diff options
author | Job Snijders <job@sobornost.net> | 2024-02-21 21:26:50 +0000 |
---|---|---|
committer | Tomas Mraz <tomas@openssl.org> | 2024-02-25 09:17:41 +0100 |
commit | eadd8c4727b703049e4d2764751cb04f3108434d (patch) | |
tree | abcf29b5404084d6b13362654658e7d94d3ea230 /crypto/asn1/a_time.c | |
parent | 5d70f11823e3d8b7214a1e094b8a4f744ad396f5 (diff) |
Add appropriate lower bound checks for GeneralizedTime and UTCTime
ITU-T X.690 / ISO/IEC 8825-1 section 11.7 and section 11.8
impose specific constraints on how GeneralizedTime and UTCTime
can be encoded in BER/CER/DER. Following from these constraints
a minimum length can be derived.
Checking the length in this context can potentially help prevent
applications from interpreting an invalid GeneralizedTime as a
valid UTCTime.
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23483)
Diffstat (limited to 'crypto/asn1/a_time.c')
-rw-r--r-- | crypto/asn1/a_time.c | 8 |
1 files changed, 3 insertions, 5 deletions
diff --git a/crypto/asn1/a_time.c b/crypto/asn1/a_time.c index 931e2854d6..25d306a3a6 100644 --- a/crypto/asn1/a_time.c +++ b/crypto/asn1/a_time.c @@ -79,7 +79,7 @@ int ossl_asn1_time_to_tm(struct tm *tm, const ASN1_TIME *d) static const int max[9] = { 99, 99, 12, 31, 23, 59, 59, 12, 59 }; static const int mdays[12] = { 31, 28, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31 }; char *a; - int n, i, i2, l, o, min_l = 11, strict = 0, end = 6, btz = 5, md; + int n, i, i2, l, o, min_l, strict = 0, end = 6, btz = 5, md; struct tm tmp; #if defined(CHARSET_EBCDIC) const char upper_z = 0x5A, num_zero = 0x30, period = 0x2E, minus = 0x2D, plus = 0x2B; @@ -95,18 +95,16 @@ int ossl_asn1_time_to_tm(struct tm *tm, const ASN1_TIME *d) * 3. "+|-" is not allowed to indicate a timezone */ if (d->type == V_ASN1_UTCTIME) { + min_l = 13; if (d->flags & ASN1_STRING_FLAG_X509_TIME) { - min_l = 13; strict = 1; } } else if (d->type == V_ASN1_GENERALIZEDTIME) { end = 7; btz = 6; + min_l = 15; if (d->flags & ASN1_STRING_FLAG_X509_TIME) { - min_l = 15; strict = 1; - } else { - min_l = 13; } } else { return 0; |