fix: use EVP_DigestFinal_ex in rsa_signctx for OpenSSL 3.x compatibility#299
fix: use EVP_DigestFinal_ex in rsa_signctx for OpenSSL 3.x compatibility#299mariosergiosl wants to merge 1 commit into
Conversation
In OpenSSL 3.x, EVP_MD_CTX_set_update_fn() is deprecated and silently ignored, so digest_update() is never called and digest_finish() returns SHA-256 of empty string. Replace digest_finish() with EVP_DigestFinal_ex() for unrestricted keys to pass the correct hash to Esys_Sign(). Fixes EAP-TLS authentication failure with wpa_supplicant and NetworkManager. Verified on openSUSE Leap 15.6 (OpenSSL 3.1.4) and SLES 16 (OpenSSL 3.5.0). Signed-off-by: mariosergiosl <mario.mssl@gmail.com>
ede1165 to
3544172
Compare
|
Where in the documentation does OpenSSL say that the function is silently ignored? Deprecation is one thing, removing functionality is another thing. |
|
Good point — and fair to ask for documentation. You're right that deprecated doesn't mean removed, and the function call "These functions do not fit with the provider model where the update We confirmed this empirically. With debug logging enabled, digest_update() ENGINE: engine initialized As a result, Esys_SequenceComplete receives no data and returns SHA-256 of e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Signature verification then fails with: This was reproduced on OpenSSL 3.1.4 and 3.5.0. OpenSSL 1.x is not Also worth noting: Perry Werneck (PerryWerneck/tpmtest https://github.com/PerryWerneck/tpmtest), who originally Full debug logs and lab documentation are available at Happy to provide the full debug log or any additional detail if helpful. |
In OpenSSL 3.x, EVP_MD_CTX_set_update_fn() is deprecated and silently ignored, so digest_update() is never called and digest_finish() returns SHA-256 of empty string. Replace digest_finish() with EVP_DigestFinal_ex() for unrestricted keys to pass the correct hash to Esys_Sign().
Fixes EAP-TLS authentication failure with wpa_supplicant and NetworkManager. Verified on openSUSE Leap 15.6 (OpenSSL 3.1.4) and SLES 16 (OpenSSL 3.5.0).
PR_DESCRIPTION.md