tags 579297 patch
severity 579297 important
thanks
On 11/03/2012 12:33 AM, Stefan Lippers-Hollmann wrote:
Control: forcemerge 668612 -1
Hi
On Friday 02 November 2012, Klaus Knopper wrote:
Package: wpasupplicant
Version: 1.0-3
Severity: normal
In an eduroam environment (which is basically WPA-Enterprise), I can
confirm disconnects without the possibility to reconnect when using
wpa_supplicant wit network-manager. Killing and restarting
wpa_supplicant allows a temporary reconnect.
This is
http://w1.fi/bugz/show_bug.cgi?id=447
respectively
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=668612
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=561081
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=574714
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=579297
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=667706
When researching the problem, I found this posting:
https://bugs.launchpad.net/ubuntu/+source/wpasupplicant/+bug/429370/comments/19
It states that the problem may be actually an openssl bug which lets the
rekeying
process fail permamently, and recommended recompiling with gnutls instead of
openssl. I did this:
[…]
The problem with this suggestion and the according patch, is that it
switches from one (known) set of bugs to another (unknown) one. While
linking to gnutls is supported upstream, none of the major
distributions (not even Ubuntu) actually does so, which makes it pretty
much untested in practice. Even if we wanted to switch to gnutls, doing
so simply isn't possible at this stage of Debian's release process and
in freeze*.
*) However technically speaking, we can't switch to gnutls anytime
soon, because gnutls doesn't provide an udeb, which is needed for
using wpa_supplicant by the Debian installer (d-i). While your
package build against gnutls succeeded, you have most likely ended
with an unsatisfiable (in the d-i/ udeb context) dependency on
libgnutls26-udeb for wpasupplicant-udeb_*.udeb (dpkg-gensymbols
employs very crude heuristics to construct the dependencies for
udeb packages without actually having access to a udeb context).
[…]
and have been testing the modified package for about a month now, the
frequent disconnects have completely disappeared.
The right place for a real fix would probably be openssl, but the
problem does not seem to be addressed or sufficiently researched there,
so the workaround by using gnutls instead of openssl gnutls seems to be
the best option for now.
[…]
At this moment it is not obvious to me if wpa_supplicant is broken, or
if some popular commercial wlan installations used for eduroam
institutions are to blame. While, given the ubiquity and prevalence of
this issue in academic environments, it might be possible that
wpa_supplicant may need to work around the problem, however this would
best be fixed at wpa_supplicant's upstream. Unfortunately none of the
current wpa maintainers for Debian has access to an affected wlan setup
in order to try to reproduce the problem, nor has enough information to
recreate an affected EAP/ PAP setup for debugging, which significantly
reduces our abilities to help. Therefore it's probably best to engage
with wpa_supplicant upstream to get this fixed once and for all.
Regards
Stefan Lippers-Hollmann
Hi,
Please see the attached patch fixing the problem while not breaking
other use cases.
The fix turns off listing the SessionTicket TLS extension in every
second hello packet allowing broken servers to accept the connection.
Log:
1 0.000000000 Apple_ee:ee:ee -> Procurve_aa:aa:aa EAP 30 Response, Identity
3 0.060381000 Procurve_aa:aa:aa -> Apple_ee:ee:ee EAP 60 Request,
Protected EAP (EAP-PEAP)
4 0.060918000 Apple_ee:ee:ee -> Procurve_aa:aa:aa SSL 249 Client Hello
5 0.111778000 Procurve_aa:aa:aa -> Apple_ee:ee:ee TLSv1 60 Alert (Level:
Fatal, Description: Bad Certificate)
6 0.112140000 Apple_ee:ee:ee -> Procurve_aa:aa:aa EAP 24 Response,
Protected EAP (EAP-PEAP)
7 0.163244000 Procurve_aa:aa:aa -> Apple_ee:ee:ee EAP 60 Failure
8 0.745350000 Procurve_aa:aa:ab -> Apple_ee:ee:ee EAP 60 Request, Identity
9 0.745615000 Apple_ee:ee:ee -> Procurve_aa:aa:ab EAP 30 Response, Identity
10 0.809622000 Procurve_aa:aa:ab -> Apple_ee:ee:ee EAP 60 Request,
Protected EAP (EAP-PEAP)
11 0.810101000 Apple_ee:ee:ee -> Procurve_aa:aa:ab SSL 245 Client Hello
12 0.901729000 Procurve_aa:aa:ab -> Apple_ee:ee:ee EAP 918 Request,
Protected EAP (EAP-PEAP)
13 0.901942000 Apple_ee:ee:ee -> Procurve_aa:aa:ab EAP 24 Response,
Protected EAP (EAP-PEAP)
As you can see the first hello is longer due to the extension and has
been rejected by the buggy server.
The second connection attempt has not listed the extension and has been
accepted by the buggy server - which happens to run on a different host.
Please forward the patch upstream as well, I did not want to register to
their bugzilla for this single patch.
IMO this fix is needed in Wheezy, but I did not want to push the
priority higher on my own.
Cheers,
Balint
Index: debian/patches/series
===================================================================
--- debian/patches/series (revision 1790)
+++ debian/patches/series (working copy)
@@ -5,5 +5,6 @@
11_wpa_gui_ftbfs_gcc_4_7.patch
12_wpa_gui_knotify_support.patch
13_human_readable_signal.patch
+14_RFC4507_ticket_workaround.patch
libnl3-includes.patch
EAP-TLS-server_fix-TLS-Message-length-validation.patch
Index: debian/patches/14_RFC4507_ticket_workaround.patch
===================================================================
--- debian/patches/14_RFC4507_ticket_workaround.patch (revision 0)
+++ debian/patches/14_RFC4507_ticket_workaround.patch (revision 0)
@@ -0,0 +1,202 @@
+Description: Disable RFC4507 session ticket extension in every second
+ connection attempt
+ See also:
+ http://w1.fi/bugz/show_bug.cgi?id=447
+Author: Balint Reczey <[email protected]>
+Bug-Debian: http://bugs.debian.org/561081
+---
+Index: a/src/crypto/tls_nss.c
+===================================================================
+--- a/src/crypto/tls_nss.c (revision 1790)
++++ a/src/crypto/tls_nss.c (working copy)
+@@ -596,7 +596,8 @@
+
+
+ int tls_connection_enable_workaround(void *tls_ctx,
+- struct tls_connection *conn)
++ struct tls_connection *conn,
++ struct eap_peer_config *config)
+ {
+ return -1;
+ }
+Index: a/src/crypto/tls_internal.c
+===================================================================
+--- a/src/crypto/tls_internal.c (revision 1790)
++++ a/src/crypto/tls_internal.c (working copy)
+@@ -544,7 +544,8 @@
+
+
+ int tls_connection_enable_workaround(void *tls_ctx,
+- struct tls_connection *conn)
++ struct tls_connection *conn,
++ struct eap_peer_config *config)
+ {
+ return -1;
+ }
+Index: a/src/crypto/tls_gnutls.c
+===================================================================
+--- a/src/crypto/tls_gnutls.c (revision 1790)
++++ a/src/crypto/tls_gnutls.c (working copy)
+@@ -1136,7 +1136,8 @@
+
+
+ int tls_connection_enable_workaround(void *ssl_ctx,
+- struct tls_connection *conn)
++ struct tls_connection *conn,
++ struct eap_peer_config *config)
+ {
+ gnutls_record_disable_padding(conn->session);
+ return 0;
+Index: a/src/crypto/tls.h
+===================================================================
+--- a/src/crypto/tls.h (revision 1790)
++++ b/src/crypto/tls.h (working copy)
+@@ -15,6 +15,7 @@
+ #ifndef TLS_H
+ #define TLS_H
+
++struct eap_peer_config;
+ struct tls_connection;
+
+ struct tls_keys {
+@@ -437,13 +438,15 @@
+ * tls_connection_enable_workaround - Enable TLS workaround options
+ * @tls_ctx: TLS context data from tls_init()
+ * @conn: Connection context data from tls_connection_init()
++ * @config: Configuration corresponding to the connection
+ * Returns: 0 on success, -1 on failure
+ *
+ * This function is used to enable connection-specific workaround options for
+ * buffer SSL/TLS implementations.
+ */
+ int __must_check tls_connection_enable_workaround(void *tls_ctx,
+- struct tls_connection *conn);
++ struct tls_connection *conn,
++ struct eap_peer_config *config);
+
+ /**
+ * tls_connection_client_hello_ext - Set TLS extension for ClientHello
+Index: a/src/crypto/tls_none.c
+===================================================================
+--- a/src/crypto/tls_none.c (revision 1790)
++++ a/src/crypto/tls_none.c (working copy)
+@@ -154,7 +154,8 @@
+
+
+ int tls_connection_enable_workaround(void *tls_ctx,
+- struct tls_connection *conn)
++ struct tls_connection *conn,
++ struct eap_peer_config *config)
+ {
+ return -1;
+ }
+Index: a/src/crypto/tls_schannel.c
+===================================================================
+--- a/src/crypto/tls_schannel.c (revision 1790)
++++ a/src/crypto/tls_schannel.c (working copy)
+@@ -649,7 +649,8 @@
+
+
+ int tls_connection_enable_workaround(void *ssl_ctx,
+- struct tls_connection *conn)
++ struct tls_connection *conn,
++ struct eap_peer_config *config)
+ {
+ return 0;
+ }
+Index: a/src/crypto/tls_openssl.c
+===================================================================
+--- b/src/crypto/tls_openssl.c (revision 1790)
++++ b/src/crypto/tls_openssl.c (working copy)
+@@ -36,6 +36,7 @@
+ #include "common.h"
+ #include "crypto.h"
+ #include "tls.h"
++#include "eap_peer/eap_config.h"
+
+ #if OPENSSL_VERSION_NUMBER >= 0x0090800fL
+ #define OPENSSL_d2i_TYPE const unsigned char **
+@@ -2618,10 +2619,17 @@
+
+
+ int tls_connection_enable_workaround(void *ssl_ctx,
+- struct tls_connection *conn)
++ struct tls_connection *conn,
++ struct eap_peer_config *config)
+ {
+- SSL_set_options(conn->ssl, SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS);
++ if (config->flags & EAP_CONFIG_FLAGS_DONT_INSERT_EMPTY_FRAGMENTS) {
++ SSL_set_options(conn->ssl, SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS);
++ }
+
++ if (config->flags | EAP_CONFIG_FLAGS_NO_TICKET_EXT) {
++ SSL_set_options(conn->ssl, SSL_OP_NO_TICKET);
++ }
++
+ return 0;
+ }
+
+Index: a/src/eap_peer/eap_config.h
+===================================================================
+--- a/src/eap_peer/eap_config.h (revision 1790)
++++ a/src/eap_peer/eap_config.h (working copy)
+@@ -625,6 +625,8 @@
+ int fragment_size;
+
+ #define EAP_CONFIG_FLAGS_PASSWORD_NTHASH BIT(0)
++#define EAP_CONFIG_FLAGS_NO_TICKET_EXT BIT(1)
++#define EAP_CONFIG_FLAGS_DONT_INSERT_EMPTY_FRAGMENTS BIT(2)
+ /**
+ * flags - Network configuration flags (bitfield)
+ *
+@@ -632,6 +634,8 @@
+ * for the network parameters.
+ * bit 0 = password is represented as a 16-byte NtPasswordHash value
+ * instead of plaintext password
++ * bit 1 = don't use RFC4507 ticket extension
++ * bit 2 = disable workaround for CBC which uses empty fragments
+ */
+ u32 flags;
+ };
+Index: a/src/eap_peer/eap_peap.c
+===================================================================
+--- a/src/eap_peer/eap_peap.c (revision 1790)
++++ b/src/eap_peer/eap_peap.c (working copy)
+@@ -171,6 +171,23 @@
+ return NULL;
+ }
+
++ /*
++ * http://w1.fi/bugz/show_bug.cgi?id=447
++ * Every second init attempt is performed with RFC4507 session ticket
++ * extension tuned off to work around buggy servers, but to not break
++ * connection to correct ones
++ * TODO make this configurable?
++ */
++ if (config->flags & EAP_CONFIG_FLAGS_NO_TICKET_EXT) {
++ if (tls_connection_enable_workaround(sm->ssl_ctx, data->ssl.conn, config)) {
++ wpa_printf(MSG_DEBUG, "EAP-PEAP: Failed to enable TLS "
++ "workarounds");
++ }
++ config->flags &= ~EAP_CONFIG_FLAGS_NO_TICKET_EXT;
++ } else {
++ config->flags |= EAP_CONFIG_FLAGS_NO_TICKET_EXT;
++ }
++
+ return data;
+ }
+
+Index: a/src/eap_peer/eap_fast.c
+===================================================================
+--- a/src/eap_peer/eap_fast.c (revision 1790)
++++ a/src/eap_peer/eap_fast.c (working copy)
+@@ -195,7 +195,8 @@
+ * fragments before data, so disable that workaround for CBC.
+ * TODO: consider making this configurable
+ */
+- if (tls_connection_enable_workaround(sm->ssl_ctx, data->ssl.conn)) {
++ config->flags |= EAP_CONFIG_FLAGS_DONT_INSERT_EMPTY_FRAGMENTS;
++ if (tls_connection_enable_workaround(sm->ssl_ctx, data->ssl.conn, config)) {
+ wpa_printf(MSG_DEBUG, "EAP-FAST: Failed to enable TLS "
+ "workarounds");
+ }