I've found a bug in ASN1_BIT_STRING_set_bit. The problem is that when
the byte in which the bit is to be set is already allocated and the
value is 0, the bit will still be set to 1. This bug report refers to
the code in the 0.9.6c release. Attached example program and patch.
/Sam
--- openssl-0.9.6c/crypto/asn1/a_bitstr.c Sat Aug 5 20:35:03 2000
+++ openssl-0.9.6c-patched/crypto/asn1/a_bitstr.c Sun Feb 3 14:10:15 2002
@@ -228,9 +228,9 @@
a->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07); /* clear, set on write */
if (a == NULL) return(0);
+ if (!value) return(1); /* Don't need to set */
if ((a->length < (w+1)) || (a->data == NULL))
{
- if (!value) return(1); /* Don't need to set */
if (a->data == NULL)
c=(unsigned char *)OPENSSL_malloc(w+1);
else
/*
gcc -g -I$GLOBUS_LOCATION/include -I$GLOBUS_LOCATION/include/gcc32dbg
-L$GLOBUS_LOCATION/lib bit_string.c -lcrypto_gcc32dbg
*/
#include "openssl/crypto.h"
#include "openssl/ssl.h"
int main()
{
ASN1_BIT_STRING * bit_string = NULL;
bit_string = ASN1_BIT_STRING_new();
ASN1_BIT_STRING_set_bit(bit_string,1,1);
ASN1_BIT_STRING_set_bit(bit_string,2,0);
printf("Bit 7 has value %d\n",ASN1_BIT_STRING_get_bit(bit_string,2));
}
