From c6b523d3dd259101a2aaea81c01aa0f96981a05b Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Mon, 12 Feb 2001 03:04:59 +0000 Subject: [PATCH 1/1] Workaround for libsafe "error". --- CHANGES | 5 +++++ crypto/x509/x509_cmp.c | 18 ++++++------------ 2 files changed, 11 insertions(+), 12 deletions(-) diff --git a/CHANGES b/CHANGES index 5f3556cc7f..3030c8cf87 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,11 @@ Changes between 0.9.6 and 0.9.6a [xx XXX 2001] + *) Use the cached encoding of an X509_NAME structure rather than + copying it. This is apparently the reason for the libsafe "errors" + but the code is actually correct. + [Steve Henson] + *) Add new function BN_rand_range(), and fix DSA_sign_setup() to prevent Bleichenbacher's DSA attack. [Ulf Moeller] diff --git a/crypto/x509/x509_cmp.c b/crypto/x509/x509_cmp.c index b147d573d2..3f9f9b3d47 100644 --- a/crypto/x509/x509_cmp.c +++ b/crypto/x509/x509_cmp.c @@ -199,19 +199,13 @@ unsigned long X509_NAME_hash(X509_NAME *x) { unsigned long ret=0; unsigned char md[16]; - unsigned char str[256],*p,*pp; - int i; - - i=i2d_X509_NAME(x,NULL); - if (i > sizeof(str)) - p=OPENSSL_malloc(i); - else - p=str; - pp=p; - i2d_X509_NAME(x,&pp); - MD5((unsigned char *)p,i,&(md[0])); - if (p != str) OPENSSL_free(p); + /* Ensure cached version is up to date */ + i2d_X509_NAME(x,NULL); + /* Use cached encoding directly rather than copying: this should + * keep libsafe happy. + */ + MD5((unsigned char *)x->bytes->data,x->bytes->length,&(md[0])); ret=( ((unsigned long)md[0] )|((unsigned long)md[1]<<8L)| ((unsigned long)md[2]<<16L)|((unsigned long)md[3]<<24L) -- 2.25.1