In wpa_supplicant and hostapd 2.9, forging attacks may occur because AlgorithmIdentifier parameters are mishandled in tls/pkcs1.c and tls/x509v3.c.
Reference and upstream patch:
This issue only affects the "internal" TLS implementation. The versions of `wpa_supplicant` as shipped with Red Hat Enterprise Linux 6, 7, and 8 are not affected by this flaw, as they use the OpenSSL implementation by default. More specifically, the `CONFIG_TLS=internal` flag is not set at compile time.
In reply to comment #2:
> More specifically, the `CONFIG_TLS=internal` flag is not set at
> compile time.
CONFIG_TLS is not set in the build time configuration file:
# Select TLS implementation
# openssl = OpenSSL (default)
# gnutls = GnuTLS
# internal = Internal TLSv1 implementation (experimental)
# linux = Linux kernel AF_ALG and internal TLSv1 implementation (experimental)
# none = Empty template
This is an excerpt of the Makefile:
ifeq ($(CONFIG_TLS), internal)
OBJS += ../src/tls/x509v3.o
OBJS += ../src/tls/pkcs1.o
As can be seen, the affected object files are included if CONFIG_TLS=internal, but CONFIG_TLS is set to openssl a few lines above.
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):