DGNum/hostapd
6
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

wolfSSL: Fix wrong types in tls_wolfssl.c

Browse source 
wolfSSL_X509_get_ext_d2i() returns STACK_OF(GENERAL_NAME)* for
ALT_NAMES_OID therefore wolfSSL_sk_value needs to expect a
WOLFSSL_GENERAL_NAME*.

In addition, explicitly check for NULL return from wolfSSL_sk_value().

Signed-off-by: Juliusz Sosinowicz <juliusz@wolfssl.com>
This commit is contained in:
Juliusz Sosinowicz 2020-08-04 11:48:23 +02:00 committed by Jouni Malinen
parent 58c18bcf86
commit a49f628845
1 changed files with 27 additions and 20 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

43
src/crypto/tls_wolfssl.c
View file

@ -19,6 +19,7 @@
#include <wolfssl/ssl.h> #include <wolfssl/ssl.h>
#include <wolfssl/error-ssl.h> #include <wolfssl/error-ssl.h>
#include <wolfssl/wolfcrypt/asn.h> #include <wolfssl/wolfcrypt/asn.h>
#include <wolfssl/openssl/x509v3.h>
#if defined(EAP_FAST) || defined(EAP_FAST_DYNAMIC) || defined(EAP_SERVER_FAST) #if defined(EAP_FAST) || defined(EAP_FAST_DYNAMIC) || defined(EAP_SERVER_FAST)
#define HAVE_AESGCM #define HAVE_AESGCM
@ -576,7 +577,7 @@ static int tls_connection_private_key(void *tls_ctx,
static int tls_match_alt_subject_component(WOLFSSL_X509 *cert, int type, static int tls_match_alt_subject_component(WOLFSSL_X509 *cert, int type,
const char *value, size_t len) const char *value, size_t len)
{ {
WOLFSSL_ASN1_OBJECT *gen; WOLFSSL_GENERAL_NAME *gen;
void *ext; void *ext;
int found = 0; int found = 0;
int i; int i;
@ -585,14 +586,15 @@ static int tls_match_alt_subject_component(WOLFSSL_X509 *cert, int type,
for (i = 0; ext && i < wolfSSL_sk_num(ext); i++) { for (i = 0; ext && i < wolfSSL_sk_num(ext); i++) {
gen = wolfSSL_sk_value(ext, i); gen = wolfSSL_sk_value(ext, i);
if (gen->type != type) if (!gen || gen->type != type)
continue; continue;
if (os_strlen((char *) gen->obj) == len && if ((size_t) wolfSSL_ASN1_STRING_length(gen->d.ia5) == len &&
os_memcmp(value, gen->obj, len) == 0) os_memcmp(value, wolfSSL_ASN1_STRING_data(gen->d.ia5),
len) == 0)
found++; found++;
} }
wolfSSL_sk_ASN1_OBJECT_free(ext); wolfSSL_sk_GENERAL_NAME_free(ext);
return found; return found;
} }
@ -676,7 +678,7 @@ static int domain_suffix_match(const char *val, size_t len, const char *match,
static int tls_match_suffix_helper(WOLFSSL_X509 *cert, const char *match, static int tls_match_suffix_helper(WOLFSSL_X509 *cert, const char *match,
size_t match_len, int full) size_t match_len, int full)
{ {
WOLFSSL_ASN1_OBJECT *gen; WOLFSSL_GENERAL_NAME *gen;
void *ext; void *ext;
int i; int i;
int j; int j;
@ -690,13 +692,15 @@ static int tls_match_suffix_helper(WOLFSSL_X509 *cert, const char *match,
for (j = 0; ext && j < wolfSSL_sk_num(ext); j++) { for (j = 0; ext && j < wolfSSL_sk_num(ext); j++) {
gen = wolfSSL_sk_value(ext, j); gen = wolfSSL_sk_value(ext, j);
if (gen->type != ASN_DNS_TYPE) if (!gen || gen->type != ASN_DNS_TYPE)
continue; continue;
dns_name++; dns_name++;
wpa_hexdump_ascii(MSG_DEBUG, "TLS: Certificate dNSName", wpa_hexdump_ascii(MSG_DEBUG, "TLS: Certificate dNSName",
gen->obj, os_strlen((char *)gen->obj)); wolfSSL_ASN1_STRING_data(gen->d.ia5),
if (domain_suffix_match((const char *) gen->obj, wolfSSL_ASN1_STRING_length(gen->d.ia5));
os_strlen((char *) gen->obj), match, if (domain_suffix_match(
(const char *) wolfSSL_ASN1_STRING_data(gen->d.ia5),
wolfSSL_ASN1_STRING_length(gen->d.ia5), match,
match_len, full) == 1) { match_len, full) == 1) {
wpa_printf(MSG_DEBUG, "TLS: %s in dNSName found", wpa_printf(MSG_DEBUG, "TLS: %s in dNSName found",
full ? "Match" : "Suffix match"); full ? "Match" : "Suffix match");
@ -704,7 +708,7 @@ static int tls_match_suffix_helper(WOLFSSL_X509 *cert, const char *match,
return 1; return 1;
} }
} }
wolfSSL_sk_ASN1_OBJECT_free(ext); wolfSSL_sk_GENERAL_NAME_free(ext);
if (dns_name) { if (dns_name) {
wpa_printf(MSG_DEBUG, "TLS: None of the dNSName(s) matched"); wpa_printf(MSG_DEBUG, "TLS: None of the dNSName(s) matched");
@ -858,7 +862,7 @@ static void wolfssl_tls_cert_event(struct tls_connection *conn,
struct tls_context *context = conn->context; struct tls_context *context = conn->context;
char *alt_subject[TLS_MAX_ALT_SUBJECT]; char *alt_subject[TLS_MAX_ALT_SUBJECT];
int alt, num_alt_subject = 0; int alt, num_alt_subject = 0;
WOLFSSL_ASN1_OBJECT *gen; WOLFSSL_GENERAL_NAME *gen;
void *ext; void *ext;
int i; int i;
#ifdef CONFIG_SHA256 #ifdef CONFIG_SHA256
@ -899,12 +903,14 @@ static void wolfssl_tls_cert_event(struct tls_connection *conn,
if (num_alt_subject == TLS_MAX_ALT_SUBJECT) if (num_alt_subject == TLS_MAX_ALT_SUBJECT)
break; break;
gen = wolfSSL_sk_value((void *) ext, i); gen = wolfSSL_sk_value((void *) ext, i);
if (gen->type != GEN_EMAIL && if (!gen ||
(gen->type != GEN_EMAIL &&
gen->type != GEN_DNS && gen->type != GEN_DNS &&
gen->type != GEN_URI) gen->type != GEN_URI))
continue; continue;
pos = os_malloc(10 + os_strlen((char *) gen->obj) + 1); pos = os_malloc(10 + wolfSSL_ASN1_STRING_length(gen->d.ia5) +
1);
if (!pos) if (!pos)
break; break;
alt_subject[num_alt_subject++] = pos; alt_subject[num_alt_subject++] = pos;
@ -924,11 +930,12 @@ static void wolfssl_tls_cert_event(struct tls_connection *conn,
break; break;
} }
os_memcpy(pos, gen->obj, os_strlen((char *)gen->obj)); os_memcpy(pos, wolfSSL_ASN1_STRING_data(gen->d.ia5),
pos += os_strlen((char *)gen->obj); wolfSSL_ASN1_STRING_length(gen->d.ia5));
pos += wolfSSL_ASN1_STRING_length(gen->d.ia5);
*pos = '\0'; *pos = '\0';
} }
wolfSSL_sk_ASN1_OBJECT_free(ext); wolfSSL_sk_GENERAL_NAME_free(ext);
for (alt = 0; alt < num_alt_subject; alt++) for (alt = 0; alt < num_alt_subject; alt++)
ev.peer_cert.altsubject[alt] = alt_subject[alt]; ev.peer_cert.altsubject[alt] = alt_subject[alt];