x509: remove most references to EVP_sha1()

Fixes #14387 Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14881)
2024-11-21 01:15:20 +08:00 · 2021-04-15 10:31:58 +10:00 · 2021-04-15 10:31:58 +10:00 · 192d500878
commit 192d500878
parent 6bcbc36985
2 changed files with 25 additions and 7 deletions
--- a/crypto/x509/t_x509.c
+++ b/crypto/x509/t_x509.c
@ -228,7 +228,10 @@ int X509_ocspid_print(BIO *bp, X509 *x)
    unsigned char SHA1md[SHA_DIGEST_LENGTH];
    ASN1_BIT_STRING *keybstr;
    const X509_NAME *subj;
+    EVP_MD *md = NULL;

+    if (x == NULL || bp == NULL)
+        return 0;
    /*
     * display the hash of the subject as it would appear in OCSP requests
     */
@ -242,7 +245,10 @@ int X509_ocspid_print(BIO *bp, X509 *x)
        goto err;
    i2d_X509_NAME(subj, &dertmp);

-    if (!EVP_Digest(der, derlen, SHA1md, NULL, EVP_sha1(), NULL))
+    md = EVP_MD_fetch(x->libctx, SN_sha1, x->propq);
+    if (md == NULL)
+        goto err;
+    if (!EVP_Digest(der, derlen, SHA1md, NULL, md, NULL))
        goto err;
    for (i = 0; i < SHA_DIGEST_LENGTH; i++) {
        if (BIO_printf(bp, "%02X", SHA1md[i]) <= 0)
@ -263,18 +269,19 @@ int X509_ocspid_print(BIO *bp, X509 *x)
        goto err;

    if (!EVP_Digest(ASN1_STRING_get0_data(keybstr),
-                    ASN1_STRING_length(keybstr), SHA1md, NULL, EVP_sha1(),
-                    NULL))
+                    ASN1_STRING_length(keybstr), SHA1md, NULL, md, NULL))
        goto err;
    for (i = 0; i < SHA_DIGEST_LENGTH; i++) {
        if (BIO_printf(bp, "%02X", SHA1md[i]) <= 0)
            goto err;
    }
    BIO_printf(bp, "\n");
+    EVP_MD_free(md);

    return 1;
 err:
    OPENSSL_free(der);
+    EVP_MD_free(md);
    return 0;
 }

--- a/crypto/x509/v3_skid.c
+++ b/crypto/x509/v3_skid.c
@ -59,20 +59,31 @@ ASN1_OCTET_STRING *ossl_x509_pubkey_hash(X509_PUBKEY *pubkey)
    int pklen;
    unsigned char pkey_dig[EVP_MAX_MD_SIZE];
    unsigned int diglen;
+    const char *propq;
+    OSSL_LIB_CTX *libctx;
+    EVP_MD *md;

    if (pubkey == NULL) {
        ERR_raise(ERR_LIB_X509V3, X509V3_R_NO_PUBLIC_KEY);
        return NULL;
    }
-    if ((oct = ASN1_OCTET_STRING_new()) == NULL)
+    if (!ossl_x509_PUBKEY_get0_libctx(&libctx, &propq, pubkey))
        return NULL;
+    if ((md = EVP_MD_fetch(libctx, SN_sha1, propq)) == NULL)
+        return NULL;
+    if ((oct = ASN1_OCTET_STRING_new()) == NULL) {
+        EVP_MD_free(md);
+        return NULL;
+    }

    X509_PUBKEY_get0_param(NULL, &pk, &pklen, NULL, pubkey);
-    /* TODO(3.0) - explicitly fetch the digest */
-    if (EVP_Digest(pk, pklen, pkey_dig, &diglen, EVP_sha1(), NULL)
-            && ASN1_OCTET_STRING_set(oct, pkey_dig, diglen))
+    if (EVP_Digest(pk, pklen, pkey_dig, &diglen, md, NULL)
+            && ASN1_OCTET_STRING_set(oct, pkey_dig, diglen)) {
+        EVP_MD_free(md);
        return oct;
+    }

+    EVP_MD_free(md);
    ASN1_OCTET_STRING_free(oct);
    return NULL;
 }