]> git.ipfire.org Git - thirdparty/openssl.git/commit
projects / thirdparty / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 5d70f11) | patch
Add appropriate lower bound checks for GeneralizedTime and UTCTime
authorJob Snijders <job@sobornost.net>
Wed, 21 Feb 2024 21:26:50 +0000 (21:26 +0000)
committerTomas Mraz <tomas@openssl.org>
Sun, 25 Feb 2024 08:17:41 +0000 (09:17 +0100)
commiteadd8c4727b703049e4d2764751cb04f3108434d
treeabcf29b5404084d6b13362654658e7d94d3ea230tree | snapshot
parent5d70f11823e3d8b7214a1e094b8a4f744ad396f5commit | diff
Add appropriate lower bound checks for GeneralizedTime and UTCTime

ITU-T X.690 / ISO/IEC 8825-1 section 11.7 and section 11.8
impose specific constraints on how GeneralizedTime and UTCTime
can be encoded in BER/CER/DER. Following from these constraints
a minimum length can be derived.

Checking the length in this context can potentially help prevent
applications from interpreting an invalid GeneralizedTime as a
valid UTCTime.

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23483)
CHANGES.md diff | blob | blame | history
crypto/asn1/a_time.c diff | blob | blame | history
crypto/asn1/asn1_err.c diff | blob | blame | history
crypto/asn1/tasn_dec.c diff | blob | blame | history
crypto/err/openssl.txt diff | blob | blame | history
include/openssl/asn1err.h diff | blob | blame | history
test/asn1_decode_test.c diff | blob | blame | history
test/asn1_time_test.c diff | blob | blame | history
test/x509_time_test.c diff | blob | blame | history
A mirror of the official openssl repository