diff options
Diffstat (limited to '')
| -rw-r--r-- | src/usr.bin/openssl/certhash.c | 22 |
1 files changed, 9 insertions, 13 deletions
diff --git a/src/usr.bin/openssl/certhash.c b/src/usr.bin/openssl/certhash.c index 5ee29b8d01..1ee1165516 100644 --- a/src/usr.bin/openssl/certhash.c +++ b/src/usr.bin/openssl/certhash.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: certhash.c,v 1.21 2023/03/06 14:32:05 tb Exp $ */ | 1 | /* $OpenBSD: certhash.c,v 1.22 2025/07/27 14:46:20 joshua Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2014, 2015 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2014, 2015 Joel Sing <jsing@openbsd.org> |
| 4 | * | 4 | * |
| @@ -297,11 +297,10 @@ hashinfo_from_linkname(const char *linkname, const char *target) | |||
| 297 | } | 297 | } |
| 298 | 298 | ||
| 299 | static struct hashinfo * | 299 | static struct hashinfo * |
| 300 | certhash_cert(BIO *bio, const char *filename) | 300 | certhash_cert(BIO *bio, const char *filename, const EVP_MD *digest) |
| 301 | { | 301 | { |
| 302 | unsigned char fingerprint[EVP_MAX_MD_SIZE]; | 302 | unsigned char fingerprint[EVP_MAX_MD_SIZE]; |
| 303 | struct hashinfo *hi = NULL; | 303 | struct hashinfo *hi = NULL; |
| 304 | const EVP_MD *digest; | ||
| 305 | X509 *cert = NULL; | 304 | X509 *cert = NULL; |
| 306 | unsigned long hash; | 305 | unsigned long hash; |
| 307 | unsigned int len; | 306 | unsigned int len; |
| @@ -311,7 +310,6 @@ certhash_cert(BIO *bio, const char *filename) | |||
| 311 | 310 | ||
| 312 | hash = X509_subject_name_hash(cert); | 311 | hash = X509_subject_name_hash(cert); |
| 313 | 312 | ||
| 314 | digest = EVP_sha256(); | ||
| 315 | if (X509_digest(cert, digest, fingerprint, &len) != 1) { | 313 | if (X509_digest(cert, digest, fingerprint, &len) != 1) { |
| 316 | fprintf(stderr, "out of memory\n"); | 314 | fprintf(stderr, "out of memory\n"); |
| 317 | goto err; | 315 | goto err; |
| @@ -326,11 +324,10 @@ certhash_cert(BIO *bio, const char *filename) | |||
| 326 | } | 324 | } |
| 327 | 325 | ||
| 328 | static struct hashinfo * | 326 | static struct hashinfo * |
| 329 | certhash_crl(BIO *bio, const char *filename) | 327 | certhash_crl(BIO *bio, const char *filename, const EVP_MD *digest) |
| 330 | { | 328 | { |
| 331 | unsigned char fingerprint[EVP_MAX_MD_SIZE]; | 329 | unsigned char fingerprint[EVP_MAX_MD_SIZE]; |
| 332 | struct hashinfo *hi = NULL; | 330 | struct hashinfo *hi = NULL; |
| 333 | const EVP_MD *digest; | ||
| 334 | X509_CRL *crl = NULL; | 331 | X509_CRL *crl = NULL; |
| 335 | unsigned long hash; | 332 | unsigned long hash; |
| 336 | unsigned int len; | 333 | unsigned int len; |
| @@ -340,7 +337,6 @@ certhash_crl(BIO *bio, const char *filename) | |||
| 340 | 337 | ||
| 341 | hash = X509_NAME_hash(X509_CRL_get_issuer(crl)); | 338 | hash = X509_NAME_hash(X509_CRL_get_issuer(crl)); |
| 342 | 339 | ||
| 343 | digest = EVP_sha256(); | ||
| 344 | if (X509_CRL_digest(crl, digest, fingerprint, &len) != 1) { | 340 | if (X509_CRL_digest(crl, digest, fingerprint, &len) != 1) { |
| 345 | fprintf(stderr, "out of memory\n"); | 341 | fprintf(stderr, "out of memory\n"); |
| 346 | goto err; | 342 | goto err; |
| @@ -509,7 +505,7 @@ certhash_link(struct dirent *dep, struct hashinfo **links) | |||
| 509 | 505 | ||
| 510 | static int | 506 | static int |
| 511 | certhash_file(struct dirent *dep, struct hashinfo **certs, | 507 | certhash_file(struct dirent *dep, struct hashinfo **certs, |
| 512 | struct hashinfo **crls) | 508 | struct hashinfo **crls, const EVP_MD *digest) |
| 513 | { | 509 | { |
| 514 | struct hashinfo *hi = NULL; | 510 | struct hashinfo *hi = NULL; |
| 515 | int has_cert, has_crl; | 511 | int has_cert, has_crl; |
| @@ -529,7 +525,7 @@ certhash_file(struct dirent *dep, struct hashinfo **certs, | |||
| 529 | goto err; | 525 | goto err; |
| 530 | } | 526 | } |
| 531 | 527 | ||
| 532 | if ((hi = certhash_cert(bio, dep->d_name)) != NULL) { | 528 | if ((hi = certhash_cert(bio, dep->d_name, digest)) != NULL) { |
| 533 | has_cert = 1; | 529 | has_cert = 1; |
| 534 | *certs = hashinfo_chain(*certs, hi); | 530 | *certs = hashinfo_chain(*certs, hi); |
| 535 | } | 531 | } |
| @@ -539,7 +535,7 @@ certhash_file(struct dirent *dep, struct hashinfo **certs, | |||
| 539 | goto err; | 535 | goto err; |
| 540 | } | 536 | } |
| 541 | 537 | ||
| 542 | if ((hi = certhash_crl(bio, dep->d_name)) != NULL) { | 538 | if ((hi = certhash_crl(bio, dep->d_name, digest)) != NULL) { |
| 543 | has_crl = hi->is_crl = 1; | 539 | has_crl = hi->is_crl = 1; |
| 544 | *crls = hashinfo_chain(*crls, hi); | 540 | *crls = hashinfo_chain(*crls, hi); |
| 545 | } | 541 | } |
| @@ -557,7 +553,7 @@ certhash_file(struct dirent *dep, struct hashinfo **certs, | |||
| 557 | } | 553 | } |
| 558 | 554 | ||
| 559 | static int | 555 | static int |
| 560 | certhash_directory(const char *path) | 556 | certhash_directory(const char *path, const EVP_MD *digest) |
| 561 | { | 557 | { |
| 562 | struct hashinfo *links = NULL, *certs = NULL, *crls = NULL, *link; | 558 | struct hashinfo *links = NULL, *certs = NULL, *crls = NULL, *link; |
| 563 | int ret = 0; | 559 | int ret = 0; |
| @@ -579,7 +575,7 @@ certhash_directory(const char *path) | |||
| 579 | goto err; | 575 | goto err; |
| 580 | } | 576 | } |
| 581 | if (filename_is_pem(dep->d_name)) { | 577 | if (filename_is_pem(dep->d_name)) { |
| 582 | if (certhash_file(dep, &certs, &crls) == -1) | 578 | if (certhash_file(dep, &certs, &crls, digest) == -1) |
| 583 | goto err; | 579 | goto err; |
| 584 | } | 580 | } |
| 585 | } | 581 | } |
| @@ -678,7 +674,7 @@ certhash_main(int argc, char **argv) | |||
| 678 | ret = 1; | 674 | ret = 1; |
| 679 | continue; | 675 | continue; |
| 680 | } | 676 | } |
| 681 | ret |= certhash_directory(argv[i]); | 677 | ret |= certhash_directory(argv[i], EVP_sha256()); |
| 682 | if (fchdir(cwdfd) == -1) { | 678 | if (fchdir(cwdfd) == -1) { |
| 683 | perror("failed to restore current directory"); | 679 | perror("failed to restore current directory"); |
| 684 | ret = 1; | 680 | ret = 1; |