boringssl

Mirror of BoringSSL (grpc依赖) https://boringssl.googlesource.com/boringssl

History

David Benjamin aa4ecb4926 Fix EDIPartyName parsing and GENERAL_NAME_cmp. See also CVE-2020-1971, f960d81215ebf3f65e03d4d5d857fb9b666d6920, and aa0ad2011d3e7ad8a611da274ef7d9c7706e289b from upstream OpenSSL. Unlike upstream's version, this CL opts for a simpler edipartyname_cmp. GENERAL_NAME_cmp is already unsuitable for ordering, just equality, which means there's no need to preserve return values from ASN1_STRING_cmp. Additionally, the ASN.1 structure implies most fields cannot be NULL. (The change from other to x400Address is a no-op. They're the same type. Just x400Address is a little clearer. Historical quirks of the GENERAL_NAME structure.) Change-Id: I4b0ffe8e931c8ef916794a486e6a0d6d684c0cc1 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/44404 Reviewed-by: Adam Langley <agl@google.com>	4 years ago
..
openssl	Fix EDIPartyName parsing and GENERAL_NAME_cmp.	4 years ago

David Benjamin aa4ecb4926 Fix EDIPartyName parsing and GENERAL_NAME_cmp.

See also CVE-2020-1971, f960d81215ebf3f65e03d4d5d857fb9b666d6920, and
aa0ad2011d3e7ad8a611da274ef7d9c7706e289b from upstream OpenSSL.

Unlike upstream's version, this CL opts for a simpler edipartyname_cmp.
GENERAL_NAME_cmp is already unsuitable for ordering, just equality,
which means there's no need to preserve return values from
ASN1_STRING_cmp. Additionally, the ASN.1 structure implies most fields
cannot be NULL.

(The change from other to x400Address is a no-op. They're the same type.
Just x400Address is a little clearer. Historical quirks of the
GENERAL_NAME structure.)

Change-Id: I4b0ffe8e931c8ef916794a486e6a0d6d684c0cc1
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/44404
Reviewed-by: Adam Langley <agl@google.com>

4 years ago

openssl

Fix EDIPartyName parsing and GENERAL_NAME_cmp.

4 years ago