On Wednesday 31 December 2014, Kapetanakis Giannis wrote:
> On 31/12/14 04:37, Joel Sing wrote:
> > On Wednesday 31 December 2014, Kapetanakis Giannis wrote:
> >> Hi,
> >>
> >> After upgrading to latest snapshot I have problems with freeradius 2.2.5
> >> package not starting.
> >>
> >> Especially the problem occurs in loading of module eap-tls
> >>
> >> rlm_eap_tls: Couldn't set ephemeral RSA key
> >> rlm_eap: Failed to initialize type tls
> >> /etc/raddb/eap.conf[17]: Instantiation failed for module "eap"
> >>
> >> I've tried installing version 2.2.6 but I have the same problem.
> >>
> >> The program fails at:
> >> src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.c
> >>
> >> /*
> >> * Generate ephemeral RSA keys.
> >> */
> >> static int generate_eph_rsa_key(SSL_CTX *ctx)
> >> {
> >> RSA *rsa;
> >>
> >> rsa = RSA_generate_key(512, RSA_F4, NULL, NULL);
> >>
> >> if (!SSL_CTX_set_tmp_rsa(ctx, rsa)) {
> >> radlog(L_ERR, "rlm_eap_tls: Couldn't set ephemeral RSA key");
> >> return -1;
> >> }
> >>
> >> RSA_free(rsa);
> >> return 0;
> >> }
> >>
> >> is this related to freeradius or something with OpenBSD ssl libraries?
> >
> > Support for ephemeral RSA keys was removed from LibreSSL, since it should
> > only be needed for export ciphers (no longer supported) or otherwise
> > violating RFCs (as at first glance FreeRADIUS appears to do above).
> >
> > Since you're already looking at the code, does it set
> > SSL_OP_EPHEMERAL_RSA anywhere? If not, the above function is probably a
> > noop. At the very least it is likely buggy since they are supposed to
> > call SSL_CTX_need_tmp_RSA() to see if the temporary RSA key should be
> > set, before calling SSL_CTX_set_tmp_rsa().
>
> Well I've already made it working last night by adding a check
> for SSL_CTX_need_tmp_RSA before calling SSL_CTX_set_tmp_rsa
Excellent. You might want to see if you can get that upstream.
> So if I get it right, since I'm using HIGH ciphersuite I will never need
> an ephemeral RSA key correct?
Correct - LibreSSL no longer has any export ciphersuites and no longer
supports ephemeral RSA keys.
> Is there a case were that SSL_CTX_need_tmp_RSA() will be true?
Not if you are using LibreSSL (or BoringSSL) - from s3_lib.c:
case SSL_CTRL_NEED_TMP_RSA:
ret = 0;
break;
case SSL_CTRL_SET_TMP_RSA:
case SSL_CTRL_SET_TMP_RSA_CB:
SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
break;
> SSL_OP_EPHEMERAL_RSA is not defined anywhere.
So presumably it was added so that they could support export cipher suites...
the commit message that added the code appears to be useless though:
http://www.project-moonshot.org/gitweb/?p=freeradius.git;a=commitdiff;h=12b7f6efb1bbf6c70061d590a5ddfb1f71b0fefd
--
"Action without study is fatal. Study without action is futile."
-- Mary Ritter Beard
