Lines Matching refs:EAP
4 * fixed EAP-pwd last fragment validation
20 * EAP-pwd: added support for Brainpool Elliptic Curves
35 * EAP-PEAP: support fast-connect crypto binding
56 - fix IEEE 802.1X/WEP EAP reauthentication and rekeying to use
81 * fixed EAP-pwd server missing payload length validation
91 * added support for hashed password (NtHash) in EAP-pwd server
93 * added EAP-EKE server support for deriving Session-Id
105 * added EAP server support for TLS session resumption
113 * allow OpenSSL cipher configuration to be set for internal EAP server
133 * add support for EAP Re-Authentication Protocol (ERP)
192 three-byte encoding EAP methods that use NtPasswordHash
199 * enforce full EAP authentication after RADIUS Disconnect-Request by
232 - added option for TLS protocol testing of an EAP peer by simulating
248 * EAP-pwd fixes
249 - fix possible segmentation fault on EAP method deinit if an invalid
259 - this could result in deinial of service in some EAP server cases
279 * added EAP-EKE server
311 * EAP-pwd:
326 implementations that can change SNonce for each EAP-Key 2/4
339 * EAP-SIM: fixed re-authentication not to update pseudonym
340 * EAP-SIM: use Notification round before EAP-Failure
341 * EAP-AKA: added support for AT_COUNTER_TOO_SMALL
342 * EAP-AKA: skip AKA/Identity exchange if EAP identity is recognized
343 * EAP-AKA': fixed identity for MK derivation
344 * EAP-AKA': updated to RFC 5448 (username prefixes changed); note: this
346 * EAP-SIM/AKA: allow pseudonym to be used after unknown reauth id
349 * fixed EAP/WPS to PSK transition on reassociation in cases where
356 * EAP-SIM/AKA DB: added optional use of SQLite database for pseudonyms
372 * changed VENDOR-TEST EAP method to use proper private enterprise number
379 * fixed EAP-TLS/PEAP/TTLS/FAST server to validate TLS Message Length
479 * EAP server: Add support for configuring fragment size (see
506 * EAP-TNC: add Flags field into fragment acknowledgement (needed to
540 * EAP-FAST server: piggyback Phase 2 start with the end of Phase 1
564 * fixed EAPOL/EAP reauthentication when using an external RADIUS
566 * fixed TNC with EAP-TTLS
604 * added support for EAP-AKA' (draft-arkko-eap-aka-kdf)
606 * changed EAP-GPSK to use the IANA assigned EAP method type 51
608 * fixed retransmission of EAP requests if no response is received
614 * updated OpenSSL code for EAP-FAST to use an updated version of the
624 * fixed EAP-TLS message processing for the last TLS message if it is
632 * fixed EAP-FAST PAC-Opaque padding (0.6.4 broke this for some peer
635 by EAP-FAST server)
648 * changed EAP-FAST configuration to use separate fields for A-ID and
657 * added peer identity into EAP-FAST PAC-Opaque and skip Phase 2
659 * added support for EAP Sequences in EAP-FAST Phase 2
660 * added support for EAP-TNC (Trusted Network Connect)
661 (this version implements the EAP-TNC method and EAP-TTLS/EAP-FAST
665 * added fragmentation support for EAP-TNC
666 * added support for fragmenting EAP-TTLS/PEAP/FAST Phase 2 (tunneled)
679 * fixed EAP-SIM/AKA realm processing to allow decorated usernames to
681 * added a workaround for EAP-SIM/AKA peers that include incorrect null
683 * fixed EAP-SIM/AKA protected result indication to include AT_COUNTER
686 * fixed EAP-SIM Start response processing for fast reauthentication
688 * added support for pending EAP processing in EAP-{PEAP,TTLS,FAST}
689 phase 2 to allow EAP-SIM and EAP-AKA to be used as the Phase 2 method
692 * fixed EAP-SIM and EAP-AKA message parser to validate attribute
696 and various interfaces (e.g., EAP) is not compatible with old
698 * added support for protecting EAP-AKA/Identity messages with
701 EAP-SIM and EAP-AKA (eap_sim_aka_result_ind=1)
702 * added support for configuring EAP-TTLS phase 2 non-EAP methods in
703 EAP server configuration; previously all four were enabled for every
710 * added support for EAP-IKEv2 (draft-tschofenig-eap-ikev2-15.txt);
719 * added support for EAP-FAST server method to the integrated EAP
721 * updated EAP Generalized Pre-Shared Key (EAP-GPSK) to use the latest
733 * updated EAP-SAKE to RFC 4763 and the IANA-allocated EAP type 48
734 * updated EAP-PSK to use the IANA-allocated EAP type 47
735 * fixed EAP-PSK bit ordering of the Flags field
738 * fixed EAP-TTLS AVP parser processing for too short AVP lengths
740 * updated EAP Generalized Pre-Shared Key (EAP-GPSK) to use the latest
748 * fixed EAP-MSCHAPv2 server to use a space between S and M parameters
750 * added support for sending EAP-AKA Notifications in error cases
771 * updated EAP Generalized Pre-Shared Key (EAP-GPSK) to use the latest
777 * hlr_auc_gw: added support for GSM-Milenage (for EAP-SIM)
781 EAP-SIM/EAP-AKA
799 * added support for EAP Generalized Pre-Shared Key (EAP-GPSK,
812 * added support for EAP-SAKE (no EAP method number allocated yet, so
813 this is using the same experimental type 255 as EAP-PSK)
814 * fixed EAP-MSCHAPv2 message length validation
820 * moved HLR/AuC gateway implementation for EAP-SIM/AKA into an external
827 hardcoded AKA authentication data); this can be used to test EAP-SIM
828 and EAP-AKA
830 to make it possible to test EAP-AKA with real USIM cards (this is
836 * changed EAP method registration to use a dynamic list of methods
846 * added support for EAP expanded type (vendor specific EAP methods)
853 * added support for EAP methods to use callbacks to external programs
854 by buffering a pending request and processing it after the EAP method
856 * improved EAP-SIM database interface to allow external request to GSM
858 * added support for using EAP-SIM pseudonyms and fast re-authentication
859 * added support for EAP-AKA in the integrated EAP authenticator
860 * added support for matching EAP identity prefixes (e.g., "1"*) in EAP
861 user database to allow EAP-SIM/AKA selection without extra roundtrip
862 for EAP-Nak negotiation
863 * added support for storing EAP user password as NtPasswordHash instead
880 * added support for replacing user identity from EAP with RADIUS
882 for the RADIUS accounting messages (e.g., for EAP-PEAP/TTLS to get
891 two EAP-Response/Identity frames to the authentication server
896 * added experimental support for EAP-PSK
912 * EAP-PAX is now registered as EAP type 46
913 * fixed EAP-PAX MAC calculation
914 * fixed EAP-PAX CK and ICK key derivation
916 better match with RFC 3748 (EAP) terminology
936 using integrated EAP authenticator for EAP-TLS; new hostapd.conf
941 EAP-Request/Identity message (ASCII-0 (nul) in eap_message)
948 * fixed WPA2 to add PMKSA cache entry when using integrated EAP
950 * fixed PMKSA caching (EAP authentication was not skipped correctly
957 * added experimental support for EAP-PAX
966 * fixed PEAPv1 to use tunneled EAP-Success/Failure instead of EAP-TLV
968 * fixed EAP identifier duplicate processing with the new IEEE 802.1X
985 * added support for configuring multiple allowed EAP types for Phase 2
986 authentication (EAP-PEAP, EAP-TTLS)
991 * added support for EAP-PEAP in the integrated EAP authenticator
992 * added support for EAP-GTC in the integrated EAP authenticator
993 * added support for configuring list of EAP methods for Phase 1 so that
994 the integrated EAP authenticator can, e.g., use the wildcard entry
995 for EAP-TLS and EAP-PEAP
996 * added support for EAP-TTLS in the integrated EAP authenticator
997 * added support for EAP-SIM in the integrated EAP authenticator
999 with the integrated EAP authenticator taking care of EAP
1008 * added support for EAP-MSCHAPv2 in the integrated EAP authenticator
1011 * added support for integrated EAP-TLS authentication (new hostapd.conf
1023 * made EAP re-authentication period configurable (eap_reauth_period)
1068 * added integrated EAP authenticator that can be used instead of
1069 external RADIUS authentication server; currently, only EAP-MD5 is
1070 supported, so this cannot yet be used for key distribution; the EAP
1071 method interface is generic, though, so adding new EAP methods should
1099 * send canned EAP failure if RADIUS server sends Access-Reject without
1100 EAP message (previously, Supplicant was not notified in this case)
1101 * fixed mixed WPA-PSK and WPA-EAP mode to work with WPA-PSK (i.e., do
1109 - both WPA-PSK and WPA-RADIUS/EAP are supported