Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 224941

Summary: net-wireless/wpa_supplicant doesn't play well with gnutls (breaks PEAP MSCHAPV2 authentication)
Product: Gentoo Linux Reporter: Priit Laes (IRC: plaes) <plaes>
Component: Current packagesAssignee: Bjarke Istrup Pedersen (RETIRED) <gurligebis>
Status: RESOLVED TEST-REQUEST    
Severity: normal CC: alexxy, stefan
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://trac.gnutls.org/cgi-bin/trac.cgi/ticket/29
Whiteboard:
Package list:
Runtime testing required: ---

Description Priit Laes (IRC: plaes) 2008-06-04 22:32:50 UTC 
wpa-supplicant in portage includes dependency on either openssl (USE="-gnutls") or gnutls but there are some problems when it is compiled with gnutls (both 2.3.x and 2.2.x) as crypto backend.

The problem lies in the Diffie Hellman implementation where Gnutls specifies minimum length of the prime as 727 bits and this breaks (while it works with openssl) for example PEAP MSCHAPV2 authentication as can be seen from the log:

1212559564.120091: EAPOL: Received EAP-Packet frame
1212559564.120097: EAPOL: SUPP_BE entering state REQUEST
1212559564.120103: EAPOL: getSuppRsp
1212559564.120108: EAP: EAP entering state RECEIVED
1212559564.120128: EAP: Received EAP-Request id=5 method=25 vendor=0 vendorMethod=0
1212559564.120135: EAP: EAP entering state METHOD
1212559564.120141: SSL: Received packet(len=992) - Flags 0x00
1212559564.120157: tls_pull_func - 2005 bytes remaining in pull_buf
1212559564.120169: tls_pull_func - 1931 bytes remaining in pull_buf
1212559564.120235: tls_pull_func - 1926 bytes remaining in pull_buf
1212559564.120248: tls_pull_func - 283 bytes remaining in pull_buf
1212559564.121329: tls_pull_func - 278 bytes remaining in pull_buf
1212559564.121338: tls_pull_func - 9 bytes remaining in pull_buf
1212559564.121418: tls_connection_handshake - gnutls_handshake failed -> The Diffie Hellman prime sent by the server is not acceptable (not long enough).
1212559564.121427: EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL
1212559564.121505: EAP: EAP entering state SEND_RESPONSE
1212559564.121512: EAP: EAP entering state IDLE
Comment 1 Simon Josefsson 2008-08-13 12:39:23 UTC 
The error is intentional because of the weak security small DH params provide.

There is a function gnutls_dh_set_prime_bits that application can call if they want to lower the built-in limit.  This should probably be changed into a feature-request bug for wpa-supplicant instead.
Comment 2 Pacho Ramos gentoo-dev 2012-11-18 13:14:30 UTC 
Still valid with 1.0-r2?