path: root/wpa_supplicant/ChangeLog
Commit message (Collapse)AuthorAgeFilesLines
* Update version to v2.7 and copyright years to include 2018hostap_2_7Jouni Malinen2018-12-021-0/+70
| | | | | | | Also add the ChangeLog entries for both hostapd and wpa_supplicant to describe main changes between v2.6 and v2.7. Signed-off-by: Jouni Malinen <j@w1.fi>
* Change version number to v2.6 for the releasehostap_2_6Jouni Malinen2016-10-021-1/+1
| | | | Signed-off-by: Jouni Malinen <j@w1.fi>
* Update ChangeLog files for v2.6Jouni Malinen2016-09-251-2/+21
| | | | | | This adds a summary of new changes since the last update. Signed-off-by: Jouni Malinen <j@w1.fi>
* Update ChangeLog files for v2.6Jouni Malinen2016-05-211-0/+125
| | | | | | This adds a summary of changes since the v2.5 release. Signed-off-by: Jouni Malinen <j@w1.fi>
* Add ChangeLog entries for v2.5Jouni Malinen2015-09-271-0/+63
| | | | Signed-off-by: Jouni Malinen <j@w1.fi>
* Add ChangeLog entries for v2.4Jouni Malinen2015-03-141-0/+78
| | | | Signed-off-by: Jouni Malinen <j@w1.fi>
* Update ChangeLog files for v2.3Jouni Malinen2014-10-091-0/+65
| | | | Signed-off-by: Jouni Malinen <j@w1.fi>
* ChangeLog entries for v2.2Jouni Malinen2014-06-041-0/+120
| | | | Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Update ChangeLog files to match current implementationJouni Malinen2014-02-041-2/+107
| | | | Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
* Update ChangeLog files to match current implementationJouni Malinen2013-01-121-0/+4
| | | | Signed-hostap: Jouni Malinen <j@w1.fi>
* Prepare for hostapd/wpa_supplicant v2.0 releasehostap_2_0Jouni Malinen2013-01-121-1/+1
| | | | Signed-hostap: Jouni Malinen <j@w1.fi>
* Update ChangeLog files to match the current implementationJouni Malinen2012-12-281-0/+6
| | | | Signed-hostap: Jouni Malinen <j@w1.fi>
* Update ChangeLog files to match the current implementationJouni Malinen2012-11-181-0/+224
| | | | | | | This commit adds description of the main changes from the forking of hostap-1.git for 1.x releases to the current master branch snapshot. Signed-hostap: Jouni Malinen <j@w1.fi>
* Add ChangeLog entries from v1.0 releaseJouni Malinen2012-05-101-0/+174
| | | | Signed-hostap: Jouni Malinen <j@w1.fi>
* Preparations for 0.7.2 releaseJouni Malinen2010-04-181-0/+43
* Preparations for v0.7.1 releasehostap_0_7_1Jouni Malinen2010-01-161-0/+26
* Preparations for v0.7.0 releasehostap_0_7_0Jouni Malinen2009-11-211-1/+1
* Update ChangeLog files for 0.7.0 releaseJouni Malinen2009-11-211-0/+33
* Fix SHA-256-based KDF when using CCMP as the pairwise cipherJouni Malinen2009-04-011-0/+3
| | | | | | | | | | | | IEEE 802.11r KDF uses key length in the derivation and as such, the PTK length must be specified correctly. The previous version was deriving using 512-bit PTK regardless of the negotiated cipher suite; this works for TKIP, but not for CCMP. Update the code to use proper PTK length based on the pairwise cipher. This fixed PTK derivation for both IEEE 802.11r and IEEE 802.11w (when using AKMP that specifies SHA-256-based key derivation). The fixed version does not interoperate with the previous versions. [Bug 307]
* Add SME support (separate authentication and association)Jouni Malinen2009-03-201-0/+4
| | | | | | | | | | | | | This can be used, e.g., with mac80211-based Linux drivers with nl80211. This allows over-the-air FT protocol to be used (IEEE 802.11r). Since the nl80211 interface needed for this is very recent (added today into wireless-testing.git), driver_nl80211.c has backwards compatibility code that uses WEXT for association if the kernel does not support the new commands. This compatibility code can be disabled by defining NO_WEXT_COMPAT. That code will also be removed at some point to clean up driver_nl80211.c.
* Fix IEEE 802.11r key derivation function to match with the standardJouni Malinen2009-03-191-0/+2
| | | | | IEEE Std 802.11r-2008, starts the 'i' counter from 1, not 0. Note: this breaks interoperability with previous versions. [Bug 303]
* driver_ndis: Add PAE group address to the multicast addressJouni Malinen2009-03-071-0/+2
| | | | | | | | | | This is done with wired interfaces to fix IEEE 802.1X authentication when the authenticator uses the group address (which should be happening with wired Ethernet authentication). This allows wpa_supplicant to complete wired authentication successfully on Vista with a NDIS 6 driver, but the change is likely needed for Windows XP, too.
* WPS UFD: Add entry to ChangeLogJouni Malinen2009-02-261-0/+2
* driver_nl80211: Add support for multi-SSID scan requestsJouni Malinen2009-02-141-0/+4
* Allow multiple driver wrappers to be specified on command lineJouni Malinen2009-02-141-0/+3
| | | | | | For example, -Dnl80211,wext could be used to automatically select between nl80211 and wext. The first driver wrapper that is able to initialize the interface will be used.
* Fixed scan buffer increasing with WEXTJouni Malinen2009-02-051-0/+2
| | | | | | | | | | We can now handle up to 65535 byte result buffer which is the maximum due to WEXT using 16-bit length field. Previously, this was limited to 32768 bytes in practice even through we tried with 65536 and 131072 buffers which we just truncated into 0 in the 16-bit variable. This more or less doubles the number of BSSes we can received from scan results.
* Increased wpa_cli/hostapd_cli ping interval and made it configurableJouni Malinen2009-01-201-0/+4
| | | | | | The default interval is now 5 seconds (used to be 1 second for interactive mode and 2 seconds for wpa_cli -a). The interval can be changed with -G<seconds> command line option.
* Preparations for 0.6.7 releaseJouni Malinen2009-01-061-1/+1
* Added a note about IEEE 802.11w/D7.0 updateJouni Malinen2008-12-261-0/+1
* Added a ChangeLog entry about the new Windows installerJouni Malinen2008-12-251-0/+4
* IANA allocated EAP method type 51 to EAP-GPSKJouni Malinen2008-12-201-0/+1
* Fixed PSK editing in wpa_gui (copy-paste bug in field names)Jouni Malinen2008-12-181-0/+1
* Fixed interoperability issue with PEAPv0 cryptobinding and NPSJouni Malinen2008-12-141-0/+2
| | | | | | | | | | | | | | Windows Server 2008 NPS gets very confused if the TLS Message Length is not included in the Phase 1 messages even if fragmentation is not used. If the TLS Message Length field is not included in ClientHello message, NPS seems to decide to use the ClientHello data (excluding first six octets, i.e., EAP header, type, Flags) as the OuterTLVs data in Cryptobinding Compound_MAC calculation (per PEAPv2; not MS-PEAP).. Lets add the TLS Message Length to PEAPv0 Phase 1 messages to get rid of this issue. This seems to fix Cryptobinding issues with NPS and PEAPv0 is now using optional Cryptobinding by default (again) since there are no known interop issues with it anymore.
* driver_test: Optional support for using UDP socketJouni Malinen2008-12-121-0/+1
| | | | | | | | | driver_test can now be used either over UNIX domain socket or UDP socket. This makes it possible to run the test over network and makes it easier to port driver_test to Windows. hostapd configuration: test_socket=UDP:<listen port> wpa_supplicant configuration: driver_param=test_udp=<dst IP addr>:<port>
* Merged EAP-AKA' into eap_aka.c and added it to defconfig/ChangeLogJouni Malinen2008-12-071-0/+2
* WPS: Added note about update_config and added WPS to ChangeLogJouni Malinen2008-11-301-0/+10
* Preparations for 0.6.6 releasehostap_0_6_6Jouni Malinen2008-11-231-1/+1
* Fixed canceling of PMKSA caching with driver generated RSN IEJouni Malinen2008-11-211-0/+3
| | | | | | | | | | | | | | It looks like some Windows NDIS drivers (e.g., Intel) do not clear the PMKID list even when wpa_supplicant explicitly sets the list to be empty. In such a case, the driver ends up trying to use PMKSA caching with the AP and wpa_supplicant may not have the PMK that would be needed to complete 4-way handshake. RSN processing already had some code for aborting PMKSA caching by sending EAPOL-Start. However, this was not triggered in this particular case where the driver generates the RSN IE. With this change, this case is included, too, and the failed PMKSA caching attempt is cleanly canceled and wpa_supplicant can fall back to full EAP authentication.
* Add RoboSwitch driver interface for wpa_supplicantJouke Witteveen2008-11-181-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | Find attached the patch that creates a new driver: roboswitch. This driver adds support for wired authentication with a Broadcom RoboSwitch chipset. For example it is now possible to do wired authentication with a Linksys WRT54G router running OpenWRT. LIMITATIONS - At the moment the driver does not support the BCM5365 series (though adding it requires just some register tweaks). - The driver is also limited to Linux (this is a far more technical restriction). - In order to compile against a 2.4 series you need to edit include/linux/mii.h and change all references to "u16" in "__u16". I have submitted a patch upstream that will fix this in a future version of the 2.4 kernel. [These modifications (and more) are now included in the kernel source and can be found in versions 2.4.37-rc2 and up.] USAGE - Usage is similar to the wired driver. Choose the interfacename of the vlan that contains your desired authentication port on the router. This name must be formatted as <interface>.<vlan>, which is the default on all systems I know.
* Updated userspace MLME instructions for current mac80211Jouni Malinen2008-11-181-0/+3
| | | | | | | Remove the old code from driver_wext.c since the private ioctl interface is never going to be used with mac80211. driver_nl80211.c has an implementation than can be used with mac80211 (with two external patches to enable userspace MLME configuration are still required, though).
* OpenSSL 0.9.9 API change for EAP-FAST session ticket overriding APIJouni Malinen2008-11-161-0/+4
| | | | | | | Updated OpenSSL code for EAP-FAST to use an updated version of the session ticket overriding API that was included into the upstream OpenSSL 0.9.9 tree on 2008-11-15 (no additional OpenSSL patch is needed with that version anymore).
* Added an optional mitigation mechanism for certain attacks against TKIP byJouni Malinen2008-11-081-0/+4
| | | | | | | | | | | | delaying Michael MIC error reports by a random amount of time between 0 and 60 seconds if multiple Michael MIC failures are detected with the same PTK (i.e., the Authenticator does not rekey PTK on first failure report). This is disabled by default and can be enabled with a build option CONFIG_DELAYED_MIC_ERROR_REPORT=y in .config. This may help in making a chopchop attack take much longer time by forcing the attacker to wait 60 seconds before knowing whether a modified frame resulted in a MIC failure.
* Fixed EAP-AKA RES Length field in AT_RES as length in bits, not bytesJouni Malinen2008-11-071-0/+2
* Added support for enforcing frequent PTK rekeyingJouni Malinen2008-11-061-0/+3
| | | | | | | | | | | | Added a new configuration option, wpa_ptk_rekey, that can be used to enforce frequent PTK rekeying, e.g., to mitigate some attacks against TKIP deficiencies. This can be set either by the Authenticator (to initiate periodic 4-way handshake to rekey PTK) or by the Supplicant (to request Authenticator to rekey PTK). With both wpa_ptk_rekey and wpa_group_rekey (in hostapd) set to 600, TKIP keys will not be used for more than 10 minutes which may make some attacks against TKIP more difficult to implement.
* Added Milenage-GSM simulator for EAP-SIMJouni Malinen2008-11-061-4/+4
| | | | | CONFIG_SIM_SIMULATOR=y in .config and password="Ki:OPc" in network config to enable.
* Added Milenage USIM emulator for EAP-AKA (can be used to simulate testJouni Malinen2008-11-051-0/+6
| | | | | USIM card with a known private key; enable with CONFIG_USIM_SIMULATOR in .config and password="Ki:OPc:SQN" in network configuration).
* Preparations for 0.6.5 releasehostap_0_6_5Jouni Malinen2008-11-011-1/+1
* wpa_gui-qt4: Added support for configuring Phase 2 methodJouni Malinen2008-10-011-0/+2
* FT: Fixed FTIE for authentication after a failed associationJouni Malinen2008-09-011-0/+2
* Added support for using SHA256-based stronger key derivation for WPA2Jouni Malinen2008-08-311-0/+2
| | | | | | IEEE 802.11w/D6.0 defines new AKMPs to indicate SHA256-based algorithms for key derivation (and AES-CMAC for EAPOL-Key MIC). Add support for using new AKMPs and clean up AKMP processing with helper functions in defs.h.