x509_verify() now case insensitive for cn (RFC 6125 6.4)
(cherry picked from commit a5943858d8ebac35692fde7dbd6fbc4f2410945a)
Conflicts:
ChangeLog
library/x509parse.c
tests/suites/test_suite_x509parse.data
diff --git a/library/x509parse.c b/library/x509parse.c
index 86a1ab2..efde3f5 100644
--- a/library/x509parse.c
+++ b/library/x509parse.c
@@ -3261,6 +3261,29 @@
return flags;
}
+// Equal == 0, inequal == 1
+static int x509_name_cmp( const void *s1, const void *s2, size_t len )
+{
+ size_t i;
+ unsigned char diff;
+ const unsigned char *n1 = s1, *n2 = s2;
+
+ for( i = 0; i < len; i++ )
+ {
+ diff = n1[i] ^ n2[i];
+
+ if( ( n1[i] >= 'a' || n1[i] <= 'z' ) && ( diff == 0 || diff == 32 ) )
+ continue;
+
+ if( ( n1[i] >= 'A' || n1[i] <= 'Z' ) && ( diff == 0 || diff == 32 ) )
+ continue;
+
+ return( 1 );
+ }
+
+ return( 0 );
+}
+
int x509_wildcard_verify( const char *cn, x509_buf *name )
{
size_t i;
@@ -3282,7 +3305,7 @@
return( 0 );
if( strlen( cn ) - cn_idx == name->len - 1 &&
- memcmp( name->p + 1, cn + cn_idx, name->len - 1 ) == 0 )
+ x509_name_cmp( name->p + 1, cn + cn_idx, name->len - 1 ) == 0 )
{
return( 1 );
}
@@ -3439,7 +3462,7 @@
ret = x509parse_verify_child( parent, grandparent, trust_ca, ca_crl, path_cnt + 1, &parent_flags, f_vrfy, p_vrfy );
if( ret != 0 )
return( ret );
- }
+ }
else
{
ret = x509parse_verify_top( parent, trust_ca, ca_crl, path_cnt + 1, &parent_flags, f_vrfy, p_vrfy );
@@ -3488,7 +3511,7 @@
while( cur != NULL )
{
if( cur->buf.len == cn_len &&
- memcmp( cn, cur->buf.p, cn_len ) == 0 )
+ x509_name_cmp( cn, cur->buf.p, cn_len ) == 0 )
break;
if( cur->buf.len > 2 &&
@@ -3510,7 +3533,7 @@
memcmp( name->oid.p, OID_CN, 3 ) == 0 )
{
if( name->val.len == cn_len &&
- memcmp( name->val.p, cn, cn_len ) == 0 )
+ x509_name_cmp( name->val.p, cn, cn_len ) == 0 )
break;
if( name->val.len > 2 &&