Chiebot-Mirror
/
boringssl
8
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Remove code added to avoid SHA1 weakness.

Browse Source 
We no longer use a weak hash for certificate comparisons. There
is no need to do extra work when certificates are the same.

Change-Id: I3b4b295122b289ae389bce2245b8348562700855
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/52346
Reviewed-by: Adam Langley <agl@google.com>
Commit-Queue: Adam Langley <agl@google.com>
fips-20220613
Bob Beck 3 years ago committed by Boringssl LUCI CQ
parent 553e81e473
commit 15302de895
1 changed files with 1 additions and 12 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 13
      crypto/x509/x509_cmp.c

13
crypto/x509/x509_cmp.c
Unescape View File

@ -165,18 +165,7 @@ int X509_cmp(const X509 *a, const X509 *b)
x509v3_cache_extensions((X509 *)a); x509v3_cache_extensions((X509 *)a);
x509v3_cache_extensions((X509 *)b); x509v3_cache_extensions((X509 *)b);
int rv = OPENSSL_memcmp(a->cert_hash, b->cert_hash, SHA256_DIGEST_LENGTH); return OPENSSL_memcmp(a->cert_hash, b->cert_hash, SHA256_DIGEST_LENGTH);
if (rv)
return rv;
/* Check for match against stored encoding too */
if (!a->cert_info->enc.modified && !b->cert_info->enc.modified) {
rv = (int)(a->cert_info->enc.len - b->cert_info->enc.len);
if (rv)
return rv;
return OPENSSL_memcmp(a->cert_info->enc.enc, b->cert_info->enc.enc,
a->cert_info->enc.len);
}
return rv;
} }
int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b) int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b)

Write Preview
Loading…
Cancel
Save