[openssl-commits] [openssl] OpenSSL_1_1_1-stable update
bernd.edlinger at hotmail.de
bernd.edlinger at hotmail.de
Thu Jan 31 18:20:13 UTC 2019
The branch OpenSSL_1_1_1-stable has been updated
via df3b7b99a8e38c7bcb0d7f635ceb292c4ed862e8 (commit)
from 7193394aeea6422694bff5bb0c4f9e101f5ce44f (commit)
- Log -----------------------------------------------------------------
commit df3b7b99a8e38c7bcb0d7f635ceb292c4ed862e8
Author: Bernd Edlinger <bernd.edlinger at hotmail.de>
Date: Tue Jan 29 19:51:59 2019 +0100
Fixed d2i_X509 in-place not re-hashing the ex_flags
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8116)
(cherry picked from commit 53649022509129bce8036c8fb4978dbce9432a86)
-----------------------------------------------------------------------
Summary of changes:
crypto/x509/x_x509.c | 23 +++++++++++++++++++++++
test/x509aux.c | 9 +++++++++
2 files changed, 32 insertions(+)
diff --git a/crypto/x509/x_x509.c b/crypto/x509/x_x509.c
index 4c04f12..720ac4c 100644
--- a/crypto/x509/x_x509.c
+++ b/crypto/x509/x_x509.c
@@ -40,12 +40,35 @@ static int x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
switch (operation) {
+ case ASN1_OP_D2I_PRE:
+ CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509, ret, &ret->ex_data);
+ X509_CERT_AUX_free(ret->aux);
+ ASN1_OCTET_STRING_free(ret->skid);
+ AUTHORITY_KEYID_free(ret->akid);
+ CRL_DIST_POINTS_free(ret->crldp);
+ policy_cache_free(ret->policy_cache);
+ GENERAL_NAMES_free(ret->altname);
+ NAME_CONSTRAINTS_free(ret->nc);
+#ifndef OPENSSL_NO_RFC3779
+ sk_IPAddressFamily_pop_free(ret->rfc3779_addr, IPAddressFamily_free);
+ ASIdentifiers_free(ret->rfc3779_asid);
+#endif
+
+ /* fall thru */
+
case ASN1_OP_NEW_POST:
+ ret->ex_cached = 0;
+ ret->ex_kusage = 0;
+ ret->ex_xkusage = 0;
+ ret->ex_nscert = 0;
ret->ex_flags = 0;
ret->ex_pathlen = -1;
ret->ex_pcpathlen = -1;
ret->skid = NULL;
ret->akid = NULL;
+ ret->policy_cache = NULL;
+ ret->altname = NULL;
+ ret->nc = NULL;
#ifndef OPENSSL_NO_RFC3779
ret->rfc3779_addr = NULL;
ret->rfc3779_asid = NULL;
diff --git a/test/x509aux.c b/test/x509aux.c
index c8bef00..de9cb46 100644
--- a/test/x509aux.c
+++ b/test/x509aux.c
@@ -30,6 +30,7 @@ static int test_certs(int num)
typedef int (*i2d_X509_t)(X509 *, unsigned char **);
int err = 0;
BIO *fp = BIO_new_file(test_get_argument(num), "r");
+ X509 *reuse = NULL;
if (!TEST_ptr(fp))
return 0;
@@ -91,6 +92,13 @@ static int test_certs(int num)
err = 1;
goto next;
}
+ p = buf;
+ reuse = d2i(&reuse, &p, enclen);
+ if (reuse == NULL || X509_cmp (reuse, cert)) {
+ TEST_error("X509_cmp does not work with %s", name);
+ err = 1;
+ goto next;
+ }
OPENSSL_free(buf);
buf = NULL;
@@ -139,6 +147,7 @@ static int test_certs(int num)
OPENSSL_free(data);
}
BIO_free(fp);
+ X509_free(reuse);
if (ERR_GET_REASON(ERR_peek_last_error()) == PEM_R_NO_START_LINE) {
/* Reached end of PEM file */
More information about the openssl-commits
mailing list