[openssl.org #2599] Support for SHA256 and other MDs in X509 SubjectKeyIdentifier - PATCH

Tue, 13 Sep 2011 00:14:54 -0700 

Please find below a patch to add SHA256 and other types of message digest 
support to the SubjectKeyidentifier. This functionality is accessed from the 
config file by adding an MD name after a semi-colon e.g.

subjectKeyIdentifier=hash;sha256

Best Regards
Nick

--------------------

diff --git a/crypto/x509v3/v3_skey.c b/crypto/x509v3/v3_skey.c
index 0a984fb..c293836 100644
--- a/crypto/x509v3/v3_skey.c
+++ b/crypto/x509v3/v3_skey.c
@@ -105,8 +105,21 @@ static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD 
*method,
        ASN1_BIT_STRING *pk;
        unsigned char pkey_dig[EVP_MAX_MD_SIZE];
        unsigned int diglen;
-
-       if(strcmp(str, "hash")) return s2i_ASN1_OCTET_STRING(method, ctx, str);
+       const EVP_MD *md = EVP_sha1();
+
+       if(!strncmp(str, "hex;", 4))
+               return s2i_ASN1_OCTET_STRING(method, ctx, str+4);
+       if(!strncmp(str, "hash;", 5))
+               {
+               md = EVP_get_digestbyname(str+5);
+               if (!md)
+                       {
+                       
X509V3err(X509V3_F_S2I_SKEY_ID,X509V3_R_UNSUPPORTED_TYPE);
+                       return NULL;
+                       }
+               }
+       else if(strcmp(str, "hash"))
+               return s2i_ASN1_OCTET_STRING(method, ctx, str);

        if(!(oct = M_ASN1_OCTET_STRING_new())) {
                X509V3err(X509V3_F_S2I_SKEY_ID,ERR_R_MALLOC_FAILURE);
@@ -129,7 +142,7 @@ static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD 
*method,
                goto err;
        }

-       if (!EVP_Digest(pk->data, pk->length, pkey_dig, &diglen, EVP_sha1(), 
NULL))
+       if (!EVP_Digest(pk->data, pk->length, pkey_dig, &diglen, md, NULL))
                goto err;

        if(!M_ASN1_OCTET_STRING_set(oct, pkey_dig, diglen)) {



The details of this company are as follows:
G4S Technology Limited, Registered Office: Challenge House, International 
Drive, Tewkesbury, Gloucestershire GL20 8UQ, Registered in England No. 2382338.

This communication may contain information which is confidential, personal 
and/or privileged.

It is for the exclusive use of the intended recipient(s).
If you are not the intended recipient(s), please note that any distribution, 
forwarding, copying or use of this communication or the information in it is 
strictly prohibited.

Any personal views expressed in this e-mail are those of the individual sender 
and the company does not endorse or accept responsibility for them.

Prior to taking any action based upon this e-mail message, you should seek 
appropriate confirmation of its authenticity.

This e-mail has been scanned for all viruses by MessageLabs.

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [email protected]
Automated List Manager                           [email protected]

Reply via email to