diff options
author | Petr Gotthard <petr.gotthard@centrum.cz> | 2021-04-24 12:40:36 +0200 |
---|---|---|
committer | Dmitry Belyavskiy <beldmit@gmail.com> | 2021-04-30 21:02:59 +0200 |
commit | 91034b68b39e3525f09fb263b9272de410a3ba4c (patch) | |
tree | 1594bb987f08265e80328f491f11fc4f1c5551ca /apps/x509.c | |
parent | 4489655c23f1f7f412309e25a5b9fd7acf7db3f2 (diff) |
apps/ca,req,x509: Switch to EVP_DigestSignInit_ex
Switch lib/apps.c do_sign_init() to use EVP_DigestSignInit_ex, so it
works with external providers.
Since EVP_DigestSignInit_ex requires a digest name instead of
an EVP_MD pointer, the apps using do_sign_init() had to be modified
to pass char* instead of EVP_MD*.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/15014)
Diffstat (limited to 'apps/x509.c')
-rw-r--r-- | apps/x509.c | 32 |
1 files changed, 18 insertions, 14 deletions
diff --git a/apps/x509.c b/apps/x509.c index 3c67855e6a..50453c4b7c 100644 --- a/apps/x509.c +++ b/apps/x509.c @@ -189,7 +189,7 @@ static void warn_copying(ASN1_OBJECT *excluded, const char *names) sn); } -static X509_REQ *x509_to_req(X509 *cert, EVP_PKEY *pkey, const EVP_MD *digest, +static X509_REQ *x509_to_req(X509 *cert, EVP_PKEY *pkey, const char *digest, STACK_OF(OPENSSL_STRING) *sigopts, int ext_copy, const char *names) { @@ -249,7 +249,7 @@ int x509_main(int argc, char **argv) EVP_PKEY *privkey = NULL, *CAkey = NULL, *pubkey = NULL; EVP_PKEY *pkey; int newcert = 0; - char *subj = NULL, *digestname = NULL; + char *subj = NULL, *digest = NULL; X509_NAME *fsubj = NULL; const unsigned long chtype = MBSTRING_ASC; const int multirdn = 1; @@ -258,7 +258,6 @@ int x509_main(int argc, char **argv) X509 *x = NULL, *xca = NULL, *issuer_cert; X509_REQ *req = NULL, *rq = NULL; X509_STORE *ctx = NULL; - EVP_MD *digest = NULL; char *CAkeyfile = NULL, *CAserial = NULL, *pubkeyfile = NULL, *alias = NULL; char *checkhost = NULL, *checkemail = NULL, *checkip = NULL; char *ext_names = NULL; @@ -568,7 +567,7 @@ int x509_main(int argc, char **argv) preserve_dates = 1; break; case OPT_MD: - digestname = opt_unknown(); + digest = opt_unknown(); break; } } @@ -581,10 +580,6 @@ int x509_main(int argc, char **argv) if (!app_RAND_load()) goto end; - if (digestname != NULL) { - if (!opt_md(digestname, &digest)) - goto opthelp; - } if (preserve_dates && days != UNSET_DAYS) { BIO_printf(bio_err, "Cannot use -preserve_dates with -days option\n"); goto end; @@ -971,16 +966,26 @@ int x509_main(int argc, char **argv) } else if (i == fingerprint) { unsigned int n; unsigned char md[EVP_MAX_MD_SIZE]; - const EVP_MD *fdig = digest; + const char *fdigname = digest; + EVP_MD *fdig; + int digres; - if (fdig == NULL) - fdig = EVP_sha1(); + if (fdigname == NULL) + fdigname = "SHA1"; - if (!X509_digest(x, fdig, md, &n)) { + if ((fdig = EVP_MD_fetch(app_get0_libctx(), fdigname, + app_get0_propq())) == NULL) { + BIO_printf(bio_err, "Unknown digest\n"); + goto end; + } + digres = X509_digest(x, fdig, md, &n); + EVP_MD_free(fdig); + if (!digres) { BIO_printf(bio_err, "Out of memory\n"); goto end; } - BIO_printf(out, "%s Fingerprint=", EVP_MD_name(fdig)); + + BIO_printf(out, "%s Fingerprint=", fdigname); for (j = 0; j < (int)n; j++) BIO_printf(out, "%02X%c", md[j], (j + 1 == (int)n) ? '\n' : ':'); } else if (i == ocspid) { @@ -1038,7 +1043,6 @@ int x509_main(int argc, char **argv) EVP_PKEY_free(privkey); EVP_PKEY_free(CAkey); EVP_PKEY_free(pubkey); - EVP_MD_free(digest); sk_OPENSSL_STRING_free(sigopts); sk_OPENSSL_STRING_free(vfyopts); X509_REQ_free(rq); |