aports

Custom Alpine Linux aports

git clone https://git.8pit.net/aports.git

  1Patch-Source: https://w1.fi/cgit/hostap/commit/?id=566ce69a8d0e64093309cbde80235aa522fbf84e
  2From 566ce69a8d0e64093309cbde80235aa522fbf84e Mon Sep 17 00:00:00 2001
  3From: Jouni Malinen <quic_jouni@quicinc.com>
  4Date: Thu, 5 May 2022 00:07:44 +0300
  5Subject: EAP peer: Workaround for servers that do not support safe TLS
  6 renegotiation
  7
  8The TLS protocol design for renegotiation was identified to have a
  9significant security flaw in 2009 and an extension to secure this design
 10was published in 2010 (RFC 5746). However, some old RADIUS
 11authentication servers without support for this are still used commonly.
 12
 13This is obviously not good from the security view point, but since there
 14are cases where the user of a network service has no realistic means for
 15getting the authentication server upgraded, TLS handshake may still need
 16to be allowed to be able to use the network.
 17
 18OpenSSL 3.0 disabled the client side workaround by default and this
 19resulted in issues connection to some networks with insecure
 20authentication servers. With OpenSSL 3.0, the client is now enforcing
 21security by refusing to authenticate with such servers. The pre-3.0
 22behavior of ignoring this issue and leaving security to the server can
 23now be enabled with a new phase1 parameter allow_unsafe_renegotiation=1.
 24This should be used only when having to connect to a network that has an
 25insecure authentication server that cannot be upgraded.
 26
 27The old (pre-2010) TLS renegotiation mechanism might open security
 28vulnerabilities if the authentication server were to allow TLS
 29renegotiation to be initiated. While this is unlikely to cause real
 30issues with EAP-TLS, there might be cases where use of PEAP or TTLS with
 31an authentication server that does not support RFC 5746 might result in
 32a security vulnerability.
 33
 34Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
 35---
 36 src/crypto/tls.h                   | 1 +
 37 src/crypto/tls_openssl.c           | 5 +++++
 38 src/eap_peer/eap_tls_common.c      | 4 ++++
 39 wpa_supplicant/wpa_supplicant.conf | 5 +++++
 40 4 files changed, 15 insertions(+)
 41
 42diff --git a/src/crypto/tls.h b/src/crypto/tls.h
 43index ccaac94c9..7ea32ee4a 100644
 44--- a/src/crypto/tls.h
 45+++ b/src/crypto/tls.h
 46@@ -112,6 +112,7 @@ struct tls_config {
 47 #define TLS_CONN_ENABLE_TLSv1_1 BIT(15)
 48 #define TLS_CONN_ENABLE_TLSv1_2 BIT(16)
 49 #define TLS_CONN_TEAP_ANON_DH BIT(17)
 50+#define TLS_CONN_ALLOW_UNSAFE_RENEGOTIATION BIT(18)
 51 
 52 /**
 53  * struct tls_connection_params - Parameters for TLS connection
 54diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
 55index 388c6b0f4..0d23f44ad 100644
 56--- a/src/crypto/tls_openssl.c
 57+++ b/src/crypto/tls_openssl.c
 58@@ -3081,6 +3081,11 @@ static int tls_set_conn_flags(struct tls_connection *conn, unsigned int flags,
 59 		SSL_clear_options(ssl, SSL_OP_NO_TICKET);
 60 #endif /* SSL_OP_NO_TICKET */
 61 
 62+#ifdef SSL_OP_LEGACY_SERVER_CONNECT
 63+	if (flags & TLS_CONN_ALLOW_UNSAFE_RENEGOTIATION)
 64+		SSL_set_options(ssl, SSL_OP_LEGACY_SERVER_CONNECT);
 65+#endif /* SSL_OP_LEGACY_SERVER_CONNECT */
 66+
 67 #ifdef SSL_OP_NO_TLSv1
 68 	if (flags & TLS_CONN_DISABLE_TLSv1_0)
 69 		SSL_set_options(ssl, SSL_OP_NO_TLSv1);
 70diff --git a/src/eap_peer/eap_tls_common.c b/src/eap_peer/eap_tls_common.c
 71index 06c9b211e..6193b4bdb 100644
 72--- a/src/eap_peer/eap_tls_common.c
 73+++ b/src/eap_peer/eap_tls_common.c
 74@@ -102,6 +102,10 @@ static void eap_tls_params_flags(struct tls_connection_params *params,
 75 		params->flags |= TLS_CONN_SUITEB_NO_ECDH;
 76 	if (os_strstr(txt, "tls_suiteb_no_ecdh=0"))
 77 		params->flags &= ~TLS_CONN_SUITEB_NO_ECDH;
 78+	if (os_strstr(txt, "allow_unsafe_renegotiation=1"))
 79+		params->flags |= TLS_CONN_ALLOW_UNSAFE_RENEGOTIATION;
 80+	if (os_strstr(txt, "allow_unsafe_renegotiation=0"))
 81+		params->flags &= ~TLS_CONN_ALLOW_UNSAFE_RENEGOTIATION;
 82 }
 83 
 84 
 85diff --git a/wpa_supplicant/wpa_supplicant.conf b/wpa_supplicant/wpa_supplicant.conf
 86index a1dc769c9..b5304a77e 100644
 87--- a/wpa_supplicant/wpa_supplicant.conf
 88+++ b/wpa_supplicant/wpa_supplicant.conf
 89@@ -1370,6 +1370,11 @@ fast_reauth=1
 90 # tls_suiteb=0 - do not apply Suite B 192-bit constraints on TLS (default)
 91 # tls_suiteb=1 - apply Suite B 192-bit constraints on TLS; this is used in
 92 #	particular when using Suite B with RSA keys of >= 3K (3072) bits
 93+# allow_unsafe_renegotiation=1 - allow connection with a TLS server that does
 94+#	not support safe renegotiation (RFC 5746); please note that this
 95+#	workaround should be only when having to authenticate with an old
 96+#	authentication server that cannot be updated to use secure TLS
 97+#	implementation.
 98 #
 99 # Following certificate/private key fields are used in inner Phase2
100 # authentication when using EAP-TTLS or EAP-PEAP.
101-- 
102cgit v1.2.3-18-g5258
103