OLD | NEW |
1 /* ocsp_vfy.c */ | 1 /* ocsp_vfy.c */ |
2 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 2 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL |
3 * project 2000. | 3 * project 2000. |
4 */ | 4 */ |
5 /* ==================================================================== | 5 /* ==================================================================== |
6 * Copyright (c) 2000-2004 The OpenSSL Project. All rights reserved. | 6 * Copyright (c) 2000-2004 The OpenSSL Project. All rights reserved. |
7 * | 7 * |
8 * Redistribution and use in source and binary forms, with or without | 8 * Redistribution and use in source and binary forms, with or without |
9 * modification, are permitted provided that the following conditions | 9 * modification, are permitted provided that the following conditions |
10 * are met: | 10 * are met: |
(...skipping 290 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
301 X509_NAME *iname; | 301 X509_NAME *iname; |
302 int mdlen; | 302 int mdlen; |
303 unsigned char md[EVP_MAX_MD_SIZE]; | 303 unsigned char md[EVP_MAX_MD_SIZE]; |
304 if (!(dgst = EVP_get_digestbyobj(cid->hashAlgorithm->algorithm))
) | 304 if (!(dgst = EVP_get_digestbyobj(cid->hashAlgorithm->algorithm))
) |
305 { | 305 { |
306 OCSPerr(OCSP_F_OCSP_MATCH_ISSUERID, OCSP_R_UNKNOWN_MESSA
GE_DIGEST); | 306 OCSPerr(OCSP_F_OCSP_MATCH_ISSUERID, OCSP_R_UNKNOWN_MESSA
GE_DIGEST); |
307 return -1; | 307 return -1; |
308 } | 308 } |
309 | 309 |
310 mdlen = EVP_MD_size(dgst); | 310 mdlen = EVP_MD_size(dgst); |
| 311 if (mdlen < 0) |
| 312 return -1; |
311 if ((cid->issuerNameHash->length != mdlen) || | 313 if ((cid->issuerNameHash->length != mdlen) || |
312 (cid->issuerKeyHash->length != mdlen)) | 314 (cid->issuerKeyHash->length != mdlen)) |
313 return 0; | 315 return 0; |
314 iname = X509_get_subject_name(cert); | 316 iname = X509_get_subject_name(cert); |
315 if (!X509_NAME_digest(iname, dgst, md, NULL)) | 317 if (!X509_NAME_digest(iname, dgst, md, NULL)) |
316 return -1; | 318 return -1; |
317 if (memcmp(md, cid->issuerNameHash->data, mdlen)) | 319 if (memcmp(md, cid->issuerNameHash->data, mdlen)) |
318 return 0; | 320 return 0; |
319 » » X509_pubkey_digest(cert, EVP_sha1(), md, NULL); | 321 » » X509_pubkey_digest(cert, dgst, md, NULL); |
320 if (memcmp(md, cid->issuerKeyHash->data, mdlen)) | 322 if (memcmp(md, cid->issuerKeyHash->data, mdlen)) |
321 return 0; | 323 return 0; |
322 | 324 |
323 return 1; | 325 return 1; |
324 | 326 |
325 } | 327 } |
326 else | 328 else |
327 { | 329 { |
328 /* We have to match the whole lot */ | 330 /* We have to match the whole lot */ |
329 int i, ret; | 331 int i, ret; |
(...skipping 105 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
435 } | 437 } |
436 | 438 |
437 signer = X509_find_by_subject(certs, nm); | 439 signer = X509_find_by_subject(certs, nm); |
438 if (signer) | 440 if (signer) |
439 { | 441 { |
440 *psigner = signer; | 442 *psigner = signer; |
441 return 2; | 443 return 2; |
442 } | 444 } |
443 return 0; | 445 return 0; |
444 } | 446 } |
OLD | NEW |