Store fingerprint as raw byte array

ssl/crypto_misc.h

@@ -76,7 +76,7 @@ struct _x509_ctx
     uint8_t sig_type;
     RSA_CTX *rsa_ctx;
     bigint *digest;
-    bigint *fingerprint;
+    uint8_t *fingerprint;
     struct _x509_ctx *next;
 };
 

ssl/tls1.c

@@ -1892,8 +1892,7 @@ EXP_FUNC int STDCALL ssl_match_fingerprint(const SSL *ssl, const uint8_t* fp)
     uint8_t cert_fp[SHA1_SIZE];
     X509_CTX* x509 = ssl->x509_ctx;
 
-    bi_export(x509->rsa_ctx->bi_ctx, x509->fingerprint, cert_fp, SHA1_SIZE);
+    return memcmp(x509->fingerprint, fp, SHA1_SIZE);
-    return memcmp(cert_fp, fp, SHA1_SIZE);
 }
 
 #endif /* CONFIG_SSL_CERT_VERIFICATION */

ssl/x509.c

@@ -119,12 +119,11 @@ int x509_new(const uint8_t *cert, int *len, X509_CTX **ctx)
 
     bi_ctx = x509_ctx->rsa_ctx->bi_ctx;
 
+    x509_ctx->fingerprint = malloc(SHA1_SIZE);
     SHA1_CTX sha_fp_ctx;
-    uint8_t sha_fp_dgst[SHA1_SIZE];
     SHA1_Init(&sha_fp_ctx);
     SHA1_Update(&sha_fp_ctx, &cert[0], cert_size);
-    SHA1_Final(sha_fp_dgst, &sha_fp_ctx);
+    SHA1_Final(x509_ctx->fingerprint, &sha_fp_ctx);
-    x509_ctx->fingerprint = bi_import(bi_ctx, sha_fp_dgst, SHA1_SIZE);
 
 #ifdef CONFIG_SSL_CERT_VERIFICATION /* only care if doing verification */
     /* use the appropriate signature algorithm (SHA1/MD5/MD2) */
@@ -254,7 +253,7 @@ void x509_free(X509_CTX *x509_ctx)
 
     if (x509_ctx->fingerprint)
     {
-        bi_free(x509_ctx->rsa_ctx->bi_ctx, x509_ctx->fingerprint);
+        free(x509_ctx->fingerprint);
     }
 
     if (x509_ctx->subject_alt_dnsnames)