Compare encodings in X509_cmp as well as hash.

author Dr. Stephen Henson <steve@openssl.org>

Sun, 26 Jan 2014 16:28:27 +0000 (16:28 +0000)

committer Dr. Stephen Henson <steve@openssl.org>

Mon, 27 Jan 2014 14:33:10 +0000 (14:33 +0000)
author Dr. Stephen Henson <steve@openssl.org>
Sun, 26 Jan 2014 16:28:27 +0000 (16:28 +0000)
committer Dr. Stephen Henson <steve@openssl.org>
Mon, 27 Jan 2014 14:33:10 +0000 (14:33 +0000)
diff --git a/crypto/x509/x509_cmp.c b/crypto/x509/x509_cmp.c

index 36cc48e625a64b38a9b43c7a58cfe2fc09a1e1be..123709902a80db5288638a9ec98ff08bf4a52c76 100644 (file)
--- a/crypto/x509/x509_cmp.c
+++ b/crypto/x509/x509_cmp.c
@@ -178,11 +178,24 @@ unsigned long X509_subject_name_hash_old(X509 *x)
   */
  int X509_cmp(const X509 *a, const X509 *b)
  {
+       int rv;
         /* ensure hash is valid */
         X509_check_purpose((X509 *)a, -1, 0);
         X509_check_purpose((X509 *)b, -1, 0);
  
-       return memcmp(a->sha1_hash, b->sha1_hash, SHA_DIGEST_LENGTH);
+       rv = memcmp(a->sha1_hash, b->sha1_hash, SHA_DIGEST_LENGTH);
+       if (rv)
+               return rv;
+       /* Check for match against stored encoding too */
+       if (!a->cert_info->enc.modified && !b->cert_info->enc.modified)
+               {
+               rv = (int)(a->cert_info->enc.len - b->cert_info->enc.len);
+               if (rv)
+                       return rv;
+               return memcmp(a->cert_info->enc.enc, b->cert_info->enc.enc,
+                               a->cert_info->enc.len);
+               }
+       return rv;
  }
  #endif
author	Dr. Stephen Henson <steve@openssl.org>
	Sun, 26 Jan 2014 16:28:27 +0000 (16:28 +0000)
committer	Dr. Stephen Henson <steve@openssl.org>
	Mon, 27 Jan 2014 14:33:10 +0000 (14:33 +0000)