early-access version 2698

externals/libressl/crypto/ts/ts_rsp_sign.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: ts_rsp_sign.c,v 1.23 2019/07/03 03:24:04 deraadt Exp $ */
+/* $OpenBSD: ts_rsp_sign.c,v 1.26 2021/12/12 21:30:14 tb Exp $ */
 /* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL
  * project 2002.
  */
@@ -65,6 +65,9 @@
 #include <openssl/pkcs7.h>
 #include <openssl/ts.h>
 
+#include "evp_locl.h"
+#include "x509_lcl.h"
+
 /* Private function declarations. */
 
 static ASN1_INTEGER *def_serial_cb(struct TS_resp_ctx *, void *);
@@ -847,14 +850,18 @@ ESS_CERT_ID_new_init(X509 *cert, int issuer_needed)
 {
 	ESS_CERT_ID *cid = NULL;
 	GENERAL_NAME *name = NULL;
+	unsigned char cert_hash[TS_HASH_LEN];
 
 	/* Recompute SHA1 hash of certificate if necessary (side effect). */
 	X509_check_purpose(cert, -1, 0);
 
 	if (!(cid = ESS_CERT_ID_new()))
 		goto err;
-	if (!ASN1_OCTET_STRING_set(cid->hash, cert->sha1_hash,
-	    sizeof(cert->sha1_hash)))
+
+	if (!X509_digest(cert, TS_HASH_EVP, cert_hash, NULL))
+		goto err;
+
+	if (!ASN1_OCTET_STRING_set(cid->hash, cert_hash, sizeof(cert_hash)))
 		goto err;
 
 	/* Setting the issuer/serial if requested. */