Make CBC decoding constant time.

[oweals/openssl.git] / crypto / ocsp / ocsp_lib.c

diff --git a/crypto/ocsp/ocsp_lib.c b/crypto/ocsp/ocsp_lib.c
index 27450811d7208529a8ef99b5b089e9ce6c3c0bcc..2678e222dd14eaf18506af1018732a6985aca3e7 100644 (file)
--- a/crypto/ocsp/ocsp_lib.c
+++ b/crypto/ocsp/ocsp_lib.c
@@ -69,6 +69,7 @@
 #include <openssl/pem.h>
 #include <openssl/x509v3.h>
 #include <openssl/ocsp.h>
+#include <openssl/asn1t.h>
 
 /* Convert a certificate and its issuer to an OCSP_CERTID */
 
@@ -123,7 +124,8 @@ OCSP_CERTID *OCSP_cert_id_new(const EVP_MD *dgst,
        if (!(ASN1_OCTET_STRING_set(cid->issuerNameHash, md, i))) goto err;
 
        /* Calculate the issuerKey hash, excluding tag and length */
-       EVP_Digest(issuerKey->data, issuerKey->length, md, &i, dgst, NULL);
+       if (!EVP_Digest(issuerKey->data, issuerKey->length, md, &i, dgst, NULL))
+               goto err;
 
        if (!(ASN1_OCTET_STRING_set(cid->issuerKeyHash, md, i))) goto err;
 
@@ -163,20 +165,20 @@ int OCSP_id_cmp(OCSP_CERTID *a, OCSP_CERTID *b)
  * it is SSL.
  */
 
-int OCSP_parse_url(char *url, char **phost, char **pport, char **ppath, int *pssl)
+int OCSP_parse_url(const char *url, char **phost, char **pport, char **ppath, int *pssl)
        {
        char *p, *buf;
 
        char *host, *port;
 
-       /* dup the buffer since we are going to mess with it */
-       buf = BUF_strdup(url);
-       if (!buf) goto mem_err;
-
        *phost = NULL;
        *pport = NULL;
        *ppath = NULL;
 
+       /* dup the buffer since we are going to mess with it */
+       buf = BUF_strdup(url);
+       if (!buf) goto mem_err;
+
        /* Check for initial colon */
        p = strchr(buf, ':');
 
@@ -260,3 +262,5 @@ int OCSP_parse_url(char *url, char **phost, char **pport, char **ppath, int *pss
        return 0;
 
        }
+
+IMPLEMENT_ASN1_DUP_FUNCTION(OCSP_CERTID)