Fixed d2i_X509 in-place not re-hashing the ex_flags
Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8116)
This commit is contained in:
Bernd Edlinger
parent
a727627922
commit
5364902250
2 changed files with 32 additions and 0 deletions
|
|
@ -40,12 +40,35 @@ static int x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
|
||||||
|
|
||||||
switch (operation) {
|
switch (operation) {
|
||||||
|
|
||||||
|
case ASN1_OP_D2I_PRE:
|
||||||
|
CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509, ret, &ret->ex_data);
|
||||||
|
X509_CERT_AUX_free(ret->aux);
|
||||||
|
ASN1_OCTET_STRING_free(ret->skid);
|
||||||
|
AUTHORITY_KEYID_free(ret->akid);
|
||||||
|
CRL_DIST_POINTS_free(ret->crldp);
|
||||||
|
policy_cache_free(ret->policy_cache);
|
||||||
|
GENERAL_NAMES_free(ret->altname);
|
||||||
|
NAME_CONSTRAINTS_free(ret->nc);
|
||||||
|
#ifndef OPENSSL_NO_RFC3779
|
||||||
|
sk_IPAddressFamily_pop_free(ret->rfc3779_addr, IPAddressFamily_free);
|
||||||
|
ASIdentifiers_free(ret->rfc3779_asid);
|
||||||
|
#endif
|
||||||
|
|
||||||
|
/* fall thru */
|
||||||
|
|
||||||
case ASN1_OP_NEW_POST:
|
case ASN1_OP_NEW_POST:
|
||||||
|
ret->ex_cached = 0;
|
||||||
|
ret->ex_kusage = 0;
|
||||||
|
ret->ex_xkusage = 0;
|
||||||
|
ret->ex_nscert = 0;
|
||||||
ret->ex_flags = 0;
|
ret->ex_flags = 0;
|
||||||
ret->ex_pathlen = -1;
|
ret->ex_pathlen = -1;
|
||||||
ret->ex_pcpathlen = -1;
|
ret->ex_pcpathlen = -1;
|
||||||
ret->skid = NULL;
|
ret->skid = NULL;
|
||||||
ret->akid = NULL;
|
ret->akid = NULL;
|
||||||
|
ret->policy_cache = NULL;
|
||||||
|
ret->altname = NULL;
|
||||||
|
ret->nc = NULL;
|
||||||
#ifndef OPENSSL_NO_RFC3779
|
#ifndef OPENSSL_NO_RFC3779
|
||||||
ret->rfc3779_addr = NULL;
|
ret->rfc3779_addr = NULL;
|
||||||
ret->rfc3779_asid = NULL;
|
ret->rfc3779_asid = NULL;
|
||||||
|
|
|
||||||
|
|
@ -30,6 +30,7 @@ static int test_certs(int num)
|
||||||
typedef int (*i2d_X509_t)(X509 *, unsigned char **);
|
typedef int (*i2d_X509_t)(X509 *, unsigned char **);
|
||||||
int err = 0;
|
int err = 0;
|
||||||
BIO *fp = BIO_new_file(test_get_argument(num), "r");
|
BIO *fp = BIO_new_file(test_get_argument(num), "r");
|
||||||
|
X509 *reuse = NULL;
|
||||||
|
|
||||||
if (!TEST_ptr(fp))
|
if (!TEST_ptr(fp))
|
||||||
return 0;
|
return 0;
|
||||||
|
|
@ -91,6 +92,13 @@ static int test_certs(int num)
|
||||||
err = 1;
|
err = 1;
|
||||||
goto next;
|
goto next;
|
||||||
}
|
}
|
||||||
|
p = buf;
|
||||||
|
reuse = d2i(&reuse, &p, enclen);
|
||||||
|
if (reuse == NULL || X509_cmp (reuse, cert)) {
|
||||||
|
TEST_error("X509_cmp does not work with %s", name);
|
||||||
|
err = 1;
|
||||||
|
goto next;
|
||||||
|
}
|
||||||
OPENSSL_free(buf);
|
OPENSSL_free(buf);
|
||||||
buf = NULL;
|
buf = NULL;
|
||||||
|
|
||||||
|
|
@ -139,6 +147,7 @@ static int test_certs(int num)
|
||||||
OPENSSL_free(data);
|
OPENSSL_free(data);
|
||||||
}
|
}
|
||||||
BIO_free(fp);
|
BIO_free(fp);
|
||||||
|
X509_free(reuse);
|
||||||
|
|
||||||
if (ERR_GET_REASON(ERR_peek_last_error()) == PEM_R_NO_START_LINE) {
|
if (ERR_GET_REASON(ERR_peek_last_error()) == PEM_R_NO_START_LINE) {
|
||||||
/* Reached end of PEM file */
|
/* Reached end of PEM file */
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue