hostapd/wpa_supplicant - new development release v0.6.4

Jouni Malinen j
Sun Aug 10 10:49:48 PDT 2008

New versions of wpa_supplicant and hostapd were just
released and are now available from

This release is from the development branch (0.6.x). Please note that
the 0.5.x branch continues to be the current source of stable releases.

* added peer identity into EAP-FAST PAC-Opaque and skip Phase 2
  Identity Request if identity is already known
* added support for EAP Sequences in EAP-FAST Phase 2
* added support for EAP-TNC (Trusted Network Connect)
  (this version implements the EAP-TNC method and EAP-TTLS/EAP-FAST
  changes needed to run two methods in sequence (IF-T) and the IF-IMV
  and IF-TNCCS interfaces from TNCS)
* added support for optional cryptobinding with PEAPv0
* added fragmentation support for EAP-TNC
* added support for fragmenting EAP-TTLS/PEAP/FAST Phase 2 (tunneled)
* added support for opportunistic key caching (OKC)

* added support for EAP Sequences in EAP-FAST Phase 2
* added support for using TNC with EAP-FAST
* added driver_ps3 for the PS3 Linux wireless driver
* added support for optional cryptobinding with PEAPv0
* fixed the OpenSSL patches (0.9.8g and 0.9.9) for EAP-FAST to
  allow fallback to full handshake if server rejects PAC-Opaque
* added fragmentation support for EAP-TNC
* added support for parsing PKCS #8 formatted private keys into the
  internal TLS implementation (both PKCS #1 RSA key and PKCS #8
  encapsulated RSA key can now be used)
* added option of using faster, but larger, routines in the internal
  LibTomMath (for internal TLS implementation) to speed up DH and RSA
* fixed race condition between disassociation event and group key
  handshake to avoid getting stuck in incorrect state [Bug 261]
* fixed opportunistic key caching (proactive_key_caching)

git-shortlog for 0.6.3 -> 0.6.4:

Artem Antonov (1):
      Fix nl80211 driver to receive EAPOL response

Bernhard Michael (1):
      driver_nl80211: Use customizable netlink callbacks

Chris Zimmermann (2):
      hostapd_allowed_address() is called from hostapd_config_reload_sta() with
      Support for RADIUS ACLs with drivers that do not use hostapd MLME

Dan Williams (7):
      Fix potential use-after-free in dbus byte array demarshaling code
      Fix qt3 wpa_gui build
      wext: don't overwrite BSS frequency
      Do not continually reschedule specific scans to help finding hidden SSIDs
      wext: handle mode switches correctly for mac80211
      Give adhoc associations a bit more time
      wext: fix maxrate calculation

Daniel Wagner (1):
      Rename NL80211_[ATTR]_STA_STAT_* to NL80211_[ATTR_]STA_INFO_

David Smith (4):
      Add setSmartcardModules DBus message to set pkcs11 and opensc options
      Add support to crypto/tls for client cert and CA cert from smartcard
      Add support to eap_peer for client cert and CA cert on smartcard and in
      Add support to wpa_supplicant configuring eap_peer for client cert and CA

Henrik Brix Andersen (1):
      Fix compilation without IEEE8021X_EAPOL defined

Johannes Berg (1):
      nl80211 driver: fix beacon interval setting

Jouni Malinen (110):
      Added listen interval to hostapd sta_add() driver function
      Silence SIOCSIWAUTH ioctl failure message.
      Enforce non-zero MPPE key length
      Fixed base64_decode() reject empty input buffers
      Verify that os_get_time() does not fail before using the time value when
      driver_ralink: Fixed couple of memory leaks on error path
      driver_ralink: Use os_strlcpy instead of os_strncpy to ensure null
      driver_ralink: Make sure assoc_{req,resp}_ies do not get double-freed
      Added max_listen_interval configuration option
      Preparations for 0.4.11 release
      EAP-FAST: Add peer identity into EAP-FAST PAC-Opaque
      EAP-FAST: Added shared helper functions for building TLVs
      EAP-FAST: Moved common peer/server functionality into a shared file
      EAP-FAST: Divided eap_fast_process() into number of helper functions
      Removed extra '_' from struct eap_tlv_crypto_binding__tlv name
      EAP-FAST: Define and use EAP_FAST_CMK_LEN
      EAP-FAST: Cleaned up TLV processing and added support for EAP Sequences
      EAP-FAST: Verify that identity from PAC-Opaque matches with Phase 2 (GTC)
      Renamed local DBUS_VERSION define to avoid conflict with dbus 1.1 headers
      Added a missing '#' to indicate a comment.
      Make the "invalid group" error show up with default verbosity level
      TNC: Added preliminary TNC implementation for hostapd
      TNC: Provide 'tnc' configuration option for EAP server and methods
      TNC: Added support for using TNC with EAP-FAST
      TNC: Integrated TNC support into EAP-FAST server
      TNC: Fixed TNC when using EAP-TTLS with non-EAP Phase 2
      TNC: Integrated TNC support into EAP-TTLS server
      TNC: Added TNC server support into documentation and ChangeLogs
      Silence gcc 4.3.0 warnings about invalid array indexes
      Delete PTK SA on (re)association if this is not part of a Fast BSS
      FT: Use correct BSSID when deriving PTK and verifying MIC
      Some cleanup for the new driver wrapper for PS3
      EAP-PEAP: Moved EAP-TLV processing into eap_peap.c
      EAP-PEAP: Moved EAP-TLV processing into eap_peap.c
      EAP-PEAP: Added preliminary code for PEAPv0 and PEAPv2 cryptobinding
      EAP-PEAP: Swap MS-CHAP-v2 MPPE keys for EAP-PEAP ISK derivation
      EAP-PEAP: Fixed interop issues in key derivation with cryptobinding
      EAP-TTLS: Fixed implicit challenge derivation to use correct output length
      TNC: Added preliminary code for IF-TNCCS-SOH server side support
      PEAPv0: Added crypto_binding configuration option (part of phase1)
      TNC: Added preliminary code for IF-TNCCS-SOH client side support
      Small whitespace cleanup
      Fixed tls_prf() to handle keys with odd length
      Fixed fallback to full handshake when server rejects PAC-Opaque
      Fixed fallback to full handshake when server rejects PAC-Opaque
      Fixed xsi:schemaLocation to use whitespace to separate members of the pair.
      Updated the comment on 'bridge' variable to mention nl80211 which needs
      Disable TLS compression since the EAP-TTLS/PEAP/FAST payload processing
      Only use SSL_OP_NO_COMPRESSION if it is defined
      Added instructions on how to create the DH parameters files.
      Example configuration for EAP-TLS authentication using PKCS#11 TPM token
      Added fragmentation support for EAP-TNC
      Do not define tls_engine_get_cert() if OpenSSL engine is disabled
      Added a workaround for handling TLS compression
      Fixed EAP-IKEv2 server fragment processing
      Redesigned EAP-TLS/PEAP/TTLS/FAST fragmentation/reassembly
      Do not refer to Flags::Version field as 'PEAP version'
      Share EAP-TLS/PEAP/TTLS/FAST core process() functionality
      Add eap_tls_state() to get closer to EAP-TTLS/PEAP/FAST code
      Added the EAP-FAST patch for OpenSSL 0.9.8h
      Updated the EAP-FAST patch for the latest OpenSSL 0.9.9 snapshot
      Changed TLS server to use OpenSSL SSL_accept() instead of SSL_read()
      Fixed build without CONFIG_IEEE8021X_EAPOL, but with CONFIG_CTRL_IFACE
      Fixed dbus build without OpenSSL.
      Internal TLS: Added support for parsing PKCS #8 formatted private keys
      Include wireless_copy.h instead of linux/wireless.h to avoid conflicts
      Fix USE_KERNEL_HEADERS build with compat-wireless
      Introduced new helper function is_zero_ether_addr()
      Reduce integrated LibTomMath size by dropping negative exponent support
      Internal LibTomMath: add optional support for Montgomery reduction
      Updated the comments since Montgomery reduction is now included
      Silence compiler warnings about out of array bounds indexes
      Add faster, optional sqr routine for internal LibTomMath
      Fixed RADIUS client local address forcing for IPv6 (eapol_test)
      Fixed potential NULL pointer dereference if memory allocation fails
      Read Michael MIC keys through TK2 union instead of offset from TK1
      Added an option to build internal LibTomMath with faster div routine
      Combined internal LibTomMath configuration into one option
      Removed the 20% estimate on faster bignum routines
      Updated the LibTomMath reference to use 0.41 version
      Fixed a buffer overflow in nla_parse call
      Added a preliminary nl80211/cfg80211 driver interface for wpa_supplicant
      EAP-PEAP: Moved the common peap_prfplus() function into a shared file
      Fixed race condition between disassociation event and group key handshake
      Added mac80211_hwsim - software simulator of 802.11 radio(s) for mac80211
      Fixed tx() handler to use GFP_ATOMIC.
      Added global monitor interface (hwsim#)
      Added a comment about hwsim#
      Added start/stop handlers and do not send frames to stopped radios
      Use _irqsafe versions of ieee80211 rx and tx_status functions
      Set ACK flag properly for txstatus
      Added support for AP mode Beacon transmission
      Removed forgotten todo entry
      Added support for configuring IGTK
      Added WLAN_STA_MFP flag for driver wrappers so that they can configure the
      WEXT: IEEE 802.11w/MFP configuration
      Added temporary #ifdef WEXT_MFP_PENDING around the MFP changes
      Add IGTK/MFP configuration (disabled by default)
      Fixed wpa_scan_get_max_rate() to clear the basicrate flag when determining
      Fixed EAP-TNC not to include extra EAP header and TNC flags
      Fixed NULL pointer dereference on error path [Bug 273]
      Cleaned up some of invalid documentation related to channel configuration.
      WEXT: Fixed re-initialization of removed and re-inserted interface
      Fixed opportunistic key caching (OKC)
      Added support for opportunistic key caching (OKC)
      Added support for setting BSS parameters with NL80211_CMD_SET_BSS
      Fixed a NULL pointer dereference when driver initialization fails
      Renamed MSG to PROC_MSG to avoid conflicts with MinGW winuser.h
      Fixed MinGW build without CONFIG_NDIS_EVENTS_INTEGRATED defined
      Preparations for 0.6.4 release

Kel Modderman (3):
      Enhance manpage with use of emphasis instead of strong quote
      Explain not all driver backends will be compiled into wpa_supplicant binary
      Remove the -w option from help output

Masakazu Mokuno (3):
      Add support for PS3 Linux wireless driver
      Add the flags for the drivers which do 4-way handshake
      Add support for the driver which do 4-way handshake

Michael Bernhard (7):
      driver_nl80211: Use the correct nl80211 command to flush all stations
      driver_nl80211: Clone netlink callbacks instead of creating new ones
      driver_nl80211: Initialize local variable
      driver_nl80211: Return correct value
      driver_nl80211: Do not send nl80211 message if beacon is not set yet
      Disable functionality in hostapd_deauth_all_stas for hostap driver only
      Make proactive key caching working again

Pavel Polischouk (1):
      man wpa_supplicant: Clearly state which options are given per interface

Pavel Roskin (2):
      driver_wext: Fix missing bracket in [DORMANT]
      Fix compile warnings on 64-bit systems

Ryan Hill (1):
      The attached patch fixes a few build errors when compiling with GCC 4.3,

Tomasz Wolniewicz (2):
      Chargeable-User-Identity (RFC 4372) in eapol_test
      eapol_test: Allow client IP address to be specified

Jouni Malinen                                            PGP id EFC895FA

More information about the Hostap mailing list