Permalink
Browse files

auto import from //depot/cupcake/@135843

  • Loading branch information...
1 parent 0ff01d4 commit 845e0124d42b67ef926fbae32a7f61d2e5109ebd The Android Open Source Project committed Mar 4, 2009
Showing with 19,746 additions and 0 deletions.
  1. +708 −0 Android.mk
  2. +340 −0 COPYING
  3. +1,023 −0 ChangeLog
  4. 0 MODULE_LICENSE_BSD_LIKE
  5. +914 −0 Makefile
  6. +61 −0 NOTICE
  7. +970 −0 README
  8. +1,107 −0 aes.c
  9. +25 −0 aes.h
  10. +515 −0 aes_wrap.c
  11. +44 −0 aes_wrap.h
  12. +209 −0 asn1.c
  13. +71 −0 asn1.h
  14. +210 −0 asn1_test.c
  15. +188 −0 base64.c
  16. +23 −0 base64.h
  17. +230 −0 bignum.c
  18. +38 −0 bignum.h
  19. +50 −0 build_config.h
  20. +599 −0 common.c
  21. +494 −0 common.h
  22. +1,759 −0 config.c
  23. +339 −0 config.h
  24. +727 −0 config_file.c
  25. +57 −0 config_none.c
  26. +871 −0 config_ssid.h
  27. +28 −0 config_types.h
  28. +882 −0 config_winreg.c
  29. +207 −0 crypto.c
  30. +413 −0 crypto.h
  31. +801 −0 crypto_cryptoapi.c
  32. +163 −0 crypto_gnutls.c
  33. +670 −0 crypto_internal.c
  34. +736 −0 crypto_libtomcrypt.c
  35. +28 −0 crypto_none.c
  36. +1,467 −0 ctrl_iface.c
  37. +159 −0 ctrl_iface.h
  38. +1,060 −0 ctrl_iface_dbus.c
  39. +146 −0 ctrl_iface_dbus.h
  40. +1,331 −0 ctrl_iface_dbus_handlers.c
  41. +83 −0 ctrl_iface_dbus_handlers.h
Sorry, we could not display the entire diff because it was too big.
View
708 Android.mk
@@ -0,0 +1,708 @@
+#
+# Copyright (C) 2008 The Android Open Source Project
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+LOCAL_PATH := $(call my-dir)
+
+WPA_BUILD_SUPPLICANT := false
+ifneq ($(TARGET_SIMULATOR),true)
+ ifneq ($(BOARD_WPA_SUPPLICANT_DRIVER),)
+ WPA_BUILD_SUPPLICANT := true
+ CONFIG_DRIVER_$(BOARD_WPA_SUPPLICANT_DRIVER) = y
+ endif
+endif
+
+include $(LOCAL_PATH)/.config
+
+# To force sizeof(enum) = 4
+ifeq ($(TARGET_ARCH),arm)
+L_CFLAGS += -mabi=aapcs-linux
+endif
+
+# To ignore possible wrong network configurations
+L_CFLAGS += -DWPA_IGNORE_CONFIG_ERRORS
+
+INCLUDES = external/openssl/include
+
+OBJS = config.c common.c md5.c md4.c rc4.c sha1.c des.c if_index.c
+OBJS_p = wpa_passphrase.c sha1.c md5.c md4.c common.c des.c
+OBJS_c = wpa_cli.c wpa_ctrl.c
+
+ifndef CONFIG_OS
+ifdef CONFIG_NATIVE_WINDOWS
+CONFIG_OS=win32
+else
+CONFIG_OS=unix
+endif
+endif
+
+OBJS += os_$(CONFIG_OS).c
+OBJS_p += os_$(CONFIG_OS).c
+OBJS_c += os_$(CONFIG_OS).c
+
+ifndef CONFIG_ELOOP
+CONFIG_ELOOP=eloop
+endif
+OBJS += $(CONFIG_ELOOP).c
+
+
+ifdef CONFIG_EAPOL_TEST
+L_CFLAGS += -Werror -DEAPOL_TEST
+endif
+
+ifndef CONFIG_BACKEND
+CONFIG_BACKEND=file
+endif
+
+ifeq ($(CONFIG_BACKEND), file)
+OBJS += config_file.c base64.c
+L_CFLAGS += -DCONFIG_BACKEND_FILE
+endif
+
+ifeq ($(CONFIG_BACKEND), winreg)
+OBJS += config_winreg.c
+endif
+
+ifeq ($(CONFIG_BACKEND), none)
+OBJS += config_none.c
+endif
+
+ifdef CONFIG_DRIVER_HOSTAP
+L_CFLAGS += -DCONFIG_DRIVER_HOSTAP
+OBJS_d += driver_hostap.c
+CONFIG_WIRELESS_EXTENSION=y
+endif
+
+ifdef CONFIG_DRIVER_WEXT
+L_CFLAGS += -DCONFIG_DRIVER_WEXT
+CONFIG_WIRELESS_EXTENSION=y
+endif
+
+ifdef CONFIG_DRIVER_PRISM54
+L_CFLAGS += -DCONFIG_DRIVER_PRISM54
+OBJS_d += driver_prism54.c
+CONFIG_WIRELESS_EXTENSION=y
+endif
+
+ifdef CONFIG_DRIVER_HERMES
+L_CFLAGS += -DCONFIG_DRIVER_HERMES
+OBJS_d += driver_hermes.c
+CONFIG_WIRELESS_EXTENSION=y
+endif
+
+ifdef CONFIG_DRIVER_MADWIFI
+L_CFLAGS += -DCONFIG_DRIVER_MADWIFI
+OBJS_d += driver_madwifi.c
+CONFIG_WIRELESS_EXTENSION=y
+endif
+
+ifdef CONFIG_DRIVER_ATMEL
+L_CFLAGS += -DCONFIG_DRIVER_ATMEL
+OBJS_d += driver_atmel.c
+CONFIG_WIRELESS_EXTENSION=y
+endif
+
+ifdef CONFIG_DRIVER_NDISWRAPPER
+L_CFLAGS += -DCONFIG_DRIVER_NDISWRAPPER
+OBJS_d += driver_ndiswrapper.c
+CONFIG_WIRELESS_EXTENSION=y
+endif
+
+ifdef CONFIG_DRIVER_BROADCOM
+L_CFLAGS += -DCONFIG_DRIVER_BROADCOM
+OBJS_d += driver_broadcom.c
+endif
+
+ifdef CONFIG_DRIVER_IPW
+L_CFLAGS += -DCONFIG_DRIVER_IPW
+OBJS_d += driver_ipw.c
+CONFIG_WIRELESS_EXTENSION=y
+endif
+
+ifdef CONFIG_DRIVER_BSD
+L_CFLAGS += -DCONFIG_DRIVER_BSD
+OBJS_d += driver_bsd.c
+ifndef CONFIG_L2_PACKET
+CONFIG_L2_PACKET=freebsd
+endif
+endif
+
+ifdef CONFIG_DRIVER_NDIS
+L_CFLAGS += -DCONFIG_DRIVER_NDIS
+OBJS_d += driver_ndis.c driver_ndis_.c
+ifndef CONFIG_L2_PACKET
+CONFIG_L2_PACKET=pcap
+endif
+CONFIG_WINPCAP=y
+ifdef CONFIG_USE_NDISUIO
+L_CFLAGS += -DCONFIG_USE_NDISUIO
+endif
+endif
+
+ifdef CONFIG_DRIVER_WIRED
+L_CFLAGS += -DCONFIG_DRIVER_WIRED
+OBJS_d += driver_wired.c
+endif
+
+ifdef CONFIG_DRIVER_TEST
+L_CFLAGS += -DCONFIG_DRIVER_TEST
+OBJS_d += driver_test.c
+endif
+
+ifdef CONFIG_DRIVER_CUSTOM
+L_CFLAGS += -DCONFIG_DRIVER_CUSTOM
+endif
+
+ifndef CONFIG_L2_PACKET
+CONFIG_L2_PACKET=linux
+endif
+
+OBJS += l2_packet_$(CONFIG_L2_PACKET).c
+
+ifeq ($(CONFIG_L2_PACKET), pcap)
+ifdef CONFIG_WINPCAP
+L_CFLAGS += -DCONFIG_WINPCAP
+LIBS += -lwpcap -lpacket
+LIBS_w += -lwpcap
+else
+LIBS += -ldnet -lpcap
+endif
+endif
+
+ifeq ($(CONFIG_L2_PACKET), winpcap)
+LIBS += -lwpcap -lpacket
+LIBS_w += -lwpcap
+endif
+
+ifeq ($(CONFIG_L2_PACKET), freebsd)
+LIBS += -lpcap
+endif
+
+ifdef CONFIG_EAP_TLS
+# EAP-TLS
+L_CFLAGS += -DEAP_TLS
+OBJS += eap_tls.c
+TLS_FUNCS=y
+CONFIG_IEEE8021X_EAPOL=y
+endif
+
+ifdef CONFIG_EAP_PEAP
+# EAP-PEAP
+L_CFLAGS += -DEAP_PEAP
+OBJS += eap_peap.c
+TLS_FUNCS=y
+CONFIG_IEEE8021X_EAPOL=y
+CONFIG_EAP_TLV=y
+endif
+
+ifdef CONFIG_EAP_TTLS
+# EAP-TTLS
+L_CFLAGS += -DEAP_TTLS
+OBJS += eap_ttls.c
+MS_FUNCS=y
+TLS_FUNCS=y
+CONFIG_IEEE8021X_EAPOL=y
+endif
+
+ifdef CONFIG_EAP_MD5
+# EAP-MD5 (also used by EAP-TTLS)
+L_CFLAGS += -DEAP_MD5
+OBJS += eap_md5.c
+CONFIG_IEEE8021X_EAPOL=y
+endif
+
+# backwards compatibility for old spelling
+ifdef CONFIG_MSCHAPV2
+ifndef CONFIG_EAP_MSCHAPV2
+CONFIG_EAP_MSCHAPV2=y
+endif
+endif
+
+ifdef CONFIG_EAP_MSCHAPV2
+# EAP-MSCHAPv2 (also used by EAP-PEAP)
+L_CFLAGS += -DEAP_MSCHAPv2
+OBJS += eap_mschapv2.c
+MS_FUNCS=y
+CONFIG_IEEE8021X_EAPOL=y
+endif
+
+ifdef CONFIG_EAP_GTC
+# EAP-GTC (also used by EAP-PEAP)
+L_CFLAGS += -DEAP_GTC
+OBJS += eap_gtc.c
+CONFIG_IEEE8021X_EAPOL=y
+endif
+
+ifdef CONFIG_EAP_OTP
+# EAP-OTP
+L_CFLAGS += -DEAP_OTP
+OBJS += eap_otp.c
+CONFIG_IEEE8021X_EAPOL=y
+endif
+
+ifdef CONFIG_EAP_SIM
+# EAP-SIM
+L_CFLAGS += -DEAP_SIM
+OBJS += eap_sim.c
+CONFIG_IEEE8021X_EAPOL=y
+CONFIG_EAP_SIM_COMMON=y
+endif
+
+ifdef CONFIG_EAP_LEAP
+# EAP-LEAP
+L_CFLAGS += -DEAP_LEAP
+OBJS += eap_leap.c
+MS_FUNCS=y
+CONFIG_IEEE8021X_EAPOL=y
+endif
+
+ifdef CONFIG_EAP_PSK
+# EAP-PSK
+L_CFLAGS += -DEAP_PSK
+OBJS += eap_psk.c eap_psk_common.c
+CONFIG_IEEE8021X_EAPOL=y
+NEED_AES=y
+endif
+
+ifdef CONFIG_EAP_AKA
+# EAP-AKA
+L_CFLAGS += -DEAP_AKA
+OBJS += eap_aka.c
+CONFIG_IEEE8021X_EAPOL=y
+CONFIG_EAP_SIM_COMMON=y
+endif
+
+ifdef CONFIG_EAP_SIM_COMMON
+OBJS += eap_sim_common.c
+NEED_AES=y
+endif
+
+ifdef CONFIG_EAP_TLV
+# EAP-TLV
+L_CFLAGS += -DEAP_TLV
+OBJS += eap_tlv.c
+endif
+
+ifdef CONFIG_EAP_FAST
+# EAP-FAST
+L_CFLAGS += -DEAP_FAST
+OBJS += eap_fast.c
+TLS_FUNCS=y
+endif
+
+ifdef CONFIG_EAP_PAX
+# EAP-PAX
+L_CFLAGS += -DEAP_PAX
+OBJS += eap_pax.c eap_pax_common.c
+CONFIG_IEEE8021X_EAPOL=y
+endif
+
+ifdef CONFIG_EAP_SAKE
+# EAP-SAKE
+L_CFLAGS += -DEAP_SAKE
+OBJS += eap_sake.c eap_sake_common.c
+CONFIG_IEEE8021X_EAPOL=y
+endif
+
+ifdef CONFIG_EAP_GPSK
+# EAP-GPSK
+L_CFLAGS += -DEAP_GPSK
+OBJS += eap_gpsk.c eap_gpsk_common.c
+CONFIG_IEEE8021X_EAPOL=y
+ifdef CONFIG_EAP_GPSK_SHA256
+L_CFLAGS += -DEAP_GPSK_SHA256
+NEED_SHA256=y
+endif
+endif
+ifdef CONFIG_EAP_VENDOR_TEST
+L_CFLAGS += -DEAP_VENDOR_TEST
+OBJS += eap_vendor_test.c
+CONFIG_IEEE8021X_EAPOL=y
+endif
+
+ifdef CONFIG_IEEE8021X_EAPOL
+# IEEE 802.1X/EAPOL state machines (e.g., for RADIUS authentication)
+L_CFLAGS += -DIEEE8021X_EAPOL
+OBJS += eapol_sm.c eap.c eap_methods.c
+endif
+
+ifdef CONFIG_PCSC
+# PC/SC interface for smartcards (USIM, GSM SIM)
+L_CFLAGS += -DPCSC_FUNCS -I/usr/include/PCSC
+OBJS += pcsc_funcs.c
+# -lpthread may not be needed depending on how pcsc-lite was configured
+ifdef CONFIG_NATIVE_WINDOWS
+#Once MinGW gets support for WinScard, -lwinscard could be used instead of the
+#dynamic symbol loading that is now used in pcsc_funcs.c
+#LIBS += -lwinscard
+else
+LIBS += -lpcsclite -lpthread
+endif
+endif
+
+ifndef CONFIG_TLS
+CONFIG_TLS=openssl
+# CONFIG_TLS=internal
+endif
+
+ifeq ($(CONFIG_TLS), internal)
+ifndef CONFIG_CRYPTO
+CONFIG_CRYPTO=internal
+endif
+endif
+ifeq ($(CONFIG_CRYPTO), libtomcrypt)
+L_CFLAGS += -DCONFIG_INTERNAL_X509
+endif
+ifeq ($(CONFIG_CRYPTO), internal)
+L_CFLAGS += -DCONFIG_INTERNAL_X509
+endif
+
+
+ifdef TLS_FUNCS
+# Shared TLS functions (needed for EAP_TLS, EAP_PEAP, EAP_TTLS, and EAP_FAST)
+L_CFLAGS += -DEAP_TLS_FUNCS
+OBJS += eap_tls_common.c
+ifeq ($(CONFIG_TLS), openssl)
+L_CFLAGS += -DEAP_TLS_OPENSSL
+OBJS += tls_openssl.c
+LIBS += -lssl -lcrypto
+LIBS_p += -lcrypto
+endif
+ifeq ($(CONFIG_TLS), gnutls)
+OBJS += tls_gnutls.c
+LIBS += -lgnutls -lgcrypt -lgpg-error
+LIBS_p += -lgcrypt
+ifdef CONFIG_GNUTLS_EXTRA
+L_CFLAGS += -DCONFIG_GNUTLS_EXTRA
+LIBS += -lgnutls-extra
+endif
+endif
+ifeq ($(CONFIG_TLS), schannel)
+OBJS += tls_schannel.c
+endif
+ifeq ($(CONFIG_TLS), internal)
+OBJS += tls_internal.c tlsv1_common.c tlsv1_client.c asn1.c x509v3.c
+OBJS_p += asn1.c rc4.c aes_wrap.c
+ifneq ($(CONFIG_BACKEND), file)
+OBJS += base64.c
+endif
+L_CFLAGS += -DCONFIG_TLS_INTERNAL
+ifeq ($(CONFIG_CRYPTO), internal)
+ifdef CONFIG_INTERNAL_LIBTOMMATH
+L_CFLAGS += -DCONFIG_INTERNAL_LIBTOMMATH
+else
+LIBS += -ltommath
+LIBS_p += -ltommath
+endif
+endif
+ifeq ($(CONFIG_CRYPTO), libtomcrypt)
+LIBS += -ltomcrypt -ltfm
+LIBS_p += -ltomcrypt -ltfm
+endif
+endif
+ifeq ($(CONFIG_TLS), none)
+OBJS += tls_none.c
+L_CFLAGS += -DEAP_TLS_NONE
+CONFIG_INTERNAL_AES=y
+CONFIG_INTERNAL_SHA1=y
+CONFIG_INTERNAL_MD5=y
+CONFIG_INTERNAL_SHA256=y
+endif
+ifdef CONFIG_SMARTCARD
+ifndef CONFIG_NATIVE_WINDOWS
+ifneq ($(CONFIG_L2_PACKET), freebsd)
+LIBS += -ldl
+endif
+endif
+endif
+NEED_CRYPTO=y
+else
+OBJS += tls_none.c
+endif
+
+ifdef CONFIG_PKCS12
+L_CFLAGS += -DPKCS12_FUNCS
+endif
+
+ifdef CONFIG_SMARTCARD
+L_CFLAGS += -DCONFIG_SMARTCARD
+endif
+
+ifdef MS_FUNCS
+OBJS += ms_funcs.c
+NEED_CRYPTO=y
+endif
+
+ifdef NEED_CRYPTO
+ifndef TLS_FUNCS
+ifeq ($(CONFIG_TLS), openssl)
+LIBS += -lcrypto
+LIBS_p += -lcrypto
+endif
+ifeq ($(CONFIG_TLS), gnutls)
+LIBS += -lgcrypt
+LIBS_p += -lgcrypt
+endif
+ifeq ($(CONFIG_TLS), schannel)
+endif
+ifeq ($(CONFIG_TLS), internal)
+ifeq ($(CONFIG_CRYPTO), libtomcrypt)
+LIBS += -ltomcrypt -ltfm
+LIBS_p += -ltomcrypt -ltfm
+endif
+endif
+endif
+ifeq ($(CONFIG_TLS), openssl)
+OBJS += crypto.c
+OBJS_p += crypto.c
+CONFIG_INTERNAL_SHA256=y
+endif
+ifeq ($(CONFIG_TLS), gnutls)
+OBJS += crypto_gnutls.c
+OBJS_p += crypto_gnutls.c
+CONFIG_INTERNAL_SHA256=y
+endif
+ifeq ($(CONFIG_TLS), schannel)
+OBJS += crypto_cryptoapi.c
+OBJS_p += crypto_cryptoapi.c
+CONFIG_INTERNAL_SHA256=y
+endif
+ifeq ($(CONFIG_TLS), internal)
+ifeq ($(CONFIG_CRYPTO), libtomcrypt)
+OBJS += crypto_libtomcrypt.c
+OBJS_p += crypto_libtomcrypt.c
+CONFIG_INTERNAL_SHA256=y
+endif
+ifeq ($(CONFIG_CRYPTO), internal)
+OBJS += crypto_internal.c rsa.c bignum.c
+OBJS_p += crypto_internal.c rsa.c bignum.c
+L_CFLAGS += -DCONFIG_CRYPTO_INTERNAL
+CONFIG_INTERNAL_AES=y
+CONFIG_INTERNAL_DES=y
+CONFIG_INTERNAL_SHA1=y
+CONFIG_INTERNAL_MD4=y
+CONFIG_INTERNAL_MD5=y
+CONFIG_INTERNAL_SHA256=y
+endif
+ifeq ($(CONFIG_CRYPTO), cryptoapi)
+OBJS += crypto_cryptoapi.c
+OBJS_p += crypto_cryptoapi.c
+L_CFLAGS += -DCONFIG_CRYPTO_CRYPTOAPI
+CONFIG_INTERNAL_SHA256=y
+endif
+endif
+ifeq ($(CONFIG_TLS), none)
+OBJS += crypto_none.c
+OBJS_p += crypto_none.c
+CONFIG_INTERNAL_SHA256=y
+endif
+else
+CONFIG_INTERNAL_AES=y
+CONFIG_INTERNAL_SHA1=y
+CONFIG_INTERNAL_MD5=y
+endif
+
+ifdef CONFIG_INTERNAL_AES
+L_CFLAGS += -DINTERNAL_AES
+endif
+ifdef CONFIG_INTERNAL_SHA1
+L_CFLAGS += -DINTERNAL_SHA1
+endif
+ifdef CONFIG_INTERNAL_SHA256
+L_CFLAGS += -DINTERNAL_SHA256
+endif
+ifdef CONFIG_INTERNAL_MD5
+L_CFLAGS += -DINTERNAL_MD5
+endif
+ifdef CONFIG_INTERNAL_MD4
+L_CFLAGS += -DINTERNAL_MD4
+endif
+ifdef CONFIG_INTERNAL_DES
+L_CFLAGS += -DINTERNAL_DES
+endif
+
+ifdef NEED_SHA256
+OBJS += sha256.c
+endif
+
+ifdef CONFIG_WIRELESS_EXTENSION
+L_CFLAGS += -DCONFIG_WIRELESS_EXTENSION
+OBJS_d += driver_wext.c
+endif
+
+ifdef CONFIG_CTRL_IFACE
+ifeq ($(CONFIG_CTRL_IFACE), y)
+ifdef CONFIG_NATIVE_WINDOWS
+CONFIG_CTRL_IFACE=udp
+else
+CONFIG_CTRL_IFACE=unix
+endif
+endif
+L_CFLAGS += -DCONFIG_CTRL_IFACE
+ifeq ($(CONFIG_CTRL_IFACE), udp)
+L_CFLAGS += -DCONFIG_CTRL_IFACE_UDP
+else
+L_CFLAGS += -DCONFIG_CTRL_IFACE_UNIX
+endif
+OBJS += ctrl_iface.c ctrl_iface_$(CONFIG_CTRL_IFACE).c
+endif
+
+ifdef CONFIG_READLINE
+L_CFLAGS += -DCONFIG_READLINE
+LIBS_c += -lncurses -lreadline
+endif
+
+ifdef CONFIG_NATIVE_WINDOWS
+L_CFLAGS += -DCONFIG_NATIVE_WINDOWS
+LIBS += -lws2_32 -lgdi32 -lcrypt32
+LIBS_c += -lws2_32
+LIBS_p += -lws2_32
+ifeq ($(CONFIG_CRYPTO), cryptoapi)
+LIBS_p += -lcrypt32
+endif
+endif
+
+ifdef CONFIG_NO_STDOUT_DEBUG
+L_CFLAGS += -DCONFIG_NO_STDOUT_DEBUG
+ifndef CONFIG_CTRL_IFACE
+CFLAGS += -DCONFIG_NO_WPA_MSG
+endif
+endif
+
+ifdef CONFIG_IPV6
+# for eapol_test only
+L_CFLAGS += -DCONFIG_IPV6
+endif
+
+ifdef CONFIG_PEERKEY
+L_CFLAGS += -DCONFIG_PEERKEY
+endif
+
+ifdef CONFIG_IEEE80211W
+L_CFLAGS += -DCONFIG_IEEE80211W
+NEED_SHA256=y
+endif
+
+ifndef CONFIG_NO_WPA
+OBJS += wpa.c preauth.c pmksa_cache.c
+NEED_AES=y
+else
+L_CFLAGS += -DCONFIG_NO_WPA -DCONFIG_NO_WPA2
+endif
+
+ifdef CONFIG_NO_WPA2
+L_CFLAGS += -DCONFIG_NO_WPA2
+endif
+
+ifdef CONFIG_NO_AES_EXTRAS
+L_CFLAGS += -DCONFIG_NO_AES_WRAP
+L_CFLAGS += -DCONFIG_NO_AES_CTR -DCONFIG_NO_AES_OMAC1
+L_CFLAGS += -DCONFIG_NO_AES_EAX -DCONFIG_NO_AES_CBC
+endif
+
+ifdef NEED_AES
+OBJS += aes_wrap.c
+endif
+
+ifdef CONFIG_CLIENT_MLME
+OBJS += mlme.c
+L_CFLAGS += -DCONFIG_CLIENT_MLME
+endif
+
+ifndef CONFIG_MAIN
+CONFIG_MAIN=main
+endif
+
+ifdef CONFIG_DEBUG_FILE
+L_CFLAGS += -DCONFIG_DEBUG_FILE
+endif
+
+OBJS += wpa_supplicant.c events.c
+OBJS_t := $(OBJS) eapol_test.c radius.c radius_client.c
+OBJS_t2 := $(OBJS) preauth_test.c
+OBJS += $(CONFIG_MAIN).c drivers.c $(OBJS_d)
+
+ifdef CONFIG_NDIS_EVENTS_INTEGRATED
+L_CFLAGS += -DCONFIG_NDIS_EVENTS_INTEGRATED
+OBJS += ndis_events.c
+EXTRALIBS += -loleaut32 -lole32 -luuid
+ifdef PLATFORMSDKLIB
+EXTRALIBS += $(PLATFORMSDKLIB)/WbemUuid.Lib
+else
+EXTRALIBS += WbemUuid.Lib
+endif
+endif
+
+ifeq ($(WPA_BUILD_SUPPLICANT),true)
+
+########################
+
+include $(CLEAR_VARS)
+LOCAL_MODULE := wpa_cli
+LOCAL_SHARED_LIBRARIES := libc libcutils
+LOCAL_CFLAGS := $(L_CFLAGS)
+LOCAL_SRC_FILES := $(OBJS_c)
+LOCAL_C_INCLUDES := $(INCLUDES)
+include $(BUILD_EXECUTABLE)
+
+########################
+include $(CLEAR_VARS)
+LOCAL_MODULE := wpa_supplicant
+ifdef CONFIG_DRIVER_CUSTOM
+LOCAL_STATIC_LIBRARIES := libCustomWifi libWifiApi
+endif
+LOCAL_SHARED_LIBRARIES := libc libcutils libcrypto libssl
+LOCAL_CFLAGS := $(L_CFLAGS)
+LOCAL_SRC_FILES := $(OBJS)
+LOCAL_C_INCLUDES := $(INCLUDES)
+include $(BUILD_EXECUTABLE)
+
+########################
+#
+#include $(CLEAR_VARS)
+#LOCAL_MODULE := eapol_test
+#ifdef CONFIG_DRIVER_CUSTOM
+#LOCAL_STATIC_LIBRARIES := libCustomWifi
+#endif
+#LOCAL_SHARED_LIBRARIES := libc libcrypto libssl
+#LOCAL_CFLAGS := $(L_CFLAGS)
+#LOCAL_SRC_FILES := $(OBJS_t)
+#LOCAL_C_INCLUDES := $(INCLUDES)
+#include $(BUILD_EXECUTABLE)
+#
+########################
+
+local_target_dir := $(TARGET_OUT)/etc/wifi
+
+include $(CLEAR_VARS)
+LOCAL_MODULE := wpa_supplicant.conf
+LOCAL_MODULE_TAGS := user development
+LOCAL_MODULE_CLASS := ETC
+LOCAL_MODULE_PATH := $(local_target_dir)
+LOCAL_SRC_FILES := $(LOCAL_MODULE)
+include $(BUILD_PREBUILT)
+
+########################
+
+endif # ifeq ($(WPA_BUILD_SUPPLICANT),true)
+
+include $(CLEAR_VARS)
+LOCAL_MODULE = libwpa_client
+LOCAL_CFLAGS = $(L_CFLAGS)
+LOCAL_SRC_FILES = wpa_ctrl.c os_unix.c
+LOCAL_C_INCLUDES = $(INCLUDES)
+LOCAL_SHARED_LIBRARIES := libcutils
+LOCAL_COPY_HEADERS_TO := libwpa_client
+LOCAL_COPY_HEADERS := wpa_ctrl.h
+include $(BUILD_SHARED_LIBRARY)
View
340 COPYING
@@ -0,0 +1,340 @@
+ GNU GENERAL PUBLIC LICENSE
+ Version 2, June 1991
+
+ Copyright (C) 1989, 1991 Free Software Foundation, Inc.
+ 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+ Preamble
+
+ The licenses for most software are designed to take away your
+freedom to share and change it. By contrast, the GNU General Public
+License is intended to guarantee your freedom to share and change free
+software--to make sure the software is free for all its users. This
+General Public License applies to most of the Free Software
+Foundation's software and to any other program whose authors commit to
+using it. (Some other Free Software Foundation software is covered by
+the GNU Library General Public License instead.) You can apply it to
+your programs, too.
+
+ When we speak of free software, we are referring to freedom, not
+price. Our General Public Licenses are designed to make sure that you
+have the freedom to distribute copies of free software (and charge for
+this service if you wish), that you receive source code or can get it
+if you want it, that you can change the software or use pieces of it
+in new free programs; and that you know you can do these things.
+
+ To protect your rights, we need to make restrictions that forbid
+anyone to deny you these rights or to ask you to surrender the rights.
+These restrictions translate to certain responsibilities for you if you
+distribute copies of the software, or if you modify it.
+
+ For example, if you distribute copies of such a program, whether
+gratis or for a fee, you must give the recipients all the rights that
+you have. You must make sure that they, too, receive or can get the
+source code. And you must show them these terms so they know their
+rights.
+
+ We protect your rights with two steps: (1) copyright the software, and
+(2) offer you this license which gives you legal permission to copy,
+distribute and/or modify the software.
+
+ Also, for each author's protection and ours, we want to make certain
+that everyone understands that there is no warranty for this free
+software. If the software is modified by someone else and passed on, we
+want its recipients to know that what they have is not the original, so
+that any problems introduced by others will not reflect on the original
+authors' reputations.
+
+ Finally, any free program is threatened constantly by software
+patents. We wish to avoid the danger that redistributors of a free
+program will individually obtain patent licenses, in effect making the
+program proprietary. To prevent this, we have made it clear that any
+patent must be licensed for everyone's free use or not licensed at all.
+
+ The precise terms and conditions for copying, distribution and
+modification follow.
+
+ GNU GENERAL PUBLIC LICENSE
+ TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
+
+ 0. This License applies to any program or other work which contains
+a notice placed by the copyright holder saying it may be distributed
+under the terms of this General Public License. The "Program", below,
+refers to any such program or work, and a "work based on the Program"
+means either the Program or any derivative work under copyright law:
+that is to say, a work containing the Program or a portion of it,
+either verbatim or with modifications and/or translated into another
+language. (Hereinafter, translation is included without limitation in
+the term "modification".) Each licensee is addressed as "you".
+
+Activities other than copying, distribution and modification are not
+covered by this License; they are outside its scope. The act of
+running the Program is not restricted, and the output from the Program
+is covered only if its contents constitute a work based on the
+Program (independent of having been made by running the Program).
+Whether that is true depends on what the Program does.
+
+ 1. You may copy and distribute verbatim copies of the Program's
+source code as you receive it, in any medium, provided that you
+conspicuously and appropriately publish on each copy an appropriate
+copyright notice and disclaimer of warranty; keep intact all the
+notices that refer to this License and to the absence of any warranty;
+and give any other recipients of the Program a copy of this License
+along with the Program.
+
+You may charge a fee for the physical act of transferring a copy, and
+you may at your option offer warranty protection in exchange for a fee.
+
+ 2. You may modify your copy or copies of the Program or any portion
+of it, thus forming a work based on the Program, and copy and
+distribute such modifications or work under the terms of Section 1
+above, provided that you also meet all of these conditions:
+
+ a) You must cause the modified files to carry prominent notices
+ stating that you changed the files and the date of any change.
+
+ b) You must cause any work that you distribute or publish, that in
+ whole or in part contains or is derived from the Program or any
+ part thereof, to be licensed as a whole at no charge to all third
+ parties under the terms of this License.
+
+ c) If the modified program normally reads commands interactively
+ when run, you must cause it, when started running for such
+ interactive use in the most ordinary way, to print or display an
+ announcement including an appropriate copyright notice and a
+ notice that there is no warranty (or else, saying that you provide
+ a warranty) and that users may redistribute the program under
+ these conditions, and telling the user how to view a copy of this
+ License. (Exception: if the Program itself is interactive but
+ does not normally print such an announcement, your work based on
+ the Program is not required to print an announcement.)
+
+These requirements apply to the modified work as a whole. If
+identifiable sections of that work are not derived from the Program,
+and can be reasonably considered independent and separate works in
+themselves, then this License, and its terms, do not apply to those
+sections when you distribute them as separate works. But when you
+distribute the same sections as part of a whole which is a work based
+on the Program, the distribution of the whole must be on the terms of
+this License, whose permissions for other licensees extend to the
+entire whole, and thus to each and every part regardless of who wrote it.
+
+Thus, it is not the intent of this section to claim rights or contest
+your rights to work written entirely by you; rather, the intent is to
+exercise the right to control the distribution of derivative or
+collective works based on the Program.
+
+In addition, mere aggregation of another work not based on the Program
+with the Program (or with a work based on the Program) on a volume of
+a storage or distribution medium does not bring the other work under
+the scope of this License.
+
+ 3. You may copy and distribute the Program (or a work based on it,
+under Section 2) in object code or executable form under the terms of
+Sections 1 and 2 above provided that you also do one of the following:
+
+ a) Accompany it with the complete corresponding machine-readable
+ source code, which must be distributed under the terms of Sections
+ 1 and 2 above on a medium customarily used for software interchange; or,
+
+ b) Accompany it with a written offer, valid for at least three
+ years, to give any third party, for a charge no more than your
+ cost of physically performing source distribution, a complete
+ machine-readable copy of the corresponding source code, to be
+ distributed under the terms of Sections 1 and 2 above on a medium
+ customarily used for software interchange; or,
+
+ c) Accompany it with the information you received as to the offer
+ to distribute corresponding source code. (This alternative is
+ allowed only for noncommercial distribution and only if you
+ received the program in object code or executable form with such
+ an offer, in accord with Subsection b above.)
+
+The source code for a work means the preferred form of the work for
+making modifications to it. For an executable work, complete source
+code means all the source code for all modules it contains, plus any
+associated interface definition files, plus the scripts used to
+control compilation and installation of the executable. However, as a
+special exception, the source code distributed need not include
+anything that is normally distributed (in either source or binary
+form) with the major components (compiler, kernel, and so on) of the
+operating system on which the executable runs, unless that component
+itself accompanies the executable.
+
+If distribution of executable or object code is made by offering
+access to copy from a designated place, then offering equivalent
+access to copy the source code from the same place counts as
+distribution of the source code, even though third parties are not
+compelled to copy the source along with the object code.
+
+ 4. You may not copy, modify, sublicense, or distribute the Program
+except as expressly provided under this License. Any attempt
+otherwise to copy, modify, sublicense or distribute the Program is
+void, and will automatically terminate your rights under this License.
+However, parties who have received copies, or rights, from you under
+this License will not have their licenses terminated so long as such
+parties remain in full compliance.
+
+ 5. You are not required to accept this License, since you have not
+signed it. However, nothing else grants you permission to modify or
+distribute the Program or its derivative works. These actions are
+prohibited by law if you do not accept this License. Therefore, by
+modifying or distributing the Program (or any work based on the
+Program), you indicate your acceptance of this License to do so, and
+all its terms and conditions for copying, distributing or modifying
+the Program or works based on it.
+
+ 6. Each time you redistribute the Program (or any work based on the
+Program), the recipient automatically receives a license from the
+original licensor to copy, distribute or modify the Program subject to
+these terms and conditions. You may not impose any further
+restrictions on the recipients' exercise of the rights granted herein.
+You are not responsible for enforcing compliance by third parties to
+this License.
+
+ 7. If, as a consequence of a court judgment or allegation of patent
+infringement or for any other reason (not limited to patent issues),
+conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License. If you cannot
+distribute so as to satisfy simultaneously your obligations under this
+License and any other pertinent obligations, then as a consequence you
+may not distribute the Program at all. For example, if a patent
+license would not permit royalty-free redistribution of the Program by
+all those who receive copies directly or indirectly through you, then
+the only way you could satisfy both it and this License would be to
+refrain entirely from distribution of the Program.
+
+If any portion of this section is held invalid or unenforceable under
+any particular circumstance, the balance of the section is intended to
+apply and the section as a whole is intended to apply in other
+circumstances.
+
+It is not the purpose of this section to induce you to infringe any
+patents or other property right claims or to contest validity of any
+such claims; this section has the sole purpose of protecting the
+integrity of the free software distribution system, which is
+implemented by public license practices. Many people have made
+generous contributions to the wide range of software distributed
+through that system in reliance on consistent application of that
+system; it is up to the author/donor to decide if he or she is willing
+to distribute software through any other system and a licensee cannot
+impose that choice.
+
+This section is intended to make thoroughly clear what is believed to
+be a consequence of the rest of this License.
+
+ 8. If the distribution and/or use of the Program is restricted in
+certain countries either by patents or by copyrighted interfaces, the
+original copyright holder who places the Program under this License
+may add an explicit geographical distribution limitation excluding
+those countries, so that distribution is permitted only in or among
+countries not thus excluded. In such case, this License incorporates
+the limitation as if written in the body of this License.
+
+ 9. The Free Software Foundation may publish revised and/or new versions
+of the General Public License from time to time. Such new versions will
+be similar in spirit to the present version, but may differ in detail to
+address new problems or concerns.
+
+Each version is given a distinguishing version number. If the Program
+specifies a version number of this License which applies to it and "any
+later version", you have the option of following the terms and conditions
+either of that version or of any later version published by the Free
+Software Foundation. If the Program does not specify a version number of
+this License, you may choose any version ever published by the Free Software
+Foundation.
+
+ 10. If you wish to incorporate parts of the Program into other free
+programs whose distribution conditions are different, write to the author
+to ask for permission. For software which is copyrighted by the Free
+Software Foundation, write to the Free Software Foundation; we sometimes
+make exceptions for this. Our decision will be guided by the two goals
+of preserving the free status of all derivatives of our free software and
+of promoting the sharing and reuse of software generally.
+
+ NO WARRANTY
+
+ 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
+FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN
+OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
+PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
+OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS
+TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE
+PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
+REPAIR OR CORRECTION.
+
+ 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
+WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
+REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
+INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
+OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
+TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
+YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
+PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGES.
+
+ END OF TERMS AND CONDITIONS
+
+ How to Apply These Terms to Your New Programs
+
+ If you develop a new program, and you want it to be of the greatest
+possible use to the public, the best way to achieve this is to make it
+free software which everyone can redistribute and change under these terms.
+
+ To do so, attach the following notices to the program. It is safest
+to attach them to the start of each source file to most effectively
+convey the exclusion of warranty; and each file should have at least
+the "copyright" line and a pointer to where the full notice is found.
+
+ <one line to give the program's name and a brief idea of what it does.>
+ Copyright (C) 19yy <name of author>
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+
+
+Also add information on how to contact you by electronic and paper mail.
+
+If the program is interactive, make it output a short notice like this
+when it starts in an interactive mode:
+
+ Gnomovision version 69, Copyright (C) 19yy name of author
+ Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
+ This is free software, and you are welcome to redistribute it
+ under certain conditions; type `show c' for details.
+
+The hypothetical commands `show w' and `show c' should show the appropriate
+parts of the General Public License. Of course, the commands you use may
+be called something other than `show w' and `show c'; they could even be
+mouse-clicks or menu items--whatever suits your program.
+
+You should also get your employer (if you work as a programmer) or your
+school, if any, to sign a "copyright disclaimer" for the program, if
+necessary. Here is a sample; alter the names:
+
+ Yoyodyne, Inc., hereby disclaims all copyright interest in the program
+ `Gnomovision' (which makes passes at compilers) written by James Hacker.
+
+ <signature of Ty Coon>, 1 April 1989
+ Ty Coon, President of Vice
+
+This General Public License does not permit incorporating your program into
+proprietary programs. If your program is a subroutine library, you may
+consider it more useful to permit linking proprietary applications with the
+library. If this is what you want to do, use the GNU Library General
+Public License instead of this License.
View
1,023 ChangeLog
@@ -0,0 +1,1023 @@
+ChangeLog for wpa_supplicant
+
+2008-02-19 - v0.5.10
+ * added support for Makefile builds to include debug-log-to-a-file
+ functionality (CONFIG_DEBUG_FILE=y and -f<path> on command line)
+ * added network configuration parameter 'frequency' for setting
+ initial channel for IBSS (adhoc) networks
+ * fixed EAP-SIM and EAP-AKA message parser to validate attribute
+ lengths properly to avoid potential crash caused by invalid messages
+ * added driver_wext workaround for race condition between scanning and
+ association with drivers that take very long time to scan all
+ channels (e.g., madwifi with dual-band cards); wpa_supplicant is now
+ using a longer hardcoded timeout for the scan if the driver supports
+ notifications for scan completion (SIOCGIWSCAN event); this helps,
+ e.g., in cases where wpa_supplicant and madwifi driver ended up in
+ loop where the driver did not even try to associate
+ * fixed EAP-SIM not to include AT_NONCE_MT and AT_SELECTED_VERSION
+ attributes in EAP-SIM Start/Response when using fast reauthentication
+ * fixed problems in getting NDIS events from WMI on Windows 2000
+
+2007-12-02 - v0.5.9
+ * fixed an integer overflow issue in the ASN.1 parser used by the
+ (experimental) internal TLS implementation to avoid a potential
+ buffer read overflow
+ * fixed a race condition with -W option (wait for a control interface
+ monitor before starting) that could have caused the first messages to
+ be lost
+ * updated EAP Generalized Pre-Shared Key (EAP-GPSK) to use the latest
+ draft (draft-ietf-emu-eap-gpsk-07.txt)
+ * added ctrl_iface RECONNECT (wpa_cli reconnect) command
+ (like reassociate, but only takes effect if already associated)
+ * fixed a possible race condition between wpa_cli reassociate and
+ wpa_cli disconnect
+ * return a non-zero exit code from non-interactive wpa_cli if the
+ command is not recognized or fails
+ * fixed 0.5.8 regressions in BSS selection that prevented wildcard SSID
+ from being used with non-WPA networks and disabled workaround for
+ ignoring bogus WPA/RSN IE in non-WPA configuration
+ * fixed OpenSSL TLS wrapper to clear trusted CA list to allow
+ network blocks to use different trusted CA configurations
+ * fixed a potential EAP state machine loop when mloving from PSK to EAP
+ configuration without restarting wpa_supplicant
+
+2007-05-28 - v0.5.8
+ * updated driver_wext.c to build with the current wireless-dev.git tree
+ and net/d80211 changes
+ * updated EAP Generalized Pre-Shared Key (EAP-GPSK) to use the latest
+ draft (draft-ietf-emu-eap-gpsk-03.txt)
+ * fixed 'make install'
+ * fixed EAP-TTLS implementation not to crash on use of freed memory
+ if TLS library initialization fails
+ * fixed EAP-AKA Notification processing to allow Notification to be
+ processed after AKA Challenge response has been sent
+
+2006-12-31 - v0.5.7
+ * updated EAP-SAKE to RFC 4763 and the IANA-allocated EAP type 48
+ * updated EAP-PSK to use the IANA-allocated EAP type 47
+ * fixed EAP-PAX key derivation
+ * fixed EAP-PSK bit ordering of the Flags field
+ * fixed EAP-PEAP/TTLS/FAST to use the correct EAP identifier in
+ tunnelled identity request (previously, the identifier from the outer
+ method was used, not the tunnelled identifier which could be
+ different)
+ * fixed EAP-TTLS AVP parser processing for too short AVP lengths
+ * added support for EAP-FAST authentication with inner methods that
+ generate MSK (e.g., EAP-MSCHAPv2 that was previously only supported
+ for PAC provisioning)
+ * fixed dbus ctrl_iface to validate message interface before
+ dispatching to avoid a possible segfault [Bug 190]
+ * fixed PeerKey key derivation to use the correct PRF label
+ * updated Windows binary build to link against OpenSSL 0.9.8d and
+ added support for EAP-FAST
+
+2006-11-24 - v0.5.6
+ * added experimental, integrated TLSv1 client implementation with the
+ needed X.509/ASN.1/RSA/bignum processing (this can be enabled by
+ setting CONFIG_TLS=internal and CONFIG_INTERNAL_LIBTOMMATH=y in
+ .config); this can be useful, e.g., if the target system does not
+ have a suitable TLS library and a minimal code size is required
+ (total size of this internal TLS/crypto code is bit under 50 kB on
+ x86 and the crypto code is shared by rest of the supplicant so some
+ of it was already required; TLSv1/X.509/ASN.1/RSA added about 25 kB)
+ * removed STAKey handshake since PeerKey handshake has replaced it in
+ IEEE 802.11ma and there are no known deployments of STAKey
+ * updated EAP Generalized Pre-Shared Key (EAP-GPSK) to use the latest
+ draft (draft-ietf-emu-eap-gpsk-01.txt)
+ * added preliminary implementation of IEEE 802.11w/D1.0 (management
+ frame protection)
+ (Note: this requires driver support to work properly.)
+ (Note2: IEEE 802.11w is an unapproved draft and subject to change.)
+ * fixed Windows named pipes ctrl_iface to not stop listening for
+ commands if client program opens a named pipe and closes it
+ immediately without sending a command
+ * fixed USIM PIN status determination for the case that PIN is not
+ needed (this allows EAP-AKA to be used with USIM cards that do not
+ use PIN)
+ * added support for reading 3G USIM AID from EF_DIR to allow EAP-AKA to
+ be used with cards that do not support file selection based on
+ partial AID
+ * added support for matching the subjectAltName of the authentication
+ server certificate against multiple name components (e.g.,
+ altsubject_match="DNS:server.example.com;DNS:server2.example.com")
+ * fixed EAP-SIM/AKA key derivation for re-authentication case (only
+ affects IEEE 802.1X with dynamic WEP keys)
+ * changed ctrl_iface network configuration 'get' operations to not
+ return password/key material; if these fields are requested, "*"
+ will be returned if the password/key is set, but the value of the
+ parameter is not exposed
+
+2006-08-27 - v0.5.5
+ * added support for building Windows version with UNICODE defined
+ (wide-char functions)
+ * driver_ndis: fixed static WEP configuration to avoid race condition
+ issues with some NDIS drivers between association and setting WEP
+ keys
+ * driver_ndis: added validation for IELength value in scan results to
+ avoid crashes when using buggy NDIS drivers [Bug 165]
+ * fixed Release|Win32 target in the Visual Studio project files
+ (previously, only Debug|Win32 target was set properly)
+ * changed control interface API call wpa_ctrl_pending() to allow it to
+ return -1 on error (e.g., connection lost); control interface clients
+ will need to make sure that they verify that the value is indeed >0
+ when determining whether there are pending messages
+ * added an alternative control interface backend for Windows targets:
+ Named Pipe (CONFIG_CTRL_IFACE=named_pipe); this is now the default
+ control interface mechanism for Windows builds (previously, UDP to
+ localhost was used)
+ * changed ctrl_interface configuration for UNIX domain sockets:
+ - deprecated ctrl_interface_group variable (it may be removed in
+ future versions)
+ - allow both directory and group be configured with ctrl_interface
+ in following format: DIR=/var/run/wpa_supplicant GROUP=wheel
+ - ctrl_interface=/var/run/wpa_supplicant is still supported for the
+ case when group is not changed
+ * added support for controlling more than one interface per process in
+ Windows version
+ * added a workaround for a case where the AP is using unknown address
+ (e.g., MAC address of the wired interface) as the source address for
+ EAPOL-Key frames; previously, that source address was used as the
+ destination for EAPOL-Key frames and in key derivation; now, BSSID is
+ used even if the source address does not match with it
+ (this resolves an interoperability issue with Thomson SpeedTouch 580)
+ * added a workaround for UDP-based control interface (which was used in
+ Windows builds before this release) to prevent packets with forged
+ addresses from being accepted as local control requests
+ * removed ndis_events.cpp and possibility of using external
+ ndis_events.exe; C version (ndis_events.c) is fully functional and
+ there is no desire to maintain two separate versions of this
+ implementation
+ * ndis_events: Changed NDIS event notification design to use WMI to
+ learn the adapter description through Win32_PnPEntity class; this
+ should fix some cases where the adapter name was not recognized
+ correctly (e.g., with some USB WLAN adapters, e.g., Ralink RT2500
+ USB) [Bug 113]
+ * fixed selection of the first network in ap_scan=2 mode; previously,
+ wpa_supplicant could get stuck in SCANNING state when only the first
+ network for enabled (e.g., after 'wpa_cli select_network 0')
+ * winsvc: added support for configuring ctrl_interface parameters in
+ registry (ctrl_interface string value in
+ HKLM\SOFTWARE\wpa_supplicant\interfaces\0000 key); this new value is
+ required to enable control interface (previously, this was hardcoded
+ to be enabled)
+ * allow wpa_gui subdirectory to be built with both Qt3 and Qt4
+ * converted wpa_gui-qt4 subdirectory to use Qt4 specific project format
+
+2006-06-20 - v0.5.4
+ * fixed build with CONFIG_STAKEY=y [Bug 143]
+ * added support for doing MLME (IEEE 802.11 management frame
+ processing) in wpa_supplicant when using Devicescape IEEE 802.11
+ stack (wireless-dev.git tree)
+ * added a new network block configuration option, fragment_size, to
+ configure the maximum EAP fragment size
+ * driver_ndis: Disable WZC automatically for the selected interface to
+ avoid conflicts with two programs trying to control the radio; WZC
+ will be re-enabled (if it was enabled originally) when wpa_supplicant
+ is terminated
+ * added an experimental TLSv1 client implementation
+ (CONFIG_TLS=internal) that can be used instead of an external TLS
+ library, e.g., to reduce total size requirement on systems that do
+ not include any TLS library by default (this is not yet complete;
+ basic functionality is there, but certificate validation is not yet
+ included)
+ * added PeerKey handshake implementation for IEEE 802.11e
+ direct link setup (DLS) to replace STAKey handshake
+ * fixed WPA PSK update through ctrl_iface for the case where the old
+ PSK was derived from an ASCII passphrase and the new PSK is set as
+ a raw PSK (hex string)
+ * added new configuration option for identifying which network block
+ was used (id_str in wpa_supplicant.conf; included on
+ WPA_EVENT_CONNECT monitor event and as WPA_ID_STR environmental
+ variable in wpa_cli action scripts; in addition WPA_ID variable is
+ set to the current unique identifier that wpa_supplicant assigned
+ automatically for the network and that can be used with
+ GET_NETWORK/SET_NETWORK ctrl_iface commands)
+ * wpa_cli action script is now called only when the connect/disconnect
+ status changes or when associating with a different network
+ * fixed configuration parser not to remove CCMP from group cipher list
+ if WPA-None (adhoc) is used (pairwise=NONE in that case)
+ * fixed integrated NDIS events processing not to hang the process due
+ to a missed change in eloop_win.c API in v0.5.3 [Bug 155]
+ * added support for EAP Generalized Pre-Shared Key (EAP-GPSK,
+ draft-clancy-emu-eap-shared-secret-00.txt)
+ * added Microsoft Visual Studio 2005 solution and project files for
+ build wpa_supplicant for Windows (see vs2005 subdirectory)
+ * eloop_win: fixed unregistration of Windows events
+ * l2_packet_winpcap: fixed a deadlock in deinitializing l2_packet
+ at the end of RSN pre-authentication and added unregistration of
+ a Windows event to avoid getting eloop_win stuck with an invalid
+ handle
+ * driver_ndis: added support for selecting AP based on BSSID
+ * added new environmental variable for wpa_cli action scripts:
+ WPA_CTRL_DIR is the current control interface directory
+ * driver_ndis: added support for using NDISUIO instead of WinPcap for
+ OID set/query operations (CONFIG_USE_NDISUIO=y in .config); with new
+ l2_packet_ndis (CONFIG_L2_PACKET=ndis), this can be used to build
+ wpa_supplicant without requiring WinPcap; note that using NDISUIO
+ requires that WZC is disabled (net stop wzcsvc) since NDISUIO allows
+ only one application to open the device
+ * changed NDIS driver naming to only include device GUID, e.g.,
+ {7EE3EFE5-C165-472F-986D-F6FBEDFE8C8D}, instead of including WinPcap
+ specific \Device\NPF_ prefix before the GUID; the prefix is still
+ allowed for backwards compatibility, but it is not required anymore
+ when specifying the interface
+ * driver_ndis: re-initialize driver interface is the adapter is removed
+ and re-inserted [Bug 159]
+ * driver_madwifi: fixed TKIP and CCMP sequence number configuration on
+ big endian hosts [Bug 146]
+
+2006-04-27 - v0.5.3
+ * fixed EAP-GTC response to include correct user identity when run as
+ phase 2 method of EAP-FAST (i.e., EAP-FAST did not work in v0.5.2)
+ * driver_ndis: Fixed encryption mode configuration for unencrypted
+ networks (some NDIS drivers ignored this, but others, e.g., Broadcom,
+ refused to associate with open networks) [Bug 106]
+ * driver_ndis: use BSSID OID polling to detect when IBSS network is
+ formed even when ndis_events code is included since some NDIS drivers
+ do not generate media connect events in IBSS mode
+ * config_winreg: allow global ctrl_interface parameter to be configured
+ in Windows registry
+ * config_winreg: added support for saving configuration data into
+ Windows registry
+ * added support for controlling network device operational state
+ (dormant/up) for Linux 2.6.17 to improve DHCP processing (see
+ http://www.flamewarmaster.de/software/dhcpclient/ for a DHCP client
+ that can use this information)
+ * driver_wext: added support for WE-21 change to SSID configuration
+ * driver_wext: fixed privacy configuration for static WEP keys mode
+ [Bug 140]
+ * added an optional driver_ops callback for MLME-SETPROTECTION.request
+ primitive
+ * added support for EAP-SAKE (no EAP method number allocated yet, so
+ this is using the same experimental type 255 as EAP-PSK)
+ * added support for dynamically loading EAP methods (.so files) instead
+ of requiring them to be statically linked in; this is disabled by
+ default (see CONFIG_DYNAMIC_EAP_METHODS in defconfig for information
+ on how to use this)
+
+2006-03-19 - v0.5.2
+ * do not try to use USIM APDUs when initializing PC/SC for SIM card
+ access for a network that has not enabled EAP-AKA
+ * fixed EAP phase 2 Nak for EAP-{PEAP,TTLS,FAST} (this was broken in
+ v0.5.1 due to the new support for expanded EAP types)
+ * added support for generating EAP Expanded Nak
+ * try to fetch scan results once before requesting new scan when
+ starting up in ap_scan=1 mode (this can speed up initial association
+ a lot with, e.g., madwifi-ng driver)
+ * added support for receiving EAPOL frames from a Linux bridge
+ interface (-bbr0 on command line)
+ * fixed EAPOL re-authentication for sessions that used PMKSA caching
+ * changed EAP method registration to use a dynamic list of methods
+ instead of a static list generated at build time
+ * fixed PMKSA cache deinitialization not to use freed memory when
+ removing PMKSA entries
+ * fixed a memory leak in EAP-TTLS re-authentication
+ * reject WPA/WPA2 message 3/4 if it does not include any valid
+ WPA/RSN IE
+ * driver_wext: added fallback to use SIOCSIWENCODE for setting auth_alg
+ if the driver does not support SIOCSIWAUTH
+
+2006-01-29 - v0.5.1
+ * driver_test: added better support for multiple APs and STAs by using
+ a directory with sockets that include MAC address for each device in
+ the name (driver_param=test_dir=/tmp/test)
+ * added support for EAP expanded type (vendor specific EAP methods)
+ * added AP_SCAN command into ctrl_iface so that ap_scan configuration
+ option can be changed if needed
+ * wpa_cli/wpa_gui: skip non-socket files in control directory when
+ using UNIX domain sockets; this avoids selecting an incorrect
+ interface (e.g., a PID file could be in this directory, even though
+ use of this directory for something else than socket files is not
+ recommended)
+ * fixed TLS library deinitialization after RSN pre-authentication not
+ to disable TLS library for normal authentication
+ * driver_wext: Remove null-termination from SSID length if the driver
+ used it; some Linux drivers do this and they were causing problems in
+ wpa_supplicant not finding matching configuration block. This change
+ would break a case where the SSID actually ends in '\0', but that is
+ not likely to happen in real use.
+ * fixed PMKSA cache processing not to trigger deauthentication if the
+ current PMKSA cache entry is replaced with a valid new entry
+ * fixed PC/SC initialization for ap_scan != 1 modes (this fixes
+ EAP-SIM and EAP-AKA with real SIM/USIM card when using ap_scan=0 or
+ ap_scan=2)
+
+2005-12-18 - v0.5.0 (beginning of 0.5.x development releases)
+ * added experimental STAKey handshake implementation for IEEE 802.11e
+ direct link setup (DLS); note: this is disabled by default in both
+ build and runtime configuration (can be enabled with CONFIG_STAKEY=y
+ and stakey=1)
+ * fixed EAP-SIM and EAP-AKA pseudonym and fast re-authentication to
+ decrypt AT_ENCR_DATA attributes correctly
+ * fixed EAP-AKA to allow resynchronization within the same session
+ * made code closer to ANSI C89 standard to make it easier to port to
+ other C libraries and compilers
+ * started moving operating system or C library specific functions into
+ wrapper functions defined in os.h and implemented in os_*.c to make
+ code more portable
+ * wpa_supplicant can now be built with Microsoft Visual C++
+ (e.g., with the freely available Toolkit 2003 version or Visual
+ C++ 2005 Express Edition and Platform SDK); see nmake.mak for an
+ example makefile for nmake
+ * added support for using Windows registry for command line parameters
+ (CONFIG_MAIN=main_winsvc) and configuration data
+ (CONFIG_BACKEND=winreg); see win_example.reg for an example registry
+ contents; this version can be run both as a Windows service and as a
+ normal application; 'wpasvc.exe app' to start as applicant,
+ 'wpasvc.exe reg <full path to wpasvc.exe>' to register a service,
+ 'net start wpasvc' to start the service, 'wpasvc.exe unreg' to
+ unregister a service
+ * made it possible to link ndis_events.exe functionality into
+ wpa_supplicant.exe by defining CONFIG_NDIS_EVENTS_INTEGRATED
+ * added better support for multiple control interface backends
+ (CONFIG_CTRL_IFACE option); currently, 'unix' and 'udp' are supported
+ * fixed PC/SC code to use correct length for GSM AUTH command buffer
+ and to not use pioRecvPci with SCardTransmit() calls; these were not
+ causing visible problems with pcsc-lite, but Windows Winscard.dll
+ refused the previously used parameters; this fixes EAP-SIM and
+ EAP-AKA authentication using SIM/USIM card under Windows
+ * added new event loop implementation for Windows using
+ WaitForMultipleObject() instead of select() in order to allow waiting
+ for non-socket objects; this can be selected with
+ CONFIG_ELOOP=eloop_win in .config
+ * added support for selecting l2_packet implementation in .config
+ (CONFIG_L2_PACKET; following options are available now: linux, pcap,
+ winpcap, freebsd, none)
+ * added new l2_packet implementation for WinPcap
+ (CONFIG_L2_PACKET=winpcap) that uses a separate receive thread to
+ reduce latency in EAPOL receive processing from about 100 ms to about
+ 3 ms
+ * added support for EAP-FAST key derivation using other ciphers than
+ RC4-128-SHA for authentication and AES128-SHA for provisioning
+ * added support for configuring CA certificate as DER file and as a
+ configuration blob
+ * fixed private key configuration as configuration blob and added
+ support for using PKCS#12 as a blob
+ * tls_gnutls: added support for using PKCS#12 files; added support for
+ session resumption
+ * added support for loading trusted CA certificates from Windows
+ certificate store: ca_cert="cert_store://<name>", where <name> is
+ likely CA (Intermediate CA certificates) or ROOT (root certificates)
+ * added C version of ndis_events.cpp and made it possible to build this
+ with MinGW so that CONFIG_NDIS_EVENTS_INTEGRATED can be used more
+ easily on cross-compilation builds
+ * added wpasvc.exe into Windows binary release; this is an alternative
+ version of wpa_supplicant.exe with configuration backend using
+ Windows registry and with the entry point designed to run as a
+ Windows service
+ * integrated ndis_events.exe functionality into wpa_supplicant.exe and
+ wpasvc.exe and removed this additional tool from the Windows binary
+ release since it is not needed anymore
+ * load winscard.dll functions dynamically when building with MinGW
+ since MinGW does not yet include winscard library
+
+2005-11-20 - v0.4.7 (beginning of 0.4.x stable releases)
+ * l2_packet_pcap: fixed wired IEEE 802.1X authentication with libpcap
+ and WinPcap to receive frames sent to PAE group address
+ * disable EAP state machine when IEEE 802.1X authentication is not used
+ in order to get rid of bogus "EAP failed" messages
+ * fixed OpenSSL error reporting to go through all pending errors to
+ avoid confusing reports of old errors being reported at later point
+ during handshake
+ * fixed configuration file updating to not write empty variables
+ (e.g., proto or key_mgmt) that the file parser would not accept
+ * fixed ADD_NETWORK ctrl_iface command to use the same default values
+ for variables as empty network definitions read from config file
+ would get
+ * fixed EAP state machine to not discard EAP-Failure messages in many
+ cases (e.g., during TLS handshake)
+ * fixed a infinite loop in private key reading if the configured file
+ cannot be parsed successfully
+ * driver_madwifi: added support for madwifi-ng
+ * wpa_gui: do not display password/PSK field contents
+ * wpa_gui: added CA certificate configuration
+ * driver_ndis: fixed scan request in ap_scan=2 mode not to change SSID
+ * driver_ndis: include Beacon IEs in AssocInfo in order to notice if
+ the new AP is using different WPA/RSN IE
+ * use longer timeout for IEEE 802.11 association to avoid problems with
+ drivers that may take more than five second to associate
+
+2005-10-27 - v0.4.6
+ * allow fallback to WPA, if mixed WPA+WPA2 networks have mismatch in
+ RSN IE, but WPA IE would match with wpa_supplicant configuration
+ * added support for named configuration blobs in order to avoid having
+ to use file system for external files (e.g., certificates);
+ variables can be set to "blob://<blob name>" instead of file path to
+ use a named blob; supported fields: pac_file, client_cert,
+ private_key
+ * fixed RSN pre-authentication (it was broken in the clean up of WPA
+ state machine interface in v0.4.5)
+ * driver_madwifi: set IEEE80211_KEY_GROUP flag for group keys to make
+ sure the driver configures broadcast decryption correctly
+ * added ca_path (and ca_path2) configuration variables that can be used
+ to configure OpenSSL CA path, e.g., /etc/ssl/certs, for using the
+ system-wide trusted CA list
+ * added support for starting wpa_supplicant without a configuration
+ file (-C argument must be used to set ctrl_interface parameter for
+ this case; in addition, -p argument can be used to provide
+ driver_param; these new arguments can also be used with a
+ configuration to override the values from the configuration)
+ * added global control interface that can be optionally used for adding
+ and removing network interfaces dynamically (-g command line argument
+ for both wpa_supplicant and wpa_cli) without having to restart
+ wpa_supplicant process
+ * wpa_gui:
+ - try to save configuration whenever something is modified
+ - added WEP key configuration
+ - added possibility to edit the current network configuration
+ * driver_ndis: fixed driver polling not to increase frequency on each
+ received EAPOL frame due to incorrectly cancelled timeout
+ * added simple configuration file examples (in examples subdirectory)
+ * fixed driver_wext.c to filter wireless events based on ifindex to
+ avoid interfaces receiving events from other interfaces
+ * delay sending initial EAPOL-Start couple of seconds to speed up
+ authentication for the most common case of Authenticator starting
+ EAP authentication immediately after association
+
+2005-09-25 - v0.4.5
+ * added a workaround for clearing keys with ndiswrapper to allow
+ roaming from WPA enabled AP to plaintext one
+ * added docbook documentation (doc/docbook) that can be used to
+ generate, e.g., man pages
+ * l2_packet_linux: use socket type SOCK_DGRAM instead of SOCK_RAW for
+ PF_PACKET in order to prepare for network devices that do not use
+ Ethernet headers (e.g., network stack with native IEEE 802.11 frames)
+ * use receipt of EAPOL-Key frame as a lower layer success indication
+ for EAP state machine to allow recovery from dropped EAP-Success
+ frame
+ * cleaned up internal EAPOL frame processing by not including link
+ layer (Ethernet) header during WPA and EAPOL/EAP processing; this
+ header is added only when transmitted the frame; this makes it easier
+ to use wpa_supplicant on link layers that use different header than
+ Ethernet
+ * updated EAP-PSK to use draft 9 by default since this can now be
+ tested with hostapd; removed support for draft 3, including
+ server_nai configuration option from network blocks
+ * driver_wired: add PAE address to the multicast address list in order
+ to be able to receive EAPOL frames with drivers that do not include
+ these multicast addresses by default
+ * driver_wext: add support for WE-19
+ * added support for multiple configuration backends (CONFIG_BACKEND
+ option); currently, only 'file' is supported (i.e., the format used
+ in wpa_supplicant.conf)
+ * added support for updating configuration ('wpa_cli save_config');
+ this is disabled by default and can be enabled with global
+ update_config=1 variable in wpa_supplicant.conf; this allows wpa_cli
+ and wpa_gui to store the configuration changes in a permanent store
+ * added GET_NETWORK ctrl_iface command
+ (e.g., 'wpa_cli get_network 0 ssid')
+
+2005-08-21 - v0.4.4
+ * replaced OpenSSL patch for EAP-FAST support
+ (openssl-tls-extensions.patch) with a more generic and correct
+ patch (the new patch is not compatible with the previous one, so the
+ OpenSSL library will need to be patched with the new patch in order
+ to be able to build wpa_supplicant with EAP-FAST support)
+ * added support for using Windows certificate store (through CryptoAPI)
+ for client certificate and private key operations (EAP-TLS)
+ (see wpa_supplicant.conf for more information on how to configure
+ this with private_key)
+ * ported wpa_gui to Windows
+ * added Qt4 version of wpa_gui (wpa_gui-qt4 directory); this can be
+ built with the open source version of the Qt4 for Windows
+ * allow non-WPA modes (e.g., IEEE 802.1X with dynamic WEP) to be used
+ with drivers that do not support WPA
+ * ndis_events: fixed Windows 2000 support
+ * added support for enabling/disabling networks from the list of all
+ configured networks ('wpa_cli enable_network <network id>' and
+ 'wpa_cli disable_network <network id>')
+ * added support for adding and removing network from the current
+ configuration ('wpa_cli add_network' and 'wpa_cli remove_network
+ <network id>'); added networks are disabled by default and they can
+ be enabled with enable_network command once the configuration is done
+ for the new network; note: configuration file is not yet updated, so
+ these new networks are lost when wpa_supplicant is restarted
+ * added support for setting network configuration parameters through
+ the control interface, for example:
+ wpa_cli set_network 0 ssid "\"my network\""
+ * fixed parsing of strings that include both " and # within double
+ quoted area (e.g., "start"#end")
+ * added EAP workaround for PEAP session resumption: allow outer,
+ i.e., not tunneled, EAP-Success to terminate session since; this can
+ be disabled with eap_workaround=0
+ (this was allowed for PEAPv1 before, but now it is also allowed for
+ PEAPv0 since at least one RADIUS authentication server seems to be
+ doing this for PEAPv0, too)
+ * wpa_gui: added preliminary support for adding new networks to the
+ wpa_supplicant configuration (double click on the scan results to
+ open network configuration)
+
+2005-06-26 - v0.4.3
+ * removed interface for external EAPOL/EAP supplicant (e.g.,
+ Xsupplicant), (CONFIG_XSUPPLICANT_IFACE) since it is not required
+ anymore and is unlikely to be used by anyone
+ * driver_ndis: fixed WinPcap 3.0 support
+ * fixed build with CONFIG_DNET_PCAP=y on Linux
+ * l2_packet: moved different implementations into separate files
+ (l2_packet_*.c)
+
+2005-06-12 - v0.4.2
+ * driver_ipw: updated driver structures to match with ipw2200-1.0.4
+ (note: ipw2100-1.1.0 is likely to require an update to work with
+ this)
+ * added support for using ap_scan=2 mode with multiple network blocks;
+ wpa_supplicant will go through the networks one by one until the
+ driver reports a successful association; this uses the same order for
+ networks as scan_ssid=1 scans, i.e., the priority field is ignored
+ and the network block order in the file is used instead
+ * fixed a potential issue in RSN pre-authentication ending up using
+ freed memory if pre-authentication times out
+ * added support for matching alternative subject name extensions of the
+ authentication server certificate; new configuration variables
+ altsubject_match and altsubject_match2
+ * driver_ndis: added support for IEEE 802.1X authentication with wired
+ NDIS drivers
+ * added support for querying private key password (EAP-TLS) through the
+ control interface (wpa_cli/wpa_gui) if one is not included in the
+ configuration file
+ * driver_broadcom: fixed couple of memory leaks in scan result
+ processing
+ * EAP-PAX is now registered as EAP type 46
+ * fixed EAP-PAX MAC calculation
+ * fixed EAP-PAX CK and ICK key derivation
+ * added support for using password with EAP-PAX (as an alternative to
+ entering key with eappsk); SHA-1 hash of the password will be used as
+ the key in this case
+ * added support for arbitrary driver interface parameters through the
+ configuration file with a new driver_param field; this adds a new
+ driver_ops function set_param()
+ * added possibility to override l2_packet module with driver interface
+ API (new send_eapol handler); this can be used to implement driver
+ specific TX/RX functions for EAPOL frames
+ * fixed ctrl_interface_group processing for the case where gid is
+ entered as a number, not group name
+ * driver_test: added support for testing hostapd with wpa_supplicant
+ by using test driver interface without any kernel drivers or network
+ cards
+
+2005-05-22 - v0.4.1
+ * driver_madwifi: fixed WPA/WPA2 mode configuration to allow EAPOL
+ packets to be encrypted; this was apparently broken by the changed
+ ioctl order in v0.4.0
+ * driver_madwifi: added preliminary support for compiling against 'BSD'
+ branch of madwifi CVS tree
+ * added support for EAP-MSCHAPv2 password retries within the same EAP
+ authentication session
+ * added support for password changes with EAP-MSCHAPv2 (used when the
+ password has expired)
+ * added support for reading additional certificates from PKCS#12 files
+ and adding them to the certificate chain
+ * fixed association with IEEE 802.1X (no WPA) when dynamic WEP keys
+ were used
+ * fixed a possible double free in EAP-TTLS fast-reauthentication when
+ identity or password is entered through control interface
+ * display EAP Notification messages to user through control interface
+ with "CTRL-EVENT-EAP-NOTIFICATION" prefix
+ * added GUI version of wpa_cli, wpa_gui; this is not build
+ automatically with 'make'; use 'make wpa_gui' to build (this requires
+ Qt development tools)
+ * added 'disconnect' command to control interface for setting
+ wpa_supplicant in state where it will not associate before
+ 'reassociate' command has been used
+ * added support for selecting a network from the list of all configured
+ networks ('wpa_cli select_network <network id>'; this disabled all
+ other networks; to re-enable, 'wpa_cli select_network any')
+ * added support for getting scan results through control interface
+ * added EAP workaround for PEAPv1 session resumption: allow outer,
+ i.e., not tunneled, EAP-Success to terminate session since; this can
+ be disabled with eap_workaround=0
+
+2005-04-25 - v0.4.0 (beginning of 0.4.x development releases)
+ * added a new build time option, CONFIG_NO_STDOUT_DEBUG, that can be
+ used to reduce the size of the wpa_supplicant considerably if
+ debugging code is not needed
+ * fixed EAPOL-Key validation to drop packets with invalid Key Data
+ Length; such frames could have crashed wpa_supplicant due to buffer
+ overflow
+ * added support for wired authentication (IEEE 802.1X on wired
+ Ethernet); driver interface 'wired'
+ * obsoleted set_wpa() handler in the driver interface API (it can be
+ replaced by moving enable/disable functionality into init()/deinit())
+ (calls to set_wpa() are still present for backwards compatibility,
+ but they may be removed in the future)
+ * driver_madwifi: fixed association in plaintext mode
+ * modified the EAP workaround that accepts EAP-Success with incorrect
+ Identifier to be even less strict about verification in order to
+ interoperate with some authentication servers
+ * added support for sending TLS alerts
+ * added support for 'any' SSID wildcard; if ssid is not configured or
+ is set to an empty string, any SSID will be accepted for non-WPA AP
+ * added support for asking PIN (for SIM) from frontends (e.g.,
+ wpa_cli); if a PIN is needed, but not included in the configuration
+ file, a control interface request is sent and EAP processing is
+ delayed until the PIN is available
+ * added support for using external devices (e.g., a smartcard) for
+ private key operations in EAP-TLS (CONFIG_SMARTCARD=y in .config);
+ new wpa_supplicant.conf variables:
+ - global: opensc_engine_path, pkcs11_engine_path, pkcs11_module_path
+ - network: engine, engine_id, key_id
+ * added experimental support for EAP-PAX
+ * added monitor mode for wpa_cli (-a<path to a program to run>) that
+ allows external commands (e.g., shell scripts) to be run based on
+ wpa_supplicant events, e.g., when authentication has been completed
+ and data connection is ready; other related wpa_cli arguments:
+ -B (run in background), -P (write PID file); wpa_supplicant has a new
+ command line argument (-W) that can be used to make it wait until a
+ control interface command is received in order to avoid missing
+ events
+ * added support for opportunistic WPA2 PMKSA key caching (disabled by
+ default, can be enabled with proactive_key_caching=1)
+ * fixed RSN IE in 4-Way Handshake message 2/4 for the case where
+ Authenticator rejects PMKSA caching attempt and the driver is not
+ using assoc_info events
+ * added -P<pid file> argument for wpa_supplicant to write the current
+ process id into a file
+
+2005-02-12 - v0.3.7 (beginning of 0.3.x stable releases)
+ * added new phase1 option parameter, include_tls_length=1, to force
+ wpa_supplicant to add TLS Message Length field to all TLS messages
+ even if the packet is not fragmented; this may be needed with some
+ authentication servers
+ * fixed WPA/RSN IE verification in message 3 of 4-Way Handshake when
+ using drivers that take care of AP selection (e.g., when using
+ ap_scan=2)
+ * fixed reprocessing of pending request after ctrl_iface requests for
+ identity/password/otp
+ * fixed ctrl_iface requests for identity/password/otp in Phase 2 of
+ EAP-PEAP and EAP-TTLS
+ * all drivers using driver_wext: set interface up and select Managed
+ mode when starting wpa_supplicant; set interface down when exiting
+ * renamed driver_ipw2100.c to driver_ipw.c since it now supports both
+ ipw2100 and ipw2200; please note that this also changed the
+ configuration variable in .config to CONFIG_DRIVER_IPW
+
+2005-01-24 - v0.3.6
+ * fixed a busy loop introduced in v0.3.5 for scan result processing
+ when no matching AP is found
+
+2005-01-23 - v0.3.5
+ * added a workaround for an interoperability issue with a Cisco AP
+ when using WPA2-PSK
+ * fixed non-WPA IEEE 802.1X to use the same authentication timeout as
+ WPA with IEEE 802.1X (i.e., timeout 10 -> 70 sec to allow
+ retransmission of dropped frames)
+ * fixed issues with 64-bit CPUs and SHA1 cleanup in previous version
+ (e.g., segfault when processing EAPOL-Key frames)
+ * fixed EAP workaround and fast reauthentication configuration for
+ RSN pre-authentication; previously these were disabled and
+ pre-authentication would fail if the used authentication server
+ requires EAP workarounds
+ * added support for blacklisting APs that fail or timeout
+ authentication in ap_scan=1 mode so that all APs are tried in cases
+ where the ones with strongest signal level are failing authentication
+ * fixed CA certificate loading after a failed EAP-TLS/PEAP/TTLS
+ authentication attempt
+ * allow EAP-PEAP/TTLS fast reauthentication only if Phase 2 succeeded
+ in the previous authentication (previously, only Phase 1 success was
+ verified)
+
+2005-01-09 - v0.3.4
+ * added preliminary support for IBSS (ad-hoc) mode configuration
+ (mode=1 in network block); this included a new key_mgmt mode
+ WPA-NONE, i.e., TKIP or CCMP with a fixed key (based on psk) and no
+ key management; see wpa_supplicant.conf for more details and an
+ example on how to configure this (note: this is currently implemented
+ only for driver_hostapd.c, but the changes should be trivial to add
+ in associate() handler for other drivers, too (assuming the driver
+ supports WPA-None)
+ * added preliminary port for native Windows (i.e., no cygwin) using
+ mingw
+
+2005-01-02 - v0.3.3
+ * added optional support for GNU Readline and History Libraries for
+ wpa_cli (CONFIG_READLINE)
+ * cleaned up EAP state machine <-> method interface and number of
+ small problems with error case processing not terminating on
+ EAP-Failure but waiting for timeout
+ * added couple of workarounds for interoperability issues with a
+ Cisco AP when using WPA2
+ * added support for EAP-FAST (draft-cam-winget-eap-fast-00.txt);
+ Note: This requires a patch for openssl to add support for TLS
+ extensions and number of workarounds for operations without
+ certificates. Proof of concept type of experimental patch is
+ included in openssl-tls-extensions.patch.
+
+2004-12-19 - v0.3.2
+ * fixed private key loading for cases where passphrase is not set
+ * fixed Windows/cygwin L2 packet handler freeing; previous version
+ could cause a segfault when RSN pre-authentication was completed
+ * added support for PMKSA caching with drivers that generate RSN IEs
+ (e.g., NDIS); currently, this is only implemented in driver_ndis.c,
+ but similar code can be easily added to driver_ndiswrapper.c once
+ ndiswrapper gets full support for RSN PMKSA caching
+ * improved recovery from PMKID mismatches by requesting full EAP
+ authentication in case of failed PMKSA caching attempt
+ * driver_ndis: added support for NDIS NdisMIncidateStatus() events
+ (this requires that ndis_events is ran while wpa_supplicant is
+ running)
+ * driver_ndis: use ADD_WEP/REMOVE_WEP when configuring WEP keys
+ * added support for driver interfaces to replace the interface name
+ based on driver/OS specific mapping, e.g., in case of driver_ndis,
+ this allows the beginning of the adapter description to be used as
+ the interface name
+ * added support for CR+LF (Windows-style) line ends in configuration
+ file
+ * driver_ndis: enable radio before starting scanning, disable radio
+ when exiting
+ * modified association event handler to set portEnabled = FALSE before
+ clearing port Valid in order to reset EAP state machine and avoid
+ problems with new authentication getting ignored because of state
+ machines ending up in AUTHENTICATED/SUCCESS state based on old
+ information
+ * added support for driver events to add PMKID candidates in order to
+ allow drivers to give priority to most likely roaming candidates
+ * driver_hostap: moved PrivacyInvoked configuration to associate()
+ function so that this will not be set for plaintext connections
+ * added KEY_MGMT_802_1X_NO_WPA as a new key_mgmt type so that driver
+ interface can distinguish plaintext and IEEE 802.1X (no WPA)
+ authentication
+ * fixed static WEP key configuration to use broadcast/default type for
+ all keys (previously, the default TX key was configured as pairwise/
+ unicast key)
+ * driver_ndis: added legacy WPA capability detection for non-WPA2
+ drivers
+ * added support for setting static WEP keys for IEEE 802.1X without
+ dynamic WEP keying (eapol_flags=0)
+
+2004-12-12 - v0.3.1
+ * added support for reading PKCS#12 (PFX) files (as a replacement for
+ PEM/DER) to get certificate and private key (CONFIG_PKCS12)
+ * fixed compilation with CONFIG_PCSC=y
+ * added new ap_scan mode, ap_scan=2, for drivers that take care of
+ association, but need to be configured with security policy and SSID,
+ e.g., ndiswrapper and NDIS driver; this mode should allow such
+ drivers to work with hidden SSIDs and optimized roaming; when
+ ap_scan=2 is used, only the first network block in the configuration
+ file is used and this configuration should have explicit security
+ policy (i.e., only one option in the lists) for key_mgmt, pairwise,
+ group, proto variables
+ * added experimental port of wpa_supplicant for Windows
+ - driver_ndis.c driver interface (NDIS OIDs)
+ - currently, this requires cygwin and WinPcap
+ - small utility, win_if_list, can be used to get interface name
+ * control interface can now be removed at build time; add
+ CONFIG_CTRL_IFACE=y to .config to maintain old functionality
+ * optional Xsupplicant interface can now be removed at build time;
+ (CONFIG_XSUPPLICANT_IFACE=y in .config to bring it back)
+ * added auth_alg to driver interface associate() parameters to make it
+ easier for drivers to configure authentication algorithm as part of
+ the association
+
+2004-12-05 - v0.3.0 (beginning of 0.3.x development releases)
+ * driver_broadcom: added new driver interface for Broadcom wl.o driver
+ (a generic driver for Broadcom IEEE 802.11a/g cards)
+ * wpa_cli: fixed parsing of -p <path> command line argument
+ * PEAPv1: fixed tunneled EAP-Success reply handling to reply with TLS
+ ACK, not tunneled EAP-Success (of which only the first byte was
+ actually send due to a bug in previous code); this seems to
+ interoperate with most RADIUS servers that implements PEAPv1
+ * PEAPv1: added support for terminating PEAP authentication on tunneled
+ EAP-Success message; this can be configured by adding
+ peap_outer_success=0 on phase1 parameters in wpa_supplicant.conf
+ (some RADIUS servers require this whereas others require a tunneled
+ reply
+ * PEAPv1: changed phase1 option peaplabel to use default to 0, i.e., to
+ the old label for key derivation; previously, the default was 1,
+ but it looks like most existing PEAPv1 implementations use the old
+ label which is thus more suitable default option
+ * added support for EAP-PSK (draft-bersani-eap-psk-03.txt)
+ * fixed parsing of wep_tx_keyidx
+ * added support for configuring list of allowed Phase 2 EAP types
+ (for both EAP-PEAP and EAP-TTLS) instead of only one type
+ * added support for configuring IEEE 802.11 authentication algorithm
+ (auth_alg; mainly for using Shared Key authentication with static
+ WEP keys)
+ * added support for EAP-AKA (with UMTS SIM)
+ * fixed couple of errors in PCSC handling that could have caused
+ random-looking errors for EAP-SIM
+ * added support for EAP-SIM pseudonyms and fast re-authentication
+ * added support for EAP-TLS/PEAP/TTLS fast re-authentication (TLS
+ session resumption)
+ * added support for EAP-SIM with two challanges
+ (phase1="sim_min_num_chal=3" can be used to require three challenges)
+ * added support for configuring DH/DSA parameters for an ephemeral DH
+ key exchange (EAP-TLS/PEAP/TTLS) using new configuration parameters
+ dh_file and dh_file2 (phase 2); this adds support for using DSA keys
+ and optional DH key exchange to achieve forward secracy with RSA keys
+ * added support for matching subject of the authentication server
+ certificate with a substring when using EAP-TLS/PEAP/TTLS; new
+ configuration variables subject_match and subject_match2
+ * changed SSID configuration in driver_wext.c (used by many driver
+ interfaces) to use ssid_len+1 as the length for SSID since some Linux
+ drivers expect this
+ * fixed couple of unaligned reads in scan result parsing to fix WPA
+ connection on some platforms (e.g., ARM)
+ * added driver interface for Intel ipw2100 driver
+ * added support for LEAP with WPA
+ * added support for larger scan results report (old limit was 4 kB of
+ data, i.e., about 35 or so APs) when using Linux wireless extensions
+ v17 or newer
+ * fixed a bug in PMKSA cache processing: skip sending of EAPOL-Start
+ only if there is a PMKSA cache entry for the current AP
+ * fixed error handling for case where reading of scan results fails:
+ must schedule a new scan or wpa_supplicant will remain waiting
+ forever
+ * changed debug output to remove shared password/key material by
+ default; all key information can be included with -K command line
+ argument to match the previous behavior
+ * added support for timestamping debug log messages (disabled by
+ default, can be enabled with -t command line argument)
+ * set pairwise/group cipher suite for non-WPA IEEE 802.1X to WEP-104
+ if keys are not configured to be used; this fixes IEEE 802.1X mode
+ with drivers that use this information to configure whether Privacy
+ bit can be in Beacon frames (e.g., ndiswrapper)
+ * avoid clearing driver keys if no keys have been configured since last
+ key clear request; this seems to improve reliability of group key
+ handshake for ndiswrapper & NDIS driver which seems to be suffering
+ of some kind of timing issue when the keys are cleared again after
+ association
+ * changed driver interface API:
+ - WPA_SUPPLICANT_DRIVER_VERSION define can be used to determine which
+ version is being used (now, this is set to 2; previously, it was
+ not defined)
+ - pass pointer to private data structure to all calls
+ - the new API is not backwards compatible; all in-tree driver
+ interfaces has been converted to the new API
+ * added support for controlling multiple interfaces (radios) per
+ wpa_supplicant process; each interface needs to be listed on the
+ command line (-c, -i, -D arguments) with -N as a separator
+ (-cwpa1.conf -iwlan0 -Dhostap -N -cwpa2.conf -iath0 -Dmadwifi)
+ * added a workaround for EAP servers that incorrectly use same Id for
+ sequential EAP packets
+ * changed libpcap/libdnet configuration to use .config variable,
+ CONFIG_DNET_PCAP, instead of requiring Makefile modification
+ * improved downgrade attack detection in IE verification of msg 3/4:
+ verify both WPA and RSN IEs, if present, not only the selected one;
+ reject the AP if an RSN IE is found in msg 3/4, but not in Beacon or
+ Probe Response frame, and RSN is enabled in wpa_supplicant
+ configuration
+ * fixed WPA msg 3/4 processing to allow Key Data field contain other
+ IEs than just one WPA IE
+ * added support for FreeBSD and driver interface for the BSD net80211
+ layer (CONFIG_DRIVER_BSD=y in .config); please note that some of the
+ required kernel mods have not yet been committed
+ * made EAP workarounds configurable; enabled by default, can be
+ disabled with network block option eap_workaround=0
+
+2004-07-17 - v0.2.4 (beginning of 0.2.x stable releases)
+ * resolved couple of interoperability issues with EAP-PEAPv1 and
+ Phase 2 (inner EAP) fragment reassembly
+ * driver_madwifi: fixed WEP key configuration for IEEE 802.1X when the
+ AP is using non-zero key index for the unicast key and key index zero
+ for the broadcast key
+ * driver_hostap: fixed IEEE 802.1X WEP key updates and
+ re-authentication by allowing unencrypted EAPOL frames when not using
+ WPA
+ * added a new driver interface, 'wext', which uses only standard,
+ driver independent functionality in Linux wireless extensions;
+ currently, this can be used only for non-WPA IEEE 802.1X mode, but
+ eventually, this is to be extended to support full WPA/WPA2 once
+ Linux wireless extensions get support for this
+ * added support for mode in which the driver is responsible for AP
+ scanning and selection; this is disabled by default and can be
+ enabled with global ap_scan=0 variable in wpa_supplicant.conf;
+ this mode can be used, e.g., with generic 'wext' driver interface to
+ use wpa_supplicant as IEEE 802.1X Supplicant with any Linux driver
+ supporting wireless extensions.
+ * driver_madwifi: fixed WPA2 configuration and scan_ssid=1 (e.g.,
+ operation with an AP that does not include SSID in the Beacon frames)
+ * added support for new EAP authentication methods:
+ EAP-TTLS/EAP-OTP, EAP-PEAPv0/OTP, EAP-PEAPv1/OTP, EAP-OTP
+ * added support for asking one-time-passwords from frontends (e.g.,
+ wpa_cli); this 'otp' command works otherwise like 'password' command,
+ but the password is used only once and the frontend will be asked for
+ a new password whenever a request from authenticator requires a
+ password; this can be used with both EAP-OTP and EAP-GTC
+ * changed wpa_cli to automatically re-establish connection so that it
+ does not need to be re-started when wpa_supplicant is terminated and
+ started again
+ * improved user data (identity/password/otp) requests through
+ frontends: process pending EAPOL packets after getting new
+ information so that full authentication does not need to be
+ restarted; in addition, send pending requests again whenever a new
+ frontend is attached
+ * changed control frontends to use a new directory for socket files to
+ make it easier for wpa_cli to automatically select between interfaces
+ and to provide access control for the control interface;
+ wpa_supplicant.conf: ctrl_interface is now a path
+ (/var/run/wpa_supplicant is the recommended path) and
+ ctrl_interface_group can be used to select which group gets access to
+ the control interface;
+ wpa_cli: by default, try to connect to the first interface available
+ in /var/run/wpa_supplicant; this path can be overriden with -p option
+ and an interface can be selected with -i option (i.e., in most common
+ cases, wpa_cli does not need to get any arguments)
+ * added support for LEAP
+ * added driver interface for Linux ndiswrapper
+ * added priority option for network blocks in the configuration file;
+ this allows networks to be grouped based on priority (the scan
+ results are searched for matches with network blocks in this order)
+
+2004-06-20 - v0.2.3
+ * sort scan results to improve AP selection
+ * fixed control interface socket removal for some error cases
+ * improved scan requesting and authentication timeout
+ * small improvements/bug fixes for EAP-MSCHAPv2, EAP-PEAP, and
+ TLS processing
+ * PEAP version can now be forced with phase1="peapver=<ver>"
+ (mostly for testing; by default, the highest version supported by
+ both the Supplicant and Authentication Server is selected
+ automatically)
+ * added support for madwifi driver (Atheros ar521x)
+ * added a workaround for cases where AP sets Install Tx/Rx bit for
+ WPA Group Key messages when pairwise keys are used (without this,
+ the Group Key would be used for Tx and the AP would drop frames
+ from the station)
+ * added GSM SIM/USIM interface for GSM authentication algorithm for
+ EAP-SIM; this requires pcsc-lite
+ * added support for ATMEL AT76C5XXx driver
+ * fixed IEEE 802.1X WEP key derivation in the case where Authenticator
+ does not include key data in the EAPOL-Key frame (i.e., part of
+ EAP keying material is used as data encryption key)
+ * added support for using plaintext and static WEP networks
+ (key_mgmt=NONE)
+
+2004-05-31 - v0.2.2
+ * added support for new EAP authentication methods:
+ EAP-TTLS/EAP-MD5-Challenge
+ EAP-TTLS/EAP-GTC
+ EAP-TTLS/EAP-MSCHAPv2
+ EAP-TTLS/EAP-TLS
+ EAP-TTLS/MSCHAPv2
+ EAP-TTLS/MSCHAP
+ EAP-TTLS/PAP
+ EAP-TTLS/CHAP
+ EAP-PEAP/TLS
+ EAP-PEAP/GTC
+ EAP-PEAP/MD5-Challenge
+ EAP-GTC
+ EAP-SIM (not yet complete; needs GSM/SIM authentication interface)
+ * added support for anonymous identity (to be used when identity is
+ sent in plaintext; real identity will be used within TLS protected
+ tunnel (e.g., with EAP-TTLS)
+ * added event messages from wpa_supplicant to frontends, e.g., wpa_cli
+ * added support for requesting identity and password information using
+ control interface; in other words, the password for EAP-PEAP or
+ EAP-TTLS does not need to be included in the configuration file since
+ a frontand (e.g., wpa_cli) can ask it from the user
+ * improved RSN pre-authentication to use a candidate list and process
+ all candidates from each scan; not only one per scan
+ * fixed RSN IE and WPA IE capabilities field parsing
+ * ignore Tx bit in GTK IE when Pairwise keys are used
+ * avoid making new scan requests during IEEE 802.1X negotiation
+ * use openssl/libcrypto for MD5 and SHA-1 when compiling wpa_supplicant
+ with TLS support (this replaces the included implementation with
+ library code to save about 8 kB since the library code is needed
+ anyway for TLS)
+ * fixed WPA-PSK only mode when compiled without IEEE 802.1X support
+ (i.e., without CONFIG_IEEE8021X_EAPOL=y in .config)
+
+2004-05-06 - v0.2.1
+ * added support for internal IEEE 802.1X (actually, IEEE 802.1aa/D6.1)
+ Supplicant
+ - EAPOL state machines for Supplicant [IEEE 802.1aa/D6.1]
+ - EAP peer state machine [draft-ietf-eap-statemachine-02.pdf]
+ - EAP-MD5 (cannot be used with WPA-RADIUS)
+ [draft-ietf-eap-rfc2284bis-09.txt]
+ - EAP-TLS [RFC 2716]
+ - EAP-MSCHAPv2 (currently used only with EAP-PEAP)
+ - EAP-PEAP/MSCHAPv2 [draft-josefsson-pppext-eap-tls-eap-07.txt]
+ [draft-kamath-pppext-eap-mschapv2-00.txt]
+ (PEAP version 0, 1, and parts of 2; only 0 and 1 are enabled by
+ default; tested with FreeRADIUS, Microsoft IAS, and Funk Odyssey)
+ - new configuration file options: eap, identity, password, ca_cert,
+ client_cert, privatekey, private_key_passwd
+ - Xsupplicant is not required anymore, but it can be used by
+ disabling the internal IEEE 802.1X Supplicant with -e command line
+ option
+ - this code is not included in the default build; Makefile need to
+ be edited for this (uncomment lines for selected functionality)
+ - EAP-TLS and EAP-PEAP require openssl libraries
+ * use module prefix in debug messages (WPA, EAP, EAP-TLS, ..)
+ * added support for non-WPA IEEE 802.1X mode with dynamic WEP keys
+ (i.e., complete IEEE 802.1X/EAP authentication and use IEEE 802.1X
+ EAPOL-Key frames instead of WPA key handshakes)
+ * added support for IEEE 802.11i/RSN (WPA2)
+ - improved PTK Key Handshake
+ - PMKSA caching, pre-authentication
+ * fixed wpa_supplicant to ignore possible extra data after WPA
+ EAPOL-Key packets (this fixes 'Invalid EAPOL-Key MIC when using
+ TPTK' error from message 3 of 4-Way Handshake in case the AP
+ includes extra data after the EAPOL-Key)
+ * added interface for external programs (frontends) to control
+ wpa_supplicant
+ - CLI example (wpa_cli) with interactive mode and command line
+ mode
+ - replaced SIGUSR1 status/statistics with the new control interface
+ * made some feature compile time configurable
+ - .config file for make
+ - driver interfaces (hostap, hermes, ..)
+ - EAPOL/EAP functions
+
+2004-02-15 - v0.2.0
+ * Initial version of wpa_supplicant
View
0 MODULE_LICENSE_BSD_LIKE
No changes.
View
914 Makefile
@@ -0,0 +1,914 @@
+ifndef CC
+CC=gcc
+endif
+
+ifndef CFLAGS
+CFLAGS = -MMD -O2 -Wall -g
+endif
+
+# Include directories for CVS version
+CFLAGS += -I. -I../utils -I../hostapd
+
+ALL=wpa_supplicant wpa_passphrase wpa_cli
+
+all: verify_config $(ALL) dynamic_eap_methods
+
+verify_config:
+ @if [ ! -r .config ]; then \
+ echo 'Building wpa_supplicant requires a configuration file'; \
+ echo '(.config). See README for more instructions. You can'; \
+ echo 'run "cp defconfig .config" to create an example'; \
+ echo 'configuration.'; \
+ exit 1; \
+ fi
+
+mkconfig:
+ @if [ -e .config ]; then \
+ echo '.config exists - did not replace it'; \
+ exit 1; \
+ fi
+ echo CONFIG_DRIVER_HOSTAP=y >> .config
+ echo CONFIG_DRIVER_WEXT=y >> .config
+ echo CONFIG_WIRELESS_EXTENSION=y >> .config
+
+install: all
+ mkdir -p $(DESTDIR)/usr/local/sbin/
+ for i in $(ALL); do cp $$i $(DESTDIR)/usr/local/sbin/$$i; done
+
+OBJS = config.o \
+ common.o md5.o md4.o \
+ rc4.o sha1.o des.o
+OBJS_p = wpa_passphrase.o sha1.o md5.o md4.o \
+ common.o des.o
+OBJS_c = wpa_cli.o wpa_ctrl.o
+
+-include .config
+
+ifndef CONFIG_OS
+ifdef CONFIG_NATIVE_WINDOWS
+CONFIG_OS=win32
+else
+CONFIG_OS=unix
+endif
+endif
+
+ifeq ($(CONFIG_OS), internal)
+CFLAGS += -DOS_NO_C_LIB_DEFINES
+endif
+
+OBJS += os_$(CONFIG_OS).o
+OBJS_p += os_$(CONFIG_OS).o
+OBJS_c += os_$(CONFIG_OS).o
+
+ifndef CONFIG_ELOOP
+CONFIG_ELOOP=eloop
+endif
+OBJS += $(CONFIG_ELOOP).o
+
+
+ifdef CONFIG_EAPOL_TEST
+CFLAGS += -Werror -DEAPOL_TEST
+endif
+
+ifndef CONFIG_BACKEND
+CONFIG_BACKEND=file
+endif
+
+ifeq ($(CONFIG_BACKEND), file)
+OBJS += config_file.o base64.o
+CFLAGS += -DCONFIG_BACKEND_FILE
+endif
+
+ifeq ($(CONFIG_BACKEND), winreg)
+OBJS += config_winreg.o
+endif
+
+ifeq ($(CONFIG_BACKEND), none)
+OBJS += config_none.o
+endif
+
+ifdef CONFIG_DRIVER_HOSTAP
+CFLAGS += -DCONFIG_DRIVER_HOSTAP
+OBJS_d += driver_hostap.o
+CONFIG_WIRELESS_EXTENSION=y
+endif
+
+ifdef CONFIG_DRIVER_WEXT
+CFLAGS += -DCONFIG_DRIVER_WEXT
+CONFIG_WIRELESS_EXTENSION=y
+endif
+
+ifdef CONFIG_DRIVER_PRISM54
+CFLAGS += -DCONFIG_DRIVER_PRISM54
+OBJS_d += driver_prism54.o
+CONFIG_WIRELESS_EXTENSION=y
+endif
+
+ifdef CONFIG_DRIVER_HERMES
+CFLAGS += -DCONFIG_DRIVER_HERMES
+OBJS_d += driver_hermes.o
+CONFIG_WIRELESS_EXTENSION=y
+endif
+
+ifdef CONFIG_DRIVER_MADWIFI
+CFLAGS += -DCONFIG_DRIVER_MADWIFI
+OBJS_d += driver_madwifi.o
+CONFIG_WIRELESS_EXTENSION=y
+endif
+
+ifdef CONFIG_DRIVER_ATMEL
+CFLAGS += -DCONFIG_DRIVER_ATMEL
+OBJS_d += driver_atmel.o
+CONFIG_WIRELESS_EXTENSION=y
+endif
+
+ifdef CONFIG_DRIVER_NDISWRAPPER
+CFLAGS += -DCONFIG_DRIVER_NDISWRAPPER
+OBJS_d += driver_ndiswrapper.o
+CONFIG_WIRELESS_EXTENSION=y
+endif
+
+ifdef CONFIG_DRIVER_BROADCOM
+CFLAGS += -DCONFIG_DRIVER_BROADCOM
+OBJS_d += driver_broadcom.o
+endif
+
+ifdef CONFIG_DRIVER_IPW
+CFLAGS += -DCONFIG_DRIVER_IPW
+OBJS_d += driver_ipw.o
+CONFIG_WIRELESS_EXTENSION=y
+endif
+
+ifdef CONFIG_DRIVER_BSD
+CFLAGS += -DCONFIG_DRIVER_BSD
+OBJS_d += driver_bsd.o
+ifndef CONFIG_L2_PACKET
+CONFIG_L2_PACKET=freebsd
+endif
+endif
+
+ifdef CONFIG_DRIVER_NDIS
+CFLAGS += -DCONFIG_DRIVER_NDIS
+OBJS_d += driver_ndis.o driver_ndis_.o
+ifndef CONFIG_L2_PACKET
+CONFIG_L2_PACKET=pcap
+endif
+CONFIG_WINPCAP=y
+ifdef CONFIG_USE_NDISUIO
+CFLAGS += -DCONFIG_USE_NDISUIO
+endif
+endif
+
+ifdef CONFIG_DRIVER_WIRED
+CFLAGS += -DCONFIG_DRIVER_WIRED
+OBJS_d += driver_wired.o
+endif
+
+ifdef CONFIG_DRIVER_TEST
+CFLAGS += -DCONFIG_DRIVER_TEST
+OBJS_d += driver_test.o
+endif
+
+ifndef CONFIG_L2_PACKET
+CONFIG_L2_PACKET=linux
+endif
+
+OBJS += l2_packet_$(CONFIG_L2_PACKET).o
+
+ifeq ($(CONFIG_L2_PACKET), pcap)
+ifdef CONFIG_WINPCAP
+CFLAGS += -DCONFIG_WINPCAP
+LIBS += -lwpcap -lpacket
+LIBS_w += -lwpcap
+else
+LIBS += -ldnet -lpcap
+endif
+endif
+
+ifeq ($(CONFIG_L2_PACKET), winpcap)
+LIBS += -lwpcap -lpacket
+LIBS_w += -lwpcap
+endif
+
+ifeq ($(CONFIG_L2_PACKET), freebsd)
+LIBS += -lpcap
+endif
+
+ifdef CONFIG_EAP_TLS
+# EAP-TLS
+ifeq ($(CONFIG_EAP_TLS), dyn)
+CFLAGS += -DEAP_TLS_DYNAMIC
+EAPDYN += eap_tls.so
+else
+CFLAGS += -DEAP_TLS
+OBJS += eap_tls.o
+endif
+TLS_FUNCS=y
+CONFIG_IEEE8021X_EAPOL=y
+endif
+
+ifdef CONFIG_EAP_PEAP
+# EAP-PEAP
+ifeq ($(CONFIG_EAP_PEAP), dyn)
+CFLAGS += -DEAP_PEAP_DYNAMIC
+EAPDYN += eap_peap.so
+else
+CFLAGS += -DEAP_PEAP
+OBJS += eap_peap.o
+endif
+TLS_FUNCS=y
+CONFIG_IEEE8021X_EAPOL=y
+CONFIG_EAP_TLV=y
+endif
+
+ifdef CONFIG_EAP_TTLS
+# EAP-TTLS
+ifeq ($(CONFIG_EAP_TTLS), dyn)
+CFLAGS += -DEAP_TTLS_DYNAMIC
+EAPDYN += eap_ttls.so
+else
+CFLAGS += -DEAP_TTLS
+OBJS += eap_ttls.o
+endif
+MS_FUNCS=y
+TLS_FUNCS=y
+CONFIG_IEEE8021X_EAPOL=y
+endif
+
+ifdef CONFIG_EAP_MD5
+# EAP-MD5
+ifeq ($(CONFIG_EAP_MD5), dyn)
+CFLAGS += -DEAP_MD5_DYNAMIC
+EAPDYN += eap_md5.so
+else
+CFLAGS += -DEAP_MD5
+OBJS += eap_md5.o
+endif
+CONFIG_IEEE8021X_EAPOL=y
+endif
+
+# backwards compatibility for old spelling
+ifdef CONFIG_MSCHAPV2
+ifndef CONFIG_EAP_MSCHAPV2
+CONFIG_EAP_MSCHAPV2=y
+endif
+endif
+
+ifdef CONFIG_EAP_MSCHAPV2
+# EAP-MSCHAPv2
+ifeq ($(CONFIG_EAP_MSCHAPV2), dyn)
+CFLAGS += -DEAP_MSCHAPv2_DYNAMIC
+EAPDYN += eap_mschapv2.so
+else
+CFLAGS += -DEAP_MSCHAPv2
+OBJS += eap_mschapv2.o
+endif
+MS_FUNCS=y
+CONFIG_IEEE8021X_EAPOL=y
+endif
+
+ifdef CONFIG_EAP_GTC
+# EAP-GTC
+ifeq ($(CONFIG_EAP_GTC), dyn)
+CFLAGS += -DEAP_GTC_DYNAMIC
+EAPDYN += eap_gtc.so
+else
+CFLAGS += -DEAP_GTC
+OBJS += eap_gtc.o
+endif
+CONFIG_IEEE8021X_EAPOL=y
+endif
+
+ifdef CONFIG_EAP_OTP
+# EAP-OTP
+ifeq ($(CONFIG_EAP_OTP), dyn)
+CFLAGS += -DEAP_OTP_DYNAMIC
+EAPDYN += eap_otp.so
+else
+CFLAGS += -DEAP_OTP
+OBJS += eap_otp.o
+endif
+CONFIG_IEEE8021X_EAPOL=y
+endif
+
+ifdef CONFIG_EAP_SIM
+# EAP-SIM
+ifeq ($(CONFIG_EAP_SIM), dyn)
+CFLAGS += -DEAP_SIM_DYNAMIC
+EAPDYN += eap_sim.so
+else
+CFLAGS += -DEAP_SIM
+OBJS += eap_sim.o
+endif
+CONFIG_IEEE8021X_EAPOL=y
+CONFIG_EAP_SIM_COMMON=y
+endif
+
+ifdef CONFIG_EAP_LEAP
+# EAP-LEAP
+ifeq ($(CONFIG_EAP_LEAP), dyn)
+CFLAGS += -DEAP_LEAP_DYNAMIC
+EAPDYN += eap_leap.so
+else
+CFLAGS += -DEAP_LEAP
+OBJS += eap_leap.o
+endif
+MS_FUNCS=y
+CONFIG_IEEE8021X_EAPOL=y
+endif
+
+ifdef CONFIG_EAP_PSK
+# EAP-PSK
+ifeq ($(CONFIG_EAP_PSK), dyn)
+CFLAGS += -DEAP_PSK_DYNAMIC
+EAPDYN += eap_psk.so
+else
+CFLAGS += -DEAP_PSK
+OBJS += eap_psk.o eap_psk_common.o
+endif
+CONFIG_IEEE8021X_EAPOL=y
+NEED_AES=y
+endif
+
+ifdef CONFIG_EAP_AKA
+# EAP-AKA
+ifeq ($(CONFIG_EAP_AKA), dyn)
+CFLAGS += -DEAP_AKA_DYNAMIC
+EAPDYN += eap_aka.so
+else
+CFLAGS += -DEAP_AKA
+OBJS += eap_aka.o
+endif
+CONFIG_IEEE8021X_EAPOL=y
+CONFIG_EAP_SIM_COMMON=y
+endif
+
+ifdef CONFIG_EAP_SIM_COMMON
+OBJS += eap_sim_common.o
+NEED_AES=y
+endif
+
+ifdef CONFIG_EAP_TLV
+# EAP-TLV
+CFLAGS += -DEAP_TLV
+OBJS += eap_tlv.o
+endif
+
+ifdef CONFIG_EAP_FAST
+# EAP-FAST
+ifeq ($(CONFIG_EAP_FAST), dyn)
+CFLAGS += -DEAP_FAST_DYNAMIC
+EAPDYN += eap_fast.so
+else
+CFLAGS += -DEAP_FAST
+OBJS += eap_fast.o
+endif
+TLS_FUNCS=y
+endif
+
+ifdef CONFIG_EAP_PAX
+# EAP-PAX
+ifeq ($(CONFIG_EAP_PAX), dyn)
+CFLAGS += -DEAP_PAX_DYNAMIC
+EAPDYN += eap_pax.so
+else
+CFLAGS += -DEAP_PAX
+OBJS += eap_pax.o eap_pax_common.o
+endif
+CONFIG_IEEE8021X_EAPOL=y
+endif
+
+ifdef CONFIG_EAP_SAKE
+# EAP-SAKE
+ifeq ($(CONFIG_EAP_SAKE), dyn)
+CFLAGS += -DEAP_SAKE_DYNAMIC
+EAPDYN += eap_sake.so
+else
+CFLAGS += -DEAP_SAKE
+OBJS += eap_sake.o eap_sake_common.o
+endif
+CONFIG_IEEE8021X_EAPOL=y
+endif
+
+ifdef CONFIG_EAP_GPSK
+# EAP-GPSK
+ifeq ($(CONFIG_EAP_GPSK), dyn)
+CFLAGS += -DEAP_GPSK_DYNAMIC
+EAPDYN += eap_gpsk.so
+else
+CFLAGS += -DEAP_GPSK
+OBJS += eap_gpsk.o eap_gpsk_common.o
+endif
+CONFIG_IEEE8021X_EAPOL=y
+ifdef CONFIG_EAP_GPSK_SHA256
+CFLAGS += -DEAP_GPSK_SHA256
+NEED_SHA256=y
+endif
+endif
+
+ifdef CONFIG_EAP_VENDOR_TEST
+ifeq ($(CONFIG_EAP_VENDOR_TEST), dyn)
+CFLAGS += -DEAP_VENDOR_TEST_DYNAMIC
+EAPDYN += eap_vendor_test.so
+else
+CFLAGS += -DEAP_VENDOR_TEST
+OBJS += eap_vendor_test.o
+endif
+CONFIG_IEEE8021X_EAPOL=y
+endif
+
+ifdef CONFIG_IEEE8021X_EAPOL
+# IEEE 802.1X/EAPOL state machines (e.g., for RADIUS authentication)
+CFLAGS += -DIEEE8021X_EAPOL
+OBJS += eapol_sm.o eap.o eap_methods.o
+ifdef CONFIG_DYNAMIC_EAP_METHODS
+CFLAGS += -DCONFIG_DYNAMIC_EAP_METHODS
+LIBS += -ldl -rdynamic
+endif
+endif
+
+ifdef CONFIG_PCSC
+# PC/SC interface for smartcards (USIM, GSM SIM)
+CFLAGS += -DPCSC_FUNCS -I/usr/include/PCSC
+OBJS += pcsc_funcs.o
+# -lpthread may not be needed depending on how pcsc-lite was configured
+ifdef CONFIG_NATIVE_WINDOWS
+#Once MinGW gets support for WinScard, -lwinscard could be used instead of the
+#dynamic symbol loading that is now used in pcsc_funcs.c
+#LIBS += -lwinscard
+else
+LIBS += -lpcsclite -lpthread
+endif
+endif
+
+ifndef CONFIG_TLS
+CONFIG_TLS=openssl
+endif
+
+ifeq ($(CONFIG_TLS), internal)
+ifndef CONFIG_CRYPTO
+CONFIG_CRYPTO=internal
+endif
+endif
+ifeq ($(CONFIG_CRYPTO), libtomcrypt)
+CFLAGS += -DCONFIG_INTERNAL_X509
+endif
+ifeq ($(CONFIG_CRYPTO), internal)
+CFLAGS += -DCONFIG_INTERNAL_X509
+endif
+
+
+ifdef TLS_FUNCS
+# Shared TLS functions (needed for EAP_TLS, EAP_PEAP, EAP_TTLS, and EAP_FAST)
+CFLAGS += -DEAP_TLS_FUNCS
+OBJS += eap_tls_common.o
+ifeq ($(CONFIG_TLS), openssl)
+CFLAGS += -DEAP_TLS_OPENSSL
+OBJS += tls_openssl.o
+LIBS += -lssl -lcrypto
+LIBS_p += -lcrypto
+endif
+ifeq ($(CONFIG_TLS), gnutls)
+OBJS += tls_gnutls.o
+LIBS += -lgnutls -lgcrypt -lgpg-error
+LIBS_p += -lgcrypt
+ifdef CONFIG_GNUTLS_EXTRA
+CFLAGS += -DCONFIG_GNUTLS_EXTRA
+LIBS += -lgnutls-extra
+endif
+endif
+ifeq ($(CONFIG_TLS), schannel)
+OBJS += tls_schannel.o
+endif
+ifeq ($(CONFIG_TLS), internal)
+OBJS += tls_internal.o tlsv1_common.o tlsv1_client.o asn1.o x509v3.o
+OBJS_p += asn1.o rc4.o aes_wrap.o
+ifneq ($(CONFIG_BACKEND), file)
+OBJS += base64.o
+endif
+CFLAGS += -DCONFIG_TLS_INTERNAL
+ifeq ($(CONFIG_CRYPTO), internal)
+ifdef CONFIG_INTERNAL_LIBTOMMATH
+CFLAGS += -DCONFIG_INTERNAL_LIBTOMMATH
+else
+LIBS += -ltommath
+LIBS_p += -ltommath
+endif
+endif
+ifeq ($(CONFIG_CRYPTO), libtomcrypt)
+LIBS += -ltomcrypt -ltfm
+LIBS_p += -ltomcrypt -ltfm
+endif
+endif
+ifeq ($(CONFIG_TLS), none)
+OBJS += tls_none.o
+CFLAGS += -DEAP_TLS_NONE
+CONFIG_INTERNAL_AES=y
+CONFIG_INTERNAL_SHA1=y
+CONFIG_INTERNAL_MD5=y
+CONFIG_INTERNAL_SHA256=y
+endif