changelog

WPA在Linux下实现的原代码 WPA在Linux下实现的原代码

ChangeLog for wpa_supplicant

2008-02-23 - v0.4.11
	* updated driver_madwifi to work with changes in madwifi-ng
	* fixed EAP-AKA Notification processing to allow Notification to be
	  processed after AKA Challenge response has been sent
	* fixed OpenSSL TLS wrapper to clear trusted CA list to allow
	  network blocks to use different trusted CA configurations
	* fixed a potential EAP state machine loop when moving from PSK to EAP
	  configuration without restarting wpa_supplicant
	* fixed EAP-SIM and EAP-AKA message parser to validate attribute
	  lengths properly to avoid potential crash caused by invalid messages
	* added driver_wext workaround for race condition between scanning and
	  association with drivers that take very long time to scan all
	  channels (e.g., madwifi with dual-band cards); wpa_supplicant is now
	  using a longer hardcoded timeout for the scan if the driver supports
	  notifications for scan completion (SIOCGIWSCAN event); this helps,
	  e.g., in cases where wpa_supplicant and madwifi driver ended up in
	  loop where the driver did not even try to associate
	* fixed EAP-SIM not to include AT_NONCE_MT and AT_SELECTED_VERSION
	  attributes in EAP-SIM Start/Response when using fast reauthentication

2007-02-19 - v0.4.10
	* driver_madwifi: fixed TKIP and CCMP sequence number configuration on
	  big endian hosts [Bug 146]
	* Windows: added a workaround for UDP-based control interface to
	  prevent packets with forged addresses from being accepted as local
	  control requests
	* fixed EAP-SIM/AKA key derivation for re-authentication case (only
	  affects IEEE 802.1X with dynamic WEP keys)
	* fixed WPA PSK update through ctrl_iface for the case where the old
	  PSK was derived from an ASCII passphrase and the new PSK is set as
	  a raw PSK (hex string)
	* fixed configuration parser not to remove CCMP from group cipher list
	  if WPA-None (adhoc) is used (pairwise=NONE in that case)
	* driver_ndis: fixed static WEP configuration to avoid race condition
	  issues with some NDIS drivers between association and setting WEP
	  keys
	* driver_ndis: added validation for IELength value in scan results to
	  avoid crashes when using buggy NDIS drivers [Bug 165]
	* fixed selection of the first network in ap_scan=2 mode; previously,
	  wpa_supplicant could get stuck in SCANNING state when only the first
	  network for enabled (e.g., after 'wpa_cli select_network 0')
	* driver_ndis: added support for selecting AP based on BSSID
	* fixed USIM PIN status determination for the case that PIN is not
	  needed (this allows EAP-AKA to be used with USIM cards that do not
	  use PIN)
	* added support for reading 3G USIM AID from EF_DIR to allow EAP-AKA to
	  be used with cards that do not support file selection based on
	  partial AID
	* fixed EAP-PSK bit ordering of the Flags field
	* fixed EAP-PEAP/TTLS/FAST to use the correct EAP identifier in
	  tunnelled identity request (previously, the identifier from the outer
	  method was used, not the tunnelled identifier which could be
	  different)
	* fixed EAP-TTLS AVP parser processing for too short AVP lengths
	* updated Windows binary build to link against OpenSSL 0.9.8d and
	  added support for EAP-FAST
	* added a workaround for a case where the AP is using unknown address
	  (e.g., MAC address of the wired interface) as the source address for
	  EAPOL-Key frames; previously, that source address was used as the
	  destination for EAPOL-Key frames and in key derivation; now, BSSID is
	  used even if the source address does not match with it
	  (this resolves an interoperability issue with Thomson SpeedTouch 580)

2006-05-06 - v0.4.9
	* fixed EAPOL re-authentication for sessions that used PMKSA caching
	* reject WPA/WPA2 message 3/4 if it does not include any valid
	  WPA/RSN IE
	* driver_ndis: Fixed encryption mode configuration for unencrypted
	  networks (some NDIS drivers ignored this, but others, e.g., Broadcom,
	  refused to associate with open networks) [Bug 106]
	* driver_wext: added support for WE-21 change to SSID configuration
	* driver_wext: fixed privacy configuration for static WEP keys mode
	  [Bug 140]
	* driver_wext: added fallback to use SIOCSIWENCODE for setting auth_alg
	  if the driver does not support SIOCSIWAUTH

2006-02-08 - v0.4.8
	* fixed PC/SC code to use correct length for GSM AUTH command buffer
	  and to not use pioRecvPci with SCardTransmit() calls; these were not
	  causing visible problems with pcsc-lite, but Windows Winscard.dll
	  refused the previously used parameters; this fixes EAP-SIM and
	  EAP-AKA authentication using SIM/USIM card under Windows
	* added support for EAP-FAST key derivation using other ciphers than
	  RC4-128-SHA for authentication and AES128-SHA for provisioning
	* fixed EAP-SIM and EAP-AKA pseudonym and fast re-authentication to
	  decrypt AT_ENCR_DATA attributes correctly
	* added support for configuring CA certificate as DER file and as a
	  configuration blob
	* fixed private key configuration as configuration blob and added
	  support for using PKCS#12 as a blob
	* fixed cygwin build
	* added support for loading trusted CA certificates from Windows
	  certificate store: ca_cert="cert_store://<name>", where <name> is
	  likely CA (Intermediate CA certificates) or ROOT (root certificates)
	* fixed TLS library deinitialization after RSN pre-authentication not
	  to disable TLS library for normal authentication
	* fixed PMKSA cache processing not to trigger deauthentication if the
	  current PMKSA cache entry is replaced with a valid new entry
	* fixed PC/SC initialization for ap_scan != 1 modes (this fixes
	  EAP-SIM and EAP-AKA with real SIM/USIM card when using ap_scan=0 or
	  ap_scan=2)
	* do not try to use USIM APDUs when initializing PC/SC for SIM card
	  access for a network that has not enabled EAP-AKA

2005-11-20 - v0.4.7 (beginning of 0.4.x stable releases)
	* l2_packet_pcap: fixed wired IEEE 802.1X authentication with libpcap
	  and WinPcap to receive frames sent to PAE group address
	* disable EAP state machine when IEEE 802.1X authentication is not used
	  in order to get rid of bogus "EAP failed" messages
	* fixed OpenSSL error reporting to go through all pending errors to
	  avoid confusing reports of old errors being reported at later point
	  during handshake
	* fixed configuration file updating to not write empty variables
	  (e.g., proto or key_mgmt) that the file parser would not accept
	* fixed ADD_NETWORK ctrl_iface command to use the same default values
	  for variables as empty network definitions read from config file
	  would get
	* fixed EAP state machine to not discard EAP-Failure messages in many
	  cases (e.g., during TLS handshake)
	* fixed a infinite loop in private key reading if the configured file
	  cannot be parsed successfully
	* driver_madwifi: added support for madwifi-ng
	* wpa_gui: do not display password/PSK field contents
	* wpa_gui: added CA certificate configuration
	* driver_ndis: fixed scan request in ap_scan=2 mode not to change SSID
	* driver_ndis: include Beacon IEs in AssocInfo in order to notice if
	  the new AP is using different WPA/RSN IE
	* use longer timeout for IEEE 802.11 association to avoid problems with
	  drivers that may take more than five second to associate

2005-10-27 - v0.4.6
	* allow fallback to WPA, if mixed WPA+WPA2 networks have mismatch in
	  RSN IE, but WPA IE would match with wpa_supplicant configuration
	* added support for named configuration blobs in order to avoid having
	  to use file system for external files (e.g., certificates);
	  variables can be set to "blob://<blob name>" instead of file path to
	  use a named blob; supported fields: pac_file, client_cert,
	  private_key
	* fixed RSN pre-authentication (it was broken in the clean up of WPA
	  state machine interface in v0.4.5)
	* driver_madwifi: set IEEE80211_KEY_GROUP flag for group keys to make
	  sure the driver configures broadcast decryption correctly
	* added ca_path (and ca_path2) configuration variables that can be used
	  to configure OpenSSL CA path, e.g., /etc/ssl/certs, for using the
	  system-wide trusted CA list
	* added support for starting wpa_supplicant without a configuration
	  file (-C argument must be used to set ctrl_interface parameter for
	  this case; in addition, -p argument can be used to provide
	  driver_param; these new arguments can also be used with a
	  configuration to override the values from the configuration)
	* added global control interface that can be optionally used for adding
	  and removing network interfaces dynamically (-g command line argument
	  for both wpa_supplicant and wpa_cli) without having to restart
	  wpa_supplicant process
	* wpa_gui:
	  - try to save configuration whenever something is modified
	  - added WEP key configuration
	  - added possibility to edit the current network configuration
	* driver_ndis: fixed driver polling not to increase frequency on each
	  received EAPOL frame due to incorrectly cancelled timeout
	* added simple configuration file examples (in examples subdirectory)
	* fixed driver_wext.c to filter wireless events based on ifindex to
	  avoid interfaces receiving events from other interfaces
	* delay sending initial EAPOL-Start couple of seconds to speed up
	  authentication for the most common case of Authenticator starting
	  EAP authentication immediately after association

2005-09-25 - v0.4.5
	* added a workaround for clearing keys with ndiswrapper to allow
	  roaming from WPA enabled AP to plaintext one
	* added docbook documentation (doc/docbook) that can be used to
	  generate, e.g., man pages
	* l2_packet_linux: use socket type SOCK_DGRAM instead of SOCK_RAW for
	  PF_PACKET in order to prepare for network devices that do not use
	  Ethernet headers (e.g., network stack with native IEEE 802.11 frames)
	* use receipt of EAPOL-Key frame as a lower layer success indication
	  for EAP state machine to allow recovery from dropped EAP-Success
	  frame
	* cleaned up internal EAPOL frame processing by not including link
	  layer (Ethernet) header during WPA and EAPOL/EAP processing; this
	  header is added only when transmitted the frame; this makes it easier
	  to use wpa_supplicant on link layers that use different header than
	  Ethernet
	* updated EAP-PSK to use draft 9 by default since this can now be
	  tested with hostapd; removed support for draft 3, including
	  server_nai configuration option from network blocks
	* driver_wired: add PAE address to the multicast address list in order
	  to be able to receive EAPOL frames with drivers that do not include
	  these multicast addresses by default
	* driver_wext: add support for WE-19
	* added support for multiple configuration backends (CONFIG_BACKEND
	  option); currently, only 'file' is supported (i.e., the format used
	  in wpa_supplicant.conf)
	* added support for updating configuration ('wpa_cli save_config');
	  this is disabled by default and can be enabled with global
	  update_config=1 variable in wpa_supplicant.conf; this allows wpa_cli
	  and wpa_gui to store the configuration changes in a permanent store
	* added GET_NETWORK ctrl_iface command
	  (e.g., 'wpa_cli get_network 0 ssid')

2005-08-21 - v0.4.4
	* replaced OpenSSL patch for EAP-FAST support
	  (openssl-tls-extensions.patch) with a more generic and correct
	  patch (the new patch is not compatible with the previous one, so the
	  OpenSSL library will need to be patched with the new patch in order
	  to be able to build wpa_supplicant with EAP-FAST support)
	* added support for using Windows certificate store (through CryptoAPI)
	  for client certificate and private key operations (EAP-TLS)
	  (see wpa_supplicant.conf for more information on how to configure
	  this with private_key)
	* ported wpa_gui to Windows
	* added Qt4 version of wpa_gui (wpa_gui-qt4 directory); this can be
	  built with the open source version of the Qt4 for Windows
	* allow non-WPA modes (e.g., IEEE 802.1X with dynamic WEP) to be used
	  with drivers that do not support WPA
	* ndis_events: fixed Windows 2000 support
	* added support for enabling/disabling networks from the list of all
	  configured networks ('wpa_cli enable_network <network id>' and
	  'wpa_cli disable_network <network id>')
	* added support for adding and removing network from the current
	  configuration ('wpa_cli add_network' and 'wpa_cli remove_network
	  <network id>'); added networks are disabled by default and they can
	  be enabled with enable_network command once the configuration is done
	  for the new network; note: configuration file is not yet updated, so
	  these new networks are lost when wpa_supplicant is restarted
	* added support for setting network configuration parameters through
	  the control interface, for example:
	  wpa_cli set_network 0 ssid "\"my network\""
	* fixed parsing of strings that include both " and # within double
	  quoted area (e.g., "start"#end")
	* added EAP workaround for PEAP session resumption: allow outer,
	  i.e., not tunneled, EAP-Success to terminate session since; this can
	  be disabled with eap_workaround=0
	  (this was allowed for PEAPv1 before, but now it is also allowed for
	  PEAPv0 since at least one RADIUS authentication server seems to be
	  doing this for PEAPv0, too)
	* wpa_gui: added preliminary support for adding new networks to the
	  wpa_supplicant configuration (double click on the scan results to
	  open network configuration)

2005-06-26 - v0.4.3
	* removed interface for external EAPOL/EAP supplicant (e.g.,
	  Xsupplicant), (CONFIG_XSUPPLICANT_IFACE) since it is not required
	  anymore and is unlikely to be used by anyone
	* driver_ndis: fixed WinPcap 3.0 support
	* fixed build with CONFIG_DNET_PCAP=y on Linux
	* l2_packet: moved different implementations into separate files
	  (l2_packet_*.c)

2005-06-12 - v0.4.2
	* driver_ipw: updated driver structures to match with ipw2200-1.0.4