OpenSSL Version is 1.0.1k-fips 8 Jan 2015 from Fedora 22. Any idea which version they changed it? Thanks Thomas On 1 Apr 2016, at 11:32, Jouni Malinen wrote: > On Fri, Apr 01, 2016 at 11:17:34AM +0200, Thomas Rosenstein wrote: >> I have got a problem with the TLS-PRF function for key derivation in >> wpa_supplicant. >> >> With version 2.5 the TLS-PRF-SHA256 for TLS1.2 was added to the >> source code, but by default it's using the OpenSSL Implementation. >> >> I have implemented a Radius Server thats using the same function, >> when commenting out the OpenSSL call wpa_supplicant derives the same >> key as my application, therefore the connection works. >> If the OpenSSL implementation is used the keys differ. > > Which OpenSSL version are you using here? > >> As you can see the wpa_supplicant implementation returns the same >> MSK as my implementation. Either BOTH of them are defective or >> OpenSSL is doing something shady. >> >> Does someone have insight into the OpenSSL implementation and why >> it's returning "a wrong" key? > > There is a known bug in the OpenSSL implementation of the key extraction > API that got fixed without much notice in the changelogs.. I'd assume > you are hitting this and if you were to update OpenSSL, you'd see this > issue disappear. > > -- > Jouni Malinen PGP id EFC895FA _______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap