提交 df3b7b99 编写于 作者: B Bernd Edlinger

Fixed d2i_X509 in-place not re-hashing the ex_flags

Reviewed-by: NMatt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8116)

(cherry picked from commit 53649022509129bce8036c8fb4978dbce9432a86)
上级 7193394a
...@@ -40,12 +40,35 @@ static int x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, ...@@ -40,12 +40,35 @@ static int x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
switch (operation) { switch (operation) {
case ASN1_OP_D2I_PRE:
CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509, ret, &ret->ex_data);
X509_CERT_AUX_free(ret->aux);
ASN1_OCTET_STRING_free(ret->skid);
AUTHORITY_KEYID_free(ret->akid);
CRL_DIST_POINTS_free(ret->crldp);
policy_cache_free(ret->policy_cache);
GENERAL_NAMES_free(ret->altname);
NAME_CONSTRAINTS_free(ret->nc);
#ifndef OPENSSL_NO_RFC3779
sk_IPAddressFamily_pop_free(ret->rfc3779_addr, IPAddressFamily_free);
ASIdentifiers_free(ret->rfc3779_asid);
#endif
/* fall thru */
case ASN1_OP_NEW_POST: case ASN1_OP_NEW_POST:
ret->ex_cached = 0;
ret->ex_kusage = 0;
ret->ex_xkusage = 0;
ret->ex_nscert = 0;
ret->ex_flags = 0; ret->ex_flags = 0;
ret->ex_pathlen = -1; ret->ex_pathlen = -1;
ret->ex_pcpathlen = -1; ret->ex_pcpathlen = -1;
ret->skid = NULL; ret->skid = NULL;
ret->akid = NULL; ret->akid = NULL;
ret->policy_cache = NULL;
ret->altname = NULL;
ret->nc = NULL;
#ifndef OPENSSL_NO_RFC3779 #ifndef OPENSSL_NO_RFC3779
ret->rfc3779_addr = NULL; ret->rfc3779_addr = NULL;
ret->rfc3779_asid = NULL; ret->rfc3779_asid = NULL;
......
...@@ -30,6 +30,7 @@ static int test_certs(int num) ...@@ -30,6 +30,7 @@ static int test_certs(int num)
typedef int (*i2d_X509_t)(X509 *, unsigned char **); typedef int (*i2d_X509_t)(X509 *, unsigned char **);
int err = 0; int err = 0;
BIO *fp = BIO_new_file(test_get_argument(num), "r"); BIO *fp = BIO_new_file(test_get_argument(num), "r");
X509 *reuse = NULL;
if (!TEST_ptr(fp)) if (!TEST_ptr(fp))
return 0; return 0;
...@@ -91,6 +92,13 @@ static int test_certs(int num) ...@@ -91,6 +92,13 @@ static int test_certs(int num)
err = 1; err = 1;
goto next; goto next;
} }
p = buf;
reuse = d2i(&reuse, &p, enclen);
if (reuse == NULL || X509_cmp (reuse, cert)) {
TEST_error("X509_cmp does not work with %s", name);
err = 1;
goto next;
}
OPENSSL_free(buf); OPENSSL_free(buf);
buf = NULL; buf = NULL;
...@@ -139,6 +147,7 @@ static int test_certs(int num) ...@@ -139,6 +147,7 @@ static int test_certs(int num)
OPENSSL_free(data); OPENSSL_free(data);
} }
BIO_free(fp); BIO_free(fp);
X509_free(reuse);
if (ERR_GET_REASON(ERR_peek_last_error()) == PEM_R_NO_START_LINE) { if (ERR_GET_REASON(ERR_peek_last_error()) == PEM_R_NO_START_LINE) {
/* Reached end of PEM file */ /* Reached end of PEM file */
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册