Openssl v3.0.8 + wpa_supplicant2.10 can not connect 802.1x network

[VimuVR3]

wpa_supplicant v2.10 with OpenSSL v3.0.8

Issue description:
I used supplicant2.10+openssl3.0.8 to test connecting to an 802.1x network, I got the following results:
PEAP+MSCHAPV2:Failed
PEAP+GTC:Passed

I want to use PEAP+MSCHAPV2 authentication with openssl3.0.8 for windows NPS servers where GTC is not supported (only MSCHAPV2 is supported by default).
I used supplicant2.10+openssl1.1.1t where it can connect to 802.1x using PEAP+MSCHAPV2

Steps to reproduce:
Connect to the 802.1x network and select the encryption mode PEAP + MSCHAPV2 with OpenSSL v3.0.8

Observed behavior:
connect timeout

Expected behavior:
connect ok

Log snippet:

16:57:53:437 wpa_supplicant: OpenSSL: RX ver=0x303 content_type=256 (TLS header info/)
16:57:53:445 wpa_supplicant: EAP-PEAP: received Phase 2: code=1 identifier=185 length=43
16:57:53:445 wpa_supplicant: EAP-PEAP: Phase 2 Request: type=26
16:57:53:456 wpa_supplicant: EAP-PEAP: Selected Phase 2 EAP vendor 0 method 26
16:57:53:470 wpa_supplicant: EAP-MSCHAPV2: RX identifier 185 mschapv2_id 185
16:57:53:471 wpa_supplicant: EAP-MSCHAPV2: Received challenge
16:57:53:481 wpa_supplicant: EAP-MSCHAPV2: Generating Challenge Response
16:57:53:481 wpa_supplicant: OpenSSL: EVP_DigestInit_ex failed: error:0308010C:digital envelope routines::unsupported

Log snippet using eapol_test utility to test 802.1x authentication provided in wpa_supplicant:

EAP-MSCHAPV2: Generating Challenge Response
Get randomness: len=16 entropy=0
random from os_get_random - hexdump(len=16): 77 b5 40 38 12 e0 da 75 3c 96 41 67 9a 40 6a f5
random_mix_pool - hexdump(len=20): 0d b9 b1 bf 70 7c bd fa 8b 8c 0a 46 d8 96 87 a4 8e 89 0d 7d
random from internal pool - hexdump(len=16): 52 c7 66 0a bf 85 ed d3 d8 c1 5b 8c 5d 36 f0 8e
mixed random - hexdump(len=16): 25 72 26 32 ad 65 37 a6 e4 57 1a eb c7 76 9a 7b
MSCHAPV2: Identity - hexdump_ascii(len=5):
61 64 6d 69 6e admin
MSCHAPV2: Username - hexdump_ascii(len=5):
61 64 6d 69 6e admin
MSCHAPV2: auth_challenge - hexdump(len=16): 3e 04 b8 c6 6b 23 3d 40 cb bf 55 7b e4 b2 85 d9
MSCHAPV2: peer_challenge - hexdump(len=16): 25 72 26 32 ad 65 37 a6 e4 57 1a eb c7 76 9a 7b
MSCHAPV2: username - hexdump_ascii(len=5):
61 64 6d 69 6e admin
MSCHAPV2: password - hexdump_ascii(len=8):
70 61 73 73 77 6f 72 64 password
OpenSSL: EVP_DigestInit_ex failed: error:0308010C:digital envelope routines::unsupported
EAP-MSCHAPV2: Failed to derive response
EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL eapRespData=0
EAP: EAP entering state SEND_RESPONSE
EAP: No eapRespData available
EAP: EAP entering state IDLE
EAPOL test timed out
EAPOL: EAP key not available
EAPOL: EAP Session-Id not available
WPA: Clear old PMK and PTK
EAP: deinitialize previously used EAP method (25, PEAP) at EAP deinit
MPPE keys OK: 0 mismatch: 1
FAILURE

Further, when debugging it is found NULL value is returned in the following code snippet of crypto/evp/digest.c
In function evp_md_init_internal, EVP_MD_fetch returns a NULL value below which it is returned inside NULL check.

        /* The NULL digest is a special case */
        EVP_MD *provmd = EVP_MD_fetch(NULL,
                                      type->type != NID_undef ? OBJ_nid2sn(type->type)
                                                              : "NULL", "");

        if (provmd == NULL) {
            ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
            return 0;
        }

[beldmit]

Probably you need to load the legacy provider as the digest used for authorization is insecure and is absent in the default provider. See https://bugzilla.redhat.com/show_bug.cgi?id=2072070 for details

[VimuVR3]

Anything related to eapol_test specifically? as I'm using eapol_test provided with wpa_supplicant for testing purposes in my network device (Access Point).
I tried making the patch changes in hostapd provided here https://bugzilla.redhat.com/show_bug.cgi?id=2072070, which didn't help me out with eapol_test.

[VimuVR3]

Further, came to know that in https://bugzilla.redhat.com/show_bug.cgi?id=2072070, the SSL error code is different to the issue reported here.

Reference link log:
Feb 23 10:58:47 dmk-laptop-21 wpa_supplicant[1404]: OpenSSL: openssl_handshake - SSL_connect error:0A000152:SSL routines::unsafe legacy renegotiation disabled
Feb 23 10:58:48 dmk-laptop-21 wpa_supplicant[1404]: wlp147s0: CTRL-EVENT-EAP-FAILURE EAP authentication failed

Issue reported:
16:57:53:481 wpa_supplicant: OpenSSL: EVP_DigestInit_ex failed: error:0308010C:digital envelope routines::unsupported

or

OpenSSL: EVP_DigestInit_ex failed: error:0308010C:digital envelope routines::unsupported
EAP-MSCHAPV2: Failed to derive response

[beldmit]

Could you please find out which digest is not found by OpenSSL?

[VimuVR3]

I didn't use any digest specifically. might it be selecting a default one in noop case?

Freeradius server logs:
(37) [preprocess] = ok
(37) [chap] = noop
(37) [mschap] = noop
(37) [digest] = noop

[beldmit]

Again, could you please try enabling the legacy provider? I think the digest or cipher (or both) are not included into the default provider as MSCHAP2 was implemented in 1998 or so, according to Wikipedia

[VimuVR3]

Could you please share the steps to enable the leagcy provider?

Let me follow the same and try to figure it out.

[beldmit]

Try editing the corresponding part of OpenSSL config (usually somewhere in /etc) to make it look like

[provider_sect]
default = default_sect
legacy = legacy_sect

[default_sect]
activate = 1

[legacy_sect]
activate = 1

[VimuVR3]

Found the conf file here, /etc/ssl/openssl.cnf

Would it work if the legacy config changes are done in runtime? Still the issue persists the same.

I haven't done a compilation dependency check along with openssl.cnf changes yet.

[beldmit]

If I correctly understand your question, you don't have to recompile openssl to enable the legacy provider

[VimuVR3]

In that case, I added the mentioned changes to the conf file and verified the auth test.
Still the same issue is observed.

[beldmit]

Could you please point at the code calling the EVP_DigestInit_ex?