fragattacks: enable MS-CHAPv2 with OpenSSL >=3.0

This patch re-enables the usage of MS-CHAPv2 when linking with OpenSSL
version 3.0 or higher.
This commit is contained in:
Mathy Vanhoef 2023-10-11 04:10:50 +02:00
parent abf9b9bd8b
commit 05a607526e
2 changed files with 18 additions and 0 deletions

View File

@ -1126,6 +1126,9 @@ For example see the above two tables with commands.
**Version 1.3.4 (under progress):**: **Version 1.3.4 (under progress):**:
- Updated wpa_supplicant to re-enable connecting to Enterprise networks that use MS-CHAPv2. Previously, when
the OS uses OpenSSL 3.0 or higher, MD4 was disabled by default, meaning MS-CHAPv2 could not be used.
- Added the `--pre-test-delay` parameter. This adds a delay between getting an IP address and the transmission - Added the `--pre-test-delay` parameter. This adds a delay between getting an IP address and the transmission
of the first fragments/frames. See the [pull request](https://github.com/vanhoefm/fragattacks/pull/44) by of the first fragments/frames. See the [pull request](https://github.com/vanhoefm/fragattacks/pull/44) by
Michael Trimarchi and Angelo Compagnucci. Michael Trimarchi and Angelo Compagnucci.

View File

@ -90,6 +90,20 @@ static EC_KEY * EVP_PKEY_get0_EC_KEY(EVP_PKEY *pkey)
#endif /* OpenSSL version < 1.1.0 */ #endif /* OpenSSL version < 1.1.0 */
#if OPENSSL_VERSION_NUMBER >= 0x30000000L
static OSSL_PROVIDER *openssl_legacy_provider = NULL;
#endif /* OpenSSL version >= 3.0 */
void openssl_load_legacy_provider(void)
{
#if OPENSSL_VERSION_NUMBER >= 0x30000000L
if (openssl_legacy_provider)
return;
openssl_legacy_provider = OSSL_PROVIDER_try_load(NULL, "legacy", 1);
#endif /* OpenSSL version >= 3.0 */
}
static BIGNUM * get_group5_prime(void) static BIGNUM * get_group5_prime(void)
{ {
#if OPENSSL_VERSION_NUMBER >= 0x10100000L && \ #if OPENSSL_VERSION_NUMBER >= 0x10100000L && \
@ -196,6 +210,7 @@ static int openssl_digest_vector(const EVP_MD *type, size_t num_elem,
#ifndef CONFIG_FIPS #ifndef CONFIG_FIPS
int md4_vector(size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac) int md4_vector(size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac)
{ {
openssl_load_legacy_provider();
return openssl_digest_vector(EVP_md4(), num_elem, addr, len, mac); return openssl_digest_vector(EVP_md4(), num_elem, addr, len, mac);
} }
#endif /* CONFIG_FIPS */ #endif /* CONFIG_FIPS */