Dev news

Commit 4c84066691 for asterisk.org

commit 4c84066691d361038240e28e2f7b2f2ff15c2218
Author: Bernd Kuhls <bernd@kuhls.net>
Date:   Sat May 2 14:20:05 2026 +0200

    res_stir_shaken: avoid direct ASN1_STRING accesses

    https://github.com/openssl/openssl/issues/29117

    Signed-off-by: Bernd Kuhls <bernd@kuhls.net>

    Resolves: #1952

diff --git a/res/res_stir_shaken/verification.c b/res/res_stir_shaken/verification.c
index 209032e23b..3fed81a978 100644
--- a/res/res_stir_shaken/verification.c
+++ b/res/res_stir_shaken/verification.c
@@ -266,10 +266,10 @@ static enum ast_stir_shaken_vs_response_code
 			LOG_ERROR, "%s: Cert '%s' doesn't have a TNAuthList extension\n",
 			ctx->tag, ctx->public_url);
 	}
-	octet_str_data = tn_exten->data;
+	octet_str_data = ASN1_STRING_get0_data(tn_exten);

 	/* The first call to ASN1_get_object should return a SEQUENCE */
-	ret = ASN1_get_object(&octet_str_data, &xlen, &tag, &xclass, tn_exten->length);
+	ret = ASN1_get_object(&octet_str_data, &xlen, &tag, &xclass, ASN1_STRING_length(tn_exten));
 	if (IS_GET_OBJ_ERR(ret)) {
 		crypto_log_openssl(LOG_ERROR, "%s: Cert '%s' has malformed TNAuthList extension\n",
 			ctx->tag, ctx->public_url);
@@ -293,7 +293,7 @@ static enum ast_stir_shaken_vs_response_code
 	 * ATIS-1000080 however limits this to only ASN1_TAG_TNAUTH_SPC
 	 *
 	 */
-	ret = ASN1_get_object(&octet_str_data, &xlen, &tag, &xclass, tn_exten->length);
+	ret = ASN1_get_object(&octet_str_data, &xlen, &tag, &xclass, ASN1_STRING_length(tn_exten));
 	if (IS_GET_OBJ_ERR(ret)) {
 		crypto_log_openssl(LOG_ERROR, "%s: Cert '%s' has malformed TNAuthList extension\n",
 			ctx->tag, ctx->public_url);
@@ -307,7 +307,7 @@ static enum ast_stir_shaken_vs_response_code
 	}

 	/* The third call to ASN1_get_object should contain the SPC */
-	ret = ASN1_get_object(&octet_str_data, &xlen, &tag, &xclass, tn_exten->length);
+	ret = ASN1_get_object(&octet_str_data, &xlen, &tag, &xclass, ASN1_STRING_length(tn_exten));
 	if (ret != 0) {
 		SCOPE_EXIT_LOG_RTN_VALUE(AST_STIR_SHAKEN_VS_CERT_NO_SPC_IN_TN_AUTH_EXT,
 			LOG_ERROR, "%s: Cert '%s' has malformed TNAuthList extension (no SPC)\n",