db-move: moved nautilus from [testing] to [extra] (x86_64)

[arch-packages.git] / wpa_supplicant / trunk / lower_security_level_for_tls_1.patch

From bc99366f9b960150aa2e369048bbc2218c1d414e Mon Sep 17 00:00:00 2001
From: Jouni Malinen <j@w1.fi>
Date: Sun, 22 May 2022 17:01:35 +0300
Subject: [PATCH] OpenSSL: Drop security level to 0 with OpenSSL 3.0 when using
 TLS 1.0/1.1

Commit 9afb68b03976 ("OpenSSL: Allow systemwide secpolicy overrides for
TLS version") with commit 58bbcfa31b18 ("OpenSSL: Update security level
drop for TLS 1.0/1.1 with OpenSSL 3.0") allow this workaround to be
enabled with an explicit network configuration parameter. However, the
default settings are still allowing TLS 1.0 and 1.1 to be negotiated
just to see them fail immediately when using OpenSSL 3.0. This is not
exactly helpful especially when the OpenSSL error message for this
particular case is "internal error" which does not really say anything
about the reason for the error.

It is is a bit inconvenient to update the security policy for this
particular issue based on the negotiated TLS version since that happens
in the middle of processing for the first message from the server.
However, this can be done by using the debug callback for printing out
the received TLS messages during processing.

Drop the OpenSSL security level to 0 if that is the only option to
continue the TLS negotiation, i.e., when TLS 1.0/1.1 are still allowed
in wpa_supplicant default configuration and OpenSSL 3.0 with the
constraint on MD5-SHA1 use.

Signed-off-by: Jouni Malinen <j@w1.fi>
---
 src/crypto/tls_openssl.c | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
index 6602ac64f..78621d926 100644
--- a/src/crypto/tls_openssl.c
+++ b/src/crypto/tls_openssl.c
@@ -1557,6 +1557,15 @@ static void tls_msg_cb(int write_p, int version, int content_type,
        struct tls_connection *conn = arg;
        const u8 *pos = buf;
 
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+       if ((SSL_version(ssl) == TLS1_VERSION ||
+            SSL_version(ssl) == TLS1_1_VERSION) &&
+           SSL_get_security_level(ssl) > 0) {
+               wpa_printf(MSG_DEBUG,
+                          "OpenSSL: Drop security level to 0 to allow TLS 1.0/1.1 use of MD5-SHA1 signature algorithm");
+               SSL_set_security_level(ssl, 0);
+       }
+#endif /* OpenSSL version >= 3.0 */
        if (write_p == 2) {
                wpa_printf(MSG_DEBUG,
                           "OpenSSL: session ver=0x%x content_type=%d",