Update from 1.0.0-stable.
authorDr. Stephen Henson <steve@openssl.org>
Sat, 30 May 2009 18:11:26 +0000 (18:11 +0000)
committerDr. Stephen Henson <steve@openssl.org>
Sat, 30 May 2009 18:11:26 +0000 (18:11 +0000)
crypto/x509/x509_cmp.c
crypto/x509v3/v3_ncons.c

index 306d4b2..2e444f2 100644 (file)
@@ -173,16 +173,16 @@ int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b)
        {
        int ret;
 
-       /* Ensure canonical encoding is present */
+       /* Ensure canonical encoding is present and up to date */
 
-       if (!a->canon_enc)
+       if (!a->canon_enc || a->modified)
                {
                ret = i2d_X509_NAME((X509_NAME *)a, NULL);
                if (ret < 0)
                        return -2;
                }
 
-       if (!b->canon_enc)
+       if (!b->canon_enc || b->modified)
                {
                ret = i2d_X509_NAME((X509_NAME *)b, NULL);
                if (ret < 0)
index ce5a8f6..689df46 100644 (file)
@@ -376,6 +376,11 @@ static int nc_match_single(GENERAL_NAME *gen, GENERAL_NAME *base)
 
 static int nc_dn(X509_NAME *nm, X509_NAME *base)
        {
+       /* Ensure canonical encodings are up to date.  */
+       if (nm->modified && i2d_X509_NAME(nm, NULL) < 0)
+               return X509_V_ERR_OUT_OF_MEM;
+       if (base->modified && i2d_X509_NAME(base, NULL) < 0)
+               return X509_V_ERR_OUT_OF_MEM;
        if (base->canon_enclen > nm->canon_enclen)
                return X509_V_ERR_PERMITTED_VIOLATION;
        if (memcmp(base->canon_enc, nm->canon_enc, base->canon_enclen))