diff options
| author | Job Snijders <job@sobornost.net> | 2024-02-21 21:26:50 +0000 |
|---|---|---|
| committer | Tomas Mraz <tomas@openssl.org> | 2024-02-25 09:17:41 +0100 |
| commit | eadd8c4727b703049e4d2764751cb04f3108434d (patch) | |
| tree | abcf29b5404084d6b13362654658e7d94d3ea230 /include | |
| parent | 5d70f11823e3d8b7214a1e094b8a4f744ad396f5 (diff) | |
Add appropriate lower bound checks for GeneralizedTime and UTCTime
ITU-T X.690 / ISO/IEC 8825-1 section 11.7 and section 11.8
impose specific constraints on how GeneralizedTime and UTCTime
can be encoded in BER/CER/DER. Following from these constraints
a minimum length can be derived.
Checking the length in this context can potentially help prevent
applications from interpreting an invalid GeneralizedTime as a
valid UTCTime.
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23483)
Diffstat (limited to 'include')
| -rw-r--r-- | include/openssl/asn1err.h | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/include/openssl/asn1err.h b/include/openssl/asn1err.h index d4276220cb..61f90b4376 100644 --- a/include/openssl/asn1err.h +++ b/include/openssl/asn1err.h @@ -47,6 +47,7 @@ # define ASN1_R_EXPLICIT_TAG_NOT_CONSTRUCTED 120 # define ASN1_R_FIELD_MISSING 121 # define ASN1_R_FIRST_NUM_TOO_LARGE 122 +# define ASN1_R_GENERALIZEDTIME_IS_TOO_SHORT 232 # define ASN1_R_HEADER_TOO_LONG 123 # define ASN1_R_ILLEGAL_BITSTRING_FORMAT 175 # define ASN1_R_ILLEGAL_BOOLEAN 176 @@ -133,6 +134,7 @@ # define ASN1_R_UNSUPPORTED_CIPHER 228 # define ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE 167 # define ASN1_R_UNSUPPORTED_TYPE 196 +# define ASN1_R_UTCTIME_IS_TOO_SHORT 233 # define ASN1_R_WRONG_INTEGER_TYPE 225 # define ASN1_R_WRONG_PUBLIC_KEY_TYPE 200 # define ASN1_R_WRONG_TAG 168 |