diff options
author | Pauli <pauli@openssl.org> | 2021-04-15 10:34:48 +1000 |
---|---|---|
committer | Pauli <pauli@openssl.org> | 2021-04-21 09:27:51 +1000 |
commit | e27fea4640defe3adc9309a4b573101055228ef3 (patch) | |
tree | 35b1bff4b53d778c1b4069faec0966e66d46599f /crypto/ocsp | |
parent | 27344bb82a65ce13de4c9f6c78615fa91d93d3eb (diff) |
ocsp: remove references to EVP_sha1()
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14881)
Diffstat (limited to 'crypto/ocsp')
-rw-r--r-- | crypto/ocsp/ocsp_lib.c | 1 | ||||
-rw-r--r-- | crypto/ocsp/ocsp_vfy.c | 18 |
2 files changed, 13 insertions, 6 deletions
diff --git a/crypto/ocsp/ocsp_lib.c b/crypto/ocsp/ocsp_lib.c index c7b7a0a620..776ffdde97 100644 --- a/crypto/ocsp/ocsp_lib.c +++ b/crypto/ocsp/ocsp_lib.c @@ -25,6 +25,7 @@ OCSP_CERTID *OCSP_cert_to_id(const EVP_MD *dgst, const X509 *subject, const X509_NAME *iname; const ASN1_INTEGER *serial; ASN1_BIT_STRING *ikey; + if (!dgst) dgst = EVP_sha1(); if (subject) { diff --git a/crypto/ocsp/ocsp_vfy.c b/crypto/ocsp/ocsp_vfy.c index fe878043ca..02af58437c 100644 --- a/crypto/ocsp/ocsp_vfy.c +++ b/crypto/ocsp/ocsp_vfy.c @@ -187,8 +187,9 @@ static int ocsp_find_signer(X509 **psigner, OCSP_BASICRESP *bs, static X509 *ocsp_find_signer_sk(STACK_OF(X509) *certs, OCSP_RESPID *id) { - int i; + int i, r; unsigned char tmphash[SHA_DIGEST_LENGTH], *keyhash; + EVP_MD *md; X509 *x; /* Easy if lookup by name */ @@ -203,11 +204,16 @@ static X509 *ocsp_find_signer_sk(STACK_OF(X509) *certs, OCSP_RESPID *id) keyhash = id->value.byKey->data; /* Calculate hash of each key and compare */ for (i = 0; i < sk_X509_num(certs); i++) { - x = sk_X509_value(certs, i); - if (!X509_pubkey_digest(x, EVP_sha1(), tmphash, NULL)) - break; - if (memcmp(keyhash, tmphash, SHA_DIGEST_LENGTH) == 0) - return x; + if ((x = sk_X509_value(certs, i)) != NULL) { + if ((md = EVP_MD_fetch(x->libctx, SN_sha1, x->propq)) == NULL) + break; + r = X509_pubkey_digest(x, md, tmphash, NULL); + EVP_MD_free(md); + if (!r) + break; + if (memcmp(keyhash, tmphash, SHA_DIGEST_LENGTH) == 0) + return x; + } } return NULL; } |