wpa_supplicant 2.4 / 2.5 Openssl TLS-PRF Problem

Jouni Malinen j at w1.fi
Fri Apr 1 02:32:18 PDT 2016

On Fri, Apr 01, 2016 at 11:17:34AM +0200, Thomas Rosenstein wrote:
> I have got a problem with the TLS-PRF function for key derivation in
> wpa_supplicant.
> With version 2.5 the TLS-PRF-SHA256 for TLS1.2 was added to the
> source code, but by default it's using the OpenSSL Implementation.
> I have implemented a Radius Server thats using the same function,
> when commenting out the OpenSSL call wpa_supplicant derives the same
> key as my application, therefore the connection works.
> If the OpenSSL implementation is used the keys differ.

Which OpenSSL version are you using here?

> As you can see the wpa_supplicant implementation returns the same
> MSK as my implementation. Either BOTH of them are defective or
> OpenSSL is doing something shady.
> Does someone have insight into the OpenSSL implementation and why
> it's returning "a wrong" key?

There is a known bug in the OpenSSL implementation of the key extraction
API that got fixed without much notice in the changelogs.. I'd assume
you are hitting this and if you were to update OpenSSL, you'd see this
issue disappear.

Jouni Malinen                                            PGP id EFC895FA

More information about the Hostap mailing list