[openssl] master update

tomas at openssl.org tomas at openssl.org
Wed Apr 14 07:45:57 UTC 2021 

The branch master has been updated
       via  456541f0b7c7a4ca8c1c99740fff1bedcc4c9244 (commit)
       via  74bcbea76ff180c3eb27a141be99b7b577eec81c (commit)
      from  d32fc2c51b74c135ae09c3bb04ebe5781edd7571 (commit)


- Log -----------------------------------------------------------------
commit 456541f0b7c7a4ca8c1c99740fff1bedcc4c9244
Author: Tomas Mraz <tomas at openssl.org>
Date:   Mon Apr 12 19:22:04 2021 +0200

    Document the invariants for the empty X509_NAME encoding
    
    Reviewed-by: David von Oheimb <david.von.oheimb at siemens.com>
    (Merged from https://github.com/openssl/openssl/pull/14832)

commit 74bcbea76ff180c3eb27a141be99b7b577eec81c
Author: Tomas Mraz <tomas at openssl.org>
Date:   Mon Apr 12 09:58:27 2021 +0200

    X509_NAME_cmp: if canon_enclen is 0 for both names return 0
    
    We do not care whether canon_enc is NULL in this case.
    
    Fixes #14813
    
    Reviewed-by: David von Oheimb <david.von.oheimb at siemens.com>
    (Merged from https://github.com/openssl/openssl/pull/14832)

-----------------------------------------------------------------------

Summary of changes:
 crypto/x509/x509_cmp.c | 7 +++++--
 crypto/x509/x_name.c   | 1 +
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/crypto/x509/x509_cmp.c b/crypto/x509/x509_cmp.c
index 51dc24b6fb..0cc5ed7f5f 100644
--- a/crypto/x509/x509_cmp.c
+++ b/crypto/x509/x509_cmp.c
@@ -269,11 +269,14 @@ int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b)
             return -2;
     }
 
+    ret = a->canon_enclen - b->canon_enclen;
+    if (ret == 0 && a->canon_enclen == 0)
+        return 0;
+
     if (a->canon_enc == NULL || b->canon_enc == NULL)
         return -2;
 
-    ret = a->canon_enclen - b->canon_enclen;
-    if (ret == 0 && a->canon_enclen != 0)
+    if (ret == 0)
         ret = memcmp(a->canon_enc, b->canon_enc, a->canon_enclen);
 
     return ret < 0 ? -1 : ret > 0;
diff --git a/crypto/x509/x_name.c b/crypto/x509/x_name.c
index 7b59b71ffb..6e9b46005e 100644
--- a/crypto/x509/x_name.c
+++ b/crypto/x509/x_name.c
@@ -298,6 +298,7 @@ static int x509_name_ex_print(BIO *out, const ASN1_VALUE **pval,
  * comparison of Name structures can be rapidly performed by just using
  * memcmp() of the canonical encoding. By omitting the leading SEQUENCE name
  * constraints of type dirName can also be checked with a simple memcmp().
+ * NOTE: For empty X509_NAME (NULL-DN), canon_enclen == 0 && canon_enc == NULL
  */
 
 static int x509_name_canon(X509_NAME *a)

More information about the openssl-commits mailing list