Loading crypto/ts/ts_rsp_sign.c +3 −2 Original line number Diff line number Diff line Loading @@ -784,12 +784,13 @@ static ESS_CERT_ID *ess_CERT_ID_new_init(X509 *cert, int issuer_needed) { ESS_CERT_ID *cid = NULL; GENERAL_NAME *name = NULL; unsigned char cert_sha1[SHA_DIGEST_LENGTH]; X509_check_purpose(cert, -1, 0); if ((cid = ESS_CERT_ID_new()) == NULL) goto err; if (!ASN1_OCTET_STRING_set(cid->hash, cert->sha1_hash, sizeof(cert->sha1_hash))) X509_digest(cert, EVP_sha1(), cert_sha1, NULL); if (!ASN1_OCTET_STRING_set(cid->hash, cert_sha1, SHA_DIGEST_LENGTH)) goto err; /* Setting the issuer/serial if requested. */ Loading crypto/ts/ts_rsp_verify.c +5 −3 Original line number Diff line number Diff line Loading @@ -289,10 +289,13 @@ static ESS_SIGNING_CERT *ess_get_signing_cert(PKCS7_SIGNER_INFO *si) static int ts_find_cert(STACK_OF(ESS_CERT_ID) *cert_ids, X509 *cert) { int i; unsigned char cert_sha1[SHA_DIGEST_LENGTH]; if (!cert_ids || !cert) return -1; X509_digest(cert, EVP_sha1(), cert_sha1, NULL); /* Recompute SHA1 hash of certificate if necessary (side effect). */ X509_check_purpose(cert, -1, 0); Loading @@ -300,9 +303,8 @@ static int ts_find_cert(STACK_OF(ESS_CERT_ID) *cert_ids, X509 *cert) for (i = 0; i < sk_ESS_CERT_ID_num(cert_ids); ++i) { ESS_CERT_ID *cid = sk_ESS_CERT_ID_value(cert_ids, i); if (cid->hash->length == sizeof(cert->sha1_hash) && memcmp(cid->hash->data, cert->sha1_hash, sizeof(cert->sha1_hash)) == 0) { if (cid->hash->length == SHA_DIGEST_LENGTH && memcmp(cid->hash->data, cert_sha1, SHA_DIGEST_LENGTH) == 0) { ESS_ISSUER_SERIAL *is = cid->issuer_serial; if (!is || !ts_issuer_serial_cmp(is, cert)) return i; Loading Loading
crypto/ts/ts_rsp_sign.c +3 −2 Original line number Diff line number Diff line Loading @@ -784,12 +784,13 @@ static ESS_CERT_ID *ess_CERT_ID_new_init(X509 *cert, int issuer_needed) { ESS_CERT_ID *cid = NULL; GENERAL_NAME *name = NULL; unsigned char cert_sha1[SHA_DIGEST_LENGTH]; X509_check_purpose(cert, -1, 0); if ((cid = ESS_CERT_ID_new()) == NULL) goto err; if (!ASN1_OCTET_STRING_set(cid->hash, cert->sha1_hash, sizeof(cert->sha1_hash))) X509_digest(cert, EVP_sha1(), cert_sha1, NULL); if (!ASN1_OCTET_STRING_set(cid->hash, cert_sha1, SHA_DIGEST_LENGTH)) goto err; /* Setting the issuer/serial if requested. */ Loading
crypto/ts/ts_rsp_verify.c +5 −3 Original line number Diff line number Diff line Loading @@ -289,10 +289,13 @@ static ESS_SIGNING_CERT *ess_get_signing_cert(PKCS7_SIGNER_INFO *si) static int ts_find_cert(STACK_OF(ESS_CERT_ID) *cert_ids, X509 *cert) { int i; unsigned char cert_sha1[SHA_DIGEST_LENGTH]; if (!cert_ids || !cert) return -1; X509_digest(cert, EVP_sha1(), cert_sha1, NULL); /* Recompute SHA1 hash of certificate if necessary (side effect). */ X509_check_purpose(cert, -1, 0); Loading @@ -300,9 +303,8 @@ static int ts_find_cert(STACK_OF(ESS_CERT_ID) *cert_ids, X509 *cert) for (i = 0; i < sk_ESS_CERT_ID_num(cert_ids); ++i) { ESS_CERT_ID *cid = sk_ESS_CERT_ID_value(cert_ids, i); if (cid->hash->length == sizeof(cert->sha1_hash) && memcmp(cid->hash->data, cert->sha1_hash, sizeof(cert->sha1_hash)) == 0) { if (cid->hash->length == SHA_DIGEST_LENGTH && memcmp(cid->hash->data, cert_sha1, SHA_DIGEST_LENGTH) == 0) { ESS_ISSUER_SERIAL *is = cid->issuer_serial; if (!is || !ts_issuer_serial_cmp(is, cert)) return i; Loading
Rich Salz <rsalz@openssl.org>Rich Salz <rsalz@openssl.org>