wok-current rev 25666
Patch wpa_supplicant CVE-2023-52160 (miss add patch)
| author | Stanislas Leduc <shann@slitaz.org> |
|---|---|
| date | Sat Mar 02 09:28:06 2024 +0000 (2 months ago) |
| parents | daa1640c418e |
| children | 8e3f5f4438f1 |
| files | wpa_supplicant/stuff/CVE-2023-52160.patch |
line diff
1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 1.2 +++ b/wpa_supplicant/stuff/CVE-2023-52160.patch Sat Mar 02 09:28:06 2024 +0000 1.3 @@ -0,0 +1,209 @@ 1.4 +From 8e6485a1bcb0baffdea9e55255a81270b768439c Mon Sep 17 00:00:00 2001 1.5 +From: Jouni Malinen <j@w1.fi> 1.6 +Date: Sat, 8 Jul 2023 19:55:32 +0300 1.7 +Subject: PEAP client: Update Phase 2 authentication requirements 1.8 + 1.9 +The previous PEAP client behavior allowed the server to skip Phase 2 1.10 +authentication with the expectation that the server was authenticated 1.11 +during Phase 1 through TLS server certificate validation. Various PEAP 1.12 +specifications are not exactly clear on what the behavior on this front 1.13 +is supposed to be and as such, this ended up being more flexible than 1.14 +the TTLS/FAST/TEAP cases. However, this is not really ideal when 1.15 +unfortunately common misconfiguration of PEAP is used in deployed 1.16 +devices where the server trust root (ca_cert) is not configured or the 1.17 +user has an easy option for allowing this validation step to be skipped. 1.18 + 1.19 +Change the default PEAP client behavior to be to require Phase 2 1.20 +authentication to be successfully completed for cases where TLS session 1.21 +resumption is not used and the client certificate has not been 1.22 +configured. Those two exceptions are the main cases where a deployed 1.23 +authentication server might skip Phase 2 and as such, where a more 1.24 +strict default behavior could result in undesired interoperability 1.25 +issues. Requiring Phase 2 authentication will end up disabling TLS 1.26 +session resumption automatically to avoid interoperability issues. 1.27 + 1.28 +Allow Phase 2 authentication behavior to be configured with a new phase1 1.29 +configuration parameter option: 1.30 +'phase2_auth' option can be used to control Phase 2 (i.e., within TLS 1.31 +tunnel) behavior for PEAP: 1.32 + * 0 = do not require Phase 2 authentication 1.33 + * 1 = require Phase 2 authentication when client certificate 1.34 + (private_key/client_cert) is no used and TLS session resumption was 1.35 + not used (default) 1.36 + * 2 = require Phase 2 authentication in all cases 1.37 + 1.38 +Signed-off-by: Jouni Malinen <j@w1.fi> 1.39 +--- 1.40 + src/eap_peer/eap_config.h | 8 ++++++++ 1.41 + src/eap_peer/eap_peap.c | 40 +++++++++++++++++++++++++++++++++++--- 1.42 + src/eap_peer/eap_tls_common.c | 6 ++++++ 1.43 + src/eap_peer/eap_tls_common.h | 5 +++++ 1.44 + wpa_supplicant/wpa_supplicant.conf | 7 +++++++ 1.45 + 5 files changed, 63 insertions(+), 3 deletions(-) 1.46 + 1.47 +diff --git a/src/eap_peer/eap_config.h b/src/eap_peer/eap_config.h 1.48 +index 26744ab68..58d5a1359 100644 1.49 +--- a/src/eap_peer/eap_config.h 1.50 ++++ b/src/eap_peer/eap_config.h 1.51 +@@ -471,6 +471,14 @@ struct eap_peer_config { 1.52 + * 1 = use cryptobinding if server supports it 1.53 + * 2 = require cryptobinding 1.54 + * 1.55 ++ * phase2_auth option can be used to control Phase 2 (i.e., within TLS 1.56 ++ * tunnel) behavior for PEAP: 1.57 ++ * 0 = do not require Phase 2 authentication 1.58 ++ * 1 = require Phase 2 authentication when client certificate 1.59 ++ * (private_key/client_cert) is no used and TLS session resumption was 1.60 ++ * not used (default) 1.61 ++ * 2 = require Phase 2 authentication in all cases 1.62 ++ * 1.63 + * EAP-WSC (WPS) uses following options: pin=Device_Password and 1.64 + * uuid=Device_UUID 1.65 + * 1.66 +diff --git a/src/eap_peer/eap_peap.c b/src/eap_peer/eap_peap.c 1.67 +index 12e30df29..608069719 100644 1.68 +--- a/src/eap_peer/eap_peap.c 1.69 ++++ b/src/eap_peer/eap_peap.c 1.70 +@@ -67,6 +67,7 @@ struct eap_peap_data { 1.71 + u8 cmk[20]; 1.72 + int soh; /* Whether IF-TNCCS-SOH (Statement of Health; Microsoft NAP) 1.73 + * is enabled. */ 1.74 ++ enum { NO_AUTH, FOR_INITIAL, ALWAYS } phase2_auth; 1.75 + }; 1.76 + 1.77 + 1.78 +@@ -114,6 +115,19 @@ static void eap_peap_parse_phase1(struct eap_peap_data *data, 1.79 + wpa_printf(MSG_DEBUG, "EAP-PEAP: Require cryptobinding"); 1.80 + } 1.81 + 1.82 ++ if (os_strstr(phase1, "phase2_auth=0")) { 1.83 ++ data->phase2_auth = NO_AUTH; 1.84 ++ wpa_printf(MSG_DEBUG, 1.85 ++ "EAP-PEAP: Do not require Phase 2 authentication"); 1.86 ++ } else if (os_strstr(phase1, "phase2_auth=1")) { 1.87 ++ data->phase2_auth = FOR_INITIAL; 1.88 ++ wpa_printf(MSG_DEBUG, 1.89 ++ "EAP-PEAP: Require Phase 2 authentication for initial connection"); 1.90 ++ } else if (os_strstr(phase1, "phase2_auth=2")) { 1.91 ++ data->phase2_auth = ALWAYS; 1.92 ++ wpa_printf(MSG_DEBUG, 1.93 ++ "EAP-PEAP: Require Phase 2 authentication for all cases"); 1.94 ++ } 1.95 + #ifdef EAP_TNC 1.96 + if (os_strstr(phase1, "tnc=soh2")) { 1.97 + data->soh = 2; 1.98 +@@ -142,6 +156,7 @@ static void * eap_peap_init(struct eap_sm *sm) 1.99 + data->force_peap_version = -1; 1.100 + data->peap_outer_success = 2; 1.101 + data->crypto_binding = OPTIONAL_BINDING; 1.102 ++ data->phase2_auth = FOR_INITIAL; 1.103 + 1.104 + if (config && config->phase1) 1.105 + eap_peap_parse_phase1(data, config->phase1); 1.106 +@@ -454,6 +469,20 @@ static int eap_tlv_validate_cryptobinding(struct eap_sm *sm, 1.107 + } 1.108 + 1.109 + 1.110 ++static bool peap_phase2_sufficient(struct eap_sm *sm, 1.111 ++ struct eap_peap_data *data) 1.112 ++{ 1.113 ++ if ((data->phase2_auth == ALWAYS || 1.114 ++ (data->phase2_auth == FOR_INITIAL && 1.115 ++ !tls_connection_resumed(sm->ssl_ctx, data->ssl.conn) && 1.116 ++ !data->ssl.client_cert_conf) || 1.117 ++ data->phase2_eap_started) && 1.118 ++ !data->phase2_eap_success) 1.119 ++ return false; 1.120 ++ return true; 1.121 ++} 1.122 ++ 1.123 ++ 1.124 + /** 1.125 + * eap_tlv_process - Process a received EAP-TLV message and generate a response 1.126 + * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init() 1.127 +@@ -568,6 +597,11 @@ static int eap_tlv_process(struct eap_sm *sm, struct eap_peap_data *data, 1.128 + " - force failed Phase 2"); 1.129 + resp_status = EAP_TLV_RESULT_FAILURE; 1.130 + ret->decision = DECISION_FAIL; 1.131 ++ } else if (!peap_phase2_sufficient(sm, data)) { 1.132 ++ wpa_printf(MSG_INFO, 1.133 ++ "EAP-PEAP: Server indicated Phase 2 success, but sufficient Phase 2 authentication has not been completed"); 1.134 ++ resp_status = EAP_TLV_RESULT_FAILURE; 1.135 ++ ret->decision = DECISION_FAIL; 1.136 + } else { 1.137 + resp_status = EAP_TLV_RESULT_SUCCESS; 1.138 + ret->decision = DECISION_UNCOND_SUCC; 1.139 +@@ -887,8 +921,7 @@ continue_req: 1.140 + /* EAP-Success within TLS tunnel is used to indicate 1.141 + * shutdown of the TLS channel. The authentication has 1.142 + * been completed. */ 1.143 +- if (data->phase2_eap_started && 1.144 +- !data->phase2_eap_success) { 1.145 ++ if (!peap_phase2_sufficient(sm, data)) { 1.146 + wpa_printf(MSG_DEBUG, "EAP-PEAP: Phase 2 " 1.147 + "Success used to indicate success, " 1.148 + "but Phase 2 EAP was not yet " 1.149 +@@ -1199,8 +1232,9 @@ static struct wpabuf * eap_peap_process(struct eap_sm *sm, void *priv, 1.150 + static bool eap_peap_has_reauth_data(struct eap_sm *sm, void *priv) 1.151 + { 1.152 + struct eap_peap_data *data = priv; 1.153 ++ 1.154 + return tls_connection_established(sm->ssl_ctx, data->ssl.conn) && 1.155 +- data->phase2_success; 1.156 ++ data->phase2_success && data->phase2_auth != ALWAYS; 1.157 + } 1.158 + 1.159 + 1.160 +diff --git a/src/eap_peer/eap_tls_common.c b/src/eap_peer/eap_tls_common.c 1.161 +index 6193b4bdb..966cbd6c7 100644 1.162 +--- a/src/eap_peer/eap_tls_common.c 1.163 ++++ b/src/eap_peer/eap_tls_common.c 1.164 +@@ -242,6 +242,12 @@ static int eap_tls_params_from_conf(struct eap_sm *sm, 1.165 + 1.166 + sm->ext_cert_check = !!(params->flags & TLS_CONN_EXT_CERT_CHECK); 1.167 + 1.168 ++ if (!phase2) 1.169 ++ data->client_cert_conf = params->client_cert || 1.170 ++ params->client_cert_blob || 1.171 ++ params->private_key || 1.172 ++ params->private_key_blob; 1.173 ++ 1.174 + return 0; 1.175 + } 1.176 + 1.177 +diff --git a/src/eap_peer/eap_tls_common.h b/src/eap_peer/eap_tls_common.h 1.178 +index 9ac00121f..334863413 100644 1.179 +--- a/src/eap_peer/eap_tls_common.h 1.180 ++++ b/src/eap_peer/eap_tls_common.h 1.181 +@@ -79,6 +79,11 @@ struct eap_ssl_data { 1.182 + * tls_v13 - Whether TLS v1.3 or newer is used 1.183 + */ 1.184 + int tls_v13; 1.185 ++ 1.186 ++ /** 1.187 ++ * client_cert_conf: Whether client certificate has been configured 1.188 ++ */ 1.189 ++ bool client_cert_conf; 1.190 + }; 1.191 + 1.192 + 1.193 +diff --git a/wpa_supplicant/wpa_supplicant.conf b/wpa_supplicant/wpa_supplicant.conf 1.194 +index f0b82443e..1b09f57d3 100644 1.195 +--- a/wpa_supplicant/wpa_supplicant.conf 1.196 ++++ b/wpa_supplicant/wpa_supplicant.conf 1.197 +@@ -1370,6 +1370,13 @@ fast_reauth=1 1.198 + # * 0 = do not use cryptobinding (default) 1.199 + # * 1 = use cryptobinding if server supports it 1.200 + # * 2 = require cryptobinding 1.201 ++# 'phase2_auth' option can be used to control Phase 2 (i.e., within TLS 1.202 ++# tunnel) behavior for PEAP: 1.203 ++# * 0 = do not require Phase 2 authentication 1.204 ++# * 1 = require Phase 2 authentication when client certificate 1.205 ++# (private_key/client_cert) is no used and TLS session resumption was 1.206 ++# not used (default) 1.207 ++# * 2 = require Phase 2 authentication in all cases 1.208 + # EAP-WSC (WPS) uses following options: pin=<Device Password> or 1.209 + # pbc=1. 1.210 + # 1.211 +-- 1.212 +cgit v1.2.3-18-g5258