Upgrade to openssl-1.0.0b

Bug: 3201137 Change-Id: I20cd6bed7717e5982abc3734e9a6522067f2908e
author: Brian Carlstrom <bdc@google.com> 2010-11-16 11:19:35 -0800
committer: Brian Carlstrom <bdc@google.com> 2010-11-16 11:21:11 -0800
commit: 43c12e3d4f9bbbbd4a8ba7b149686437514bc6b6 (patch)
tree: 520464b8c2f2e19d00e6ea143c6e1e9523b3367a /crypto/ocsp
parent: 8be882eb81101ceede7641e88ccbdaded610ff5f (diff)
download: replicant_openssl-43c12e3d4f9bbbbd4a8ba7b149686437514bc6b6.zip
replicant_openssl-43c12e3d4f9bbbbd4a8ba7b149686437514bc6b6.tar.gz
replicant_openssl-43c12e3d4f9bbbbd4a8ba7b149686437514bc6b6.tar.bz2
2 files changed, 9 insertions, 5 deletions
diff --git a/crypto/ocsp/ocsp_ht.c b/crypto/ocsp/ocsp_ht.c
index 12bbfcf..af5fc16 100644
--- a/crypto/ocsp/ocsp_ht.c
+++ b/crypto/ocsp/ocsp_ht.c
@@ -397,11 +397,12 @@ int OCSP_sendreq_nbio(OCSP_RESPONSE **presp, OCSP_REQ_CTX *rctx)
 
 
 		case OHS_ASN1_HEADER:
-		/* Now reading ASN1 header: can read at least 6 bytes which
-		 * is more than enough for any valid ASN1 SEQUENCE header
+		/* Now reading ASN1 header: can read at least 2 bytes which
+		 * is enough for ASN1 SEQUENCE header and either length field
+		 * or at least the length of the length field.
 		 */
 		n = BIO_get_mem_data(rctx->mem, &p);
-		if (n < 6)
+		if (n < 2)
 			goto next_io;
 
 		/* Check it is an ASN1 SEQUENCE */
@@ -414,6 +415,11 @@ int OCSP_sendreq_nbio(OCSP_RESPONSE **presp, OCSP_REQ_CTX *rctx)
 		/* Check out length field */
 		if (*p & 0x80)
 			{
+			/* If MSB set on initial length octet we can now
+			 * always read 6 octets: make sure we have them.
+			 */
+			if (n < 6)
+				goto next_io;
 			n = *p & 0x7F;
 			/* Not NDEF or excessive length */
 			if (!n || (n > 4))
diff --git a/crypto/ocsp/ocsp_prn.c b/crypto/ocsp/ocsp_prn.c
index 1695c9c..87608ff 100644
--- a/crypto/ocsp/ocsp_prn.c
+++ b/crypto/ocsp/ocsp_prn.c
@@ -182,7 +182,6 @@ int OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE* o, unsigned long flags)
         {
 	int i, ret = 0;
 	long l;
-	unsigned char *p;
 	OCSP_CERTID *cid = NULL;
 	OCSP_BASICRESP *br = NULL;
 	OCSP_RESPID *rid = NULL;
@@ -207,7 +206,6 @@ int OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE* o, unsigned long flags)
 		return 1;
 		}
 
-	p = ASN1_STRING_data(rb->response);
 	i = ASN1_STRING_length(rb->response);
 	if (!(br = OCSP_response_get1_basic(o))) goto err;
 	rd = br->tbsResponseData;
author	Brian Carlstrom <bdc@google.com>	2010-11-16 11:19:35 -0800
committer	Brian Carlstrom <bdc@google.com>	2010-11-16 11:21:11 -0800
commit	43c12e3d4f9bbbbd4a8ba7b149686437514bc6b6 (patch)
tree	520464b8c2f2e19d00e6ea143c6e1e9523b3367a /crypto/ocsp
parent	8be882eb81101ceede7641e88ccbdaded610ff5f (diff)
download	replicant_openssl-43c12e3d4f9bbbbd4a8ba7b149686437514bc6b6.zip replicant_openssl-43c12e3d4f9bbbbd4a8ba7b149686437514bc6b6.tar.gz replicant_openssl-43c12e3d4f9bbbbd4a8ba7b149686437514bc6b6.tar.bz2