summaryrefslogtreecommitdiffstats
path: root/crypto/x509
diff options
context:
space:
mode:
authorPauli <pauli@openssl.org>2021-04-15 02:31:58 +0200
committerPauli <pauli@openssl.org>2021-04-21 01:27:51 +0200
commit192d50087881c031ee60307c8e0460d8470efaa9 (patch)
treeeb96b84d98e346414f39790c3ec6cabe69ba46a0 /crypto/x509
parenttest: fix double free problems. (diff)
downloadopenssl-192d50087881c031ee60307c8e0460d8470efaa9.tar.xz
openssl-192d50087881c031ee60307c8e0460d8470efaa9.zip
x509: remove most references to EVP_sha1()
Fixes #14387 Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14881)
Diffstat (limited to 'crypto/x509')
-rw-r--r--crypto/x509/t_x509.c13
-rw-r--r--crypto/x509/v3_skid.c19
2 files changed, 25 insertions, 7 deletions
diff --git a/crypto/x509/t_x509.c b/crypto/x509/t_x509.c
index 0c6d5f72fe..78d4452156 100644
--- a/crypto/x509/t_x509.c
+++ b/crypto/x509/t_x509.c
@@ -228,7 +228,10 @@ int X509_ocspid_print(BIO *bp, X509 *x)
unsigned char SHA1md[SHA_DIGEST_LENGTH];
ASN1_BIT_STRING *keybstr;
const X509_NAME *subj;
+ EVP_MD *md = NULL;
+ if (x == NULL || bp == NULL)
+ return 0;
/*
* display the hash of the subject as it would appear in OCSP requests
*/
@@ -242,7 +245,10 @@ int X509_ocspid_print(BIO *bp, X509 *x)
goto err;
i2d_X509_NAME(subj, &dertmp);
- if (!EVP_Digest(der, derlen, SHA1md, NULL, EVP_sha1(), NULL))
+ md = EVP_MD_fetch(x->libctx, SN_sha1, x->propq);
+ if (md == NULL)
+ goto err;
+ if (!EVP_Digest(der, derlen, SHA1md, NULL, md, NULL))
goto err;
for (i = 0; i < SHA_DIGEST_LENGTH; i++) {
if (BIO_printf(bp, "%02X", SHA1md[i]) <= 0)
@@ -263,18 +269,19 @@ int X509_ocspid_print(BIO *bp, X509 *x)
goto err;
if (!EVP_Digest(ASN1_STRING_get0_data(keybstr),
- ASN1_STRING_length(keybstr), SHA1md, NULL, EVP_sha1(),
- NULL))
+ ASN1_STRING_length(keybstr), SHA1md, NULL, md, NULL))
goto err;
for (i = 0; i < SHA_DIGEST_LENGTH; i++) {
if (BIO_printf(bp, "%02X", SHA1md[i]) <= 0)
goto err;
}
BIO_printf(bp, "\n");
+ EVP_MD_free(md);
return 1;
err:
OPENSSL_free(der);
+ EVP_MD_free(md);
return 0;
}
diff --git a/crypto/x509/v3_skid.c b/crypto/x509/v3_skid.c
index 8a8718d77a..bab88898e6 100644
--- a/crypto/x509/v3_skid.c
+++ b/crypto/x509/v3_skid.c
@@ -59,20 +59,31 @@ ASN1_OCTET_STRING *ossl_x509_pubkey_hash(X509_PUBKEY *pubkey)
int pklen;
unsigned char pkey_dig[EVP_MAX_MD_SIZE];
unsigned int diglen;
+ const char *propq;
+ OSSL_LIB_CTX *libctx;
+ EVP_MD *md;
if (pubkey == NULL) {
ERR_raise(ERR_LIB_X509V3, X509V3_R_NO_PUBLIC_KEY);
return NULL;
}
- if ((oct = ASN1_OCTET_STRING_new()) == NULL)
+ if (!ossl_x509_PUBKEY_get0_libctx(&libctx, &propq, pubkey))
return NULL;
+ if ((md = EVP_MD_fetch(libctx, SN_sha1, propq)) == NULL)
+ return NULL;
+ if ((oct = ASN1_OCTET_STRING_new()) == NULL) {
+ EVP_MD_free(md);
+ return NULL;
+ }
X509_PUBKEY_get0_param(NULL, &pk, &pklen, NULL, pubkey);
- /* TODO(3.0) - explicitly fetch the digest */
- if (EVP_Digest(pk, pklen, pkey_dig, &diglen, EVP_sha1(), NULL)
- && ASN1_OCTET_STRING_set(oct, pkey_dig, diglen))
+ if (EVP_Digest(pk, pklen, pkey_dig, &diglen, md, NULL)
+ && ASN1_OCTET_STRING_set(oct, pkey_dig, diglen)) {
+ EVP_MD_free(md);
return oct;
+ }
+ EVP_MD_free(md);
ASN1_OCTET_STRING_free(oct);
return NULL;
}