Fix CMP -days option range checking and test failing with enable-ubsan

[openssl.git] / crypto / x509 / x509_cmp.c

diff --git a/crypto/x509/x509_cmp.c b/crypto/x509/x509_cmp.c
index 5b00038659a73ae01eb7513f308ea16b44684185..25f72e057e746a9deaf7ae89a7071340eb87de51 100644 (file)
--- a/crypto/x509/x509_cmp.c
+++ b/crypto/x509/x509_cmp.c
@@ -16,11 +16,17 @@
 #include <openssl/core_names.h>
 #include "crypto/x509.h"
 
+DEFINE_STACK_OF(X509)
+
 int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b)
 {
     int i;
     const X509_CINF *ai, *bi;
 
+    if (b == NULL)
+        return a != NULL;
+    if (a == NULL)
+        return -1;
     ai = &a->cert_info;
     bi = &b->cert_info;
     i = ASN1_INTEGER_cmp(&ai->serialNumber, &bi->serialNumber);
@@ -161,8 +167,12 @@ int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b)
 {
     int ret;
 
-    /* Ensure canonical encoding is present and up to date */
+    if (b == NULL)
+        return a != NULL;
+    if (a == NULL)
+        return -1;
 
+    /* Ensure canonical encoding is present and up to date */
     if (!a->canon_enc || a->modified) {
         ret = i2d_X509_NAME((X509_NAME *)a, NULL);
         if (ret < 0)
@@ -290,7 +300,7 @@ int X509_check_private_key(const X509 *x, const EVP_PKEY *k)
     xk = X509_get0_pubkey(x);
 
     if (xk)
-        ret = EVP_PKEY_cmp(xk, k);
+        ret = EVP_PKEY_eq(xk, k);
     else
         ret = -2;