Commit 2072517dc0 for openssl.org

commit 2072517dc030d6f655c0939ce588065cc96909cd
Author: Milan Broz <gmazyland@gmail.com>
Date:   Fri Apr 24 20:58:41 2026 +0200

    Fix always false comparison in asn1/a_strex.c

    On 32bit platforms, some compilers like clang
    produce this warning
       error: result of comparison 'unsigned long' > 4294967295
       is always false [-Werror,-Wtautological-type-limit-compare]
       70 |     if (c > 0xffffffffL)

    Just compare it to UNICODE_MAX here.

    Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
    Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org>
    Reviewed-by: Norbert Pocs <norbertp@openssl.org>
    MergeDate: Tue Apr 28 16:01:04 2026
    (Merged from https://github.com/openssl/openssl/pull/30962)

diff --git a/crypto/asn1/a_strex.c b/crypto/asn1/a_strex.c
index d7bce4270f..f36f526221 100644
--- a/crypto/asn1/a_strex.c
+++ b/crypto/asn1/a_strex.c
@@ -11,6 +11,7 @@
 #include <string.h>
 #include "internal/cryptlib.h"
 #include "internal/sizes.h"
+#include "internal/unicode.h"
 #include "crypto/asn1.h"
 #include <openssl/crypto.h>
 #include <openssl/x509.h>
@@ -67,7 +68,7 @@ static int do_esc_char(unsigned long c, unsigned short flags, char *do_quotes,
     unsigned char chtmp;
     char tmphex[HEX_SIZE(long) + 3];

-    if (c > 0xffffffffL)
+    if (c > UNICODE_MAX)
         return -1;
     if (c > 0xffff) {
         BIO_snprintf(tmphex, sizeof(tmphex), "\\W%08lX", c);