On Wednesday 31 December 2014, Kapetanakis Giannis wrote: > On 31/12/14 04:37, Joel Sing wrote: > > On Wednesday 31 December 2014, Kapetanakis Giannis wrote: > >> Hi, > >> > >> After upgrading to latest snapshot I have problems with freeradius 2.2.5 > >> package not starting. > >> > >> Especially the problem occurs in loading of module eap-tls > >> > >> rlm_eap_tls: Couldn't set ephemeral RSA key > >> rlm_eap: Failed to initialize type tls > >> /etc/raddb/eap.conf[17]: Instantiation failed for module "eap" > >> > >> I've tried installing version 2.2.6 but I have the same problem. > >> > >> The program fails at: > >> src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.c > >> > >> /* > >> * Generate ephemeral RSA keys. > >> */ > >> static int generate_eph_rsa_key(SSL_CTX *ctx) > >> { > >> RSA *rsa; > >> > >> rsa = RSA_generate_key(512, RSA_F4, NULL, NULL); > >> > >> if (!SSL_CTX_set_tmp_rsa(ctx, rsa)) { > >> radlog(L_ERR, "rlm_eap_tls: Couldn't set ephemeral RSA key"); > >> return -1; > >> } > >> > >> RSA_free(rsa); > >> return 0; > >> } > >> > >> is this related to freeradius or something with OpenBSD ssl libraries? > > > > Support for ephemeral RSA keys was removed from LibreSSL, since it should > > only be needed for export ciphers (no longer supported) or otherwise > > violating RFCs (as at first glance FreeRADIUS appears to do above). > > > > Since you're already looking at the code, does it set > > SSL_OP_EPHEMERAL_RSA anywhere? If not, the above function is probably a > > noop. At the very least it is likely buggy since they are supposed to > > call SSL_CTX_need_tmp_RSA() to see if the temporary RSA key should be > > set, before calling SSL_CTX_set_tmp_rsa(). > > Well I've already made it working last night by adding a check > for SSL_CTX_need_tmp_RSA before calling SSL_CTX_set_tmp_rsa
Excellent. You might want to see if you can get that upstream. > So if I get it right, since I'm using HIGH ciphersuite I will never need > an ephemeral RSA key correct? Correct - LibreSSL no longer has any export ciphersuites and no longer supports ephemeral RSA keys. > Is there a case were that SSL_CTX_need_tmp_RSA() will be true? Not if you are using LibreSSL (or BoringSSL) - from s3_lib.c: case SSL_CTRL_NEED_TMP_RSA: ret = 0; break; case SSL_CTRL_SET_TMP_RSA: case SSL_CTRL_SET_TMP_RSA_CB: SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); break; > SSL_OP_EPHEMERAL_RSA is not defined anywhere. So presumably it was added so that they could support export cipher suites... the commit message that added the code appears to be useless though: http://www.project-moonshot.org/gitweb/?p=freeradius.git;a=commitdiff;h=12b7f6efb1bbf6c70061d590a5ddfb1f71b0fefd -- "Action without study is fatal. Study without action is futile." -- Mary Ritter Beard