Re: wpa_supplicant 2.4 / 2.5 Openssl TLS-PRF Problem

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, Apr 01, 2016 at 11:37:40AM +0200, Thomas Rosenstein wrote:
> OpenSSL Version is 1.0.1k-fips 8 Jan 2015 from Fedora 22.
> 
> Any idea which version they changed it?

The issue I was thinking of was fixed with this commit:
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=4fdf917

It was present in OpenSSL 1.0.1f but should be fixed in 1.0.1h and I'd
assume that would include 1.0.1k in Fedora if that really is based on
1.0.1k and not just some important fixes being pulled into an earlier
snapshot. I think this issue is still present in the Ubuntu 14.04
package for example, but that is identified as 1.0.1f-1ubuntu2.18.

So if it is not that one, then something else.. Which TLS cipher suite
are you using here and what kind of X.509 certificate(s) (mainly, the
signature algorithms)? Please note that the hash function changes and
the wpa_supplicant implementation of the internal key derivation does
not support this correctly for some cases (which is one of the reason
for that use of SSL_export_keying_material() being used in the first
place).

-- 
Jouni Malinen                                            PGP id EFC895FA

_______________________________________________
Hostap mailing list
Hostap@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/hostap



[Index of Archives]     [Linux Wireless]     [Linux Kernel]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Device Mapper]

  Powered by Linux