From patchwork Tue Aug  4 09:48:23 2020
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Juliusz Sosinowicz <juliusz@wolfssl.com>
X-Patchwork-Id: 1341285
Return-Path: 
 <hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
 spf=none (no SPF record) smtp.mailfrom=lists.infradead.org
 (client-ip=2001:8b0:10b:1231::1; helo=merlin.infradead.org;
 envelope-from=hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org;
 receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org;
 dmarc=fail (p=none dis=none) header.from=wolfssl.com
Authentication-Results: ozlabs.org;
	dkim=pass (2048-bit key;
 secure) header.d=lists.infradead.org header.i=@lists.infradead.org
 header.a=rsa-sha256 header.s=merlin.20170209 header.b=BgJP3WN7;
	dkim-atps=neutral
Received: from merlin.infradead.org (merlin.infradead.org
 [IPv6:2001:8b0:10b:1231::1])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest
 SHA256)
	(No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 4BMG0z0k2kz9sPC
	for <incoming@patchwork.ozlabs.org>; Thu,  6 Aug 2020 01:35:46 +1000 (AEST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
	d=lists.infradead.org; s=merlin.20170209; h=Sender:Content-Transfer-Encoding:
	Content-Type:Cc:List-Subscribe:List-Help:List-Post:List-Archive:
	List-Unsubscribe:List-Id:MIME-Version:Message-Id:Date:Subject:To:From:
	Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender
	:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Owner;
	bh=OUlri5sI3tjSic7Wgc24K/60SXpZIn+sXEHCgIgzrbE=; b=BgJP3WN7dJ5Syp42EVKwalKujc
	3Eqvvxf80KfRazGS3pOjNKJ+GWyr8E3cd7hinabeJWYcPxTfZiKdRr+gy8fcKxVGWtJ4jFSeVonF7
	ewl1K2Ke5Kv9tmmC2jy6+knyQsd71xlDlrBfEmg56LyvDsnts9N80O1TIDFl4RBnDxAey6D/XhjQd
	Qjsa6fM2GNumVYV1PZS4VyjgH7d90KOwuCfnXVDbghw2rmqiFSwK3912Eh9VitSBMLLhdjH/UOAd7
	LifylxzxeG+xaU/myu9CZVFBKib90Py2fkhgwAg61Di5NlB9hI6sq8ELy9PVrbp6A+3wGvWcHFc5n
	4Erq7/hA==;
Received: from localhost ([::1] helo=merlin.infradead.org)
	by merlin.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux))
	id 1k3LRO-0006GQ-Ly; Wed, 05 Aug 2020 15:34:54 +0000
Received: from p3plsmtpa11-10.prod.phx3.secureserver.net ([68.178.252.111])
 by merlin.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux))
 id 1k2tZI-0001fJ-Nm
 for hostap@lists.infradead.org; Tue, 04 Aug 2020 09:49:14 +0000
Received: from localhost.localdomain ([77.254.7.13]) by :SMTPAUTH: with
 ESMTPSA
 id 2tYWkyBbvcZaE2tZCkglSy; Tue, 04 Aug 2020 02:49:07 -0700
X-CMAE-Analysis: v=2.3 cv=W7BGqiek c=1 sm=1 tr=0
 a=wJoMW5e4oyNtTtYMQykkDQ==:117 a=wJoMW5e4oyNtTtYMQykkDQ==:17 a=VTTltBjBAAAA:8
 a=7NGKZ9dLfqGJ43gOuCMA:9 a=uGjOdb-3P0GsCTwr:21 a=VgyYvZeDp5Jm-646:21
 a=on_vo79ac8RWgsiwd8Ea:22
X-SECURESERVER-ACCT: juliusz@wolfssl.com
From: Juliusz Sosinowicz <juliusz@wolfssl.com>
To: hostap@lists.infradead.org
Subject: [PATCH] Fix wrong types in tls_wolfssl.c
Date: Tue,  4 Aug 2020 11:48:23 +0200
Message-Id: <20200804094823.59816-1-juliusz@wolfssl.com>
X-Mailer: git-send-email 2.25.1
MIME-Version: 1.0
X-CMAE-Envelope: 
 MS4wfO+6kdJzeemp9logprTy3CGxw5kFcE8NHm0Xq7xWmfwgb4rDm/PY43ttifKnakXTKfe0MjZ0IBr1PzepRg+SrypkjM+ABqd6MJTpkGwFpCqSSt7CuYrm
 NG0akFpMsxP+0LCI4xq8W4CLhUs5SAaeb7CucZNXlnWQHavmZtDTk2DZ9Zigy6iu5/LvtiN7PxYVFPAHGHBFjljomDfq8pblmLY=
X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 
X-CRM114-CacheID: sfid-20200804_054912_870096_219BEAF9 
X-CRM114-Status: GOOD (  14.28  )
X-Spam-Score: 0.0 (/)
X-Spam-Report: SpamAssassin version 3.4.4 on merlin.infradead.org summary:
 Content analysis details:   (0.0 points)
 pts rule name              description
 ---- ----------------------
 --------------------------------------------------
 -0.0 RCVD_IN_DNSWL_NONE     RBL: Sender listed at https://www.dnswl.org/,
 no trust [68.178.252.111 listed in list.dnswl.org]
 0.0 RCVD_IN_MSPIKE_H3      RBL: Good reputation (+3)
 [68.178.252.111 listed in wl.mailspike.net]
 0.0 SPF_HELO_NONE          SPF: HELO does not publish an SPF Record
 -0.0 SPF_PASS               SPF: sender matches SPF record
 0.0 RCVD_IN_MSPIKE_WL      Mailspike good senders
X-Mailman-Approved-At: Wed, 05 Aug 2020 11:34:54 -0400
X-BeenThere: hostap@lists.infradead.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <hostap.lists.infradead.org>
List-Unsubscribe: <http://lists.infradead.org/mailman/options/hostap>,
 <mailto:hostap-request@lists.infradead.org?subject=unsubscribe>
List-Archive: <http://lists.infradead.org/pipermail/hostap/>
List-Post: <mailto:hostap@lists.infradead.org>
List-Help: <mailto:hostap-request@lists.infradead.org?subject=help>
List-Subscribe: <http://lists.infradead.org/mailman/listinfo/hostap>,
 <mailto:hostap-request@lists.infradead.org?subject=subscribe>
Cc: Juliusz Sosinowicz <juliusz@wolfssl.com>
Sender: "Hostap" <hostap-bounces@lists.infradead.org>
Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org

wolfSSL_X509_get_ext_d2i returns STACK_OF(GENERAL_NAME)* for ALT_NAMES_OID therefore wolfSSL_sk_value needs to expect a WOLFSSL_GENERAL_NAME*.

Signed-off-by: Juliusz Sosinowicz <juliusz@wolfssl.com>
---
 src/crypto/tls_wolfssl.c | 41 ++++++++++++++++++++++------------------
 1 file changed, 23 insertions(+), 18 deletions(-)

diff --git a/src/crypto/tls_wolfssl.c b/src/crypto/tls_wolfssl.c
index 11e658220..9375173e3 100644
--- a/src/crypto/tls_wolfssl.c
+++ b/src/crypto/tls_wolfssl.c
@@ -19,6 +19,7 @@
 #include <wolfssl/ssl.h>
 #include <wolfssl/error-ssl.h>
 #include <wolfssl/wolfcrypt/asn.h>
+#include <wolfssl/openssl/x509v3.h>
 
 #if defined(EAP_FAST) || defined(EAP_FAST_DYNAMIC) || defined(EAP_SERVER_FAST)
 #define HAVE_AESGCM
@@ -576,7 +577,7 @@ static int tls_connection_private_key(void *tls_ctx,
 static int tls_match_alt_subject_component(WOLFSSL_X509 *cert, int type,
 					   const char *value, size_t len)
 {
-	WOLFSSL_ASN1_OBJECT *gen;
+    WOLFSSL_GENERAL_NAME *gen;
 	void *ext;
 	int found = 0;
 	int i;
@@ -585,14 +586,14 @@ static int tls_match_alt_subject_component(WOLFSSL_X509 *cert, int type,
 
 	for (i = 0; ext && i < wolfSSL_sk_num(ext); i++) {
 		gen = wolfSSL_sk_value(ext, i);
-		if (gen->type != type)
+		if (gen == NULL || gen->type != type)
 			continue;
-		if (os_strlen((char *) gen->obj) == len &&
-		    os_memcmp(value, gen->obj, len) == 0)
+		if (wolfSSL_ASN1_STRING_length(gen->d.ia5) == len &&
+		    os_memcmp(value, wolfSSL_ASN1_STRING_data(gen->d.ia5), len) == 0)
 			found++;
 	}
 
-	wolfSSL_sk_ASN1_OBJECT_free(ext);
+	wolfSSL_sk_GENERAL_NAME_free(ext);
 
 	return found;
 }
@@ -676,7 +677,7 @@ static int domain_suffix_match(const char *val, size_t len, const char *match,
 static int tls_match_suffix_helper(WOLFSSL_X509 *cert, const char *match,
 				   size_t match_len, int full)
 {
-	WOLFSSL_ASN1_OBJECT *gen;
+    WOLFSSL_GENERAL_NAME *gen;
 	void *ext;
 	int i;
 	int j;
@@ -690,13 +691,15 @@ static int tls_match_suffix_helper(WOLFSSL_X509 *cert, const char *match,
 
 	for (j = 0; ext && j < wolfSSL_sk_num(ext); j++) {
 		gen = wolfSSL_sk_value(ext, j);
-		if (gen->type != ASN_DNS_TYPE)
+		if (gen == NULL || gen->type != ASN_DNS_TYPE)
 			continue;
 		dns_name++;
 		wpa_hexdump_ascii(MSG_DEBUG, "TLS: Certificate dNSName",
-				  gen->obj, os_strlen((char *)gen->obj));
-		if (domain_suffix_match((const char *) gen->obj,
-					os_strlen((char *) gen->obj), match,
+		        wolfSSL_ASN1_STRING_data(gen->d.ia5),
+		        wolfSSL_ASN1_STRING_length(gen->d.ia5));
+		if (domain_suffix_match(
+		        (const char *) wolfSSL_ASN1_STRING_data(gen->d.ia5),
+                wolfSSL_ASN1_STRING_length(gen->d.ia5), match,
 					match_len, full) == 1) {
 			wpa_printf(MSG_DEBUG, "TLS: %s in dNSName found",
 				   full ? "Match" : "Suffix match");
@@ -704,7 +707,7 @@ static int tls_match_suffix_helper(WOLFSSL_X509 *cert, const char *match,
 			return 1;
 		}
 	}
-	wolfSSL_sk_ASN1_OBJECT_free(ext);
+	wolfSSL_sk_GENERAL_NAME_free(ext);
 
 	if (dns_name) {
 		wpa_printf(MSG_DEBUG, "TLS: None of the dNSName(s) matched");
@@ -858,7 +861,7 @@ static void wolfssl_tls_cert_event(struct tls_connection *conn,
 	struct tls_context *context = conn->context;
 	char *alt_subject[TLS_MAX_ALT_SUBJECT];
 	int alt, num_alt_subject = 0;
-	WOLFSSL_ASN1_OBJECT *gen;
+	WOLFSSL_GENERAL_NAME *gen;
 	void *ext;
 	int i;
 #ifdef CONFIG_SHA256
@@ -899,12 +902,13 @@ static void wolfssl_tls_cert_event(struct tls_connection *conn,
 		if (num_alt_subject == TLS_MAX_ALT_SUBJECT)
 			break;
 		gen = wolfSSL_sk_value((void *) ext, i);
-		if (gen->type != GEN_EMAIL &&
+		if (gen == NULL ||
+           (gen->type != GEN_EMAIL &&
 		    gen->type != GEN_DNS &&
-		    gen->type != GEN_URI)
+		    gen->type != GEN_URI))
 			continue;
 
-		pos = os_malloc(10 + os_strlen((char *) gen->obj) + 1);
+		pos = os_malloc(10 + wolfSSL_ASN1_STRING_length(gen->d.ia5) + 1);
 		if (!pos)
 			break;
 		alt_subject[num_alt_subject++] = pos;
@@ -924,11 +928,12 @@ static void wolfssl_tls_cert_event(struct tls_connection *conn,
 			break;
 		}
 
-		os_memcpy(pos, gen->obj, os_strlen((char *)gen->obj));
-		pos += os_strlen((char *)gen->obj);
+		os_memcpy(pos, wolfSSL_ASN1_STRING_data(gen->d.ia5),
+		               wolfSSL_ASN1_STRING_length(gen->d.ia5));
+		pos += wolfSSL_ASN1_STRING_length(gen->d.ia5);
 		*pos = '\0';
 	}
-	wolfSSL_sk_ASN1_OBJECT_free(ext);
+	wolfSSL_sk_GENERAL_NAME_free(ext);
 
 	for (alt = 0; alt < num_alt_subject; alt++)
 		ev.peer_cert.altsubject[alt] = alt_subject[alt];