X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=crypto%2Fx509%2Fx509_cmp.c;h=123709902a80db5288638a9ec98ff08bf4a52c76;hp=74e076c7ba415fd8abb036a2dd4f72e97e512ba2;hb=ec492c8a5a1491949166c4b37df8666741180f4d;hpb=3ad344a5171c55511adddb96c805e037f2c061be diff --git a/crypto/x509/x509_cmp.c b/crypto/x509/x509_cmp.c index 74e076c7ba..123709902a 100644 --- a/crypto/x509/x509_cmp.c +++ b/crypto/x509/x509_cmp.c @@ -178,11 +178,24 @@ unsigned long X509_subject_name_hash_old(X509 *x) */ int X509_cmp(const X509 *a, const X509 *b) { + int rv; /* ensure hash is valid */ X509_check_purpose((X509 *)a, -1, 0); X509_check_purpose((X509 *)b, -1, 0); - return memcmp(a->sha1_hash, b->sha1_hash, SHA_DIGEST_LENGTH); + rv = memcmp(a->sha1_hash, b->sha1_hash, SHA_DIGEST_LENGTH); + if (rv) + return rv; + /* Check for match against stored encoding too */ + if (!a->cert_info->enc.modified && !b->cert_info->enc.modified) + { + rv = (int)(a->cert_info->enc.len - b->cert_info->enc.len); + if (rv) + return rv; + return memcmp(a->cert_info->enc.enc, b->cert_info->enc.enc, + a->cert_info->enc.len); + } + return rv; } #endif @@ -310,6 +323,7 @@ ASN1_BIT_STRING *X509_get0_pubkey_bitstr(const X509 *x) return x->cert_info->key->public_key; } + int X509_check_private_key(X509 *x, EVP_PKEY *k) { EVP_PKEY *xk; @@ -348,6 +362,8 @@ int X509_check_private_key(X509 *x, EVP_PKEY *k) * flags. */ +#ifndef OPENSSL_NO_EC + static int check_suite_b(EVP_PKEY *pkey, int sign_nid, unsigned long *pflags) { const EC_GROUP *grp = NULL; @@ -383,7 +399,7 @@ static int check_suite_b(EVP_PKEY *pkey, int sign_nid, unsigned long *pflags) return X509_V_OK; } -int X509_check_suiteb_chain(int *perror_depth, X509 *x, STACK_OF(X509) *chain, +int X509_chain_check_suiteb(int *perror_depth, X509 *x, STACK_OF(X509) *chain, unsigned long flags) { int rv, i, sign_nid; @@ -456,7 +472,7 @@ int X509_check_suiteb_chain(int *perror_depth, X509 *x, STACK_OF(X509) *chain, return rv; } -int X509_check_suiteb_crl(X509_CRL *crl, EVP_PKEY *pk, unsigned long flags) +int X509_CRL_check_suiteb(X509_CRL *crl, EVP_PKEY *pk, unsigned long flags) { int sign_nid; if (!(flags & X509_V_FLAG_SUITEB_128_LOS)) @@ -465,3 +481,32 @@ int X509_check_suiteb_crl(X509_CRL *crl, EVP_PKEY *pk, unsigned long flags) return check_suite_b(pk, sign_nid, &flags); } +#else +int X509_chain_check_suiteb(int *perror_depth, X509 *x, STACK_OF(X509) *chain, + unsigned long flags) + { + return 0; + } + +int X509_CRL_check_suiteb(X509_CRL *crl, EVP_PKEY *pk, unsigned long flags) + { + return 0; + } + +#endif +/* Not strictly speaking an "up_ref" as a STACK doesn't have a reference + * count but it has the same effect by duping the STACK and upping the ref + * of each X509 structure. + */ +STACK_OF(X509) *X509_chain_up_ref(STACK_OF(X509) *chain) + { + STACK_OF(X509) *ret; + int i; + ret = sk_X509_dup(chain); + for (i = 0; i < sk_X509_num(ret); i++) + { + X509 *x = sk_X509_value(ret, i); + CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509); + } + return ret; + }