[wpa_supplicant] Cumulative patch from b8491ae5a
Also revert local solution for encrypted IMSI and use the upstream version.
Bug: 134177972
Test: Device boots up and connects to WPA3/OWE wifi networks, run traffic.
Test: Able to turn on/off softap, associate wifi STA, run traffic.
Test: Regression test passed (Bug: 137653009)
Change-Id: Ie34a0138a3a2039b03101c788b43acbb33f8332a
diff --git a/src/tls/asn1.c b/src/tls/asn1.c
index 822f87c..a08c2e1 100644
--- a/src/tls/asn1.c
+++ b/src/tls/asn1.c
@@ -22,6 +22,36 @@
};
+static int asn1_valid_der_boolean(struct asn1_hdr *hdr)
+{
+ /* Enforce DER requirements for a single way of encoding a BOOLEAN */
+ if (hdr->length != 1) {
+ wpa_printf(MSG_DEBUG, "ASN.1: Unexpected BOOLEAN length (%u)",
+ hdr->length);
+ return 0;
+ }
+
+ if (hdr->payload[0] != 0 && hdr->payload[0] != 0xff) {
+ wpa_printf(MSG_DEBUG,
+ "ASN.1: Invalid BOOLEAN value 0x%x (DER requires 0 or 0xff)",
+ hdr->payload[0]);
+ return 0;
+ }
+
+ return 1;
+}
+
+
+static int asn1_valid_der(struct asn1_hdr *hdr)
+{
+ if (hdr->class != ASN1_CLASS_UNIVERSAL)
+ return 1;
+ if (hdr->tag == ASN1_TAG_BOOLEAN && !asn1_valid_der_boolean(hdr))
+ return 0;
+ return 1;
+}
+
+
int asn1_get_next(const u8 *buf, size_t len, struct asn1_hdr *hdr)
{
const u8 *pos, *end;
@@ -91,7 +121,8 @@
}
hdr->payload = pos;
- return 0;
+
+ return asn1_valid_der(hdr) ? 0 : -1;
}