summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/x509/x509_cmp.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libcrypto/x509/x509_cmp.c')
-rw-r--r--src/lib/libcrypto/x509/x509_cmp.c28
1 files changed, 17 insertions, 11 deletions
diff --git a/src/lib/libcrypto/x509/x509_cmp.c b/src/lib/libcrypto/x509/x509_cmp.c
index a8a5ca8b03..b147d573d2 100644
--- a/src/lib/libcrypto/x509/x509_cmp.c
+++ b/src/lib/libcrypto/x509/x509_cmp.c
@@ -63,7 +63,7 @@
63#include <openssl/x509.h> 63#include <openssl/x509.h>
64#include <openssl/x509v3.h> 64#include <openssl/x509v3.h>
65 65
66int X509_issuer_and_serial_cmp(X509 *a, X509 *b) 66int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b)
67 { 67 {
68 int i; 68 int i;
69 X509_CINF *ai,*bi; 69 X509_CINF *ai,*bi;
@@ -97,17 +97,17 @@ unsigned long X509_issuer_and_serial_hash(X509 *a)
97 } 97 }
98#endif 98#endif
99 99
100int X509_issuer_name_cmp(X509 *a, X509 *b) 100int X509_issuer_name_cmp(const X509 *a, const X509 *b)
101 { 101 {
102 return(X509_NAME_cmp(a->cert_info->issuer,b->cert_info->issuer)); 102 return(X509_NAME_cmp(a->cert_info->issuer,b->cert_info->issuer));
103 } 103 }
104 104
105int X509_subject_name_cmp(X509 *a, X509 *b) 105int X509_subject_name_cmp(const X509 *a, const X509 *b)
106 { 106 {
107 return(X509_NAME_cmp(a->cert_info->subject,b->cert_info->subject)); 107 return(X509_NAME_cmp(a->cert_info->subject,b->cert_info->subject));
108 } 108 }
109 109
110int X509_CRL_cmp(X509_CRL *a, X509_CRL *b) 110int X509_CRL_cmp(const X509_CRL *a, const X509_CRL *b)
111 { 111 {
112 return(X509_NAME_cmp(a->crl->issuer,b->crl->issuer)); 112 return(X509_NAME_cmp(a->crl->issuer,b->crl->issuer));
113 } 113 }
@@ -139,19 +139,25 @@ unsigned long X509_subject_name_hash(X509 *x)
139 139
140#ifndef NO_SHA 140#ifndef NO_SHA
141/* Compare two certificates: they must be identical for 141/* Compare two certificates: they must be identical for
142 * this to work. 142 * this to work. NB: Although "cmp" operations are generally
143 * prototyped to take "const" arguments (eg. for use in
144 * STACKs), the way X509 handling is - these operations may
145 * involve ensuring the hashes are up-to-date and ensuring
146 * certain cert information is cached. So this is the point
147 * where the "depth-first" constification tree has to halt
148 * with an evil cast.
143 */ 149 */
144int X509_cmp(X509 *a, X509 *b) 150int X509_cmp(const X509 *a, const X509 *b)
145{ 151{
146 /* ensure hash is valid */ 152 /* ensure hash is valid */
147 X509_check_purpose(a, -1, 0); 153 X509_check_purpose((X509 *)a, -1, 0);
148 X509_check_purpose(b, -1, 0); 154 X509_check_purpose((X509 *)b, -1, 0);
149 155
150 return memcmp(a->sha1_hash, b->sha1_hash, SHA_DIGEST_LENGTH); 156 return memcmp(a->sha1_hash, b->sha1_hash, SHA_DIGEST_LENGTH);
151} 157}
152#endif 158#endif
153 159
154int X509_NAME_cmp(X509_NAME *a, X509_NAME *b) 160int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b)
155 { 161 {
156 int i,j; 162 int i,j;
157 X509_NAME_ENTRY *na,*nb; 163 X509_NAME_ENTRY *na,*nb;
@@ -198,14 +204,14 @@ unsigned long X509_NAME_hash(X509_NAME *x)
198 204
199 i=i2d_X509_NAME(x,NULL); 205 i=i2d_X509_NAME(x,NULL);
200 if (i > sizeof(str)) 206 if (i > sizeof(str))
201 p=Malloc(i); 207 p=OPENSSL_malloc(i);
202 else 208 else
203 p=str; 209 p=str;
204 210
205 pp=p; 211 pp=p;
206 i2d_X509_NAME(x,&pp); 212 i2d_X509_NAME(x,&pp);
207 MD5((unsigned char *)p,i,&(md[0])); 213 MD5((unsigned char *)p,i,&(md[0]));
208 if (p != str) Free(p); 214 if (p != str) OPENSSL_free(p);
209 215
210 ret=( ((unsigned long)md[0] )|((unsigned long)md[1]<<8L)| 216 ret=( ((unsigned long)md[0] )|((unsigned long)md[1]<<8L)|
211 ((unsigned long)md[2]<<16L)|((unsigned long)md[3]<<24L) 217 ((unsigned long)md[2]<<16L)|((unsigned long)md[3]<<24L)
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-26 18:18:07 +0000