path: root/hostapd/ChangeLog
Commit message (Collapse)AuthorAgeFilesLines
* Preparations for 0.7.2 releaseJouni Malinen2010-04-181-0/+27
* Preparations for v0.7.1 releasehostap_0_7_1Jouni Malinen2010-01-161-0/+27
* Preparations for v0.7.0 releasehostap_0_7_0Jouni Malinen2009-11-211-1/+1
* Update ChangeLog files for 0.7.0 releaseJouni Malinen2009-11-211-0/+15
* Fix SHA-256-based KDF when using CCMP as the pairwise cipherJouni Malinen2009-04-011-0/+3
| | | | | | | | | | | | IEEE 802.11r KDF uses key length in the derivation and as such, the PTK length must be specified correctly. The previous version was deriving using 512-bit PTK regardless of the negotiated cipher suite; this works for TKIP, but not for CCMP. Update the code to use proper PTK length based on the pairwise cipher. This fixed PTK derivation for both IEEE 802.11r and IEEE 802.11w (when using AKMP that specifies SHA-256-based key derivation). The fixed version does not interoperate with the previous versions. [Bug 307]
* Fix IEEE 802.11r key derivation function to match with the standardJouni Malinen2009-03-191-0/+2
| | | | | IEEE Std 802.11r-2008, starts the 'i' counter from 1, not 0. Note: this breaks interoperability with previous versions. [Bug 303]
* Fix TNC with EAP-TTLSJouni Malinen2009-03-131-0/+1
| | | | | | | | This was broken by 510c02d4a362cd572303fa845b139eacb2dab387 which added validation of eap_ttls_phase2_eap_init() return value. The main problem in the code trying to initialize a new phase 2 EAP method unconditionally; this should only happen if there is a new method in the inner method sequence.
* Fix EAPOL/EAP reauthentication with external RADIUS serverJouni Malinen2009-03-021-0/+2
| | | | | | | | The EAP server state machine will need to have special code in getDecision() to avoid starting passthrough operations before having completed Identity round in the beginning of reauthentication. This was broken when moving into using the full authenticator state machine from RFC 4137 in 0.6.x.
* WPS UFD: Add entry to ChangeLogJouni Malinen2009-02-261-0/+2
* driver_nl80211: Fix STA accounting data collectionJouni Malinen2009-02-161-0/+2
| | | | | | | TX/RX bytes are now reported correctly (typo ended up leaving TX bytes uninitialized and set RX bytes value to use correct TX bytes). TX/RX packet counts are not yet available from kernel, so we have to clear the values to avoid reporting bogus data.
* 802.11n: scan for overlapping BSSes before starting 20/40 MHz channelJouni Malinen2009-02-041-0/+1
| | | | | | | | | Try to match PRI/SEC channel with neighboring 20/40 MHz BSSes per IEEE 802.11n/D7.0 This is not yet complete implementation, but at least some parts of the 40 MHz coex are improved. 40 MHz operation maybe rejected (i.e., fall back to using 20 MHz) or pri/sec channels may be switched if needed.
* WPS: Add support for external Registrars using UPnP transportJouni Malinen2009-01-291-0/+1
| | | | | | | | | | | | | This adds mostly feature complete external Registrar support with the main missing part being proper support for multiple external Registrars working at the same time and processing of concurrent registrations when using an external Registrar. This code is based on Sony/Saice implementation (https://www.saice-wpsnfc.bz/) and the changes made by Ted Merrill (Atheros) to make it more suitable for hostapd design and embedded systems. Some of the UPnP code is based on Intel's libupnp. Copyrights and licensing are explained in src/wps/wps_upnp.c in more detail.
* driver_nl80211: use Linux socket filter to improve performanceJohannes Berg2009-01-271-0/+1
| | | | | | TX status information for all transmitted data frames is not going to be sent to hostapd anymore, so the CPU load with high traffic load is going to be significantly reduced.
* Increased wpa_cli/hostapd_cli ping interval and made it configurableJouni Malinen2009-01-201-0/+4
| | | | | | The default interval is now 5 seconds (used to be 1 second for interactive mode and 2 seconds for wpa_cli -a). The interval can be changed with -G<seconds> command line option.
* Preparations for 0.6.7 releaseJouni Malinen2009-01-061-2/+3
* Fixed retransmission of EAP requests if no response is receivedJouni Malinen2008-12-291-0/+1
| | | | | | | | | | | | | | | | | It looks like this never survived the move from IEEE 802.1X-2001 to IEEE 802.1X-2004 and EAP state machine (RFC 4137). The retransmission scheduling and control is now in EAP authenticator and the calculateTimeout() producedure is used to determine timeout for retransmission (either dynamic backoff or value from EAP method hint). The recommended calculations based on SRTT and RTTVAR (RFC 2988) are not yet implemented since there is no round-trip time measurement available yet. This should make EAP authentication much more robust in environments where initial packets are lost for any reason. If the EAP method does not provide a hint on timeout, default schedule of 3, 6, 12, 20, 20, 20, ... seconds will be used.
* Added a note about IEEE 802.11w/D7.0 updateJouni Malinen2008-12-261-0/+1
* IANA allocated EAP method type 51 to EAP-GPSKJouni Malinen2008-12-201-0/+1
* driver_test: Optional support for using UDP socketJouni Malinen2008-12-121-0/+1
| | | | | | | | | driver_test can now be used either over UNIX domain socket or UDP socket. This makes it possible to run the test over network and makes it easier to port driver_test to Windows. hostapd configuration: test_socket=UDP:<listen port> wpa_supplicant configuration: driver_param=test_udp=<dst IP addr>:<port>
* Merged EAP-AKA' into eap_aka.c and added it to defconfig/ChangeLogJouni Malinen2008-12-071-0/+1
* Fixed WEP authentication (both Open System and Shared Key) with mac80211Jouni Malinen2008-12-041-0/+2
| | | | | | Only one of the authentication frame types is encrypted. In order for static WEP encryption to work properly (i.e., to not encrypt the frame), we need to tell mac80211 about the frames that must not be encrypted.
* WPS: Added note about update_config and added WPS to ChangeLogJouni Malinen2008-11-301-1/+1
* Added support for generating Country IE based on nl80211 regulatory infoJouni Malinen2008-11-251-0/+2
* Added IEEE 802.11n HT capability configuration (ht_capab)Jouni Malinen2008-11-241-0/+1
* Added preliminary Wi-Fi Protected Setup (WPS) implementationJouni Malinen2008-11-231-0/+11
| | | | | | | | | | | | | This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
* Preparations for 0.6.6 releasehostap_0_6_6Jouni Malinen2008-11-231-1/+1
* Fixed listen interval configuration for nl80211 driversJouni Malinen2008-11-221-0/+1
| | | | | Need to update the struct sta_info value, too, and not only the local variable used in handle_assoc()..
* Fixed EAP-TLS message fragmentation for the last TLS messageJouni Malinen2008-11-201-0/+3
| | | | | | It the message was large enough to require fragmentation (e.g., if a large Session Ticket data is included), More Fragment flag was set, but no more fragments were actually sent (i.e., Access-Accept was sent out).
* Changed channel flags configuration to read the information from the driverJouni Malinen2008-11-181-0/+6
| | | | | | | (e.g., via driver_nl80211 when using mac80211) instead of using hostapd as the source of the regulatory information (i.e., information from CRDA is now used with mac80211); this allows 5 GHz channels to be used with hostapd (if allowed in the current regulatory domain).
* OpenSSL 0.9.9 API change for EAP-FAST session ticket overriding APIJouni Malinen2008-11-161-0/+4
| | | | | | | Updated OpenSSL code for EAP-FAST to use an updated version of the session ticket overriding API that was included into the upstream OpenSSL 0.9.9 tree on 2008-11-15 (no additional OpenSSL patch is needed with that version anymore).
* Added support for enforcing frequent PTK rekeyingJouni Malinen2008-11-061-0/+5
| | | | | | | | | | | | Added a new configuration option, wpa_ptk_rekey, that can be used to enforce frequent PTK rekeying, e.g., to mitigate some attacks against TKIP deficiencies. This can be set either by the Authenticator (to initiate periodic 4-way handshake to rekey PTK) or by the Supplicant (to request Authenticator to rekey PTK). With both wpa_ptk_rekey and wpa_group_rekey (in hostapd) set to 600, TKIP keys will not be used for more than 10 minutes which may make some attacks against TKIP more difficult to implement.
* Preparations for 0.6.5 releasehostap_0_6_5Jouni Malinen2008-11-011-1/+1
* Added a note about hostapd driver_nl80211 and AP mode in wireless-testingJouni Malinen2008-11-011-0/+3
* EAP-FAST: Allow A-ID and A-ID-Info to be configured separatelyJouni Malinen2008-10-191-0/+4
| | | | | | | Changed EAP-FAST configuration to use separate fields for A-ID and A-ID-Info (eap_fast_a_id_info) to allow A-ID to be set to a fixed 16-octet len binary value for better interoperability with some peer implementations; eap_fast_a_id is now configured as a hex string.
* Fixed WPA/RSN IE validation to verify the proto (WPA vs. WPA2) is enabledJouni Malinen2008-10-151-0/+2
| | | | | | Previous version could have allowed a broken client to complete WPA (or WPA2) authentication even if the selected proto was not enabled in hostapd configuration.
* Added a new driver wrapper, "none", for RADIUS server only configurationJouni Malinen2008-10-011-0/+2
| | | | | This can be used to limit hostapd code size and clean up debug output for configurations that do not use hostapd to control AP functionality.
* Added support for using SHA256-based stronger key derivation for WPA2Jouni Malinen2008-08-311-0/+2
| | | | | | IEEE 802.11w/D6.0 defines new AKMPs to indicate SHA256-based algorithms for key derivation (and AES-CMAC for EAPOL-Key MIC). Add support for using new AKMPs and clean up AKMP processing with helper functions in defs.h.
* IEEE 802.11w: Added association pingJouni Malinen2008-08-311-0/+3
| | | | | | This updates management frame protection to use the assocition ping process from the latest draft (D6.0) to protect against unauthenticated authenticate or (re)associate frames dropping association.
* Added support for setting VLAN ID for STAs based on local MAC ACLJouni Malinen2008-08-281-0/+3
| | | | | | This allows the accept_mac_file to be used as an alternative for RADIUS server-based configuration. This is mainly to ease VLAN testing (i.e., no need to set up RADIUS server for this anymore).
* Fixed internal TLSv1 server implementation for abbreviated handshakeJouni Malinen2008-08-241-0/+2
| | | | | | | | | | When the TLS handshake had been completed earlier by the server in case of abbreviated handshake, the output buffer length was left uninitialized. It must be initialized to zero in this case. This code is used by EAP-FAST server and the uninitialized length could have caused it to try to send a very large frame (though, this would be terminated by the 50 roundtrip EAP limit). This broke EAP-FAST server code in some cases when PAC was used to establish the tunnel.
* Fixed EAP-FAST server PAC-Opaque paddingJouni Malinen2008-08-241-0/+2
| | | | | 0.6.4 broke this for some peer identity lengths. The padding was supposed to make sure that the length of PAC-Opaque is divisible by 8.
* Internal X.509/TLSv1: Support SHA-256 in X.509 certificate digestJouni Malinen2008-08-161-0/+4
* Preparations for 0.6.4 releasehostap_0_6_4Jouni Malinen2008-08-101-1/+1
* Added support for opportunistic key caching (OKC)Jouni Malinen2008-08-031-0/+1
| | | | | This allows hostapd to share the PMKSA caches internally when multiple BSSes or radios are being controlled by the same hostapd process.
* Redesigned EAP-TLS/PEAP/TTLS/FAST fragmentation/reassemblyJouni Malinen2008-05-281-0/+2
| | | | | | Fragmentation is now done as a separate step to clean up the design and to allow the same code to be used in both Phase 1 and Phase 2. This adds support for fragmenting EAP-PEAP/TTLS/FAST Phase 2 (tunneled) data.
* Added fragmentation support for EAP-TNCJouni Malinen2008-05-261-0/+1
* EAP-PEAP: Fixed interop issues in key derivation with cryptobindingJouni Malinen2008-03-191-0/+1
| | | | | | | | | | | It looks like Microsoft implementation does not match with their specification as far as PRF+ label usage is concerned.. IPMK|CMK is derived without null termination on the label, but the label for CSK derivation must be null terminated. This allows cryptobinding to be used with PEAPv0 in a way that interoperates with Windows XP SP3 (RC2) and as such, this functionality is now enabled as an optional addition to PEAPv0.
* TNC: Added TNC server support into documentation and ChangeLogsJouni Malinen2008-03-091-0/+4
* EAP-FAST: Cleaned up TLV processing and added support for EAP SequencesJouni Malinen2008-02-281-0/+1
| | | | | | | | Number of TLVs were processed in groups and these cases were now separated into more flexible processing of one TLV at the time. wpabuf_concat() function was added to make it easier to concatenate TLVs. EAP Sequences are now supported in both server and peer code, but the server side is not enabled by default.
* EAP-FAST: Add peer identity into EAP-FAST PAC-OpaqueJouni Malinen2008-02-281-0/+4
| | | | | | This allows Phase 2 Identity Request to be skipped if the identity is already known from PAC-Opaque received in TLS handshake in order to save one roundtrip from normal authentication.