diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2014-01-26 16:28:27 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2014-01-26 16:29:50 +0000 |
commit | ec492c8a5a1491949166c4b37df8666741180f4d (patch) | |
tree | d5de5ea28f2765afef058d47c1c660755caed8e7 /crypto | |
parent | 3323314fc1c6d18e650a2de97f7cf9892ac92a60 (diff) |
Compare encodings in X509_cmp as well as hash.
Diffstat (limited to 'crypto')
-rw-r--r-- | crypto/x509/x509_cmp.c | 15 |
1 files changed, 14 insertions, 1 deletions
diff --git a/crypto/x509/x509_cmp.c b/crypto/x509/x509_cmp.c index 36cc48e625..123709902a 100644 --- a/crypto/x509/x509_cmp.c +++ b/crypto/x509/x509_cmp.c @@ -178,11 +178,24 @@ unsigned long X509_subject_name_hash_old(X509 *x) */ int X509_cmp(const X509 *a, const X509 *b) { + int rv; /* ensure hash is valid */ X509_check_purpose((X509 *)a, -1, 0); X509_check_purpose((X509 *)b, -1, 0); - return memcmp(a->sha1_hash, b->sha1_hash, SHA_DIGEST_LENGTH); + rv = memcmp(a->sha1_hash, b->sha1_hash, SHA_DIGEST_LENGTH); + if (rv) + return rv; + /* Check for match against stored encoding too */ + if (!a->cert_info->enc.modified && !b->cert_info->enc.modified) + { + rv = (int)(a->cert_info->enc.len - b->cert_info->enc.len); + if (rv) + return rv; + return memcmp(a->cert_info->enc.enc, b->cert_info->enc.enc, + a->cert_info->enc.len); + } + return rv; } #endif |