summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorbeck <>2022-02-24 22:05:07 +0000
committerbeck <>2022-02-24 22:05:07 +0000
commit241f81f05560b5b5be14de78e45d18c5a5899b06 (patch)
tree5d134be11f5cbf6684cb66d0413a5ea0ca52343e
parent0f5c4cf7cc56e3a4623fb0ca0dc51f0ea636ed81 (diff)
downloadopenbsd-241f81f05560b5b5be14de78e45d18c5a5899b06.tar.gz
openbsd-241f81f05560b5b5be14de78e45d18c5a5899b06.tar.bz2
openbsd-241f81f05560b5b5be14de78e45d18c5a5899b06.zip
Get rid of SHA1 for comparing CRL's - use SHA512 just like we do for certs.
ok tb@
Diffstat
-rw-r--r--src/lib/libcrypto/asn1/x_crl.c6
-rw-r--r--src/lib/libcrypto/x509/x509_cmp.c4
-rw-r--r--src/lib/libcrypto/x509/x509_lcl.h6
3 files changed, 7 insertions, 9 deletions
diff --git a/src/lib/libcrypto/asn1/x_crl.c b/src/lib/libcrypto/asn1/x_crl.c
index 8cea9e0b7b..35d9007f7c 100644
--- a/src/lib/libcrypto/asn1/x_crl.c
+++ b/src/lib/libcrypto/asn1/x_crl.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: x_crl.c,v 1.36 2021/12/03 17:07:53 jsing Exp $ */ 1/* $OpenBSD: x_crl.c,v 1.37 2022/02/24 22:05:06 beck Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -288,9 +288,7 @@ crl_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
288 break; 288 break;
289 289
290 case ASN1_OP_D2I_POST: 290 case ASN1_OP_D2I_POST:
291#ifndef OPENSSL_NO_SHA 291 X509_CRL_digest(crl, X509_CRL_HASH_EVP, crl->hash, NULL);
292 X509_CRL_digest(crl, EVP_sha1(), crl->sha1_hash, NULL);
293#endif
294 crl->idp = X509_CRL_get_ext_d2i(crl, 292 crl->idp = X509_CRL_get_ext_d2i(crl,
295 NID_issuing_distribution_point, NULL, NULL); 293 NID_issuing_distribution_point, NULL, NULL);
296 if (crl->idp) 294 if (crl->idp)
diff --git a/src/lib/libcrypto/x509/x509_cmp.c b/src/lib/libcrypto/x509/x509_cmp.c
index e60ee25de1..4fd8d78fc3 100644
--- a/src/lib/libcrypto/x509/x509_cmp.c
+++ b/src/lib/libcrypto/x509/x509_cmp.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: x509_cmp.c,v 1.38 2021/12/12 21:30:14 tb Exp $ */ 1/* $OpenBSD: x509_cmp.c,v 1.39 2022/02/24 22:05:06 beck Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -143,7 +143,7 @@ X509_CRL_cmp(const X509_CRL *a, const X509_CRL *b)
143int 143int
144X509_CRL_match(const X509_CRL *a, const X509_CRL *b) 144X509_CRL_match(const X509_CRL *a, const X509_CRL *b)
145{ 145{
146 return memcmp(a->sha1_hash, b->sha1_hash, 20); 146 return memcmp(a->hash, b->hash, X509_CRL_HASH_LEN);
147} 147}
148#endif 148#endif
149 149
diff --git a/src/lib/libcrypto/x509/x509_lcl.h b/src/lib/libcrypto/x509/x509_lcl.h
index 7854346b1f..e7eb733f7d 100644
--- a/src/lib/libcrypto/x509/x509_lcl.h
+++ b/src/lib/libcrypto/x509/x509_lcl.h
@@ -66,6 +66,8 @@ __BEGIN_HIDDEN_DECLS
66 66
67#define X509_CERT_HASH_EVP EVP_sha512() 67#define X509_CERT_HASH_EVP EVP_sha512()
68#define X509_CERT_HASH_LEN SHA512_DIGEST_LENGTH 68#define X509_CERT_HASH_LEN SHA512_DIGEST_LENGTH
69#define X509_CRL_HASH_EVP EVP_sha512()
70#define X509_CRL_HASH_LEN SHA512_DIGEST_LENGTH
69 71
70struct X509_pubkey_st { 72struct X509_pubkey_st {
71 X509_ALGOR *algor; 73 X509_ALGOR *algor;
@@ -227,9 +229,7 @@ struct X509_crl_st {
227 /* CRL and base CRL numbers for delta processing */ 229 /* CRL and base CRL numbers for delta processing */
228 ASN1_INTEGER *crl_number; 230 ASN1_INTEGER *crl_number;
229 ASN1_INTEGER *base_crl_number; 231 ASN1_INTEGER *base_crl_number;
230#ifndef OPENSSL_NO_SHA 232 unsigned char hash[X509_CRL_HASH_LEN];
231 unsigned char sha1_hash[SHA_DIGEST_LENGTH];
232#endif
233 STACK_OF(GENERAL_NAMES) *issuers; 233 STACK_OF(GENERAL_NAMES) *issuers;
234 const X509_CRL_METHOD *meth; 234 const X509_CRL_METHOD *meth;
235 void *meth_data; 235 void *meth_data;
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-20 22:11:35 +0000