hostapd/wpa_supplicant - new development release v0.6.7

Jouni Malinen j
Tue Jan 6 10:58:57 PST 2009

New versions of wpa_supplicant and hostapd were just
released and are now available from

This release is the last development release from 0.6.x branch. The
next release, 0.6.8, will be the start of stable 0.6.x releases.
Development will continue in the hostap.git repository and a new
hostap-06.git repository will be used for stable releases. The goal
for the future 0.6.x releases is to mainly integrate bug fixes from
hostap.git. All new features will be developed in the 0.7.x
development branch.

* added support for Wi-Fi Protected Setup (WPS)
  (hostapd can now be configured to act as an integrated WPS Registrar
  and provision credentials for WPS Enrollees using PIN and PBC
  methods; external wireless Registrar can configure the AP, but
  external WLAN Manager Registrars are not supported); WPS support can
  be enabled by adding CONFIG_WPS=y into .config and setting the
  runtime configuration variables in hostapd.conf (see WPS section in
  the example configuration file); new hostapd_cli commands wps_pin and
  wps_pbc are used to configure WPS negotiation; see README-WPS for
  more details
* added IEEE 802.11n HT capability configuration (ht_capab)
* added support for generating Country IE based on nl80211 regulatory
  information (added if ieee80211d=1 in configuration)
* fixed WEP authentication (both Open System and Shared Key) with
* added support for EAP-AKA' (draft-arkko-eap-aka-kdf)
* added support for using driver_test over UDP socket
* changed EAP-GPSK to use the IANA assigned EAP method type 51
* updated management frame protection to use IEEE 802.11w/D7.0
* fixed retransmission of EAP requests if no response is received

* added support for Wi-Fi Protected Setup (WPS)
  (wpa_supplicant can now be configured to act as a WPS Enrollee to
  enroll credentials for a network using PIN and PBC methods; in
  addition, wpa_supplicant can act as a wireless WPS Registrar to
  configure an AP); WPS support can be enabled by adding CONFIG_WPS=y
  into .config and setting the runtime configuration variables in
  wpa_supplicant.conf (see WPS section in the example configuration
  file); new wpa_cli commands wps_pin, wps_pbc, and wps_reg are used to
  manage WPS negotiation; see README-WPS for more details
* added support for EAP-AKA' (draft-arkko-eap-aka-kdf)
* added support for using driver_test over UDP socket
* fixed PEAPv0 Cryptobinding interoperability issue with Windows Server
  2008 NPS; optional cryptobinding is now enabled (again) by default
* fixed PSK editing in wpa_gui
* changed EAP-GPSK to use the IANA assigned EAP method type 51
* added a Windows installer that includes WinPcap and all the needed
  DLLs; in addition, it set up the registry automatically so that user
  will only need start wpa_gui to get prompted to start the wpasvc
  servide and add a new interface if needed through wpa_gui dialog
* updated management frame protection to use IEEE 802.11w/D7.0

git-shortlog for 0.6.6 -> 0.6.7:

Andriy Tkachuk (4):
      Fix CONFIG_WPS=y, CONFIG_TLS=internal build
      Longer auth_timeout for WPS key_mgmt
      WPS: Do not use Selected Registrar Config Methods from scan results
      NEED_BASE64 for WPS

Eygene Ryabinkin (3):
      wpa_cli: fix readline history cleaning
      wpa_cli: Improve sensitive command detection for readline history
      wpa_cli: Embed command usage into the wpa_cli_commands array

Helmut Schaa (1):
      wpa_supplicant: print password field only if -K is given

Ihar Hrachyshka (1):
      Fix wpa_supplicant build for uClinux

Jouni Malinen (208):
      Added preliminary Wi-Fi Protected Setup (WPS) implementation
      Add a .gitignore for the new wps directory.
      Reject GPSK-3 if ID_Server in it does not match with the value in GPSK-1
      Updated OpenSSL 0.9.8i patch to use new session ticket override API
      Updated HT Capabilities Info field names to match with 802.11n/D7.0
      Added IEEE 802.11n HT capability configuration (ht_capab)
      Fixed HT Capabilities Info byte order processing for big endian CPUs
      Rename [40HT] to [HT40] in ht_capab
      Added support for configuring secondary channel offset for HT40
      Add set STA Channel Width field to 1 when allowing HT40
      Add some notes on which channels can be used with HT40- and HT40+
      Get maximum TX power for each allowed channel from mac80211
      Added support for generating Country IE based on nl80211 regulatory info
      driver_nl80211: Added set_country() handler
      Validate HT40 channel pair validity based on IEEE 802.11n Annex J
      Change HT parameter configuration to use a single driver ops function
      nl80211: Add support for setting channel frequency and HT20 vs. HT40
      Added option to distinguish non-HT and HT20 in set_freq
      nl80211: Clear HT flags from the channel when exiting
      nl80211: Fixed a merge issue in an earlier commit for set_freq
      PEAPv0: Added support for IPMK/CMK derivation in session resumption case
      Changed NL80211_ATTR_WIPHY_SEC_CHAN_OFFSET to use U32
      WPS: Moved UUID configuration from phase1 into global config area
      WPS: Added parsing of Request Type and Response Type attributes
      Fixed a typo in a debug message
      WPS: Moved Credential and AP Settings processing in common code
      WPS: Process old AP Settings in M7 when registering as external Registrar
      WPS: Moved Credential building to use struct wps_credential
      WPS: Update supplicant configuration when acting as an external Registrar
      0.5.11 release
      WPS: Moved device attributes into wps_context::dev for Enrollee case
      WPS: Move WPS glue code from wpas_glue.c to wps_supplicant.c
      WPS: Merged two cred_cb variables into the same one
      WPS: Moved wps_context initialization into wps_supplicant.c
      WPS: Moved mac_addr and uuid configuration into wps_context
      WPS: Added comments for main data structures
      WPS: Parse Request Type from WPS IE in (Re)AssocReq and derive mgmt keys
      WPS: Pass device data into wps_enrollee_build_probe_req_ie()
      WPS: Moved ProbeReq/AssocReq WPS IE building into wps_common.c
      WPS: Moved RF Bands processing into wps_dev_attr.c
      WPS: Split wps_common.c into parts
      WPS: Moved WPS IE building for ProbeReq/AssocReq into wps.c
      WPS: Set Request Type properly into WPS IE in ProbeReq/AssocReq
      WPS: Added helper functions for generating and validating PINs
      Fixed wpa_config_parse_string() not to modify const string.
      WPS: Added wpa_supplicant ctrl_iface commands to start WPS processing
      WPS: Added WPS into key_mgmt config write handler
      WPS: Get AP PIN from configuration instead of using hardcoded value
      WPS: Fixed hostapd to use allocated buffers for device attributes
      WPS: Add length limits to device attribute strings
      WPS: Added driver_test debug dump of Beacon/ProbeResp WPS IE
      WPS: Added support for fragmented WPS IE in Beacon and Probe Response
      Always clear EAP altAccept and altReject variables on new association
      Clear various flags on re-association to allow key_mgmt changes
      WPS: Added initial documentation on using WPS with wpa_supplicant
      WPS: Added note about update_config and added WPS to ChangeLog
      WPS: Added more verbose debug info on authentication type mismatch
      WPS: Added support for wildcard PINs that work with any UUID-E
      Fixed non-HT (and GF, 20 MHz) counting
      Add a starting point for EAP-AKA' (draft-arkko-eap-aka-kdf-10)
      Use a variable to store EAP method type for EAP-AKA vs. EAP-AKA'
      EAP-AKA': Use SHA256 for AT_CHECKCODE
      EAP-AKA': Use HMAC-SHA-256-128 for AT_MAC
      nl80211: Generate 802.11b mode based on 802.11g information
      EAP-AKA': Derive keys using the new KDF (PRF')
      Removed mac_addr from eapol_ctx to fix the eapol_test build
      EAP-AKA': Allow both AKA AKA' to be registed from eap_aka_prime.c
      Fixed WEP authentication (both Open System and Shared Key) with mac80211
      Made 802.11 management frame IE parser aware of vendor HT Capab IE
      nl80211: Remove the debug print from data frame processing
      Fixed EAP-SIM and EAP-AKA AT_IDENTITY parsing (server only)
      EAP-AKA': Added processing of AT_KDF and AT_KDF_INPUT attributes
      EAP-AKA': Comment out EAP-AKA' server KDF negotiation
      EAP-AKA': Added CK',IK' derivation
      Fixed a typo in a comment
      Added protection against EAP-AKA' -> EAP-AKA bidding down attacks
      Merged EAP-AKA' into eap_aka.c and added it to defconfig/ChangeLog
      Added EAP-FAST interop test results with Radiator 4.3.1
      Added option to force SoH version 1 (tnc=soh1)
      nl80211: Include copy of linux/nl80211.h with hostapd/wpa_supplicant
      WPS: Added [WPS], [WPS-PIN], [WPS-PBC] flags for scan results
      driver_test: Added support for testing WPS without use_mlme
      Fixed a typo in wpa_supplicant manpage
      Added libnl 2.0 compatibility code (CONFIG_LIBNL20=y in .config needed)
      Added documentation for the new 'country' configuration option
      Renamed the 'alpha2' variable to 'country' to match with config string
      Updated the comment about libnl to state that version 1.1 is new enough
      Fixed build without CONFIG_IEEE80211N
      Added CONFIG_IEEE80211N into defconfig (commented out)
      SHA256 is needed for EAP-AKA' and WPS
      Don't include unused calls to SHA256 functions if EAP-AKA' is not enabled
      Rename MSG to MESG to avoid conflicts with Windows header files
      Resolved number of signed/unsigned mismatches and ntddndis.h location
      Workaround number of compiler warnings with newer MinGW version
      Comment out dynamic CertEnumCertificatesInStore loading by default
      driver_test: Optional support for using UDP socket
      Ported driver_test to Windows (only UDP socket available)
      driver_test: Handle WPS IE in non-MLME test
      Added configuration of WPS device parameters for wpa_supplicant
      First step in cleaning up global config parser: use parse_data array
      Share the same global config parser function for integer values
      Use shared string parser for global configuration fields
      Added INT_RANGE parser for global configuration variables
      Cleaned up EAP-MSCHAPv2 key derivation
      Fixed interoperability issue with PEAPv0 cryptobinding and NPS
      Fixed memory leak in WPS PBC overlap detection
      WPS: Added control interface notification for available WPS APs
      Use a fixed wps_msg prefix with WPS creds notification
      WPS: Added WPS support into wpa_gui-qt4
      Improve EAPOL-Key handshake stability with retransmitted frames
      Fixed EAP-AKA build in case EAP-AKA' is disabled
      Use less frequent polling when wpa_gui is hidden
      WPS: Improved error processing to use NACK correctly
      WPS: Added wpa_gui-qt4 support for BSS selection and AP PIN use
      Do not allow HT with WPA/WPA2 to be enabled without CCMP
      WPS: Fixed deinit code for freeing config and registrar data
      Cleaned up EAPOL-Key timeout processing
      Fixed PSK editing in wpa_gui (copy-paste bug in field names)
      Fixed global conf write to skip default values for uuid and os_version
      WPS: Added event callback and M2D notification
      WPS: Added callback for failure-after-M2/M2D
      WPS: Added event callback for successfully completed registration
      IANA allocated EAP method type 51 to EAP-GPSK
      Added a note about mac80211-based drivers and nl80211
      Changed win_gui cross compilation to use cleaner Qt setup
      Create PNG version of the wpa_gui tray icon file for cross compilation
      Added Windows NSIS installer for wpa_supplicant
      Use parallel compilation to speed up release build
      Register wpasvc service on install and unregister on uninstall
      Include WPS support in the Windows binary
      Fixed a typo in a comment
      WPS: Added support for wildcard SSID matching in ap_scan=2 mode
      Added more notes about WPS GUI scan operations and wpa_gui
      Silence a compiler warning
      wpa_gui-qt4: Added wpasvc start/stop functionality for Windows
      Fixed NDIS AuthMode configuration for WPS connection
      Fixed PBC overlap detection to handle case of missing UUID-E
      Use wildcard UUID when setting AP PIN for Registrar in wpa_supplicant
      Add Start menu shortcuts to wpa_gui and uninstall
      Allow HT to be enabled for a STA even without WMM
      Reject association if HT STA tries to use TKIP as pairwise cipher
      Changed the example device_type value to be Computer/PC
      Added support for global driver data (shared by multiple interfaces)
      Mark local functions static.
      Added a mechanism for quering driver wrappers for available interfaces
      wpasvc: Add skip_on_error registry value to skip interfaces on error
      Added get_interfaces() handler to list all NDIS adapters
      wpa_gui-qt4: Added support for adding new network interfaces
      Add Windows registry entries during installation
      Fixed control interface enabling for dynamically added interface
      wpa_gui-qt4: Do not about new network adapters unless service is running
      Added a ChangeLog entry about the new Windows installer
      WPS: As a workaround, pad zero-length device attributes
      Fixed the MFP Status/Reason Code values per 802.11w/D7.0
      Renamed Ping procedure into SA Query procedure per 802.11w/D7.0
      Updated SA Query procedure to use timeouts per 802.11w/D7.0
      Add Key Length field into IGTK sub-element (FTIE) per 802.11w/D7.0
      Do not use SA Query procedure if reassociation is part of FT
      Added a note about IEEE 802.11w/D7.0 update server is not at ISC anymore.
      Added a TODO item for sending protected Disassoc after failed SA Query
      Add RADIUS server support for identity selection hint (RFC 4284)
      Fixed retransmission of EAP requests if no response is received
      WPS: Set recommended retransmission times with EAP method specific hint
      Disconnect the STA if EAP timeout is reached
      Fix TLS message processing if Flags field is not present
      Added ctrl_interface command for sending a SA Query request
      MFP: Remove mac80211 workaround of IGTK in monitor netdev
      Clear BIP keys, too, when removing broadcast keys with MFP enabled
      Fixed SA Query Request length
      MFP: Fix SA Query Action Category
      MFP: Require MFP is it is enabled and AP scan shows support for it
      Renamed nl80211 HT channel parameters to match with kernel
      Sync nl80211.h copy with the current kernel version
      Include pending MFP defines in nl80211_copy.h
      WPS: Cleanup UUID and MAC address configuration
      WPS: Generate UUID based on MAC address, if not set
      Replaced string comparison operator '==' with '=' to work with dash
      Include ieee802_11_defs.h explicitly instead of assuming it gets included
      Initialize wpa_ie_len to 0 if WPA IE is not set on all paths
      Move addr_un definitions to avoid using out-of-scope buffer
      Updated doxygen configuration files to work with new doxygen
      Added more src subdirectories into doxygen docs
      Fixed number of doxygen warnings
      Create all doxygen docs from root directory to get proper path names
      Added Doxygen documentation for WPS code
      Removed unused WPS_PENDING processing result
      Removed duplicated authenticator yes/no from wps_config and wps_data
      Removed registrar pointer from wps_config and wps_data
      Moved WPS Registrar initialization from EAP peer to wps_supplicant.c
      Include the header file to validate function prototype.
      Mark functions static if not used elsewhere and use proper prototypes
      Removed sparse destinations since "CC=cgcc make" works fine
      Fixed sparse warnings about integer vs. pointer use
      Added endianness annotation for sparse
      Use NULL, not 0, when comparing a pointer
      Completed Doxygen documentation for functions declared in wps/wps.h
      Fixed Doxygen function links
      Resolve a Doxygen warning
      Remove unwanted wpa_supplicant -> struct wpa_supplicant links
      Remove temporary Qt build directories from Doxygen run
      Fixed IMAGE_PATH for doxygen run in root directory
      Remove wpa_gui from doxygen documentations
      Silenced number of Doxygen warnings
      Fixed a typo in usage help
      Preparations for 0.6.7 release
      Create PNG icon before running qmake to avoid resource warning

Luis R. Rodriguez (1):
      wpa_supplicant: Add support for setting of a regulatory domain

Tomasz Wolniewicz (1):
      eapol_test: Add a universal way of adding extra RADIUS attributes

Jouni Malinen                                            PGP id EFC895FA

More information about the Hostap mailing list