root
/
openssl
mirror of https://github.com/openssl/openssl.git
1
0
Fork 0
Code Issues Actions 7 Packages Projects Releases Wiki Activity

apps/ca,req,x509: Switch to EVP_DigestSignInit_ex 

Switch lib/apps.c do_sign_init() to use EVP_DigestSignInit_ex, so it
works with external providers.
Since EVP_DigestSignInit_ex requires a digest name instead of
an EVP_MD pointer, the apps using do_sign_init() had to be modified
to pass char* instead of EVP_MD*.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/15014)
This commit is contained in:
Petr Gotthard 2021-04-24 12:40:36 +02:00 committed by Dmitry Belyavskiy
parent 4489655c23
commit 91034b68b3
5 changed files with 58 additions and 66 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

47
apps/ca.c
View File

@ -90,7 +90,7 @@ static char *lookup_conf(const CONF *conf, const char *group, const char *tag);
static int certify(X509 **xret, const char *infile, int informat, static int certify(X509 **xret, const char *infile, int informat,
EVP_PKEY *pkey, X509 *x509, EVP_PKEY *pkey, X509 *x509,
const EVP_MD *dgst, const char *dgst,
STACK_OF(OPENSSL_STRING) *sigopts, STACK_OF(OPENSSL_STRING) *sigopts,
STACK_OF(OPENSSL_STRING) *vfyopts, STACK_OF(OPENSSL_STRING) *vfyopts,
STACK_OF(CONF_VALUE) *policy, CA_DB *db, STACK_OF(CONF_VALUE) *policy, CA_DB *db,
@ -102,7 +102,7 @@ static int certify(X509 **xret, const char *infile, int informat,
int default_op, int ext_copy, int selfsign); int default_op, int ext_copy, int selfsign);
static int certify_cert(X509 **xret, const char *infile, int certformat, static int certify_cert(X509 **xret, const char *infile, int certformat,
const char *passin, EVP_PKEY *pkey, X509 *x509, const char *passin, EVP_PKEY *pkey, X509 *x509,
const EVP_MD *dgst, const char *dgst,
STACK_OF(OPENSSL_STRING) *sigopts, STACK_OF(OPENSSL_STRING) *sigopts,
STACK_OF(OPENSSL_STRING) *vfyopts, STACK_OF(OPENSSL_STRING) *vfyopts,
STACK_OF(CONF_VALUE) *policy, CA_DB *db, STACK_OF(CONF_VALUE) *policy, CA_DB *db,
@ -112,7 +112,7 @@ static int certify_cert(X509 **xret, const char *infile, int certformat,
CONF *conf, int verbose, unsigned long certopt, CONF *conf, int verbose, unsigned long certopt,
unsigned long nameopt, int default_op, int ext_copy); unsigned long nameopt, int default_op, int ext_copy);
static int certify_spkac(X509 **xret, const char *infile, EVP_PKEY *pkey, static int certify_spkac(X509 **xret, const char *infile, EVP_PKEY *pkey,
X509 *x509, const EVP_MD *dgst, X509 *x509, const char *dgst,
STACK_OF(OPENSSL_STRING) *sigopts, STACK_OF(OPENSSL_STRING) *sigopts,
STACK_OF(CONF_VALUE) *policy, CA_DB *db, STACK_OF(CONF_VALUE) *policy, CA_DB *db,
BIGNUM *serial, const char *subj, unsigned long chtype, BIGNUM *serial, const char *subj, unsigned long chtype,
@ -121,7 +121,7 @@ static int certify_spkac(X509 **xret, const char *infile, EVP_PKEY *pkey,
int verbose, unsigned long certopt, int verbose, unsigned long certopt,
unsigned long nameopt, int default_op, int ext_copy); unsigned long nameopt, int default_op, int ext_copy);
static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509,
const EVP_MD *dgst, STACK_OF(OPENSSL_STRING) *sigopts, const char *dgst, STACK_OF(OPENSSL_STRING) *sigopts,
STACK_OF(CONF_VALUE) *policy, CA_DB *db, BIGNUM *serial, STACK_OF(CONF_VALUE) *policy, CA_DB *db, BIGNUM *serial,
const char *subj, unsigned long chtype, int multirdn, const char *subj, unsigned long chtype, int multirdn,
int email_dn, const char *startdate, const char *enddate, long days, int email_dn, const char *startdate, const char *enddate, long days,
@ -270,9 +270,9 @@ int ca_main(int argc, char **argv)
STACK_OF(OPENSSL_STRING) *sigopts = NULL, *vfyopts = NULL; STACK_OF(OPENSSL_STRING) *sigopts = NULL, *vfyopts = NULL;
STACK_OF(X509) *cert_sk = NULL; STACK_OF(X509) *cert_sk = NULL;
X509_CRL *crl = NULL; X509_CRL *crl = NULL;
EVP_MD *dgst = NULL;
char *configfile = default_config_file, *section = NULL; char *configfile = default_config_file, *section = NULL;
char *md = NULL, *policy = NULL, *keyfile = NULL; char def_dgst[80] = "";
char *dgst = NULL, *policy = NULL, *keyfile = NULL;
char *certfile = NULL, *crl_ext = NULL, *crlnumberfile = NULL; char *certfile = NULL, *crl_ext = NULL, *crlnumberfile = NULL;
int certformat = FORMAT_PEM, informat = FORMAT_PEM; int certformat = FORMAT_PEM, informat = FORMAT_PEM;
const char *infile = NULL, *spkac_file = NULL, *ss_cert_file = NULL; const char *infile = NULL, *spkac_file = NULL, *ss_cert_file = NULL;
@ -291,7 +291,7 @@ int ca_main(int argc, char **argv)
int batch = 0, default_op = 1, doupdatedb = 0, ext_copy = EXT_COPY_NONE; int batch = 0, default_op = 1, doupdatedb = 0, ext_copy = EXT_COPY_NONE;
int keyformat = FORMAT_PEM, multirdn = 1, notext = 0, output_der = 0; int keyformat = FORMAT_PEM, multirdn = 1, notext = 0, output_der = 0;
int ret = 1, email_dn = 1, req = 0, verbose = 0, gencrl = 0, dorevoke = 0; int ret = 1, email_dn = 1, req = 0, verbose = 0, gencrl = 0, dorevoke = 0;
int rand_ser = 0, i, j, selfsign = 0, def_nid, def_ret; int rand_ser = 0, i, j, selfsign = 0, def_ret;
char *crl_lastupdate = NULL, *crl_nextupdate = NULL; char *crl_lastupdate = NULL, *crl_nextupdate = NULL;
long crldays = 0, crlhours = 0, crlsec = 0, days = 0; long crldays = 0, crlhours = 0, crlsec = 0, days = 0;
unsigned long chtype = MBSTRING_ASC, certopt = 0; unsigned long chtype = MBSTRING_ASC, certopt = 0;
@ -358,7 +358,7 @@ opthelp:
days = atoi(opt_arg()); days = atoi(opt_arg());
break; break;
case OPT_MD: case OPT_MD:
md = opt_arg(); dgst = opt_arg();
break; break;
case OPT_POLICY: case OPT_POLICY:
policy = opt_arg(); policy = opt_arg();
@ -788,28 +788,25 @@ end_of_options:
} }
} }
def_ret = EVP_PKEY_get_default_digest_nid(pkey, &def_nid); def_ret = EVP_PKEY_get_default_digest_name(pkey, def_dgst, sizeof(def_dgst));
/* /*
* EVP_PKEY_get_default_digest_nid() returns 2 if the digest is * EVP_PKEY_get_default_digest_name() returns 2 if the digest is
* mandatory for this algorithm. * mandatory for this algorithm.
*/ */
if (def_ret == 2 && def_nid == NID_undef) { if (def_ret == 2 && strcmp(def_dgst, "UNDEF") == 0) {
/* The signing algorithm requires there to be no digest */ /* The signing algorithm requires there to be no digest */
dgst = (EVP_MD *)EVP_md_null(); dgst = NULL;
} else if (md == NULL } else if (dgst == NULL
&& (md = lookup_conf(conf, section, ENV_DEFAULT_MD)) == NULL) { && (dgst = lookup_conf(conf, section, ENV_DEFAULT_MD)) == NULL) {
goto end; goto end;
} else { } else {
if (strcmp(md, "default") == 0) { if (strcmp(dgst, "default") == 0) {
if (def_ret <= 0) { if (def_ret <= 0) {
BIO_puts(bio_err, "no default digest\n"); BIO_puts(bio_err, "no default digest\n");
goto end; goto end;
} }
md = (char *)OBJ_nid2sn(def_nid); dgst = def_dgst;
} }
if (!opt_md(md, &dgst))
goto end;
} }
if (req) { if (req) {
@ -821,8 +818,7 @@ end_of_options:
email_dn = 0; email_dn = 0;
} }
if (verbose) if (verbose)
BIO_printf(bio_err, "message digest is %s\n", BIO_printf(bio_err, "message digest is %s\n", dgst);
EVP_MD_name(dgst));
if (policy == NULL if (policy == NULL
&& (policy = lookup_conf(conf, section, ENV_POLICY)) == NULL) && (policy = lookup_conf(conf, section, ENV_POLICY)) == NULL)
goto end; goto end;
@ -1330,7 +1326,6 @@ end_of_options:
sk_OPENSSL_STRING_free(sigopts); sk_OPENSSL_STRING_free(sigopts);
sk_OPENSSL_STRING_free(vfyopts); sk_OPENSSL_STRING_free(vfyopts);
EVP_PKEY_free(pkey); EVP_PKEY_free(pkey);
EVP_MD_free(dgst);
X509_free(x509); X509_free(x509);
X509_CRL_free(crl); X509_CRL_free(crl);
NCONF_free(conf); NCONF_free(conf);
@ -1349,7 +1344,7 @@ static char *lookup_conf(const CONF *conf, const char *section, const char *tag)
static int certify(X509 **xret, const char *infile, int informat, static int certify(X509 **xret, const char *infile, int informat,
EVP_PKEY *pkey, X509 *x509, EVP_PKEY *pkey, X509 *x509,
const EVP_MD *dgst, const char *dgst,
STACK_OF(OPENSSL_STRING) *sigopts, STACK_OF(OPENSSL_STRING) *sigopts,
STACK_OF(OPENSSL_STRING) *vfyopts, STACK_OF(OPENSSL_STRING) *vfyopts,
STACK_OF(CONF_VALUE) *policy, CA_DB *db, STACK_OF(CONF_VALUE) *policy, CA_DB *db,
@ -1407,7 +1402,7 @@ static int certify(X509 **xret, const char *infile, int informat,
static int certify_cert(X509 **xret, const char *infile, int certformat, static int certify_cert(X509 **xret, const char *infile, int certformat,
const char *passin, EVP_PKEY *pkey, X509 *x509, const char *passin, EVP_PKEY *pkey, X509 *x509,
const EVP_MD *dgst, const char *dgst,
STACK_OF(OPENSSL_STRING) *sigopts, STACK_OF(OPENSSL_STRING) *sigopts,
STACK_OF(OPENSSL_STRING) *vfyopts, STACK_OF(OPENSSL_STRING) *vfyopts,
STACK_OF(CONF_VALUE) *policy, CA_DB *db, STACK_OF(CONF_VALUE) *policy, CA_DB *db,
@ -1463,7 +1458,7 @@ static int certify_cert(X509 **xret, const char *infile, int certformat,
} }
static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509,
const EVP_MD *dgst, STACK_OF(OPENSSL_STRING) *sigopts, const char *dgst, STACK_OF(OPENSSL_STRING) *sigopts,
STACK_OF(CONF_VALUE) *policy, CA_DB *db, BIGNUM *serial, STACK_OF(CONF_VALUE) *policy, CA_DB *db, BIGNUM *serial,
const char *subj, unsigned long chtype, int multirdn, const char *subj, unsigned long chtype, int multirdn,
int email_dn, const char *startdate, const char *enddate, long days, int email_dn, const char *startdate, const char *enddate, long days,
@ -1964,7 +1959,7 @@ static void write_new_certificate(BIO *bp, X509 *x, int output_der, int notext)
} }
static int certify_spkac(X509 **xret, const char *infile, EVP_PKEY *pkey, static int certify_spkac(X509 **xret, const char *infile, EVP_PKEY *pkey,
X509 *x509, const EVP_MD *dgst, X509 *x509, const char *dgst,
STACK_OF(OPENSSL_STRING) *sigopts, STACK_OF(OPENSSL_STRING) *sigopts,
STACK_OF(CONF_VALUE) *policy, CA_DB *db, STACK_OF(CONF_VALUE) *policy, CA_DB *db,
BIGNUM *serial, const char *subj, unsigned long chtype, BIGNUM *serial, const char *subj, unsigned long chtype,

6
apps/include/apps.h
View File

@ -241,14 +241,14 @@ int x509_req_ctrl_string(X509_REQ *x, const char *value);
int init_gen_str(EVP_PKEY_CTX **pctx, int init_gen_str(EVP_PKEY_CTX **pctx,
const char *algname, ENGINE *e, int do_param, const char *algname, ENGINE *e, int do_param,
OSSL_LIB_CTX *libctx, const char *propq); OSSL_LIB_CTX *libctx, const char *propq);
int do_X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md, int do_X509_sign(X509 *x, EVP_PKEY *pkey, const char *md,
STACK_OF(OPENSSL_STRING) *sigopts, X509V3_CTX *ext_ctx); STACK_OF(OPENSSL_STRING) *sigopts, X509V3_CTX *ext_ctx);
int do_X509_verify(X509 *x, EVP_PKEY *pkey, STACK_OF(OPENSSL_STRING) *vfyopts); int do_X509_verify(X509 *x, EVP_PKEY *pkey, STACK_OF(OPENSSL_STRING) *vfyopts);
int do_X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md, int do_X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const char *md,
STACK_OF(OPENSSL_STRING) *sigopts); STACK_OF(OPENSSL_STRING) *sigopts);
int do_X509_REQ_verify(X509_REQ *x, EVP_PKEY *pkey, int do_X509_REQ_verify(X509_REQ *x, EVP_PKEY *pkey,
STACK_OF(OPENSSL_STRING) *vfyopts); STACK_OF(OPENSSL_STRING) *vfyopts);
int do_X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md, int do_X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const char *md,
STACK_OF(OPENSSL_STRING) *sigopts); STACK_OF(OPENSSL_STRING) *sigopts);
extern char *psk_key; extern char *psk_key;

20
apps/lib/apps.c
View File

@ -2152,23 +2152,25 @@ static int do_x509_req_init(X509_REQ *x, STACK_OF(OPENSSL_STRING) *opts)
} }
static int do_sign_init(EVP_MD_CTX *ctx, EVP_PKEY *pkey, static int do_sign_init(EVP_MD_CTX *ctx, EVP_PKEY *pkey,
const EVP_MD *md, STACK_OF(OPENSSL_STRING) *sigopts) const char *md, STACK_OF(OPENSSL_STRING) *sigopts)
{ {
EVP_PKEY_CTX *pkctx = NULL; EVP_PKEY_CTX *pkctx = NULL;
int def_nid; char def_md[80];
if (ctx == NULL) if (ctx == NULL)
return 0; return 0;
/* /*
* EVP_PKEY_get_default_digest_nid() returns 2 if the digest is mandatory * EVP_PKEY_get_default_digest_name() returns 2 if the digest is mandatory
* for this algorithm. * for this algorithm.
*/ */
if (EVP_PKEY_get_default_digest_nid(pkey, &def_nid) == 2 if (EVP_PKEY_get_default_digest_name(pkey, def_md, sizeof(def_md)) == 2
&& def_nid == NID_undef) { && strcmp(def_md, "UNDEF") == 0) {
/* The signing algorithm requires there to be no digest */ /* The signing algorithm requires there to be no digest */
md = NULL; md = NULL;
} }
return EVP_DigestSignInit(ctx, &pkctx, md, NULL, pkey)
return EVP_DigestSignInit_ex(ctx, &pkctx, md, app_get0_libctx(),
app_get0_propq(), pkey, NULL)
&& do_pkey_ctx_init(pkctx, sigopts); && do_pkey_ctx_init(pkctx, sigopts);
} }
@ -2201,7 +2203,7 @@ static int adapt_keyid_ext(X509 *cert, X509V3_CTX *ext_ctx,
} }
/* Ensure RFC 5280 compliance, adapt keyIDs as needed, and sign the cert info */ /* Ensure RFC 5280 compliance, adapt keyIDs as needed, and sign the cert info */
int do_X509_sign(X509 *cert, EVP_PKEY *pkey, const EVP_MD *md, int do_X509_sign(X509 *cert, EVP_PKEY *pkey, const char *md,
STACK_OF(OPENSSL_STRING) *sigopts, X509V3_CTX *ext_ctx) STACK_OF(OPENSSL_STRING) *sigopts, X509V3_CTX *ext_ctx)
{ {
const STACK_OF(X509_EXTENSION) *exts = X509_get0_extensions(cert); const STACK_OF(X509_EXTENSION) *exts = X509_get0_extensions(cert);
@ -2240,7 +2242,7 @@ int do_X509_sign(X509 *cert, EVP_PKEY *pkey, const EVP_MD *md,
} }
/* Sign the certificate request info */ /* Sign the certificate request info */
int do_X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md, int do_X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const char *md,
STACK_OF(OPENSSL_STRING) *sigopts) STACK_OF(OPENSSL_STRING) *sigopts)
{ {
int rv = 0; int rv = 0;
@ -2253,7 +2255,7 @@ int do_X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md,
} }
/* Sign the CRL info */ /* Sign the CRL info */
int do_X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md, int do_X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const char *md,
STACK_OF(OPENSSL_STRING) *sigopts) STACK_OF(OPENSSL_STRING) *sigopts)
{ {
int rv = 0; int rv = 0;

19
apps/req.c
View File

@ -240,12 +240,11 @@ int req_main(int argc, char **argv)
X509 *new_x509 = NULL, *CAcert = NULL; X509 *new_x509 = NULL, *CAcert = NULL;
X509_REQ *req = NULL; X509_REQ *req = NULL;
EVP_CIPHER *cipher = NULL; EVP_CIPHER *cipher = NULL;
EVP_MD *digest = NULL;
int ext_copy = EXT_COPY_UNSET; int ext_copy = EXT_COPY_UNSET;
BIO *addext_bio = NULL; BIO *addext_bio = NULL;
char *extensions = NULL; char *extensions = NULL;
const char *infile = NULL, *CAfile = NULL, *CAkeyfile = NULL; const char *infile = NULL, *CAfile = NULL, *CAkeyfile = NULL;
char *outfile = NULL, *keyfile = NULL, *digestname = NULL; char *outfile = NULL, *keyfile = NULL, *digest = NULL;
char *keyalgstr = NULL, *p, *prog, *passargin = NULL, *passargout = NULL; char *keyalgstr = NULL, *p, *prog, *passargin = NULL, *passargout = NULL;
char *passin = NULL, *passout = NULL; char *passin = NULL, *passout = NULL;
char *nofree_passin = NULL, *nofree_passout = NULL; char *nofree_passin = NULL, *nofree_passout = NULL;
@ -468,7 +467,7 @@ int req_main(int argc, char **argv)
newreq = precert = 1; newreq = precert = 1;
break; break;
case OPT_MD: case OPT_MD:
digestname = opt_unknown(); digest = opt_unknown();
break; break;
} }
} }
@ -481,11 +480,6 @@ int req_main(int argc, char **argv)
if (!app_RAND_load()) if (!app_RAND_load())
goto end; goto end;
if (digestname != NULL) {
if (!opt_md(digestname, &digest))
goto opthelp;
}
if (!gen_x509) { if (!gen_x509) {
if (days != UNSET_DAYS) if (days != UNSET_DAYS)
BIO_printf(bio_err, "Ignoring -days without -x509; not generating a certificate\n"); BIO_printf(bio_err, "Ignoring -days without -x509; not generating a certificate\n");
@ -537,12 +531,10 @@ int req_main(int argc, char **argv)
if (digest == NULL) { if (digest == NULL) {
p = NCONF_get_string(req_conf, section, "default_md"); p = NCONF_get_string(req_conf, section, "default_md");
if (p == NULL) { if (p == NULL)
ERR_clear_error(); ERR_clear_error();
} else { else
if (!opt_md(p, &digest)) digest = p;
goto opthelp;
}
} }
if (extensions == NULL) { if (extensions == NULL) {
@ -1056,7 +1048,6 @@ int req_main(int argc, char **argv)
BIO_free(addext_bio); BIO_free(addext_bio);
BIO_free_all(out); BIO_free_all(out);
EVP_PKEY_free(pkey); EVP_PKEY_free(pkey);
EVP_MD_free(digest);
EVP_PKEY_CTX_free(genctx); EVP_PKEY_CTX_free(genctx);
sk_OPENSSL_STRING_free(pkeyopts); sk_OPENSSL_STRING_free(pkeyopts);
sk_OPENSSL_STRING_free(sigopts); sk_OPENSSL_STRING_free(sigopts);

32
apps/x509.c
View File

@ -189,7 +189,7 @@ static void warn_copying(ASN1_OBJECT *excluded, const char *names)
sn); sn);
} }
static X509_REQ *x509_to_req(X509 *cert, EVP_PKEY *pkey, const EVP_MD *digest, static X509_REQ *x509_to_req(X509 *cert, EVP_PKEY *pkey, const char *digest,
STACK_OF(OPENSSL_STRING) *sigopts, STACK_OF(OPENSSL_STRING) *sigopts,
int ext_copy, const char *names) int ext_copy, const char *names)
{ {
@ -249,7 +249,7 @@ int x509_main(int argc, char **argv)
EVP_PKEY *privkey = NULL, *CAkey = NULL, *pubkey = NULL; EVP_PKEY *privkey = NULL, *CAkey = NULL, *pubkey = NULL;
EVP_PKEY *pkey; EVP_PKEY *pkey;
int newcert = 0; int newcert = 0;
char *subj = NULL, *digestname = NULL; char *subj = NULL, *digest = NULL;
X509_NAME *fsubj = NULL; X509_NAME *fsubj = NULL;
const unsigned long chtype = MBSTRING_ASC; const unsigned long chtype = MBSTRING_ASC;
const int multirdn = 1; const int multirdn = 1;
@ -258,7 +258,6 @@ int x509_main(int argc, char **argv)
X509 *x = NULL, *xca = NULL, *issuer_cert; X509 *x = NULL, *xca = NULL, *issuer_cert;
X509_REQ *req = NULL, *rq = NULL; X509_REQ *req = NULL, *rq = NULL;
X509_STORE *ctx = NULL; X509_STORE *ctx = NULL;
EVP_MD *digest = NULL;
char *CAkeyfile = NULL, *CAserial = NULL, *pubkeyfile = NULL, *alias = NULL; char *CAkeyfile = NULL, *CAserial = NULL, *pubkeyfile = NULL, *alias = NULL;
char *checkhost = NULL, *checkemail = NULL, *checkip = NULL; char *checkhost = NULL, *checkemail = NULL, *checkip = NULL;
char *ext_names = NULL; char *ext_names = NULL;
@ -568,7 +567,7 @@ int x509_main(int argc, char **argv)
preserve_dates = 1; preserve_dates = 1;
break; break;
case OPT_MD: case OPT_MD:
digestname = opt_unknown(); digest = opt_unknown();
break; break;
} }
} }
@ -581,10 +580,6 @@ int x509_main(int argc, char **argv)
if (!app_RAND_load()) if (!app_RAND_load())
goto end; goto end;
if (digestname != NULL) {
if (!opt_md(digestname, &digest))
goto opthelp;
}
if (preserve_dates && days != UNSET_DAYS) { if (preserve_dates && days != UNSET_DAYS) {
BIO_printf(bio_err, "Cannot use -preserve_dates with -days option\n"); BIO_printf(bio_err, "Cannot use -preserve_dates with -days option\n");
goto end; goto end;
@ -971,16 +966,26 @@ int x509_main(int argc, char **argv)
} else if (i == fingerprint) { } else if (i == fingerprint) {
unsigned int n; unsigned int n;
unsigned char md[EVP_MAX_MD_SIZE]; unsigned char md[EVP_MAX_MD_SIZE];
const EVP_MD *fdig = digest; const char *fdigname = digest;
EVP_MD *fdig;
int digres;
if (fdig == NULL) if (fdigname == NULL)
fdig = EVP_sha1(); fdigname = "SHA1";
if (!X509_digest(x, fdig, md, &n)) { if ((fdig = EVP_MD_fetch(app_get0_libctx(), fdigname,
app_get0_propq())) == NULL) {
BIO_printf(bio_err, "Unknown digest\n");
goto end;
}
digres = X509_digest(x, fdig, md, &n);
EVP_MD_free(fdig);
if (!digres) {
BIO_printf(bio_err, "Out of memory\n"); BIO_printf(bio_err, "Out of memory\n");
goto end; goto end;
} }
BIO_printf(out, "%s Fingerprint=", EVP_MD_name(fdig));
BIO_printf(out, "%s Fingerprint=", fdigname);
for (j = 0; j < (int)n; j++) for (j = 0; j < (int)n; j++)
BIO_printf(out, "%02X%c", md[j], (j + 1 == (int)n) ? '\n' : ':'); BIO_printf(out, "%02X%c", md[j], (j + 1 == (int)n) ? '\n' : ':');
} else if (i == ocspid) { } else if (i == ocspid) {
@ -1038,7 +1043,6 @@ int x509_main(int argc, char **argv)
EVP_PKEY_free(privkey); EVP_PKEY_free(privkey);
EVP_PKEY_free(CAkey); EVP_PKEY_free(CAkey);
EVP_PKEY_free(pubkey); EVP_PKEY_free(pubkey);
EVP_MD_free(digest);
sk_OPENSSL_STRING_free(sigopts); sk_OPENSSL_STRING_free(sigopts);
sk_OPENSSL_STRING_free(vfyopts); sk_OPENSSL_STRING_free(vfyopts);
X509_REQ_free(rq); X509_REQ_free(rq);