diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2009-01-15 13:22:39 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2009-01-15 13:22:39 +0000 |
commit | c2c99e2860566044b23a5b3fded6f70b7436b9ad (patch) | |
tree | f80b3b69bdec325976f6e6ae8c067afc2cc0ab35 /crypto/x509 | |
parent | 8125d9f99ceb3fcd81fdd191e85a73b27063383a (diff) | |
download | openssl-new-c2c99e2860566044b23a5b3fded6f70b7436b9ad.tar.gz |
Update certificate hash line format to handle canonical format
and avoid MD5 dependency.
Diffstat (limited to 'crypto/x509')
-rw-r--r-- | crypto/x509/x509.h | 1 | ||||
-rw-r--r-- | crypto/x509/x509_cmp.c | 18 |
2 files changed, 18 insertions, 1 deletions
diff --git a/crypto/x509/x509.h b/crypto/x509/x509.h index 62e01b1ff5..e779c334e5 100644 --- a/crypto/x509/x509.h +++ b/crypto/x509/x509.h @@ -963,6 +963,7 @@ unsigned long X509_subject_name_hash(X509 *x); int X509_cmp(const X509 *a, const X509 *b); int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b); unsigned long X509_NAME_hash(X509_NAME *x); +unsigned long X509_NAME_hash_old(X509_NAME *x); int X509_CRL_cmp(const X509_CRL *a, const X509_CRL *b); int X509_CRL_match(const X509_CRL *a, const X509_CRL *b); diff --git a/crypto/x509/x509_cmp.c b/crypto/x509/x509_cmp.c index 180dedc7fa..ee234b04ad 100644 --- a/crypto/x509/x509_cmp.c +++ b/crypto/x509/x509_cmp.c @@ -198,11 +198,27 @@ int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b) } +unsigned long X509_NAME_hash(X509_NAME *x) + { + unsigned long ret=0; + unsigned char md[16]; + + /* Make sure X509_NAME structure contains valid cached encoding */ + i2d_X509_NAME(x,NULL); + EVP_Digest(x->canon_enc, x->canon_enclen, md, NULL, EVP_sha1(), NULL); + + ret=( ((unsigned long)md[0] )|((unsigned long)md[1]<<8L)| + ((unsigned long)md[2]<<16L)|((unsigned long)md[3]<<24L) + )&0xffffffffL; + return(ret); + } + #ifndef OPENSSL_NO_MD5 /* I now DER encode the name and hash it. Since I cache the DER encoding, * this is reasonably efficient. */ -unsigned long X509_NAME_hash(X509_NAME *x) + +unsigned long X509_NAME_hash_old(X509_NAME *x) { unsigned long ret=0; unsigned char md[16]; |