hostapd/wpa_supplicant - new development release v0.6.2

Jouni Malinen j at w1.fi
Tue Jan 1 22:42:25 EST 2008


New versions of wpa_supplicant and hostapd were just
released and are now available from http://w1.fi/

This release is from the development branch (0.6.x). Please note that
the 0.5.x branch continues to be the current source of stable releases.

hostapd:
* fixed EAP-SIM and EAP-AKA message parser to validate attribute
  lengths properly to avoid potential crash caused by invalid messages
* added data structure for storing allocated buffers (struct wpabuf);
  this does not affect hostapd usage, but many of the APIs changed
  and various interfaces (e.g., EAP) is not compatible with old
  versions
* added support for protecting EAP-AKA/Identity messages with
  AT_CHECKCODE (optional feature in RFC 4187)
* added support for protected result indication with AT_RESULT_IND for
  EAP-SIM and EAP-AKA (eap_sim_aka_result_ind=1)
* added support for configuring EAP-TTLS phase 2 non-EAP methods in
  EAP server configuration; previously all four were enabled for every
  phase 2 user, now all four are disabled by default and need to be
  enabled with new method names TTLS-PAP, TTLS-CHAP, TTLS-MSCHAP,
  TTLS-MSCHAPV2
* removed old debug printing mechanism and the related 'debug'
  parameter in the configuration file; debug verbosity is now set with
  -d (or -dd) command line arguments
* added support for EAP-IKEv2 (draft-tschofenig-eap-ikev2-15.txt);
  only shared key/password authentication is supported in this version

wpa_supplicant:
* added support for Makefile builds to include debug-log-to-a-file
  functionality (CONFIG_DEBUG_FILE=y and -f<path> on command line)
* fixed EAP-SIM and EAP-AKA message parser to validate attribute
  lengths properly to avoid potential crash caused by invalid messages
* added data structure for storing allocated buffers (struct wpabuf);
  this does not affect wpa_supplicant usage, but many of the APIs
  changed and various interfaces (e.g., EAP) is not compatible with old
  versions
* added support for protecting EAP-AKA/Identity messages with
  AT_CHECKCODE (optional feature in RFC 4187)
* added support for protected result indication with AT_RESULT_IND for
  EAP-SIM and EAP-AKA (phase1="result_ind=1")
* added driver_wext workaround for race condition between scanning and
  association with drivers that take very long time to scan all
  channels (e.g., madwifi with dual-band cards); wpa_supplicant is now
  using a longer hardcoded timeout for the scan if the driver supports
  notifications for scan completion (SIOCGIWSCAN event); this helps,
  e.g., in cases where wpa_supplicant and madwifi driver ended up in
  loop where the driver did not even try to associate
* stop EAPOL timer tick when no timers are in use in order to reduce
  power consumption (no need to wake up the process once per second)
  [Bug 237]
* added support for privilege separation (run only minimal part of
  wpa_supplicant functionality as root and rest as unprivileged,
  non-root process); see 'Privilege separation' in README for details;
  this is disabled by default and can be enabled with CONFIG_PRIVSEP=y
  in .config
* changed scan results data structure to include all information
  elements to make it easier to support new IEs; old get_scan_result()
  driver_ops is still supported for backwards compatibility (results
  are converted internally to the new format), but all drivers should
  start using the new get_scan_results2() to make them more likely to
  work with new features
* Qt4 version of wpa_gui (wpa_gui-qt4 subdirectory) is now native Qt4
  application, i.e., it does not require Qt3Support anymore; Windows
  binary of wpa_gui.exe is now from this directory and only requires
  QtCore4.dll and QtGui4.dll libraries
* updated Windows binary build to use Qt 4.3.3 and made Qt DLLs
  available as a separate package to make wpa_gui installation easier:
  http://w1.fi/wpa_supplicant/qt4/wpa_gui-qt433-windows-dll.zip
* added support for EAP-IKEv2 (draft-tschofenig-eap-ikev2-15.txt);
  only shared key/password authentication is supported in this version


git-shortlog for 0.6.1 -> 0.6.2:

Alan DeKok (1):
      Add support for building EAP as a shared library (libeap.so).

Dan Williams (3):
      Make output logging to file usable on *NIX platforms
      Fix memory leak in D-Bus control interface
      Restrict D-Bus interface to root only

Johannes Berg (15):
      driver_devicescape: fix init error handling
      hostapd: fix multi-BSS code
      hostapd: handle invalid driver setting
      hostapd: use wext's privacy_invoked instead of prism ioctl
      hostapd: make driver_devicescape set multi-BSS interfaces up
      hostapd: allow bssid config on default interface
      Move definitions from the header file that was originally shared with the
      hostapd: rename driver_devicescape to driver_nl80211
      nl80211 driver: receive EAPOL Frames on the data interface
      nl80211 driver: remove Michael MIC failure code
      nl80211 driver: use nl80211 for keys
      nl80211 driver: use nl80211 for beacons
      nl80211 driver: use nl80211 for key information
      nl80211 driver: use nl80211 for station management
      hostapd: use nl80211 to set interface to master mode

Jouni Malinen (178):
      Added 0.6.1.
      Moved EAPOL specific entries from wpa_common.h to eapol_common.h so that
      Moved wpa_supplicant/eapol_sm.[ch] into src/eapol_supp/eapol_supp_sm.[ch]
      Updated references to EAPOL supplicant (eapol_sm.[ch]) to use the new
      Moved configuration blob structures and prototypes into a separate header
      Updated the combined WPA authenticator--supplicant test program to work
      Added 'finished' callback to avoid direct calls to rsn_preauth_finished()
      Moved direct hostapd_get_eap_user() call from eapol_sm.c to ieee802_1x.c
      Removed direct ap_get_sta() call from eapol_sm.c by adding a new
      Added logger() callback function to avoid direct calls to hostapd_logger()
      Moved EAPOL state machine procedures to use callback functions instead of
      Cleaned up EAPOL/EAP/AAA interfaces in hostapd. This updates the EAP server
      Basic EAP functionality is now required for EAPOL even if full EAP server
      Simplified the interface between EAP Full Authenticator and EAPOL/AAA by
      Fixed deinit code to cancel ieee802_1x_rekey timer to avoid potential
      Fixed remove_pmkid() handler not to clear list head (copy-paste error). The
      Added .gitignore to the new directory.
      Replaced the old hostapd_get_rand() calls with os_get_random().
      Added 'os_' prefix to common C library functions.
      Use eap_msg_alloc() to avoid having to fill in EAP header in multiple
      Removed an unused function argument.
      Use eap_hdr_validate() instead of local implementation to validate EAP
      Fixed RADIUS server to clear eapReq/eapSuccess/eapFail in order to allow
      Added EAP Transport of Registration Protocol for Wi-Fi Protected Setup
      Preparations for 0.5.9 release.
      EAP-GPSK was already updated to draft -07 and -08 did not change any
      Cleaned up EAP peer interface by moving wpa_config_allowed_eap_method()
      Avoid possible double-free crash when processing a zero length
      Added an example application that shows how EAP peer and server
      Fixed build without EAP-FAST support (with crypto_mod_exp() commented out).
      Fixed eap_example build with internal TLS implementation.
      Free eap_config variables to avoid memory leaks.
      Added a short description of the EAP library and example application.
      Fixed a typo in a comment.
      Added an example on how to use RADIUS client functionality as a library in
      Moved common EAP-WSC definitions into a shared header file.
      Share a common eap_wsc_build_frag_ack() implementation between EAP-WSC
      Added .gitignore files to new directories.
      Added test certificates and server private key to make it easier to run
      Changed os_mktime() to generate the time in UTC, not local time to fix
      Updated doxygen documentation for 0.6.x directory structure and some of the
      Removed EAP header field from struct eap_sake_hdr and started using
      Removed EAP header field from struct eap_pax_hdr and started using
      Removed EAP header field from struct eap_psk_hdr_* and started using
      Fixed EAP-TLS server. Previous fix in broke EAP-TLS ACK processing in
      Fixed eap_sim_parse_attr() to verify that the attribute length field is
      Removed duplicated object files from the library when building with the
      Clean the new eapol_supp directory on 'make clean'.
      Moved sha1_transform into the CONFIG_NO_FIPS186_2_PRF #ifdef block to
      Make sure no more than one pending scan timeout is scheduled by canceling
      Add libeap.so to .gitignore.
      Added 'struct wpabuf' data structure for presenting data buffers.
      Fixed couple of minor memory leaks in RADIUS server data handling.
      Fixed a memory leak in EAP-FAST provisioning.
      Fixed a memory leak in decapsulation of EAP message from a RADIUS message.
      Removed unneeded validation on in_data != NULL since eap_peer_decrypt() and
      Avoid NULL dereferences when in debug mode should something end up calling
      Removed unused variable. mlen is not used anymore and it was forgotten into
      Removed dead code. There does not seem to be any need for figuring out the
      Added support for protecting EAP-AKA/Identity messages with AT_CHECKCODE
      Added support for protected result indication with AT_RESULT_IND for
      Moved wpabuf_put() into .c file to avoid forcing it to be an inlined
      Replaced wpabuf_alloc_ext_data_no_free() with a simpler construction that
      Share the same CHAP-MD5 implementation for EAP-MD5 and EAP-TTLS to avoid
      Fixed a typo in a comment.
      Added support for configuring EAP-TTLS phase 2 non-EAP methods in EAP
      Updated to-do items and completed some EAP interop tests.
      Updated interop tests with FreeRADIUS to use current 2.0-beta snapshot
      Increase the hard scan timeout limit from 3 to 5 seconds and change this to
      Stop EAPOL timer tick when no timers are in use in order to reduce power
      Removed __{be,le}{16,32,64} typedefs to avoid conflicts with linux/types.h.
      Minor coding style cleanup that I forgot to save before the previous
      Fixed comment typos.
      Removed an old workaround that was needed for EAP-PEAP interoperability
      hanged ieee802_11_print_ssid() to write the SSID to a memory buffer in
      Removed HOSTAPD_DEBUG_COND() macro as a step towards getting rid of
      Replaced HOSTAPD_DEBUG() macro with wpa_printf() to get rid of the old
      Deprecated 'debug' configuration parameter since the old debug printing
      Remove madwifi.conf since the same information is available in hostapd.conf
      Added bit more text for 'driver' option.
      Fixed a typo in a comment.
      Added preliminary support for wpa_supplicant privilege separation.
      Only allow ethertypes 0x888e (PAE) and 0x88c7 (RSN preauth) to be used for
      Added support for sending EVENT_MICHAEL_MIC_FAILURE over privsep interface.
      Added support for sending EVENT_INTERFACE_STATUS over privsep interface.
      Added support for sending following events over privsep interface:
      Reverted unintended change from cb2eec6f9ff55c5fba43d7cc93812abc6126173f.
      Added support for wpa_supplicant_rx_eapol() over privsep interface.
      Added support for get_capa driver_ops over privsep interface.
      Documented privilege separation.
      Add wpa_gui.sgml docbook manpage source
      Changed debug-to-file setup to allow the debug file path to be specified.
      Removed a forgotten comment about DHV. It was removed from IEEE 802.11w.
      Changed scan results data structure to include all information elements to
      Converted driver_privsep to use the new scan result format and modified
      Fixed privsep l2_packet_deinit to remove the own socket file and free the
      Converted driver_test to use the new scan results format.
      Converted driver_wext (and all driver wrappers using its scan result
      Removed debugging code that was not supposed to be committed.
      Replace Q3ListView with QTreeWidget for the scan results dialog.
      Fixed forgotten reference to q3listview.h to use qtreewidget.h.
      Converted rest of Qt3 specific code to native Qt4 and removed qt3support
      Use QTreeView instead of QTableView for event data to make the table a bit
      Do not show the control for expanding tree entries in the scan results
      Close scan results, event history, and user request dialogs if they are
      Removed the vertical spacer to allow the tree widget to take most of the
      Removed left/right/top/bottom margin properties from QHBoxLayout to allow
      Start using wpa_gui-qt4 for Windows binary builds since it drops
      Added the new files to fix VS2005 builds.
      Converted driver_ndis to use the new scan results format.
      Moved scan results sorting code from driver_wext.c into scan_helpers.c
      Moved scan results sorting to be a generic call for all driver wrappers
      Updated Windows build to use default host Qt installation and a newer
      Removed the 'make compiler_uic_make_all' workaround from wpa_gui build
      Added information about Qt 4 with wpa_gui and made the Qt DLLs available
      Added wpa_gui-qt4 target to build the Qt4 version of wpa_gui.
      Replace the QAction activated() signals with triggered() which seems to be
      Fixed eapol_test and preauth_test linking.
      Fixed wpa_supplicant_get_scan_results() to return error value properly, so
      Fixed custom 'rsn_ie' event parsing to actually update res->ie with the
      Removed the default WpaMsg constructor since it was not apparently used
      Cleaned up some too long lines.
      Added new EAP peer method: EAP-IKEv2 (draft-tschofenig-eap-ikev2-15.txt)
      Updated EAP-IKEv2 payload types to match with IANA assignments.
      No need to look at IKEv2 key details when verifying whether ICV should be
      Divided overly long eap_ikev2_process() into multiple functions.
      Added wpabuf_tailroom() for figuring out how much buffer is available.
      Converted EAP-IKEv2 to use wpabuf for received messages.
      Moved DH Group data into new src/crypto/dh_groups.[ch] files to make it
      Fixed a forgotten hardcoded DH group value to use the new mechanism for
      Increased the buffer size to include enough space for 8192-bit DH values.
      Added MODP Diffie-Hellman groups from RFC 4306 and RFC 3526.
      Implemented crypto_mod_exp() using OpenSSL BIGNUM functions.
      Fixed crypto_mod_exp() to report errors correctly.
      Removed trailing whitespace.
      Added support for using INVALID_KE_PAYLOAD notification to request another
      Added support for using more than one Integrity and PRF algorithm.
      Moved AUTH data generation into a shared function.
      Added support for multiple encryption algorithms. Though, only ENCR_3DES is
      Added support for ENCR_AES_CBC with 128-bit keys.
      Added CCNS_PL workaround for fragment ACK.
      Removed a forgotten reference to WPS (eap_wsc.c)
      Fixed a typo in key size attribute type.
      Added EAP-IKEv2 server implementation.
      hostapd includes EAP-IKEv2 server now.
      Share the same routine for decrypting payloads in initiator and responder.
      Parse optional SK{IDr} from SA_INIT and use its value as the identity when
      Moved ikev2_update_hdr() and ikev2_build_encrypted() into common code.
      Moved IKEv2 keys into a shared structure type to make it easier to share
      Added the main EAP-IKEV2 server file that was forgotten from the initial
      Moved common EAP-IKEv2 functions into a shared file.
      Fixed a memory leak on error path.
      Moved SK key derivation into a shared function.
      Moved DH operations from IKEv2 code into dh_groups.c to allow better code
      Fixed wpabuf_free() to free ext_data.
      Removed wpabuf::refcount concept and wpabuf_ref().
      Fixed a bug in wpabuf conversion: must not use wpabuf after it has been
      Fixed a bug in wpabuf conversion: must not use wpabuf after it has been
      Use generate_authenticator_response_pwhash() to avoid extra function call
      Cleaned up ms_funcs return value validation and made sure error codes will
      Enforce return value validation for AES functions and resolve the generated
      Enforce validation of crypto.h function error values and resolve the
      Enforce validation of crypto function returns values and fixed the
      Fixed one more wpabuf_free() before wpabuf_len() debug print issue to
      Validate return value for errors in AES function calls.
      Do not leave data->in_buf pointing to stack-based tmpbuf when returning
      Fixed IKEv2 error handling.
      Use u8* rather than void* when doing pointer arithmetics.
      Use u8* instead of void* for pointer arithmetics.
      Changed EAP-WSC to use struct wpabuf for in_buf/out_buf processing
      Synchronized the WPS dummy implementation in EAP-WSC server and peer so
      Moved the dummy WPS code into a shared file in a new directory as a
      Added Makefile to allow 'make clean' clean all directories.
      Silenced compiler warnings about printf format for size_t on 64-bit builds.
      Marked helper functions use 'const' with scan results and handled the
      Marked scan result IEs 'const'.
      Added the new files into the nmake build.
      Preparations for v0.6.2 release.

Kel Modderman (11):
      Fix the spelling of "interfaces" (was "interdaces") in a comment within
      Add a D-BUS service activation configuration
      Fix compile warnings in wpa_gui
      Remove ref to ctrl_interface_group in wpa_cli manpage
      Remove ref to ctrl_interface_group in wpa_supplicant.conf manpage
      Fix x86_64 compile warnings in pcsc_funcs.c
      Fix x86_64 compile warnings in eap_wsc.c
      Add initial wpa_priv docbook manpage source
      Add id_str input support to wpa_gui (QT3)
      Add id_str input support to wpa_gui (QT4)
      Use QCombobox::addItem to append items to combo box lists.

Ted Merrill (2):
      Cleaned up scan result processing by moving the result printing into a
      Added WPS IE into DBUS scan results.


-- 
Jouni Malinen                                            PGP id EFC895FA



More information about the HostAP mailing list