hostapd/wpa_supplicant - new development release v0.6.2
Jouni Malinen
j
Tue Jan 1 19:42:25 PST 2008
New versions of wpa_supplicant and hostapd were just
released and are now available from http://w1.fi/
This release is from the development branch (0.6.x). Please note that
the 0.5.x branch continues to be the current source of stable releases.
hostapd:
* fixed EAP-SIM and EAP-AKA message parser to validate attribute
lengths properly to avoid potential crash caused by invalid messages
* added data structure for storing allocated buffers (struct wpabuf);
this does not affect hostapd usage, but many of the APIs changed
and various interfaces (e.g., EAP) is not compatible with old
versions
* added support for protecting EAP-AKA/Identity messages with
AT_CHECKCODE (optional feature in RFC 4187)
* added support for protected result indication with AT_RESULT_IND for
EAP-SIM and EAP-AKA (eap_sim_aka_result_ind=1)
* added support for configuring EAP-TTLS phase 2 non-EAP methods in
EAP server configuration; previously all four were enabled for every
phase 2 user, now all four are disabled by default and need to be
enabled with new method names TTLS-PAP, TTLS-CHAP, TTLS-MSCHAP,
TTLS-MSCHAPV2
* removed old debug printing mechanism and the related 'debug'
parameter in the configuration file; debug verbosity is now set with
-d (or -dd) command line arguments
* added support for EAP-IKEv2 (draft-tschofenig-eap-ikev2-15.txt);
only shared key/password authentication is supported in this version
wpa_supplicant:
* added support for Makefile builds to include debug-log-to-a-file
functionality (CONFIG_DEBUG_FILE=y and -f<path> on command line)
* fixed EAP-SIM and EAP-AKA message parser to validate attribute
lengths properly to avoid potential crash caused by invalid messages
* added data structure for storing allocated buffers (struct wpabuf);
this does not affect wpa_supplicant usage, but many of the APIs
changed and various interfaces (e.g., EAP) is not compatible with old
versions
* added support for protecting EAP-AKA/Identity messages with
AT_CHECKCODE (optional feature in RFC 4187)
* added support for protected result indication with AT_RESULT_IND for
EAP-SIM and EAP-AKA (phase1="result_ind=1")
* added driver_wext workaround for race condition between scanning and
association with drivers that take very long time to scan all
channels (e.g., madwifi with dual-band cards); wpa_supplicant is now
using a longer hardcoded timeout for the scan if the driver supports
notifications for scan completion (SIOCGIWSCAN event); this helps,
e.g., in cases where wpa_supplicant and madwifi driver ended up in
loop where the driver did not even try to associate
* stop EAPOL timer tick when no timers are in use in order to reduce
power consumption (no need to wake up the process once per second)
[Bug 237]
* added support for privilege separation (run only minimal part of
wpa_supplicant functionality as root and rest as unprivileged,
non-root process); see 'Privilege separation' in README for details;
this is disabled by default and can be enabled with CONFIG_PRIVSEP=y
in .config
* changed scan results data structure to include all information
elements to make it easier to support new IEs; old get_scan_result()
driver_ops is still supported for backwards compatibility (results
are converted internally to the new format), but all drivers should
start using the new get_scan_results2() to make them more likely to
work with new features
* Qt4 version of wpa_gui (wpa_gui-qt4 subdirectory) is now native Qt4
application, i.e., it does not require Qt3Support anymore; Windows
binary of wpa_gui.exe is now from this directory and only requires
QtCore4.dll and QtGui4.dll libraries
* updated Windows binary build to use Qt 4.3.3 and made Qt DLLs
available as a separate package to make wpa_gui installation easier:
http://w1.fi/wpa_supplicant/qt4/wpa_gui-qt433-windows-dll.zip
* added support for EAP-IKEv2 (draft-tschofenig-eap-ikev2-15.txt);
only shared key/password authentication is supported in this version
git-shortlog for 0.6.1 -> 0.6.2:
Alan DeKok (1):
Add support for building EAP as a shared library (libeap.so).
Dan Williams (3):
Make output logging to file usable on *NIX platforms
Fix memory leak in D-Bus control interface
Restrict D-Bus interface to root only
Johannes Berg (15):
driver_devicescape: fix init error handling
hostapd: fix multi-BSS code
hostapd: handle invalid driver setting
hostapd: use wext's privacy_invoked instead of prism ioctl
hostapd: make driver_devicescape set multi-BSS interfaces up
hostapd: allow bssid config on default interface
Move definitions from the header file that was originally shared with the
hostapd: rename driver_devicescape to driver_nl80211
nl80211 driver: receive EAPOL Frames on the data interface
nl80211 driver: remove Michael MIC failure code
nl80211 driver: use nl80211 for keys
nl80211 driver: use nl80211 for beacons
nl80211 driver: use nl80211 for key information
nl80211 driver: use nl80211 for station management
hostapd: use nl80211 to set interface to master mode
Jouni Malinen (178):
Added 0.6.1.
Moved EAPOL specific entries from wpa_common.h to eapol_common.h so that
Moved wpa_supplicant/eapol_sm.[ch] into src/eapol_supp/eapol_supp_sm.[ch]
Updated references to EAPOL supplicant (eapol_sm.[ch]) to use the new
Moved configuration blob structures and prototypes into a separate header
Updated the combined WPA authenticator--supplicant test program to work
Added 'finished' callback to avoid direct calls to rsn_preauth_finished()
Moved direct hostapd_get_eap_user() call from eapol_sm.c to ieee802_1x.c
Removed direct ap_get_sta() call from eapol_sm.c by adding a new
Added logger() callback function to avoid direct calls to hostapd_logger()
Moved EAPOL state machine procedures to use callback functions instead of
Cleaned up EAPOL/EAP/AAA interfaces in hostapd. This updates the EAP server
Basic EAP functionality is now required for EAPOL even if full EAP server
Simplified the interface between EAP Full Authenticator and EAPOL/AAA by
Fixed deinit code to cancel ieee802_1x_rekey timer to avoid potential
Fixed remove_pmkid() handler not to clear list head (copy-paste error). The
Added .gitignore to the new directory.
Replaced the old hostapd_get_rand() calls with os_get_random().
Added 'os_' prefix to common C library functions.
Use eap_msg_alloc() to avoid having to fill in EAP header in multiple
Removed an unused function argument.
Use eap_hdr_validate() instead of local implementation to validate EAP
Fixed RADIUS server to clear eapReq/eapSuccess/eapFail in order to allow
Added EAP Transport of Registration Protocol for Wi-Fi Protected Setup
Preparations for 0.5.9 release.
EAP-GPSK was already updated to draft -07 and -08 did not change any
Cleaned up EAP peer interface by moving wpa_config_allowed_eap_method()
Avoid possible double-free crash when processing a zero length
Added an example application that shows how EAP peer and server
Fixed build without EAP-FAST support (with crypto_mod_exp() commented out).
Fixed eap_example build with internal TLS implementation.
Free eap_config variables to avoid memory leaks.
Added a short description of the EAP library and example application.
Fixed a typo in a comment.
Added an example on how to use RADIUS client functionality as a library in
Moved common EAP-WSC definitions into a shared header file.
Share a common eap_wsc_build_frag_ack() implementation between EAP-WSC
Added .gitignore files to new directories.
Added test certificates and server private key to make it easier to run
Changed os_mktime() to generate the time in UTC, not local time to fix
Updated doxygen documentation for 0.6.x directory structure and some of the
Removed EAP header field from struct eap_sake_hdr and started using
Removed EAP header field from struct eap_pax_hdr and started using
Removed EAP header field from struct eap_psk_hdr_* and started using
Fixed EAP-TLS server. Previous fix in broke EAP-TLS ACK processing in
Fixed eap_sim_parse_attr() to verify that the attribute length field is
Removed duplicated object files from the library when building with the
Clean the new eapol_supp directory on 'make clean'.
Moved sha1_transform into the CONFIG_NO_FIPS186_2_PRF #ifdef block to
Make sure no more than one pending scan timeout is scheduled by canceling
Add libeap.so to .gitignore.
Added 'struct wpabuf' data structure for presenting data buffers.
Fixed couple of minor memory leaks in RADIUS server data handling.
Fixed a memory leak in EAP-FAST provisioning.
Fixed a memory leak in decapsulation of EAP message from a RADIUS message.
Removed unneeded validation on in_data != NULL since eap_peer_decrypt() and
Avoid NULL dereferences when in debug mode should something end up calling
Removed unused variable. mlen is not used anymore and it was forgotten into
Removed dead code. There does not seem to be any need for figuring out the
Added support for protecting EAP-AKA/Identity messages with AT_CHECKCODE
Added support for protected result indication with AT_RESULT_IND for
Moved wpabuf_put() into .c file to avoid forcing it to be an inlined
Replaced wpabuf_alloc_ext_data_no_free() with a simpler construction that
Share the same CHAP-MD5 implementation for EAP-MD5 and EAP-TTLS to avoid
Fixed a typo in a comment.
Added support for configuring EAP-TTLS phase 2 non-EAP methods in EAP
Updated to-do items and completed some EAP interop tests.
Updated interop tests with FreeRADIUS to use current 2.0-beta snapshot
Increase the hard scan timeout limit from 3 to 5 seconds and change this to
Stop EAPOL timer tick when no timers are in use in order to reduce power
Removed __{be,le}{16,32,64} typedefs to avoid conflicts with linux/types.h.
Minor coding style cleanup that I forgot to save before the previous
Fixed comment typos.
Removed an old workaround that was needed for EAP-PEAP interoperability
hanged ieee802_11_print_ssid() to write the SSID to a memory buffer in
Removed HOSTAPD_DEBUG_COND() macro as a step towards getting rid of
Replaced HOSTAPD_DEBUG() macro with wpa_printf() to get rid of the old
Deprecated 'debug' configuration parameter since the old debug printing
Remove madwifi.conf since the same information is available in hostapd.conf
Added bit more text for 'driver' option.
Fixed a typo in a comment.
Added preliminary support for wpa_supplicant privilege separation.
Only allow ethertypes 0x888e (PAE) and 0x88c7 (RSN preauth) to be used for
Added support for sending EVENT_MICHAEL_MIC_FAILURE over privsep interface.
Added support for sending EVENT_INTERFACE_STATUS over privsep interface.
Added support for sending following events over privsep interface:
Reverted unintended change from cb2eec6f9ff55c5fba43d7cc93812abc6126173f.
Added support for wpa_supplicant_rx_eapol() over privsep interface.
Added support for get_capa driver_ops over privsep interface.
Documented privilege separation.
Add wpa_gui.sgml docbook manpage source
Changed debug-to-file setup to allow the debug file path to be specified.
Removed a forgotten comment about DHV. It was removed from IEEE 802.11w.
Changed scan results data structure to include all information elements to
Converted driver_privsep to use the new scan result format and modified
Fixed privsep l2_packet_deinit to remove the own socket file and free the
Converted driver_test to use the new scan results format.
Converted driver_wext (and all driver wrappers using its scan result
Removed debugging code that was not supposed to be committed.
Replace Q3ListView with QTreeWidget for the scan results dialog.
Fixed forgotten reference to q3listview.h to use qtreewidget.h.
Converted rest of Qt3 specific code to native Qt4 and removed qt3support
Use QTreeView instead of QTableView for event data to make the table a bit
Do not show the control for expanding tree entries in the scan results
Close scan results, event history, and user request dialogs if they are
Removed the vertical spacer to allow the tree widget to take most of the
Removed left/right/top/bottom margin properties from QHBoxLayout to allow
Start using wpa_gui-qt4 for Windows binary builds since it drops
Added the new files to fix VS2005 builds.
Converted driver_ndis to use the new scan results format.
Moved scan results sorting code from driver_wext.c into scan_helpers.c
Moved scan results sorting to be a generic call for all driver wrappers
Updated Windows build to use default host Qt installation and a newer
Removed the 'make compiler_uic_make_all' workaround from wpa_gui build
Added information about Qt 4 with wpa_gui and made the Qt DLLs available
Added wpa_gui-qt4 target to build the Qt4 version of wpa_gui.
Replace the QAction activated() signals with triggered() which seems to be
Fixed eapol_test and preauth_test linking.
Fixed wpa_supplicant_get_scan_results() to return error value properly, so
Fixed custom 'rsn_ie' event parsing to actually update res->ie with the
Removed the default WpaMsg constructor since it was not apparently used
Cleaned up some too long lines.
Added new EAP peer method: EAP-IKEv2 (draft-tschofenig-eap-ikev2-15.txt)
Updated EAP-IKEv2 payload types to match with IANA assignments.
No need to look at IKEv2 key details when verifying whether ICV should be
Divided overly long eap_ikev2_process() into multiple functions.
Added wpabuf_tailroom() for figuring out how much buffer is available.
Converted EAP-IKEv2 to use wpabuf for received messages.
Moved DH Group data into new src/crypto/dh_groups.[ch] files to make it
Fixed a forgotten hardcoded DH group value to use the new mechanism for
Increased the buffer size to include enough space for 8192-bit DH values.
Added MODP Diffie-Hellman groups from RFC 4306 and RFC 3526.
Implemented crypto_mod_exp() using OpenSSL BIGNUM functions.
Fixed crypto_mod_exp() to report errors correctly.
Removed trailing whitespace.
Added support for using INVALID_KE_PAYLOAD notification to request another
Added support for using more than one Integrity and PRF algorithm.
Moved AUTH data generation into a shared function.
Added support for multiple encryption algorithms. Though, only ENCR_3DES is
Added support for ENCR_AES_CBC with 128-bit keys.
Added CCNS_PL workaround for fragment ACK.
Removed a forgotten reference to WPS (eap_wsc.c)
Fixed a typo in key size attribute type.
Added EAP-IKEv2 server implementation.
hostapd includes EAP-IKEv2 server now.
Share the same routine for decrypting payloads in initiator and responder.
Parse optional SK{IDr} from SA_INIT and use its value as the identity when
Moved ikev2_update_hdr() and ikev2_build_encrypted() into common code.
Moved IKEv2 keys into a shared structure type to make it easier to share
Added the main EAP-IKEV2 server file that was forgotten from the initial
Moved common EAP-IKEv2 functions into a shared file.
Fixed a memory leak on error path.
Moved SK key derivation into a shared function.
Moved DH operations from IKEv2 code into dh_groups.c to allow better code
Fixed wpabuf_free() to free ext_data.
Removed wpabuf::refcount concept and wpabuf_ref().
Fixed a bug in wpabuf conversion: must not use wpabuf after it has been
Fixed a bug in wpabuf conversion: must not use wpabuf after it has been
Use generate_authenticator_response_pwhash() to avoid extra function call
Cleaned up ms_funcs return value validation and made sure error codes will
Enforce return value validation for AES functions and resolve the generated
Enforce validation of crypto.h function error values and resolve the
Enforce validation of crypto function returns values and fixed the
Fixed one more wpabuf_free() before wpabuf_len() debug print issue to
Validate return value for errors in AES function calls.
Do not leave data->in_buf pointing to stack-based tmpbuf when returning
Fixed IKEv2 error handling.
Use u8* rather than void* when doing pointer arithmetics.
Use u8* instead of void* for pointer arithmetics.
Changed EAP-WSC to use struct wpabuf for in_buf/out_buf processing
Synchronized the WPS dummy implementation in EAP-WSC server and peer so
Moved the dummy WPS code into a shared file in a new directory as a
Added Makefile to allow 'make clean' clean all directories.
Silenced compiler warnings about printf format for size_t on 64-bit builds.
Marked helper functions use 'const' with scan results and handled the
Marked scan result IEs 'const'.
Added the new files into the nmake build.
Preparations for v0.6.2 release.
Kel Modderman (11):
Fix the spelling of "interfaces" (was "interdaces") in a comment within
Add a D-BUS service activation configuration
Fix compile warnings in wpa_gui
Remove ref to ctrl_interface_group in wpa_cli manpage
Remove ref to ctrl_interface_group in wpa_supplicant.conf manpage
Fix x86_64 compile warnings in pcsc_funcs.c
Fix x86_64 compile warnings in eap_wsc.c
Add initial wpa_priv docbook manpage source
Add id_str input support to wpa_gui (QT3)
Add id_str input support to wpa_gui (QT4)
Use QCombobox::addItem to append items to combo box lists.
Ted Merrill (2):
Cleaned up scan result processing by moving the result printing into a
Added WPS IE into DBUS scan results.
--
Jouni Malinen PGP id EFC895FA
More information about the Hostap
mailing list