diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2015-09-22 18:37:57 +0100 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2015-09-22 21:15:55 +0100 |
commit | 7e4188326b4e9c179835f6b3ee668b2a70eb0cfd (patch) | |
tree | cef97c1fe1c8aeffb25adadaa8f7af823ef99752 /crypto/ts | |
parent | 6a12a5740b338437cc39480452c1282d0298325d (diff) |
Avoid structure access in crypto/ts
Reviewed-by: Rich Salz <rsalz@openssl.org>
Diffstat (limited to 'crypto/ts')
-rw-r--r-- | crypto/ts/ts_rsp_sign.c | 5 | ||||
-rw-r--r-- | crypto/ts/ts_rsp_verify.c | 8 |
2 files changed, 8 insertions, 5 deletions
diff --git a/crypto/ts/ts_rsp_sign.c b/crypto/ts/ts_rsp_sign.c index 369423902c..dd6591db13 100644 --- a/crypto/ts/ts_rsp_sign.c +++ b/crypto/ts/ts_rsp_sign.c @@ -784,12 +784,13 @@ static ESS_CERT_ID *ess_CERT_ID_new_init(X509 *cert, int issuer_needed) { ESS_CERT_ID *cid = NULL; GENERAL_NAME *name = NULL; + unsigned char cert_sha1[SHA_DIGEST_LENGTH]; X509_check_purpose(cert, -1, 0); if ((cid = ESS_CERT_ID_new()) == NULL) goto err; - if (!ASN1_OCTET_STRING_set(cid->hash, cert->sha1_hash, - sizeof(cert->sha1_hash))) + X509_digest(cert, EVP_sha1(), cert_sha1, NULL); + if (!ASN1_OCTET_STRING_set(cid->hash, cert_sha1, SHA_DIGEST_LENGTH)) goto err; /* Setting the issuer/serial if requested. */ diff --git a/crypto/ts/ts_rsp_verify.c b/crypto/ts/ts_rsp_verify.c index 1133b5d223..84c9b3135f 100644 --- a/crypto/ts/ts_rsp_verify.c +++ b/crypto/ts/ts_rsp_verify.c @@ -289,10 +289,13 @@ static ESS_SIGNING_CERT *ess_get_signing_cert(PKCS7_SIGNER_INFO *si) static int ts_find_cert(STACK_OF(ESS_CERT_ID) *cert_ids, X509 *cert) { int i; + unsigned char cert_sha1[SHA_DIGEST_LENGTH]; if (!cert_ids || !cert) return -1; + X509_digest(cert, EVP_sha1(), cert_sha1, NULL); + /* Recompute SHA1 hash of certificate if necessary (side effect). */ X509_check_purpose(cert, -1, 0); @@ -300,9 +303,8 @@ static int ts_find_cert(STACK_OF(ESS_CERT_ID) *cert_ids, X509 *cert) for (i = 0; i < sk_ESS_CERT_ID_num(cert_ids); ++i) { ESS_CERT_ID *cid = sk_ESS_CERT_ID_value(cert_ids, i); - if (cid->hash->length == sizeof(cert->sha1_hash) - && memcmp(cid->hash->data, cert->sha1_hash, - sizeof(cert->sha1_hash)) == 0) { + if (cid->hash->length == SHA_DIGEST_LENGTH + && memcmp(cid->hash->data, cert_sha1, SHA_DIGEST_LENGTH) == 0) { ESS_ISSUER_SERIAL *is = cid->issuer_serial; if (!is || !ts_issuer_serial_cmp(is, cert)) return i; |