Workaround for libsafe "error".

diff --git a/CHANGES b/CHANGES
index 5f3556cc7fb743632377be1efbfc8373e02c5b27..3030c8cf873f2be95ed42b48b9494a31965bbff4 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,11 @@
 
  Changes between 0.9.6 and 0.9.6a  [xx XXX 2001]
 
+  *) Use the cached encoding of an X509_NAME structure rather than
+     copying it. This is apparently the reason for the libsafe "errors"
+     but the code is actually correct.
+     [Steve Henson]
+
   *) Add new function BN_rand_range(), and fix DSA_sign_setup() to prevent
      Bleichenbacher's DSA attack.
      [Ulf Moeller]

diff --git a/crypto/x509/x509_cmp.c b/crypto/x509/x509_cmp.c
index b147d573d2f9613788a66f11ef2e3bd11d1eed0c..3f9f9b3d472e5d9c7e987359dc95e6b71a239aea 100644 (file)
--- a/crypto/x509/x509_cmp.c
+++ b/crypto/x509/x509_cmp.c
@@ -199,19 +199,13 @@ unsigned long X509_NAME_hash(X509_NAME *x)
        {
        unsigned long ret=0;
        unsigned char md[16];
-       unsigned char str[256],*p,*pp;
-       int i;
-
-       i=i2d_X509_NAME(x,NULL);
-       if (i > sizeof(str))
-               p=OPENSSL_malloc(i);
-       else
-               p=str;
 
-       pp=p;
-       i2d_X509_NAME(x,&pp);
-       MD5((unsigned char *)p,i,&(md[0]));
-       if (p != str) OPENSSL_free(p);
+       /* Ensure cached version is up to date */
+       i2d_X509_NAME(x,NULL);
+       /* Use cached encoding directly rather than copying: this should
+        * keep libsafe happy.
+        */
+       MD5((unsigned char *)x->bytes->data,x->bytes->length,&(md[0]));
 
        ret=(   ((unsigned long)md[0]     )|((unsigned long)md[1]<<8L)|
                ((unsigned long)md[2]<<16L)|((unsigned long)md[3]<<24L)