Upgraded net/wpa-supplicant to version 2.10

2022-12-06 14:47:23 +05:30 · 2022-12-06 14:47:23 +05:30 · 33a6695eca
commit 33a6695eca
parent 32e603bcfe
4 changed files with 215 additions and 79 deletions
--- a/net/wpa-supplicant/CVE-2019-16275.patch
+++ b/net/wpa-supplicant/CVE-2019-16275.patch
@ -1,73 +0,0 @@
-From 8c07fa9eda13e835f3f968b2e1c9a8be3a851ff9 Mon Sep 17 00:00:00 2001
-From: Jouni Malinen <j@w1.fi>
-Date: Thu, 29 Aug 2019 11:52:04 +0300
-Subject: [PATCH] AP: Silently ignore management frame from unexpected source
- address
-
-Do not process any received Management frames with unexpected/invalid SA
-so that we do not add any state for unexpected STA addresses or end up
-sending out frames to unexpected destination. This prevents unexpected
-sequences where an unprotected frame might end up causing the AP to send
-out a response to another device and that other device processing the
-unexpected response.
-
-In particular, this prevents some potential denial of service cases
-where the unexpected response frame from the AP might result in a
-connected station dropping its association.
-
-Signed-off-by: Jouni Malinen <j@w1.fi>
---
- src/ap/drv_callbacks.c | 13 +++++++++++++
- src/ap/ieee802_11.c    | 12 ++++++++++++
- 2 files changed, 25 insertions(+)
-
-diff --git a/src/ap/drv_callbacks.c b/src/ap/drv_callbacks.c
-index 31587685fe3b..34ca379edc3d 100644
--- a/src/ap/drv_callbacks.c
-+++ b/src/ap/drv_callbacks.c
-@@ -131,6 +131,19 @@ int hostapd_notif_assoc(struct hostapd_data *hapd, const u8 *addr,
- 			   "hostapd_notif_assoc: Skip event with no address");
- 		return -1;
- 	}
-+
-+	if (is_multicast_ether_addr(addr) ||
-+	    is_zero_ether_addr(addr) ||
-+	    os_memcmp(addr, hapd->own_addr, ETH_ALEN) == 0) {
-+		/* Do not process any frames with unexpected/invalid SA so that
-+		 * we do not add any state for unexpected STA addresses or end
-+		 * up sending out frames to unexpected destination. */
-+		wpa_printf(MSG_DEBUG, "%s: Invalid SA=" MACSTR
-+			   " in received indication - ignore this indication silently",
-+			   __func__, MAC2STR(addr));
-+		return 0;
-+	}
-+
- 	random_add_randomness(addr, ETH_ALEN);
- 
- 	hostapd_logger(hapd, addr, HOSTAPD_MODULE_IEEE80211,
-diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c
-index c85a28db44b7..e7065372e158 100644
--- a/src/ap/ieee802_11.c
-+++ b/src/ap/ieee802_11.c
-@@ -4626,6 +4626,18 @@ int ieee802_11_mgmt(struct hostapd_data *hapd, const u8 *buf, size_t len,
- 	fc = le_to_host16(mgmt->frame_control);
- 	stype = WLAN_FC_GET_STYPE(fc);
- 
-+	if (is_multicast_ether_addr(mgmt->sa) ||
-+	    is_zero_ether_addr(mgmt->sa) ||
-+	    os_memcmp(mgmt->sa, hapd->own_addr, ETH_ALEN) == 0) {
-+		/* Do not process any frames with unexpected/invalid SA so that
-+		 * we do not add any state for unexpected STA addresses or end
-+		 * up sending out frames to unexpected destination. */
-+		wpa_printf(MSG_DEBUG, "MGMT: Invalid SA=" MACSTR
-+			   " in received frame - ignore this frame silently",
-+			   MAC2STR(mgmt->sa));
-+		return 0;
-+	}
-+
- 	if (stype == WLAN_FC_STYPE_BEACON) {
- 		handle_beacon(hapd, mgmt, len, fi);
- 		return 1;
-- 
-2.20.1
-
--- a/net/wpa-supplicant/unsafe-renegotiation-1.patch
+++ b/net/wpa-supplicant/unsafe-renegotiation-1.patch
@ -0,0 +1,103 @@
+Patch-Source: https://w1.fi/cgit/hostap/commit/?id=566ce69a8d0e64093309cbde80235aa522fbf84e
+From 566ce69a8d0e64093309cbde80235aa522fbf84e Mon Sep 17 00:00:00 2001
+From: Jouni Malinen <quic_jouni@quicinc.com>
+Date: Thu, 5 May 2022 00:07:44 +0300
+Subject: EAP peer: Workaround for servers that do not support safe TLS
+ renegotiation
+
+The TLS protocol design for renegotiation was identified to have a
+significant security flaw in 2009 and an extension to secure this design
+was published in 2010 (RFC 5746). However, some old RADIUS
+authentication servers without support for this are still used commonly.
+
+This is obviously not good from the security view point, but since there
+are cases where the user of a network service has no realistic means for
+getting the authentication server upgraded, TLS handshake may still need
+to be allowed to be able to use the network.
+
+OpenSSL 3.0 disabled the client side workaround by default and this
+resulted in issues connection to some networks with insecure
+authentication servers. With OpenSSL 3.0, the client is now enforcing
+security by refusing to authenticate with such servers. The pre-3.0
+behavior of ignoring this issue and leaving security to the server can
+now be enabled with a new phase1 parameter allow_unsafe_renegotiation=1.
+This should be used only when having to connect to a network that has an
+insecure authentication server that cannot be upgraded.
+
+The old (pre-2010) TLS renegotiation mechanism might open security
+vulnerabilities if the authentication server were to allow TLS
+renegotiation to be initiated. While this is unlikely to cause real
+issues with EAP-TLS, there might be cases where use of PEAP or TTLS with
+an authentication server that does not support RFC 5746 might result in
+a security vulnerability.
+
+Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
+---
+ src/crypto/tls.h                   | 1 +
+ src/crypto/tls_openssl.c           | 5 +++++
+ src/eap_peer/eap_tls_common.c      | 4 ++++
+ wpa_supplicant/wpa_supplicant.conf | 5 +++++
+ 4 files changed, 15 insertions(+)
+
+diff --git a/src/crypto/tls.h b/src/crypto/tls.h
+index ccaac94c9..7ea32ee4a 100644
+--- a/src/crypto/tls.h
+++ b/src/crypto/tls.h
+@@ -112,6 +112,7 @@ struct tls_config {
+ #define TLS_CONN_ENABLE_TLSv1_1 BIT(15)
+ #define TLS_CONN_ENABLE_TLSv1_2 BIT(16)
+ #define TLS_CONN_TEAP_ANON_DH BIT(17)
+#define TLS_CONN_ALLOW_UNSAFE_RENEGOTIATION BIT(18)
+ 
+ /**
+  * struct tls_connection_params - Parameters for TLS connection
+diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
+index 388c6b0f4..0d23f44ad 100644
+--- a/src/crypto/tls_openssl.c
+++ b/src/crypto/tls_openssl.c
+@@ -3081,6 +3081,11 @@ static int tls_set_conn_flags(struct tls_connection *conn, unsigned int flags,
+ 		SSL_clear_options(ssl, SSL_OP_NO_TICKET);
+ #endif /* SSL_OP_NO_TICKET */
+ 
+#ifdef SSL_OP_LEGACY_SERVER_CONNECT
+	if (flags & TLS_CONN_ALLOW_UNSAFE_RENEGOTIATION)
+		SSL_set_options(ssl, SSL_OP_LEGACY_SERVER_CONNECT);
+#endif /* SSL_OP_LEGACY_SERVER_CONNECT */
+
+ #ifdef SSL_OP_NO_TLSv1
+ 	if (flags & TLS_CONN_DISABLE_TLSv1_0)
+ 		SSL_set_options(ssl, SSL_OP_NO_TLSv1);
+diff --git a/src/eap_peer/eap_tls_common.c b/src/eap_peer/eap_tls_common.c
+index 06c9b211e..6193b4bdb 100644
+--- a/src/eap_peer/eap_tls_common.c
+++ b/src/eap_peer/eap_tls_common.c
+@@ -102,6 +102,10 @@ static void eap_tls_params_flags(struct tls_connection_params *params,
+ 		params->flags |= TLS_CONN_SUITEB_NO_ECDH;
+ 	if (os_strstr(txt, "tls_suiteb_no_ecdh=0"))
+ 		params->flags &= ~TLS_CONN_SUITEB_NO_ECDH;
+	if (os_strstr(txt, "allow_unsafe_renegotiation=1"))
+		params->flags |= TLS_CONN_ALLOW_UNSAFE_RENEGOTIATION;
+	if (os_strstr(txt, "allow_unsafe_renegotiation=0"))
+		params->flags &= ~TLS_CONN_ALLOW_UNSAFE_RENEGOTIATION;
+ }
+ 
+ 
+diff --git a/wpa_supplicant/wpa_supplicant.conf b/wpa_supplicant/wpa_supplicant.conf
+index a1dc769c9..b5304a77e 100644
+--- a/wpa_supplicant/wpa_supplicant.conf
+++ b/wpa_supplicant/wpa_supplicant.conf
+@@ -1370,6 +1370,11 @@ fast_reauth=1
+ # tls_suiteb=0 - do not apply Suite B 192-bit constraints on TLS (default)
+ # tls_suiteb=1 - apply Suite B 192-bit constraints on TLS; this is used in
+ #	particular when using Suite B with RSA keys of >= 3K (3072) bits
+# allow_unsafe_renegotiation=1 - allow connection with a TLS server that does
+#	not support safe renegotiation (RFC 5746); please note that this
+#	workaround should be only when having to authenticate with an old
+#	authentication server that cannot be updated to use secure TLS
+#	implementation.
+ #
+ # Following certificate/private key fields are used in inner Phase2
+ # authentication when using EAP-TTLS or EAP-PEAP.
+-- 
+cgit v1.2.3-18-g5258
+
--- a/net/wpa-supplicant/unsafe-renegotiation-2.patch
+++ b/net/wpa-supplicant/unsafe-renegotiation-2.patch
@ -0,0 +1,105 @@
+Patch-Source: https://w1.fi/cgit/hostap/commit/?id=a561d12d24c2c8bb0f825d4a3a55a5e47e845853
+From a561d12d24c2c8bb0f825d4a3a55a5e47e845853 Mon Sep 17 00:00:00 2001
+From: Jouni Malinen <quic_jouni@quicinc.com>
+Date: Wed, 4 May 2022 23:55:38 +0300
+Subject: EAP peer status notification for server not supporting RFC 5746
+
+Add a notification message to indicate reason for TLS handshake failure
+due to the server not supporting safe renegotiation (RFC 5746).
+
+Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
+---
+ src/ap/authsrv.c         |  3 +++
+ src/crypto/tls.h         |  3 ++-
+ src/crypto/tls_openssl.c | 15 +++++++++++++--
+ src/eap_peer/eap.c       |  5 +++++
+ 4 files changed, 23 insertions(+), 3 deletions(-)
+
+diff --git a/src/ap/authsrv.c b/src/ap/authsrv.c
+index 516c1da74..fd9c96fad 100644
+--- a/src/ap/authsrv.c
+++ b/src/ap/authsrv.c
+@@ -169,6 +169,9 @@ static void authsrv_tls_event(void *ctx, enum tls_event ev,
+ 			wpa_printf(MSG_DEBUG, "authsrv: remote TLS alert: %s",
+ 				   data->alert.description);
+ 		break;
+	case TLS_UNSAFE_RENEGOTIATION_DISABLED:
+		/* Not applicable to TLS server */
+		break;
+ 	}
+ }
+ #endif /* EAP_TLS_FUNCS */
+diff --git a/src/crypto/tls.h b/src/crypto/tls.h
+index 7ea32ee4a..7a2ee32df 100644
+--- a/src/crypto/tls.h
+++ b/src/crypto/tls.h
+@@ -22,7 +22,8 @@ enum tls_event {
+ 	TLS_CERT_CHAIN_SUCCESS,
+ 	TLS_CERT_CHAIN_FAILURE,
+ 	TLS_PEER_CERTIFICATE,
+-	TLS_ALERT
+	TLS_ALERT,
+	TLS_UNSAFE_RENEGOTIATION_DISABLED,
+ };
+ 
+ /*
+diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
+index 0d23f44ad..912471ba2 100644
+--- a/src/crypto/tls_openssl.c
+++ b/src/crypto/tls_openssl.c
+@@ -4443,6 +4443,7 @@ int tls_connection_get_eap_fast_key(void *tls_ctx, struct tls_connection *conn,
+ static struct wpabuf *
+ openssl_handshake(struct tls_connection *conn, const struct wpabuf *in_data)
+ {
+	struct tls_context *context = conn->context;
+ 	int res;
+ 	struct wpabuf *out_data;
+ 
+@@ -4472,7 +4473,19 @@ openssl_handshake(struct tls_connection *conn, const struct wpabuf *in_data)
+ 			wpa_printf(MSG_DEBUG, "SSL: SSL_connect - want to "
+ 				   "write");
+ 		else {
+			unsigned long error = ERR_peek_last_error();
+
+ 			tls_show_errors(MSG_INFO, __func__, "SSL_connect");
+
+			if (context->event_cb &&
+			    ERR_GET_LIB(error) == ERR_LIB_SSL &&
+			    ERR_GET_REASON(error) ==
+			    SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED) {
+				context->event_cb(
+					context->cb_ctx,
+					TLS_UNSAFE_RENEGOTIATION_DISABLED,
+					NULL);
+			}
+ 			conn->failed++;
+ 			if (!conn->server && !conn->client_hello_generated) {
+ 				/* The server would not understand TLS Alert
+@@ -4495,8 +4508,6 @@ openssl_handshake(struct tls_connection *conn, const struct wpabuf *in_data)
+ 	if ((conn->flags & TLS_CONN_SUITEB) && !conn->server &&
+ 	    os_strncmp(SSL_get_cipher(conn->ssl), "DHE-", 4) == 0 &&
+ 	    conn->server_dh_prime_len < 3072) {
+-		struct tls_context *context = conn->context;
+-
+ 		/*
+ 		 * This should not be reached since earlier cert_cb should have
+ 		 * terminated the handshake. Keep this check here for extra
+diff --git a/src/eap_peer/eap.c b/src/eap_peer/eap.c
+index 429b20d3a..729388f4f 100644
+--- a/src/eap_peer/eap.c
+++ b/src/eap_peer/eap.c
+@@ -2172,6 +2172,11 @@ static void eap_peer_sm_tls_event(void *ctx, enum tls_event ev,
+ 			eap_notify_status(sm, "remote TLS alert",
+ 					  data->alert.description);
+ 		break;
+	case TLS_UNSAFE_RENEGOTIATION_DISABLED:
+		wpa_printf(MSG_INFO,
+			   "TLS handshake failed due to the server not supporting safe renegotiation (RFC 5746); phase1 parameter allow_unsafe_renegotiation=1 can be used to work around this");
+		eap_notify_status(sm, "unsafe server renegotiation", "failure");
+		break;
+ 	}
+ 
+ 	os_free(hash_hex);
+-- 
+cgit v1.2.3-18-g5258
+
--- a/net/wpa-supplicant/wpa-supplicant.SMBuild
+++ b/net/wpa-supplicant/wpa-supplicant.SMBuild
@ -1,6 +1,6 @@
 app=wpa-supplicant
 sapp="$( echo $app | sed 's@-@_@')"
-version=2.9
+version=2.10
 build=1sml
 homepage="https://w1.fi/"
 download="https://w1.fi/releases/wpa_supplicant-$version.tar.gz"
@ -15,9 +15,9 @@ build() {
  cd $sapp-$version
  fixbuilddirpermissions

-  applypatch $srcdir/dbus.patch
  applypatch $srcdir/eloop.patch
-  applypatch $srcdir/CVE-2019-16275.patch
+  applypatch $srcdir/unsafe-renegotiation-1.patch
+  applypatch $srcdir/unsafe-renegotiation-1.patch

  cd wpa_supplicant ; cp $srcdir/config .config

@ -42,8 +42,9 @@ build() {
 }

 sha512sums="
-37a33f22cab9d27084fbef29856eaea0f692ff339c5b38bd32402dccf293cb849afd4a870cd3b5ca78179f0102f4011ce2f3444a53dc41dc75a5863b0a2226c8  wpa_supplicant-2.9.tar.gz
-63710cfb0992f2c346a9807d8c97cbeaed032fa376a0e93a2e56f7742ce515e9c4dfadbdb1af03ba272281f639aab832f0178f67634c222a5d99e1d462aa9e38  CVE-2019-16275.patch
+021c2a48f45d39c1dc6557730be5debaee071bc0ff82a271638beee6e32314e353e49d39e2f0dc8dff6e094dcc7008cfe1c32d0c7a34a1a345a12a3f1c1e11a1  wpa_supplicant-2.10.tar.gz
 dac56bc505a51167042ebe548f0e81a20a5578f753af9bb7ec3335a542d799c6e8739681ef7c8f7747a9bc954f8aa6f1a147250eacba17fd7fff80c4e53638ed  dbus.patch
 2be055dd1f7da5a3d8e79c2f2c0220ddd31df309452da18f290144d2112d6dbde0fc633bb2ad02c386a39d7785323acaf5f70e5969995a1e8303a094eb5fe232  eloop.patch
-"
+9528735924faf876a7094de46760605e5e66e265187421a668be06dbf03d7b4db6b84cbad793fcd6bd614e3ba540f82f1f80660d75e8a6070eeb7e9abb54ed28  unsafe-renegotiation-1.patch
+a92ba3ed3f41022a8af9396d2b703ee47f78aa05c1fddb42919a7fe6a6fad71e3515c63457e97e252ae0a32c6c34d67ea6efe0278df1e141cf36e650237e5295  unsafe-renegotiation-2.patch
+"