Update certificate hash line format to handle canonical format

and avoid MD5 dependency.

2 files changed, 18 insertions, 1 deletions

diff --git a/crypto/x509/x509.h b/crypto/x509/x509.h
index 62e01b1ff5..e779c334e5 100644
--- a/crypto/x509/x509.h
+++ b/crypto/x509/x509.h
@@ -963,6 +963,7 @@ unsigned long	X509_subject_name_hash(X509 *x);
 int		X509_cmp(const X509 *a, const X509 *b);
 int		X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b);
 unsigned long	X509_NAME_hash(X509_NAME *x);
+unsigned long	X509_NAME_hash_old(X509_NAME *x);
 
 int		X509_CRL_cmp(const X509_CRL *a, const X509_CRL *b);
 int		X509_CRL_match(const X509_CRL *a, const X509_CRL *b);
diff --git a/crypto/x509/x509_cmp.c b/crypto/x509/x509_cmp.c
index 180dedc7fa..ee234b04ad 100644
--- a/crypto/x509/x509_cmp.c
+++ b/crypto/x509/x509_cmp.c
@@ -198,11 +198,27 @@ int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b)
 
 	}
 
+unsigned long X509_NAME_hash(X509_NAME *x)
+	{
+	unsigned long ret=0;
+	unsigned char md[16];
+
+	/* Make sure X509_NAME structure contains valid cached encoding */
+	i2d_X509_NAME(x,NULL);
+	EVP_Digest(x->canon_enc, x->canon_enclen, md, NULL, EVP_sha1(), NULL);
+
+	ret=(	((unsigned long)md[0]     )|((unsigned long)md[1]<<8L)|
+		((unsigned long)md[2]<<16L)|((unsigned long)md[3]<<24L)
+		)&0xffffffffL;
+	return(ret);
+	}
+
 
 #ifndef OPENSSL_NO_MD5
 /* I now DER encode the name and hash it.  Since I cache the DER encoding,
  * this is reasonably efficient. */
-unsigned long X509_NAME_hash(X509_NAME *x)
+
+unsigned long X509_NAME_hash_old(X509_NAME *x)
 	{
 	unsigned long ret=0;
 	unsigned char md[16];