X509_CRL_digest() - ensure precomputed sha1 hash before returning it

X509_CRL_digest() didn't check if the precomputed sha1 hash was actually present. This also makes sure there's an appropriate flag to check. Reviewed-by: N Kurt Roeckx <kurt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2314)

X509_CRL_digest() - ensure precomputed sha1 hash before returning it
X509_CRL_digest() didn't check if the precomputed sha1 hash was actually present. This also makes sure there's an appropriate flag to check. Reviewed-by: N Kurt Roeckx <kurt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2314)
6195848b · Richard Levitte · 63414e64 · 6195848b · 6195848b
隐藏空白更改
内联并排

Showing with 3 addition and 1 deletion

crypto/x509/x_all.c crypto/x509/x_all.c +1 -1

crypto/x509/x_crl.c crypto/x509/x_crl.c +2 -0

未找到文件。
--- a/crypto/x509/x_all.c
+++ b/crypto/x509/x_all.c
@@ -377,7 +377,7 @@ int X509_digest(const X509 *data, const EVP_MD *type, unsigned char *md,
 int X509_CRL_digest(const X509_CRL *data, const EVP_MD *type,
                    unsigned char *md, unsigned int *len)
 {
-    if (type == EVP_sha1()) {
+    if (type == EVP_sha1() && (data->flags & EXFLAG_SET) != 0) {
        /* Asking for SHA1; always computed in CRL d2i. */
        if (len != NULL)
            *len = sizeof(data->sha1_hash);

--- a/crypto/x509/x_crl.c
+++ b/crypto/x509/x_crl.c
@@ -226,6 +226,8 @@ static int crl_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
            if (crl->meth->crl_init(crl) == 0)
                return 0;
        }
+
+        crl->flags |= EXFLAG_SET;
        break;

    case ASN1_OP_FREE_POST: