Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package hostapd for openSUSE:Factory checked in at 2021-04-08 21:31:47 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/hostapd (Old) and /work/SRC/openSUSE:Factory/.hostapd.new.2401 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "hostapd" Thu Apr 8 21:31:47 2021 rev:41 rq:883455 version:2.9 Changes: -------- --- /work/SRC/openSUSE:Factory/hostapd/hostapd.changes 2021-03-03 18:34:56.655380675 +0100 +++ /work/SRC/openSUSE:Factory/.hostapd.new.2401/hostapd.changes 2021-04-08 21:31:48.907784051 +0200 @@ -1,0 +2,6 @@ +Tue Apr 6 14:51:18 UTC 2021 - Clemens Famulla-Conrad <[email protected]> + +- Add CVE-2021-30004.patch -- forging attacks may occur because + AlgorithmIdentifier parameters are mishandled in tls/pkcs1.c and tls/x509v3.c + (bsc#1184348) +------------------------------------------------------------------- New: ---- CVE-2021-30004.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ hostapd.spec ++++++ --- /var/tmp/diff_new_pack.v575KT/_old 2021-04-08 21:31:49.535784740 +0200 +++ /var/tmp/diff_new_pack.v575KT/_new 2021-04-08 21:31:49.539784744 +0200 @@ -17,7 +17,6 @@ %bcond_without apparmor - Name: hostapd Version: 2.9 Release: 0 @@ -34,6 +33,7 @@ Source5: apparmor-usr.sbin.hostapd Patch1: CVE-2019-16275.patch Patch2: CVE-2020-12695.patch +Patch3: CVE-2021-30004.patch BuildRequires: libnl3-devel BuildRequires: openssl-devel BuildRequires: pkgconfig ++++++ CVE-2021-30004.patch ++++++ >From a0541334a6394f8237a4393b7372693cd7e96f15 Mon Sep 17 00:00:00 2001 From: Jouni Malinen <[email protected]> Date: Sat, 13 Mar 2021 18:19:31 +0200 Subject: ASN.1: Validate DigestAlgorithmIdentifier parameters The supported hash algorithms do not use AlgorithmIdentifier parameters. However, there are implementations that include NULL parameters in addition to ones that omit the parameters. Previous implementation did not check the parameters value at all which supported both these cases, but did not reject any other unexpected information. Use strict validation of digest algorithm parameters and reject any unexpected value when validating a signature. This is needed to prevent potential forging attacks. Signed-off-by: Jouni Malinen <[email protected]> --- src/tls/pkcs1.c | 21 +++++++++++++++++++++ src/tls/x509v3.c | 20 ++++++++++++++++++++ 2 files changed, 41 insertions(+) diff --git a/src/tls/pkcs1.c b/src/tls/pkcs1.c index bbdb0d7..5761dfe 100644 --- a/src/tls/pkcs1.c +++ b/src/tls/pkcs1.c @@ -244,6 +244,8 @@ int pkcs1_v15_sig_ver(struct crypto_public_key *pk, os_free(decrypted); return -1; } + wpa_hexdump(MSG_MSGDUMP, "PKCS #1: DigestInfo", + hdr.payload, hdr.length); pos = hdr.payload; end = pos + hdr.length; @@ -265,6 +267,8 @@ int pkcs1_v15_sig_ver(struct crypto_public_key *pk, os_free(decrypted); return -1; } + wpa_hexdump(MSG_MSGDUMP, "PKCS #1: DigestAlgorithmIdentifier", + hdr.payload, hdr.length); da_end = hdr.payload + hdr.length; if (asn1_get_oid(hdr.payload, hdr.length, &oid, &next)) { @@ -273,6 +277,23 @@ int pkcs1_v15_sig_ver(struct crypto_public_key *pk, os_free(decrypted); return -1; } + wpa_hexdump(MSG_MSGDUMP, "PKCS #1: Digest algorithm parameters", + next, da_end - next); + + /* + * RFC 5754: The correct encoding for the SHA2 algorithms would be to + * omit the parameters, but there are implementation that encode these + * as a NULL element. Allow these two cases and reject anything else. + */ + if (da_end > next && + (asn1_get_next(next, da_end - next, &hdr) < 0 || + !asn1_is_null(&hdr) || + hdr.payload + hdr.length != da_end)) { + wpa_printf(MSG_DEBUG, + "PKCS #1: Unexpected digest algorithm parameters"); + os_free(decrypted); + return -1; + } if (!asn1_oid_equal(&oid, hash_alg)) { char txt[100], txt2[100]; diff --git a/src/tls/x509v3.c b/src/tls/x509v3.c index a8944dd..df337ec 100644 --- a/src/tls/x509v3.c +++ b/src/tls/x509v3.c @@ -1964,6 +1964,7 @@ int x509_check_signature(struct x509_certificate *issuer, os_free(data); return -1; } + wpa_hexdump(MSG_MSGDUMP, "X509: DigestInfo", hdr.payload, hdr.length); pos = hdr.payload; end = pos + hdr.length; @@ -1985,6 +1986,8 @@ int x509_check_signature(struct x509_certificate *issuer, os_free(data); return -1; } + wpa_hexdump(MSG_MSGDUMP, "X509: DigestAlgorithmIdentifier", + hdr.payload, hdr.length); da_end = hdr.payload + hdr.length; if (asn1_get_oid(hdr.payload, hdr.length, &oid, &next)) { @@ -1992,6 +1995,23 @@ int x509_check_signature(struct x509_certificate *issuer, os_free(data); return -1; } + wpa_hexdump(MSG_MSGDUMP, "X509: Digest algorithm parameters", + next, da_end - next); + + /* + * RFC 5754: The correct encoding for the SHA2 algorithms would be to + * omit the parameters, but there are implementation that encode these + * as a NULL element. Allow these two cases and reject anything else. + */ + if (da_end > next && + (asn1_get_next(next, da_end - next, &hdr) < 0 || + !asn1_is_null(&hdr) || + hdr.payload + hdr.length != da_end)) { + wpa_printf(MSG_DEBUG, + "X509: Unexpected digest algorithm parameters"); + os_free(data); + return -1; + } if (x509_sha1_oid(&oid)) { if (signature->oid.oid[6] != 5 /* sha-1WithRSAEncryption */) { -- cgit v0.12
