diff options
author | Pauli <pauli@openssl.org> | 2021-04-15 02:31:58 +0200 |
---|---|---|
committer | Pauli <pauli@openssl.org> | 2021-04-21 01:27:51 +0200 |
commit | 192d50087881c031ee60307c8e0460d8470efaa9 (patch) | |
tree | eb96b84d98e346414f39790c3ec6cabe69ba46a0 /crypto/x509 | |
parent | test: fix double free problems. (diff) | |
download | openssl-192d50087881c031ee60307c8e0460d8470efaa9.tar.xz openssl-192d50087881c031ee60307c8e0460d8470efaa9.zip |
x509: remove most references to EVP_sha1()
Fixes #14387
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14881)
Diffstat (limited to 'crypto/x509')
-rw-r--r-- | crypto/x509/t_x509.c | 13 | ||||
-rw-r--r-- | crypto/x509/v3_skid.c | 19 |
2 files changed, 25 insertions, 7 deletions
diff --git a/crypto/x509/t_x509.c b/crypto/x509/t_x509.c index 0c6d5f72fe..78d4452156 100644 --- a/crypto/x509/t_x509.c +++ b/crypto/x509/t_x509.c @@ -228,7 +228,10 @@ int X509_ocspid_print(BIO *bp, X509 *x) unsigned char SHA1md[SHA_DIGEST_LENGTH]; ASN1_BIT_STRING *keybstr; const X509_NAME *subj; + EVP_MD *md = NULL; + if (x == NULL || bp == NULL) + return 0; /* * display the hash of the subject as it would appear in OCSP requests */ @@ -242,7 +245,10 @@ int X509_ocspid_print(BIO *bp, X509 *x) goto err; i2d_X509_NAME(subj, &dertmp); - if (!EVP_Digest(der, derlen, SHA1md, NULL, EVP_sha1(), NULL)) + md = EVP_MD_fetch(x->libctx, SN_sha1, x->propq); + if (md == NULL) + goto err; + if (!EVP_Digest(der, derlen, SHA1md, NULL, md, NULL)) goto err; for (i = 0; i < SHA_DIGEST_LENGTH; i++) { if (BIO_printf(bp, "%02X", SHA1md[i]) <= 0) @@ -263,18 +269,19 @@ int X509_ocspid_print(BIO *bp, X509 *x) goto err; if (!EVP_Digest(ASN1_STRING_get0_data(keybstr), - ASN1_STRING_length(keybstr), SHA1md, NULL, EVP_sha1(), - NULL)) + ASN1_STRING_length(keybstr), SHA1md, NULL, md, NULL)) goto err; for (i = 0; i < SHA_DIGEST_LENGTH; i++) { if (BIO_printf(bp, "%02X", SHA1md[i]) <= 0) goto err; } BIO_printf(bp, "\n"); + EVP_MD_free(md); return 1; err: OPENSSL_free(der); + EVP_MD_free(md); return 0; } diff --git a/crypto/x509/v3_skid.c b/crypto/x509/v3_skid.c index 8a8718d77a..bab88898e6 100644 --- a/crypto/x509/v3_skid.c +++ b/crypto/x509/v3_skid.c @@ -59,20 +59,31 @@ ASN1_OCTET_STRING *ossl_x509_pubkey_hash(X509_PUBKEY *pubkey) int pklen; unsigned char pkey_dig[EVP_MAX_MD_SIZE]; unsigned int diglen; + const char *propq; + OSSL_LIB_CTX *libctx; + EVP_MD *md; if (pubkey == NULL) { ERR_raise(ERR_LIB_X509V3, X509V3_R_NO_PUBLIC_KEY); return NULL; } - if ((oct = ASN1_OCTET_STRING_new()) == NULL) + if (!ossl_x509_PUBKEY_get0_libctx(&libctx, &propq, pubkey)) return NULL; + if ((md = EVP_MD_fetch(libctx, SN_sha1, propq)) == NULL) + return NULL; + if ((oct = ASN1_OCTET_STRING_new()) == NULL) { + EVP_MD_free(md); + return NULL; + } X509_PUBKEY_get0_param(NULL, &pk, &pklen, NULL, pubkey); - /* TODO(3.0) - explicitly fetch the digest */ - if (EVP_Digest(pk, pklen, pkey_dig, &diglen, EVP_sha1(), NULL) - && ASN1_OCTET_STRING_set(oct, pkey_dig, diglen)) + if (EVP_Digest(pk, pklen, pkey_dig, &diglen, md, NULL) + && ASN1_OCTET_STRING_set(oct, pkey_dig, diglen)) { + EVP_MD_free(md); return oct; + } + EVP_MD_free(md); ASN1_OCTET_STRING_free(oct); return NULL; } |