diff options
| author | Bob Beck <beck@cvs.openbsd.org> | 2002-05-15 02:29:22 +0000 |
|---|---|---|
| committer | Bob Beck <beck@cvs.openbsd.org> | 2002-05-15 02:29:22 +0000 |
| commit | 4df88d25cb3419048d1bcf9740d37d4c459aef22 (patch) | |
| tree | 97858aa44644bc9b64d1775a8bbccfb5baca24d3 /lib/libcrypto/x509/x509_cmp.c | |
| parent | 998d0d156e423800e9a2fa1a482c0726f14201c2 (diff) | |
OpenSSL 0.9.7 stable 2002 05 08 merge
Diffstat (limited to 'lib/libcrypto/x509/x509_cmp.c')
| -rw-r--r-- | lib/libcrypto/x509/x509_cmp.c | 37 |
1 files changed, 21 insertions, 16 deletions
diff --git a/lib/libcrypto/x509/x509_cmp.c b/lib/libcrypto/x509/x509_cmp.c index 3f9f9b3d472..cd20b6d66f9 100644 --- a/lib/libcrypto/x509/x509_cmp.c +++ b/lib/libcrypto/x509/x509_cmp.c @@ -75,24 +75,26 @@ int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b) return(X509_NAME_cmp(ai->issuer,bi->issuer)); } -#ifndef NO_MD5 +#ifndef OPENSSL_NO_MD5 unsigned long X509_issuer_and_serial_hash(X509 *a) { unsigned long ret=0; - MD5_CTX ctx; + EVP_MD_CTX ctx; unsigned char md[16]; char str[256]; + EVP_MD_CTX_init(&ctx); X509_NAME_oneline(a->cert_info->issuer,str,256); ret=strlen(str); - MD5_Init(&ctx); - MD5_Update(&ctx,(unsigned char *)str,ret); - MD5_Update(&ctx,(unsigned char *)a->cert_info->serialNumber->data, + EVP_DigestInit_ex(&ctx, EVP_md5(), NULL); + EVP_DigestUpdate(&ctx,(unsigned char *)str,ret); + EVP_DigestUpdate(&ctx,(unsigned char *)a->cert_info->serialNumber->data, (unsigned long)a->cert_info->serialNumber->length); - MD5_Final(&(md[0]),&ctx); + EVP_DigestFinal_ex(&ctx,&(md[0]),NULL); ret=( ((unsigned long)md[0] )|((unsigned long)md[1]<<8L)| ((unsigned long)md[2]<<16L)|((unsigned long)md[3]<<24L) )&0xffffffffL; + EVP_MD_CTX_cleanup(&ctx); return(ret); } #endif @@ -137,7 +139,7 @@ unsigned long X509_subject_name_hash(X509 *x) return(X509_NAME_hash(x->cert_info->subject)); } -#ifndef NO_SHA +#ifndef OPENSSL_NO_SHA /* Compare two certificates: they must be identical for * this to work. NB: Although "cmp" operations are generally * prototyped to take "const" arguments (eg. for use in @@ -192,7 +194,7 @@ int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b) return(0); } -#ifndef NO_MD5 +#ifndef OPENSSL_NO_MD5 /* I now DER encode the name and hash it. Since I cache the DER encoding, * this is reasonably efficient. */ unsigned long X509_NAME_hash(X509_NAME *x) @@ -200,12 +202,9 @@ unsigned long X509_NAME_hash(X509_NAME *x) unsigned long ret=0; unsigned char md[16]; - /* Ensure cached version is up to date */ + /* Make sure X509_NAME structure contains valid cached encoding */ i2d_X509_NAME(x,NULL); - /* Use cached encoding directly rather than copying: this should - * keep libsafe happy. - */ - MD5((unsigned char *)x->bytes->data,x->bytes->length,&(md[0])); + EVP_Digest(x->bytes->data, x->bytes->length, md, NULL, EVP_md5(), NULL); ret=( ((unsigned long)md[0] )|((unsigned long)md[1]<<8L)| ((unsigned long)md[2]<<16L)|((unsigned long)md[3]<<24L) @@ -258,6 +257,12 @@ EVP_PKEY *X509_get_pubkey(X509 *x) return(X509_PUBKEY_get(x->cert_info->key)); } +ASN1_BIT_STRING *X509_get0_pubkey_bitstr(const X509 *x) + { + if(!x) return NULL; + return x->cert_info->key->public_key; + } + int X509_check_private_key(X509 *x, EVP_PKEY *k) { EVP_PKEY *xk=NULL; @@ -271,7 +276,7 @@ int X509_check_private_key(X509 *x, EVP_PKEY *k) } switch (k->type) { -#ifndef NO_RSA +#ifndef OPENSSL_NO_RSA case EVP_PKEY_RSA: if (BN_cmp(xk->pkey.rsa->n,k->pkey.rsa->n) != 0 || BN_cmp(xk->pkey.rsa->e,k->pkey.rsa->e) != 0) @@ -281,7 +286,7 @@ int X509_check_private_key(X509 *x, EVP_PKEY *k) } break; #endif -#ifndef NO_DSA +#ifndef OPENSSL_NO_DSA case EVP_PKEY_DSA: if (BN_cmp(xk->pkey.dsa->pub_key,k->pkey.dsa->pub_key) != 0) { @@ -290,7 +295,7 @@ int X509_check_private_key(X509 *x, EVP_PKEY *k) } break; #endif -#ifndef NO_DH +#ifndef OPENSSL_NO_DH case EVP_PKEY_DH: /* No idea */ X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_CANT_CHECK_DH_KEY); |