wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

X509_CRL_digest() - ensure precomputed sha1 hash before returning it

Browse source 
X509_CRL_digest() didn't check if the precomputed sha1 hash was actually
present.  This also makes sure there's an appropriate flag to check.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2314)
This commit is contained in:
Richard Levitte 2017-01-28 17:43:17 +01:00
parent 63414e64e6
commit 6195848b2e
2 changed files with 3 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
crypto/x509/x_all.c
View file

@ -377,7 +377,7 @@ int X509_digest(const X509 *data, const EVP_MD *type, unsigned char *md,
int X509_CRL_digest(const X509_CRL *data, const EVP_MD *type,
unsigned char *md, unsigned int *len)
{
if (type == EVP_sha1()) {
if (type == EVP_sha1() && (data->flags & EXFLAG_SET) != 0) {
/* Asking for SHA1; always computed in CRL d2i. */
if (len != NULL)
*len = sizeof(data->sha1_hash);

2
crypto/x509/x_crl.c
View file

@ -226,6 +226,8 @@ static int crl_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
if (crl->meth->crl_init(crl) == 0)
return 0;
}
crl->flags |= EXFLAG_SET;
break;
case ASN1_OP_FREE_POST: