From e6c2f96489fc0c006845c8597f8ceed2f01f76ee Mon Sep 17 00:00:00 2001
From: Shane Lontis <shane.lontis@oracle.com>
Date: Wed, 31 Mar 2021 15:10:22 +1000
Subject: Fix more certificate related lib_ctx settings.

Fixes #13732

Fix a few places that were not using the '_ex' variants of
ASN1_item_sign/verify.

Added X509_CRL_new_ex().

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14752)
---
 crypto/asn1/a_sign.c | 1 +
 1 file changed, 1 insertion(+)

(limited to 'crypto/asn1/a_sign.c')

diff --git a/crypto/asn1/a_sign.c b/crypto/asn1/a_sign.c
index 911d61453a..fe55373b34 100644
--- a/crypto/asn1/a_sign.c
+++ b/crypto/asn1/a_sign.c
@@ -136,6 +136,7 @@ int ASN1_item_sign_ex(const ASN1_ITEM *it, X509_ALGOR *algor1,
         ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE);
         return 0;
     }
+    /* We can use the non _ex variant here since the pkey is already setup */
     if (!EVP_DigestSignInit(ctx, NULL, md, NULL, pkey))
         goto err;
 
-- 
cgit v1.2.3