shim/backport-0001-CVE-2020-1971.patch

From ae1e7c236db52fea0c84cb84ddbfe3d03c55ba4a Mon Sep 17 00:00:00 2001
From: Matt Caswell <matt@openssl.org>
Date: Wed, 11 Nov 2020 15:19:34 +0000
Subject: [PATCH] DirectoryString is a CHOICE type and therefore uses explicit
 tagging

EDIPartyName has 2 fields that use a DirectoryString. However they were
marked as implicit tagging - which is not correct for a CHOICE type.

Additionally the partyName field was marked as Optional when, according to
RFC5280 it is not.

Many thanks to github user @filipnavara for reporting this issue. Also to
David Benjamin from Google who independently identified and reported it.

Fixes #6859
---
 crypto/x509v3/v3_genn.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

--- a/Cryptlib/OpenSSL/crypto/x509v3/v3_genn.c
+++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_genn.c
@@ -72,8 +72,9 @@ ASN1_SEQUENCE(OTHERNAME) = {
 IMPLEMENT_ASN1_FUNCTIONS(OTHERNAME)
 
 ASN1_SEQUENCE(EDIPARTYNAME) = {
-        ASN1_IMP_OPT(EDIPARTYNAME, nameAssigner, DIRECTORYSTRING, 0),
-        ASN1_IMP_OPT(EDIPARTYNAME, partyName, DIRECTORYSTRING, 1)
+        /* DirectoryString is a CHOICE type so use explicit tagging */
+        ASN1_EXP_OPT(EDIPARTYNAME, nameAssigner, DIRECTORYSTRING, 0),
+        ASN1_EXP(EDIPARTYNAME, partyName, DIRECTORYSTRING, 1)
 } ASN1_SEQUENCE_END(EDIPARTYNAME)
 
 IMPLEMENT_ASN1_FUNCTIONS(EDIPARTYNAME)
fix CVE-2017-3735 CVE-2017-3737 CVE-2018-0732 CVE-2018-0737 CVE-2018-0739 CVE-2019-1563 CVE-2020-1971 CVE-2021-23840 CVE-2021-23841 CVE-2022-0778 CVE-2021-3712 (cherry picked from commit a582068887203f626772052e466343c6ef2d0719) 2022-09-20 10:14:21 +08:00			`From ae1e7c236db52fea0c84cb84ddbfe3d03c55ba4a Mon Sep 17 00:00:00 2001`
			`From: Matt Caswell <matt@openssl.org>`
			`Date: Wed, 11 Nov 2020 15:19:34 +0000`
			`Subject: [PATCH] DirectoryString is a CHOICE type and therefore uses explicit`
			`tagging`

			`EDIPartyName has 2 fields that use a DirectoryString. However they were`
			`marked as implicit tagging - which is not correct for a CHOICE type.`

			`Additionally the partyName field was marked as Optional when, according to`
			`RFC5280 it is not.`

			`Many thanks to github user @filipnavara for reporting this issue. Also to`
			`David Benjamin from Google who independently identified and reported it.`

			`Fixes #6859`
			`---`
			`crypto/x509v3/v3_genn.c \| 5 +++--`
			`1 file changed, 3 insertions(+), 2 deletions(-)`

			`--- a/Cryptlib/OpenSSL/crypto/x509v3/v3_genn.c`
			`+++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_genn.c`
			`@@ -72,8 +72,9 @@ ASN1_SEQUENCE(OTHERNAME) = {`
			`IMPLEMENT_ASN1_FUNCTIONS(OTHERNAME)`

			`ASN1_SEQUENCE(EDIPARTYNAME) = {`
			`- ASN1_IMP_OPT(EDIPARTYNAME, nameAssigner, DIRECTORYSTRING, 0),`
			`- ASN1_IMP_OPT(EDIPARTYNAME, partyName, DIRECTORYSTRING, 1)`
			`+ /* DirectoryString is a CHOICE type so use explicit tagging */`
			`+ ASN1_EXP_OPT(EDIPARTYNAME, nameAssigner, DIRECTORYSTRING, 0),`
			`+ ASN1_EXP(EDIPARTYNAME, partyName, DIRECTORYSTRING, 1)`
			`} ASN1_SEQUENCE_END(EDIPARTYNAME)`

			`IMPLEMENT_ASN1_FUNCTIONS(EDIPARTYNAME)`