aboutsummaryrefslogtreecommitdiff
path: root/crypto/x509/x509_cmp.c
diff options
context:
space:
mode:
authorJung-uk Kim <jkim@FreeBSD.org>2021-02-16 19:54:02 +0000
committerJung-uk Kim <jkim@FreeBSD.org>2021-02-16 19:54:02 +0000
commit4f55bd5321b72491d4eff396e4928e9ab0706735 (patch)
tree46adf486ba58f712ebd071b5d2dbeda04c45833b /crypto/x509/x509_cmp.c
parentc25134eb4f5842c16f8f372a1e28849794d70883 (diff)
downloadsrc-4f55bd5321b72491d4eff396e4928e9ab0706735.tar.gz
src-4f55bd5321b72491d4eff396e4928e9ab0706735.zip
Import OpenSSL 1.1.1j.vendor/openssl/1.1.1j
Diffstat (limited to 'crypto/x509/x509_cmp.c')
-rw-r--r--crypto/x509/x509_cmp.c24
1 files changed, 14 insertions, 10 deletions
diff --git a/crypto/x509/x509_cmp.c b/crypto/x509/x509_cmp.c
index ad620af0aff4..1d8d2d7b28e9 100644
--- a/crypto/x509/x509_cmp.c
+++ b/crypto/x509/x509_cmp.c
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -39,6 +39,8 @@ unsigned long X509_issuer_and_serial_hash(X509 *a)
if (ctx == NULL)
goto err;
f = X509_NAME_oneline(a->cert_info.issuer, NULL, 0);
+ if (f == NULL)
+ goto err;
if (!EVP_DigestInit_ex(ctx, EVP_md5(), NULL))
goto err;
if (!EVP_DigestUpdate(ctx, (unsigned char *)f, strlen(f)))
@@ -133,19 +135,21 @@ unsigned long X509_subject_name_hash_old(X509 *x)
*/
int X509_cmp(const X509 *a, const X509 *b)
{
- int rv;
+ int rv = 0;
if (a == b) /* for efficiency */
return 0;
- /* ensure hash is valid */
- if (X509_check_purpose((X509 *)a, -1, 0) != 1)
- return -2;
- if (X509_check_purpose((X509 *)b, -1, 0) != 1)
- return -2;
-
- rv = memcmp(a->sha1_hash, b->sha1_hash, SHA_DIGEST_LENGTH);
- if (rv)
+
+ /* try to make sure hash is valid */
+ (void)X509_check_purpose((X509 *)a, -1, 0);
+ (void)X509_check_purpose((X509 *)b, -1, 0);
+
+ if ((a->ex_flags & EXFLAG_NO_FINGERPRINT) == 0
+ && (b->ex_flags & EXFLAG_NO_FINGERPRINT) == 0)
+ rv = memcmp(a->sha1_hash, b->sha1_hash, SHA_DIGEST_LENGTH);
+ if (rv != 0)
return rv;
+
/* Check for match against stored encoding too */
if (!a->cert_info.enc.modified && !b->cert_info.enc.modified) {
if (a->cert_info.enc.len < b->cert_info.enc.len)