wpa_supplicant 2.4 / 2.5 Openssl TLS-PRF Problem

Thomas Rosenstein thomas.rosenstein at creamfinance.com
Fri Apr 1 02:37:40 PDT 2016

OpenSSL Version is 1.0.1k-fips 8 Jan 2015 from Fedora 22.

Any idea which version they changed it?


On 1 Apr 2016, at 11:32, Jouni Malinen wrote:

> On Fri, Apr 01, 2016 at 11:17:34AM +0200, Thomas Rosenstein wrote:
>> I have got a problem with the TLS-PRF function for key derivation in
>> wpa_supplicant.
>> With version 2.5 the TLS-PRF-SHA256 for TLS1.2 was added to the
>> source code, but by default it's using the OpenSSL Implementation.
>> I have implemented a Radius Server thats using the same function,
>> when commenting out the OpenSSL call wpa_supplicant derives the same
>> key as my application, therefore the connection works.
>> If the OpenSSL implementation is used the keys differ.
> Which OpenSSL version are you using here?
>> As you can see the wpa_supplicant implementation returns the same
>> MSK as my implementation. Either BOTH of them are defective or
>> OpenSSL is doing something shady.
>> Does someone have insight into the OpenSSL implementation and why
>> it's returning "a wrong" key?
> There is a known bug in the OpenSSL implementation of the key extraction
> API that got fixed without much notice in the changelogs.. I'd assume
> you are hitting this and if you were to update OpenSSL, you'd see this
> issue disappear.
> -- 
> Jouni Malinen                                            PGP id EFC895FA

More information about the Hostap mailing list