Connection issues with Android Marshmallow

Arran Cudbard-Bell a.cudbardb at freeradius.org
Thu Oct 15 23:03:11 CEST 2015 

> On Oct 15, 2015, at 4:49 PM, Tod A. Sandman <sandmant at rice.edu> wrote:
> 
>> It would be useful to have the output of eapol_test run against one of these servers.
> 
> I configured my desktop as a radius client, followed your instructions and built eapol_test on my desktop (RHEL6.7, openssl-1.0.1e-42.el6.x86_64).  Attached is the output of eapol_test (which fails) along with my peap-mschapv2.conf.
> 
> rb3:/var/tmp/radius: $(./eapol_test-build.sh) -c./peap-mschapv2.conf -ssecret -a10.137.93.19 > /tmp/OUT
> 
> BTW, I doubt this matters, but I built freeradius an a RHEL6.4 box running an older version of openssl (openssl-1.0.0-27.el6_4.2.x86_64) than on the radius server.  I -think- it's all dynamically linked and this shouldn't matter.

Ahhhh! It does! Firstly, never do that, OpenSSL is infamous for ABI compatibility issues.

Secondly it really does in this case, as the checks for whether to use SSL_export_keying_material are done at compile time, not run time.

OpenSSL < 1.0.1 doesn't support TLS 1.2, and doesn't have the SSL_export_keying_material.

#if OPENSSL_VERSION_NUMBER >= 0x10001000L
	if (SSL_export_keying_material(s, out, sizeof(out), prf_label, prf_size, NULL, 0, 0) != 1) {
		ERROR("Failed generating keying material");
		return;
	}
#else
	{
		uint8_t seed[64 + (2 * SSL3_RANDOM_SIZE)];
		uint8_t buf[4 * EAPTLS_MPPE_KEY_LEN];

		p = seed;

		memcpy(p, prf_label, prf_size);
		p += prf_size;

		memcpy(p, s->s3->client_random, SSL3_RANDOM_SIZE);
		p += SSL3_RANDOM_SIZE;
		prf_size += SSL3_RANDOM_SIZE;

		memcpy(p, s->s3->server_random, SSL3_RANDOM_SIZE);
		prf_size += SSL3_RANDOM_SIZE;

		PRF(s->session->master_key, s->session->master_key_length,
		    seed, prf_size, out, buf, sizeof(out));
	}
#endif

This is precisely why it's not working on your system,  you need to build and deploy with the same version of OpenSSL.

-Arran
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 842 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20151015/214090e2/attachment.sig>

More information about the Freeradius-Users mailing list