diff -pruN 2:2.10-9/debian/changelog 2:2.10-9ubuntu1/debian/changelog --- 2:2.10-9/debian/changelog 2022-05-05 10:23:33.000000000 +0000 +++ 2:2.10-9ubuntu1/debian/changelog 2022-05-31 14:03:29.000000000 +0000 @@ -1,11 +1,21 @@ +wpa (2:2.10-9ubuntu1) kinetic; urgency=medium + + * debian/patches/lower_security_level_for_tls_1.patch: + - set the OpenSSL security level to 0 if that is the only option to + continue the TLS negotiation, i.e., when TLS 1.0/1.1 are still allowed + in wpa_supplicant default configuration and OpenSSL 3.0 with the + constraint on MD5-SHA1 use. Patch proposed by Jouni Malinen on + the upstream mailinglist (lp: #1958267) + + -- Sebastien Bacher Tue, 31 May 2022 16:03:29 +0200 + wpa (2:2.10-9) unstable; urgency=medium - [ Sebastien Bacher ] * debian/patches/allow-legacy-renegotiation.patch: - Allow legacy renegotiation to fix PEAP issues with some servers - (Closes: #1010603, LP: #1962541) + allow legacy renegotiation to fix PEAP issues with some servers + (Closes: #1010603) - -- Andrej Shadura Thu, 05 May 2022 11:23:33 +0100 + -- Sebastien Bacher Thu, 05 May 2022 11:31:26 +0200 wpa (2:2.10-8) unstable; urgency=medium diff -pruN 2:2.10-9/debian/control 2:2.10-9ubuntu1/debian/control --- 2:2.10-9/debian/control 2022-05-05 10:23:33.000000000 +0000 +++ 2:2.10-9ubuntu1/debian/control 2022-05-31 14:03:29.000000000 +0000 @@ -1,5 +1,6 @@ Source: wpa -Maintainer: Debian wpasupplicant Maintainers +Maintainer: Ubuntu Developers +XSBC-Original-Maintainer: Debian wpasupplicant Maintainers Uploaders: Andrej Shadura Section: net diff -pruN 2:2.10-9/debian/patches/allow-legacy-renegotiation.patch 2:2.10-9ubuntu1/debian/patches/allow-legacy-renegotiation.patch --- 2:2.10-9/debian/patches/allow-legacy-renegotiation.patch 2022-05-05 10:23:33.000000000 +0000 +++ 2:2.10-9ubuntu1/debian/patches/allow-legacy-renegotiation.patch 2022-05-05 09:31:26.000000000 +0000 @@ -1,17 +1,11 @@ -From: James Ralston -Date: Sun, 1 May 2022 16:15:23 -0700 -Subject: Allow legacy renegotiation to fix PEAP issues with some servers - -Upstream: http://lists.infradead.org/pipermail/hostap/2022-May/040511.html ---- - src/crypto/tls_openssl.c | 10 ++++++++++ - 1 file changed, 10 insertions(+) - -diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c -index 273e5cb..ad3aa1a 100644 ---- a/src/crypto/tls_openssl.c -+++ b/src/crypto/tls_openssl.c -@@ -1056,6 +1056,16 @@ void * tls_init(const struct tls_config *conf) +# Description: allow legacy renegotiation to fix PEAP issues with some servers +# Upstream: http://lists.infradead.org/pipermail/hostap/2022-May/040511.html +# +Index: wpa-2.10/src/crypto/tls_openssl.c +=================================================================== +--- wpa-2.10.orig/src/crypto/tls_openssl.c ++++ wpa-2.10/src/crypto/tls_openssl.c +@@ -1056,6 +1056,16 @@ void * tls_init(const struct tls_config SSL_CTX_set_options(ssl, SSL_OP_NO_SSLv2); SSL_CTX_set_options(ssl, SSL_OP_NO_SSLv3); diff -pruN 2:2.10-9/debian/patches/lower_security_level_for_tls_1.patch 2:2.10-9ubuntu1/debian/patches/lower_security_level_for_tls_1.patch --- 2:2.10-9/debian/patches/lower_security_level_for_tls_1.patch 1970-01-01 00:00:00.000000000 +0000 +++ 2:2.10-9ubuntu1/debian/patches/lower_security_level_for_tls_1.patch 2022-05-31 13:42:11.000000000 +0000 @@ -0,0 +1,48 @@ +OpenSSL: Drop security level to 0 with OpenSSL 3.0 when using TLS 1.0/1.1 + +Commit 9afb68b03976 ("OpenSSL: Allow systemwide secpolicy overrides for +TLS version") with commit 58bbcfa31b18 ("OpenSSL: Update security level +drop for TLS 1.0/1.1 with OpenSSL 3.0") allow this workaround to be +enabled with an explicit network configuration parameter. However, the +default settings are still allowing TLS 1.0 and 1.1 to be negotiated +just to see them fail immediately when using OpenSSL 3.0. This is not +exactly helpful especially when the OpenSSL error message for this +particular case is "internal error" which does not really say anything +about the reason for the error. + +It is is a bit inconvenient to update the security policy for this +particular issue based on the negotiated TLS version since that happens +in the middle of processing for the first message from the server. +However, this can be done by using the debug callback for printing out +the received TLS messages during processing. + +Drop the OpenSSL security level to 0 if that is the only option to +continue the TLS negotiation, i.e., when TLS 1.0/1.1 are still allowed +in wpa_supplicant default configuration and OpenSSL 3.0 with the +constraint on MD5-SHA1 use. + +Signed-off-by: Jouni Malinen +--- + src/crypto/tls_openssl.c | 9 +++++++++ + 1 file changed, 9 insertions(+) + +Index: wpa-2.10/src/crypto/tls_openssl.c +=================================================================== +--- wpa-2.10.orig/src/crypto/tls_openssl.c ++++ wpa-2.10/src/crypto/tls_openssl.c +@@ -1516,6 +1516,15 @@ static void tls_msg_cb(int write_p, int + struct tls_connection *conn = arg; + const u8 *pos = buf; + ++#if OPENSSL_VERSION_NUMBER >= 0x30000000L ++ if ((SSL_version(ssl) == TLS1_VERSION || ++ SSL_version(ssl) == TLS1_1_VERSION) && ++ SSL_get_security_level(ssl) > 0) { ++ wpa_printf(MSG_DEBUG, ++ "OpenSSL: Drop security level to 0 to allow TLS 1.0/1.1 use of MD5-SHA1 signature algorithm"); ++ SSL_set_security_level(ssl, 0); ++ } ++#endif /* OpenSSL version >= 3.0 */ + if (write_p == 2) { + wpa_printf(MSG_DEBUG, + "OpenSSL: session ver=0x%x content_type=%d", diff -pruN 2:2.10-9/debian/patches/series 2:2.10-9ubuntu1/debian/patches/series --- 2:2.10-9/debian/patches/series 2022-05-05 10:23:33.000000000 +0000 +++ 2:2.10-9ubuntu1/debian/patches/series 2022-05-31 13:42:06.000000000 +0000 @@ -8,3 +8,4 @@ manpage-replace-wheel-with-netdev.patch upstream-fixes/0001-nl80211-add-extra-ies-only-if-allowed-by-driver.patch upstream-fixes/0002-AP-guard-FT-SAE-code-with-CONFIG_IEEE80211R_AP.patch allow-legacy-renegotiation.patch +lower_security_level_for_tls_1.patch