diff options
author | Matt Caswell <matt@openssl.org> | 2020-11-11 15:19:34 +0000 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2020-12-08 10:18:43 +0000 |
commit | aa0ad2011d3e7ad8a611da274ef7d9c7706e289b (patch) | |
tree | 25abc2b8585b25321c6dedf7b22138e282cd662b /crypto | |
parent | 6ad93e8014533f78aa5b0f3385954e164e72d8fa (diff) |
DirectoryString is a CHOICE type and therefore uses explicit tagging
EDIPartyName has 2 fields that use a DirectoryString. However they were
marked as implicit tagging - which is not correct for a CHOICE type.
Additionally the partyName field was marked as Optional when, according to
RFC5280 it is not.
Many thanks to github user @filipnavara for reporting this issue. Also to
David Benjamin from Google who independently identified and reported it.
Fixes #6859
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Diffstat (limited to 'crypto')
-rw-r--r-- | crypto/x509v3/v3_genn.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/crypto/x509v3/v3_genn.c b/crypto/x509v3/v3_genn.c index 23e3bc4565..b483f35a9e 100644 --- a/crypto/x509v3/v3_genn.c +++ b/crypto/x509v3/v3_genn.c @@ -22,8 +22,9 @@ ASN1_SEQUENCE(OTHERNAME) = { IMPLEMENT_ASN1_FUNCTIONS(OTHERNAME) ASN1_SEQUENCE(EDIPARTYNAME) = { - ASN1_IMP_OPT(EDIPARTYNAME, nameAssigner, DIRECTORYSTRING, 0), - ASN1_IMP_OPT(EDIPARTYNAME, partyName, DIRECTORYSTRING, 1) + /* DirectoryString is a CHOICE type so use explicit tagging */ + ASN1_EXP_OPT(EDIPARTYNAME, nameAssigner, DIRECTORYSTRING, 0), + ASN1_EXP(EDIPARTYNAME, partyName, DIRECTORYSTRING, 1) } ASN1_SEQUENCE_END(EDIPARTYNAME) IMPLEMENT_ASN1_FUNCTIONS(EDIPARTYNAME) |