Side note: You may want to ignore the 'const' in the prototype for now; we have an in-house copy of OpenSSL which is quite severely const-ified and size_t-ified.
--- h:\prj\1original\openssl\openssl\crypto\x509\x509_cmp.c 2010-01-12
19:29:33.000000000 +-0200
+++ h:\prj\3actual\openssl\crypto\x509\x509_cmp.c 2010-05-01
01:39:34.000000000 +-0200
@@ -79,30 +79,31 @@
#ifndef OPENSSL_NO_MD5
-unsigned long X509_issuer_and_serial_hash(X509 *a)
+unsigned long X509_issuer_and_serial_hash(const X509 *a)
{
unsigned long ret=0;
EVP_MD_CTX ctx;
unsigned char md[16];
char *f;
+ size_t l; /* [i_a] for strlen() so 'ret' is not 'damaged' when anyone
decided to 'goto err' ;-) */
EVP_MD_CTX_init(&ctx);
f=X509_NAME_oneline(a->cert_info->issuer,NULL,0);
- ret=strlen(f);
+ l=strlen(f); /* [i_a] */
if (!EVP_DigestInit_ex(&ctx, EVP_md5(), NULL))
goto err;
- if (!EVP_DigestUpdate(&ctx,(unsigned char *)f,ret))
+ if (!EVP_DigestUpdate(&ctx,(unsigned char *)f,l))
goto err;
OPENSSL_free(f);
if(!EVP_DigestUpdate(&ctx,(unsigned char
*)a->cert_info->serialNumber->data,
(unsigned long)a->cert_info->serialNumber->length))
goto err;
if (!EVP_DigestFinal_ex(&ctx,&(md[0]),NULL))
goto err;
ret=( ((unsigned long)md[0] )|((unsigned long)md[1]<<8L)|
((unsigned long)md[2]<<16L)|((unsigned long)md[3]<<24L)
)&0xffffffffL;
- err:
+err:
EVP_MD_CTX_cleanup(&ctx);
return(ret);
}
#endif
--
Met vriendelijke groeten / Best regards,
Ger Hobbelt
--------------------------------------------------
web: http://www.hobbelt.com/
http://www.hebbut.net/
mail: [email protected]
mobile: +31-6-11 120 978
--------------------------------------------------
Side note:You may want to ignore the 'const' in the prototype for now; we have an in-house copy of OpenSSL which is quite severely const-ified and size_t-ified.
--- h:\prj\1original\openssl\openssl\crypto\x509\x509_cmp.c 2010-01-12 19:29:33.000000000 +-0200
+++ h:\prj\3actual\openssl\crypto\x509\x509_cmp.c 2010-05-01 01:39:34.000000000 +-0200
@@ -79,30 +79,31 @@
#ifndef OPENSSL_NO_MD5
-unsigned long X509_issuer_and_serial_hash(X509 *a)
+unsigned long X509_issuer_and_serial_hash(const X509 *a)
{
unsigned long ret=0;
EVP_MD_CTX ctx;
unsigned char md[16];
char *f;
+ size_t l; /* [i_a] for strlen() so 'ret' is not 'damaged' when anyone decided to 'goto err' ;-) */
EVP_MD_CTX_init(&ctx);
f=X509_NAME_oneline(a->cert_info->issuer,NULL,0);
- ret=strlen(f);
+ l=strlen(f); /* [i_a] */
if (!EVP_DigestInit_ex(&ctx, EVP_md5(), NULL))
goto err;
- if (!EVP_DigestUpdate(&ctx,(unsigned char *)f,ret))
+ if (!EVP_DigestUpdate(&ctx,(unsigned char *)f,l))
goto err;
OPENSSL_free(f);
if(!EVP_DigestUpdate(&ctx,(unsigned char *)a->cert_info->serialNumber->data,
(unsigned long)a->cert_info->serialNumber->length))
goto err;
if (!EVP_DigestFinal_ex(&ctx,&(md[0]),NULL))
goto err;
ret=( ((unsigned long)md[0] )|((unsigned long)md[1]<<8L)|
((unsigned long)md[2]<<16L)|((unsigned long)md[3]<<24L)
)&0xffffffffL;
- err:
+err:
EVP_MD_CTX_cleanup(&ctx);
return(ret);
}
#endif
--
Met vriendelijke groeten / Best regards,
Ger Hobbelt
--------------------------------------------------
web: http://www.hobbelt.com/
http://www.hebbut.net/
mail: [email protected]
mobile: +31-6-11 120 978
--------------------------------------------------
x509_cmp_bug1.diff
Description: Binary data
