commit ca2162d71902385dc740a385d20977d551d14e8f
author David Benjamin <davidben@google.com> Tue Feb 16 11:45:45 2021 -0500
committer CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org> Tue Feb 16 18:22:32 2021 +0000
tree 86e44382c0be9eea67257fe0a642195d8baef91f
parent 238a25831e598642befcf056e778c8f166781a97

Remove X509_issuer_and_serial_hash.

Update-Note: No one uses this function. It had a NULL dereference in
some error cases. See CVE-2021-23841.

Change-Id: Ie1cc97615ac8b674147715d7d62e62faf218ae65
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/45684
Reviewed-by: Adam Langley <agl@google.com>
Commit-Queue: David Benjamin <davidben@google.com>

crypto/x509/x509_cmp.c

diff --git a/crypto/x509/x509_cmp.c b/crypto/x509/x509_cmp.c
index cf0a941..c9060dd 100644
--- a/crypto/x509/x509_cmp.c
+++ b/crypto/x509/x509_cmp.c
@@ -83,34 +83,6 @@
     return (X509_NAME_cmp(ai->issuer, bi->issuer));
 }
 
-unsigned long X509_issuer_and_serial_hash(X509 *a)
-{
-    unsigned long ret = 0;
-    EVP_MD_CTX ctx;
-    unsigned char md[16];
-    char *f;
-
-    EVP_MD_CTX_init(&ctx);
-    f = X509_NAME_oneline(a->cert_info->issuer, NULL, 0);
-    if (!EVP_DigestInit_ex(&ctx, EVP_md5(), NULL))
-        goto err;
-    if (!EVP_DigestUpdate(&ctx, (unsigned char *)f, strlen(f)))
-        goto err;
-    OPENSSL_free(f);
-    if (!EVP_DigestUpdate
-        (&ctx, (unsigned char *)a->cert_info->serialNumber->data,
-         (unsigned long)a->cert_info->serialNumber->length))
-        goto err;
-    if (!EVP_DigestFinal_ex(&ctx, &(md[0]), NULL))
-        goto err;
-    ret = (((unsigned long)md[0]) | ((unsigned long)md[1] << 8L) |
-           ((unsigned long)md[2] << 16L) | ((unsigned long)md[3] << 24L)
-        ) & 0xffffffffL;
- err:
-    EVP_MD_CTX_cleanup(&ctx);
-    return (ret);
-}
-
 int X509_issuer_name_cmp(const X509 *a, const X509 *b)
 {
     return (X509_NAME_cmp(a->cert_info->issuer, b->cert_info->issuer));

include/openssl/x509.h

diff --git a/include/openssl/x509.h b/include/openssl/x509.h
index a75442f..49de433 100644
--- a/include/openssl/x509.h
+++ b/include/openssl/x509.h
@@ -1201,7 +1201,6 @@
 OPENSSL_EXPORT STACK_OF(X509) *X509_chain_up_ref(STACK_OF(X509) *chain);
 
 OPENSSL_EXPORT int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b);
-OPENSSL_EXPORT unsigned long X509_issuer_and_serial_hash(X509 *a);
 
 OPENSSL_EXPORT int X509_issuer_name_cmp(const X509 *a, const X509 *b);
 OPENSSL_EXPORT unsigned long X509_issuer_name_hash(X509 *a);