> ------- Original Message -------
> On Friday, October 6th, 2023 at 4:53 PM, Stuart Henderson
> [email protected] wrote:
>
>
>
> > On 2023/10/06 20:36, haywirrr wrote:
> >
> > > > ...
> > > > hmm - it's not ideal to use OpenSSL 1.1 any more because security
> > > > updates from the old branches are now only available to paying
> > > > customers...
> > > >
> > > > There could well be something else in the changes between wpa_supplicant
> > > > 2.9 and 2.10 that will help with OpenSSL 3.x, but there have been other
> > > > changes which mean that src/drivers/driver_openbsd.c no longer compiles,
> > > > and I don't know how to fix that.
> > >
> > > Hi Stuart,
> > >
> > > I understand that using the old version of OpenSSL is not ideal.
> > > Unfortunately, this is my only option without moving to an entirely
> > > different platform, i.e. FreeBSD (which I may be forced into doing).
> >
> > Well, you have the diff and can use it if you want, but I don't really
> > want to commit that to ports.
> >
> > > Who would I need to ask about getting wpa_supplicant updated to the
> > > latest version? Also, there's a patch available for FreeBSD that allows
> >
> > I've tried updating and have merged the various patches, but the openbsd
> > code that's part of the distribution no longer builds. So it'll need
> > someone with enough interest and time and reason to look at it. The only
> > reason anyone has asked for this so far is to use a security protocol
> > that was replaced (by a much improved version) in 2008 which tbh is not
> > particularly compelling.
> >
> > (If anyone wants to do that feel free to ask for a diff for the boring
> > parts).
> >
> > > wpa_supplicant to interface directly with VLAN 0 (see the link below),
> > > how would I ask about getting that incorporated into the OpenBSD port
> > > of wpa_supplicant? I am thinking the answer might be to start a new
> > > thread and see if anyone replies...
> > >
> > > https://reviews.freebsd.org/D40442
> >
> > Does that actually need anything from wpa_supplicant, have you tried
> > running it on a vlan interface set to id 0 (which js the standard way to
> > do that)?
>
> Hi Stuart,
>
> That is actually how I am currently working with wpa_supplicant, I use
> a hostname.vlan0 interface along with the application to authenticate.
> I was just thinking this might negate the need for the interface
> declaration and make things a little cleaner.
>
> Should the question then be would it be possible to incorporate 802.1X
> authentication into a hostname.if? I have no idea what that would take.
Hi Stuart,
I was able to get wpa_supplicant working with OpenSSL 3.0/3.1 after
applying the following 5 patches:
Allow use of TLS 1.0 and renegotiation - patch 1/5
Index: src/ap/authsrv.c
--- src/ap/authsrv.cc.orig
+++ src/ap/authsrv.c
@@ -188,6 +188,9 @@
wpa_printf(MSG_DEBUG, "authsrv: remote TLS alert: %s",
data->alert.description);
break;
+ case TLS_UNSAFE_RENEGOTIATION_DISABLED:
+ /* Not applicable to TLS server */
+ break;
}
}
#endif /* EAP_TLS_FUNCS */
Allow use of TLS 1.0 and renegotiation - patch 2/5
Index: src/crypto/tls.h
--- src/crypto/tls.h.orig
+++ src/crypto/tls.h
@@ -22,7 +22,8 @@
TLS_CERT_CHAIN_SUCCESS,
TLS_CERT_CHAIN_FAILURE,
TLS_PEER_CERTIFICATE,
- TLS_ALERT
+ TLS_ALERT,
+ TLS_UNSAFE_RENEGOTIATION_DISABLED,
};
/*
@@ -112,6 +113,7 @@
#define TLS_CONN_ENABLE_TLSv1_1 BIT(15)
#define TLS_CONN_ENABLE_TLSv1_2 BIT(16)
#define TLS_CONN_TEAP_ANON_DH BIT(17)
+#define TLS_CONN_ALLOW_UNSAFE_RENEGOTIATION BIT(18)
/**
* struct tls_connection_params - Parameters for TLS connection
Allow use of TLS 1.0 and renegotiation - patch 3/5
Index: src/crypto/tls_openssl.c
--- src/crypto/tls_openssl.c.orig
+++ src/crypto/tls_openssl.c
@@ -2919,6 +2919,13 @@
SSL_clear_options(ssl, SSL_OP_NO_TICKET);
#endif /* SSL_OP_NO_TICKET */
+
+#ifdef SSL_OP_LEGACY_SERVER_CONNECT
+ if (flags & TLS_CONN_ALLOW_UNSAFE_RENEGOTIATION)
+ SSL_set_options(ssl, SSL_OP_LEGACY_SERVER_CONNECT);
+#endif /* SSL_OP_LEGACY_SERVER_CONNECT */
+
+
#ifdef SSL_OP_NO_TLSv1
if (flags & TLS_CONN_DISABLE_TLSv1_0)
SSL_set_options(ssl, SSL_OP_NO_TLSv1);
@@ -4133,6 +4140,7 @@
static struct wpabuf *
openssl_handshake(struct tls_connection *conn, const struct wpabuf *in_data)
{
+ struct tls_context *context = conn->context;
int res;
struct wpabuf *out_data;
@@ -4162,7 +4170,20 @@
wpa_printf(MSG_DEBUG, "SSL: SSL_connect - want to "
"write");
else {
+ unsigned long error = ERR_peek_last_error();
+
tls_show_errors(MSG_INFO, __func__, "SSL_connect");
+
+ if (context->event_cb &&
+ ERR_GET_LIB(error) == ERR_LIB_SSL &&
+ ERR_GET_REASON(error) ==
+ SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED) {
+ context->event_cb(
+ context->cb_ctx,
+ TLS_UNSAFE_RENEGOTIATION_DISABLED,
+ NULL);
+ }
+
conn->failed++;
if (!conn->server && !conn->client_hello_generated) {
/* The server would not understand TLS Alert
@@ -4185,8 +4206,6 @@
if ((conn->flags & TLS_CONN_SUITEB) && !conn->server &&
os_strncmp(SSL_get_cipher(conn->ssl), "DHE-", 4) == 0 &&
conn->server_dh_prime_len < 3072) {
- struct tls_context *context = conn->context;
-
/*
* This should not be reached since earlier cert_cb should have
* terminated the handshake. Keep this check here for extra
Allow use of TLS 1.0 and renegotiation - patch 4/5
Index: src/eap_peer/eap.c
--- src/eap_peer/eap.c.orig
+++ src/eap_peer/eap.c
@@ -2108,6 +2108,11 @@
eap_notify_status(sm, "remote TLS alert",
data->alert.description);
break;
+ case TLS_UNSAFE_RENEGOTIATION_DISABLED:
+ wpa_printf(MSG_INFO,
+ "TLS handshake failed due to the server not
supporting safe renegotiation (RFC 5746); phase1 parameter
allow_unsafe_renegotiation=1 can be used to work around this");
+ eap_notify_status(sm, "unsafe server renegotiation", "failure");
+ break;
}
os_free(hash_hex);
Allow use of TLS 1.0 and renegotiation - patch 5/5
Index: src/eap_peer/eap_tls_common.c
--- src/eap_peer/eap_tls_common.c
+++ src/eap_peer/eap_tls_common.c
@@ -102,6 +102,10 @@
params->flags |= TLS_CONN_SUITEB_NO_ECDH;
if (os_strstr(txt, "tls_suiteb_no_ecdh=0"))
params->flags &= ~TLS_CONN_SUITEB_NO_ECDH;
+ if (os_strstr(txt, "allow_unsafe_renegotiation=1"))
+ params->flags |= TLS_CONN_ALLOW_UNSAFE_RENEGOTIATION;
+ if (os_strstr(txt, "allow_unsafe_renegotiation=0"))
+ params->flags &= ~TLS_CONN_ALLOW_UNSAFE_RENEGOTIATION;
}
