aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMichael Stahl <michael.stahl@allotropia.de>2021-01-06 17:39:19 +0100
committerThorsten Behrens <thorsten.behrens@allotropia.de>2021-01-07 21:06:18 +0100
commite78d93db896d82ebe14e880455077532f5e5073c (patch)
treef001428832ba837fedc6e2154f5bb29989b15a89
parent201ceeefb1f4cf4731589fc38debeaa9d8b1ad7f (diff)
openssl: add patch to fix CVE-2020-1971
Change-Id: Ia756f1fa642eeb6dcadc867cc9730732a73c11b4 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/108884 Tested-by: Jenkins Reviewed-by: Thorsten Behrens <thorsten.behrens@allotropia.de> (cherry picked from commit b4c5bd9b330068e8c550e398cf761457ec9b6aa4) Reviewed-on: https://gerrit.libreoffice.org/c/core/+/108948 Tested-by: Thorsten Behrens <thorsten.behrens@allotropia.de>
-rw-r--r--external/openssl/UnpackedTarball_openssl.mk1
-rw-r--r--external/openssl/openssl-1.0.2k-cve-2020-1971.patch.1578
2 files changed, 579 insertions, 0 deletions
diff --git a/external/openssl/UnpackedTarball_openssl.mk b/external/openssl/UnpackedTarball_openssl.mk
index 719b8b0e5842..ad600cce1412 100644
--- a/external/openssl/UnpackedTarball_openssl.mk
+++ b/external/openssl/UnpackedTarball_openssl.mk
@@ -21,6 +21,7 @@ $(eval $(call gb_UnpackedTarball_add_patches,openssl,\
external/openssl/opensslosxppc.patch \
external/openssl/openssl-3650-masm.patch.1 \
external/openssl/openssl-fixbuild.patch.1 \
+ external/openssl/openssl-1.0.2k-cve-2020-1971.patch.1 \
))
# vim: set noet sw=4 ts=4:
diff --git a/external/openssl/openssl-1.0.2k-cve-2020-1971.patch.1 b/external/openssl/openssl-1.0.2k-cve-2020-1971.patch.1
new file mode 100644
index 000000000000..313f9cd870d7
--- /dev/null
+++ b/external/openssl/openssl-1.0.2k-cve-2020-1971.patch.1
@@ -0,0 +1,578 @@
+diff -up openssl-1.0.2k/crypto/asn1/asn1_err.c.null-dereference openssl-1.0.2k/crypto/asn1/asn1_err.c
+--- openssl-1.0.2k/crypto/asn1/asn1_err.c.null-dereference 2020-12-04 10:08:08.506247597 +0100
++++ openssl-1.0.2k/crypto/asn1/asn1_err.c 2020-12-04 10:12:31.901956486 +0100
+@@ -1,6 +1,6 @@
+ /* crypto/asn1/asn1_err.c */
+ /* ====================================================================
+- * Copyright (c) 1999-2018 The OpenSSL Project. All rights reserved.
++ * Copyright (c) 1999-2020 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+@@ -103,6 +103,7 @@ static ERR_STRING_DATA ASN1_str_functs[]
+ {ERR_FUNC(ASN1_F_ASN1_ITEM_DUP), "ASN1_item_dup"},
+ {ERR_FUNC(ASN1_F_ASN1_ITEM_EX_COMBINE_NEW), "ASN1_ITEM_EX_COMBINE_NEW"},
+ {ERR_FUNC(ASN1_F_ASN1_ITEM_EX_D2I), "ASN1_ITEM_EX_D2I"},
++ {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_ITEM_EX_I2D, 0), "ASN1_item_ex_i2d"},
+ {ERR_FUNC(ASN1_F_ASN1_ITEM_I2D_BIO), "ASN1_item_i2d_bio"},
+ {ERR_FUNC(ASN1_F_ASN1_ITEM_I2D_FP), "ASN1_item_i2d_fp"},
+ {ERR_FUNC(ASN1_F_ASN1_ITEM_PACK), "ASN1_item_pack"},
+@@ -202,6 +203,7 @@ static ERR_STRING_DATA ASN1_str_reasons[
+ {ERR_REASON(ASN1_R_AUX_ERROR), "aux error"},
+ {ERR_REASON(ASN1_R_BAD_CLASS), "bad class"},
+ {ERR_REASON(ASN1_R_BAD_OBJECT_HEADER), "bad object header"},
++ {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_BAD_TEMPLATE), "bad template"},
+ {ERR_REASON(ASN1_R_BAD_PASSWORD_READ), "bad password read"},
+ {ERR_REASON(ASN1_R_BAD_TAG), "bad tag"},
+ {ERR_REASON(ASN1_R_BMPSTRING_IS_WRONG_LENGTH),
+diff -up openssl-1.0.2k/crypto/asn1/asn1.h.null-dereference openssl-1.0.2k/crypto/asn1/asn1.h
+--- openssl-1.0.2k/crypto/asn1/asn1.h.null-dereference 2020-12-04 11:00:06.896637900 +0100
++++ openssl-1.0.2k/crypto/asn1/asn1.h 2020-12-04 11:04:47.079562987 +0100
+@@ -1202,6 +1202,7 @@ void ERR_load_ASN1_strings(void);
+ # define ASN1_F_ASN1_ITEM_DUP 191
+ # define ASN1_F_ASN1_ITEM_EX_COMBINE_NEW 121
+ # define ASN1_F_ASN1_ITEM_EX_D2I 120
++# define ASN1_F_ASN1_ITEM_EX_I2D 231
+ # define ASN1_F_ASN1_ITEM_I2D_BIO 192
+ # define ASN1_F_ASN1_ITEM_I2D_FP 193
+ # define ASN1_F_ASN1_ITEM_PACK 198
+@@ -1298,6 +1299,7 @@ void ERR_load_ASN1_strings(void);
+ # define ASN1_R_AUX_ERROR 100
+ # define ASN1_R_BAD_CLASS 101
+ # define ASN1_R_BAD_OBJECT_HEADER 102
++# define ASN1_R_BAD_TEMPLATE 230
+ # define ASN1_R_BAD_PASSWORD_READ 103
+ # define ASN1_R_BAD_TAG 104
+ # define ASN1_R_BMPSTRING_IS_WRONG_LENGTH 214
+diff -up openssl-1.0.2k/crypto/asn1/tasn_dec.c.null-dereference openssl-1.0.2k/crypto/asn1/tasn_dec.c
+--- openssl-1.0.2k/crypto/asn1/tasn_dec.c.null-dereference 2020-12-04 10:12:42.036057323 +0100
++++ openssl-1.0.2k/crypto/asn1/tasn_dec.c 2020-12-04 10:17:45.685035333 +0100
+@@ -223,6 +223,15 @@ static int asn1_item_ex_d2i(ASN1_VALUE *
+ break;
+
+ case ASN1_ITYPE_MSTRING:
++ /*
++ * It never makes sense for multi-strings to have implicit tagging, so
++ * if tag != -1, then this looks like an error in the template.
++ */
++ if (tag != -1) {
++ ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_BAD_TEMPLATE);
++ goto err;
++ }
++
+ p = *in;
+ /* Just read in tag and class */
+ ret = asn1_check_tlen(NULL, &otag, &oclass, NULL, NULL,
+@@ -240,6 +249,7 @@ static int asn1_item_ex_d2i(ASN1_VALUE *
+ ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_MSTRING_NOT_UNIVERSAL);
+ goto err;
+ }
++
+ /* Check tag matches bit map */
+ if (!(ASN1_tag2bit(otag) & it->utype)) {
+ /* If OPTIONAL, assume this is OK */
+@@ -316,6 +326,15 @@ static int asn1_item_ex_d2i(ASN1_VALUE *
+ goto err;
+
+ case ASN1_ITYPE_CHOICE:
++ /*
++ * It never makes sense for CHOICE types to have implicit tagging, so
++ * if tag != -1, then this looks like an error in the template.
++ */
++ if (tag != -1) {
++ ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_BAD_TEMPLATE);
++ goto err;
++ }
++
+ if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it, NULL))
+ goto auxerr;
+ if (*pval) {
+diff -up openssl-1.0.2k/crypto/asn1/tasn_enc.c.null-dereference openssl-1.0.2k/crypto/asn1/tasn_enc.c
+--- openssl-1.0.2k/crypto/asn1/tasn_enc.c.null-dereference 2020-12-04 10:18:30.261472002 +0100
++++ openssl-1.0.2k/crypto/asn1/tasn_enc.c 2020-12-04 10:21:14.310078987 +0100
+@@ -151,9 +151,25 @@ int ASN1_item_ex_i2d(ASN1_VALUE **pval,
+ break;
+
+ case ASN1_ITYPE_MSTRING:
++ /*
++ * It never makes sense for multi-strings to have implicit tagging, so
++ * if tag != -1, then this looks like an error in the template.
++ */
++ if (tag != -1) {
++ ASN1err(ASN1_F_ASN1_ITEM_EX_I2D, ASN1_R_BAD_TEMPLATE);
++ return -1;
++ }
+ return asn1_i2d_ex_primitive(pval, out, it, -1, aclass);
+
+ case ASN1_ITYPE_CHOICE:
++ /*
++ * It never makes sense for CHOICE types to have implicit tagging, so
++ * if tag != -1, then this looks like an error in the template.
++ */
++ if (tag != -1) {
++ ASN1err(ASN1_F_ASN1_ITEM_EX_I2D, ASN1_R_BAD_TEMPLATE);
++ return -1;
++ }
+ if (asn1_cb && !asn1_cb(ASN1_OP_I2D_PRE, pval, it, NULL))
+ return 0;
+ i = asn1_get_choice_selector(pval, it);
+diff -up openssl-1.0.2k/crypto/x509v3/v3_genn.c.null-dereference openssl-1.0.2k/crypto/x509v3/v3_genn.c
+--- openssl-1.0.2k/crypto/x509v3/v3_genn.c.null-dereference 2020-12-04 10:28:02.374237945 +0100
++++ openssl-1.0.2k/crypto/x509v3/v3_genn.c 2020-12-04 10:36:51.156138263 +0100
+@@ -72,8 +72,9 @@ ASN1_SEQUENCE(OTHERNAME) = {
+ IMPLEMENT_ASN1_FUNCTIONS(OTHERNAME)
+
+ ASN1_SEQUENCE(EDIPARTYNAME) = {
+- ASN1_IMP_OPT(EDIPARTYNAME, nameAssigner, DIRECTORYSTRING, 0),
+- ASN1_IMP_OPT(EDIPARTYNAME, partyName, DIRECTORYSTRING, 1)
++ /* DirectoryString is a CHOICE type so use explicit tagging */
++ ASN1_EXP_OPT(EDIPARTYNAME, nameAssigner, DIRECTORYSTRING, 0),
++ ASN1_EXP(EDIPARTYNAME, partyName, DIRECTORYSTRING, 1)
+ } ASN1_SEQUENCE_END(EDIPARTYNAME)
+
+ IMPLEMENT_ASN1_FUNCTIONS(EDIPARTYNAME)
+@@ -107,6 +108,37 @@ GENERAL_NAME *GENERAL_NAME_dup(GENERAL_N
+ (char *)a);
+ }
+
++static int edipartyname_cmp(const EDIPARTYNAME *a, const EDIPARTYNAME *b)
++{
++ int res;
++
++ if (a == NULL || b == NULL) {
++ /*
++ * Shouldn't be possible in a valid GENERAL_NAME, but we handle it
++ * anyway. OTHERNAME_cmp treats NULL != NULL so we do the same here
++ */
++ return -1;
++ }
++ if (a->nameAssigner == NULL && b->nameAssigner != NULL)
++ return -1;
++ if (a->nameAssigner != NULL && b->nameAssigner == NULL)
++ return 1;
++ /* If we get here then both have nameAssigner set, or both unset */
++ if (a->nameAssigner != NULL) {
++ res = ASN1_STRING_cmp(a->nameAssigner, b->nameAssigner);
++ if (res != 0)
++ return res;
++ }
++ /*
++ * partyName is required, so these should never be NULL. We treat it in
++ * the same way as the a == NULL || b == NULL case above
++ */
++ if (a->partyName == NULL || b->partyName == NULL)
++ return -1;
++
++ return ASN1_STRING_cmp(a->partyName, b->partyName);
++}
++
+ /* Returns 0 if they are equal, != 0 otherwise. */
+ int GENERAL_NAME_cmp(GENERAL_NAME *a, GENERAL_NAME *b)
+ {
+@@ -116,8 +148,11 @@ int GENERAL_NAME_cmp(GENERAL_NAME *a, GE
+ return -1;
+ switch (a->type) {
+ case GEN_X400:
++ result = ASN1_TYPE_cmp(a->d.x400Address, b->d.x400Address);
++ break;
++
+ case GEN_EDIPARTY:
+- result = ASN1_TYPE_cmp(a->d.other, b->d.other);
++ result = edipartyname_cmp(a->d.ediPartyName, b->d.ediPartyName);
+ break;
+
+ case GEN_OTHERNAME:
+@@ -164,8 +199,11 @@ void GENERAL_NAME_set0_value(GENERAL_NAM
+ {
+ switch (type) {
+ case GEN_X400:
++ a->d.x400Address = value;
++ break;
++
+ case GEN_EDIPARTY:
+- a->d.other = value;
++ a->d.ediPartyName = value;
+ break;
+
+ case GEN_OTHERNAME:
+@@ -199,8 +237,10 @@ void *GENERAL_NAME_get0_value(GENERAL_NA
+ *ptype = a->type;
+ switch (a->type) {
+ case GEN_X400:
++ return a->d.x400Address;
++
+ case GEN_EDIPARTY:
+- return a->d.other;
++ return a->d.ediPartyName;
+
+ case GEN_OTHERNAME:
+ return a->d.otherName;
+diff -up openssl-1.0.2k/crypto/x509v3/v3nametest.c.null-dereference openssl-1.0.2k/crypto/x509v3/v3nametest.c
+--- openssl-1.0.2k/crypto/x509v3/v3nametest.c.null-dereference 2020-12-04 10:28:02.374237945 +0100
++++ openssl-1.0.2k/crypto/x509v3/v3nametest.c 2020-12-04 10:36:51.156138263 +0100
+@@ -321,6 +321,356 @@ static void run_cert(X509 *crt, const ch
+ }
+ }
+
++struct gennamedata {
++ const unsigned char der[22];
++ size_t derlen;
++} gennames[] = {
++ {
++ /*
++ * [0] {
++ * OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.1 }
++ * [0] {
++ * SEQUENCE {}
++ * }
++ * }
++ */
++ {
++ 0xa0, 0x13, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04,
++ 0x01, 0x84, 0xb7, 0x09, 0x02, 0x01, 0xa0, 0x02, 0x30, 0x00
++ },
++ 21
++ }, {
++ /*
++ * [0] {
++ * OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.1 }
++ * [0] {
++ * [APPLICATION 0] {}
++ * }
++ * }
++ */
++ {
++ 0xa0, 0x13, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04,
++ 0x01, 0x84, 0xb7, 0x09, 0x02, 0x01, 0xa0, 0x02, 0x60, 0x00
++ },
++ 21
++ }, {
++ /*
++ * [0] {
++ * OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.1 }
++ * [0] {
++ * UTF8String { "a" }
++ * }
++ * }
++ */
++ {
++ 0xa0, 0x14, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04,
++ 0x01, 0x84, 0xb7, 0x09, 0x02, 0x01, 0xa0, 0x03, 0x0c, 0x01, 0x61
++ },
++ 22
++ }, {
++ /*
++ * [0] {
++ * OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.2 }
++ * [0] {
++ * UTF8String { "a" }
++ * }
++ * }
++ */
++ {
++ 0xa0, 0x14, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04,
++ 0x01, 0x84, 0xb7, 0x09, 0x02, 0x02, 0xa0, 0x03, 0x0c, 0x01, 0x61
++ },
++ 22
++ }, {
++ /*
++ * [0] {
++ * OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.1 }
++ * [0] {
++ * UTF8String { "b" }
++ * }
++ * }
++ */
++ {
++ 0xa0, 0x14, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04,
++ 0x01, 0x84, 0xb7, 0x09, 0x02, 0x01, 0xa0, 0x03, 0x0c, 0x01, 0x62
++ },
++ 22
++ }, {
++ /*
++ * [0] {
++ * OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.1 }
++ * [0] {
++ * BOOLEAN { TRUE }
++ * }
++ * }
++ */
++ {
++ 0xa0, 0x14, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04,
++ 0x01, 0x84, 0xb7, 0x09, 0x02, 0x01, 0xa0, 0x03, 0x01, 0x01, 0xff
++ },
++ 22
++ }, {
++ /*
++ * [0] {
++ * OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.1 }
++ * [0] {
++ * BOOLEAN { FALSE }
++ * }
++ * }
++ */
++ {
++ 0xa0, 0x14, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04,
++ 0x01, 0x84, 0xb7, 0x09, 0x02, 0x01, 0xa0, 0x03, 0x01, 0x01, 0x00
++ },
++ 22
++ }, {
++ /* [1 PRIMITIVE] { "a" } */
++ {
++ 0x81, 0x01, 0x61
++ },
++ 3
++ }, {
++ /* [1 PRIMITIVE] { "b" } */
++ {
++ 0x81, 0x01, 0x62
++ },
++ 3
++ }, {
++ /* [2 PRIMITIVE] { "a" } */
++ {
++ 0x82, 0x01, 0x61
++ },
++ 3
++ }, {
++ /* [2 PRIMITIVE] { "b" } */
++ {
++ 0x82, 0x01, 0x62
++ },
++ 3
++ }, {
++ /*
++ * [4] {
++ * SEQUENCE {
++ * SET {
++ * SEQUENCE {
++ * # commonName
++ * OBJECT_IDENTIFIER { 2.5.4.3 }
++ * UTF8String { "a" }
++ * }
++ * }
++ * }
++ * }
++ */
++ {
++ 0xa4, 0x0e, 0x30, 0x0c, 0x31, 0x0a, 0x30, 0x08, 0x06, 0x03, 0x55,
++ 0x04, 0x03, 0x0c, 0x01, 0x61
++ },
++ 16
++ }, {
++ /*
++ * [4] {
++ * SEQUENCE {
++ * SET {
++ * SEQUENCE {
++ * # commonName
++ * OBJECT_IDENTIFIER { 2.5.4.3 }
++ * UTF8String { "b" }
++ * }
++ * }
++ * }
++ * }
++ */
++ {
++ 0xa4, 0x0e, 0x30, 0x0c, 0x31, 0x0a, 0x30, 0x08, 0x06, 0x03, 0x55,
++ 0x04, 0x03, 0x0c, 0x01, 0x62
++ },
++ 16
++ }, {
++ /*
++ * [5] {
++ * [1] {
++ * UTF8String { "a" }
++ * }
++ * }
++ */
++ {
++ 0xa5, 0x05, 0xa1, 0x03, 0x0c, 0x01, 0x61
++ },
++ 7
++ }, {
++ /*
++ * [5] {
++ * [1] {
++ * UTF8String { "b" }
++ * }
++ * }
++ */
++ {
++ 0xa5, 0x05, 0xa1, 0x03, 0x0c, 0x01, 0x62
++ },
++ 7
++ }, {
++ /*
++ * [5] {
++ * [0] {
++ * UTF8String {}
++ * }
++ * [1] {
++ * UTF8String { "a" }
++ * }
++ * }
++ */
++ {
++ 0xa5, 0x09, 0xa0, 0x02, 0x0c, 0x00, 0xa1, 0x03, 0x0c, 0x01, 0x61
++ },
++ 11
++ }, {
++ /*
++ * [5] {
++ * [0] {
++ * UTF8String { "a" }
++ * }
++ * [1] {
++ * UTF8String { "a" }
++ * }
++ * }
++ */
++ {
++ 0xa5, 0x0a, 0xa0, 0x03, 0x0c, 0x01, 0x61, 0xa1, 0x03, 0x0c, 0x01,
++ 0x61
++ },
++ 12
++ }, {
++ /*
++ * [5] {
++ * [0] {
++ * UTF8String { "b" }
++ * }
++ * [1] {
++ * UTF8String { "a" }
++ * }
++ * }
++ */
++ {
++ 0xa5, 0x0a, 0xa0, 0x03, 0x0c, 0x01, 0x62, 0xa1, 0x03, 0x0c, 0x01,
++ 0x61
++ },
++ 12
++ }, {
++ /* [6 PRIMITIVE] { "a" } */
++ {
++ 0x86, 0x01, 0x61
++ },
++ 3
++ }, {
++ /* [6 PRIMITIVE] { "b" } */
++ {
++ 0x86, 0x01, 0x62
++ },
++ 3
++ }, {
++ /* [7 PRIMITIVE] { `11111111` } */
++ {
++ 0x87, 0x04, 0x11, 0x11, 0x11, 0x11
++ },
++ 6
++ }, {
++ /* [7 PRIMITIVE] { `22222222`} */
++ {
++ 0x87, 0x04, 0x22, 0x22, 0x22, 0x22
++ },
++ 6
++ }, {
++ /* [7 PRIMITIVE] { `11111111111111111111111111111111` } */
++ {
++ 0x87, 0x10, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11,
++ 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11
++ },
++ 18
++ }, {
++ /* [7 PRIMITIVE] { `22222222222222222222222222222222` } */
++ {
++ 0x87, 0x10, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22,
++ 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22
++ },
++ 18
++ }, {
++ /* [8 PRIMITIVE] { 1.2.840.113554.4.1.72585.2.1 } */
++ {
++ 0x88, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04, 0x01, 0x84,
++ 0xb7, 0x09, 0x02, 0x01
++ },
++ 15
++ }, {
++ /* [8 PRIMITIVE] { 1.2.840.113554.4.1.72585.2.2 } */
++ {
++ 0x88, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04, 0x01, 0x84,
++ 0xb7, 0x09, 0x02, 0x02
++ },
++ 15
++ }
++};
++
++#define OSSL_NELEM(x) (sizeof(x)/sizeof((x)[0]))
++
++static int test_GENERAL_NAME_cmp(void)
++{
++ size_t i, j;
++ GENERAL_NAME **namesa = OPENSSL_malloc(sizeof(*namesa)
++ * OSSL_NELEM(gennames));
++ GENERAL_NAME **namesb = OPENSSL_malloc(sizeof(*namesb)
++ * OSSL_NELEM(gennames));
++ int testresult = 0;
++
++ if (namesa == NULL || namesb == NULL)
++ goto end;
++
++ for (i = 0; i < OSSL_NELEM(gennames); i++) {
++ const unsigned char *derp = gennames[i].der;
++
++ /*
++ * We create two versions of each GENERAL_NAME so that we ensure when
++ * we compare them they are always different pointers.
++ */
++ namesa[i] = d2i_GENERAL_NAME(NULL, &derp, gennames[i].derlen);
++ derp = gennames[i].der;
++ namesb[i] = d2i_GENERAL_NAME(NULL, &derp, gennames[i].derlen);
++ if (namesa[i] == NULL || namesb[i] == NULL)
++ goto end;
++ }
++
++ /* Every name should be equal to itself and not equal to any others. */
++ for (i = 0; i < OSSL_NELEM(gennames); i++) {
++ for (j = 0; j < OSSL_NELEM(gennames); j++) {
++ if (i == j) {
++ if (GENERAL_NAME_cmp(namesa[i], namesb[j]) != 0)
++ goto end;
++ } else {
++ if (GENERAL_NAME_cmp(namesa[i], namesb[j]) == 0)
++ goto end;
++ }
++ }
++ }
++ testresult = 1;
++
++ end:
++ for (i = 0; i < OSSL_NELEM(gennames); i++) {
++ if (namesa != NULL)
++ GENERAL_NAME_free(namesa[i]);
++ if (namesb != NULL)
++ GENERAL_NAME_free(namesb[i]);
++ }
++ OPENSSL_free(namesa);
++ OPENSSL_free(namesb);
++
++ if (!testresult)
++ fprintf(stderr, "test of GENERAL_NAME_cmp failed\n");
++
++ return testresult;
++}
++
++
++
+ int main(void)
+ {
+ const struct set_name_fn *pfn = name_fns;
+@@ -342,5 +692,8 @@ int main(void)
+ }
+ ++pfn;
+ }
++
++ errors += !test_GENERAL_NAME_cmp();
++
+ return errors > 0 ? 1 : 0;
+ }