From patchwork Tue Aug 17 08:58:54 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "d. caratti" X-Patchwork-Id: 1517654 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.infradead.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=) Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; secure) header.d=lists.infradead.org header.i=@lists.infradead.org header.a=rsa-sha256 header.s=bombadil.20210309 header.b=dMXEoXkR; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20161025 header.b=XvQeggiX; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4GplP85F2lz9sVq for ; Tue, 17 Aug 2021 19:00:44 +1000 (AEST) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To: Message-Id:Date:Subject:To:From:Reply-To:Cc:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=ez1eYhANfCJyDohKA9grALJo5E9OfjfC0cyE+2bLvu0=; b=dMXEoXkRPUNh0K 9AgEFcjca5upHwXoy9SA8AGAu9Jc3YsUL3s+vszPyYj+XJpdU31n3hVJE7UwSHnpjNR/zmoFUqpN0 0ULP+WIZ8YjBF/rO/hV/pI5+Sj2ZJvhe7nKUBiWXVd4ruGQAXm/o2EotXNBoauu2EfNZKWtF4//fg i8IpY58mMfUnvzpZQpNwxEJT/vBx++n5YiMHXj2duhu5ERDrq6KYMcRRUSQvi32ZQWy1KXKTuY5FA rcxfTpfu/t2bjytBOGNFk+/AESPZ78jRcjbNGqrfNKwP2C50MYJpkGCxkEx4E/IrcpxTBTsykhMY8 waS/gD0M+14ZtdxOWhgQ==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1mFuwR-001iYn-Tf; Tue, 17 Aug 2021 08:59:27 +0000 Received: from mail-ej1-x62b.google.com ([2a00:1450:4864:20::62b]) by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1mFuwO-001iYS-7A for hostap@lists.infradead.org; Tue, 17 Aug 2021 08:59:25 +0000 Received: by mail-ej1-x62b.google.com with SMTP id gr13so8095507ejb.6 for ; Tue, 17 Aug 2021 01:59:24 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=1paZGQ3a2uiNxfz4cOv1RpN2S2e7zEUi5jzLw+OqFNM=; b=XvQeggiX133JCx+QpfD96v3HFywgTrqNUZHamInJrBAR4nAmBfW3EzLeOVIUgLPcLe xTOSpiiWPy+qoCqTod/NKMw/jrUaOBjyZZ3Zv/p+vqudqyJGpSYZjkJFjKOD2b6mjrks bklGjFJJkHtKG4xI1Sd0jRoGKrDszmKeCvNqvmjY6Dou7zjpyS97l4H30OmKhiXIC+f2 YrLau2EF/M6ZfKVzND+Pc2oCtHXNqVy8QdmXTP7PwhH5OdA2p8vZyY5usM396X3mPdVe JlEaU6YisbSjDEXZeef45qZ5/2Lew7OjaMNgt0mL2065KMQzAXyCs+6b4blGDrYVSnZt Xyjg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=1paZGQ3a2uiNxfz4cOv1RpN2S2e7zEUi5jzLw+OqFNM=; b=EpPN1DbhDrJ2mXBLy0gOLlZhB/eFE+ikxcZQyDHnJEDL2xCRM9GtLVbpzO7e1b8z3k 7o0iimYGFFVGyrsTJiPkaRT26j9KOYNOlaX8lys1A4yMODzexVDerA0s5ORMBP6YIZws 7TTBOc4x+J9z1uYqPVm+fXjdJC18DiqYL5rzb2BWEIGAVR9y9swUalnRjzWrZQplEDwr p4qDxApxz0lI8MX5iUiot3sZ1Zf0SSM6Q3/YnMTBhLsuR1PUn9uWeamRHEGdWjZrjn3B KRuakgJUosu6whV90WODIbXAk0BAb7Nt+FEwSrrYOxxns3kf7Vh05HOwm0I5TUMBX2xe 914g== X-Gm-Message-State: AOAM531lvworJLYu8O5W2xlqiwZgaZKTXiHD+bHMS6s8GMyg8EM1BG6v GtBH7ikz9IhW2a886x5tHbeFZvD7CQo= X-Google-Smtp-Source: ABdhPJz7Ina9c3OtSfiF2vjkl1RGTgyX6/9y/GusdjAD5qsVMGtVfzDDILG3HgW2jeWWyrkobv6d5A== X-Received: by 2002:a17:907:86ab:: with SMTP id qa43mr2853546ejc.224.1629190762748; Tue, 17 Aug 2021 01:59:22 -0700 (PDT) Received: from dcaratti.station (net-188-218-24-160.cust.vodafonedsl.it. [188.218.24.160]) by smtp.gmail.com with ESMTPSA id q8sm710427edv.95.2021.08.17.01.59.22 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 17 Aug 2021 01:59:22 -0700 (PDT) From: Davide Caratti To: hostap@lists.infradead.org, j@w1.fi, vbenes@redhat.com, bgalvani@redhat.com Subject: [PATCH RESEND] openssl: remove deprecated functions from des_encrypt() Date: Tue, 17 Aug 2021 10:58:54 +0200 Message-Id: <28f20f0cbfc4a0d5950df6b61ac09338e02474ac.1629189898.git.davide.caratti@gmail.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: References: MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20210817_015924_305891_6E8A380B X-CRM114-Status: GOOD ( 14.30 ) X-Spam-Score: -0.2 (/) X-Spam-Report: Spam detection software, running on the system "bombadil.infradead.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: NetworkManager-CI detected systematic failures on test scenarios using MSCHAPv2 when wpa_supplicant uses OpenSSL-3.0.0. The 'test_module_tests.py' script also fails, and the following log is shown: 1627404013.761569: generate_nt_response failed 1627404013.761582: ms_funcs: 1 error Content analysis details: (-0.2 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [2a00:1450:4864:20:0:0:0:62b listed in] [list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider [davide.caratti[at]gmail.com] -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain X-BeenThere: hostap@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "Hostap" Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org NetworkManager-CI detected systematic failures on test scenarios using MSCHAPv2 when wpa_supplicant uses OpenSSL-3.0.0. The 'test_module_tests.py' script also fails, and the following log is shown: 1627404013.761569: generate_nt_response failed 1627404013.761582: ms_funcs: 1 error it seems that either DES_set_key() or DES_ecb_encrypt() changed their semantic, but it doesn't make sense to fix them since their use has been deprecated. Converting des_encrypt() to avoid use of deprecated functions proved to fix the problem, and removed a couple of build warnings at the same time. Reported-by: Vladimir Benes Signed-off-by: Davide Caratti --- src/crypto/crypto_openssl.c | 21 +++++++++++++++------ 1 file changed, 15 insertions(+), 6 deletions(-) diff --git a/src/crypto/crypto_openssl.c b/src/crypto/crypto_openssl.c index fb9d18078..5eb714c91 100644 --- a/src/crypto/crypto_openssl.c +++ b/src/crypto/crypto_openssl.c @@ -206,8 +206,8 @@ int md4_vector(size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac) int des_encrypt(const u8 *clear, const u8 *key, u8 *cypher) { u8 pkey[8], next, tmp; - int i; - DES_key_schedule ks; + int i, plen, ret = -1; + EVP_CIPHER_CTX *ctx; /* Add parity bits to the key */ next = 0; @@ -218,10 +218,19 @@ int des_encrypt(const u8 *clear, const u8 *key, u8 *cypher) } pkey[i] = next | 1; - DES_set_key((DES_cblock *) &pkey, &ks); - DES_ecb_encrypt((DES_cblock *) clear, (DES_cblock *) cypher, &ks, - DES_ENCRYPT); - return 0; + ctx = EVP_CIPHER_CTX_new(); + if (ctx && + (EVP_EncryptInit_ex(ctx, EVP_des_ecb(), NULL, pkey, NULL) == 1) && + (EVP_CIPHER_CTX_set_padding(ctx, 0) == 1) && + (EVP_EncryptUpdate(ctx, cypher, &plen, clear, 8) == 1) && + (EVP_EncryptFinal_ex(ctx, &cypher[plen], &plen) == 1)) + ret = 0; + else + wpa_printf(MSG_ERROR, "OpenSSL: DES encrypt failed"); + + if (ctx) + EVP_CIPHER_CTX_free(ctx); + return ret; }