summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/dsa/dsa_sign.c
diff options
context:
space:
mode:
authorschwarze <>2018-04-04 11:59:26 +0000
committerschwarze <>2018-04-04 11:59:26 +0000
commit6ab838973de03ecab6bc6b4e2cf997d4ef669b25 (patch)
tree0a16ac7de05cec904ce04fa16baf6b1685b75c32 /src/lib/libcrypto/dsa/dsa_sign.c
parent426a421e14686f45bc9d7f73c4ea02bac4262e4d (diff)
downloadopenbsd-6ab838973de03ecab6bc6b4e2cf997d4ef669b25.tar.gz
openbsd-6ab838973de03ecab6bc6b4e2cf997d4ef669b25.tar.bz2
openbsd-6ab838973de03ecab6bc6b4e2cf997d4ef669b25.zip
Fix two bugs in X509_NAME_add_entry(3):
(1) Evaluate the "set" argument, which says whether to create a new RDN or to prepend or append to an existing one, before reusing it for a different purpose, i.e. for the "set" field of the new X509_NAME_ENTRY structure. (2) When incrementing of some "set" fields is needed, increment the correct ones: All those to the right of the newly inserted entry, but not the one of that entry itself. These two bugs caused wrong results whenever using loc != -1, i.e. whenever inserting rather than appending entries, even when using set == 0 only, that is, even when using single-values RDNs only. Both bugs have been continuously present since at least SSLeay-0.8.1 (released July 18, 1997) and the second one since at least SSLeay-0.8.0 (released June 25, 1997), so both are over twenty years old. I found these bugs by code inspection while trying to document the function X509_NAME_ENTRY_set(3), which is public, but undocumented in OpenSSL. OK beck@, jsing@
Diffstat (limited to 'src/lib/libcrypto/dsa/dsa_sign.c')
0 files changed, 0 insertions, 0 deletions