diff -up openssl-fips-0.9.8e/crypto/asn1/asn1_err.c.bad-string openssl-fips-0.9.8e/crypto/asn1/asn1_err.c

--- openssl-fips-0.9.8e/crypto/asn1/asn1_err.c.bad-string	2006-11-21 21:14:36.000000000 +0100

+++ openssl-fips-0.9.8e/crypto/asn1/asn1_err.c	2009-04-15 16:31:18.000000000 +0200

@@ -188,6 +188,7 @@ static ERR_STRING_DATA ASN1_str_reasons[

 {ERR_REASON(ASN1_R_BAD_OBJECT_HEADER)    ,"bad object header"},

 {ERR_REASON(ASN1_R_BAD_PASSWORD_READ)    ,"bad password read"},

 {ERR_REASON(ASN1_R_BAD_TAG)              ,"bad tag"},

+{ERR_REASON(ASN1_R_BMPSTRING_IS_WRONG_LENGTH),"bmpstring is wrong length"},

 {ERR_REASON(ASN1_R_BN_LIB)               ,"bn lib"},

 {ERR_REASON(ASN1_R_BOOLEAN_IS_WRONG_LENGTH),"boolean is wrong length"},

 {ERR_REASON(ASN1_R_BUFFER_TOO_SMALL)     ,"buffer too small"},

@@ -267,6 +268,7 @@ static ERR_STRING_DATA ASN1_str_reasons[

 {ERR_REASON(ASN1_R_UNABLE_TO_DECODE_RSA_KEY),"unable to decode rsa key"},

 {ERR_REASON(ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY),"unable to decode rsa private key"},

 {ERR_REASON(ASN1_R_UNEXPECTED_EOC)       ,"unexpected eoc"},

+{ERR_REASON(ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH),"universalstring is wrong length"},

 {ERR_REASON(ASN1_R_UNKNOWN_FORMAT)       ,"unknown format"},

 {ERR_REASON(ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM),"unknown message digest algorithm"},

 {ERR_REASON(ASN1_R_UNKNOWN_OBJECT_TYPE)  ,"unknown object type"},

diff -up openssl-fips-0.9.8e/crypto/asn1/asn1.h.bad-string openssl-fips-0.9.8e/crypto/asn1/asn1.h

--- openssl-fips-0.9.8e/crypto/asn1/asn1.h.bad-string	2009-04-15 13:48:50.000000000 +0200

+++ openssl-fips-0.9.8e/crypto/asn1/asn1.h	2009-04-15 16:31:18.000000000 +0200

@@ -1134,6 +1134,7 @@ void ERR_load_ASN1_strings(void);

 #define ASN1_R_BAD_OBJECT_HEADER			 102

 #define ASN1_R_BAD_PASSWORD_READ			 103

 #define ASN1_R_BAD_TAG					 104

+#define ASN1_R_BMPSTRING_IS_WRONG_LENGTH		 210

 #define ASN1_R_BN_LIB					 105

 #define ASN1_R_BOOLEAN_IS_WRONG_LENGTH			 106

 #define ASN1_R_BUFFER_TOO_SMALL				 107

@@ -1213,6 +1214,7 @@ void ERR_load_ASN1_strings(void);

 #define ASN1_R_UNABLE_TO_DECODE_RSA_KEY			 157

 #define ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY		 158

 #define ASN1_R_UNEXPECTED_EOC				 159

+#define ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH		 211

 #define ASN1_R_UNKNOWN_FORMAT				 160

 #define ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM		 161

 #define ASN1_R_UNKNOWN_OBJECT_TYPE			 162

diff -up openssl-fips-0.9.8e/crypto/asn1/tasn_dec.c.bad-string openssl-fips-0.9.8e/crypto/asn1/tasn_dec.c

--- openssl-fips-0.9.8e/crypto/asn1/tasn_dec.c.bad-string	2007-01-23 18:54:22.000000000 +0100

+++ openssl-fips-0.9.8e/crypto/asn1/tasn_dec.c	2009-04-15 16:31:18.000000000 +0200

@@ -1012,6 +1012,18 @@ int asn1_ex_c2i(ASN1_VALUE **pval, const

 		case V_ASN1_SET:

 		case V_ASN1_SEQUENCE:

 		default:

+		if (utype == V_ASN1_BMPSTRING && (len & 1))

+			{

+			ASN1err(ASN1_F_ASN1_EX_C2I,

+					ASN1_R_BMPSTRING_IS_WRONG_LENGTH);

+			goto err;

+			}

+		if (utype == V_ASN1_UNIVERSALSTRING && (len & 3))

+			{

+			ASN1err(ASN1_F_ASN1_EX_C2I,

+					ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH);

+			goto err;

+			}

 		/* All based on ASN1_STRING and handled the same */

 		if (!*pval)

 			{