fix NetworkManager-CI failures with OpenSSL-3.0

Resolves: rhbz#1975718 Signed-off-by: Davide Caratti <dcaratti@redhat.com>
2021-08-19 14:19:21 +02:00 · 2021-08-19 14:19:21 +02:00 · acfc8c1a4c
commit acfc8c1a4c
parent 06278e6a00
5 changed files with 313 additions and 1 deletions
--- a/0001-EAP-TTLS-PEAP-peer-Fix-failure-when-using-session-ti.patch
+++ b/0001-EAP-TTLS-PEAP-peer-Fix-failure-when-using-session-ti.patch
@ -0,0 +1,110 @@
+From 872609c15110d32ee2d306aeeeffdd4e42ef6fc6 Mon Sep 17 00:00:00 2001
+Message-Id: <872609c15110d32ee2d306aeeeffdd4e42ef6fc6.1627507211.git.davide.caratti@gmail.com>
+From: Alexander Clouter <alex@digriz.org.uk>
+Date: Fri, 16 Oct 2020 09:49:36 +0100
+Subject: [PATCH] EAP-TTLS/PEAP peer: Fix failure when using session tickets
+ under TLS 1.3
+
+EAP peer does not expect data present when beginning the Phase 2 in
+EAP-{TTLS,PEAP} but in TLS 1.3 session tickets are sent after the
+handshake completes.
+
+There are several strategies that can be used to handle this, but this
+patch picks up from the discussion[1] and implements the proposed use of
+SSL_MODE_AUTO_RETRY. SSL_MODE_AUTO_RETRY has already been enabled by
+default in OpenSSL 1.1.1, but it needs to be enabled for older versions.
+
+The main OpenSSL wrapper change in tls_connection_decrypt() takes care
+of the new possible case with SSL_MODE_AUTO_RETRY for
+SSL_ERROR_WANT_READ to indicate that a non-application_data was
+processed. That is not really an error case with TLS 1.3, so allow it to
+complete and return an empty decrypted application data buffer.
+EAP-PEAP/TTLS processing can then use this to move ahead with starting
+Phase 2.
+
+[1] https://www.spinics.net/lists/hostap/msg05376.html
+
+Signed-off-by: Alexander Clouter <alex@digriz.org.uk>
+---
+ src/crypto/tls_openssl.c | 18 ++++++++++++++----
+ src/eap_peer/eap_peap.c  |  4 ++++
+ src/eap_peer/eap_ttls.c  |  5 +++++
+ 3 files changed, 23 insertions(+), 4 deletions(-)
+
+diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
+index ef872c50e..345a35ee1 100644
+--- a/src/crypto/tls_openssl.c
+++ b/src/crypto/tls_openssl.c
+@@ -1045,6 +1045,8 @@ void * tls_init(const struct tls_config *conf)
+ 	SSL_CTX_set_options(ssl, SSL_OP_NO_SSLv2);
+ 	SSL_CTX_set_options(ssl, SSL_OP_NO_SSLv3);
+ 
+	SSL_CTX_set_mode(ssl, SSL_MODE_AUTO_RETRY);
+
+ #ifdef SSL_MODE_NO_AUTO_CHAIN
+ 	/* Number of deployed use cases assume the default OpenSSL behavior of
+ 	 * auto chaining the local certificate is in use. BoringSSL removed this
+@@ -4543,10 +4545,18 @@ struct wpabuf * tls_connection_decrypt(void *tls_ctx,
+ 		return NULL;
+ 	res = SSL_read(conn->ssl, wpabuf_mhead(buf), wpabuf_size(buf));
+ 	if (res < 0) {
+-		tls_show_errors(MSG_INFO, __func__,
+-				"Decryption failed - SSL_read");
+-		wpabuf_free(buf);
+-		return NULL;
+		int err = SSL_get_error(conn->ssl, res);
+
+		if (err == SSL_ERROR_WANT_READ) {
+			wpa_printf(MSG_DEBUG,
+				   "SSL: SSL_connect - want more data");
+			res = 0;
+		} else {
+			tls_show_errors(MSG_INFO, __func__,
+					"Decryption failed - SSL_read");
+			wpabuf_free(buf);
+			return NULL;
+		}
+ 	}
+ 	wpabuf_put(buf, res);
+ 
+diff --git a/src/eap_peer/eap_peap.c b/src/eap_peer/eap_peap.c
+index 7c3704369..a13428d37 100644
+--- a/src/eap_peer/eap_peap.c
+++ b/src/eap_peer/eap_peap.c
+@@ -803,6 +803,10 @@ static int eap_peap_decrypt(struct eap_sm *sm, struct eap_peap_data *data,
+ 	res = eap_peer_tls_decrypt(sm, &data->ssl, in_data, &in_decrypted);
+ 	if (res)
+ 		return res;
+	if (wpabuf_len(in_decrypted) == 0) {
+		wpabuf_free(in_decrypted);
+		return 1;
+	}
+ 
+ continue_req:
+ 	wpa_hexdump_buf(MSG_DEBUG, "EAP-PEAP: Decrypted Phase 2 EAP",
+diff --git a/src/eap_peer/eap_ttls.c b/src/eap_peer/eap_ttls.c
+index 642d179c6..3bf1e97e6 100644
+--- a/src/eap_peer/eap_ttls.c
+++ b/src/eap_peer/eap_ttls.c
+@@ -1441,6 +1441,7 @@ static int eap_ttls_decrypt(struct eap_sm *sm, struct eap_ttls_data *data,
+ 
+ 	if ((in_data == NULL || wpabuf_len(in_data) == 0) &&
+ 	    data->phase2_start) {
+start:
+ 		return eap_ttls_phase2_start(sm, data, ret, identifier,
+ 					     out_data);
+ 	}
+@@ -1455,6 +1456,10 @@ static int eap_ttls_decrypt(struct eap_sm *sm, struct eap_ttls_data *data,
+ 	retval = eap_peer_tls_decrypt(sm, &data->ssl, in_data, &in_decrypted);
+ 	if (retval)
+ 		goto done;
+	if (wpabuf_len(in_decrypted) == 0) {
+		wpabuf_free(in_decrypted);
+		goto start;
+	}
+ 
+ continue_req:
+ 	data->phase2_start = 0;
+-- 
+2.31.1
+
--- a/0001-OpenSSL-Allow-systemwide-secpolicy-overrides-for-TLS.patch
+++ b/0001-OpenSSL-Allow-systemwide-secpolicy-overrides-for-TLS.patch
@ -0,0 +1,66 @@
+From 9afb68b03976d019bb450e5e33b0d8e48867691c Mon Sep 17 00:00:00 2001
+Message-Id: <9afb68b03976d019bb450e5e33b0d8e48867691c.1626202922.git.davide.caratti@gmail.com>
+From: Jouni Malinen <jouni@codeaurora.org>
+Date: Tue, 8 Sep 2020 17:55:36 +0300
+Subject: [PATCH] OpenSSL: Allow systemwide secpolicy overrides for TLS version
+
+Explicit configuration to enable TLS v1.0 and/or v1.1 did not work with
+systemwide OpenSSL secpolicy=2 cases (e.g., Ubuntu 20.04). Allow such
+systemwide configuration to be overridden if the older TLS versions have
+been explicitly enabled in the network profile. The default behavior
+follows the systemwide policy, but this allows compatibility with old
+authentication servers without having to touch the systemwide policy.
+
+Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
+---
+ src/crypto/tls_openssl.c | 26 +++++++++++++++++---------
+ 1 file changed, 17 insertions(+), 9 deletions(-)
+
+diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
+index e73dd7f5b..f7dfecbbf 100644
+--- a/src/crypto/tls_openssl.c
+++ b/src/crypto/tls_openssl.c
+@@ -2995,16 +2995,12 @@ static int tls_set_conn_flags(struct tls_connection *conn, unsigned int flags,
+ 
+ 		/* Explicit request to enable TLS versions even if needing to
+ 		 * override systemwide policies. */
+-		if (flags & TLS_CONN_ENABLE_TLSv1_0) {
+		if (flags & TLS_CONN_ENABLE_TLSv1_0)
+ 			version = TLS1_VERSION;
+-		} else if (flags & TLS_CONN_ENABLE_TLSv1_1) {
+-			if (!(flags & TLS_CONN_DISABLE_TLSv1_0))
+-				version = TLS1_1_VERSION;
+-		} else if (flags & TLS_CONN_ENABLE_TLSv1_2) {
+-			if (!(flags & (TLS_CONN_DISABLE_TLSv1_0 |
+-				       TLS_CONN_DISABLE_TLSv1_1)))
+-				version = TLS1_2_VERSION;
+-		}
+		else if (flags & TLS_CONN_ENABLE_TLSv1_1)
+			version = TLS1_1_VERSION;
+		else if (flags & TLS_CONN_ENABLE_TLSv1_2)
+			version = TLS1_2_VERSION;
+ 		if (!version) {
+ 			wpa_printf(MSG_DEBUG,
+ 				   "OpenSSL: Invalid TLS version configuration");
+@@ -3018,6 +3014,18 @@ static int tls_set_conn_flags(struct tls_connection *conn, unsigned int flags,
+ 		}
+ 	}
+ #endif /* >= 1.1.0 */
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && \
+	!defined(LIBRESSL_VERSION_NUMBER) && \
+	!defined(OPENSSL_IS_BORINGSSL)
+	if ((flags & (TLS_CONN_ENABLE_TLSv1_0 | TLS_CONN_ENABLE_TLSv1_1)) &&
+	    SSL_get_security_level(ssl) >= 2) {
+		/*
+		 * Need to drop to security level 1 to allow TLS versions older
+		 * than 1.2 to be used when explicitly enabled in configuration.
+		 */
+		SSL_set_security_level(conn->ssl, 1);
+	}
+#endif
+ 
+ #ifdef CONFIG_SUITEB
+ #ifdef OPENSSL_IS_BORINGSSL
+-- 
+2.31.1
+
--- a/0001-openssl-Disable-padding-after-initializing-the-ciphe.patch
+++ b/0001-openssl-Disable-padding-after-initializing-the-ciphe.patch
@ -0,0 +1,58 @@
+From e2e9adc3d9b6bb9c433ebb6404ee439b42e91746 Mon Sep 17 00:00:00 2001
+Message-Id: <e2e9adc3d9b6bb9c433ebb6404ee439b42e91746.1629375427.git.davide.caratti@gmail.com>
+From: Davide Caratti <davide.caratti@gmail.com>
+Date: Tue, 17 Aug 2021 10:58:53 +0200
+Subject: [PATCH] openssl: Disable padding after initializing the cipher suite
+
+according to OpenSSL documentation [1], EVP_CIPHER_CTX_set_padding()
+should be called after EVP_EncryptInit_ex(), EVP_DecryptInit_ex(), or
+EVP_CipherInit_ex(). Not doing this causes EVP_CIPHER_CTX_set_padding()
+to return false on OpenSSL-3.0.0, resulting in the impossibility to
+connect in many scenarios. Fix this changing the order of function calls
+where needed.
+
+[1] https://www.openssl.org/docs/man1.1.1/man3/EVP_CIPHER_CTX_set_padding.html
+
+Reported-by: Vladimir Benes <vbenes@redhat.com>
+Signed-off-by: Davide Caratti <davide.caratti@gmail.com>
+---
+ src/crypto/crypto_openssl.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/src/crypto/crypto_openssl.c b/src/crypto/crypto_openssl.c
+index 9411cb9cf..4b87702e4 100644
+--- a/src/crypto/crypto_openssl.c
+++ b/src/crypto/crypto_openssl.c
+@@ -248,8 +248,8 @@ int rc4_skip(const u8 *key, size_t keylen, size_t skip,
+ 
+ 	ctx = EVP_CIPHER_CTX_new();
+ 	if (!ctx ||
+-	    !EVP_CIPHER_CTX_set_padding(ctx, 0) ||
+ 	    !EVP_CipherInit_ex(ctx, EVP_rc4(), NULL, NULL, NULL, 1) ||
+	    !EVP_CIPHER_CTX_set_padding(ctx, 0) ||
+ 	    !EVP_CIPHER_CTX_set_key_length(ctx, keylen) ||
+ 	    !EVP_CipherInit_ex(ctx, NULL, NULL, key, NULL, 1))
+ 		goto out;
+@@ -709,8 +709,8 @@ struct crypto_cipher * crypto_cipher_init(enum crypto_cipher_alg alg,
+ 	}
+ 
+ 	if (!(ctx->enc = EVP_CIPHER_CTX_new()) ||
+-	    !EVP_CIPHER_CTX_set_padding(ctx->enc, 0) ||
+ 	    !EVP_EncryptInit_ex(ctx->enc, cipher, NULL, NULL, NULL) ||
+	    !EVP_CIPHER_CTX_set_padding(ctx->enc, 0) ||
+ 	    !EVP_CIPHER_CTX_set_key_length(ctx->enc, key_len) ||
+ 	    !EVP_EncryptInit_ex(ctx->enc, NULL, NULL, key, iv)) {
+ 		if (ctx->enc)
+@@ -720,8 +720,8 @@ struct crypto_cipher * crypto_cipher_init(enum crypto_cipher_alg alg,
+ 	}
+ 
+ 	if (!(ctx->dec = EVP_CIPHER_CTX_new()) ||
+-	    !EVP_CIPHER_CTX_set_padding(ctx->dec, 0) ||
+ 	    !EVP_DecryptInit_ex(ctx->dec, cipher, NULL, NULL, NULL) ||
+	    !EVP_CIPHER_CTX_set_padding(ctx->dec, 0) ||
+ 	    !EVP_CIPHER_CTX_set_key_length(ctx->dec, key_len) ||
+ 	    !EVP_DecryptInit_ex(ctx->dec, NULL, NULL, key, iv)) {
+ 		EVP_CIPHER_CTX_free(ctx->enc);
+-- 
+2.31.1
+
--- a/0001-openssl-Remove-deprecated-functions-from-des_encrypt.patch
+++ b/0001-openssl-Remove-deprecated-functions-from-des_encrypt.patch
@ -0,0 +1,68 @@
+From d265dd2d965db3669d07caa69539beb8def0edb2 Mon Sep 17 00:00:00 2001
+Message-Id: <d265dd2d965db3669d07caa69539beb8def0edb2.1629375437.git.davide.caratti@gmail.com>
+From: Davide Caratti <davide.caratti@gmail.com>
+Date: Tue, 17 Aug 2021 10:58:54 +0200
+Subject: [PATCH] openssl: Remove deprecated functions from des_encrypt()
+
+NetworkManager-CI detected systematic failures on test scenarios using
+MSCHAPv2 when wpa_supplicant uses OpenSSL-3.0.0.
+The 'test_module_tests.py' script also fails, and the following log is
+shown:
+
+ 1627404013.761569: generate_nt_response failed
+ 1627404013.761582: ms_funcs: 1 error
+
+It seems that either DES_set_key() or DES_ecb_encrypt() changed their
+semantic, but it doesn't make sense to fix them since their use has been
+deprecated. Converting des_encrypt() to avoid use of deprecated
+functions proved to fix the problem, and removed a couple of build
+warnings at the same time.
+
+Reported-by: Vladimir Benes <vbenes@redhat.com>
+Signed-off-by: Davide Caratti <davide.caratti@gmail.com>
+---
+ src/crypto/crypto_openssl.c | 21 +++++++++++++++------
+ 1 file changed, 15 insertions(+), 6 deletions(-)
+
+diff --git a/src/crypto/crypto_openssl.c b/src/crypto/crypto_openssl.c
+index a4b1083bb..9411cb9cf 100644
+--- a/src/crypto/crypto_openssl.c
+++ b/src/crypto/crypto_openssl.c
+@@ -206,8 +206,8 @@ int md4_vector(size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac)
+ int des_encrypt(const u8 *clear, const u8 *key, u8 *cypher)
+ {
+ 	u8 pkey[8], next, tmp;
+-	int i;
+-	DES_key_schedule ks;
+	int i, plen, ret = -1;
+	EVP_CIPHER_CTX *ctx;
+ 
+ 	/* Add parity bits to the key */
+ 	next = 0;
+@@ -218,10 +218,19 @@ int des_encrypt(const u8 *clear, const u8 *key, u8 *cypher)
+ 	}
+ 	pkey[i] = next | 1;
+ 
+-	DES_set_key((DES_cblock *) &pkey, &ks);
+-	DES_ecb_encrypt((DES_cblock *) clear, (DES_cblock *) cypher, &ks,
+-			DES_ENCRYPT);
+-	return 0;
+	ctx = EVP_CIPHER_CTX_new();
+	if (ctx &&
+	    EVP_EncryptInit_ex(ctx, EVP_des_ecb(), NULL, pkey, NULL) == 1 &&
+	    EVP_CIPHER_CTX_set_padding(ctx, 0) == 1 &&
+	    EVP_EncryptUpdate(ctx, cypher, &plen, clear, 8) == 1 &&
+	    EVP_EncryptFinal_ex(ctx, &cypher[plen], &plen) == 1)
+		ret = 0;
+	else
+		wpa_printf(MSG_ERROR, "OpenSSL: DES encrypt failed");
+
+	if (ctx)
+		EVP_CIPHER_CTX_free(ctx);
+	return ret;
+ }
+ 
+ 
+-- 
+2.31.1
+
--- a/wpa_supplicant.spec
+++ b/wpa_supplicant.spec
@ -9,7 +9,7 @@ Summary: WPA/WPA2/IEEE 802.1X Supplicant
 Name: wpa_supplicant
 Epoch: 1
 Version: 2.9
-Release: 16%{?dist}
+Release: 17%{?dist}
 License: BSD
 Source0: http://w1.fi/releases/%{name}-%{version}.tar.gz
 Source1: wpa_supplicant.conf
@ -49,6 +49,13 @@ Patch11: 0001-P2P-Fix-copying-of-secondary-device-types-for-P2P-gr.patch
 #fix for CVE-2021-27803
 Patch12: 0001-P2P-Fix-a-corner-case-in-peer-addition-based-on-PD-R.patch

+#fix for bz1975718 
+Patch13: 0001-OpenSSL-Allow-systemwide-secpolicy-overrides-for-TLS.patch
+Patch14: 0001-EAP-TTLS-PEAP-peer-Fix-failure-when-using-session-ti.patch
+Patch15: 0001-openssl-Disable-padding-after-initializing-the-ciphe.patch
+Patch16: 0001-openssl-Remove-deprecated-functions-from-des_encrypt.patch
+
+
 URL: http://w1.fi/wpa_supplicant/

 %if %with gui
@ -208,6 +215,9 @@ chmod -R 0644 wpa_supplicant/examples/*.py


 %changelog
+* Thu Aug 19 2021 Davide Caratti <dcaratti@redhat.com> - 1:2.9-17
+- Fix NetworkManager-CI failures with OpenSSL 3.0
+
 * Tue Aug 10 2021 Mohan Boddu <mboddu@redhat.com> - 1:2.9-16
 - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
  Related: rhbz#1991688