diff options
| author | tb <> | 2023-12-16 12:56:20 +0000 |
|---|---|---|
| committer | tb <> | 2023-12-16 12:56:20 +0000 |
| commit | 26b7f662a282a4d86a72d956c7f5a7256cb1666f (patch) | |
| tree | 32e2014726afa0f9bada79993c22be886cf461c9 /src | |
| parent | f4bbf94c75e0eb6961421e3a15395c0c9c5a701f (diff) | |
| download | openbsd-26b7f662a282a4d86a72d956c7f5a7256cb1666f.tar.gz openbsd-26b7f662a282a4d86a72d956c7f5a7256cb1666f.tar.bz2 openbsd-26b7f662a282a4d86a72d956c7f5a7256cb1666f.zip | |
Annotate incorrect value for ub_email_address
The ub_email_address upper bound, 128, returned for NID_pkcs9_emailAddress,
doesn't match the PKCS#9 specification where it is 255. This was adjusted
in RFC 5280:
The ASN.1 modules in Appendix A are unchanged from RFC 3280, except
that ub-emailaddress-length was changed from 128 to 255 in order to
align with PKCS #9 [RFC2985].
Nobody seems to have noticed so far, so leave it at an XXX and a BUGS
entry for now. It also clearly has the wrong name.
Another mystery is why the RFCs suffix some upper bounds with length, but
not others. Also, OpenSSL chose to be inconsistent with that, because
inconsistency is one of the few things this library is really good at.
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/libcrypto/asn1/a_strnid.c | 4 | ||||
| -rw-r--r-- | src/lib/libcrypto/man/ASN1_STRING_TABLE_get.3 | 7 |
2 files changed, 8 insertions, 3 deletions
diff --git a/src/lib/libcrypto/asn1/a_strnid.c b/src/lib/libcrypto/asn1/a_strnid.c index 0ba3c87545..58c6e5edab 100644 --- a/src/lib/libcrypto/asn1/a_strnid.c +++ b/src/lib/libcrypto/asn1/a_strnid.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: a_strnid.c,v 1.28 2023/12/16 12:40:02 tb Exp $ */ | 1 | /* $OpenBSD: a_strnid.c,v 1.29 2023/12/16 12:56:20 tb Exp $ */ |
| 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL |
| 3 | * project 1999. | 3 | * project 1999. |
| 4 | */ | 4 | */ |
| @@ -172,7 +172,7 @@ LCRYPTO_ALIAS(ASN1_STRING_set_by_NID); | |||
| 172 | #define ub_organization_name 64 | 172 | #define ub_organization_name 64 |
| 173 | #define ub_organization_unit_name 64 | 173 | #define ub_organization_unit_name 64 |
| 174 | #define ub_title 64 | 174 | #define ub_title 64 |
| 175 | #define ub_email_address 128 | 175 | #define ub_email_address 128 /* XXX - bumped to 255 in RFC 5280 */ |
| 176 | #define ub_serial_number 64 | 176 | #define ub_serial_number 64 |
| 177 | 177 | ||
| 178 | static const ASN1_STRING_TABLE tbl_standard[] = { | 178 | static const ASN1_STRING_TABLE tbl_standard[] = { |
diff --git a/src/lib/libcrypto/man/ASN1_STRING_TABLE_get.3 b/src/lib/libcrypto/man/ASN1_STRING_TABLE_get.3 index 0fcc8a123d..7e3e360ac3 100644 --- a/src/lib/libcrypto/man/ASN1_STRING_TABLE_get.3 +++ b/src/lib/libcrypto/man/ASN1_STRING_TABLE_get.3 | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | .\" $OpenBSD: ASN1_STRING_TABLE_get.3,v 1.1 2023/12/16 10:26:10 tb Exp $ | 1 | .\" $OpenBSD: ASN1_STRING_TABLE_get.3,v 1.2 2023/12/16 12:56:20 tb Exp $ |
| 2 | .\" checked up to: | 2 | .\" checked up to: |
| 3 | .\" OpenSSL ASN1_STRING_TABLE_add.pod 7b608d08 Jul 27 01:18:50 2017 +0800 | 3 | .\" OpenSSL ASN1_STRING_TABLE_add.pod 7b608d08 Jul 27 01:18:50 2017 +0800 |
| 4 | .\" | 4 | .\" |
| @@ -83,3 +83,8 @@ first appeared in OpenSSL 0.9.5 and have been available since | |||
| 83 | .Ox 2.7 . | 83 | .Ox 2.7 . |
| 84 | .Sh BUGS | 84 | .Sh BUGS |
| 85 | Most aspects of the semantics considerably differ from OpenSSL. | 85 | Most aspects of the semantics considerably differ from OpenSSL. |
| 86 | .Pp | ||
| 87 | .Dv ub_email_address , | ||
| 88 | which should really be called | ||
| 89 | .Dv ub_emailaddress_length , | ||
| 90 | was changed in RFC 5280 from 128 to 255 to match PKCS#9 (RFC 2985). | ||