|
 |
919688 |
From d265dd2d965db3669d07caa69539beb8def0edb2 Mon Sep 17 00:00:00 2001
|
|
|
919688 |
Message-Id: <d265dd2d965db3669d07caa69539beb8def0edb2.1629375437.git.davide.caratti@gmail.com>
|
|
|
919688 |
From: Davide Caratti <davide.caratti@gmail.com>
|
|
|
919688 |
Date: Tue, 17 Aug 2021 10:58:54 +0200
|
|
|
919688 |
Subject: [PATCH] openssl: Remove deprecated functions from des_encrypt()
|
|
|
919688 |
|
|
|
919688 |
NetworkManager-CI detected systematic failures on test scenarios using
|
|
|
919688 |
MSCHAPv2 when wpa_supplicant uses OpenSSL-3.0.0.
|
|
|
919688 |
The 'test_module_tests.py' script also fails, and the following log is
|
|
|
919688 |
shown:
|
|
|
919688 |
|
|
|
919688 |
1627404013.761569: generate_nt_response failed
|
|
|
919688 |
1627404013.761582: ms_funcs: 1 error
|
|
|
919688 |
|
|
|
919688 |
It seems that either DES_set_key() or DES_ecb_encrypt() changed their
|
|
|
919688 |
semantic, but it doesn't make sense to fix them since their use has been
|
|
|
919688 |
deprecated. Converting des_encrypt() to avoid use of deprecated
|
|
|
919688 |
functions proved to fix the problem, and removed a couple of build
|
|
|
919688 |
warnings at the same time.
|
|
|
919688 |
|
|
|
919688 |
Reported-by: Vladimir Benes <vbenes@redhat.com>
|
|
|
919688 |
Signed-off-by: Davide Caratti <davide.caratti@gmail.com>
|
|
|
919688 |
---
|
|
|
919688 |
src/crypto/crypto_openssl.c | 21 +++++++++++++++------
|
|
|
919688 |
1 file changed, 15 insertions(+), 6 deletions(-)
|
|
|
919688 |
|
|
|
919688 |
diff --git a/src/crypto/crypto_openssl.c b/src/crypto/crypto_openssl.c
|
|
|
919688 |
index a4b1083bb..9411cb9cf 100644
|
|
|
919688 |
--- a/src/crypto/crypto_openssl.c
|
|
|
919688 |
+++ b/src/crypto/crypto_openssl.c
|
|
|
919688 |
@@ -206,8 +206,8 @@ int md4_vector(size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac)
|
|
|
919688 |
int des_encrypt(const u8 *clear, const u8 *key, u8 *cypher)
|
|
|
919688 |
{
|
|
|
919688 |
u8 pkey[8], next, tmp;
|
|
|
919688 |
- int i;
|
|
|
919688 |
- DES_key_schedule ks;
|
|
|
919688 |
+ int i, plen, ret = -1;
|
|
|
919688 |
+ EVP_CIPHER_CTX *ctx;
|
|
|
919688 |
|
|
|
919688 |
/* Add parity bits to the key */
|
|
|
919688 |
next = 0;
|
|
|
919688 |
@@ -218,10 +218,19 @@ int des_encrypt(const u8 *clear, const u8 *key, u8 *cypher)
|
|
|
919688 |
}
|
|
|
919688 |
pkey[i] = next | 1;
|
|
|
919688 |
|
|
|
919688 |
- DES_set_key((DES_cblock *) &pkey, &ks);
|
|
|
919688 |
- DES_ecb_encrypt((DES_cblock *) clear, (DES_cblock *) cypher, &ks,
|
|
|
919688 |
- DES_ENCRYPT);
|
|
|
919688 |
- return 0;
|
|
|
919688 |
+ ctx = EVP_CIPHER_CTX_new();
|
|
|
919688 |
+ if (ctx &&
|
|
|
919688 |
+ EVP_EncryptInit_ex(ctx, EVP_des_ecb(), NULL, pkey, NULL) == 1 &&
|
|
|
919688 |
+ EVP_CIPHER_CTX_set_padding(ctx, 0) == 1 &&
|
|
|
919688 |
+ EVP_EncryptUpdate(ctx, cypher, &plen, clear, 8) == 1 &&
|
|
|
919688 |
+ EVP_EncryptFinal_ex(ctx, &cypher[plen], &plen) == 1)
|
|
|
919688 |
+ ret = 0;
|
|
|
919688 |
+ else
|
|
|
919688 |
+ wpa_printf(MSG_ERROR, "OpenSSL: DES encrypt failed");
|
|
|
919688 |
+
|
|
|
919688 |
+ if (ctx)
|
|
|
919688 |
+ EVP_CIPHER_CTX_free(ctx);
|
|
|
919688 |
+ return ret;
|
|
|
919688 |
}
|
|
|
919688 |
|
|
|
919688 |
|
|
|
919688 |
--
|
|
|
919688 |
2.31.1
|
|
|
919688 |
|