X509_CRL_digest() - ensure precomputed sha1 hash before returning it

X509_CRL_digest() didn't check if the precomputed sha1 hash was actually present. This also makes sure there's an appropriate flag to check. Reviewed-by: Kurt Roeckx <kurt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2314) (cherry picked from commit 6195848b2eea627c47f74b63eb2ba3dc3d5b6436)
author: Richard Levitte <levitte@openssl.org> 2017-01-28 17:43:17 +0100
committer: Richard Levitte <levitte@openssl.org> 2017-01-28 20:08:24 +0100
commit: b431b094330da3e54805c49fb262192e34bc3864 (patch)
tree: 30839de5bb9b84611f5355c308a6e38443bad9f5
parent: 6f2de02624ec55d29f74c4c38994b56ec3250a10 (diff)
2 files changed, 3 insertions, 1 deletions
diff --git a/crypto/x509/x_all.c b/crypto/x509/x_all.c
index 59f96a52d1..124dd2d2f8 100644
--- a/crypto/x509/x_all.c
+++ b/crypto/x509/x_all.c
@@ -377,7 +377,7 @@ int X509_digest(const X509 *data, const EVP_MD *type, unsigned char *md,
 int X509_CRL_digest(const X509_CRL *data, const EVP_MD *type,
                     unsigned char *md, unsigned int *len)
 {
-    if (type == EVP_sha1()) {
+    if (type == EVP_sha1() && (data->flags & EXFLAG_SET) != 0) {
         /* Asking for SHA1; always computed in CRL d2i. */
         if (len != NULL)
             *len = sizeof(data->sha1_hash);
diff --git a/crypto/x509/x_crl.c b/crypto/x509/x_crl.c
index da9c6b6157..dbed850b37 100644
--- a/crypto/x509/x_crl.c
+++ b/crypto/x509/x_crl.c
@@ -226,6 +226,8 @@ static int crl_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
             if (crl->meth->crl_init(crl) == 0)
                 return 0;
         }
+
+        crl->flags |= EXFLAG_SET;
         break;
 
     case ASN1_OP_FREE_POST:
author	Richard Levitte <levitte@openssl.org>	2017-01-28 17:43:17 +0100
committer	Richard Levitte <levitte@openssl.org>	2017-01-28 20:08:24 +0100
commit	b431b094330da3e54805c49fb262192e34bc3864 (patch)
tree	30839de5bb9b84611f5355c308a6e38443bad9f5
parent	6f2de02624ec55d29f74c4c38994b56ec3250a10 (diff)