X_EAPOL, but with CONFIG_CTRL_IFACE
Fixed dbus build without OpenSSL.
Internal TLS: Added support for parsing PKCS #8 formatted private keys
Include wireless_copy.h instead of linux/wireless.h to avoid conflicts
Fix USE_KERNEL_HEADERS build with compat-wireless
Introduced new helper function is_zero_ether_addr()
Reduce integrated LibTomMath size by dropping negative exponent support
Internal LibTomMath: add optional support for Montgomery reduction
Updated the comments since Montgomery reduction is now included
Silence compiler warnings about out of array bounds indexes
Add faster, optional sqr routine for internal LibTomMath
Fixed RADIUS client local address forcing for IPv6 (eapol_test)
Fixed potential NULL pointer dereference if memory allocation fails
Read Michael MIC keys through TK2 union instead of offset from TK1
Added an option to build internal LibTomMath with faster div routine
Combined internal LibTomMath configuration into one option
Removed the 20% estimate on faster bignum routines
Updated the LibTomMath reference to use 0.41 version
Fixed a buffer overflow in nla_parse call
Added a preliminary nl80211/cfg80211 driver interface for wpa_supplicant
EAP-PEAP: Moved the common peap_prfplus() function into a shared file
Fixed race condition between disassociation event and group key handshake
Added mac80211_hwsim - software simulator of 802.11 radio(s) for mac80211
Fixed tx() handler to use GFP_ATOMIC.
Added global monitor interface (hwsim#)
Added a comment about hwsim#
Added start/stop handlers and do not send frames to stopped radios
Use _irqsafe versions of ieee80211 rx and tx_status functions
Set ACK flag properly for txstatus
Added support for AP mode Beacon transmission
Removed forgotten todo entry
Added support for configuring IGTK
Added WLAN_STA_MFP flag for driver wrappers so that they can configure the
WEXT: IEEE 802.11w/MFP configuration
Added temporary #ifdef WEXT_MFP_PENDING around the MFP changes
Add IGTK/MFP configuration (disabled by default)
Fixed wpa_scan_get_max_rate() to clear the basicrate flag when determining
Fixed EAP-TNC not to include extra EAP header and TNC flags
Fixed NULL pointer dereference on error path [Bug 273]
Cleaned up some of invalid documentation related to channel configuration.
WEXT: Fixed re-initialization of removed and re-inserted interface
Fixed opportunistic key caching (OKC)
Added support for opportunistic key caching (OKC)
Added support for setting BSS parameters with NL80211_CMD_SET_BSS
Fixed a NULL pointer dereference when driver initialization fails
Renamed MSG to PROC_MSG to avoid conflicts with MinGW winuser.h
Fixed MinGW build without CONFIG_NDIS_EVENTS_INTEGRATED defined
Preparations for 0.6.4 release
Kel Modderman (3):
Enhance manpage with use of emphasis instead of strong quote
Explain not all driver backends will be compiled into wpa_supplicant binary
Remove the -w option from help output
Masakazu Mokuno (3):
Add support for PS3 Linux wireless driver
Add the flags for the drivers which do 4-way handshake
Add support for the driver which do 4-way handshake
Michael Bernhard (7):
driver_nl80211: Use the correct nl80211 command to flush all stations
driver_nl80211: Clone netlink callbacks instead of creating new ones
driver_nl80211: Initialize local variable
driver_nl80211: Return correct value
driver_nl80211: Do not send nl80211 message if beacon is not set yet
Disable functionality in hostapd_deauth_all_stas for hostap driver only
Make proactive key caching working again
Pavel Polischouk (1):
man wpa_supplicant: Clearly state which options are given per interface
Pavel Roskin (2):
driver_wext: Fix missing bracket in [DORMANT]
Fix compile warnings on 64-bit systems
Ryan Hill (1):
The attached patch fixes a few build errors when compiling with GCC 4.3,
Tomasz Wolniewicz (2):
Chargeable-User-Identity (RFC 4372) in eapol_test
eapol_test: Allow client IP address to be specified
--
Jouni Malinen PGP id EFC895FA
More information about the HostAP
mailing list