From: Dmitry Belyavskiy Date: Fri, 4 Oct 2024 15:07:38 +0000 (+0200) Subject: Increase limit for CRL download X-Git-Tag: openssl-3.5.0-alpha1~1032 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=cdbe47bf3c02979183d1f66b42c511a18a63c61d;p=thirdparty%2Fopenssl.git Increase limit for CRL download Reviewed-by: Matt Caswell Reviewed-by: Tom Cosgrove Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/25608) --- diff --git a/crypto/x509/x_all.c b/crypto/x509/x_all.c index 2a5063a0bf6..d3f79591d74 100644 --- a/crypto/x509/x_all.c +++ b/crypto/x509/x_all.c @@ -116,11 +116,13 @@ static ASN1_VALUE *simple_get_asn1(const char *url, BIO *bio, BIO *rbio, int timeout, const ASN1_ITEM *it) { #ifndef OPENSSL_NO_HTTP + size_t max_resp_len = (it == ASN1_ITEM_rptr(X509_CRL)) ? + OSSL_HTTP_DEFAULT_MAX_CRL_LEN : OSSL_HTTP_DEFAULT_MAX_RESP_LEN; BIO *mem = OSSL_HTTP_get(url, NULL /* proxy */, NULL /* no_proxy */, bio, rbio, NULL /* cb */, NULL /* arg */, 1024 /* buf_size */, NULL /* headers */, NULL /* expected_ct */, 1 /* expect_asn1 */, - OSSL_HTTP_DEFAULT_MAX_RESP_LEN, timeout); + max_resp_len, timeout); ASN1_VALUE *res = ASN1_item_d2i_bio(it, mem, NULL); BIO_free(mem); diff --git a/include/openssl/http.h b/include/openssl/http.h index 8f4e9da30b3..339b567dcd3 100644 --- a/include/openssl/http.h +++ b/include/openssl/http.h @@ -35,9 +35,10 @@ extern "C" { # ifndef OPENSSL_NO_HTTP -#define OSSL_HTTP_DEFAULT_MAX_LINE_LEN (4 * 1024) -#define OSSL_HTTP_DEFAULT_MAX_RESP_LEN (100 * 1024) -#define OSSL_HTTP_DEFAULT_MAX_RESP_HDR_LINES 256 +# define OSSL_HTTP_DEFAULT_MAX_LINE_LEN (4 * 1024) +# define OSSL_HTTP_DEFAULT_MAX_RESP_LEN (100 * 1024) +# define OSSL_HTTP_DEFAULT_MAX_CRL_LEN (32 * 1024 * 1024) +# define OSSL_HTTP_DEFAULT_MAX_RESP_HDR_LINES 256 /* Low-level HTTP API */