From 8132d3ac40edb8567c81a84aeb301d427c0a61e2 Mon Sep 17 00:00:00 2001
From: "Dr. Stephen Henson" <steve@openssl.org>
Date: Sat, 30 May 2009 18:11:26 +0000
Subject: [PATCH] Update from 1.0.0-stable.

---
 crypto/x509/x509_cmp.c   | 6 +++---
 crypto/x509v3/v3_ncons.c | 5 +++++
 2 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/crypto/x509/x509_cmp.c b/crypto/x509/x509_cmp.c
index 306d4b2d73..2e444f2848 100644
--- a/crypto/x509/x509_cmp.c
+++ b/crypto/x509/x509_cmp.c
@@ -173,16 +173,16 @@ int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b)
 	{
 	int ret;
 
-	/* Ensure canonical encoding is present */
+	/* Ensure canonical encoding is present and up to date */
 
-	if (!a->canon_enc)
+	if (!a->canon_enc || a->modified)
 		{
 		ret = i2d_X509_NAME((X509_NAME *)a, NULL);
 		if (ret < 0)
 			return -2;
 		}
 
-	if (!b->canon_enc)
+	if (!b->canon_enc || b->modified)
 		{
 		ret = i2d_X509_NAME((X509_NAME *)b, NULL);
 		if (ret < 0)
diff --git a/crypto/x509v3/v3_ncons.c b/crypto/x509v3/v3_ncons.c
index ce5a8f6efc..689df46acd 100644
--- a/crypto/x509v3/v3_ncons.c
+++ b/crypto/x509v3/v3_ncons.c
@@ -376,6 +376,11 @@ static int nc_match_single(GENERAL_NAME *gen, GENERAL_NAME *base)
 
 static int nc_dn(X509_NAME *nm, X509_NAME *base)
 	{
+	/* Ensure canonical encodings are up to date.  */
+	if (nm->modified && i2d_X509_NAME(nm, NULL) < 0)
+		return X509_V_ERR_OUT_OF_MEM;
+	if (base->modified && i2d_X509_NAME(base, NULL) < 0)
+		return X509_V_ERR_OUT_OF_MEM;
 	if (base->canon_enclen > nm->canon_enclen)
 		return X509_V_ERR_PERMITTED_VIOLATION;
 	if (memcmp(base->canon_enc, nm->canon_enc, base->canon_enclen))
-- 
2.25.1