Lines Matching refs:EAP
6 * fixed EAP-pwd last fragment validation
8 * fixed EAP-pwd unexpected Confirm message processing
77 * EAP-pwd: added support for Brainpool Elliptic Curves
117 * EAP-PEAP: fixed interoperability issue with Windows 2012r2 server
119 * EAP-TTLS: fixed success after fragmented final Phase 2 message
127 - fix IEEE 802.1X/WEP EAP reauthentication and rekeying to use
132 * Interworking: add credential realm to EAP-TLS identity
154 * fixed EAP-pwd peer missing payload length validation
170 * added support for hashed password (NtHash) in EAP-pwd peer
189 * added EAP-EKE peer support for deriving Session-Id
211 * allow OpenSSL cipher configuration to be set for internal EAP server
253 * add support for EAP Re-Authentication Protocol (ERP)
254 * fixed EAP-IKEv2 fragmentation reassembly
263 * include peer certificate in EAP events even without a separate probe
265 * add peer ceritficate alt subject name to EAP events
266 (CTRL-EVENT-EAP-PEER-ALT)
305 * fixed EAP-AKA' message parser with multiple AT_KDF attributes
326 * removed EAP-TTLS/MSCHAPv2 interoperability workaround so that
329 * modified EAP fast session resumption to allow results to be used only
367 three-byte encoding EAP methods that use NtPasswordHash
408 * slow down automatic connection attempts on EAP failure to meet
451 * EAP-pwd fixes
454 - fix possible segmentation fault on EAP method deinit if an invalid
458 * fixed EAP-SIM counter-too-small message
513 * added Session-Id derivation for EAP peer methods
535 * added EAP-EKE peer
538 EAP-TLS) to specify additional constraint for the server certificate
540 * added support for external SIM/USIM processing in EAP-SIM, EAP-AKA,
541 and EAP-AKA' (CTRL-REQ-SIM and CTRL-RSP-SIM commands over control
613 * EAP-pwd:
633 * EAP-AKA: keep pseudonym identity across EAP exchanges to match EAP-SIM
673 * EAP-SIM: fixed AT_COUNTER_TOO_SMALL use
674 * EAP-SIM/AKA: append realm to pseudonym identity
675 * EAP-SIM/AKA: store pseudonym identity in network configuration to
676 allow it to persist over multiple EAP sessions and wpa_supplicant
678 * EAP-AKA': updated to RFC 5448 (username prefixes changed); note: this
707 * EAP-TTLS: fixed peer challenge generation for MSCHAPv2
717 (EAP-PEAP/TLS, EAP-TTLS/TLS, EAP-FAST/TLS) to support different CA
768 using EAP-TLS/PEAP/TTLS (i.e., only use it with EAP-FAST)
769 * changed VENDOR-TEST EAP method to use proper private enterprise number
838 - Add a DBus signal for EAP SM requests, emitted on the Interface
915 - Fragment size is now configurable for EAP-WSC peer. Use
991 automatic detection of EAP parameters
999 * EAP-TNC: add Flags field into fragment acknowledgement (needed to
1124 * added support for EAP-AKA' (draft-arkko-eap-aka-kdf)
1129 * changed EAP-GPSK to use the IANA assigned EAP method type 51
1137 * added Milenage SIM/USIM emulator for EAP-SIM/EAP-AKA
1148 * fixed EAP-AKA to use RES Length field in AT_RES as length in bits,
1150 * updated OpenSSL code for EAP-FAST to use an updated version of the
1175 * added support for EAP Sequences in EAP-FAST Phase 2
1176 * added support for using TNC with EAP-FAST
1179 * fixed the OpenSSL patches (0.9.8g and 0.9.9) for EAP-FAST to
1181 * added fragmentation support for EAP-TNC
1194 previously used for configuring user identity and key for EAP-PSK,
1195 EAP-PAX, EAP-SAKE, and EAP-GPSK. 'identity' field is now used as the
1211 * fixed EAP-SIM not to include AT_NONCE_MT and AT_SELECTED_VERSION
1212 attributes in EAP-SIM Start/Response when using fast reauthentication
1220 * fixed EAP-SIM and EAP-AKA message parser to validate attribute
1224 changed and various interfaces (e.g., EAP) is not compatible with old
1226 * added support for protecting EAP-AKA/Identity messages with
1229 EAP-SIM and EAP-AKA (phase1="result_ind=1")
1258 * added support for EAP-IKEv2 (draft-tschofenig-eap-ikev2-15.txt);
1265 full handshake when using EAP-FAST (e.g., due to an expired
1267 * updated EAP Generalized Pre-Shared Key (EAP-GPSK) to use the latest
1292 * updated EAP-SAKE to RFC 4763 and the IANA-allocated EAP type 48
1293 * updated EAP-PSK to use the IANA-allocated EAP type 47
1294 * fixed EAP-PAX key derivation
1295 * fixed EAP-PSK bit ordering of the Flags field
1296 * fixed EAP-PEAP/TTLS/FAST to use the correct EAP identifier in
1301 of EAP-PEAP/TTLS/FAST
1302 * fixed EAP-TTLS AVP parser processing for too short AVP lengths
1303 * added support for EAP-FAST authentication with inner methods that
1304 generate MSK (e.g., EAP-MSCHAPv2 that was previously only supported
1306 * added support for authenticated EAP-FAST provisioning
1307 * added support for configuring maximum number of EAP-FAST PACs to
1309 * added support for storing EAP-FAST PACs in binary format
1315 added support for EAP-FAST
1316 * updated EAP Generalized Pre-Shared Key (EAP-GPSK) to use the latest
1318 * fixed EAP-AKA Notification processing to allow Notification to be
1322 * fixed EAP-TTLS implementation not to crash on use of freed memory
1324 * added support for EAP-TNC (Trusted Network Connect)
1325 (this version implements the EAP-TNC method and EAP-TTLS changes
1340 * updated EAP Generalized Pre-Shared Key (EAP-GPSK) to use the latest
1350 needed (this allows EAP-AKA to be used with USIM cards that do not
1352 * added support for reading 3G USIM AID from EF_DIR to allow EAP-AKA to
1358 * fixed EAP-SIM/AKA key derivation for re-authentication case (only
1427 configure the maximum EAP fragment size
1456 * added support for EAP Generalized Pre-Shared Key (EAP-GPSK,
1485 * fixed EAP-GTC response to include correct user identity when run as
1486 phase 2 method of EAP-FAST (i.e., EAP-FAST did not work in v0.5.2)
1506 * added support for EAP-SAKE (no EAP method number allocated yet, so
1507 this is using the same experimental type 255 as EAP-PSK)
1508 * added support for dynamically loading EAP methods (.so files) instead
1515 access for a network that has not enabled EAP-AKA
1516 * fixed EAP phase 2 Nak for EAP-{PEAP,TTLS,FAST} (this was broken in
1517 v0.5.1 due to the new support for expanded EAP types)
1518 * added support for generating EAP Expanded Nak
1525 * changed EAP method registration to use a dynamic list of methods
1529 * fixed a memory leak in EAP-TTLS re-authentication
1539 * added support for EAP expanded type (vendor specific EAP methods)
1557 EAP-SIM and EAP-AKA with real SIM/USIM card when using ap_scan=0 or
1565 * fixed EAP-SIM and EAP-AKA pseudonym and fast re-authentication to
1567 * fixed EAP-AKA to allow resynchronization within the same session
1592 refused the previously used parameters; this fixes EAP-SIM and
1593 EAP-AKA authentication using SIM/USIM card under Windows
1605 * added support for EAP-FAST key derivation using other ciphers than
1632 * disable EAP state machine when IEEE 802.1X authentication is not used
1633 in order to get rid of bogus "EAP failed" messages
1642 * fixed EAP state machine to not discard EAP-Failure messages in many
1690 EAP authentication immediately after association
1701 for EAP state machine to allow recovery from dropped EAP-Success
1704 layer (Ethernet) header during WPA and EAPOL/EAP processing; this
1708 * updated EAP-PSK to use draft 9 by default since this can now be
1726 * replaced OpenSSL patch for EAP-FAST support
1730 to be able to build wpa_supplicant with EAP-FAST support)
1732 for client certificate and private key operations (EAP-TLS)
1755 * added EAP workaround for PEAP session resumption: allow outer,
1756 i.e., not tunneled, EAP-Success to terminate session since; this can
1766 * removed interface for external EAPOL/EAP supplicant (e.g.,
1790 * added support for querying private key password (EAP-TLS) through the
1795 * EAP-PAX is now registered as EAP type 46
1796 * fixed EAP-PAX MAC calculation
1797 * fixed EAP-PAX CK and ICK key derivation
1798 * added support for using password with EAP-PAX (as an alternative to
1819 * added support for EAP-MSCHAPv2 password retries within the same EAP
1821 * added support for password changes with EAP-MSCHAPv2 (used when the
1827 * fixed a possible double free in EAP-TTLS fast-reauthentication when
1829 * display EAP Notification messages to user through control interface
1830 with "CTRL-EVENT-EAP-NOTIFICATION" prefix
1841 * added EAP workaround for PEAPv1 session resumption: allow outer,
1842 i.e., not tunneled, EAP-Success to terminate session since; this can
1859 * modified the EAP workaround that accepts EAP-Success with incorrect
1867 file, a control interface request is sent and EAP processing is
1870 private key operations in EAP-TLS (CONFIG_SMARTCARD=y in .config);
1874 * added experimental support for EAP-PAX
1902 EAP-PEAP and EAP-TTLS
1921 * fixed EAP workaround and fast reauthentication configuration for
1924 requires EAP workarounds
1928 * fixed CA certificate loading after a failed EAP-TLS/PEAP/TTLS
1930 * allow EAP-PEAP/TTLS fast reauthentication only if Phase 2 succeeded
1949 * cleaned up EAP state machine <-> method interface and number of
1951 EAP-Failure but waiting for timeout
1954 * added support for EAP-FAST (draft-cam-winget-eap-fast-00.txt);
1968 * improved recovery from PMKID mismatches by requesting full EAP
1983 clearing port Valid in order to reset EAP state machine and avoid
2030 * PEAPv1: fixed tunneled EAP-Success reply handling to reply with TLS
2031 ACK, not tunneled EAP-Success (of which only the first byte was
2035 EAP-Success message; this can be configured by adding
2043 * added support for EAP-PSK (draft-bersani-eap-psk-03.txt)
2045 * added support for configuring list of allowed Phase 2 EAP types
2046 (for both EAP-PEAP and EAP-TTLS) instead of only one type
2050 * added support for EAP-AKA (with UMTS SIM)
2052 random-looking errors for EAP-SIM
2053 * added support for EAP-SIM pseudonyms and fast re-authentication
2054 * added support for EAP-TLS/PEAP/TTLS fast re-authentication (TLS
2056 * added support for EAP-SIM with two challanges
2059 key exchange (EAP-TLS/PEAP/TTLS) using new configuration parameters
2063 certificate with a substring when using EAP-TLS/PEAP/TTLS; new
2105 * added a workaround for EAP servers that incorrectly use same Id for
2106 sequential EAP packets
2119 * made EAP workarounds configurable; enabled by default, can be
2123 * resolved couple of interoperability issues with EAP-PEAPv1 and
2124 Phase 2 (inner EAP) fragment reassembly
2144 * added support for new EAP authentication methods:
2145 EAP-TTLS/EAP-OTP, EAP-PEAPv0/OTP, EAP-PEAPv1/OTP, EAP-OTP
2150 password; this can be used with both EAP-OTP and EAP-GTC
2180 * small improvements/bug fixes for EAP-MSCHAPv2, EAP-PEAP, and
2192 EAP-SIM; this requires pcsc-lite
2196 EAP keying material is used as data encryption key)
2201 * added support for new EAP authentication methods:
2202 EAP-TTLS/EAP-MD5-Challenge
2203 EAP-TTLS/EAP-GTC
2204 EAP-TTLS/EAP-MSCHAPv2
2205 EAP-TTLS/EAP-TLS
2206 EAP-TTLS/MSCHAPv2
2207 EAP-TTLS/MSCHAP
2208 EAP-TTLS/PAP
2209 EAP-TTLS/CHAP
2210 EAP-PEAP/TLS
2211 EAP-PEAP/GTC
2212 EAP-PEAP/MD5-Challenge
2213 EAP-GTC
2214 EAP-SIM (not yet complete; needs GSM/SIM authentication interface)
2217 tunnel (e.g., with EAP-TTLS)
2220 control interface; in other words, the password for EAP-PEAP or
2221 EAP-TTLS does not need to be included in the configuration file since
2239 - EAP peer state machine [draft-ietf-eap-statemachine-02.pdf]
2240 - EAP-MD5 (cannot be used with WPA-RADIUS)
2242 - EAP-TLS [RFC 2716]
2243 - EAP-MSCHAPv2 (currently used only with EAP-PEAP)
2244 - EAP-PEAP/MSCHAPv2 [draft-josefsson-pppext-eap-tls-eap-07.txt]
2255 - EAP-TLS and EAP-PEAP require openssl libraries
2256 * use module prefix in debug messages (WPA, EAP, EAP-TLS, ..)
2258 (i.e., complete IEEE 802.1X/EAP authentication and use IEEE 802.1X
2275 - EAPOL/EAP functions