f68dd54569
CVE-2018-0739 CVE-2019-1563 CVE-2020-1971 CVE-2021-23840 CVE-2021-23841 CVE-2022-0778 CVE-2021-3712 (cherry picked from commit a582068887203f626772052e466343c6ef2d0719)
35 lines
1.3 KiB
Diff
35 lines
1.3 KiB
Diff
From ae1e7c236db52fea0c84cb84ddbfe3d03c55ba4a Mon Sep 17 00:00:00 2001
|
|
From: Matt Caswell <matt@openssl.org>
|
|
Date: Wed, 11 Nov 2020 15:19:34 +0000
|
|
Subject: [PATCH] DirectoryString is a CHOICE type and therefore uses explicit
|
|
tagging
|
|
|
|
EDIPartyName has 2 fields that use a DirectoryString. However they were
|
|
marked as implicit tagging - which is not correct for a CHOICE type.
|
|
|
|
Additionally the partyName field was marked as Optional when, according to
|
|
RFC5280 it is not.
|
|
|
|
Many thanks to github user @filipnavara for reporting this issue. Also to
|
|
David Benjamin from Google who independently identified and reported it.
|
|
|
|
Fixes #6859
|
|
---
|
|
crypto/x509v3/v3_genn.c | 5 +++--
|
|
1 file changed, 3 insertions(+), 2 deletions(-)
|
|
|
|
--- a/Cryptlib/OpenSSL/crypto/x509v3/v3_genn.c
|
|
+++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_genn.c
|
|
@@ -72,8 +72,9 @@ ASN1_SEQUENCE(OTHERNAME) = {
|
|
IMPLEMENT_ASN1_FUNCTIONS(OTHERNAME)
|
|
|
|
ASN1_SEQUENCE(EDIPARTYNAME) = {
|
|
- ASN1_IMP_OPT(EDIPARTYNAME, nameAssigner, DIRECTORYSTRING, 0),
|
|
- ASN1_IMP_OPT(EDIPARTYNAME, partyName, DIRECTORYSTRING, 1)
|
|
+ /* DirectoryString is a CHOICE type so use explicit tagging */
|
|
+ ASN1_EXP_OPT(EDIPARTYNAME, nameAssigner, DIRECTORYSTRING, 0),
|
|
+ ASN1_EXP(EDIPARTYNAME, partyName, DIRECTORYSTRING, 1)
|
|
} ASN1_SEQUENCE_END(EDIPARTYNAME)
|
|
|
|
IMPLEMENT_ASN1_FUNCTIONS(EDIPARTYNAME)
|