hostapd: Security fix for CVE-2023-52160

CVE-2023-52160: The implementation of PEAP in wpa_supplicant through 2.10 allows authentication bypass. For a successful attack, wpa_supplicant must be configured to not verify the network's TLS certificate during Phase 1 authentication, and an eap_peap_decrypt vulnerability can then be abused to skip Phase 2 authentication. The attack vector is sending an EAP-TLV Success packet instead of starting Phase 2. This allows an adversary to impersonate Enterprise Wi-Fi networks. Reference: https://nvd.nist.gov/vuln/detail/CVE-2023-52160 Patch from: https://w1.fi/cgit/hostap/commit/?id=8e6485a1bcb0baffdea9e55255a81270b768439c Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
author: Yi Zhao <yi.zhao@eng.windriver.com> 2024-11-24 23:19:40 +0800
committer: Armin Kuster <akuster808@gmail.com> 2024-12-15 13:52:28 -0500
commit: 0f98d98e82882a06adf24fbc1a628cfaf2268ba1 (patch)
tree: e921d456e8a919caba5878bebc9cc195f8ca25c6
parent: 00973f130d797fe829fef17b5858c5ae8bca3220 (diff)
download: meta-openembedded-0f98d98e82882a06adf24fbc1a628cfaf2268ba1.tar.gz
2 files changed, 199 insertions, 0 deletions
diff --git a/meta-oe/recipes-connectivity/hostapd/hostapd/CVE-2023-52160.patch b/meta-oe/recipes-connectivity/hostapd/hostapd/CVE-2023-52160.patch
new file mode 100644
index 0000000000..7f46ea84c6
--- /dev/null
+++ b/meta-oe/recipes-connectivity/hostapd/hostapd/CVE-2023-52160.patch
@@ -0,0 +1,198 @@
+From 6c81c2d98dc5a8a6296820bd9f083faae2c788c3 Mon Sep 17 00:00:00 2001
+From: Jouni Malinen <j@w1.fi>
+Date: Sat, 8 Jul 2023 19:55:32 +0300
+Subject: [PATCH] PEAP client: Update Phase 2 authentication requirements
+The previous PEAP client behavior allowed the server to skip Phase 2
+authentication with the expectation that the server was authenticated
+during Phase 1 through TLS server certificate validation. Various PEAP
+specifications are not exactly clear on what the behavior on this front
+is supposed to be and as such, this ended up being more flexible than
+the TTLS/FAST/TEAP cases. However, this is not really ideal when
+unfortunately common misconfiguration of PEAP is used in deployed
+devices where the server trust root (ca_cert) is not configured or the
+user has an easy option for allowing this validation step to be skipped.
+Change the default PEAP client behavior to be to require Phase 2
+authentication to be successfully completed for cases where TLS session
+resumption is not used and the client certificate has not been
+configured. Those two exceptions are the main cases where a deployed
+authentication server might skip Phase 2 and as such, where a more
+strict default behavior could result in undesired interoperability
+issues. Requiring Phase 2 authentication will end up disabling TLS
+session resumption automatically to avoid interoperability issues.
+Allow Phase 2 authentication behavior to be configured with a new phase1
+configuration parameter option:
+'phase2_auth' option can be used to control Phase 2 (i.e., within TLS
+tunnel) behavior for PEAP:
+ * 0 = do not require Phase 2 authentication
+ * 1 = require Phase 2 authentication when client certificate
+   (private_key/client_cert) is no used and TLS session resumption was
+   not used (default)
+ * 2 = require Phase 2 authentication in all cases
+Signed-off-by: Jouni Malinen <j@w1.fi>
+CVE: CVE-2023-52160
+Upstream-Status: Backport
+[https://w1.fi/cgit/hostap/commit/?id=8e6485a1bcb0baffdea9e55255a81270b768439c]
+Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
+---
+ src/eap_peer/eap_config.h     |  8 +++++++
+ src/eap_peer/eap_peap.c       | 40 ++++++++++++++++++++++++++++++++---
+ src/eap_peer/eap_tls_common.c |  6 ++++++
+ src/eap_peer/eap_tls_common.h |  5 +++++
+ 4 files changed, 56 insertions(+), 3 deletions(-)
+diff --git a/src/eap_peer/eap_config.h b/src/eap_peer/eap_config.h
+index 3238f74..047eec2 100644
+--- a/src/eap_peer/eap_config.h
+++ b/src/eap_peer/eap_config.h
+@@ -469,6 +469,14 @@ struct eap_peer_config {
+         * 1 = use cryptobinding if server supports it
+         * 2 = require cryptobinding
+         *
+        * phase2_auth option can be used to control Phase 2 (i.e., within TLS
+        * tunnel) behavior for PEAP:
+        * 0 = do not require Phase 2 authentication
+        * 1 = require Phase 2 authentication when client certificate
+        *  (private_key/client_cert) is no used and TLS session resumption was
+        *  not used (default)
+        * 2 = require Phase 2 authentication in all cases
+        *
+         * EAP-WSC (WPS) uses following options: pin=Device_Password and
+         * uuid=Device_UUID
+         *
+diff --git a/src/eap_peer/eap_peap.c b/src/eap_peer/eap_peap.c
+index 12e30df..6080697 100644
+--- a/src/eap_peer/eap_peap.c
+++ b/src/eap_peer/eap_peap.c
+@@ -67,6 +67,7 @@ struct eap_peap_data {
+        u8 cmk[20];
+        int soh; /* Whether IF-TNCCS-SOH (Statement of Health; Microsoft NAP)
+                  * is enabled. */
+       enum { NO_AUTH, FOR_INITIAL, ALWAYS } phase2_auth;
+ };
+ 
+ 
+@@ -114,6 +115,19 @@ static void eap_peap_parse_phase1(struct eap_peap_data *data,
+                wpa_printf(MSG_DEBUG, "EAP-PEAP: Require cryptobinding");
+        }
+ 
+       if (os_strstr(phase1, "phase2_auth=0")) {
+               data->phase2_auth = NO_AUTH;
+               wpa_printf(MSG_DEBUG,
+                          "EAP-PEAP: Do not require Phase 2 authentication");
+       } else if (os_strstr(phase1, "phase2_auth=1")) {
+               data->phase2_auth = FOR_INITIAL;
+               wpa_printf(MSG_DEBUG,
+                          "EAP-PEAP: Require Phase 2 authentication for initial connection");
+       } else if (os_strstr(phase1, "phase2_auth=2")) {
+               data->phase2_auth = ALWAYS;
+               wpa_printf(MSG_DEBUG,
+                          "EAP-PEAP: Require Phase 2 authentication for all cases");
+       }
+ #ifdef EAP_TNC
+        if (os_strstr(phase1, "tnc=soh2")) {
+                data->soh = 2;
+@@ -142,6 +156,7 @@ static void * eap_peap_init(struct eap_sm *sm)
+        data->force_peap_version = -1;
+        data->peap_outer_success = 2;
+        data->crypto_binding = OPTIONAL_BINDING;
+       data->phase2_auth = FOR_INITIAL;
+ 
+        if (config && config->phase1)
+                eap_peap_parse_phase1(data, config->phase1);
+@@ -454,6 +469,20 @@ static int eap_tlv_validate_cryptobinding(struct eap_sm *sm,
+ }
+ 
+ 
+static bool peap_phase2_sufficient(struct eap_sm *sm,
+                                  struct eap_peap_data *data)
+{
+       if ((data->phase2_auth == ALWAYS ||
+            (data->phase2_auth == FOR_INITIAL &&
+             !tls_connection_resumed(sm->ssl_ctx, data->ssl.conn) &&
+             !data->ssl.client_cert_conf) ||
+            data->phase2_eap_started) &&
+           !data->phase2_eap_success)
+               return false;
+       return true;
+}
+
+
+ /**
+  * eap_tlv_process - Process a received EAP-TLV message and generate a response
+  * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init()
+@@ -568,6 +597,11 @@ static int eap_tlv_process(struct eap_sm *sm, struct eap_peap_data *data,
+                                           " - force failed Phase 2");
+                                resp_status = EAP_TLV_RESULT_FAILURE;
+                                ret->decision = DECISION_FAIL;
+                       } else if (!peap_phase2_sufficient(sm, data)) {
+                               wpa_printf(MSG_INFO,
+                                          "EAP-PEAP: Server indicated Phase 2 success, but sufficient Phase 2 authentication has not been completed");
+                               resp_status = EAP_TLV_RESULT_FAILURE;
+                               ret->decision = DECISION_FAIL;
+                        } else {
+                                resp_status = EAP_TLV_RESULT_SUCCESS;
+                                ret->decision = DECISION_UNCOND_SUCC;
+@@ -887,8 +921,7 @@ continue_req:
+                        /* EAP-Success within TLS tunnel is used to indicate
+                         * shutdown of the TLS channel. The authentication has
+                         * been completed. */
+-                       if (data->phase2_eap_started &&
+-                           !data->phase2_eap_success) {
+                       if (!peap_phase2_sufficient(sm, data)) {
+                                wpa_printf(MSG_DEBUG, "EAP-PEAP: Phase 2 "
+                                           "Success used to indicate success, "
+                                           "but Phase 2 EAP was not yet "
+@@ -1199,8 +1232,9 @@ static struct wpabuf * eap_peap_process(struct eap_sm *sm, void *priv,
+ static bool eap_peap_has_reauth_data(struct eap_sm *sm, void *priv)
+ {
+        struct eap_peap_data *data = priv;
+
+        return tls_connection_established(sm->ssl_ctx, data->ssl.conn) &&
+-               data->phase2_success;
+               data->phase2_success && data->phase2_auth != ALWAYS;
+ }
+ 
+ 
+diff --git a/src/eap_peer/eap_tls_common.c b/src/eap_peer/eap_tls_common.c
+index c1837db..a53eeb1 100644
+--- a/src/eap_peer/eap_tls_common.c
+++ b/src/eap_peer/eap_tls_common.c
+@@ -239,6 +239,12 @@ static int eap_tls_params_from_conf(struct eap_sm *sm,
+ 
+        sm->ext_cert_check = !!(params->flags & TLS_CONN_EXT_CERT_CHECK);
+ 
+       if (!phase2)
+               data->client_cert_conf = params->client_cert ||
+                       params->client_cert_blob ||
+                       params->private_key ||
+                       params->private_key_blob;
+
+        return 0;
+ }
+ 
+diff --git a/src/eap_peer/eap_tls_common.h b/src/eap_peer/eap_tls_common.h
+index 9ac0012..3348634 100644
+--- a/src/eap_peer/eap_tls_common.h
+++ b/src/eap_peer/eap_tls_common.h
+@@ -79,6 +79,11 @@ struct eap_ssl_data {
+         * tls_v13 - Whether TLS v1.3 or newer is used
+         */
+        int tls_v13;
+
+       /**
+        * client_cert_conf: Whether client certificate has been configured
+        */
+       bool client_cert_conf;
+ };
+ 
+ 
+-- 
+2.25.1
diff --git a/meta-oe/recipes-connectivity/hostapd/hostapd_2.10.bb b/meta-oe/recipes-connectivity/hostapd/hostapd_2.10.bb
index a745e7a404..5ef6ac64b2 100644
--- a/meta-oe/recipes-connectivity/hostapd/hostapd_2.10.bb
+++ b/meta-oe/recipes-connectivity/hostapd/hostapd_2.10.bb
@@ -21,6 +21,7 @@ SRC_URI = " \
    file://CVE-2024-3596_08.patch \
    file://0001-SAE-Check-for-invalid-Rejected-Groups-element-length.patch \
    file://0003-SAE-Reject-invalid-Rejected-Groups-element-in-the-pa.patch \
+    file://CVE-2023-52160.patch \
 "
author	Yi Zhao <yi.zhao@eng.windriver.com>	2024-11-24 23:19:40 +0800
committer	Armin Kuster <akuster808@gmail.com>	2024-12-15 13:52:28 -0500
commit	0f98d98e82882a06adf24fbc1a628cfaf2268ba1 (patch)
tree	e921d456e8a919caba5878bebc9cc195f8ca25c6
parent	00973f130d797fe829fef17b5858c5ae8bca3220 (diff)
download	meta-openembedded-0f98d98e82882a06adf24fbc1a628cfaf2268ba1.tar.gz

diff --git a/meta-oe/recipes-connectivity/hostapd/hostapd/CVE-2023-52160.patch b/meta-oe/recipes-connectivity/hostapd/hostapd/CVE-2023-52160.patch new file mode 100644 index 0000000000..7f46ea84c6 --- /dev/null +++ b/meta-oe/recipes-connectivity/hostapd/hostapd/CVE-2023-52160.patch
@@ -0,0 +1,198 @@
		1	From 6c81c2d98dc5a8a6296820bd9f083faae2c788c3 Mon Sep 17 00:00:00 2001
		2	From: Jouni Malinen <j@w1.fi>
		3	Date: Sat, 8 Jul 2023 19:55:32 +0300
		4	Subject: [PATCH] PEAP client: Update Phase 2 authentication requirements
		5
		6	The previous PEAP client behavior allowed the server to skip Phase 2
		7	authentication with the expectation that the server was authenticated
		8	during Phase 1 through TLS server certificate validation. Various PEAP
		9	specifications are not exactly clear on what the behavior on this front
		10	is supposed to be and as such, this ended up being more flexible than
		11	the TTLS/FAST/TEAP cases. However, this is not really ideal when
		12	unfortunately common misconfiguration of PEAP is used in deployed
		13	devices where the server trust root (ca_cert) is not configured or the
		14	user has an easy option for allowing this validation step to be skipped.
		15
		16	Change the default PEAP client behavior to be to require Phase 2
		17	authentication to be successfully completed for cases where TLS session
		18	resumption is not used and the client certificate has not been
		19	configured. Those two exceptions are the main cases where a deployed
		20	authentication server might skip Phase 2 and as such, where a more
		21	strict default behavior could result in undesired interoperability
		22	issues. Requiring Phase 2 authentication will end up disabling TLS
		23	session resumption automatically to avoid interoperability issues.
		24
		25	Allow Phase 2 authentication behavior to be configured with a new phase1
		26	configuration parameter option:
		27	'phase2_auth' option can be used to control Phase 2 (i.e., within TLS
		28	tunnel) behavior for PEAP:
		29	* 0 = do not require Phase 2 authentication
		30	* 1 = require Phase 2 authentication when client certificate
		31	(private_key/client_cert) is no used and TLS session resumption was
		32	not used (default)
		33	* 2 = require Phase 2 authentication in all cases
		34
		35	Signed-off-by: Jouni Malinen <j@w1.fi>
		36
		37	CVE: CVE-2023-52160
		38
		39	Upstream-Status: Backport
		40	[https://w1.fi/cgit/hostap/commit/?id=8e6485a1bcb0baffdea9e55255a81270b768439c]
		41
		42	Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
		43	---
		44	src/eap_peer/eap_config.h \| 8 +++++++
		45	src/eap_peer/eap_peap.c \| 40 ++++++++++++++++++++++++++++++++---
		46	src/eap_peer/eap_tls_common.c \| 6 ++++++
		47	src/eap_peer/eap_tls_common.h \| 5 +++++
		48	4 files changed, 56 insertions(+), 3 deletions(-)
		49
		50	diff --git a/src/eap_peer/eap_config.h b/src/eap_peer/eap_config.h
		51	index 3238f74..047eec2 100644
		52	--- a/src/eap_peer/eap_config.h
		53	+++ b/src/eap_peer/eap_config.h
		54	@@ -469,6 +469,14 @@ struct eap_peer_config {
		55	* 1 = use cryptobinding if server supports it
		56	* 2 = require cryptobinding
		57	*
		58	+ * phase2_auth option can be used to control Phase 2 (i.e., within TLS
		59	+ * tunnel) behavior for PEAP:
		60	+ * 0 = do not require Phase 2 authentication
		61	+ * 1 = require Phase 2 authentication when client certificate
		62	+ * (private_key/client_cert) is no used and TLS session resumption was
		63	+ * not used (default)
		64	+ * 2 = require Phase 2 authentication in all cases
		65	+ *
		66	* EAP-WSC (WPS) uses following options: pin=Device_Password and
		67	* uuid=Device_UUID
		68	*
		69	diff --git a/src/eap_peer/eap_peap.c b/src/eap_peer/eap_peap.c
		70	index 12e30df..6080697 100644
		71	--- a/src/eap_peer/eap_peap.c
		72	+++ b/src/eap_peer/eap_peap.c
		73	@@ -67,6 +67,7 @@ struct eap_peap_data {
		74	u8 cmk[20];
		75	int soh; /* Whether IF-TNCCS-SOH (Statement of Health; Microsoft NAP)
		76	* is enabled. */
		77	+ enum { NO_AUTH, FOR_INITIAL, ALWAYS } phase2_auth;
		78	};
		79
		80
		81	@@ -114,6 +115,19 @@ static void eap_peap_parse_phase1(struct eap_peap_data *data,
		82	wpa_printf(MSG_DEBUG, "EAP-PEAP: Require cryptobinding");
		83	}
		84
		85	+ if (os_strstr(phase1, "phase2_auth=0")) {
		86	+ data->phase2_auth = NO_AUTH;
		87	+ wpa_printf(MSG_DEBUG,
		88	+ "EAP-PEAP: Do not require Phase 2 authentication");
		89	+ } else if (os_strstr(phase1, "phase2_auth=1")) {
		90	+ data->phase2_auth = FOR_INITIAL;
		91	+ wpa_printf(MSG_DEBUG,
		92	+ "EAP-PEAP: Require Phase 2 authentication for initial connection");
		93	+ } else if (os_strstr(phase1, "phase2_auth=2")) {
		94	+ data->phase2_auth = ALWAYS;
		95	+ wpa_printf(MSG_DEBUG,
		96	+ "EAP-PEAP: Require Phase 2 authentication for all cases");
		97	+ }
		98	#ifdef EAP_TNC
		99	if (os_strstr(phase1, "tnc=soh2")) {
		100	data->soh = 2;
		101	@@ -142,6 +156,7 @@ static void * eap_peap_init(struct eap_sm *sm)
		102	data->force_peap_version = -1;
		103	data->peap_outer_success = 2;
		104	data->crypto_binding = OPTIONAL_BINDING;
		105	+ data->phase2_auth = FOR_INITIAL;
		106
		107	if (config && config->phase1)
		108	eap_peap_parse_phase1(data, config->phase1);
		109	@@ -454,6 +469,20 @@ static int eap_tlv_validate_cryptobinding(struct eap_sm *sm,
		110	}
		111
		112
		113	+static bool peap_phase2_sufficient(struct eap_sm *sm,
		114	+ struct eap_peap_data *data)
		115	+{
		116	+ if ((data->phase2_auth == ALWAYS \|\|
		117	+ (data->phase2_auth == FOR_INITIAL &&
		118	+ !tls_connection_resumed(sm->ssl_ctx, data->ssl.conn) &&
		119	+ !data->ssl.client_cert_conf) \|\|
		120	+ data->phase2_eap_started) &&
		121	+ !data->phase2_eap_success)
		122	+ return false;
		123	+ return true;
		124	+}
		125	+
		126	+
		127	/**
		128	* eap_tlv_process - Process a received EAP-TLV message and generate a response
		129	* @sm: Pointer to EAP state machine allocated with eap_peer_sm_init()
		130	@@ -568,6 +597,11 @@ static int eap_tlv_process(struct eap_sm sm, struct eap_peap_data data,
		131	" - force failed Phase 2");
		132	resp_status = EAP_TLV_RESULT_FAILURE;
		133	ret->decision = DECISION_FAIL;
		134	+ } else if (!peap_phase2_sufficient(sm, data)) {
		135	+ wpa_printf(MSG_INFO,
		136	+ "EAP-PEAP: Server indicated Phase 2 success, but sufficient Phase 2 authentication has not been completed");
		137	+ resp_status = EAP_TLV_RESULT_FAILURE;
		138	+ ret->decision = DECISION_FAIL;
		139	} else {
		140	resp_status = EAP_TLV_RESULT_SUCCESS;
		141	ret->decision = DECISION_UNCOND_SUCC;
		142	@@ -887,8 +921,7 @@ continue_req:
		143	/* EAP-Success within TLS tunnel is used to indicate
		144	* shutdown of the TLS channel. The authentication has
		145	* been completed. */
		146	- if (data->phase2_eap_started &&
		147	- !data->phase2_eap_success) {
		148	+ if (!peap_phase2_sufficient(sm, data)) {
		149	wpa_printf(MSG_DEBUG, "EAP-PEAP: Phase 2 "
		150	"Success used to indicate success, "
		151	"but Phase 2 EAP was not yet "
		152	@@ -1199,8 +1232,9 @@ static struct wpabuf * eap_peap_process(struct eap_sm sm, void priv,
		153	static bool eap_peap_has_reauth_data(struct eap_sm sm, void priv)
		154	{
		155	struct eap_peap_data *data = priv;
		156	+
		157	return tls_connection_established(sm->ssl_ctx, data->ssl.conn) &&
		158	- data->phase2_success;
		159	+ data->phase2_success && data->phase2_auth != ALWAYS;
		160	}
		161
		162
		163	diff --git a/src/eap_peer/eap_tls_common.c b/src/eap_peer/eap_tls_common.c
		164	index c1837db..a53eeb1 100644
		165	--- a/src/eap_peer/eap_tls_common.c
		166	+++ b/src/eap_peer/eap_tls_common.c
		167	@@ -239,6 +239,12 @@ static int eap_tls_params_from_conf(struct eap_sm *sm,
		168
		169	sm->ext_cert_check = !!(params->flags & TLS_CONN_EXT_CERT_CHECK);
		170
		171	+ if (!phase2)
		172	+ data->client_cert_conf = params->client_cert \|\|
		173	+ params->client_cert_blob \|\|
		174	+ params->private_key \|\|
		175	+ params->private_key_blob;
		176	+
		177	return 0;
		178	}
		179
		180	diff --git a/src/eap_peer/eap_tls_common.h b/src/eap_peer/eap_tls_common.h
		181	index 9ac0012..3348634 100644
		182	--- a/src/eap_peer/eap_tls_common.h
		183	+++ b/src/eap_peer/eap_tls_common.h
		184	@@ -79,6 +79,11 @@ struct eap_ssl_data {
		185	* tls_v13 - Whether TLS v1.3 or newer is used
		186	*/
		187	int tls_v13;
		188	+
		189	+ /**
		190	+ * client_cert_conf: Whether client certificate has been configured
		191	+ */
		192	+ bool client_cert_conf;
		193	};
		194
		195
		196	--
		197	2.25.1
		198


diff --git a/meta-oe/recipes-connectivity/hostapd/hostapd_2.10.bb b/meta-oe/recipes-connectivity/hostapd/hostapd_2.10.bb index a745e7a404..5ef6ac64b2 100644 --- a/meta-oe/recipes-connectivity/hostapd/hostapd_2.10.bb +++ b/meta-oe/recipes-connectivity/hostapd/hostapd_2.10.bb
@@ -21,6 +21,7 @@ SRC_URI = " \
21	file://CVE-2024-3596_08.patch \	21	file://CVE-2024-3596_08.patch \
22	file://0001-SAE-Check-for-invalid-Rejected-Groups-element-length.patch \	22	file://0001-SAE-Check-for-invalid-Rejected-Groups-element-length.patch \
23	file://0003-SAE-Reject-invalid-Rejected-Groups-element-in-the-pa.patch \	23	file://0003-SAE-Reject-invalid-Rejected-Groups-element-in-the-pa.patch \
		24	file://CVE-2023-52160.patch \
24	"	25	"
25		26
26		27