From c5b1a831f54ee74ee3cdf4e77ec6190f403abd7d Mon Sep 17 00:00:00 2001
From: tb <>
Date: Sat, 16 Dec 2023 12:56:20 +0000
Subject: Annotate incorrect value for ub_email_address

The ub_email_address upper bound, 128, returned for NID_pkcs9_emailAddress,
doesn't match the PKCS#9 specification where it is 255.  This was adjusted
in RFC 5280:

   The ASN.1 modules in Appendix A are unchanged from RFC 3280, except
   that ub-emailaddress-length was changed from 128 to 255 in order to
   align with PKCS #9 [RFC2985].

Nobody seems to have noticed so far, so leave it at an XXX and a BUGS
entry for now. It also clearly has the wrong name.

Another mystery is why the RFCs suffix some upper bounds with length, but
not others. Also, OpenSSL chose to be inconsistent with that, because
inconsistency is one of the few things this library is really good at.
---
 src/lib/libcrypto/asn1/a_strnid.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'src/lib/libcrypto/asn1')

diff --git a/src/lib/libcrypto/asn1/a_strnid.c b/src/lib/libcrypto/asn1/a_strnid.c
index 0ba3c87545..58c6e5edab 100644
--- a/src/lib/libcrypto/asn1/a_strnid.c
+++ b/src/lib/libcrypto/asn1/a_strnid.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: a_strnid.c,v 1.28 2023/12/16 12:40:02 tb Exp $ */
+/* $OpenBSD: a_strnid.c,v 1.29 2023/12/16 12:56:20 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 1999.
  */
@@ -172,7 +172,7 @@ LCRYPTO_ALIAS(ASN1_STRING_set_by_NID);
 #define ub_organization_name		64
 #define ub_organization_unit_name	64
 #define ub_title			64
-#define ub_email_address		128
+#define ub_email_address		128 /* XXX - bumped to 255 in RFC 5280 */
 #define ub_serial_number		64
 
 static const ASN1_STRING_TABLE tbl_standard[] = {
-- 
cgit v1.2.3-55-g6feb