x509: remove most references to EVP_sha1()

Fixes #14387

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14881)

diff --git a/crypto/x509/t_x509.c b/crypto/x509/t_x509.c
index 0c6d5f72fec3cfac816544a82721990499cac45b..78d4452156122e506e4ece1d9cfd9aa95c8422ad 100644 (file)
--- a/crypto/x509/t_x509.c
+++ b/crypto/x509/t_x509.c
@@ -228,7 +228,10 @@ int X509_ocspid_print(BIO *bp, X509 *x)
     unsigned char SHA1md[SHA_DIGEST_LENGTH];
     ASN1_BIT_STRING *keybstr;
     const X509_NAME *subj;
+    EVP_MD *md = NULL;
 
+    if (x == NULL || bp == NULL)
+        return 0;
     /*
      * display the hash of the subject as it would appear in OCSP requests
      */
@@ -242,7 +245,10 @@ int X509_ocspid_print(BIO *bp, X509 *x)
         goto err;
     i2d_X509_NAME(subj, &dertmp);
 
-    if (!EVP_Digest(der, derlen, SHA1md, NULL, EVP_sha1(), NULL))
+    md = EVP_MD_fetch(x->libctx, SN_sha1, x->propq);
+    if (md == NULL)
+        goto err;
+    if (!EVP_Digest(der, derlen, SHA1md, NULL, md, NULL))
         goto err;
     for (i = 0; i < SHA_DIGEST_LENGTH; i++) {
         if (BIO_printf(bp, "%02X", SHA1md[i]) <= 0)
@@ -263,18 +269,19 @@ int X509_ocspid_print(BIO *bp, X509 *x)
         goto err;
 
     if (!EVP_Digest(ASN1_STRING_get0_data(keybstr),
-                    ASN1_STRING_length(keybstr), SHA1md, NULL, EVP_sha1(),
-                    NULL))
+                    ASN1_STRING_length(keybstr), SHA1md, NULL, md, NULL))
         goto err;
     for (i = 0; i < SHA_DIGEST_LENGTH; i++) {
         if (BIO_printf(bp, "%02X", SHA1md[i]) <= 0)
             goto err;
     }
     BIO_printf(bp, "\n");
+    EVP_MD_free(md);
 
     return 1;
  err:
     OPENSSL_free(der);
+    EVP_MD_free(md);
     return 0;
 }
 

diff --git a/crypto/x509/v3_skid.c b/crypto/x509/v3_skid.c
index 8a8718d77abfb986a851c519202a46dca8992fbd..bab88898e687a2b2a629128b9e1f575372de2b2b 100644 (file)
--- a/crypto/x509/v3_skid.c
+++ b/crypto/x509/v3_skid.c
@@ -59,20 +59,31 @@ ASN1_OCTET_STRING *ossl_x509_pubkey_hash(X509_PUBKEY *pubkey)
     int pklen;
     unsigned char pkey_dig[EVP_MAX_MD_SIZE];
     unsigned int diglen;
+    const char *propq;
+    OSSL_LIB_CTX *libctx;
+    EVP_MD *md;
 
     if (pubkey == NULL) {
         ERR_raise(ERR_LIB_X509V3, X509V3_R_NO_PUBLIC_KEY);
         return NULL;
     }
-    if ((oct = ASN1_OCTET_STRING_new()) == NULL)
+    if (!ossl_x509_PUBKEY_get0_libctx(&libctx, &propq, pubkey))
         return NULL;
+    if ((md = EVP_MD_fetch(libctx, SN_sha1, propq)) == NULL)
+        return NULL;
+    if ((oct = ASN1_OCTET_STRING_new()) == NULL) {
+        EVP_MD_free(md);
+        return NULL;
+    }
 
     X509_PUBKEY_get0_param(NULL, &pk, &pklen, NULL, pubkey);
-    /* TODO(3.0) - explicitly fetch the digest */
-    if (EVP_Digest(pk, pklen, pkey_dig, &diglen, EVP_sha1(), NULL)
-            && ASN1_OCTET_STRING_set(oct, pkey_dig, diglen))
+    if (EVP_Digest(pk, pklen, pkey_dig, &diglen, md, NULL)
+            && ASN1_OCTET_STRING_set(oct, pkey_dig, diglen)) {
+        EVP_MD_free(md);
         return oct;
+    }
 
+    EVP_MD_free(md);
     ASN1_OCTET_STRING_free(oct);
     return NULL;
 }