diff options
author | Richard Levitte <levitte@openssl.org> | 2017-01-28 17:43:17 +0100 |
---|---|---|
committer | Richard Levitte <levitte@openssl.org> | 2017-01-28 20:07:04 +0100 |
commit | 6195848b2eea627c47f74b63eb2ba3dc3d5b6436 (patch) | |
tree | 0d9d6db3b93c97c7f44a1a6b27ef09acf153c44b /crypto/x509/x_all.c | |
parent | 63414e64e66e376654e993ac966e3b2f9d849d3b (diff) | |
download | openssl-6195848b2eea627c47f74b63eb2ba3dc3d5b6436.tar.gz |
X509_CRL_digest() - ensure precomputed sha1 hash before returning it
X509_CRL_digest() didn't check if the precomputed sha1 hash was actually
present. This also makes sure there's an appropriate flag to check.
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2314)
Diffstat (limited to 'crypto/x509/x_all.c')
-rw-r--r-- | crypto/x509/x_all.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/crypto/x509/x_all.c b/crypto/x509/x_all.c index 59f96a52d1..124dd2d2f8 100644 --- a/crypto/x509/x_all.c +++ b/crypto/x509/x_all.c @@ -377,7 +377,7 @@ int X509_digest(const X509 *data, const EVP_MD *type, unsigned char *md, int X509_CRL_digest(const X509_CRL *data, const EVP_MD *type, unsigned char *md, unsigned int *len) { - if (type == EVP_sha1()) { + if (type == EVP_sha1() && (data->flags & EXFLAG_SET) != 0) { /* Asking for SHA1; always computed in CRL d2i. */ if (len != NULL) *len = sizeof(data->sha1_hash); |