import of openssl-0.9.7g; tested on platforms from alpha to zaurus, ok deraadt@

author: djm <> 2005-04-29 05:37:34 +0000
committer: djm <> 2005-04-29 05:37:34 +0000
commit: a95585a25ab25668b931a78b7543f707a3354db8 (patch)
tree: f9e9febf7ac0c8f5d6df761fe70fd613aac06203 /src/lib/libcrypto/x509/x509_cmp.c
parent: 58c08aa241f168c84ce7cc3052454ea59a44eada (diff)
download: openbsd-a95585a25ab25668b931a78b7543f707a3354db8.tar.gz
openbsd-a95585a25ab25668b931a78b7543f707a3354db8.tar.bz2
openbsd-a95585a25ab25668b931a78b7543f707a3354db8.zip
1 files changed, 35 insertions, 13 deletions
diff --git a/src/lib/libcrypto/x509/x509_cmp.c b/src/lib/libcrypto/x509/x509_cmp.c
index f460102f49..030d0966fc 100644
--- a/src/lib/libcrypto/x509/x509_cmp.c
+++ b/src/lib/libcrypto/x509/x509_cmp.c
@@ -254,33 +254,49 @@ static int nocase_spacenorm_cmp(const ASN1_STRING *a, const ASN1_STRING *b)
        return 0;
 }
+static int asn1_string_memcmp(ASN1_STRING *a, ASN1_STRING *b)
+        {
+        int j;
+        j = a->length - b->length;
+        if (j)
+                return j;
+        return memcmp(a->data, b->data, a->length);
+        }
+#define STR_TYPE_CMP (B_ASN1_PRINTABLESTRING|B_ASN1_T61STRING|B_ASN1_UTF8STRING)
 int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b)
        {
        int i,j;
        X509_NAME_ENTRY *na,*nb;
-        if (sk_X509_NAME_ENTRY_num(a->entries)
+        unsigned long nabit, nbbit;
-            != sk_X509_NAME_ENTRY_num(b->entries))
-                return sk_X509_NAME_ENTRY_num(a->entries)
+        j = sk_X509_NAME_ENTRY_num(a->entries)
-                  -sk_X509_NAME_ENTRY_num(b->entries);
+                  - sk_X509_NAME_ENTRY_num(b->entries);
+        if (j)
+                return j;
        for (i=sk_X509_NAME_ENTRY_num(a->entries)-1; i>=0; i--)
                {
                na=sk_X509_NAME_ENTRY_value(a->entries,i);
                nb=sk_X509_NAME_ENTRY_value(b->entries,i);
                j=na->value->type-nb->value->type;
-                if (j) return(j);
+                if (j)
-                if (na->value->type == V_ASN1_PRINTABLESTRING)
+                        {
+                        nabit = ASN1_tag2bit(na->value->type);
+                        nbbit = ASN1_tag2bit(nb->value->type);
+                        if (!(nabit & STR_TYPE_CMP) ||
+                                !(nbbit & STR_TYPE_CMP))
+                                return j;
+                        j = asn1_string_memcmp(na->value, nb->value);
+                        }
+                else if (na->value->type == V_ASN1_PRINTABLESTRING)
                        j=nocase_spacenorm_cmp(na->value, nb->value);
                else if (na->value->type == V_ASN1_IA5STRING
                        && OBJ_obj2nid(na->object) == NID_pkcs9_emailAddress)
                        j=nocase_cmp(na->value, nb->value);
                else
-                        {
+                        j = asn1_string_memcmp(na->value, nb->value);
-                        j=na->value->length-nb->value->length;
-                        if (j) return(j);
-                        j=memcmp(na->value->data,nb->value->data,
-                                na->value->length);
-                        }
                if (j) return(j);
                j=na->set-nb->set;
                if (j) return(j);
@@ -306,10 +322,16 @@ unsigned long X509_NAME_hash(X509_NAME *x)
        {
        unsigned long ret=0;
        unsigned char md[16];
+        EVP_MD_CTX md_ctx;
        /* Make sure X509_NAME structure contains valid cached encoding */
        i2d_X509_NAME(x,NULL);
-        EVP_Digest(x->bytes->data, x->bytes->length, md, NULL, EVP_md5(), NULL);
+        EVP_MD_CTX_init(&md_ctx);
+        EVP_MD_CTX_set_flags(&md_ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
+        EVP_DigestInit_ex(&md_ctx, EVP_md5(), NULL);
+        EVP_DigestUpdate(&md_ctx, x->bytes->data, x->bytes->length);
+        EVP_DigestFinal_ex(&md_ctx,md,NULL);
+        EVP_MD_CTX_cleanup(&md_ctx);
        ret=(   ((unsigned long)md[0]     )|((unsigned long)md[1]<<8L)|
                ((unsigned long)md[2]<<16L)|((unsigned long)md[3]<<24L)
author	djm <>	2005-04-29 05:37:34 +0000
committer	djm <>	2005-04-29 05:37:34 +0000
commit	a95585a25ab25668b931a78b7543f707a3354db8 (patch)
tree	f9e9febf7ac0c8f5d6df761fe70fd613aac06203 /src/lib/libcrypto/x509/x509_cmp.c
parent	58c08aa241f168c84ce7cc3052454ea59a44eada (diff)
download	openbsd-a95585a25ab25668b931a78b7543f707a3354db8.tar.gz openbsd-a95585a25ab25668b931a78b7543f707a3354db8.tar.bz2 openbsd-a95585a25ab25668b931a78b7543f707a3354db8.zip

diff --git a/src/lib/libcrypto/x509/x509_cmp.c b/src/lib/libcrypto/x509/x509_cmp.c index f460102f49..030d0966fc 100644 --- a/src/lib/libcrypto/x509/x509_cmp.c +++ b/src/lib/libcrypto/x509/x509_cmp.c
@@ -254,33 +254,49 @@ static int nocase_spacenorm_cmp(const ASN1_STRING a, const ASN1_STRING b)
254	return 0;	254	return 0;
255	}	255	}
256		256
		257	static int asn1_string_memcmp(ASN1_STRING a, ASN1_STRING b)
		258	{
		259	int j;
		260	j = a->length - b->length;
		261	if (j)
		262	return j;
		263	return memcmp(a->data, b->data, a->length);
		264	}
		265
		266	#define STR_TYPE_CMP (B_ASN1_PRINTABLESTRING\|B_ASN1_T61STRING\|B_ASN1_UTF8STRING)
		267
257	int X509_NAME_cmp(const X509_NAME a, const X509_NAME b)	268	int X509_NAME_cmp(const X509_NAME a, const X509_NAME b)
258	{	269	{
259	int i,j;	270	int i,j;
260	X509_NAME_ENTRY na,nb;	271	X509_NAME_ENTRY na,nb;
261		272
262	if (sk_X509_NAME_ENTRY_num(a->entries)	273	unsigned long nabit, nbbit;
263	!= sk_X509_NAME_ENTRY_num(b->entries))	274
264	return sk_X509_NAME_ENTRY_num(a->entries)	275	j = sk_X509_NAME_ENTRY_num(a->entries)
265	-sk_X509_NAME_ENTRY_num(b->entries);	276	- sk_X509_NAME_ENTRY_num(b->entries);
		277	if (j)
		278	return j;
266	for (i=sk_X509_NAME_ENTRY_num(a->entries)-1; i>=0; i--)	279	for (i=sk_X509_NAME_ENTRY_num(a->entries)-1; i>=0; i--)
267	{	280	{
268	na=sk_X509_NAME_ENTRY_value(a->entries,i);	281	na=sk_X509_NAME_ENTRY_value(a->entries,i);
269	nb=sk_X509_NAME_ENTRY_value(b->entries,i);	282	nb=sk_X509_NAME_ENTRY_value(b->entries,i);
270	j=na->value->type-nb->value->type;	283	j=na->value->type-nb->value->type;
271	if (j) return(j);	284	if (j)
272	if (na->value->type == V_ASN1_PRINTABLESTRING)	285	{
		286	nabit = ASN1_tag2bit(na->value->type);
		287	nbbit = ASN1_tag2bit(nb->value->type);
		288	if (!(nabit & STR_TYPE_CMP) \|\|
		289	!(nbbit & STR_TYPE_CMP))
		290	return j;
		291	j = asn1_string_memcmp(na->value, nb->value);
		292	}
		293	else if (na->value->type == V_ASN1_PRINTABLESTRING)
273	j=nocase_spacenorm_cmp(na->value, nb->value);	294	j=nocase_spacenorm_cmp(na->value, nb->value);
274	else if (na->value->type == V_ASN1_IA5STRING	295	else if (na->value->type == V_ASN1_IA5STRING
275	&& OBJ_obj2nid(na->object) == NID_pkcs9_emailAddress)	296	&& OBJ_obj2nid(na->object) == NID_pkcs9_emailAddress)
276	j=nocase_cmp(na->value, nb->value);	297	j=nocase_cmp(na->value, nb->value);
277	else	298	else
278	{	299	j = asn1_string_memcmp(na->value, nb->value);
279	j=na->value->length-nb->value->length;
280	if (j) return(j);
281	j=memcmp(na->value->data,nb->value->data,
282	na->value->length);
283	}
284	if (j) return(j);	300	if (j) return(j);
285	j=na->set-nb->set;	301	j=na->set-nb->set;
286	if (j) return(j);	302	if (j) return(j);
@@ -306,10 +322,16 @@ unsigned long X509_NAME_hash(X509_NAME *x)
306	{	322	{
307	unsigned long ret=0;	323	unsigned long ret=0;
308	unsigned char md[16];	324	unsigned char md[16];
		325	EVP_MD_CTX md_ctx;
309		326
310	/* Make sure X509_NAME structure contains valid cached encoding */	327	/* Make sure X509_NAME structure contains valid cached encoding */
311	i2d_X509_NAME(x,NULL);	328	i2d_X509_NAME(x,NULL);
312	EVP_Digest(x->bytes->data, x->bytes->length, md, NULL, EVP_md5(), NULL);	329	EVP_MD_CTX_init(&md_ctx);
		330	EVP_MD_CTX_set_flags(&md_ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
		331	EVP_DigestInit_ex(&md_ctx, EVP_md5(), NULL);
		332	EVP_DigestUpdate(&md_ctx, x->bytes->data, x->bytes->length);
		333	EVP_DigestFinal_ex(&md_ctx,md,NULL);
		334	EVP_MD_CTX_cleanup(&md_ctx);
313		335
314	ret=( ((unsigned long)md[0] )\|((unsigned long)md[1]<<8L)\|	336	ret=( ((unsigned long)md[0] )\|((unsigned long)md[1]<<8L)\|
315	((unsigned long)md[2]<<16L)\|((unsigned long)md[3]<<24L)	337	((unsigned long)md[2]<<16L)\|((unsigned long)md[3]<<24L)