diff --git a/src/internal.c b/src/internal.c index 516f7ccc68..d59559112c 100644 --- a/src/internal.c +++ b/src/internal.c @@ -13743,11 +13743,34 @@ static int CopyREQAttributes(WOLFSSL_X509* x509, DecodedCert* dCert) } #endif /* WOLFSSL_CERT_REQ */ +/* Copy an ASN-encoded date (type + length + data) into a WOLFSSL_ASN1_TIME. + * srcDate: ASN date buffer where [0]=type, [1]=length, [2..]=date bytes. + * srcDateLen: total length of srcDate (0 means no date present). */ +static void CopyDateToASN1_TIME(const byte* srcDate, int srcDateLen, + WOLFSSL_ASN1_TIME* dst) +{ + if (srcDateLen >= 2) { + /* Clamp the date length to the maximum allowed size. + * This needs to match the size of WOLFSSL_ASN1_TIME minus the + * the type and length fields. */ + const int maxSz = CTC_DATE_SIZE - 2; + const int copySz = (int)min(srcDate[1], maxSz); + dst->type = srcDate[0]; + dst->length = copySz; + XMEMCPY(dst->data, &srcDate[2], copySz); + } + else { + dst->length = 0; + } +} + /* Copy parts X509 needs from Decoded cert, 0 on success */ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert) { int ret = 0; +#ifdef WOLFSSL_SEP int minSz; +#endif if (x509 == NULL || dCert == NULL || dCert->subjectCNLen < 0) @@ -13820,22 +13843,10 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert) x509->hwSerialNumSz = 0; #endif /* WOLFSSL_SEP */ - if (dCert->beforeDateLen > 0) { - minSz = (int)min(dCert->beforeDate[1], MAX_DATE_SZ); - x509->notBefore.type = dCert->beforeDate[0]; - x509->notBefore.length = minSz; - XMEMCPY(x509->notBefore.data, &dCert->beforeDate[2], minSz); - } - else - x509->notBefore.length = 0; - if (dCert->afterDateLen > 0) { - minSz = (int)min(dCert->afterDate[1], MAX_DATE_SZ); - x509->notAfter.type = dCert->afterDate[0]; - x509->notAfter.length = minSz; - XMEMCPY(x509->notAfter.data, &dCert->afterDate[2], minSz); - } - else - x509->notAfter.length = 0; + CopyDateToASN1_TIME(dCert->beforeDate, dCert->beforeDateLen, + &x509->notBefore); + CopyDateToASN1_TIME(dCert->afterDate, dCert->afterDateLen, + &x509->notAfter); if (dCert->publicKey != NULL && dCert->pubKeySize != 0) { x509->pubKey.buffer = (byte*)XMALLOC( @@ -14217,29 +14228,10 @@ int CopyDecodedAcertToX509(WOLFSSL_X509_ACERT* x509, DecodedAcert* dAcert) } /* Copy before and after dates. */ - { - int minSz = 0; - - if (dAcert->beforeDateLen > 0) { - minSz = (int)min(dAcert->beforeDate[1], MAX_DATE_SZ); - x509->notBefore.type = dAcert->beforeDate[0]; - x509->notBefore.length = minSz; - XMEMCPY(x509->notBefore.data, &dAcert->beforeDate[2], minSz); - } - else { - x509->notBefore.length = 0; - } - - if (dAcert->afterDateLen > 0) { - minSz = (int)min(dAcert->afterDate[1], MAX_DATE_SZ); - x509->notAfter.type = dAcert->afterDate[0]; - x509->notAfter.length = minSz; - XMEMCPY(x509->notAfter.data, &dAcert->afterDate[2], minSz); - } - else { - x509->notAfter.length = 0; - } - } + CopyDateToASN1_TIME(dAcert->beforeDate, dAcert->beforeDateLen, + &x509->notBefore); + CopyDateToASN1_TIME(dAcert->afterDate, dAcert->afterDateLen, + &x509->notAfter); /* Copy the signature. */ if (dAcert->signature != NULL && dAcert->sigLength != 0 && diff --git a/src/ssl_api_crl_ocsp.c b/src/ssl_api_crl_ocsp.c index 0bd3237c66..677aad4681 100644 --- a/src/ssl_api_crl_ocsp.c +++ b/src/ssl_api_crl_ocsp.c @@ -424,7 +424,7 @@ int wolfSSL_get_ocsp_producedDate_tm(WOLFSSL *ssl, struct tm *produced_tm) { if (ExtractDate(ssl->ocspProducedDate, (unsigned char)ssl->ocspProducedDateFormat, produced_tm, &idx, - MAX_DATE_SZ)) + MAX_DATE_SIZE)) return 0; else return ASN_PARSE_E; diff --git a/src/x509.c b/src/x509.c index 8fc8edc57b..48720eda71 100644 --- a/src/x509.c +++ b/src/x509.c @@ -4419,8 +4419,14 @@ const byte* wolfSSL_X509_notBefore(WOLFSSL_X509* x509) { WOLFSSL_ENTER("wolfSSL_X509_notBefore"); - if (x509 == NULL) + if (x509 == NULL) { return NULL; + } + + if (x509->notBefore.length < 0 || + x509->notBefore.length > (int)sizeof(x509->notBeforeData) - 2) { + return NULL; + } XMEMSET(x509->notBeforeData, 0, sizeof(x509->notBeforeData)); x509->notBeforeData[0] = (byte)x509->notBefore.type; @@ -4437,8 +4443,14 @@ const byte* wolfSSL_X509_notAfter(WOLFSSL_X509* x509) { WOLFSSL_ENTER("wolfSSL_X509_notAfter"); - if (x509 == NULL) + if (x509 == NULL) { return NULL; + } + + if (x509->notAfter.length < 0 || + x509->notAfter.length > (int)sizeof(x509->notAfterData) - 2) { + return NULL; + } XMEMSET(x509->notAfterData, 0, sizeof(x509->notAfterData)); x509->notAfterData[0] = (byte)x509->notAfter.type; @@ -16060,6 +16072,10 @@ int wolfSSL_X509_set_notAfter(WOLFSSL_X509* x509, const WOLFSSL_ASN1_TIME* t) return WOLFSSL_FAILURE; } + if (t->length < 0 || t->length > CTC_DATE_SIZE - 2) { + return WOLFSSL_FAILURE; + } + x509->notAfter.type = t->type; x509->notAfter.length = t->length; @@ -16074,6 +16090,10 @@ int wolfSSL_X509_set_notBefore(WOLFSSL_X509* x509, const WOLFSSL_ASN1_TIME* t) return WOLFSSL_FAILURE; } + if (t->length < 0 || t->length > CTC_DATE_SIZE - 2) { + return WOLFSSL_FAILURE; + } + x509->notBefore.type = t->type; x509->notBefore.length = t->length; diff --git a/wolfssl/internal.h b/wolfssl/internal.h index 216b75bde1..53981450e8 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -2471,10 +2471,6 @@ struct WOLFSSL_OCSP { }; #endif -#ifndef MAX_DATE_SIZE -#define MAX_DATE_SIZE 32 -#endif - typedef struct CRL_Entry CRL_Entry; #if defined(WOLFSSL_SM2) && defined(WOLFSSL_SM3) @@ -5312,10 +5308,6 @@ typedef struct Arrays { #endif #endif -#ifndef MAX_DATE_SZ -#define MAX_DATE_SZ 32 -#endif - typedef enum { STACK_TYPE_X509 = 0, STACK_TYPE_GEN_NAME = 1, @@ -6327,7 +6319,7 @@ struct WOLFSSL { #endif /* HAVE_TLS_EXTENSIONS */ #ifdef HAVE_OCSP void* ocspIOCtx; - byte ocspProducedDate[MAX_DATE_SZ]; + byte ocspProducedDate[MAX_DATE_SIZE]; int ocspProducedDateFormat; buffer ocspCsrResp[1 + MAX_CHAIN_DEPTH]; #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) diff --git a/wolfssl/wolfcrypt/asn.h b/wolfssl/wolfcrypt/asn.h index 08dab649ae..6c04b4d2c0 100644 --- a/wolfssl/wolfcrypt/asn.h +++ b/wolfssl/wolfcrypt/asn.h @@ -1272,7 +1272,7 @@ enum Misc_ASN { DSA_PARAM_INTS = 3, /* DSA parameter ints */ RSA_PUB_INTS = 2, /* RSA ints in public key */ MIN_DATE_SIZE = 12, - MAX_DATE_SIZE = 32, + MAX_DATE_SIZE = CTC_DATE_SIZE, ASN_GEN_TIME_SZ = 15, /* 7 numbers * 2 + Zulu tag */ #ifdef WOLFSSL_CERT_GEN