Skip to content

Commit

Permalink
DirectoryString is a CHOICE type and therefore uses explicit tagging
Browse files Browse the repository at this point in the history
EDIPartyName has 2 fields that use a DirectoryString. However they were
marked as implicit tagging - which is not correct for a CHOICE type.

Additionally the partyName field was marked as Optional when, according to
RFC5280 it is not.

Many thanks to github user @filipnavara for reporting this issue. Also to
David Benjamin from Google who independently identified and reported it.

Fixes #6859

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
  • Loading branch information
mattcaswell committed Dec 8, 2020
1 parent 6ad93e8 commit aa0ad20
Showing 1 changed file with 3 additions and 2 deletions.
5 changes: 3 additions & 2 deletions crypto/x509v3/v3_genn.c
Original file line number Diff line number Diff line change
Expand Up @@ -22,8 +22,9 @@ ASN1_SEQUENCE(OTHERNAME) = {
IMPLEMENT_ASN1_FUNCTIONS(OTHERNAME)

ASN1_SEQUENCE(EDIPARTYNAME) = {
ASN1_IMP_OPT(EDIPARTYNAME, nameAssigner, DIRECTORYSTRING, 0),
ASN1_IMP_OPT(EDIPARTYNAME, partyName, DIRECTORYSTRING, 1)
/* DirectoryString is a CHOICE type so use explicit tagging */
ASN1_EXP_OPT(EDIPARTYNAME, nameAssigner, DIRECTORYSTRING, 0),
ASN1_EXP(EDIPARTYNAME, partyName, DIRECTORYSTRING, 1)
} ASN1_SEQUENCE_END(EDIPARTYNAME)

IMPLEMENT_ASN1_FUNCTIONS(EDIPARTYNAME)
Expand Down

0 comments on commit aa0ad20

Please sign in to comment.