From 1c1b02874e1749d61b9b1680f744bf8470147416 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?P=C3=81LI=20G=C3=A1bor=20J=C3=A1nos?= <pali.gabor@gmail.com>
Date: Fri, 30 Dec 2022 14:47:25 +0100
Subject: Move to Linux 5.15.85 + Alpine 3.17.0.

---
 aports/wpa_supplicant/unsafe-renegotiation-1.patch | 103 +++++++++++++++++++++
 1 file changed, 103 insertions(+)
 create mode 100644 aports/wpa_supplicant/unsafe-renegotiation-1.patch

(limited to 'aports/wpa_supplicant/unsafe-renegotiation-1.patch')

diff --git a/aports/wpa_supplicant/unsafe-renegotiation-1.patch b/aports/wpa_supplicant/unsafe-renegotiation-1.patch
new file mode 100644
index 0000000..0802a1b
--- /dev/null
+++ b/aports/wpa_supplicant/unsafe-renegotiation-1.patch
@@ -0,0 +1,103 @@
+Patch-Source: https://w1.fi/cgit/hostap/commit/?id=566ce69a8d0e64093309cbde80235aa522fbf84e
+From 566ce69a8d0e64093309cbde80235aa522fbf84e Mon Sep 17 00:00:00 2001
+From: Jouni Malinen <quic_jouni@quicinc.com>
+Date: Thu, 5 May 2022 00:07:44 +0300
+Subject: EAP peer: Workaround for servers that do not support safe TLS
+ renegotiation
+
+The TLS protocol design for renegotiation was identified to have a
+significant security flaw in 2009 and an extension to secure this design
+was published in 2010 (RFC 5746). However, some old RADIUS
+authentication servers without support for this are still used commonly.
+
+This is obviously not good from the security view point, but since there
+are cases where the user of a network service has no realistic means for
+getting the authentication server upgraded, TLS handshake may still need
+to be allowed to be able to use the network.
+
+OpenSSL 3.0 disabled the client side workaround by default and this
+resulted in issues connection to some networks with insecure
+authentication servers. With OpenSSL 3.0, the client is now enforcing
+security by refusing to authenticate with such servers. The pre-3.0
+behavior of ignoring this issue and leaving security to the server can
+now be enabled with a new phase1 parameter allow_unsafe_renegotiation=1.
+This should be used only when having to connect to a network that has an
+insecure authentication server that cannot be upgraded.
+
+The old (pre-2010) TLS renegotiation mechanism might open security
+vulnerabilities if the authentication server were to allow TLS
+renegotiation to be initiated. While this is unlikely to cause real
+issues with EAP-TLS, there might be cases where use of PEAP or TTLS with
+an authentication server that does not support RFC 5746 might result in
+a security vulnerability.
+
+Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
+---
+ src/crypto/tls.h                   | 1 +
+ src/crypto/tls_openssl.c           | 5 +++++
+ src/eap_peer/eap_tls_common.c      | 4 ++++
+ wpa_supplicant/wpa_supplicant.conf | 5 +++++
+ 4 files changed, 15 insertions(+)
+
+diff --git a/src/crypto/tls.h b/src/crypto/tls.h
+index ccaac94c9..7ea32ee4a 100644
+--- a/src/crypto/tls.h
++++ b/src/crypto/tls.h
+@@ -112,6 +112,7 @@ struct tls_config {
+ #define TLS_CONN_ENABLE_TLSv1_1 BIT(15)
+ #define TLS_CONN_ENABLE_TLSv1_2 BIT(16)
+ #define TLS_CONN_TEAP_ANON_DH BIT(17)
++#define TLS_CONN_ALLOW_UNSAFE_RENEGOTIATION BIT(18)
+ 
+ /**
+  * struct tls_connection_params - Parameters for TLS connection
+diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
+index 388c6b0f4..0d23f44ad 100644
+--- a/src/crypto/tls_openssl.c
++++ b/src/crypto/tls_openssl.c
+@@ -3081,6 +3081,11 @@ static int tls_set_conn_flags(struct tls_connection *conn, unsigned int flags,
+ 		SSL_clear_options(ssl, SSL_OP_NO_TICKET);
+ #endif /* SSL_OP_NO_TICKET */
+ 
++#ifdef SSL_OP_LEGACY_SERVER_CONNECT
++	if (flags & TLS_CONN_ALLOW_UNSAFE_RENEGOTIATION)
++		SSL_set_options(ssl, SSL_OP_LEGACY_SERVER_CONNECT);
++#endif /* SSL_OP_LEGACY_SERVER_CONNECT */
++
+ #ifdef SSL_OP_NO_TLSv1
+ 	if (flags & TLS_CONN_DISABLE_TLSv1_0)
+ 		SSL_set_options(ssl, SSL_OP_NO_TLSv1);
+diff --git a/src/eap_peer/eap_tls_common.c b/src/eap_peer/eap_tls_common.c
+index 06c9b211e..6193b4bdb 100644
+--- a/src/eap_peer/eap_tls_common.c
++++ b/src/eap_peer/eap_tls_common.c
+@@ -102,6 +102,10 @@ static void eap_tls_params_flags(struct tls_connection_params *params,
+ 		params->flags |= TLS_CONN_SUITEB_NO_ECDH;
+ 	if (os_strstr(txt, "tls_suiteb_no_ecdh=0"))
+ 		params->flags &= ~TLS_CONN_SUITEB_NO_ECDH;
++	if (os_strstr(txt, "allow_unsafe_renegotiation=1"))
++		params->flags |= TLS_CONN_ALLOW_UNSAFE_RENEGOTIATION;
++	if (os_strstr(txt, "allow_unsafe_renegotiation=0"))
++		params->flags &= ~TLS_CONN_ALLOW_UNSAFE_RENEGOTIATION;
+ }
+ 
+ 
+diff --git a/wpa_supplicant/wpa_supplicant.conf b/wpa_supplicant/wpa_supplicant.conf
+index a1dc769c9..b5304a77e 100644
+--- a/wpa_supplicant/wpa_supplicant.conf
++++ b/wpa_supplicant/wpa_supplicant.conf
+@@ -1370,6 +1370,11 @@ fast_reauth=1
+ # tls_suiteb=0 - do not apply Suite B 192-bit constraints on TLS (default)
+ # tls_suiteb=1 - apply Suite B 192-bit constraints on TLS; this is used in
+ #	particular when using Suite B with RSA keys of >= 3K (3072) bits
++# allow_unsafe_renegotiation=1 - allow connection with a TLS server that does
++#	not support safe renegotiation (RFC 5746); please note that this
++#	workaround should be only when having to authenticate with an old
++#	authentication server that cannot be updated to use secure TLS
++#	implementation.
+ #
+ # Following certificate/private key fields are used in inner Phase2
+ # authentication when using EAP-TTLS or EAP-PEAP.
+-- 
+cgit v1.2.3-18-g5258
+
-- 
cgit v1.2.3