hostapd/wpa_supplicant - new development release v0.5.0

Jouni Malinen jkmaline
Sun Dec 18 19:50:44 PST 2005 

New versions of wpa_supplicant and hostapd were just
released and are now available from http://hostap.epitest.fi/

This release is the first release from the new development branch
(0.5.x). Please note that 0.4.x branch continues to be the current
source of stable releases.

The largest change since the last development release (0.4.6) and
differences from the current stable branch is in the clean up of
source code to make it easier to use in different build environments.
Lots of the core code used in wpa_supplicant is now fully ANSI C
compliant and does not require gcc extensions or C99 support to build.
This makes it easier to build wpa_supplicant with other than Gnu
compiler.

For example, Microsoft compiler (MSVC++, Visual Studio 2005) can now
be used to build wpa_supplicant. MinGW and cygwin can still be used
for this, if desired, and the Windows binaries are indeed still
cross-compiled on a Linux host with MinGW.

Native Windows integration is now more or less complete with added
support for using registry as a configuration backend and a new program,
wpasvc.exe, that can be run as a Windows service. ndis_events.exe
functions is integrated into wpa_supplicant.exe/wpasvc.exe, so only one
programs needs to be started. In addition, this version has an optimized
WinPcap interface to reduce latency in EAPOL frame receiving and
includes PC/SC (WinScard) support for EAP-SIM and EAP-AKA with SIM/USIM
cards. Trusted CA certificates can now be loaded from certificate store
in addition to private key and client certificate, so external files are
no longer needed for certificates. I have only tested these new features
on WinXP SP2, so it would be nice to hear whether the binary release
works on other Windows versions.

I would expect development to continue for quite some time on 0.5.x
branch before starting to stabilize for stable releases. Number of
interfaces are going to be getting some cleanup and files may need to
be moved around to make it easier to link in both authenticator and
supplicant functionality. I hope to keep the code in working condition
most of the time so that it would be usable for most users, but please
keep in mind that this branch is still under development and some
instability should be expected.


hostapd:
* added experimental STAKey handshake implementation for IEEE 802.11e
  direct link setup (DLS); note: this is disabled by default in both
  build and runtime configuration (can be enabled with CONFIG_STAKEY=y
  and stakey=1)
* added support for EAP methods to use callbacks to external programs
  by buffering a pending request and processing it after the EAP method
  is ready to continue
* improved EAP-SIM database interface to allow external request to GSM
  HLR/AuC without blocking hostapd process
* added support for using EAP-SIM pseudonyms and fast re-authentication
* added support for EAP-AKA in the integrated EAP authenticator
* added support for matching EAP identity prefixes (e.g., "1"*) in EAP
  user database to allow EAP-SIM/AKA selection without extra roundtrip
  for EAP-Nak negotiation
* added support for storing EAP user password as NtPasswordHash instead
  of plaintext password when using MSCHAP or MSCHAPv2 for
  authentication (hash:<16-octet hex value>); added nt_password_hash
  tool for hashing password to generate NtPasswordHash

wpa_supplicant:
* added experimental STAKey handshake implementation for IEEE 802.11e
  direct link setup (DLS); note: this is disabled by default in both
  build and runtime configuration (can be enabled with CONFIG_STAKEY=y
  and stakey=1)
* fixed EAP-SIM and EAP-AKA pseudonym and fast re-authentication to
  decrypt AT_ENCR_DATA attributes correctly
* fixed EAP-AKA to allow resynchronization within the same session
* made code closer to ANSI C89 standard to make it easier to port to
  other C libraries and compilers
* started moving operating system or C library specific functions into
  wrapper functions defined in os.h and implemented in os_*.c to make
  code more portable
* wpa_supplicant can now be built with Microsoft Visual C++
  (e.g., with the freely available Toolkit 2003 version or Visual
  C++ 2005 Express Edition and Platform SDK); see nmake.mak for an
  example makefile for nmake
* added support for using Windows registry for command line parameters
  (CONFIG_MAIN=main_winsvc) and configuration data
  (CONFIG_BACKEND=winreg); see win_example.reg for an example registry
  contents; this version can be run both as a Windows service and as a
  normal application; 'wpasvc.exe app' to start as applicant,
  'wpasvc.exe reg <full path to wpasvc.exe>' to register a service,
  'net start wpasvc' to start the service, 'wpasvc.exe unreg' to
  unregister a service
* made it possible to link ndis_events.exe functionality into
  wpa_supplicant.exe by defining CONFIG_NDIS_EVENTS_INTEGRATED
* added better support for multiple control interface backends
  (CONFIG_CTRL_IFACE option); currently, 'unix' and 'udp' are supported
* fixed PC/SC code to use correct length for GSM AUTH command buffer
  and to not use pioRecvPci with SCardTransmit() calls; these were not
  causing visible problems with pcsc-lite, but Windows Winscard.dll
  refused the previously used parameters; this fixes EAP-SIM and
  EAP-AKA authentication using SIM/USIM card under Windows
* added new event loop implementation for Windows using
  WaitForMultipleObject() instead of select() in order to allow waiting
  for non-socket objects; this can be selected with
  CONFIG_ELOOP=eloop_win in .config
* added support for selecting l2_packet implementation in .config
  (CONFIG_L2_PACKET; following options are available now: linux, pcap,
  winpcap, freebsd, none)
* added new l2_packet implementation for WinPcap
  (CONFIG_L2_PACKET=winpcap) that uses a separate receive thread to
  reduce latency in EAPOL receive processing from about 100 ms to about
  3 ms
* added support for EAP-FAST key derivation using other ciphers than
  RC4-128-SHA for authentication and AES128-SHA for provisioning
* added support for configuring CA certificate as DER file and as a
  configuration blob
* fixed private key configuration as configuration blob and added
  support for using PKCS#12 as a blob
* tls_gnutls: added support for using PKCS#12 files; added support for
  session resumption
* added support for loading trusted CA certificates from Windows
  certificate store: ca_cert="cert_store://<name>", where <name> is
  likely CA (Intermediate CA certificates) or ROOT (root certificates)
* added C version of ndis_events.cpp and made it possible to build this
  with MinGW so that CONFIG_NDIS_EVENTS_INTEGRATED can be used more
  easily on cross-compilation builds
* added wpasvc.exe into Windows binary release; this is an alternative
  version of wpa_supplicant.exe with configuration backend using
  Windows registry and with the entry point designed to run as a
  Windows service
* integrated ndis_events.exe functionality into wpa_supplicant.exe and
  wpasvc.exe and removed this additional tool from the Windows binary
  release since it is not needed anymore
* load winscard.dll functions dynamically when building with MinGW
  since MinGW does not yet include winscard library


-- 
Jouni Malinen                                            PGP id EFC895FA

More information about the Hostap mailing list