freeradiusradiuswpa-supplicant

Openssl v3.0.8 + eapol_test (wpa_supplicant2.10) cannot authenticate to 802.1x network

eapol_test (wpa_supplicant v2.10) with OpenSSL v3.0.8

Issue description:

I used supplicant2.10+openssl3.0.8 to test connecting to an 802.1x network, I got the following results.

PEAP+MSCHAPV2:Failed

PEAP+GTC:Passed

I want to use PEAP+MSCHAPV2 authentication with openssl3.0.8 for windows NPS servers where GTC is not supported (only MSCHAPV2 is supported by default). And while using freeradius too, same issue has occured. I used supplicant2.10+openssl1.1.1t where it can authenticate to 802.1x using PEAP+MSCHAPV2

Steps to reproduce:

Authenticate to the 802.1x network using eapol_test and select the encryption mode PEAP + MSCHAPV2 with OpenSSL v3.0.8

Observed behavior:

Connect timeout

Expected behavior:

Connect OK

Log snippet using eapol_test utility to test 802.1x authentication provided in wpa_supplicant:

PEAP+MSCHAPV2:

EAP-MSCHAPV2: Generating Challenge Response
Get randomness: len=16 entropy=0
random from os_get_random - hexdump(len=16): 77 b5 40 38 12 e0 da 75 3c 96 41 67 9a 40 6a f5
random_mix_pool - hexdump(len=20): 0d b9 b1 bf 70 7c bd fa 8b 8c 0a 46 d8 96 87 a4 8e 89 0d 7d
random from internal pool - hexdump(len=16): 52 c7 66 0a bf 85 ed d3 d8 c1 5b 8c 5d 36 f0 8e
mixed random - hexdump(len=16): 25 72 26 32 ad 65 37 a6 e4 57 1a eb c7 76 9a 7b
MSCHAPV2: Identity - hexdump_ascii(len=5):
61 64 6d 69 6e admin
MSCHAPV2: Username - hexdump_ascii(len=5):
61 64 6d 69 6e admin
MSCHAPV2: auth_challenge - hexdump(len=16): 3e 04 b8 c6 6b 23 3d 40 cb bf 55 7b e4 b2 85 d9
MSCHAPV2: peer_challenge - hexdump(len=16): 25 72 26 32 ad 65 37 a6 e4 57 1a eb c7 76 9a 7b
MSCHAPV2: username - hexdump_ascii(len=5):
61 64 6d 69 6e admin
MSCHAPV2: password - hexdump_ascii(len=8):
70 61 73 73 77 6f 72 64 password
OpenSSL: EVP_DigestInit_ex failed: error:0308010C:digital envelope routines::unsupported
EAP-MSCHAPV2: Failed to derive response
EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL eapRespData=0
EAP: EAP entering state SEND_RESPONSE
EAP: No eapRespData available
EAP: EAP entering state IDLE
EAPOL test timed out
EAPOL: EAP key not available
EAPOL: EAP Session-Id not available
WPA: Clear old PMK and PTK
EAP: deinitialize previously used EAP method (25, PEAP) at EAP deinit
MPPE keys OK: 0 mismatch: 1
FAILURE

Further, when debugging it is found NULL value is returned in the following code snippet of crypto/evp/digest.c In function evp_md_init_internal, EVP_MD_fetch returns a NULL value below which it is returned inside NULL check.

        /* The NULL digest is a special case */
        EVP_MD *provmd = EVP_MD_fetch(NULL,
                                      type->type != NID_undef ? OBJ_nid2sn(type->type)
                                                              : "NULL", "");

        if (provmd == NULL) {
            ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
            return 0;
        }

PEAP+GTC:

CTRL-EVENT-EAP-SUCCESS EAP authentication completed successfully
EAPOL: IEEE 802.1X for plaintext connection; no EAPOL-Key frames required
WPA: EAPOL processing complete
Cancelling authentication timeout
State: DISCONNECTED -> COMPLETED
EAPOL: SUPP_PAE entering state AUTHENTICATED
EAPOL: SUPP_BE entering state RECEIVE
EAPOL: SUPP_BE entering state SUCCESS
EAPOL: SUPP_BE entering state IDLE
eapol_sm_cb: result=1
EAPOL: Successfully fetched key (len=32)
PMK from EAPOL - hexdump(len=32): ad 7a 54 00 7c 9f c4 ac ae ef 1a 70 04 b1 b1 4f 1b 60 3b f9 dc 99 6e 60 e0 5f cd 93 68 48 91 72
No EAP-Key-Name received from server
WPA: Clear old PMK and PTK
EAP: deinitialize previously used EAP method (25, PEAP) at EAP deinit
MPPE keys OK: 1  mismatch: 0
SUCCESS
Solution

  • MSCHAPV2 uses SHA1 + MD4 digest signatures, where MD4 digest is unsupported from OpenSSLv3.0 and above. Unsupported digests are moved to legacy provider.

    To activate legacy provider support, openssl.cnf has to be modified as below

    [provider_sect]
default = default_sect
legacy = legacy_sect

[default_sect]
activate = 1

[legacy_sect]
activate = 1

    After adding the config lines, OpenSSL will load the legacy provider along with default provider.

    root@Vimu:~# openssl list -providers
Providers:
  default
    name: OpenSSL Default Provider
    version: 3.0.8
    status: active
  legacy
    name: OpenSSL Legacy Provider
    version: 3.0.8
    status: active

    MD4 digest support is loaded to the digest list.

    root@Vimu:~# openssl list -digest-commands
md4           md5           rmd160        sha1          sha224        
sha256        sha3-224      sha3-256      sha3-384      sha3-512      
sha384        sha512        sha512-224    sha512-256    shake128      
shake256

    PEAP + MSCHAPV2 works fine after loading the support for MD4.