Loading CHANGES +5 −0 Original line number Diff line number Diff line Loading @@ -3,6 +3,11 @@ Changes between 0.9.6 and 0.9.7 [xx XXX 2000] *) Avoid coredump with unsupported or invalid public keys by checking if X509_get_pubkey() fails in PKCS7_verify(). Fix memory leak when PKCS7_verify() fails with non detached data. [Steve Henson] *) Change OCSP_cert_to_id() to tolerate a NULL subject certificate and OCSP_cert_id_new() a NULL serialNumber. This allows a partial certificate ID to be generated from the issuer certificate alone which can then be Loading crypto/pkcs7/pk7_doit.c +5 −0 Original line number Diff line number Diff line Loading @@ -764,6 +764,11 @@ for (ii=0; ii<md_len; ii++) printf("%02X",md_dat[ii]); printf(" calc\n"); os=si->enc_digest; pkey = X509_get_pubkey(x509); if (!pkey) { ret = -1; goto err; } if(pkey->type == EVP_PKEY_DSA) mdc_tmp.digest=EVP_dss1(); i=EVP_VerifyFinal(&mdc_tmp,os->data,os->length, pkey); Loading crypto/pkcs7/pk7_smime.c +5 −8 Original line number Diff line number Diff line Loading @@ -153,7 +153,7 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, PKCS7_SIGNER_INFO *si; X509_STORE_CTX cert_ctx; char buf[4096]; int i, j=0, k; int i, j=0, k, ret = 0; BIO *p7bio; BIO *tmpout; Loading Loading @@ -258,18 +258,15 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, } } sk_X509_free(signers); if(indata) BIO_pop(p7bio); BIO_free_all(p7bio); return 1; ret = 1; err: if(indata) BIO_pop(p7bio); BIO_free_all(p7bio); sk_X509_free(signers); BIO_free(p7bio); return 0; return ret; } STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, int flags) Loading Loading
CHANGES +5 −0 Original line number Diff line number Diff line Loading @@ -3,6 +3,11 @@ Changes between 0.9.6 and 0.9.7 [xx XXX 2000] *) Avoid coredump with unsupported or invalid public keys by checking if X509_get_pubkey() fails in PKCS7_verify(). Fix memory leak when PKCS7_verify() fails with non detached data. [Steve Henson] *) Change OCSP_cert_to_id() to tolerate a NULL subject certificate and OCSP_cert_id_new() a NULL serialNumber. This allows a partial certificate ID to be generated from the issuer certificate alone which can then be Loading
crypto/pkcs7/pk7_doit.c +5 −0 Original line number Diff line number Diff line Loading @@ -764,6 +764,11 @@ for (ii=0; ii<md_len; ii++) printf("%02X",md_dat[ii]); printf(" calc\n"); os=si->enc_digest; pkey = X509_get_pubkey(x509); if (!pkey) { ret = -1; goto err; } if(pkey->type == EVP_PKEY_DSA) mdc_tmp.digest=EVP_dss1(); i=EVP_VerifyFinal(&mdc_tmp,os->data,os->length, pkey); Loading
crypto/pkcs7/pk7_smime.c +5 −8 Original line number Diff line number Diff line Loading @@ -153,7 +153,7 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, PKCS7_SIGNER_INFO *si; X509_STORE_CTX cert_ctx; char buf[4096]; int i, j=0, k; int i, j=0, k, ret = 0; BIO *p7bio; BIO *tmpout; Loading Loading @@ -258,18 +258,15 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, } } sk_X509_free(signers); if(indata) BIO_pop(p7bio); BIO_free_all(p7bio); return 1; ret = 1; err: if(indata) BIO_pop(p7bio); BIO_free_all(p7bio); sk_X509_free(signers); BIO_free(p7bio); return 0; return ret; } STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, int flags) Loading
