Bug 1946680 (CVE-2021-30004)

Summary: CVE-2021-30004 wpa_supplicant: mishandled AlgorithmIdentifier parameters may lead to forging attacks
Product: [Other] Security Response Reporter: Guilherme de Almeida Suckevicz <gsuckevi>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED NOTABUG QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: bgalvani, blueowl, dcaratti, dcbw, linville, lkundrak, negativo17, sukulkar
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: wpa_supplicant 2.10 Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in wpa_supplicant, in the way it handled digest algorithm parameters when validating a signature. This flaw could be exploited to perform potential forging attacks. The highest threat from this vulnerability is to data integrity.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2021-04-09 11:35:09 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1947676, 1947677    
Bug Blocks: 1946681    

Description Guilherme de Almeida Suckevicz 2021-04-06 16:31:49 UTC 
In wpa_supplicant and hostapd 2.9, forging attacks may occur because AlgorithmIdentifier parameters are mishandled in tls/pkcs1.c and tls/x509v3.c.

Reference and upstream patch:
https://w1.fi/cgit/hostap/commit/?id=a0541334a6394f8237a4393b7372693cd7e96f15
Comment 2 Mauro Matteo Cascella 2021-04-09 09:51:54 UTC 
Statement:

This issue only affects the "internal" TLS implementation. The versions of `wpa_supplicant` as shipped with Red Hat Enterprise Linux 6, 7, and 8 are not affected by this flaw, as they use the OpenSSL implementation by default. More specifically, the `CONFIG_TLS=internal` flag is not set at compile time.
Comment 3 Mauro Matteo Cascella 2021-04-09 10:16:30 UTC 
In reply to comment #2:
> More specifically, the `CONFIG_TLS=internal` flag is not set at
> compile time.

CONFIG_TLS is not set in the build time configuration file:

# Select TLS implementation
# openssl = OpenSSL (default)
# gnutls = GnuTLS
# internal = Internal TLSv1 implementation (experimental)
# linux = Linux kernel AF_ALG and internal TLSv1 implementation (experimental)
# none = Empty template
#CONFIG_TLS=openssl

This is an excerpt of the Makefile:

ifndef CONFIG_TLS
CONFIG_TLS=openssl
endif
...
ifeq ($(CONFIG_TLS), internal)
...
OBJS += ../src/tls/x509v3.o
OBJS += ../src/tls/pkcs1.o
...

As can be seen, the affected object files are included if CONFIG_TLS=internal, but CONFIG_TLS is set to openssl a few lines above.
Comment 4 Product Security DevOps Team 2021-04-09 11:35:09 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2021-30004