ai = &a->cert_info;
bi = &b->cert_info;
i = ASN1_INTEGER_cmp(&ai->serialNumber, &bi->serialNumber);
- if (i)
- return i;
+ if (i != 0)
+ return i < 0 ? -1 : 1;
return X509_NAME_cmp(ai->issuer, bi->issuer);
}
int X509_CRL_match(const X509_CRL *a, const X509_CRL *b)
{
- return memcmp(a->sha1_hash, b->sha1_hash, 20);
+ int rv = memcmp(a->sha1_hash, b->sha1_hash, 20);
+
+ return rv < 0 ? -1 : rv > 0;
}
X509_NAME *X509_get_issuer_name(const X509 *a)
return -2;
rv = memcmp(a->sha1_hash, b->sha1_hash, SHA_DIGEST_LENGTH);
- if (rv)
- return rv;
+ if (rv != 0)
+ return rv < 0 ? -1 : 1;
/* Check for match against stored encoding too */
if (!a->cert_info.enc.modified && !b->cert_info.enc.modified) {
if (a->cert_info.enc.len < b->cert_info.enc.len)
return -1;
if (a->cert_info.enc.len > b->cert_info.enc.len)
return 1;
- return memcmp(a->cert_info.enc.enc, b->cert_info.enc.enc,
- a->cert_info.enc.len);
+ rv = memcmp(a->cert_info.enc.enc,
+ b->cert_info.enc.enc, a->cert_info.enc.len);
}
- return rv;
+ return rv < 0 ? -1 : rv > 0;
}
int X509_add_cert_new(STACK_OF(X509) **sk, X509 *cert, int flags)
{
int n = sk_X509_num(certs); /* certs may be NULL */
int i;
-
+
for (i = 0; i < n; i++) {
int j = (flags & X509_ADD_FLAG_PREPEND) == 0 ? i : n - 1 - i;
/* if prepend, add certs in reverse order to keep original order */
}
ret = a->canon_enclen - b->canon_enclen;
+ if (ret == 0 && a->canon_enclen != 0)
+ ret = memcmp(a->canon_enc, b->canon_enc, a->canon_enclen);
- if (ret != 0 || a->canon_enclen == 0)
- return ret;
-
- return memcmp(a->canon_enc, b->canon_enc, a->canon_enclen);
-
+ return ret < 0 ? -1 : ret > 0;
}
unsigned long X509_NAME_hash(const X509_NAME *x)
return X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM;
if (!(*pflags & X509_V_FLAG_SUITEB_128_LOS_ONLY))
return X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED;
- } else
+ } else {
return X509_V_ERR_SUITE_B_INVALID_CURVE;
-
+ }
return X509_V_OK;
}
if (x == NULL) {
x = sk_X509_value(chain, 0);
i = 1;
- } else
+ } else {
i = 0;
-
+ }
pk = X509_get0_pubkey(x);
/*
return ret;
err:
while (i-- > 0)
- X509_free (sk_X509_value(ret, i));
+ X509_free(sk_X509_value(ret, i));
sk_X509_free(ret);
return NULL;
}
=head1 RETURN VALUES
-Like common memory comparison functions, the B<X509> comparison functions return
-an integer less than, equal to, or greater than zero if object B<a> is found to
-be less than, to match, or be greater than object B<b>, respectively.
+The B<X509> comparison functions return B<-1>, B<0>, or B<1> if object B<a> is
+found to be less than, to match, or be greater than object B<b>, respectively.
X509_NAME_cmp(), X509_issuer_and_serial_cmp(), X509_issuer_name_cmp(),
X509_subject_name_cmp() and X509_CRL_cmp() may return B<-2> to indicate an error.