diff --git a/SOURCES/0001-D-Bus-Add-wep_disabled-capability.patch b/SOURCES/0001-D-Bus-Add-wep_disabled-capability.patch new file mode 100644 index 0000000..a6568dc --- /dev/null +++ b/SOURCES/0001-D-Bus-Add-wep_disabled-capability.patch @@ -0,0 +1,52 @@ +From 5b093570dca1855c5bf40bcbd8d149fa6f8ea8ff Mon Sep 17 00:00:00 2001 +Message-Id: <5b093570dca1855c5bf40bcbd8d149fa6f8ea8ff.1650620058.git.davide.caratti@gmail.com> +From: Lubomir Rintel +Date: Mon, 7 Mar 2022 09:54:46 +0100 +Subject: [PATCH] D-Bus: Add 'wep_disabled' capability + +Since commit 200c7693c9a1 ('Make WEP functionality an optional build +parameter'), WEP support is optional and, indeed, off by default. + +The distributions are now catching up and disabling WEP in their builds. +Unfortunately, there's no indication prior to an attempt to connect to a +WEP network that it's not going to work. Add a capability to communicate +that. + +Unlike other capabilities, this one is negative. That is, it indicates +lack of a WEP support as opposed to its presence. This is necessary +because historically there has been no capability to indicate presence +of WEP support and therefore NetworkManager (and probably others) just +assumes it's there. + +Signed-off-by: Lubomir Rintel +Acked-by: Davide Caratti +--- + wpa_supplicant/dbus/dbus_new_handlers.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/wpa_supplicant/dbus/dbus_new_handlers.c b/wpa_supplicant/dbus/dbus_new_handlers.c +index 1c9ded09a..0b1002bf1 100644 +--- a/wpa_supplicant/dbus/dbus_new_handlers.c ++++ b/wpa_supplicant/dbus/dbus_new_handlers.c +@@ -1121,7 +1121,7 @@ dbus_bool_t wpas_dbus_getter_global_capabilities( + const struct wpa_dbus_property_desc *property_desc, + DBusMessageIter *iter, DBusError *error, void *user_data) + { +- const char *capabilities[13]; ++ const char *capabilities[14]; + size_t num_items = 0; + struct wpa_global *global = user_data; + struct wpa_supplicant *wpa_s; +@@ -1177,6 +1177,9 @@ dbus_bool_t wpas_dbus_getter_global_capabilities( + #endif /* CONFIG_SUITEB192 */ + if (ext_key_id_supported) + capabilities[num_items++] = "extended_key_id"; ++#ifndef CONFIG_WEP ++ capabilities[num_items++] = "wep_disabled"; ++#endif /* !CONFIG_WEP */ + + return wpas_dbus_simple_array_property_getter(iter, + DBUS_TYPE_STRING, +-- +2.35.1 + diff --git a/SOURCES/0001-EAP-peer-Workaround-for-servers-that-do-not-support-.patch b/SOURCES/0001-EAP-peer-Workaround-for-servers-that-do-not-support-.patch new file mode 100644 index 0000000..3a2ffaf --- /dev/null +++ b/SOURCES/0001-EAP-peer-Workaround-for-servers-that-do-not-support-.patch @@ -0,0 +1,103 @@ +From 566ce69a8d0e64093309cbde80235aa522fbf84e Mon Sep 17 00:00:00 2001 +Message-Id: <566ce69a8d0e64093309cbde80235aa522fbf84e.1652450572.git.davide.caratti@gmail.com> +From: Jouni Malinen +Date: Thu, 5 May 2022 00:07:44 +0300 +Subject: [PATCH] EAP peer: Workaround for servers that do not support safe TLS + renegotiation + +The TLS protocol design for renegotiation was identified to have a +significant security flaw in 2009 and an extension to secure this design +was published in 2010 (RFC 5746). However, some old RADIUS +authentication servers without support for this are still used commonly. + +This is obviously not good from the security view point, but since there +are cases where the user of a network service has no realistic means for +getting the authentication server upgraded, TLS handshake may still need +to be allowed to be able to use the network. + +OpenSSL 3.0 disabled the client side workaround by default and this +resulted in issues connection to some networks with insecure +authentication servers. With OpenSSL 3.0, the client is now enforcing +security by refusing to authenticate with such servers. The pre-3.0 +behavior of ignoring this issue and leaving security to the server can +now be enabled with a new phase1 parameter allow_unsafe_renegotiation=1. +This should be used only when having to connect to a network that has an +insecure authentication server that cannot be upgraded. + +The old (pre-2010) TLS renegotiation mechanism might open security +vulnerabilities if the authentication server were to allow TLS +renegotiation to be initiated. While this is unlikely to cause real +issues with EAP-TLS, there might be cases where use of PEAP or TTLS with +an authentication server that does not support RFC 5746 might result in +a security vulnerability. + +Signed-off-by: Jouni Malinen +--- + src/crypto/tls.h | 1 + + src/crypto/tls_openssl.c | 5 +++++ + src/eap_peer/eap_tls_common.c | 4 ++++ + wpa_supplicant/wpa_supplicant.conf | 5 +++++ + 4 files changed, 15 insertions(+) + +diff --git a/src/crypto/tls.h b/src/crypto/tls.h +index ccaac94c9..7ea32ee4a 100644 +--- a/src/crypto/tls.h ++++ b/src/crypto/tls.h +@@ -112,6 +112,7 @@ struct tls_config { + #define TLS_CONN_ENABLE_TLSv1_1 BIT(15) + #define TLS_CONN_ENABLE_TLSv1_2 BIT(16) + #define TLS_CONN_TEAP_ANON_DH BIT(17) ++#define TLS_CONN_ALLOW_UNSAFE_RENEGOTIATION BIT(18) + + /** + * struct tls_connection_params - Parameters for TLS connection +diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c +index 388c6b0f4..0d23f44ad 100644 +--- a/src/crypto/tls_openssl.c ++++ b/src/crypto/tls_openssl.c +@@ -3081,6 +3081,11 @@ static int tls_set_conn_flags(struct tls_connection *conn, unsigned int flags, + SSL_clear_options(ssl, SSL_OP_NO_TICKET); + #endif /* SSL_OP_NO_TICKET */ + ++#ifdef SSL_OP_LEGACY_SERVER_CONNECT ++ if (flags & TLS_CONN_ALLOW_UNSAFE_RENEGOTIATION) ++ SSL_set_options(ssl, SSL_OP_LEGACY_SERVER_CONNECT); ++#endif /* SSL_OP_LEGACY_SERVER_CONNECT */ ++ + #ifdef SSL_OP_NO_TLSv1 + if (flags & TLS_CONN_DISABLE_TLSv1_0) + SSL_set_options(ssl, SSL_OP_NO_TLSv1); +diff --git a/src/eap_peer/eap_tls_common.c b/src/eap_peer/eap_tls_common.c +index 06c9b211e..6193b4bdb 100644 +--- a/src/eap_peer/eap_tls_common.c ++++ b/src/eap_peer/eap_tls_common.c +@@ -102,6 +102,10 @@ static void eap_tls_params_flags(struct tls_connection_params *params, + params->flags |= TLS_CONN_SUITEB_NO_ECDH; + if (os_strstr(txt, "tls_suiteb_no_ecdh=0")) + params->flags &= ~TLS_CONN_SUITEB_NO_ECDH; ++ if (os_strstr(txt, "allow_unsafe_renegotiation=1")) ++ params->flags |= TLS_CONN_ALLOW_UNSAFE_RENEGOTIATION; ++ if (os_strstr(txt, "allow_unsafe_renegotiation=0")) ++ params->flags &= ~TLS_CONN_ALLOW_UNSAFE_RENEGOTIATION; + } + + +diff --git a/wpa_supplicant/wpa_supplicant.conf b/wpa_supplicant/wpa_supplicant.conf +index a1dc769c9..b5304a77e 100644 +--- a/wpa_supplicant/wpa_supplicant.conf ++++ b/wpa_supplicant/wpa_supplicant.conf +@@ -1370,6 +1370,11 @@ fast_reauth=1 + # tls_suiteb=0 - do not apply Suite B 192-bit constraints on TLS (default) + # tls_suiteb=1 - apply Suite B 192-bit constraints on TLS; this is used in + # particular when using Suite B with RSA keys of >= 3K (3072) bits ++# allow_unsafe_renegotiation=1 - allow connection with a TLS server that does ++# not support safe renegotiation (RFC 5746); please note that this ++# workaround should be only when having to authenticate with an old ++# authentication server that cannot be updated to use secure TLS ++# implementation. + # + # Following certificate/private key fields are used in inner Phase2 + # authentication when using EAP-TTLS or EAP-PEAP. +-- +2.35.1 + diff --git a/SOURCES/0001-EAP-peer-status-notification-for-server-not-supporti.patch b/SOURCES/0001-EAP-peer-status-notification-for-server-not-supporti.patch new file mode 100644 index 0000000..06807ee --- /dev/null +++ b/SOURCES/0001-EAP-peer-status-notification-for-server-not-supporti.patch @@ -0,0 +1,106 @@ +From a561d12d24c2c8bb0f825d4a3a55a5e47e845853 Mon Sep 17 00:00:00 2001 +Message-Id: +From: Jouni Malinen +Date: Wed, 4 May 2022 23:55:38 +0300 +Subject: [PATCH] EAP peer status notification for server not supporting RFC + 5746 + +Add a notification message to indicate reason for TLS handshake failure +due to the server not supporting safe renegotiation (RFC 5746). + +Signed-off-by: Jouni Malinen +--- + src/ap/authsrv.c | 3 +++ + src/crypto/tls.h | 3 ++- + src/crypto/tls_openssl.c | 15 +++++++++++++-- + src/eap_peer/eap.c | 5 +++++ + 4 files changed, 23 insertions(+), 3 deletions(-) + +diff --git a/src/ap/authsrv.c b/src/ap/authsrv.c +index 516c1da74..fd9c96fad 100644 +--- a/src/ap/authsrv.c ++++ b/src/ap/authsrv.c +@@ -169,6 +169,9 @@ static void authsrv_tls_event(void *ctx, enum tls_event ev, + wpa_printf(MSG_DEBUG, "authsrv: remote TLS alert: %s", + data->alert.description); + break; ++ case TLS_UNSAFE_RENEGOTIATION_DISABLED: ++ /* Not applicable to TLS server */ ++ break; + } + } + #endif /* EAP_TLS_FUNCS */ +diff --git a/src/crypto/tls.h b/src/crypto/tls.h +index 7ea32ee4a..7a2ee32df 100644 +--- a/src/crypto/tls.h ++++ b/src/crypto/tls.h +@@ -22,7 +22,8 @@ enum tls_event { + TLS_CERT_CHAIN_SUCCESS, + TLS_CERT_CHAIN_FAILURE, + TLS_PEER_CERTIFICATE, +- TLS_ALERT ++ TLS_ALERT, ++ TLS_UNSAFE_RENEGOTIATION_DISABLED, + }; + + /* +diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c +index 0d23f44ad..912471ba2 100644 +--- a/src/crypto/tls_openssl.c ++++ b/src/crypto/tls_openssl.c +@@ -4443,6 +4443,7 @@ int tls_connection_get_eap_fast_key(void *tls_ctx, struct tls_connection *conn, + static struct wpabuf * + openssl_handshake(struct tls_connection *conn, const struct wpabuf *in_data) + { ++ struct tls_context *context = conn->context; + int res; + struct wpabuf *out_data; + +@@ -4472,7 +4473,19 @@ openssl_handshake(struct tls_connection *conn, const struct wpabuf *in_data) + wpa_printf(MSG_DEBUG, "SSL: SSL_connect - want to " + "write"); + else { ++ unsigned long error = ERR_peek_last_error(); ++ + tls_show_errors(MSG_INFO, __func__, "SSL_connect"); ++ ++ if (context->event_cb && ++ ERR_GET_LIB(error) == ERR_LIB_SSL && ++ ERR_GET_REASON(error) == ++ SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED) { ++ context->event_cb( ++ context->cb_ctx, ++ TLS_UNSAFE_RENEGOTIATION_DISABLED, ++ NULL); ++ } + conn->failed++; + if (!conn->server && !conn->client_hello_generated) { + /* The server would not understand TLS Alert +@@ -4495,8 +4508,6 @@ openssl_handshake(struct tls_connection *conn, const struct wpabuf *in_data) + if ((conn->flags & TLS_CONN_SUITEB) && !conn->server && + os_strncmp(SSL_get_cipher(conn->ssl), "DHE-", 4) == 0 && + conn->server_dh_prime_len < 3072) { +- struct tls_context *context = conn->context; +- + /* + * This should not be reached since earlier cert_cb should have + * terminated the handshake. Keep this check here for extra +diff --git a/src/eap_peer/eap.c b/src/eap_peer/eap.c +index 429b20d3a..729388f4f 100644 +--- a/src/eap_peer/eap.c ++++ b/src/eap_peer/eap.c +@@ -2172,6 +2172,11 @@ static void eap_peer_sm_tls_event(void *ctx, enum tls_event ev, + eap_notify_status(sm, "remote TLS alert", + data->alert.description); + break; ++ case TLS_UNSAFE_RENEGOTIATION_DISABLED: ++ wpa_printf(MSG_INFO, ++ "TLS handshake failed due to the server not supporting safe renegotiation (RFC 5746); phase1 parameter allow_unsafe_renegotiation=1 can be used to work around this"); ++ eap_notify_status(sm, "unsafe server renegotiation", "failure"); ++ break; + } + + os_free(hash_hex); +-- +2.35.1 + diff --git a/SPECS/wpa_supplicant.spec b/SPECS/wpa_supplicant.spec index d915b8e..1c0d907 100644 --- a/SPECS/wpa_supplicant.spec +++ b/SPECS/wpa_supplicant.spec @@ -9,7 +9,7 @@ Summary: WPA/WPA2/IEEE 802.1X Supplicant Name: wpa_supplicant Epoch: 1 Version: 2.10 -Release: 2%{?dist} +Release: 4%{?dist} License: BSD Source0: http://w1.fi/releases/%{name}-%{version}.tar.gz Source1: wpa_supplicant.conf @@ -29,6 +29,11 @@ Patch2: wpa_supplicant-flush-debug-output.patch Patch3: wpa_supplicant-quiet-scan-results-message.patch # distro specific customization for Qt4 build tools, not suitable for upstream Patch4: wpa_supplicant-gui-qt4.patch +# backport fix for bz2063730 +Patch5: 0001-D-Bus-Add-wep_disabled-capability.patch +# backport fix for bz2077973 +Patch6: 0001-EAP-peer-Workaround-for-servers-that-do-not-support-.patch +Patch7: 0001-EAP-peer-status-notification-for-server-not-supporti.patch URL: http://w1.fi/wpa_supplicant/ @@ -189,6 +194,13 @@ chmod -R 0644 wpa_supplicant/examples/*.py %changelog +* Fri May 13 2022 Davide Caratti - 1:2.10-4 +- Explicitly allow/disallow unsafe legacy renegotiation on configuration base. + Resolves: rhbz#2077973 + +* Fri Apr 22 2022 Davide Caratti - 1:2.10-3 +- Expose 'wep_disabled' capability via D-Bus. Resolves: rhbz#2063730 + * Fri Feb 4 2022 Davide Caratti - 1:2.10-2 - Disable CONFIG_IEEE80211R. Resolves: rhbz#2032539