wpa_supplicant 2.4 / 2.5 Openssl TLS-PRF Problem
Thomas Rosenstein
thomas.rosenstein at creamfinance.com
Fri Apr 1 03:41:55 PDT 2016
On 1 Apr 2016, at 12:34, Jouni Malinen wrote:
> On Fri, Apr 01, 2016 at 11:37:40AM +0200, Thomas Rosenstein wrote:
>> OpenSSL Version is 1.0.1k-fips 8 Jan 2015 from Fedora 22.
>>
>> Any idea which version they changed it?
>
> The issue I was thinking of was fixed with this commit:
> https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=4fdf917
>
> It was present in OpenSSL 1.0.1f but should be fixed in 1.0.1h and I'd
> assume that would include 1.0.1k in Fedora if that really is based on
> 1.0.1k and not just some important fixes being pulled into an earlier
> snapshot. I think this issue is still present in the Ubuntu 14.04
> package for example, but that is identified as 1.0.1f-1ubuntu2.18.
It's identified as package openssl.x86_64 1:1.0.1k-14.fc22
>
> So if it is not that one, then something else.. Which TLS cipher suite
> are you using here and what kind of X.509 certificate(s) (mainly, the
> signature algorithms)?
sha256WithRSAEncryption
It's a public certificate, other side is openssl from NodeJS.
I'm now using TLSv1_server_method to mitigate the issue (since it only
happens with TLS1.2) before that I used TLS_method as secureProtocol
method.
> Please note that the hash function changes and
> the wpa_supplicant implementation of the internal key derivation does
> not support this correctly for some cases (which is one of the reason
> for that use of SSL_export_keying_material() being used in the first
> place).
I'm only aware of the change SHA1-MD5 -> SHA256 with the transition from
TLS1.1 to TLS1.2.
Are there other algorithms in use?
I know that with 2.3 the TLS1.2 was not implemented correctly, with 2.5
I believe there's a commit adding the functionality.
>
> --
> Jouni Malinen PGP id
> EFC895FA
Thomas
More information about the Hostap
mailing list