Fix typo in OCSP nonce extension.

Set correct type in ASN1_STRING for INTEGER and ENUMERATED types. Make ASN1_INTEGER_get() and ASN1_ENUMERATED_get() return -1 for invalid type rather than 0 (which is often valid). -1 may also be valid but this is less likely. Load OCSP error strings in ERR_load_crypto_strings().

Fix typo in OCSP nonce extension.
Set correct type in ASN1_STRING for INTEGER and ENUMERATED types. Make ASN1_INTEGER_get() and ASN1_ENUMERATED_get() return -1 for invalid type rather than 0 (which is often valid). -1 may also be valid but this is less likely. Load OCSP error strings in ERR_load_crypto_strings().
a8312c0e · Dr. Stephen Henson · bf0d176e · a8312c0e · a8312c0e · a8312c0e
5 changed file
--- a/crypto/asn1/a_enum.c
+++ b/crypto/asn1/a_enum.c
@@ -114,7 +114,7 @@ long ASN1_ENUMERATED_get(ASN1_ENUMERATED *a)
 	if (i == V_ASN1_NEG_ENUMERATED)
 		neg=1;
 	else if (i != V_ASN1_ENUMERATED)
-		return(0);
+		return -1;
 	
 	if (a->length > sizeof(long))
 		{
@@ -122,7 +122,7 @@ long ASN1_ENUMERATED_get(ASN1_ENUMERATED *a)
 		return(0xffffffffL);
 		}
 	if (a->data == NULL)
-		return(0);
+		return 0;

 	for (i=0; i<a->length; i++)
 		{

--- a/crypto/asn1/a_int.c
+++ b/crypto/asn1/a_int.c
@@ -360,7 +360,7 @@ long ASN1_INTEGER_get(ASN1_INTEGER *a)
 	if (i == V_ASN1_NEG_INTEGER)
 		neg=1;
 	else if (i != V_ASN1_INTEGER)
-		return(0);
+		return -1;
 	
 	if (a->length > sizeof(long))
 		{
@@ -368,7 +368,7 @@ long ASN1_INTEGER_get(ASN1_INTEGER *a)
 		return(0xffffffffL);
 		}
 	if (a->data == NULL)
-		return(0);
+		return 0;

 	for (i=0; i<a->length; i++)
 		{

--- a/crypto/asn1/tasn_dec.c
+++ b/crypto/asn1/tasn_dec.c
@@ -657,6 +657,7 @@ int asn1_ex_c2i(ASN1_VALUE **pval, unsigned char *cont, int len, int utype, char
 	ASN1_TYPE *typ = NULL;
 	int ret = 0;
 	const ASN1_PRIMITIVE_FUNCS *pf;
+	ASN1_INTEGER **tint;
 	pf = it->funcs;
 	if(pf && pf->prim_c2i) return pf->prim_c2i(pval, cont, len, utype, free_cont, it);
 	/* If ANY type clear type and set pointer to internal value */
@@ -700,7 +701,10 @@ int asn1_ex_c2i(ASN1_VALUE **pval, unsigned char *cont, int len, int utype, char
 		case V_ASN1_NEG_INTEGER:
 		case V_ASN1_ENUMERATED:
 		case V_ASN1_NEG_ENUMERATED:
-		if(!c2i_ASN1_INTEGER((ASN1_INTEGER **)pval, &cont, len)) goto err;
+		tint = (ASN1_INTEGER **)pval;
+		if(!c2i_ASN1_INTEGER(tint, &cont, len)) goto err;
+		/* Fixup type to match the expected form */
+		(*tint)->type = utype | ((*tint)->type & V_ASN1_NEG);
 		break;

 		case V_ASN1_OCTET_STRING:

--- a/crypto/err/err_all.c
+++ b/crypto/err/err_all.c
@@ -83,6 +83,7 @@
 #include <openssl/rand.h>
 #include <openssl/dso.h>
 #include <openssl/engine.h>
+#include <openssl/ocsp.h>
 #include <openssl/err.h>

 void ERR_load_crypto_strings(void)
@@ -122,5 +123,6 @@ void ERR_load_crypto_strings(void)
 	ERR_load_RAND_strings();
 	ERR_load_DSO_strings();
 	ERR_load_ENGINE_strings();
+	ERR_load_OCSP_strings();
 #endif
 	}
--- a/crypto/x509v3/v3_ocsp.c
+++ b/crypto/x509v3/v3_ocsp.c
@@ -173,7 +173,7 @@ static void *ocsp_nonce_new(void)
 static int i2d_ocsp_nonce(void *a, unsigned char **pp)
 {
 	ASN1_OCTET_STRING *os = a;
-	if(*pp) {
+	if(pp) {
 		memcpy(*pp, os->data, os->length);
 		*pp += os->length;
 	}