[openssl-commits] [openssl] OpenSSL_1_1_0-stable update

Rich Salz rsalz at openssl.org
Thu Jan 12 21:51:04 UTC 2017


The branch OpenSSL_1_1_0-stable has been updated
       via  550f0f99600194cacd10ca43584a9744e27dbe0f (commit)
      from  ff7256e75928be74101f3ce2d1fbf62f7e10a1f3 (commit)


- Log -----------------------------------------------------------------
commit 550f0f99600194cacd10ca43584a9744e27dbe0f
Author: Rich Salz <rsalz at openssl.org>
Date:   Thu Jan 12 16:39:41 2017 -0500

    Make X509_Digest,others public
    
    Also, if want SHA1 then use the pre-computed value if there.
    
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/2223)
    (cherry picked from commit 3e5d9da5fc45a5d129e0daa7211125eba097c3dd)

-----------------------------------------------------------------------

Summary of changes:
 crypto/x509/x_all.c        | 14 ++++++++++
 doc/crypto/X509_digest.pod | 65 ++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 79 insertions(+)
 create mode 100644 doc/crypto/X509_digest.pod

diff --git a/crypto/x509/x_all.c b/crypto/x509/x_all.c
index d9f42ed..86f4d70 100644
--- a/crypto/x509/x_all.c
+++ b/crypto/x509/x_all.c
@@ -362,6 +362,13 @@ int X509_pubkey_digest(const X509 *data, const EVP_MD *type,
 int X509_digest(const X509 *data, const EVP_MD *type, unsigned char *md,
                 unsigned int *len)
 {
+    if (type == EVP_sha1() && (data->ex_flags & EXFLAG_SET) != 0) {
+        /* Asking for SHA1 and we already computed it. */
+        if (len != NULL)
+            *len = sizeof(data->sha1_hash);
+        memcpy(md, data->sha1_hash, sizeof(data->sha1_hash));
+        return 1;
+    }
     return (ASN1_item_digest
             (ASN1_ITEM_rptr(X509), type, (char *)data, md, len));
 }
@@ -369,6 +376,13 @@ int X509_digest(const X509 *data, const EVP_MD *type, unsigned char *md,
 int X509_CRL_digest(const X509_CRL *data, const EVP_MD *type,
                     unsigned char *md, unsigned int *len)
 {
+    if (type == EVP_sha1()) {
+        /* Asking for SHA1; always computed in CRL d2i. */
+        if (len != NULL)
+            *len = sizeof(data->sha1_hash);
+        memcpy(md, data->sha1_hash, sizeof(data->sha1_hash));
+        return 1;
+    }
     return (ASN1_item_digest
             (ASN1_ITEM_rptr(X509_CRL), type, (char *)data, md, len));
 }
diff --git a/doc/crypto/X509_digest.pod b/doc/crypto/X509_digest.pod
new file mode 100644
index 0000000..267e7bd
--- /dev/null
+++ b/doc/crypto/X509_digest.pod
@@ -0,0 +1,65 @@
+=pod
+
+=head1 NAME
+
+X509_digest, X509_CRL_digest,
+X509_pubkey_digest,
+X509_NAME_digest,
+X509_REQ_digest
+PKCS7_ISSUER_AND_SERIAL_digest,
+- get digest of various objects
+
+=head1 SYNOPSIS
+
+ #include <openssl/x509.h>
+
+ int X509_digest(const X509 *data, const EVP_MD *type, unsigned char *md,
+                 unsigned int *len);
+
+ int X509_CRL_digest(const X509_CRL *data, const EVP_MD *type, unsigned char *md,
+                 unsigned int *len);
+
+ int X509_pubkey_digest(const X509 *data, const EVP_MD *type,
+                        unsigned char *md, unsigned int *len);
+
+ int X509_REQ_digest(const X509_REQ *data, const EVP_MD *type,
+                     unsigned char *md, unsigned int *len);
+
+ int X509_NAME_digest(const X509_NAME *data, const EVP_MD *type,
+                      unsigned char *md, unsigned int *len);
+
+ int PKCS7_ISSUER_AND_SERIAL_digest(PKCS7_ISSUER_AND_SERIAL *data,
+                                    const EVP_MD *type, unsigned char *md,
+                                    unsigned int *len);
+
+=head1 DESCRIPTION
+
+X509_pubkey_digest() returns a digest of the DER representation of the public
+key in the specified X509 B<data> object.
+All other functions described here return a digest of the DER representation
+of their entire B<data> objects.
+
+The B<type> parameter specifies the digest to
+be used, such as EVP_sha1(). The B<md> is a pointer to the buffer where the
+digest will be copied and is assumed to be large enough; the constant
+B<EVP_MAX_MD_SIZE> is suggested. The B<len> parameter, if not NULL, points
+to a place where the digest size will be stored.
+
+=head1 RETURN VALUES
+
+All functions described here return 1 for success and 0 for failure.
+
+=head1 SEE ALSO
+
+L<EVP_SHA1(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut


More information about the openssl-commits mailing list