aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorCameron Katri <me@cameronkatri.com>2022-03-21 23:45:29 -0400
committerCameron Katri <me@cameronkatri.com>2022-03-21 23:45:29 -0400
commit6260a9a9b99ce72e65b4786c16eb74b9afd575de (patch)
tree14b95bfeb39a05256083f2838bc78838bd500125
parent10f4c5e49fa2f50ca3f0be7fb70fcc303e381dc3 (diff)
downloadldid-6260a9a9b99ce72e65b4786c16eb74b9afd575de.tar.gz
ldid-6260a9a9b99ce72e65b4786c16eb74b9afd575de.tar.zst
ldid-6260a9a9b99ce72e65b4786c16eb74b9afd575de.zip
Remove support for EOL OpenSSL 0.9
OpenSSL 0.9.8 has been out of support since 2016. Nobody should be using it anymore and has numerous vulnerabilites. Revert "Port hash agility support to use OpenSSL 0.9.x :D." This reverts commit 7818dc9c76ef1a007aa725286b8113b2341ebc11.
-rw-r--r--ldid.cpp14
1 files changed, 2 insertions, 12 deletions
diff --git a/ldid.cpp b/ldid.cpp
index 13eab12..f65b084 100644
--- a/ldid.cpp
+++ b/ldid.cpp
@@ -1862,12 +1862,8 @@ class Signature {
for (unsigned i(0), e(sk_X509_num(certs)); i != e; i++)
_assert(PKCS7_add_certificate(value_, sk_X509_value(certs, e - i - 1)));
- // XXX: this is the same as PKCS7_sign_add_signer(value_, stuff, stuff, NULL, PKCS7_NOSMIMECAP)
- _assert(X509_check_private_key(stuff, stuff));
- auto info(PKCS7_add_signature(value_, stuff, stuff, EVP_sha1()));
+ auto info(PKCS7_sign_add_signer(value_, stuff, stuff, NULL, PKCS7_NOSMIMECAP));
_assert(info != NULL);
- _assert(PKCS7_add_certificate(value_, stuff));
- _assert(PKCS7_add_signed_attribute(info, NID_pkcs9_contentType, V_ASN1_OBJECT, OBJ_nid2obj(NID_pkcs7_data)));
PKCS7_set_detached(value_, 1);
@@ -1883,13 +1879,7 @@ class Signature {
throw;
}
- // XXX: this is the same as PKCS7_final(value_, data, PKCS7_BINARY)
- BIO *bio(PKCS7_dataInit(value_, NULL));
- _assert(bio != NULL);
- _scope({ BIO_free_all(bio); });
- SMIME_crlf_copy(data, bio, PKCS7_BINARY);
- BIO_flush(bio);
- _assert(PKCS7_dataFinal(value_, bio));
+ _assert(PKCS7_final(value_, data, PKCS7_BINARY));
}
~Signature() {