Loading CHANGES +4 −0 Original line number Diff line number Diff line Loading @@ -814,6 +814,10 @@ Changes between 0.9.8k and 0.9.8l [xx XXX xxxx] *) Don't allow the use of leading 0x80 in OIDs. This is a violation of X690 8.9.12 and can produce some misleading textual output of OIDs. [Steve Henson, reported by Dan Kaminsky] *) Add compression id to {d2i,i2d}_SSL_SESSION so it is correctly saved and restored. [Steve Henson] Loading crypto/asn1/a_object.c +11 −0 Original line number Diff line number Diff line Loading @@ -290,6 +290,17 @@ ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp, const unsigned char *p; unsigned char *data; int i; /* Sanity check OID encoding: can't have 0x80 in subidentifiers, see: * X.690 8.19.2 */ for (i = 0, p = *pp + 1; i < len - 1; i++, p++) { if (*p == 0x80) { ASN1err(ASN1_F_C2I_ASN1_OBJECT,ASN1_R_INVALID_OBJECT_ENCODING); return NULL; } } /* only the ASN1_OBJECTs from the 'table' will have values * for ->sn or ->ln */ Loading crypto/asn1/asn1.h +1 −0 Original line number Diff line number Diff line Loading @@ -1328,6 +1328,7 @@ void ERR_load_ASN1_strings(void); #define ASN1_R_INVALID_MIME_TYPE 205 #define ASN1_R_INVALID_MODIFIER 186 #define ASN1_R_INVALID_NUMBER 187 #define ASN1_R_INVALID_OBJECT_ENCODING 216 #define ASN1_R_INVALID_SEPARATOR 131 #define ASN1_R_INVALID_TIME_FORMAT 132 #define ASN1_R_INVALID_UNIVERSALSTRING_LENGTH 133 Loading crypto/asn1/asn1_err.c +2 −1 Original line number Diff line number Diff line /* crypto/asn1/asn1_err.c */ /* ==================================================================== * Copyright (c) 1999-2008 The OpenSSL Project. All rights reserved. * Copyright (c) 1999-2009 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions Loading Loading @@ -248,6 +248,7 @@ static ERR_STRING_DATA ASN1_str_reasons[]= {ERR_REASON(ASN1_R_INVALID_MIME_TYPE) ,"invalid mime type"}, {ERR_REASON(ASN1_R_INVALID_MODIFIER) ,"invalid modifier"}, {ERR_REASON(ASN1_R_INVALID_NUMBER) ,"invalid number"}, {ERR_REASON(ASN1_R_INVALID_OBJECT_ENCODING),"invalid object encoding"}, {ERR_REASON(ASN1_R_INVALID_SEPARATOR) ,"invalid separator"}, {ERR_REASON(ASN1_R_INVALID_TIME_FORMAT) ,"invalid time format"}, {ERR_REASON(ASN1_R_INVALID_UNIVERSALSTRING_LENGTH),"invalid universalstring length"}, Loading Loading
CHANGES +4 −0 Original line number Diff line number Diff line Loading @@ -814,6 +814,10 @@ Changes between 0.9.8k and 0.9.8l [xx XXX xxxx] *) Don't allow the use of leading 0x80 in OIDs. This is a violation of X690 8.9.12 and can produce some misleading textual output of OIDs. [Steve Henson, reported by Dan Kaminsky] *) Add compression id to {d2i,i2d}_SSL_SESSION so it is correctly saved and restored. [Steve Henson] Loading
crypto/asn1/a_object.c +11 −0 Original line number Diff line number Diff line Loading @@ -290,6 +290,17 @@ ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp, const unsigned char *p; unsigned char *data; int i; /* Sanity check OID encoding: can't have 0x80 in subidentifiers, see: * X.690 8.19.2 */ for (i = 0, p = *pp + 1; i < len - 1; i++, p++) { if (*p == 0x80) { ASN1err(ASN1_F_C2I_ASN1_OBJECT,ASN1_R_INVALID_OBJECT_ENCODING); return NULL; } } /* only the ASN1_OBJECTs from the 'table' will have values * for ->sn or ->ln */ Loading
crypto/asn1/asn1.h +1 −0 Original line number Diff line number Diff line Loading @@ -1328,6 +1328,7 @@ void ERR_load_ASN1_strings(void); #define ASN1_R_INVALID_MIME_TYPE 205 #define ASN1_R_INVALID_MODIFIER 186 #define ASN1_R_INVALID_NUMBER 187 #define ASN1_R_INVALID_OBJECT_ENCODING 216 #define ASN1_R_INVALID_SEPARATOR 131 #define ASN1_R_INVALID_TIME_FORMAT 132 #define ASN1_R_INVALID_UNIVERSALSTRING_LENGTH 133 Loading
crypto/asn1/asn1_err.c +2 −1 Original line number Diff line number Diff line /* crypto/asn1/asn1_err.c */ /* ==================================================================== * Copyright (c) 1999-2008 The OpenSSL Project. All rights reserved. * Copyright (c) 1999-2009 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions Loading Loading @@ -248,6 +248,7 @@ static ERR_STRING_DATA ASN1_str_reasons[]= {ERR_REASON(ASN1_R_INVALID_MIME_TYPE) ,"invalid mime type"}, {ERR_REASON(ASN1_R_INVALID_MODIFIER) ,"invalid modifier"}, {ERR_REASON(ASN1_R_INVALID_NUMBER) ,"invalid number"}, {ERR_REASON(ASN1_R_INVALID_OBJECT_ENCODING),"invalid object encoding"}, {ERR_REASON(ASN1_R_INVALID_SEPARATOR) ,"invalid separator"}, {ERR_REASON(ASN1_R_INVALID_TIME_FORMAT) ,"invalid time format"}, {ERR_REASON(ASN1_R_INVALID_UNIVERSALSTRING_LENGTH),"invalid universalstring length"}, Loading
