[HostAP] TLS1.3 errors
Sergio NNX
sfhacker at hotmail.com
Sun Feb 25 14:46:02 PST 2018
- HostAP master branch
- OpenSSL 1.1.1-pre
Where running eap_eample, the following error(s) are shown:
TLS: Trusted root certificate(s) loaded
OpenSSL: __func__ not defined (PEM) --> loaded
EAP: Server state machine created
---[ server ]--------------------------------
EAP: EAP entering state INITIALIZE
CTRL-EVENT-EAP-STARTED 00:00:00:00:00:00
EAP: EAP entering state SELECT_ACTION
EAP: getDecision: no identity known yet -> CONTINUE
EAP: EAP entering state PROPOSE_METHOD
EAP: getNextMethod: vendor 0 type 1
CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=1
EAP: EAP entering state METHOD_REQUEST
EAP: building EAP-Request: Identifier 69
EAP: EAP entering state SEND_REQUEST
EAP: EAP entering state IDLE
EAP: retransmit timeout 3 seconds (from dynamic back off; retransCount=0)
==> Request
---[ peer ]----------------------------------
EAP: EAP entering state IDLE
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=69 method=1 vendor=0 vendorMethod=0
EAP: EAP entering state IDENTITY
CTRL-EVENT-EAP-STARTED EAP authentication started
EAP: Status notification: started (param=)
EAP: EAP-Request Identity data - hexdump_ascii(len=0):
EAP: using real identity - hexdump_ascii(len=4):
75 73 65 72 user
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
==> Response
---[ server ]--------------------------------
EAP: EAP entering state RECEIVED
EAP: parseEapResp: rxResp=1 rxInitiate=0 respId=69 respMethod=1 respVendor=0 respVendorMethod=0
EAP: EAP entering state INTEGRITY_CHECK
EAP: EAP entering state METHOD_RESPONSE
EAP-Identity: Peer identity - hexdump_ascii(len=4):
75 73 65 72 user
EAP: EAP entering state SELECT_ACTION
EAP: getDecision: another method available -> CONTINUE
EAP: EAP entering state PROPOSE_METHOD
EAP: getNextMethod: vendor 0 type 25
EAP-PEAP: forcing version 0
CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=25
EAP: EAP entering state METHOD_REQUEST
EAP: building EAP-Request: Identifier 70
EAP-PEAP: START -> PHASE1
EAP: EAP entering state SEND_REQUEST
EAP: EAP entering state IDLE
EAP: retransmit timeout 3 seconds (from dynamic back off; retransCount=0)
==> Request
---[ peer ]----------------------------------
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=70 method=25 vendor=0 vendorMethod=0
EAP: EAP entering state GET_METHOD
CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=25
EAP: Status notification: accept proposed method (param=PEAP)
EAP: Initialize selected EAP method: vendor 0 method 25 (PEAP)
TLS: Phase2 EAP types - hexdump(len=128): 00 00 00 00 04 00 00 00 00 00 00 00 1a 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 12 00 00 00 00 00 00 00 11 00 00 00 00 00 00 00 2f 00 00 00 00 00 00 00 17 00 00 00 00 00 00 00 32 00 00 00 00 00 00 00 2e 00 00 00 00 00 00 00 30 00 00 00 00 00 00 00 33 00 00 00 00 00 00 00 31 00 00 00 00 00 00 00 26 00 00 00 00 00 00 00 35 00 00 00 00 00 00 00 34 00 00 00
TLS: using phase1 config options
TLS: Trusted root certificate(s) loaded
CTRL-EVENT-EAP-METHOD EAP vendor 0 method 25 (PEAP) selected
EAP: EAP entering state METHOD
SSL: Received packet(len=6) - Flags 0x20
EAP-PEAP: Start (server ver=0, own ver=1)
EAP-PEAP: Using PEAP version 0
SSL: (where=0x10 ret=0x1)
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:before SSL initialization
OpenSSL: TX ver=0x0 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): [REMOVED]
OpenSSL: TX ver=0x304 content_type=22 (handshake/client hello)
OpenSSL: Message - hexdump(len=284): [REMOVED]
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3/TLS write client hello
SSL: (where=0x1002 ret=0xffffffff)
SSL: SSL_connect:error in SSLv3/TLS write client hello
SSL: SSL_connect - want more data
SSL: 289 bytes pending from ssl_out
SSL: 289 bytes left to be sent out (of total 289 bytes)
EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL eapRespData=000000000284BA80
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
==> Response
---[ server ]--------------------------------
EAP: EAP entering state RECEIVED
EAP: parseEapResp: rxResp=1 rxInitiate=0 respId=70 respMethod=25 respVendor=0 respVendorMethod=0
EAP: EAP entering state INTEGRITY_CHECK
EAP: EAP entering state METHOD_RESPONSE
SSL: Received packet(len=299) - Flags 0x80
SSL: TLS Message Length: 289
SSL: Received packet: Flags 0x80 Message Length 289
SSL: (where=0x10 ret=0x1)
SSL: (where=0x2001 ret=0x1)
SSL: SSL_accept:before SSL initialization
OpenSSL: RX ver=0x0 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): [REMOVED]
SSL: (where=0x2001 ret=0x1)
SSL: SSL_accept:before SSL initialization
OpenSSL: RX ver=0x304 content_type=22 (handshake/client hello)
OpenSSL: Message - hexdump(len=284): [REMOVED]
SSL: (where=0x2001 ret=0x1)
SSL: SSL_accept:SSLv3/TLS read client hello
OpenSSL: TX ver=0x0 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): [REMOVED]
OpenSSL: TX ver=0x304 content_type=22 (handshake/server hello)
OpenSSL: Message - hexdump(len=122): [REMOVED]
SSL: (where=0x2001 ret=0x1)
SSL: SSL_accept:SSLv3/TLS write server hello
OpenSSL: TX ver=0x0 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): [REMOVED]
OpenSSL: TX ver=0x304 content_type=20 (change cipher spec/)
OpenSSL: Message - hexdump(len=1): [REMOVED]
SSL: (where=0x2001 ret=0x1)
SSL: SSL_accept:SSLv3/TLS write change cipher spec
OpenSSL: TX ver=0x0 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): [REMOVED]
OpenSSL: TX ver=0x304 content_type=257 (?/)
OpenSSL: Message - hexdump(len=1): [REMOVED]
OpenSSL: TX ver=0x304 content_type=22 (handshake/?)
OpenSSL: Message - hexdump(len=6): [REMOVED]
SSL: (where=0x2001 ret=0x1)
SSL: SSL_accept:TLSv1.3 write encrypted extensions
OpenSSL: TX ver=0x0 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): [REMOVED]
OpenSSL: TX ver=0x304 content_type=257 (?/)
OpenSSL: Message - hexdump(len=1): [REMOVED]
OpenSSL: TX ver=0x304 content_type=22 (handshake/certificate)
OpenSSL: Message - hexdump(len=2681): [REMOVED]
SSL: (where=0x2001 ret=0x1)
SSL: SSL_accept:SSLv3/TLS write certificate
OpenSSL: TX ver=0x0 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): [REMOVED]
OpenSSL: TX ver=0x304 content_type=257 (?/)
OpenSSL: Message - hexdump(len=1): [REMOVED]
OpenSSL: TX ver=0x304 content_type=22 (handshake/certificate verify)
OpenSSL: Message - hexdump(len=264): [REMOVED]
SSL: (where=0x2001 ret=0x1)
SSL: SSL_accept:TLSv1.3 write server certificate verify
OpenSSL: TX ver=0x0 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): [REMOVED]
OpenSSL: TX ver=0x304 content_type=257 (?/)
OpenSSL: Message - hexdump(len=1): [REMOVED]
OpenSSL: TX ver=0x304 content_type=22 (handshake/finished)
OpenSSL: Message - hexdump(len=52): [REMOVED]
SSL: (where=0x2001 ret=0x1)
SSL: SSL_accept:SSLv3/TLS write finished
SSL: (where=0x2001 ret=0x1)
SSL: SSL_accept:TLSv1.3 early data
SSL: (where=0x2002 ret=0xffffffff)
SSL: SSL_accept:error in TLSv1.3 early data
SSL: SSL_connect - want more data
SSL: 3224 bytes pending from ssl_out
EAP: EAP entering state METHOD_REQUEST
EAP: building EAP-Request: Identifier 71
SSL: Generating Request
SSL: Sending out 1393 bytes (1831 more to send)
EAP: EAP entering state SEND_REQUEST
EAP: EAP entering state IDLE
EAP: retransmit timeout 3 seconds (from dynamic back off; retransCount=0)
==> Request
---[ peer ]----------------------------------
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=71 method=25 vendor=0 vendorMethod=0
EAP: EAP entering state METHOD
SSL: Received packet(len=1403) - Flags 0xc0
SSL: TLS Message Length: 3224
SSL: Need 1831 bytes more input data
SSL: Building ACK (type=25 id=71 ver=0)
EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL eapRespData=0000000002836CA0
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
==> Response
---[ server ]--------------------------------
EAP: EAP entering state RECEIVED
EAP: parseEapResp: rxResp=1 rxInitiate=0 respId=71 respMethod=25 respVendor=0 respVendorMethod=0
EAP: EAP entering state INTEGRITY_CHECK
EAP: EAP entering state METHOD_RESPONSE
SSL: Received packet(len=6) - Flags 0x00
SSL: Received packet: Flags 0x0 Message Length 0
SSL: Fragment acknowledged
EAP: EAP entering state METHOD_REQUEST
EAP: building EAP-Request: Identifier 72
SSL: Generating Request
SSL: Sending out 1397 bytes (434 more to send)
EAP: EAP entering state SEND_REQUEST
EAP: EAP entering state IDLE
EAP: retransmit timeout 3 seconds (from dynamic back off; retransCount=0)
==> Request
---[ peer ]----------------------------------
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=72 method=25 vendor=0 vendorMethod=0
EAP: EAP entering state METHOD
SSL: Received packet(len=1403) - Flags 0x40
SSL: Need 434 bytes more input data
SSL: Building ACK (type=25 id=72 ver=0)
EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL eapRespData=00000000028367F0
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
==> Response
---[ server ]--------------------------------
EAP: EAP entering state RECEIVED
EAP: parseEapResp: rxResp=1 rxInitiate=0 respId=72 respMethod=25 respVendor=0 respVendorMethod=0
EAP: EAP entering state INTEGRITY_CHECK
EAP: EAP entering state METHOD_RESPONSE
SSL: Received packet(len=6) - Flags 0x00
SSL: Received packet: Flags 0x0 Message Length 0
SSL: Fragment acknowledged
EAP: EAP entering state METHOD_REQUEST
EAP: building EAP-Request: Identifier 73
SSL: Generating Request
SSL: Sending out 434 bytes (message sent completely)
EAP: EAP entering state SEND_REQUEST
EAP: EAP entering state IDLE
EAP: retransmit timeout 3 seconds (from dynamic back off; retransCount=0)
==> Request
---[ peer ]----------------------------------
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=73 method=25 vendor=0 vendorMethod=0
EAP: EAP entering state METHOD
SSL: Received packet(len=440) - Flags 0x00
OpenSSL: RX ver=0x0 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): [REMOVED]
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3/TLS write client hello
OpenSSL: RX ver=0x304 content_type=22 (handshake/server hello)
OpenSSL: Message - hexdump(len=122): [REMOVED]
OpenSSL: RX ver=0x0 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): [REMOVED]
OpenSSL: RX ver=0x0 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): [REMOVED]
OpenSSL: RX ver=0x304 content_type=257 (?/)
OpenSSL: Message - hexdump(len=1): [REMOVED]
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3/TLS read server hello
OpenSSL: RX ver=0x304 content_type=22 (handshake/?)
OpenSSL: Message - hexdump(len=6): [REMOVED]
OpenSSL: RX ver=0x0 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): [REMOVED]
OpenSSL: RX ver=0x304 content_type=257 (?/)
OpenSSL: Message - hexdump(len=1): [REMOVED]
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:TLSv1.3 read encrypted extensions
OpenSSL: RX ver=0x304 content_type=22 (handshake/certificate)
OpenSSL: Message - hexdump(len=2681): [REMOVED]
TLS: tls_verify_cb - preverify_ok=1 err=0 (ok) ca_cert_verify=1 depth=1 buf='/C=AR/ST=Santa Fe/L=Rosario/O=[REMOVED]/OU=[REMOVED]/CN=Root CA ([REMOVED])/description=RootCA Certificate/emailAddress=[REMOVED]/serialNumber=01'
TLS: tls_verify_cb - preverify_ok=1 err=0 (ok) ca_cert_verify=1 depth=0 buf='/CN=localhost/DC=AR/emailAddress=[REMOVED]/C=AR/ST=Santa Fe/L=Rosario/OU=Departmento de Sistemas/serialNumber=ARSFROSSRV01/description=OData Server Certificate (OData Service)'
EAP: Status notification: remote certificate verification (param=success)
OpenSSL: RX ver=0x0 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): [REMOVED]
OpenSSL: RX ver=0x304 content_type=257 (?/)
OpenSSL: Message - hexdump(len=1): [REMOVED]
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3/TLS read server certificate
OpenSSL: RX ver=0x304 content_type=22 (handshake/certificate verify)
OpenSSL: Message - hexdump(len=264): [REMOVED]
OpenSSL: RX ver=0x0 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): [REMOVED]
OpenSSL: RX ver=0x304 content_type=257 (?/)
OpenSSL: Message - hexdump(len=1): [REMOVED]
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:TLSv1.3 read server certificate verify
OpenSSL: RX ver=0x304 content_type=22 (handshake/finished)
OpenSSL: Message - hexdump(len=52): [REMOVED]
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3/TLS read finished
OpenSSL: TX ver=0x0 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): [REMOVED]
OpenSSL: TX ver=0x304 content_type=20 (change cipher spec/)
OpenSSL: Message - hexdump(len=1): [REMOVED]
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3/TLS write change cipher spec
OpenSSL: TX ver=0x0 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): [REMOVED]
OpenSSL: TX ver=0x304 content_type=257 (?/)
OpenSSL: Message - hexdump(len=1): [REMOVED]
OpenSSL: TX ver=0x304 content_type=22 (handshake/finished)
OpenSSL: Message - hexdump(len=52): [REMOVED]
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3/TLS write finished
SSL: (where=0x20 ret=0x1)
SSL: (where=0x1002 ret=0x1)
SSL: 80 bytes pending from ssl_out
OpenSSL: Handshake finished - resumed=0
SSL: No Application Data included
SSL: 80 bytes left to be sent out (of total 80 bytes)
EAP-PEAP: TLS done, proceed to Phase 2
EAP-PEAP: using label 'client EAP encryption' in key derivation
EAP-PEAP: Derived key - hexdump(len=64): [REMOVED]
EAP-PEAP: Derived Session-Id - hexdump(len=65): 19 ed a8 c1 1e d7 1f 0a fb 12 8c e8 48 f0 f2 c2 58 e3 1c 81 c1 f6 a1 f0 4a 61 46 72 35 80 0a fe 5c b3 5b 59 c3 4d 89 87 98 1d 78 54 45 0b 33 d2 39 98 ec e8 36 63 d1 a4 9f af 59 72 d0 79 bc bf bf
EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL eapRespData=000000000285E0B0
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
==> Response
---[ server ]--------------------------------
EAP: EAP entering state RECEIVED
EAP: parseEapResp: rxResp=1 rxInitiate=0 respId=73 respMethod=25 respVendor=0 respVendorMethod=0
EAP: EAP entering state INTEGRITY_CHECK
EAP: EAP entering state METHOD_RESPONSE
SSL: Received packet(len=86) - Flags 0x00
SSL: Received packet: Flags 0x0 Message Length 0
OpenSSL: RX ver=0x0 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): [REMOVED]
OpenSSL: RX ver=0x0 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): [REMOVED]
OpenSSL: RX ver=0x304 content_type=257 (?/)
OpenSSL: Message - hexdump(len=1): [REMOVED]
SSL: (where=0x2001 ret=0x1)
SSL: SSL_accept:TLSv1.3 early data
OpenSSL: RX ver=0x304 content_type=22 (handshake/finished)
OpenSSL: Message - hexdump(len=52): [REMOVED]
SSL: (where=0x2001 ret=0x1)
SSL: SSL_accept:SSLv3/TLS read finished
SSL: (where=0x20 ret=0x1)
OpenSSL: TX ver=0x0 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): [REMOVED]
OpenSSL: TX ver=0x304 content_type=257 (?/)
OpenSSL: Message - hexdump(len=1): [REMOVED]
OpenSSL: TX ver=0x304 content_type=22 (handshake/new session ticket)
OpenSSL: Message - hexdump(len=202): [REMOVED]
SSL: (where=0x2001 ret=0x1)
SSL: SSL_accept:SSLv3/TLS write session ticket
SSL: (where=0x2002 ret=0x1)
SSL: 224 bytes pending from ssl_out
OpenSSL: Handshake finished - resumed=0
EAP: EAP entering state METHOD_REQUEST
EAP: building EAP-Request: Identifier 74
EAP-PEAP: Phase1 done, starting Phase2
EAP-PEAP: PHASE1 -> PHASE2_START
SSL: Generating Request
SSL: Sending out 224 bytes (message sent completely)
EAP: EAP entering state SEND_REQUEST
EAP: EAP entering state IDLE
EAP: retransmit timeout 3 seconds (from dynamic back off; retransCount=0)
==> Request
---[ peer ]----------------------------------
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=74 method=25 vendor=0 vendorMethod=0
EAP: EAP entering state METHOD
SSL: Received packet(len=230) - Flags 0x00
EAP-PEAP: received 224 bytes encrypted data for Phase 2
OpenSSL: RX ver=0x0 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): [REMOVED]
OpenSSL: RX ver=0x304 content_type=257 (?/)
OpenSSL: Message - hexdump(len=1): [REMOVED]
SSL: (where=0x10 ret=0x1)
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSL negotiation finished successfully
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSL negotiation finished successfully
OpenSSL: RX ver=0x304 content_type=22 (handshake/new session ticket)
OpenSSL: Message - hexdump(len=202): [REMOVED]
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3/TLS read server session ticket
SSL: (where=0x1002 ret=0x1)
could not SSL_connect: error:00000000:lib(0):func(0):reason(0)
OpenSSL: __func__ not defined - Decryption failed - SSL_read error:00000000:lib(0):func(0):reason(0)
SSL: Failed to decrypt Phase 2 data
EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL eapRespData=0000000000000000
EAP: EAP entering state SEND_RESPONSE
EAP: No eapRespData available
EAP: EAP entering state IDLE
---[ server ]--------------------------------
---[ peer ]----------------------------------
EAP: deinitialize previously used EAP method (25, PEAP) at EAP deinit
EAP: Server state machine removed
Is there any patch available?
Thanks.
More information about the Hostap
mailing list