]> git.ipfire.org Git - thirdparty/openssl.git/commitdiff
projects / thirdparty / openssl.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 891bce0)
Increase limit for CRL download
authorDmitry Belyavskiy <beldmit@gmail.com>
Fri, 4 Oct 2024 15:07:38 +0000 (17:07 +0200)
committerTomas Mraz <tomas@openssl.org>
Tue, 8 Oct 2024 14:04:04 +0000 (16:04 +0200)
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25608)

(cherry picked from commit cdbe47bf3c02979183d1f66b42c511a18a63c61d)

crypto/x509/x_all.c patch | blob | blame | history
include/openssl/http.h patch | blob | blame | history

diff --git a/crypto/x509/x_all.c b/crypto/x509/x_all.c
index e58c9ab1c117b4183c9a949bbab8de6618650eb9..158e11a8649c5f23b237651c9844c3cc73324fe2 100644 (file)
--- a/crypto/x509/x_all.c
+++ b/crypto/x509/x_all.c
@@ -92,11 +92,13 @@ int X509_sign_ctx(X509 *x, EVP_MD_CTX *ctx)
 static ASN1_VALUE *simple_get_asn1(const char *url, BIO *bio, BIO *rbio,
                                    int timeout, const ASN1_ITEM *it)
 {
+    size_t max_resp_len = (it == ASN1_ITEM_rptr(X509_CRL)) ?
+        OSSL_HTTP_DEFAULT_MAX_CRL_LEN : OSSL_HTTP_DEFAULT_MAX_RESP_LEN;
     BIO *mem = OSSL_HTTP_get(url, NULL /* proxy */, NULL /* no_proxy */,
                              bio, rbio, NULL /* cb */, NULL /* arg */,
                              1024 /* buf_size */, NULL /* headers */,
                              NULL /* expected_ct */, 1 /* expect_asn1 */,
-                             OSSL_HTTP_DEFAULT_MAX_RESP_LEN, timeout);
+                             max_resp_len, timeout);
     ASN1_VALUE *res = ASN1_item_d2i_bio(it, mem, NULL);
 
     BIO_free(mem);
diff --git a/include/openssl/http.h b/include/openssl/http.h
index f7ab214265e474674edba2a91901bd29d7436f64..c63762b70deb5ca4d7c5a75e5fe4ded658962a83 100644 (file)
--- a/include/openssl/http.h
+++ b/include/openssl/http.h
@@ -33,8 +33,9 @@ extern "C" {
 # define OPENSSL_HTTP_PROXY "HTTP_PROXY"
 # define OPENSSL_HTTPS_PROXY "HTTPS_PROXY"
 
-#define OSSL_HTTP_DEFAULT_MAX_LINE_LEN (4 * 1024)
-#define OSSL_HTTP_DEFAULT_MAX_RESP_LEN (100 * 1024)
+# define OSSL_HTTP_DEFAULT_MAX_LINE_LEN (4 * 1024)
+# define OSSL_HTTP_DEFAULT_MAX_RESP_LEN (100 * 1024)
+# define OSSL_HTTP_DEFAULT_MAX_CRL_LEN (32 * 1024 * 1024)
 
 /* Low-level HTTP API */
 OSSL_HTTP_REQ_CTX *OSSL_HTTP_REQ_CTX_new(BIO *wbio, BIO *rbio, int buf_size);
Mirror of https://github.com/openssl/openssl.git