{
ESS_CERT_ID *cid = NULL;
GENERAL_NAME *name = NULL;
+ unsigned char cert_sha1[SHA_DIGEST_LENGTH];
X509_check_purpose(cert, -1, 0);
if ((cid = ESS_CERT_ID_new()) == NULL)
goto err;
- if (!ASN1_OCTET_STRING_set(cid->hash, cert->sha1_hash,
- sizeof(cert->sha1_hash)))
+ X509_digest(cert, EVP_sha1(), cert_sha1, NULL);
+ if (!ASN1_OCTET_STRING_set(cid->hash, cert_sha1, SHA_DIGEST_LENGTH))
goto err;
/* Setting the issuer/serial if requested. */
static int ts_find_cert(STACK_OF(ESS_CERT_ID) *cert_ids, X509 *cert)
{
int i;
+ unsigned char cert_sha1[SHA_DIGEST_LENGTH];
if (!cert_ids || !cert)
return -1;
+ X509_digest(cert, EVP_sha1(), cert_sha1, NULL);
+
/* Recompute SHA1 hash of certificate if necessary (side effect). */
X509_check_purpose(cert, -1, 0);
for (i = 0; i < sk_ESS_CERT_ID_num(cert_ids); ++i) {
ESS_CERT_ID *cid = sk_ESS_CERT_ID_value(cert_ids, i);
- if (cid->hash->length == sizeof(cert->sha1_hash)
- && memcmp(cid->hash->data, cert->sha1_hash,
- sizeof(cert->sha1_hash)) == 0) {
+ if (cid->hash->length == SHA_DIGEST_LENGTH
+ && memcmp(cid->hash->data, cert_sha1, SHA_DIGEST_LENGTH) == 0) {
ESS_ISSUER_SERIAL *is = cid->issuer_serial;
if (!is || !ts_issuer_serial_cmp(is, cert))
return i;
projects / openssl.git / commitdiff