Compare encodings in X509_cmp as well as hash.

author: Dr. Stephen Henson <steve@openssl.org> 2014-01-26 16:28:27 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2014-01-26 16:29:50 +0000
commit: ec492c8a5a1491949166c4b37df8666741180f4d (patch)
tree: d5de5ea28f2765afef058d47c1c660755caed8e7 /crypto/x509
parent: 3323314fc1c6d18e650a2de97f7cf9892ac92a60 (diff)
download: openssl-ec492c8a5a1491949166c4b37df8666741180f4d.tar.gz
1 files changed, 14 insertions, 1 deletions
diff --git a/crypto/x509/x509_cmp.c b/crypto/x509/x509_cmp.c
index 36cc48e625..123709902a 100644
--- a/crypto/x509/x509_cmp.c
+++ b/crypto/x509/x509_cmp.c
@@ -178,11 +178,24 @@ unsigned long X509_subject_name_hash_old(X509 *x)
  */
 int X509_cmp(const X509 *a, const X509 *b)
 {
+	int rv;
 	/* ensure hash is valid */
 	X509_check_purpose((X509 *)a, -1, 0);
 	X509_check_purpose((X509 *)b, -1, 0);
 
-	return memcmp(a->sha1_hash, b->sha1_hash, SHA_DIGEST_LENGTH);
+	rv = memcmp(a->sha1_hash, b->sha1_hash, SHA_DIGEST_LENGTH);
+	if (rv)
+		return rv;
+	/* Check for match against stored encoding too */
+	if (!a->cert_info->enc.modified && !b->cert_info->enc.modified)
+		{
+		rv = (int)(a->cert_info->enc.len - b->cert_info->enc.len);
+		if (rv)
+			return rv;
+		return memcmp(a->cert_info->enc.enc, b->cert_info->enc.enc,
+				a->cert_info->enc.len);
+		}
+	return rv;
 }
 #endif
author	Dr. Stephen Henson <steve@openssl.org>	2014-01-26 16:28:27 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2014-01-26 16:29:50 +0000
commit	ec492c8a5a1491949166c4b37df8666741180f4d (patch)
tree	d5de5ea28f2765afef058d47c1c660755caed8e7 /crypto/x509
parent	3323314fc1c6d18e650a2de97f7cf9892ac92a60 (diff)
download	openssl-ec492c8a5a1491949166c4b37df8666741180f4d.tar.gz