return 0;
}
- if ((digest = OSSL_CMP_X509_digest(ctx->certOut)) == NULL)
+ if ((digest = X509_digest_sig(ctx->certOut)) == NULL)
return 0;
if (ASN1_OCTET_STRING_cmp(certHash, digest) != 0) {
ASN1_OCTET_STRING_free(digest);
* the hash of the certificate, using the same hash algorithm
* as is used to create and verify the certificate signature
*/
- if ((certHash = OSSL_CMP_X509_digest(ctx->newCert)) == NULL)
+ if ((certHash = X509_digest_sig(ctx->newCert)) == NULL)
goto err;
if (!ossl_cmp_certstatus_set0_certHash(certStatus, certHash))
*tgt = new;
return 1;
}
-
-/*
- * calculate a digest of the given certificate,
- * using the same hash algorithm as in the certificate signature.
- */
-ASN1_OCTET_STRING *OSSL_CMP_X509_digest(const X509 *cert)
-{
- unsigned int len;
- unsigned char hash[EVP_MAX_MD_SIZE];
- int md_NID;
- const EVP_MD *md = NULL;
- ASN1_OCTET_STRING *new = NULL;
-
- if (!ossl_assert(cert != NULL))
- return NULL;
-
- /*-
- * select hash algorithm, as stated in CMP RFC 4210 Appendix F.
- * Compilable ASN.1 defs:
- * the hash of the certificate, using the same hash algorithm
- * as is used to create and verify the certificate signature
- */
- if (!OBJ_find_sigid_algs(X509_get_signature_nid(cert), &md_NID, NULL)
- || (md = EVP_get_digestbynid(md_NID)) == NULL) {
- CMPerr(0, CMP_R_UNSUPPORTED_ALGORITHM);
- return NULL;
- }
- if (!X509_digest(cert, md, hash, &len)
- || (new = ASN1_OCTET_STRING_new()) == NULL)
- return NULL;
- if (!(ASN1_OCTET_STRING_set(new, hash, len))) {
- ASN1_OCTET_STRING_free(new);
- return NULL;
- }
- return new;
-}
(ASN1_ITEM_rptr(X509), type, (char *)data, md, len));
}
+/* calculate cert digest using the same hash algorithm as in its signature */
+ASN1_OCTET_STRING *X509_digest_sig(const X509 *cert)
+{
+ unsigned int len;
+ unsigned char hash[EVP_MAX_MD_SIZE];
+ int md_NID;
+ const EVP_MD *md = NULL;
+ ASN1_OCTET_STRING *new = NULL;
+
+ if (cert == NULL) {
+ X509err(0, ERR_R_PASSED_NULL_PARAMETER);
+ return NULL;
+ }
+
+ if (!OBJ_find_sigid_algs(X509_get_signature_nid(cert), &md_NID, NULL)
+ || (md = EVP_get_digestbynid(md_NID)) == NULL) {
+ CMPerr(0, X509_R_UNSUPPORTED_ALGORITHM);
+ return NULL;
+ }
+ if (!X509_digest(cert, md, hash, &len)
+ || (new = ASN1_OCTET_STRING_new()) == NULL)
+ return NULL;
+ if (!(ASN1_OCTET_STRING_set(new, hash, len))) {
+ ASN1_OCTET_STRING_free(new);
+ return NULL;
+ }
+ return new;
+}
+
int X509_CRL_digest(const X509_CRL *data, const EVP_MD *type,
unsigned char *md, unsigned int *len)
{
+++ /dev/null
-=pod
-
-=head1 NAME
-
-OSSL_CMP_X509_digest
-- CMP certificate utility functions
-
-=head1 SYNOPSIS
-
- #include <openssl/cmp_util.h>
-
- ASN1_OCTET_STRING *OSSL_CMP_X509_digest(const X509 *cert);
-
-=head1 DESCRIPTION
-
-OSSL_CMP_X509_digest() calculates a digest of the given certificate
-using the same hash algorithm as in the certificate signature.
-
-=head1 RETURN VALUES
-
-OSSL_CMP_X509_digest() returns an ASN1_OCTET_STRING on success, else NULL.
-
-=head1 HISTORY
-
-The OpenSSL CMP support was added in OpenSSL 3.0.
-
-=head1 COPYRIGHT
-
-Copyright 2007-2019 The OpenSSL Project Authors. All Rights Reserved.
-
-Licensed under the Apache License 2.0 (the "License"). You may not use
-this file except in compliance with the License. You can obtain a copy
-in the file LICENSE in the source distribution or at
-L<https://www.openssl.org/source/license.html>.
-
-=cut
=head1 NAME
-X509_digest, X509_CRL_digest,
+X509_digest,
+X509_digest_sig,
+X509_CRL_digest,
X509_pubkey_digest,
X509_NAME_digest,
X509_REQ_digest,
int X509_digest(const X509 *data, const EVP_MD *type, unsigned char *md,
unsigned int *len);
+ ASN1_OCTET_STRING *X509_digest_sig(const X509 *cert);
int X509_CRL_digest(const X509_CRL *data, const EVP_MD *type, unsigned char *md,
unsigned int *len);
=head1 DESCRIPTION
+X509_digest_sig() calculates a digest of the given certificate
+using the same hash algorithm as in its signature.
+
X509_pubkey_digest() returns a digest of the DER representation of the public
key in the specified X509 B<data> object.
+
All other functions described here return a digest of the DER representation
of their entire B<data> objects.
=head1 RETURN VALUES
-All functions described here return 1 for success and 0 for failure.
+X509_digest_sig() returns an ASN1_OCTET_STRING on success, else NULL.
+
+All other functions described here return 1 for success and 0 for failure.
=head1 SEE ALSO
L<EVP_sha1(3)>
+=head1 HISTORY
+
+The X509_digest_sig() function was added in OpenSSL 3.0.
+
=head1 COPYRIGHT
Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
/* use of the logging callback for outputting error queue */
void OSSL_CMP_print_errors_cb(OSSL_cmp_log_cb_t log_fn);
-ASN1_OCTET_STRING *OSSL_CMP_X509_digest(const X509 *cert);
-
# ifdef __cplusplus
}
# endif
unsigned char *md, unsigned int *len);
int X509_digest(const X509 *data, const EVP_MD *type,
unsigned char *md, unsigned int *len);
+ASN1_OCTET_STRING *X509_digest_sig(const X509 *cert);
int X509_CRL_digest(const X509_CRL *data, const EVP_MD *type,
unsigned char *md, unsigned int *len);
int X509_REQ_digest(const X509_REQ *data, const EVP_MD *type,
OSSL_SELF_TEST_oncorrupt_byte ? 3_0_0 EXIST::FUNCTION:
OSSL_SELF_TEST_onend ? 3_0_0 EXIST::FUNCTION:
OSSL_PROVIDER_set_default_search_path ? 3_0_0 EXIST::FUNCTION:
+X509_digest_sig ? 3_0_0 EXIST::FUNCTION:
OSSL_CMP_MSG_dup ? 3_0_0 EXIST::FUNCTION:CMP
OSSL_CMP_ITAV_dup ? 3_0_0 EXIST::FUNCTION:CMP
d2i_OSSL_CMP_PKISI ? 3_0_0 EXIST::FUNCTION:CMP
OSSL_CMP_SRV_CTX_set_accept_unprotected ? 3_0_0 EXIST::FUNCTION:CMP
OSSL_CMP_SRV_CTX_set_accept_raverified ? 3_0_0 EXIST::FUNCTION:CMP
OSSL_CMP_SRV_CTX_set_grant_implicit_confirm ? 3_0_0 EXIST::FUNCTION:CMP
-OSSL_CMP_X509_digest ? 3_0_0 EXIST::FUNCTION:CMP
projects / oweals / openssl.git / commitdiff