From 17ebf85abda18c3875b1ba6670fe7b393bc1f297 Mon Sep 17 00:00:00 2001
From: "Dr. Stephen Henson" <steve@openssl.org>
Date: Tue, 16 Aug 2016 14:06:48 +0100
Subject: Add ASN1_STRING_get0_data(), deprecate ASN1_STRING_data().

Deprecate the function ASN1_STRING_data() and replace with a new function
ASN1_STRING_get0_data() which returns a constant pointer. Update library
to use new function.

Reviewed-by: Rich Salz <rsalz@openssl.org>
---
 apps/ocsp.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'apps/ocsp.c')

diff --git a/apps/ocsp.c b/apps/ocsp.c
index 1cb11b289b..17668788df 100644
--- a/apps/ocsp.c
+++ b/apps/ocsp.c
@@ -951,8 +951,8 @@ static void make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req,
 
     if (badsig) {
         ASN1_OCTET_STRING *sig = OCSP_resp_get0_signature(bs);
-        unsigned char *sigptr = ASN1_STRING_data(sig);
-        sigptr[ASN1_STRING_length(sig) - 1] ^= 0x1;
+        if (!corrupt_signature(sig))
+            goto end;
     }
 
     *resp = OCSP_response_create(OCSP_RESPONSE_STATUS_SUCCESSFUL, bs);
-- 
cgit v1.2.3