Commit 6195848b authored Jan 28, 2017 by Richard Levitte

X509_CRL_digest() - ensure precomputed sha1 hash before returning it



X509_CRL_digest() didn't check if the precomputed sha1 hash was actually
present.  This also makes sure there's an appropriate flag to check.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2314)

parent 63414e64

crypto/x509/x_all.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -377,7 +377,7 @@ int X509_digest(const X509 data, const EVP_MD type, unsigned char *md,
		int X509_CRL_digest(const X509_CRL data, const EVP_MD type,
		unsigned char md, unsigned int len)
		{
		if (type == EVP_sha1()) {
		if (type == EVP_sha1() && (data->flags & EXFLAG_SET) != 0) {
		/* Asking for SHA1; always computed in CRL d2i. */
		if (len != NULL)
		*len = sizeof(data->sha1_hash);

crypto/x509/x_crl.c

+2 −0

Original line number	Diff line number	Diff line
		@@ -226,6 +226,8 @@ static int crl_cb(int operation, ASN1_VALUE *pval, const ASN1_ITEM it,
		if (crl->meth->crl_init(crl) == 0)
		return 0;
		}

		crl->flags \|= EXFLAG_SET;
		break;

		case ASN1_OP_FREE_POST: