On Sun, Jan 18, 2009, Anri Lau wrote:
> Hi all
>
> I use the following code piece to create the digest of certificate
>
> p = *p_key_buf;*
> * /* get the certificate body as a DER string */
> if ( i2d_X509_CINF(m_x509->cert_info, &p) == 0 )
> {
> printf("Ci2d_X509_CINF failed\n");
> return;
> }
> length = p - p_key_buf;
> if ( length > 8192 )
> {
> printf("i2d_X509_CINF value exceeds buffer length");
> return ;
> }
> SHA1_Init(&SHA);
> SHA1_Update(&SHA, p_key_buf, length);
> SHA1_Final(sha_value, &SHA);
> *
> And the result of above code is different from X509_digest() 's. My openssl
> version is 0.9.8f.
>
> Is it correct?
>
Your code isn't taking the digest of the whole certificate just the X509_CINF
portion. If you want the whole certificate use i2d_X509 on m_x509.
Your length checking code is also broken: it check the length *after* the
buffer may have already been overwritten.
Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Homepage: http://www.drh-consultancy.demon.co.uk
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [email protected]
Automated List Manager [email protected]
