Compare encodings in X509_cmp as well as hash.

[openssl.git] / crypto / x509 / x509_cmp.c

diff --git a/crypto/x509/x509_cmp.c b/crypto/x509/x509_cmp.c
index 74e076c7ba415fd8abb036a2dd4f72e97e512ba2..123709902a80db5288638a9ec98ff08bf4a52c76 100644 (file)
--- a/crypto/x509/x509_cmp.c
+++ b/crypto/x509/x509_cmp.c
@@ -178,11 +178,24 @@ unsigned long X509_subject_name_hash_old(X509 *x)
  */
 int X509_cmp(const X509 *a, const X509 *b)
 {
+       int rv;
        /* ensure hash is valid */
        X509_check_purpose((X509 *)a, -1, 0);
        X509_check_purpose((X509 *)b, -1, 0);
 
-       return memcmp(a->sha1_hash, b->sha1_hash, SHA_DIGEST_LENGTH);
+       rv = memcmp(a->sha1_hash, b->sha1_hash, SHA_DIGEST_LENGTH);
+       if (rv)
+               return rv;
+       /* Check for match against stored encoding too */
+       if (!a->cert_info->enc.modified && !b->cert_info->enc.modified)
+               {
+               rv = (int)(a->cert_info->enc.len - b->cert_info->enc.len);
+               if (rv)
+                       return rv;
+               return memcmp(a->cert_info->enc.enc, b->cert_info->enc.enc,
+                               a->cert_info->enc.len);
+               }
+       return rv;
 }
 #endif
 
@@ -310,6 +323,7 @@ ASN1_BIT_STRING *X509_get0_pubkey_bitstr(const X509 *x)
        return x->cert_info->key->public_key;
        }
 
+
 int X509_check_private_key(X509 *x, EVP_PKEY *k)
        {
        EVP_PKEY *xk;
@@ -348,6 +362,8 @@ int X509_check_private_key(X509 *x, EVP_PKEY *k)
  * flags.
  */
 
+#ifndef OPENSSL_NO_EC
+
 static int check_suite_b(EVP_PKEY *pkey, int sign_nid, unsigned long *pflags)
        {
        const EC_GROUP *grp = NULL;
@@ -383,7 +399,7 @@ static int check_suite_b(EVP_PKEY *pkey, int sign_nid, unsigned long *pflags)
        return X509_V_OK;
        }
 
-int X509_check_suiteb_chain(int *perror_depth, X509 *x, STACK_OF(X509) *chain,
+int X509_chain_check_suiteb(int *perror_depth, X509 *x, STACK_OF(X509) *chain,
                                                        unsigned long flags)
        {
        int rv, i, sign_nid;
@@ -456,7 +472,7 @@ int X509_check_suiteb_chain(int *perror_depth, X509 *x, STACK_OF(X509) *chain,
        return rv;
        }
 
-int X509_check_suiteb_crl(X509_CRL *crl, EVP_PKEY *pk, unsigned long flags)
+int X509_CRL_check_suiteb(X509_CRL *crl, EVP_PKEY *pk, unsigned long flags)
        {
        int sign_nid;
        if (!(flags & X509_V_FLAG_SUITEB_128_LOS))
@@ -465,3 +481,32 @@ int X509_check_suiteb_crl(X509_CRL *crl, EVP_PKEY *pk, unsigned long flags)
        return check_suite_b(pk, sign_nid, &flags);
        }
 
+#else
+int X509_chain_check_suiteb(int *perror_depth, X509 *x, STACK_OF(X509) *chain,
+                                                       unsigned long flags)
+       {
+       return 0;
+       }
+
+int X509_CRL_check_suiteb(X509_CRL *crl, EVP_PKEY *pk, unsigned long flags)
+       {
+       return 0;
+       }
+
+#endif
+/* Not strictly speaking an "up_ref" as a STACK doesn't have a reference
+ * count but it has the same effect by duping the STACK and upping the ref
+ * of each X509 structure.
+ */
+STACK_OF(X509) *X509_chain_up_ref(STACK_OF(X509) *chain)
+       {
+       STACK_OF(X509) *ret;
+       int i;
+       ret = sk_X509_dup(chain);
+       for (i = 0; i < sk_X509_num(ret); i++)
+               {
+               X509 *x = sk_X509_value(ret, i);
+               CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
+               }
+       return ret;
+       }