From 8219b8128b462a346c845af56428e15357a85683 Mon Sep 17 00:00:00 2001 From: joshua <> Date: Sun, 27 Jul 2025 14:46:20 +0000 Subject: openssl certhash: add digest param to certhash_directory This will allow us to call certhash_directory with other digests as required to implement the openssl rehash command, which uses SHA1 or MD5. ok jsing tb --- src/usr.bin/openssl/certhash.c | 22 +++++++++------------- 1 file changed, 9 insertions(+), 13 deletions(-) (limited to 'src/usr.bin/openssl') diff --git a/src/usr.bin/openssl/certhash.c b/src/usr.bin/openssl/certhash.c index 5ee29b8d01..1ee1165516 100644 --- a/src/usr.bin/openssl/certhash.c +++ b/src/usr.bin/openssl/certhash.c @@ -1,4 +1,4 @@ -/* $OpenBSD: certhash.c,v 1.21 2023/03/06 14:32:05 tb Exp $ */ +/* $OpenBSD: certhash.c,v 1.22 2025/07/27 14:46:20 joshua Exp $ */ /* * Copyright (c) 2014, 2015 Joel Sing * @@ -297,11 +297,10 @@ hashinfo_from_linkname(const char *linkname, const char *target) } static struct hashinfo * -certhash_cert(BIO *bio, const char *filename) +certhash_cert(BIO *bio, const char *filename, const EVP_MD *digest) { unsigned char fingerprint[EVP_MAX_MD_SIZE]; struct hashinfo *hi = NULL; - const EVP_MD *digest; X509 *cert = NULL; unsigned long hash; unsigned int len; @@ -311,7 +310,6 @@ certhash_cert(BIO *bio, const char *filename) hash = X509_subject_name_hash(cert); - digest = EVP_sha256(); if (X509_digest(cert, digest, fingerprint, &len) != 1) { fprintf(stderr, "out of memory\n"); goto err; @@ -326,11 +324,10 @@ certhash_cert(BIO *bio, const char *filename) } static struct hashinfo * -certhash_crl(BIO *bio, const char *filename) +certhash_crl(BIO *bio, const char *filename, const EVP_MD *digest) { unsigned char fingerprint[EVP_MAX_MD_SIZE]; struct hashinfo *hi = NULL; - const EVP_MD *digest; X509_CRL *crl = NULL; unsigned long hash; unsigned int len; @@ -340,7 +337,6 @@ certhash_crl(BIO *bio, const char *filename) hash = X509_NAME_hash(X509_CRL_get_issuer(crl)); - digest = EVP_sha256(); if (X509_CRL_digest(crl, digest, fingerprint, &len) != 1) { fprintf(stderr, "out of memory\n"); goto err; @@ -509,7 +505,7 @@ certhash_link(struct dirent *dep, struct hashinfo **links) static int certhash_file(struct dirent *dep, struct hashinfo **certs, - struct hashinfo **crls) + struct hashinfo **crls, const EVP_MD *digest) { struct hashinfo *hi = NULL; int has_cert, has_crl; @@ -529,7 +525,7 @@ certhash_file(struct dirent *dep, struct hashinfo **certs, goto err; } - if ((hi = certhash_cert(bio, dep->d_name)) != NULL) { + if ((hi = certhash_cert(bio, dep->d_name, digest)) != NULL) { has_cert = 1; *certs = hashinfo_chain(*certs, hi); } @@ -539,7 +535,7 @@ certhash_file(struct dirent *dep, struct hashinfo **certs, goto err; } - if ((hi = certhash_crl(bio, dep->d_name)) != NULL) { + if ((hi = certhash_crl(bio, dep->d_name, digest)) != NULL) { has_crl = hi->is_crl = 1; *crls = hashinfo_chain(*crls, hi); } @@ -557,7 +553,7 @@ certhash_file(struct dirent *dep, struct hashinfo **certs, } static int -certhash_directory(const char *path) +certhash_directory(const char *path, const EVP_MD *digest) { struct hashinfo *links = NULL, *certs = NULL, *crls = NULL, *link; int ret = 0; @@ -579,7 +575,7 @@ certhash_directory(const char *path) goto err; } if (filename_is_pem(dep->d_name)) { - if (certhash_file(dep, &certs, &crls) == -1) + if (certhash_file(dep, &certs, &crls, digest) == -1) goto err; } } @@ -678,7 +674,7 @@ certhash_main(int argc, char **argv) ret = 1; continue; } - ret |= certhash_directory(argv[i]); + ret |= certhash_directory(argv[i], EVP_sha256()); if (fchdir(cwdfd) == -1) { perror("failed to restore current directory"); ret = 1; -- cgit v1.2.3-55-g6feb