From b431b094330da3e54805c49fb262192e34bc3864 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Sat, 28 Jan 2017 17:43:17 +0100 Subject: [PATCH] X509_CRL_digest() - ensure precomputed sha1 hash before returning it X509_CRL_digest() didn't check if the precomputed sha1 hash was actually present. This also makes sure there's an appropriate flag to check. Reviewed-by: Kurt Roeckx (Merged from https://github.com/openssl/openssl/pull/2314) (cherry picked from commit 6195848b2eea627c47f74b63eb2ba3dc3d5b6436) --- crypto/x509/x_all.c | 2 +- crypto/x509/x_crl.c | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/crypto/x509/x_all.c b/crypto/x509/x_all.c index 59f96a52d1..124dd2d2f8 100644 --- a/crypto/x509/x_all.c +++ b/crypto/x509/x_all.c @@ -377,7 +377,7 @@ int X509_digest(const X509 *data, const EVP_MD *type, unsigned char *md, int X509_CRL_digest(const X509_CRL *data, const EVP_MD *type, unsigned char *md, unsigned int *len) { - if (type == EVP_sha1()) { + if (type == EVP_sha1() && (data->flags & EXFLAG_SET) != 0) { /* Asking for SHA1; always computed in CRL d2i. */ if (len != NULL) *len = sizeof(data->sha1_hash); diff --git a/crypto/x509/x_crl.c b/crypto/x509/x_crl.c index da9c6b6157..dbed850b37 100644 --- a/crypto/x509/x_crl.c +++ b/crypto/x509/x_crl.c @@ -226,6 +226,8 @@ static int crl_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, if (crl->meth->crl_init(crl) == 0) return 0; } + + crl->flags |= EXFLAG_SET; break; case ASN1_OP_FREE_POST: -- 2.25.1