diff options
| author | Job Snijders <job@sobornost.net> | 2024-02-21 22:26:50 +0100 |
|---|---|---|
| committer | Tomas Mraz <tomas@openssl.org> | 2024-02-25 09:17:41 +0100 |
| commit | eadd8c4727b703049e4d2764751cb04f3108434d (patch) | |
| tree | abcf29b5404084d6b13362654658e7d94d3ea230 /CHANGES.md | |
| parent | apps/engine: add EC to list of capabilities (diff) | |
| download | openssl-eadd8c4727b703049e4d2764751cb04f3108434d.tar.xz openssl-eadd8c4727b703049e4d2764751cb04f3108434d.zip | |
Add appropriate lower bound checks for GeneralizedTime and UTCTime
ITU-T X.690 / ISO/IEC 8825-1 section 11.7 and section 11.8
impose specific constraints on how GeneralizedTime and UTCTime
can be encoded in BER/CER/DER. Following from these constraints
a minimum length can be derived.
Checking the length in this context can potentially help prevent
applications from interpreting an invalid GeneralizedTime as a
valid UTCTime.
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23483)
Diffstat (limited to 'CHANGES.md')
| -rw-r--r-- | CHANGES.md | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/CHANGES.md b/CHANGES.md index 49bb7671b4..962186be75 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -34,6 +34,12 @@ OpenSSL 3.3 *Ijtaba Hussain* + * The d2i_ASN1_GENERALIZEDTIME(), d2i_ASN1_UTCTIME(), ASN1_TIME_check(), and + related functions have been augmented to check for a minimum length of + the input string, in accordance with ITU-T X.690 section 11.7 and 11.8. + + *Job Snijders* + * The EVP_PKEY_fromdata function has been augmented to allow for the derivation of CRT (Chinese Remainder Theorem) parameters when requested. See the OSSL_PKEY_PARAM_RSA_DERIVE_FROM_PQ param in the EVP_PKEY-RSA documentation. |