From 3e5d9da5fc45a5d129e0daa7211125eba097c3dd Mon Sep 17 00:00:00 2001 From: Rich Salz Date: Thu, 12 Jan 2017 16:39:41 -0500 Subject: [PATCH] Make X509_Digest,others public Also, if want SHA1 then use the pre-computed value if there. Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/2223) --- crypto/x509/x_all.c | 14 +++++++++ doc/man3/X509_digest.pod | 65 ++++++++++++++++++++++++++++++++++++++++ 2 files changed, 79 insertions(+) create mode 100644 doc/man3/X509_digest.pod diff --git a/crypto/x509/x_all.c b/crypto/x509/x_all.c index d9f42edaab..86f4d70042 100644 --- a/crypto/x509/x_all.c +++ b/crypto/x509/x_all.c @@ -362,6 +362,13 @@ int X509_pubkey_digest(const X509 *data, const EVP_MD *type, int X509_digest(const X509 *data, const EVP_MD *type, unsigned char *md, unsigned int *len) { + if (type == EVP_sha1() && (data->ex_flags & EXFLAG_SET) != 0) { + /* Asking for SHA1 and we already computed it. */ + if (len != NULL) + *len = sizeof(data->sha1_hash); + memcpy(md, data->sha1_hash, sizeof(data->sha1_hash)); + return 1; + } return (ASN1_item_digest (ASN1_ITEM_rptr(X509), type, (char *)data, md, len)); } @@ -369,6 +376,13 @@ int X509_digest(const X509 *data, const EVP_MD *type, unsigned char *md, int X509_CRL_digest(const X509_CRL *data, const EVP_MD *type, unsigned char *md, unsigned int *len) { + if (type == EVP_sha1()) { + /* Asking for SHA1; always computed in CRL d2i. */ + if (len != NULL) + *len = sizeof(data->sha1_hash); + memcpy(md, data->sha1_hash, sizeof(data->sha1_hash)); + return 1; + } return (ASN1_item_digest (ASN1_ITEM_rptr(X509_CRL), type, (char *)data, md, len)); } diff --git a/doc/man3/X509_digest.pod b/doc/man3/X509_digest.pod new file mode 100644 index 0000000000..267e7bd2a6 --- /dev/null +++ b/doc/man3/X509_digest.pod @@ -0,0 +1,65 @@ +=pod + +=head1 NAME + +X509_digest, X509_CRL_digest, +X509_pubkey_digest, +X509_NAME_digest, +X509_REQ_digest +PKCS7_ISSUER_AND_SERIAL_digest, +- get digest of various objects + +=head1 SYNOPSIS + + #include + + int X509_digest(const X509 *data, const EVP_MD *type, unsigned char *md, + unsigned int *len); + + int X509_CRL_digest(const X509_CRL *data, const EVP_MD *type, unsigned char *md, + unsigned int *len); + + int X509_pubkey_digest(const X509 *data, const EVP_MD *type, + unsigned char *md, unsigned int *len); + + int X509_REQ_digest(const X509_REQ *data, const EVP_MD *type, + unsigned char *md, unsigned int *len); + + int X509_NAME_digest(const X509_NAME *data, const EVP_MD *type, + unsigned char *md, unsigned int *len); + + int PKCS7_ISSUER_AND_SERIAL_digest(PKCS7_ISSUER_AND_SERIAL *data, + const EVP_MD *type, unsigned char *md, + unsigned int *len); + +=head1 DESCRIPTION + +X509_pubkey_digest() returns a digest of the DER representation of the public +key in the specified X509 B object. +All other functions described here return a digest of the DER representation +of their entire B objects. + +The B parameter specifies the digest to +be used, such as EVP_sha1(). The B is a pointer to the buffer where the +digest will be copied and is assumed to be large enough; the constant +B is suggested. The B parameter, if not NULL, points +to a place where the digest size will be stored. + +=head1 RETURN VALUES + +All functions described here return 1 for success and 0 for failure. + +=head1 SEE ALSO + +L + +=head1 COPYRIGHT + +Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the OpenSSL license (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut -- 2.25.1