Lines Matching refs:EAP
8 * EAP-pwd changes
13 * fixed FT-EAP initial mobility domain association using PMKSA caching
19 * extended EAP-SIM/AKA fast re-authentication to allow use with FILS
22 * added support for EAP-SIM/AKA using anonymous@realm identity
24 to ignore credentials without a specific EAP method
25 * added experimental support for EAP-TEAP peer (RFC 7170)
26 * added experimental support for EAP-TLS peer with TLS v1.3
50 * EAP-pwd changes
78 * started to prefer FT-EAP-SHA384 over WPA-EAP-SUITE-B-192 AKM if both
81 SAE, FT-SAE, FT-EAP-SHA384
116 * fixed EAP-pwd pre-processing with PasswordHashHash
117 * added EAP-pwd client support for salted passwords
133 * fixed EAP-SIM/AKA/AKA' ext auth cases within TLS tunnel
136 * fixed EAP-AKA' to add AT_KDF into Synchronization-Failure
174 * fixed EAP-pwd last fragment validation
176 * fixed EAP-pwd unexpected Confirm message processing
245 * EAP-pwd: added support for Brainpool Elliptic Curves
285 * EAP-PEAP: fixed interoperability issue with Windows 2012r2 server
287 * EAP-TTLS: fixed success after fragmented final Phase 2 message
295 - fix IEEE 802.1X/WEP EAP reauthentication and rekeying to use
300 * Interworking: add credential realm to EAP-TLS identity
322 * fixed EAP-pwd peer missing payload length validation
338 * added support for hashed password (NtHash) in EAP-pwd peer
357 * added EAP-EKE peer support for deriving Session-Id
379 * allow OpenSSL cipher configuration to be set for internal EAP server
421 * add support for EAP Re-Authentication Protocol (ERP)
422 * fixed EAP-IKEv2 fragmentation reassembly
431 * include peer certificate in EAP events even without a separate probe
433 * add peer ceritficate alt subject name to EAP events
434 (CTRL-EVENT-EAP-PEER-ALT)
473 * fixed EAP-AKA' message parser with multiple AT_KDF attributes
494 * removed EAP-TTLS/MSCHAPv2 interoperability workaround so that
497 * modified EAP fast session resumption to allow results to be used only
535 three-byte encoding EAP methods that use NtPasswordHash
576 * slow down automatic connection attempts on EAP failure to meet
619 * EAP-pwd fixes
622 - fix possible segmentation fault on EAP method deinit if an invalid
626 * fixed EAP-SIM counter-too-small message
681 * added Session-Id derivation for EAP peer methods
703 * added EAP-EKE peer
706 EAP-TLS) to specify additional constraint for the server certificate
708 * added support for external SIM/USIM processing in EAP-SIM, EAP-AKA,
709 and EAP-AKA' (CTRL-REQ-SIM and CTRL-RSP-SIM commands over control
781 * EAP-pwd:
801 * EAP-AKA: keep pseudonym identity across EAP exchanges to match EAP-SIM
841 * EAP-SIM: fixed AT_COUNTER_TOO_SMALL use
842 * EAP-SIM/AKA: append realm to pseudonym identity
843 * EAP-SIM/AKA: store pseudonym identity in network configuration to
844 allow it to persist over multiple EAP sessions and wpa_supplicant
846 * EAP-AKA': updated to RFC 5448 (username prefixes changed); note: this
875 * EAP-TTLS: fixed peer challenge generation for MSCHAPv2
885 (EAP-PEAP/TLS, EAP-TTLS/TLS, EAP-FAST/TLS) to support different CA
936 using EAP-TLS/PEAP/TTLS (i.e., only use it with EAP-FAST)
937 * changed VENDOR-TEST EAP method to use proper private enterprise number
1006 - Add a DBus signal for EAP SM requests, emitted on the Interface
1083 - Fragment size is now configurable for EAP-WSC peer. Use
1159 automatic detection of EAP parameters
1167 * EAP-TNC: add Flags field into fragment acknowledgement (needed to
1292 * added support for EAP-AKA' (draft-arkko-eap-aka-kdf)
1297 * changed EAP-GPSK to use the IANA assigned EAP method type 51
1305 * added Milenage SIM/USIM emulator for EAP-SIM/EAP-AKA
1316 * fixed EAP-AKA to use RES Length field in AT_RES as length in bits,
1318 * updated OpenSSL code for EAP-FAST to use an updated version of the
1343 * added support for EAP Sequences in EAP-FAST Phase 2
1344 * added support for using TNC with EAP-FAST
1347 * fixed the OpenSSL patches (0.9.8g and 0.9.9) for EAP-FAST to
1349 * added fragmentation support for EAP-TNC
1362 previously used for configuring user identity and key for EAP-PSK,
1363 EAP-PAX, EAP-SAKE, and EAP-GPSK. 'identity' field is now used as the
1379 * fixed EAP-SIM not to include AT_NONCE_MT and AT_SELECTED_VERSION
1380 attributes in EAP-SIM Start/Response when using fast reauthentication
1388 * fixed EAP-SIM and EAP-AKA message parser to validate attribute
1392 changed and various interfaces (e.g., EAP) is not compatible with old
1394 * added support for protecting EAP-AKA/Identity messages with
1397 EAP-SIM and EAP-AKA (phase1="result_ind=1")
1426 * added support for EAP-IKEv2 (draft-tschofenig-eap-ikev2-15.txt);
1433 full handshake when using EAP-FAST (e.g., due to an expired
1435 * updated EAP Generalized Pre-Shared Key (EAP-GPSK) to use the latest
1460 * updated EAP-SAKE to RFC 4763 and the IANA-allocated EAP type 48
1461 * updated EAP-PSK to use the IANA-allocated EAP type 47
1462 * fixed EAP-PAX key derivation
1463 * fixed EAP-PSK bit ordering of the Flags field
1464 * fixed EAP-PEAP/TTLS/FAST to use the correct EAP identifier in
1469 of EAP-PEAP/TTLS/FAST
1470 * fixed EAP-TTLS AVP parser processing for too short AVP lengths
1471 * added support for EAP-FAST authentication with inner methods that
1472 generate MSK (e.g., EAP-MSCHAPv2 that was previously only supported
1474 * added support for authenticated EAP-FAST provisioning
1475 * added support for configuring maximum number of EAP-FAST PACs to
1477 * added support for storing EAP-FAST PACs in binary format
1483 added support for EAP-FAST
1484 * updated EAP Generalized Pre-Shared Key (EAP-GPSK) to use the latest
1486 * fixed EAP-AKA Notification processing to allow Notification to be
1490 * fixed EAP-TTLS implementation not to crash on use of freed memory
1492 * added support for EAP-TNC (Trusted Network Connect)
1493 (this version implements the EAP-TNC method and EAP-TTLS changes
1508 * updated EAP Generalized Pre-Shared Key (EAP-GPSK) to use the latest
1518 needed (this allows EAP-AKA to be used with USIM cards that do not
1520 * added support for reading 3G USIM AID from EF_DIR to allow EAP-AKA to
1526 * fixed EAP-SIM/AKA key derivation for re-authentication case (only
1595 configure the maximum EAP fragment size
1624 * added support for EAP Generalized Pre-Shared Key (EAP-GPSK,
1653 * fixed EAP-GTC response to include correct user identity when run as
1654 phase 2 method of EAP-FAST (i.e., EAP-FAST did not work in v0.5.2)
1674 * added support for EAP-SAKE (no EAP method number allocated yet, so
1675 this is using the same experimental type 255 as EAP-PSK)
1676 * added support for dynamically loading EAP methods (.so files) instead
1683 access for a network that has not enabled EAP-AKA
1684 * fixed EAP phase 2 Nak for EAP-{PEAP,TTLS,FAST} (this was broken in
1685 v0.5.1 due to the new support for expanded EAP types)
1686 * added support for generating EAP Expanded Nak
1693 * changed EAP method registration to use a dynamic list of methods
1697 * fixed a memory leak in EAP-TTLS re-authentication
1707 * added support for EAP expanded type (vendor specific EAP methods)
1725 EAP-SIM and EAP-AKA with real SIM/USIM card when using ap_scan=0 or
1733 * fixed EAP-SIM and EAP-AKA pseudonym and fast re-authentication to
1735 * fixed EAP-AKA to allow resynchronization within the same session
1760 refused the previously used parameters; this fixes EAP-SIM and
1761 EAP-AKA authentication using SIM/USIM card under Windows
1773 * added support for EAP-FAST key derivation using other ciphers than
1800 * disable EAP state machine when IEEE 802.1X authentication is not used
1801 in order to get rid of bogus "EAP failed" messages
1810 * fixed EAP state machine to not discard EAP-Failure messages in many
1858 EAP authentication immediately after association
1869 for EAP state machine to allow recovery from dropped EAP-Success
1872 layer (Ethernet) header during WPA and EAPOL/EAP processing; this
1876 * updated EAP-PSK to use draft 9 by default since this can now be
1894 * replaced OpenSSL patch for EAP-FAST support
1898 to be able to build wpa_supplicant with EAP-FAST support)
1900 for client certificate and private key operations (EAP-TLS)
1923 * added EAP workaround for PEAP session resumption: allow outer,
1924 i.e., not tunneled, EAP-Success to terminate session since; this can
1934 * removed interface for external EAPOL/EAP supplicant (e.g.,
1958 * added support for querying private key password (EAP-TLS) through the
1963 * EAP-PAX is now registered as EAP type 46
1964 * fixed EAP-PAX MAC calculation
1965 * fixed EAP-PAX CK and ICK key derivation
1966 * added support for using password with EAP-PAX (as an alternative to
1987 * added support for EAP-MSCHAPv2 password retries within the same EAP
1989 * added support for password changes with EAP-MSCHAPv2 (used when the
1995 * fixed a possible double free in EAP-TTLS fast-reauthentication when
1997 * display EAP Notification messages to user through control interface
1998 with "CTRL-EVENT-EAP-NOTIFICATION" prefix
2009 * added EAP workaround for PEAPv1 session resumption: allow outer,
2010 i.e., not tunneled, EAP-Success to terminate session since; this can
2027 * modified the EAP workaround that accepts EAP-Success with incorrect
2035 file, a control interface request is sent and EAP processing is
2038 private key operations in EAP-TLS (CONFIG_SMARTCARD=y in .config);
2042 * added experimental support for EAP-PAX
2070 EAP-PEAP and EAP-TTLS
2089 * fixed EAP workaround and fast reauthentication configuration for
2092 requires EAP workarounds
2096 * fixed CA certificate loading after a failed EAP-TLS/PEAP/TTLS
2098 * allow EAP-PEAP/TTLS fast reauthentication only if Phase 2 succeeded
2117 * cleaned up EAP state machine <-> method interface and number of
2119 EAP-Failure but waiting for timeout
2122 * added support for EAP-FAST (draft-cam-winget-eap-fast-00.txt);
2136 * improved recovery from PMKID mismatches by requesting full EAP
2151 clearing port Valid in order to reset EAP state machine and avoid
2198 * PEAPv1: fixed tunneled EAP-Success reply handling to reply with TLS
2199 ACK, not tunneled EAP-Success (of which only the first byte was
2203 EAP-Success message; this can be configured by adding
2211 * added support for EAP-PSK (draft-bersani-eap-psk-03.txt)
2213 * added support for configuring list of allowed Phase 2 EAP types
2214 (for both EAP-PEAP and EAP-TTLS) instead of only one type
2218 * added support for EAP-AKA (with UMTS SIM)
2220 random-looking errors for EAP-SIM
2221 * added support for EAP-SIM pseudonyms and fast re-authentication
2222 * added support for EAP-TLS/PEAP/TTLS fast re-authentication (TLS
2224 * added support for EAP-SIM with two challanges
2227 key exchange (EAP-TLS/PEAP/TTLS) using new configuration parameters
2231 certificate with a substring when using EAP-TLS/PEAP/TTLS; new
2273 * added a workaround for EAP servers that incorrectly use same Id for
2274 sequential EAP packets
2287 * made EAP workarounds configurable; enabled by default, can be
2291 * resolved couple of interoperability issues with EAP-PEAPv1 and
2292 Phase 2 (inner EAP) fragment reassembly
2312 * added support for new EAP authentication methods:
2313 EAP-TTLS/EAP-OTP, EAP-PEAPv0/OTP, EAP-PEAPv1/OTP, EAP-OTP
2318 password; this can be used with both EAP-OTP and EAP-GTC
2348 * small improvements/bug fixes for EAP-MSCHAPv2, EAP-PEAP, and
2360 EAP-SIM; this requires pcsc-lite
2364 EAP keying material is used as data encryption key)
2369 * added support for new EAP authentication methods:
2370 EAP-TTLS/EAP-MD5-Challenge
2371 EAP-TTLS/EAP-GTC
2372 EAP-TTLS/EAP-MSCHAPv2
2373 EAP-TTLS/EAP-TLS
2374 EAP-TTLS/MSCHAPv2
2375 EAP-TTLS/MSCHAP
2376 EAP-TTLS/PAP
2377 EAP-TTLS/CHAP
2378 EAP-PEAP/TLS
2379 EAP-PEAP/GTC
2380 EAP-PEAP/MD5-Challenge
2381 EAP-GTC
2382 EAP-SIM (not yet complete; needs GSM/SIM authentication interface)
2385 tunnel (e.g., with EAP-TTLS)
2388 control interface; in other words, the password for EAP-PEAP or
2389 EAP-TTLS does not need to be included in the configuration file since
2407 - EAP peer state machine [draft-ietf-eap-statemachine-02.pdf]
2408 - EAP-MD5 (cannot be used with WPA-RADIUS)
2410 - EAP-TLS [RFC 2716]
2411 - EAP-MSCHAPv2 (currently used only with EAP-PEAP)
2412 - EAP-PEAP/MSCHAPv2 [draft-josefsson-pppext-eap-tls-eap-07.txt]
2423 - EAP-TLS and EAP-PEAP require openssl libraries
2424 * use module prefix in debug messages (WPA, EAP, EAP-TLS, ..)
2426 (i.e., complete IEEE 802.1X/EAP authentication and use IEEE 802.1X
2443 - EAPOL/EAP functions