summaryrefslogtreecommitdiffstats
path: root/meta/recipes-connectivity/wpa-supplicant
diff options
context:
space:
mode:
authorStefan Ghinea <stefan.ghinea@windriver.com>2021-04-08 19:43:30 +0300
committerRichard Purdie <richard.purdie@linuxfoundation.org>2021-04-18 11:37:25 +0100
commitf07d4c22349f292a1f7f052e847253f7011e2f1e (patch)
tree3cb638026e2204ceb3b18a1d11bb2d060f24aebd /meta/recipes-connectivity/wpa-supplicant
parent317907d736696dc597f7f4cb534471f0f8168c8b (diff)
downloadpoky-f07d4c22349f292a1f7f052e847253f7011e2f1e.tar.gz
wpa-supplicant: fix CVE-2021-30004
In wpa_supplicant and hostapd 2.9, forging attacks may occur because AlgorithmIdentifier parameters are mishandled in tls/pkcs1.c and tls/x509v3.c. References: https://nvd.nist.gov/vuln/detail/CVE-2021-30004 Upstream patches: https://w1.fi/cgit/hostap/commit/?id=a0541334a6394f8237a4393b7372693cd7e96f15 (From OE-Core rev: b32b671bf430b36a5547f8d822dbb760d6be47f7) Signed-off-by: Stefan Ghinea <stefan.ghinea@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-connectivity/wpa-supplicant')
-rw-r--r--meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2021-30004.patch123
-rw-r--r--meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.9.bb1
2 files changed, 124 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2021-30004.patch b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2021-30004.patch
new file mode 100644
index 0000000000..e2540fc26b
--- /dev/null
+++ b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2021-30004.patch
@@ -0,0 +1,123 @@
1From a0541334a6394f8237a4393b7372693cd7e96f15 Mon Sep 17 00:00:00 2001
2From: Jouni Malinen <j@w1.fi>
3Date: Sat, 13 Mar 2021 18:19:31 +0200
4Subject: [PATCH] ASN.1: Validate DigestAlgorithmIdentifier parameters
5
6The supported hash algorithms do not use AlgorithmIdentifier parameters.
7However, there are implementations that include NULL parameters in
8addition to ones that omit the parameters. Previous implementation did
9not check the parameters value at all which supported both these cases,
10but did not reject any other unexpected information.
11
12Use strict validation of digest algorithm parameters and reject any
13unexpected value when validating a signature. This is needed to prevent
14potential forging attacks.
15
16Signed-off-by: Jouni Malinen <j@w1.fi>
17
18Upstream-Status: Backport
19CVE: CVE-2021-30004
20
21Reference to upstream patch:
22[https://w1.fi/cgit/hostap/commit/?id=a0541334a6394f8237a4393b7372693cd7e96f15]
23
24Signed-off-by: Stefan Ghinea <stefan.ghinea@windriver.com>
25---
26 src/tls/pkcs1.c | 21 +++++++++++++++++++++
27 src/tls/x509v3.c | 20 ++++++++++++++++++++
28 2 files changed, 41 insertions(+)
29
30diff --git a/src/tls/pkcs1.c b/src/tls/pkcs1.c
31index 141ac50..e09db07 100644
32--- a/src/tls/pkcs1.c
33+++ b/src/tls/pkcs1.c
34@@ -240,6 +240,8 @@ int pkcs1_v15_sig_ver(struct crypto_public_key *pk,
35 os_free(decrypted);
36 return -1;
37 }
38+ wpa_hexdump(MSG_MSGDUMP, "PKCS #1: DigestInfo",
39+ hdr.payload, hdr.length);
40
41 pos = hdr.payload;
42 end = pos + hdr.length;
43@@ -261,6 +263,8 @@ int pkcs1_v15_sig_ver(struct crypto_public_key *pk,
44 os_free(decrypted);
45 return -1;
46 }
47+ wpa_hexdump(MSG_MSGDUMP, "PKCS #1: DigestAlgorithmIdentifier",
48+ hdr.payload, hdr.length);
49 da_end = hdr.payload + hdr.length;
50
51 if (asn1_get_oid(hdr.payload, hdr.length, &oid, &next)) {
52@@ -269,6 +273,23 @@ int pkcs1_v15_sig_ver(struct crypto_public_key *pk,
53 os_free(decrypted);
54 return -1;
55 }
56+ wpa_hexdump(MSG_MSGDUMP, "PKCS #1: Digest algorithm parameters",
57+ next, da_end - next);
58+
59+ /*
60+ * RFC 5754: The correct encoding for the SHA2 algorithms would be to
61+ * omit the parameters, but there are implementation that encode these
62+ * as a NULL element. Allow these two cases and reject anything else.
63+ */
64+ if (da_end > next &&
65+ (asn1_get_next(next, da_end - next, &hdr) < 0 ||
66+ !asn1_is_null(&hdr) ||
67+ hdr.payload + hdr.length != da_end)) {
68+ wpa_printf(MSG_DEBUG,
69+ "PKCS #1: Unexpected digest algorithm parameters");
70+ os_free(decrypted);
71+ return -1;
72+ }
73
74 if (!asn1_oid_equal(&oid, hash_alg)) {
75 char txt[100], txt2[100];
76diff --git a/src/tls/x509v3.c b/src/tls/x509v3.c
77index 1bd5aa0..bf2289f 100644
78--- a/src/tls/x509v3.c
79+++ b/src/tls/x509v3.c
80@@ -1834,6 +1834,7 @@ int x509_check_signature(struct x509_certificate *issuer,
81 os_free(data);
82 return -1;
83 }
84+ wpa_hexdump(MSG_MSGDUMP, "X509: DigestInfo", hdr.payload, hdr.length);
85
86 pos = hdr.payload;
87 end = pos + hdr.length;
88@@ -1855,6 +1856,8 @@ int x509_check_signature(struct x509_certificate *issuer,
89 os_free(data);
90 return -1;
91 }
92+ wpa_hexdump(MSG_MSGDUMP, "X509: DigestAlgorithmIdentifier",
93+ hdr.payload, hdr.length);
94 da_end = hdr.payload + hdr.length;
95
96 if (asn1_get_oid(hdr.payload, hdr.length, &oid, &next)) {
97@@ -1862,6 +1865,23 @@ int x509_check_signature(struct x509_certificate *issuer,
98 os_free(data);
99 return -1;
100 }
101+ wpa_hexdump(MSG_MSGDUMP, "X509: Digest algorithm parameters",
102+ next, da_end - next);
103+
104+ /*
105+ * RFC 5754: The correct encoding for the SHA2 algorithms would be to
106+ * omit the parameters, but there are implementation that encode these
107+ * as a NULL element. Allow these two cases and reject anything else.
108+ */
109+ if (da_end > next &&
110+ (asn1_get_next(next, da_end - next, &hdr) < 0 ||
111+ !asn1_is_null(&hdr) ||
112+ hdr.payload + hdr.length != da_end)) {
113+ wpa_printf(MSG_DEBUG,
114+ "X509: Unexpected digest algorithm parameters");
115+ os_free(data);
116+ return -1;
117+ }
118
119 if (x509_sha1_oid(&oid)) {
120 if (signature->oid.oid[6] != 5 /* sha-1WithRSAEncryption */) {
121--
1222.17.1
123
diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.9.bb b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.9.bb
index 357c28634a..cddcfb6811 100644
--- a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.9.bb
+++ b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.9.bb
@@ -32,6 +32,7 @@ SRC_URI = "http://w1.fi/releases/wpa_supplicant-${PV}.tar.gz \
32 file://0003-WPS-UPnP-Handle-HTTP-initiation-failures-for-events-.patch \ 32 file://0003-WPS-UPnP-Handle-HTTP-initiation-failures-for-events-.patch \
33 file://CVE-2021-0326.patch \ 33 file://CVE-2021-0326.patch \
34 file://CVE-2021-27803.patch \ 34 file://CVE-2021-27803.patch \
35 file://CVE-2021-30004.patch \
35 " 36 "
36SRC_URI[md5sum] = "2d2958c782576dc9901092fbfecb4190" 37SRC_URI[md5sum] = "2d2958c782576dc9901092fbfecb4190"
37SRC_URI[sha256sum] = "fcbdee7b4a64bea8177973299c8c824419c413ec2e3a95db63dd6a5dc3541f17" 38SRC_URI[sha256sum] = "fcbdee7b4a64bea8177973299c8c824419c413ec2e3a95db63dd6a5dc3541f17"