From 241f81f05560b5b5be14de78e45d18c5a5899b06 Mon Sep 17 00:00:00 2001
From: beck <>
Date: Thu, 24 Feb 2022 22:05:07 +0000
Subject: Get rid of SHA1 for comparing CRL's - use SHA512 just like we do for
 certs. ok tb@

---
 src/lib/libcrypto/asn1/x_crl.c | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

(limited to 'src/lib/libcrypto/asn1/x_crl.c')

diff --git a/src/lib/libcrypto/asn1/x_crl.c b/src/lib/libcrypto/asn1/x_crl.c
index 8cea9e0b7b..35d9007f7c 100644
--- a/src/lib/libcrypto/asn1/x_crl.c
+++ b/src/lib/libcrypto/asn1/x_crl.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x_crl.c,v 1.36 2021/12/03 17:07:53 jsing Exp $ */
+/* $OpenBSD: x_crl.c,v 1.37 2022/02/24 22:05:06 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -288,9 +288,7 @@ crl_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
 		break;
 
 	case ASN1_OP_D2I_POST:
-#ifndef OPENSSL_NO_SHA
-		X509_CRL_digest(crl, EVP_sha1(), crl->sha1_hash, NULL);
-#endif
+		X509_CRL_digest(crl, X509_CRL_HASH_EVP, crl->hash, NULL);
 		crl->idp = X509_CRL_get_ext_d2i(crl,
 		    NID_issuing_distribution_point, NULL, NULL);
 		if (crl->idp)
-- 
cgit v1.2.3-55-g6feb