Commit c6b523d3 authored by Dr. Stephen Henson's avatar Dr. Stephen Henson
Browse files

Workaround for libsafe "error".

parent 1e376e41
Loading
Loading
Loading
Loading
+5 −0
Original line number Diff line number Diff line
@@ -4,6 +4,11 @@

 Changes between 0.9.6 and 0.9.6a  [xx XXX 2001]

  *) Use the cached encoding of an X509_NAME structure rather than
     copying it. This is apparently the reason for the libsafe "errors"
     but the code is actually correct.
     [Steve Henson]

  *) Add new function BN_rand_range(), and fix DSA_sign_setup() to prevent
     Bleichenbacher's DSA attack.
     [Ulf Moeller]
+6 −12
Original line number Diff line number Diff line
@@ -199,19 +199,13 @@ unsigned long X509_NAME_hash(X509_NAME *x)
	{
	unsigned long ret=0;
	unsigned char md[16];
	unsigned char str[256],*p,*pp;
	int i;

	i=i2d_X509_NAME(x,NULL);
	if (i > sizeof(str))
		p=OPENSSL_malloc(i);
	else
		p=str;

	pp=p;
	i2d_X509_NAME(x,&pp);
	MD5((unsigned char *)p,i,&(md[0]));
	if (p != str) OPENSSL_free(p);
	/* Ensure cached version is up to date */
	i2d_X509_NAME(x,NULL);
	/* Use cached encoding directly rather than copying: this should
	 * keep libsafe happy.
	 */
	MD5((unsigned char *)x->bytes->data,x->bytes->length,&(md[0]));

	ret=(	((unsigned long)md[0]     )|((unsigned long)md[1]<<8L)|
		((unsigned long)md[2]<<16L)|((unsigned long)md[3]<<24L)