diff options
| author | Dr. Stephen Henson <steve@openssl.org> | 1999-11-16 00:56:03 +0000 |
|---|---|---|
| committer | Dr. Stephen Henson <steve@openssl.org> | 1999-11-16 00:56:03 +0000 |
| commit | e947f3968926b2ab2b2de895b7a0e2fe3730beb8 (patch) | |
| tree | 6a599a9b4e261a40d0020d2b3362bcdad2157211 /crypto | |
| parent | b7cfcfb7f8e17c17f457b3384010eb027f3aad72 (diff) | |
| download | openssl-e947f3968926b2ab2b2de895b7a0e2fe3730beb8.tar.gz | |
New function X509_cmp().
Diffstat (limited to 'crypto')
| -rw-r--r-- | crypto/x509/x509.h | 2 | ||||
| -rw-r--r-- | crypto/x509/x509_cmp.c | 11 | ||||
| -rw-r--r-- | crypto/x509v3/v3_purp.c | 4 |
3 files changed, 16 insertions, 1 deletions
diff --git a/crypto/x509/x509.h b/crypto/x509/x509.h index a6e61cf6c7..d3d8030086 100644 --- a/crypto/x509/x509.h +++ b/crypto/x509/x509.h @@ -269,6 +269,7 @@ typedef struct x509_st unsigned long ex_kusage; unsigned long ex_xkusage; unsigned long ex_nscert; + unsigned char sha1_hash[SHA_DIGEST_LENGTH]; X509_CERT_AUX *aux; } X509; @@ -869,6 +870,7 @@ unsigned long X509_issuer_name_hash(X509 *a); int X509_subject_name_cmp(X509 *a,X509 *b); unsigned long X509_subject_name_hash(X509 *x); +int X509_cmp (X509 *a, X509 *b); int X509_NAME_cmp (X509_NAME *a, X509_NAME *b); unsigned long X509_NAME_hash(X509_NAME *x); diff --git a/crypto/x509/x509_cmp.c b/crypto/x509/x509_cmp.c index 0b0f1605da..62d8013360 100644 --- a/crypto/x509/x509_cmp.c +++ b/crypto/x509/x509_cmp.c @@ -61,6 +61,7 @@ #include <openssl/asn1.h> #include <openssl/objects.h> #include <openssl/x509.h> +#include <openssl/x509v3.h> int X509_issuer_and_serial_cmp(X509 *a, X509 *b) { @@ -135,6 +136,16 @@ unsigned long X509_subject_name_hash(X509 *x) { return(X509_NAME_hash(x->cert_info->subject)); } +/* Compare two certificates: they must be identical for + * this to work. + */ +int X509_cmp(X509 *a, X509 *b) +{ + /* ensure hash is valid */ + X509_check_purpose(a, -1, 0); + X509_check_purpose(b, -1, 0); + return memcmp(a->sha1_hash, b->sha1_hash, SHA_DIGEST_LENGTH); +} int X509_NAME_cmp(X509_NAME *a, X509_NAME *b) { diff --git a/crypto/x509v3/v3_purp.c b/crypto/x509v3/v3_purp.c index d7e561e58e..6ec5f957e9 100644 --- a/crypto/x509v3/v3_purp.c +++ b/crypto/x509v3/v3_purp.c @@ -103,12 +103,13 @@ int X509_check_purpose(X509 *x, int id, int ca) x509v3_cache_extensions(x); CRYPTO_w_unlock(CRYPTO_LOCK_X509); } + if(id == -1) return 1; idx = x509_purpose_get_idx(id); if(idx == -1) return -1; pt = sk_X509_PURPOSE_value(xptable, idx); return pt->check_purpose(pt, x,ca); } - + @@ -199,6 +200,7 @@ static void x509v3_cache_extensions(X509 *x) STACK_OF(ASN1_OBJECT) *extusage; int i; if(x->ex_flags & EXFLAG_SET) return; + X509_digest(x, EVP_sha1(), x->sha1_hash, NULL); /* Does subject name match issuer ? */ if(X509_NAME_cmp(X509_get_subject_name(x), X509_get_issuer_name(x))) x->ex_flags |= EXFLAG_SS; |