From a561d12d24c2c8bb0f825d4a3a55a5e47e845853 Mon Sep 17 00:00:00 2001 Message-Id: From: Jouni Malinen Date: Wed, 4 May 2022 23:55:38 +0300 Subject: [PATCH] EAP peer status notification for server not supporting RFC 5746 Add a notification message to indicate reason for TLS handshake failure due to the server not supporting safe renegotiation (RFC 5746). Signed-off-by: Jouni Malinen --- src/ap/authsrv.c | 3 +++ src/crypto/tls.h | 3 ++- src/crypto/tls_openssl.c | 15 +++++++++++++-- src/eap_peer/eap.c | 5 +++++ 4 files changed, 23 insertions(+), 3 deletions(-) diff --git a/src/ap/authsrv.c b/src/ap/authsrv.c index 516c1da74..fd9c96fad 100644 --- a/src/ap/authsrv.c +++ b/src/ap/authsrv.c @@ -169,6 +169,9 @@ static void authsrv_tls_event(void *ctx, enum tls_event ev, wpa_printf(MSG_DEBUG, "authsrv: remote TLS alert: %s", data->alert.description); break; + case TLS_UNSAFE_RENEGOTIATION_DISABLED: + /* Not applicable to TLS server */ + break; } } #endif /* EAP_TLS_FUNCS */ diff --git a/src/crypto/tls.h b/src/crypto/tls.h index 7ea32ee4a..7a2ee32df 100644 --- a/src/crypto/tls.h +++ b/src/crypto/tls.h @@ -22,7 +22,8 @@ enum tls_event { TLS_CERT_CHAIN_SUCCESS, TLS_CERT_CHAIN_FAILURE, TLS_PEER_CERTIFICATE, - TLS_ALERT + TLS_ALERT, + TLS_UNSAFE_RENEGOTIATION_DISABLED, }; /* diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c index 0d23f44ad..912471ba2 100644 --- a/src/crypto/tls_openssl.c +++ b/src/crypto/tls_openssl.c @@ -4443,6 +4443,7 @@ int tls_connection_get_eap_fast_key(void *tls_ctx, struct tls_connection *conn, static struct wpabuf * openssl_handshake(struct tls_connection *conn, const struct wpabuf *in_data) { + struct tls_context *context = conn->context; int res; struct wpabuf *out_data; @@ -4472,7 +4473,19 @@ openssl_handshake(struct tls_connection *conn, const struct wpabuf *in_data) wpa_printf(MSG_DEBUG, "SSL: SSL_connect - want to " "write"); else { + unsigned long error = ERR_peek_last_error(); + tls_show_errors(MSG_INFO, __func__, "SSL_connect"); + + if (context->event_cb && + ERR_GET_LIB(error) == ERR_LIB_SSL && + ERR_GET_REASON(error) == + SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED) { + context->event_cb( + context->cb_ctx, + TLS_UNSAFE_RENEGOTIATION_DISABLED, + NULL); + } conn->failed++; if (!conn->server && !conn->client_hello_generated) { /* The server would not understand TLS Alert @@ -4495,8 +4508,6 @@ openssl_handshake(struct tls_connection *conn, const struct wpabuf *in_data) if ((conn->flags & TLS_CONN_SUITEB) && !conn->server && os_strncmp(SSL_get_cipher(conn->ssl), "DHE-", 4) == 0 && conn->server_dh_prime_len < 3072) { - struct tls_context *context = conn->context; - /* * This should not be reached since earlier cert_cb should have * terminated the handshake. Keep this check here for extra diff --git a/src/eap_peer/eap.c b/src/eap_peer/eap.c index 429b20d3a..729388f4f 100644 --- a/src/eap_peer/eap.c +++ b/src/eap_peer/eap.c @@ -2172,6 +2172,11 @@ static void eap_peer_sm_tls_event(void *ctx, enum tls_event ev, eap_notify_status(sm, "remote TLS alert", data->alert.description); break; + case TLS_UNSAFE_RENEGOTIATION_DISABLED: + wpa_printf(MSG_INFO, + "TLS handshake failed due to the server not supporting safe renegotiation (RFC 5746); phase1 parameter allow_unsafe_renegotiation=1 can be used to work around this"); + eap_notify_status(sm, "unsafe server renegotiation", "failure"); + break; } os_free(hash_hex); -- 2.35.1