diff options
| author | Shane Lontis <shane.lontis@oracle.com> | 2020-07-24 22:53:27 +1000 |
|---|---|---|
| committer | Shane Lontis <shane.lontis@oracle.com> | 2020-07-24 22:53:27 +1000 |
| commit | 6725682d77510bf6d499957897d7be124d603f40 (patch) | |
| tree | 447e5bce5607b4873f7f018df1b2e4c21a394e92 /crypto/asn1/a_digest.c | |
| parent | ae89578be2930c726d6ef56451233757a89f224f (diff) | |
Add X509 related libctx changes.
- In order to not add many X509_XXXX_with_libctx() functions the libctx and propq may be stored in the X509 object via a call to X509_new_with_libctx().
- Loading via PEM_read_bio_X509() or d2i_X509() should pass in a created cert using X509_new_with_libctx().
- Renamed some XXXX_ex() to XXX_with_libctx() for X509 API's.
- Removed the extra parameters in check_purpose..
- X509_digest() has been modified so that it expects a const EVP_MD object() and then internally it does the fetch when it needs to (via ASN1_item_digest_with_libctx()).
- Added API's that set the libctx when they load such as X509_STORE_new_with_libctx() so that the cert chains can be verified.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12153)
Diffstat (limited to 'crypto/asn1/a_digest.c')
| -rw-r--r-- | crypto/asn1/a_digest.c | 40 |
1 files changed, 32 insertions, 8 deletions
diff --git a/crypto/asn1/a_digest.c b/crypto/asn1/a_digest.c index caf2f6c34f..c0c1cda272 100644 --- a/crypto/asn1/a_digest.c +++ b/crypto/asn1/a_digest.c @@ -7,16 +7,21 @@ * https://www.openssl.org/source/license.html */ +/* We need to use some engine deprecated APIs */ +#define OPENSSL_SUPPRESS_DEPRECATED + #include <stdio.h> #include <time.h> #include <sys/types.h> #include "internal/cryptlib.h" +#include <openssl/engine.h> #include <openssl/err.h> #include <openssl/evp.h> #include <openssl/buffer.h> #include <openssl/x509.h> +#include "crypto/x509.h" #ifndef OPENSSL_NO_DEPRECATED_3_0 @@ -48,20 +53,39 @@ int ASN1_digest(i2d_of_void *i2d, const EVP_MD *type, char *data, #endif -int ASN1_item_digest(const ASN1_ITEM *it, const EVP_MD *type, void *asn, - unsigned char *md, unsigned int *len) +int asn1_item_digest_with_libctx(const ASN1_ITEM *it, const EVP_MD *md, + void *asn, unsigned char *data, + unsigned int *len, OPENSSL_CTX *libctx, + const char *propq) { - int i; + int i, ret = 0; unsigned char *str = NULL; + EVP_MD *fetched_md = (EVP_MD *)md; i = ASN1_item_i2d(asn, &str, it); - if (!str) + if (str == NULL) return 0; - if (!EVP_Digest(str, i, md, len, type, NULL)) { - OPENSSL_free(str); - return 0; + if (EVP_MD_provider(md) == NULL) { +#if !defined(OPENSSL_NO_ENGINE) + if (ENGINE_get_digest_engine(EVP_MD_type(md)) == NULL) +#endif + fetched_md = EVP_MD_fetch(libctx, EVP_MD_name(md), propq); } + if (fetched_md == NULL) + goto err; + + ret = EVP_Digest(str, i, data, len, fetched_md, NULL); +err: OPENSSL_free(str); - return 1; + if (fetched_md != md) + EVP_MD_free(fetched_md); + return ret; } + +int ASN1_item_digest(const ASN1_ITEM *it, const EVP_MD *md, void *asn, + unsigned char *data, unsigned int *len) +{ + return asn1_item_digest_with_libctx(it, md, asn, data, len, NULL, NULL); +} + |