[openssl-dev] EAP-FAST and OpenSSL 1.1.x with new client TLS state machine

Jouni Malinen j at w1.fi
Thu Dec 3 23:09:07 UTC 2015 

It looks like the new client TLS state machine breaks the EAP-FAST peer
implementation in wpa_supplicant. Based on git bisect, the first commit
where this happens was this one:
commit 8723588e1b9a13511ffd7b806c73293120bc1f44

    Implement Client TLS state machine
    
    This swaps the implementation of the client TLS state machine to use the
    new state machine code instead.

Based on the commit message, I guess the real trigger for the issue is
either in this commit or one of the earlier commits implementing the new
state machine. I haven't yet looked at what exactly causes this.

What I see on the TLS client side is that the first connection with
EAP-FAST PAC (i.e., without that special form for TLS session ticket)
goes through successfully, but the connection with PAC (i.e., TLS
session ticket with external storage and set with
SSL_set_session_ticket_ext()) is attempted, OpenSSL rejects the message
following ServerHello as unexpected_message (i.e., does not seem to
allow the abbreviated handshake to be used with this type of session
ticket case):

SSL: SSL_connect:before SSL initialization
OpenSSL: TX ver=0x303 content_type=22 (handshake/client hello)
SSL: SSL_connect:SSLv3/TLS write client hello

OpenSSL: RX ver=0x303 content_type=22 (handshake/server hello)
EAP-FAST: SessionTicket callback
SSL: SSL_connect:SSLv3/TLS read server hello
OpenSSL: TX ver=0x303 content_type=21 (alert/)
SSL: SSL3 alert: write (local SSL3 detected an error):fatal:unexpected_message

Going back one commit in the master branch fixes EAP-FAST and the log
looks like this:

OpenSSL: RX ver=0x303 content_type=22 (handshake/server hello)
EAP-FAST: SessionTicket callback
SSL: SSL_connect:SSLv3 read server hello A
OpenSSL: RX ver=0x303 content_type=20 (change cipher spec/)
...


Any idea what happened with these OpenSSL client state machine changes
and how to get this fixed to restore EAP-FAST functionality?

-- 
Jouni Malinen                                            PGP id EFC895FA

More information about the openssl-dev mailing list