From: Matt Caswell <matt@openssl.org>
Date: Wed, 11 Nov 2020 15:19:34 +0000 (+0000)
Subject: DirectoryString is a CHOICE type and therefore uses explicit tagging
X-Git-Tag: openssl-3.0.0-alpha10~126
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=198b11683568452282bd48828fcf60d4835bf327;p=thirdparty%2Fopenssl.git

DirectoryString is a CHOICE type and therefore uses explicit tagging

EDIPartyName has 2 fields that use a DirectoryString. However they were
marked as implicit tagging - which is not correct for a CHOICE type.

Additionally the partyName field was marked as Optional when, according to
RFC5280 it is not.

Many thanks to github user @filipnavara for reporting this issue. Also to
David Benjamin from Google who independently identified and reported it.

Fixes #6859

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
---

diff --git a/crypto/x509/v3_genn.c b/crypto/x509/v3_genn.c
index 867b9a90702..3d1f0a8777d 100644
--- a/crypto/x509/v3_genn.c
+++ b/crypto/x509/v3_genn.c
@@ -22,8 +22,9 @@ ASN1_SEQUENCE(OTHERNAME) = {
 IMPLEMENT_ASN1_FUNCTIONS(OTHERNAME)
 
 ASN1_SEQUENCE(EDIPARTYNAME) = {
-        ASN1_IMP_OPT(EDIPARTYNAME, nameAssigner, DIRECTORYSTRING, 0),
-        ASN1_IMP_OPT(EDIPARTYNAME, partyName, DIRECTORYSTRING, 1)
+        /* DirectoryString is a CHOICE type so use explicit tagging */
+        ASN1_EXP_OPT(EDIPARTYNAME, nameAssigner, DIRECTORYSTRING, 0),
+        ASN1_EXP(EDIPARTYNAME, partyName, DIRECTORYSTRING, 1)
 } ASN1_SEQUENCE_END(EDIPARTYNAME)
 
 IMPLEMENT_ASN1_FUNCTIONS(EDIPARTYNAME)