Work around for libsafe "error".

diff --git a/CHANGES b/CHANGES
index b0e9c15519c448e6aad01171baec7283d05654f7..c5eb0cf86604d410dc463cc7c5d26ffed4b900b4 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -3,6 +3,11 @@
 
  Changes between 0.9.6 and 0.9.7  [xx XXX 2000]
 
+  *) Use the cached encoding of an X509_NAME structure rather than
+     copying it. This is apparently the reason for the libsafe "errors"
+     but the code is actually correct.
+     [Steve Henson]
+
   *) Disable stdin buffering in load_cert (apps/apps.c) so that no certs are
      skipped when using openssl x509 multiple times on a single input file,
      e.g. "(openssl x509 -out cert1; openssl x509 -out cert2) <certs".

diff --git a/crypto/x509/x509_cmp.c b/crypto/x509/x509_cmp.c
index 7927155791c3e3d223d9f1cb4660b70127e3aeed..16986231710b77c1df6da25a28f5bdb1ade2fd08 100644 (file)
--- a/crypto/x509/x509_cmp.c
+++ b/crypto/x509/x509_cmp.c
@@ -199,19 +199,10 @@ unsigned long X509_NAME_hash(X509_NAME *x)
        {
        unsigned long ret=0;
        unsigned char md[16];
-       unsigned char str[256],*p,*pp;
-       int i;
-
-       i=i2d_X509_NAME(x,NULL);
-       if (i > sizeof(str))
-               p=OPENSSL_malloc(i);
-       else
-               p=str;
 
-       pp=p;
-       i2d_X509_NAME(x,&pp);
-       MD5((unsigned char *)p,i,&(md[0]));
-       if (p != str) OPENSSL_free(p);
+       /* Make sure X509_NAME structure contains valid cached encoding */
+       i2d_X509_NAME(x,NULL);
+       EVP_Digest(x->bytes->data, x->bytes->length, md, NULL, EVP_md5());
 
        ret=(   ((unsigned long)md[0]     )|((unsigned long)md[1]<<8L)|
                ((unsigned long)md[2]<<16L)|((unsigned long)md[3]<<24L)