In wpa_supplicant and hostapd 2.9, forging attacks may occur because AlgorithmIdentifier parameters are mishandled in tls/pkcs1.c and tls/x509v3.c. Reference and upstream patch: https://w1.fi/cgit/hostap/commit/?id=a0541334a6394f8237a4393b7372693cd7e96f15
Statement: This issue only affects the "internal" TLS implementation. The versions of `wpa_supplicant` as shipped with Red Hat Enterprise Linux 6, 7, and 8 are not affected by this flaw, as they use the OpenSSL implementation by default. More specifically, the `CONFIG_TLS=internal` flag is not set at compile time.
In reply to comment #2: > More specifically, the `CONFIG_TLS=internal` flag is not set at > compile time. CONFIG_TLS is not set in the build time configuration file: # Select TLS implementation # openssl = OpenSSL (default) # gnutls = GnuTLS # internal = Internal TLSv1 implementation (experimental) # linux = Linux kernel AF_ALG and internal TLSv1 implementation (experimental) # none = Empty template #CONFIG_TLS=openssl This is an excerpt of the Makefile: ifndef CONFIG_TLS CONFIG_TLS=openssl endif ... ifeq ($(CONFIG_TLS), internal) ... OBJS += ../src/tls/x509v3.o OBJS += ../src/tls/pkcs1.o ... As can be seen, the affected object files are included if CONFIG_TLS=internal, but CONFIG_TLS is set to openssl a few lines above.
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2021-30004