diff options
| author | beck <> | 2002-05-15 02:29:21 +0000 |
|---|---|---|
| committer | beck <> | 2002-05-15 02:29:21 +0000 |
| commit | b64270d1e45fe7f3241e4c9b6ce60d5ac89bc2e9 (patch) | |
| tree | fa27cf82a1250b64ed3bf5f4a18c7354d470bbcc /src/lib/libcrypto/x509/x509_cmp.c | |
| parent | e471e1ea98d673597b182ea85f29e30c97cd08b5 (diff) | |
| download | openbsd-b64270d1e45fe7f3241e4c9b6ce60d5ac89bc2e9.tar.gz openbsd-b64270d1e45fe7f3241e4c9b6ce60d5ac89bc2e9.tar.bz2 openbsd-b64270d1e45fe7f3241e4c9b6ce60d5ac89bc2e9.zip | |
OpenSSL 0.9.7 stable 2002 05 08 merge
Diffstat (limited to 'src/lib/libcrypto/x509/x509_cmp.c')
| -rw-r--r-- | src/lib/libcrypto/x509/x509_cmp.c | 37 |
1 files changed, 21 insertions, 16 deletions
diff --git a/src/lib/libcrypto/x509/x509_cmp.c b/src/lib/libcrypto/x509/x509_cmp.c index 3f9f9b3d47..cd20b6d66f 100644 --- a/src/lib/libcrypto/x509/x509_cmp.c +++ b/src/lib/libcrypto/x509/x509_cmp.c | |||
| @@ -75,24 +75,26 @@ int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b) | |||
| 75 | return(X509_NAME_cmp(ai->issuer,bi->issuer)); | 75 | return(X509_NAME_cmp(ai->issuer,bi->issuer)); |
| 76 | } | 76 | } |
| 77 | 77 | ||
| 78 | #ifndef NO_MD5 | 78 | #ifndef OPENSSL_NO_MD5 |
| 79 | unsigned long X509_issuer_and_serial_hash(X509 *a) | 79 | unsigned long X509_issuer_and_serial_hash(X509 *a) |
| 80 | { | 80 | { |
| 81 | unsigned long ret=0; | 81 | unsigned long ret=0; |
| 82 | MD5_CTX ctx; | 82 | EVP_MD_CTX ctx; |
| 83 | unsigned char md[16]; | 83 | unsigned char md[16]; |
| 84 | char str[256]; | 84 | char str[256]; |
| 85 | 85 | ||
| 86 | EVP_MD_CTX_init(&ctx); | ||
| 86 | X509_NAME_oneline(a->cert_info->issuer,str,256); | 87 | X509_NAME_oneline(a->cert_info->issuer,str,256); |
| 87 | ret=strlen(str); | 88 | ret=strlen(str); |
| 88 | MD5_Init(&ctx); | 89 | EVP_DigestInit_ex(&ctx, EVP_md5(), NULL); |
| 89 | MD5_Update(&ctx,(unsigned char *)str,ret); | 90 | EVP_DigestUpdate(&ctx,(unsigned char *)str,ret); |
| 90 | MD5_Update(&ctx,(unsigned char *)a->cert_info->serialNumber->data, | 91 | EVP_DigestUpdate(&ctx,(unsigned char *)a->cert_info->serialNumber->data, |
| 91 | (unsigned long)a->cert_info->serialNumber->length); | 92 | (unsigned long)a->cert_info->serialNumber->length); |
| 92 | MD5_Final(&(md[0]),&ctx); | 93 | EVP_DigestFinal_ex(&ctx,&(md[0]),NULL); |
| 93 | ret=( ((unsigned long)md[0] )|((unsigned long)md[1]<<8L)| | 94 | ret=( ((unsigned long)md[0] )|((unsigned long)md[1]<<8L)| |
| 94 | ((unsigned long)md[2]<<16L)|((unsigned long)md[3]<<24L) | 95 | ((unsigned long)md[2]<<16L)|((unsigned long)md[3]<<24L) |
| 95 | )&0xffffffffL; | 96 | )&0xffffffffL; |
| 97 | EVP_MD_CTX_cleanup(&ctx); | ||
| 96 | return(ret); | 98 | return(ret); |
| 97 | } | 99 | } |
| 98 | #endif | 100 | #endif |
| @@ -137,7 +139,7 @@ unsigned long X509_subject_name_hash(X509 *x) | |||
| 137 | return(X509_NAME_hash(x->cert_info->subject)); | 139 | return(X509_NAME_hash(x->cert_info->subject)); |
| 138 | } | 140 | } |
| 139 | 141 | ||
| 140 | #ifndef NO_SHA | 142 | #ifndef OPENSSL_NO_SHA |
| 141 | /* Compare two certificates: they must be identical for | 143 | /* Compare two certificates: they must be identical for |
| 142 | * this to work. NB: Although "cmp" operations are generally | 144 | * this to work. NB: Although "cmp" operations are generally |
| 143 | * prototyped to take "const" arguments (eg. for use in | 145 | * prototyped to take "const" arguments (eg. for use in |
| @@ -192,7 +194,7 @@ int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b) | |||
| 192 | return(0); | 194 | return(0); |
| 193 | } | 195 | } |
| 194 | 196 | ||
| 195 | #ifndef NO_MD5 | 197 | #ifndef OPENSSL_NO_MD5 |
| 196 | /* I now DER encode the name and hash it. Since I cache the DER encoding, | 198 | /* I now DER encode the name and hash it. Since I cache the DER encoding, |
| 197 | * this is reasonably efficient. */ | 199 | * this is reasonably efficient. */ |
| 198 | unsigned long X509_NAME_hash(X509_NAME *x) | 200 | unsigned long X509_NAME_hash(X509_NAME *x) |
| @@ -200,12 +202,9 @@ unsigned long X509_NAME_hash(X509_NAME *x) | |||
| 200 | unsigned long ret=0; | 202 | unsigned long ret=0; |
| 201 | unsigned char md[16]; | 203 | unsigned char md[16]; |
| 202 | 204 | ||
| 203 | /* Ensure cached version is up to date */ | 205 | /* Make sure X509_NAME structure contains valid cached encoding */ |
| 204 | i2d_X509_NAME(x,NULL); | 206 | i2d_X509_NAME(x,NULL); |
| 205 | /* Use cached encoding directly rather than copying: this should | 207 | EVP_Digest(x->bytes->data, x->bytes->length, md, NULL, EVP_md5(), NULL); |
| 206 | * keep libsafe happy. | ||
| 207 | */ | ||
| 208 | MD5((unsigned char *)x->bytes->data,x->bytes->length,&(md[0])); | ||
| 209 | 208 | ||
| 210 | ret=( ((unsigned long)md[0] )|((unsigned long)md[1]<<8L)| | 209 | ret=( ((unsigned long)md[0] )|((unsigned long)md[1]<<8L)| |
| 211 | ((unsigned long)md[2]<<16L)|((unsigned long)md[3]<<24L) | 210 | ((unsigned long)md[2]<<16L)|((unsigned long)md[3]<<24L) |
| @@ -258,6 +257,12 @@ EVP_PKEY *X509_get_pubkey(X509 *x) | |||
| 258 | return(X509_PUBKEY_get(x->cert_info->key)); | 257 | return(X509_PUBKEY_get(x->cert_info->key)); |
| 259 | } | 258 | } |
| 260 | 259 | ||
| 260 | ASN1_BIT_STRING *X509_get0_pubkey_bitstr(const X509 *x) | ||
| 261 | { | ||
| 262 | if(!x) return NULL; | ||
| 263 | return x->cert_info->key->public_key; | ||
| 264 | } | ||
| 265 | |||
| 261 | int X509_check_private_key(X509 *x, EVP_PKEY *k) | 266 | int X509_check_private_key(X509 *x, EVP_PKEY *k) |
| 262 | { | 267 | { |
| 263 | EVP_PKEY *xk=NULL; | 268 | EVP_PKEY *xk=NULL; |
| @@ -271,7 +276,7 @@ int X509_check_private_key(X509 *x, EVP_PKEY *k) | |||
| 271 | } | 276 | } |
| 272 | switch (k->type) | 277 | switch (k->type) |
| 273 | { | 278 | { |
| 274 | #ifndef NO_RSA | 279 | #ifndef OPENSSL_NO_RSA |
| 275 | case EVP_PKEY_RSA: | 280 | case EVP_PKEY_RSA: |
| 276 | if (BN_cmp(xk->pkey.rsa->n,k->pkey.rsa->n) != 0 | 281 | if (BN_cmp(xk->pkey.rsa->n,k->pkey.rsa->n) != 0 |
| 277 | || BN_cmp(xk->pkey.rsa->e,k->pkey.rsa->e) != 0) | 282 | || BN_cmp(xk->pkey.rsa->e,k->pkey.rsa->e) != 0) |
| @@ -281,7 +286,7 @@ int X509_check_private_key(X509 *x, EVP_PKEY *k) | |||
| 281 | } | 286 | } |
| 282 | break; | 287 | break; |
| 283 | #endif | 288 | #endif |
| 284 | #ifndef NO_DSA | 289 | #ifndef OPENSSL_NO_DSA |
| 285 | case EVP_PKEY_DSA: | 290 | case EVP_PKEY_DSA: |
| 286 | if (BN_cmp(xk->pkey.dsa->pub_key,k->pkey.dsa->pub_key) != 0) | 291 | if (BN_cmp(xk->pkey.dsa->pub_key,k->pkey.dsa->pub_key) != 0) |
| 287 | { | 292 | { |
| @@ -290,7 +295,7 @@ int X509_check_private_key(X509 *x, EVP_PKEY *k) | |||
| 290 | } | 295 | } |
| 291 | break; | 296 | break; |
| 292 | #endif | 297 | #endif |
| 293 | #ifndef NO_DH | 298 | #ifndef OPENSSL_NO_DH |
| 294 | case EVP_PKEY_DH: | 299 | case EVP_PKEY_DH: |
| 295 | /* No idea */ | 300 | /* No idea */ |
| 296 | X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_CANT_CHECK_DH_KEY); | 301 | X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_CANT_CHECK_DH_KEY); |