Upgraded net/wpa-supplicant to version 2.10

2022-12-06 14:47:23 +05:30 · 2022-12-06 14:47:23 +05:30 · 33a6695eca
commit 33a6695eca
parent 32e603bcfe
4 changed files with 215 additions and 79 deletions
--- a/net/wpa-supplicant/CVE-2019-16275.patch
+++ b/net/wpa-supplicant/CVE-2019-16275.patch
@ -1,73 +0,0 @@
 From 8c07fa9eda13e835f3f968b2e1c9a8be3a851ff9 Mon Sep 17 00:00:00 2001
 From: Jouni Malinen <j@w1.fi>
 Date: Thu, 29 Aug 2019 11:52:04 +0300
 Subject: [PATCH] AP: Silently ignore management frame from unexpected source
 address
 Do not process any received Management frames with unexpected/invalid SA
 so that we do not add any state for unexpected STA addresses or end up
 sending out frames to unexpected destination. This prevents unexpected
 sequences where an unprotected frame might end up causing the AP to send
 out a response to another device and that other device processing the
 unexpected response.
 In particular, this prevents some potential denial of service cases
 where the unexpected response frame from the AP might result in a
 connected station dropping its association.
 Signed-off-by: Jouni Malinen <j@w1.fi>
 ---
 src/ap/drv_callbacks.c | 13 +++++++++++++
 src/ap/ieee802_11.c    | 12 ++++++++++++
 2 files changed, 25 insertions(+)
 diff --git a/src/ap/drv_callbacks.c b/src/ap/drv_callbacks.c
 index 31587685fe3b..34ca379edc3d 100644
 --- a/src/ap/drv_callbacks.c
 +++ b/src/ap/drv_callbacks.c
@@ -131,6 +131,19 @@ int hostapd_notif_assoc(struct hostapd_data *hapd, const u8 *addr,
 			   "hostapd_notif_assoc: Skip event with no address");
 		return -1;
 	}
 +
 +	if (is_multicast_ether_addr(addr) ||
 +	    is_zero_ether_addr(addr) ||
 +	    os_memcmp(addr, hapd->own_addr, ETH_ALEN) == 0) {
 +		/* Do not process any frames with unexpected/invalid SA so that
 +		 * we do not add any state for unexpected STA addresses or end
 +		 * up sending out frames to unexpected destination. */
 +		wpa_printf(MSG_DEBUG, "%s: Invalid SA=" MACSTR
 +			   " in received indication - ignore this indication silently",
 +			   __func__, MAC2STR(addr));
 +		return 0;
 +	}
 +
 	random_add_randomness(addr, ETH_ALEN);
 	hostapd_logger(hapd, addr, HOSTAPD_MODULE_IEEE80211,
 diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c
 index c85a28db44b7..e7065372e158 100644
 --- a/src/ap/ieee802_11.c
 +++ b/src/ap/ieee802_11.c
@@ -4626,6 +4626,18 @@ int ieee802_11_mgmt(struct hostapd_data *hapd, const u8 *buf, size_t len,
 	fc = le_to_host16(mgmt->frame_control);
 	stype = WLAN_FC_GET_STYPE(fc);
 +	if (is_multicast_ether_addr(mgmt->sa) ||
 +	    is_zero_ether_addr(mgmt->sa) ||
 +	    os_memcmp(mgmt->sa, hapd->own_addr, ETH_ALEN) == 0) {
 +		/* Do not process any frames with unexpected/invalid SA so that
 +		 * we do not add any state for unexpected STA addresses or end
 +		 * up sending out frames to unexpected destination. */
 +		wpa_printf(MSG_DEBUG, "MGMT: Invalid SA=" MACSTR
 +			   " in received frame - ignore this frame silently",
 +			   MAC2STR(mgmt->sa));
 +		return 0;
 +	}
 +
 	if (stype == WLAN_FC_STYPE_BEACON) {
 		handle_beacon(hapd, mgmt, len, fi);
 		return 1;
 -- 
 2.20.1
--- a/net/wpa-supplicant/unsafe-renegotiation-1.patch
+++ b/net/wpa-supplicant/unsafe-renegotiation-1.patch
@ -0,0 +1,103 @@
 Patch-Source: https://w1.fi/cgit/hostap/commit/?id=566ce69a8d0e64093309cbde80235aa522fbf84e
 From 566ce69a8d0e64093309cbde80235aa522fbf84e Mon Sep 17 00:00:00 2001
 From: Jouni Malinen <quic_jouni@quicinc.com>
 Date: Thu, 5 May 2022 00:07:44 +0300
 Subject: EAP peer: Workaround for servers that do not support safe TLS
 renegotiation
 The TLS protocol design for renegotiation was identified to have a
 significant security flaw in 2009 and an extension to secure this design
 was published in 2010 (RFC 5746). However, some old RADIUS
 authentication servers without support for this are still used commonly.
 This is obviously not good from the security view point, but since there
 are cases where the user of a network service has no realistic means for
 getting the authentication server upgraded, TLS handshake may still need
 to be allowed to be able to use the network.
 OpenSSL 3.0 disabled the client side workaround by default and this
 resulted in issues connection to some networks with insecure
 authentication servers. With OpenSSL 3.0, the client is now enforcing
 security by refusing to authenticate with such servers. The pre-3.0
 behavior of ignoring this issue and leaving security to the server can
 now be enabled with a new phase1 parameter allow_unsafe_renegotiation=1.
 This should be used only when having to connect to a network that has an
 insecure authentication server that cannot be upgraded.
 The old (pre-2010) TLS renegotiation mechanism might open security
 vulnerabilities if the authentication server were to allow TLS
 renegotiation to be initiated. While this is unlikely to cause real
 issues with EAP-TLS, there might be cases where use of PEAP or TTLS with
 an authentication server that does not support RFC 5746 might result in
 a security vulnerability.
 Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
 ---
 src/crypto/tls.h                   | 1 +
 src/crypto/tls_openssl.c           | 5 +++++
 src/eap_peer/eap_tls_common.c      | 4 ++++
 wpa_supplicant/wpa_supplicant.conf | 5 +++++
 4 files changed, 15 insertions(+)
 diff --git a/src/crypto/tls.h b/src/crypto/tls.h
 index ccaac94c9..7ea32ee4a 100644
 --- a/src/crypto/tls.h
 +++ b/src/crypto/tls.h
@@ -112,6 +112,7 @@ struct tls_config {
 #define TLS_CONN_ENABLE_TLSv1_1 BIT(15)
 #define TLS_CONN_ENABLE_TLSv1_2 BIT(16)
 #define TLS_CONN_TEAP_ANON_DH BIT(17)
 +#define TLS_CONN_ALLOW_UNSAFE_RENEGOTIATION BIT(18)
 /**
  * struct tls_connection_params - Parameters for TLS connection
 diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
 index 388c6b0f4..0d23f44ad 100644
 --- a/src/crypto/tls_openssl.c
 +++ b/src/crypto/tls_openssl.c
@@ -3081,6 +3081,11 @@ static int tls_set_conn_flags(struct tls_connection *conn, unsigned int flags,
 		SSL_clear_options(ssl, SSL_OP_NO_TICKET);
 #endif /* SSL_OP_NO_TICKET */
 +#ifdef SSL_OP_LEGACY_SERVER_CONNECT
 +	if (flags & TLS_CONN_ALLOW_UNSAFE_RENEGOTIATION)
 +		SSL_set_options(ssl, SSL_OP_LEGACY_SERVER_CONNECT);
 +#endif /* SSL_OP_LEGACY_SERVER_CONNECT */
 +
 #ifdef SSL_OP_NO_TLSv1
 	if (flags & TLS_CONN_DISABLE_TLSv1_0)
 		SSL_set_options(ssl, SSL_OP_NO_TLSv1);
 diff --git a/src/eap_peer/eap_tls_common.c b/src/eap_peer/eap_tls_common.c
 index 06c9b211e..6193b4bdb 100644
 --- a/src/eap_peer/eap_tls_common.c
 +++ b/src/eap_peer/eap_tls_common.c
@@ -102,6 +102,10 @@ static void eap_tls_params_flags(struct tls_connection_params *params,
 		params->flags |= TLS_CONN_SUITEB_NO_ECDH;
 	if (os_strstr(txt, "tls_suiteb_no_ecdh=0"))
 		params->flags &= ~TLS_CONN_SUITEB_NO_ECDH;
 +	if (os_strstr(txt, "allow_unsafe_renegotiation=1"))
 +		params->flags |= TLS_CONN_ALLOW_UNSAFE_RENEGOTIATION;
 +	if (os_strstr(txt, "allow_unsafe_renegotiation=0"))
 +		params->flags &= ~TLS_CONN_ALLOW_UNSAFE_RENEGOTIATION;
 }
 diff --git a/wpa_supplicant/wpa_supplicant.conf b/wpa_supplicant/wpa_supplicant.conf
 index a1dc769c9..b5304a77e 100644
 --- a/wpa_supplicant/wpa_supplicant.conf
 +++ b/wpa_supplicant/wpa_supplicant.conf
@@ -1370,6 +1370,11 @@ fast_reauth=1
 # tls_suiteb=0 - do not apply Suite B 192-bit constraints on TLS (default)
 # tls_suiteb=1 - apply Suite B 192-bit constraints on TLS; this is used in
 #	particular when using Suite B with RSA keys of >= 3K (3072) bits
 +# allow_unsafe_renegotiation=1 - allow connection with a TLS server that does
 +#	not support safe renegotiation (RFC 5746); please note that this
 +#	workaround should be only when having to authenticate with an old
 +#	authentication server that cannot be updated to use secure TLS
 +#	implementation.
 #
 # Following certificate/private key fields are used in inner Phase2
 # authentication when using EAP-TTLS or EAP-PEAP.
 -- 
 cgit v1.2.3-18-g5258
--- a/net/wpa-supplicant/unsafe-renegotiation-2.patch
+++ b/net/wpa-supplicant/unsafe-renegotiation-2.patch
@ -0,0 +1,105 @@
 Patch-Source: https://w1.fi/cgit/hostap/commit/?id=a561d12d24c2c8bb0f825d4a3a55a5e47e845853
 From a561d12d24c2c8bb0f825d4a3a55a5e47e845853 Mon Sep 17 00:00:00 2001
 From: Jouni Malinen <quic_jouni@quicinc.com>
 Date: Wed, 4 May 2022 23:55:38 +0300
 Subject: EAP peer status notification for server not supporting RFC 5746
 Add a notification message to indicate reason for TLS handshake failure
 due to the server not supporting safe renegotiation (RFC 5746).
 Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
 ---
 src/ap/authsrv.c         |  3 +++
 src/crypto/tls.h         |  3 ++-
 src/crypto/tls_openssl.c | 15 +++++++++++++--
 src/eap_peer/eap.c       |  5 +++++
 4 files changed, 23 insertions(+), 3 deletions(-)
 diff --git a/src/ap/authsrv.c b/src/ap/authsrv.c
 index 516c1da74..fd9c96fad 100644
 --- a/src/ap/authsrv.c
 +++ b/src/ap/authsrv.c
@@ -169,6 +169,9 @@ static void authsrv_tls_event(void *ctx, enum tls_event ev,
 			wpa_printf(MSG_DEBUG, "authsrv: remote TLS alert: %s",
 				   data->alert.description);
 		break;
 +	case TLS_UNSAFE_RENEGOTIATION_DISABLED:
 +		/* Not applicable to TLS server */
 +		break;
 	}
 }
 #endif /* EAP_TLS_FUNCS */
 diff --git a/src/crypto/tls.h b/src/crypto/tls.h
 index 7ea32ee4a..7a2ee32df 100644
 --- a/src/crypto/tls.h
 +++ b/src/crypto/tls.h
@@ -22,7 +22,8 @@ enum tls_event {
 	TLS_CERT_CHAIN_SUCCESS,
 	TLS_CERT_CHAIN_FAILURE,
 	TLS_PEER_CERTIFICATE,
 -	TLS_ALERT
 +	TLS_ALERT,
 +	TLS_UNSAFE_RENEGOTIATION_DISABLED,
 };
 /*
 diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
 index 0d23f44ad..912471ba2 100644
 --- a/src/crypto/tls_openssl.c
 +++ b/src/crypto/tls_openssl.c
@@ -4443,6 +4443,7 @@ int tls_connection_get_eap_fast_key(void *tls_ctx, struct tls_connection *conn,
 static struct wpabuf *
 openssl_handshake(struct tls_connection *conn, const struct wpabuf *in_data)
 {
 +	struct tls_context *context = conn->context;
 	int res;
 	struct wpabuf *out_data;
@@ -4472,7 +4473,19 @@ openssl_handshake(struct tls_connection *conn, const struct wpabuf *in_data)
 			wpa_printf(MSG_DEBUG, "SSL: SSL_connect - want to "
 				   "write");
 		else {
 +			unsigned long error = ERR_peek_last_error();
 +
 			tls_show_errors(MSG_INFO, __func__, "SSL_connect");
 +
 +			if (context->event_cb &&
 +			    ERR_GET_LIB(error) == ERR_LIB_SSL &&
 +			    ERR_GET_REASON(error) ==
 +			    SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED) {
 +				context->event_cb(
 +					context->cb_ctx,
 +					TLS_UNSAFE_RENEGOTIATION_DISABLED,
 +					NULL);
 +			}
 			conn->failed++;
 			if (!conn->server && !conn->client_hello_generated) {
 				/* The server would not understand TLS Alert
@@ -4495,8 +4508,6 @@ openssl_handshake(struct tls_connection *conn, const struct wpabuf *in_data)
 	if ((conn->flags & TLS_CONN_SUITEB) && !conn->server &&
 	    os_strncmp(SSL_get_cipher(conn->ssl), "DHE-", 4) == 0 &&
 	    conn->server_dh_prime_len < 3072) {
 -		struct tls_context *context = conn->context;
 -
 		/*
 		 * This should not be reached since earlier cert_cb should have
 		 * terminated the handshake. Keep this check here for extra
 diff --git a/src/eap_peer/eap.c b/src/eap_peer/eap.c
 index 429b20d3a..729388f4f 100644
 --- a/src/eap_peer/eap.c
 +++ b/src/eap_peer/eap.c
@@ -2172,6 +2172,11 @@ static void eap_peer_sm_tls_event(void *ctx, enum tls_event ev,
 			eap_notify_status(sm, "remote TLS alert",
 					  data->alert.description);
 		break;
 +	case TLS_UNSAFE_RENEGOTIATION_DISABLED:
 +		wpa_printf(MSG_INFO,
 +			   "TLS handshake failed due to the server not supporting safe renegotiation (RFC 5746); phase1 parameter allow_unsafe_renegotiation=1 can be used to work around this");
 +		eap_notify_status(sm, "unsafe server renegotiation", "failure");
 +		break;
 	}
 	os_free(hash_hex);
 -- 
 cgit v1.2.3-18-g5258
--- a/net/wpa-supplicant/wpa-supplicant.SMBuild
+++ b/net/wpa-supplicant/wpa-supplicant.SMBuild
@ -1,6 +1,6 @@
 app=wpa-supplicant
 sapp="$( echo $app | sed 's@-@_@')"
-version=2.9
+version=2.10
 build=1sml
 homepage="https://w1.fi/"
 download="https://w1.fi/releases/wpa_supplicant-$version.tar.gz"
@ -15,9 +15,9 @@ build() {
  cd $sapp-$version
  fixbuilddirpermissions
  applypatch $srcdir/dbus.patch
  applypatch $srcdir/eloop.patch
-  applypatch $srcdir/CVE-2019-16275.patch
+  applypatch $srcdir/unsafe-renegotiation-1.patch
  applypatch $srcdir/unsafe-renegotiation-1.patch
  cd wpa_supplicant ; cp $srcdir/config .config
@ -42,8 +42,9 @@ build() {
 }
 sha512sums="
-37a33f22cab9d27084fbef29856eaea0f692ff339c5b38bd32402dccf293cb849afd4a870cd3b5ca78179f0102f4011ce2f3444a53dc41dc75a5863b0a2226c8  wpa_supplicant-2.9.tar.gz
+021c2a48f45d39c1dc6557730be5debaee071bc0ff82a271638beee6e32314e353e49d39e2f0dc8dff6e094dcc7008cfe1c32d0c7a34a1a345a12a3f1c1e11a1  wpa_supplicant-2.10.tar.gz
 63710cfb0992f2c346a9807d8c97cbeaed032fa376a0e93a2e56f7742ce515e9c4dfadbdb1af03ba272281f639aab832f0178f67634c222a5d99e1d462aa9e38  CVE-2019-16275.patch
 dac56bc505a51167042ebe548f0e81a20a5578f753af9bb7ec3335a542d799c6e8739681ef7c8f7747a9bc954f8aa6f1a147250eacba17fd7fff80c4e53638ed  dbus.patch
 2be055dd1f7da5a3d8e79c2f2c0220ddd31df309452da18f290144d2112d6dbde0fc633bb2ad02c386a39d7785323acaf5f70e5969995a1e8303a094eb5fe232  eloop.patch
-"
+9528735924faf876a7094de46760605e5e66e265187421a668be06dbf03d7b4db6b84cbad793fcd6bd614e3ba540f82f1f80660d75e8a6070eeb7e9abb54ed28  unsafe-renegotiation-1.patch
 a92ba3ed3f41022a8af9396d2b703ee47f78aa05c1fddb42919a7fe6a6fad71e3515c63457e97e252ae0a32c6c34d67ea6efe0278df1e141cf36e650237e5295  unsafe-renegotiation-2.patch
 "