summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDr. Stephen Henson <steve@openssl.org>2009-05-30 18:11:26 +0000
committerDr. Stephen Henson <steve@openssl.org>2009-05-30 18:11:26 +0000
commit8132d3ac40edb8567c81a84aeb301d427c0a61e2 (patch)
tree9757dd6a50604bf94dfdb12e9956356fa1f40fa9
parent43e12b6f1ce4f59aeaeacdad3f0e984efa321fb4 (diff)
Update from 1.0.0-stable.
Diffstat
-rw-r--r--crypto/x509/x509_cmp.c6
-rw-r--r--crypto/x509v3/v3_ncons.c5
2 files changed, 8 insertions, 3 deletions
diff --git a/crypto/x509/x509_cmp.c b/crypto/x509/x509_cmp.c
index 306d4b2d73..2e444f2848 100644
--- a/crypto/x509/x509_cmp.c
+++ b/crypto/x509/x509_cmp.c
@@ -173,16 +173,16 @@ int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b)
{
int ret;
- /* Ensure canonical encoding is present */
+ /* Ensure canonical encoding is present and up to date */
- if (!a->canon_enc)
+ if (!a->canon_enc || a->modified)
{
ret = i2d_X509_NAME((X509_NAME *)a, NULL);
if (ret < 0)
return -2;
}
- if (!b->canon_enc)
+ if (!b->canon_enc || b->modified)
{
ret = i2d_X509_NAME((X509_NAME *)b, NULL);
if (ret < 0)
diff --git a/crypto/x509v3/v3_ncons.c b/crypto/x509v3/v3_ncons.c
index ce5a8f6efc..689df46acd 100644
--- a/crypto/x509v3/v3_ncons.c
+++ b/crypto/x509v3/v3_ncons.c
@@ -376,6 +376,11 @@ static int nc_match_single(GENERAL_NAME *gen, GENERAL_NAME *base)
static int nc_dn(X509_NAME *nm, X509_NAME *base)
{
+ /* Ensure canonical encodings are up to date. */
+ if (nm->modified && i2d_X509_NAME(nm, NULL) < 0)
+ return X509_V_ERR_OUT_OF_MEM;
+ if (base->modified && i2d_X509_NAME(base, NULL) < 0)
+ return X509_V_ERR_OUT_OF_MEM;
if (base->canon_enclen > nm->canon_enclen)
return X509_V_ERR_PERMITTED_VIOLATION;
if (memcmp(base->canon_enc, nm->canon_enc, base->canon_enclen))
generated by cgit v1.2.3-70-g09d2 (git 2.46.0) at 2024-10-23 22:30:43 +0000