Re: wpa_supplicant 2.4 / 2.5 Openssl TLS-PRF Problem

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



OpenSSL Version is 1.0.1k-fips 8 Jan 2015 from Fedora 22.

Any idea which version they changed it?

Thanks
Thomas

On 1 Apr 2016, at 11:32, Jouni Malinen wrote:

> On Fri, Apr 01, 2016 at 11:17:34AM +0200, Thomas Rosenstein wrote:
>> I have got a problem with the TLS-PRF function for key derivation in
>> wpa_supplicant.
>>
>> With version 2.5 the TLS-PRF-SHA256 for TLS1.2 was added to the
>> source code, but by default it's using the OpenSSL Implementation.
>>
>> I have implemented a Radius Server thats using the same function,
>> when commenting out the OpenSSL call wpa_supplicant derives the same
>> key as my application, therefore the connection works.
>> If the OpenSSL implementation is used the keys differ.
>
> Which OpenSSL version are you using here?
>
>> As you can see the wpa_supplicant implementation returns the same
>> MSK as my implementation. Either BOTH of them are defective or
>> OpenSSL is doing something shady.
>>
>> Does someone have insight into the OpenSSL implementation and why
>> it's returning "a wrong" key?
>
> There is a known bug in the OpenSSL implementation of the key extraction
> API that got fixed without much notice in the changelogs.. I'd assume
> you are hitting this and if you were to update OpenSSL, you'd see this
> issue disappear.
>
> -- 
> Jouni Malinen                                            PGP id EFC895FA

_______________________________________________
Hostap mailing list
Hostap@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/hostap



[Index of Archives]     [Linux Wireless]     [Linux Kernel]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Device Mapper]

  Powered by Linux