1 files changed, 112 insertions, 7 deletions
diff --git a/src/lib/libcrypto/x509/x509_cmp.c b/src/lib/libcrypto/x509/x509_cmp.c
index cd20b6d66f..f460102f49 100644
--- a/src/lib/libcrypto/x509/x509_cmp.c
+++ b/src/lib/libcrypto/x509/x509_cmp.c
@@ -57,6 +57,7 @@
 */
 #include <stdio.h>
+#include <ctype.h>
 #include "cryptlib.h"
 #include <openssl/asn1.h>
 #include <openssl/objects.h>
@@ -81,13 +82,14 @@ unsigned long X509_issuer_and_serial_hash(X509 *a)
        unsigned long ret=0;
        EVP_MD_CTX ctx;
        unsigned char md[16];
-        char str[256];
+        char *f;
        EVP_MD_CTX_init(&ctx);
-        X509_NAME_oneline(a->cert_info->issuer,str,256);
+        f=X509_NAME_oneline(a->cert_info->issuer,NULL,0);
-        ret=strlen(str);
+        ret=strlen(f);
        EVP_DigestInit_ex(&ctx, EVP_md5(), NULL);
-        EVP_DigestUpdate(&ctx,(unsigned char *)str,ret);
+        EVP_DigestUpdate(&ctx,(unsigned char *)f,ret);
+        OPENSSL_free(f);
        EVP_DigestUpdate(&ctx,(unsigned char *)a->cert_info->serialNumber->data,
                (unsigned long)a->cert_info->serialNumber->length);
        EVP_DigestFinal_ex(&ctx,&(md[0]),NULL);
@@ -159,6 +161,99 @@ int X509_cmp(const X509 *a, const X509 *b)
 }
 #endif
+/* Case insensitive string comparision */
+static int nocase_cmp(const ASN1_STRING *a, const ASN1_STRING *b)
+{
+        int i;
+        if (a->length != b->length)
+                return (a->length - b->length);
+        for (i=0; i<a->length; i++)
+        {
+                int ca, cb;
+                ca = tolower(a->data[i]);
+                cb = tolower(b->data[i]);
+                if (ca != cb)
+                        return(ca-cb);
+        }
+        return 0;
+}
+/* Case insensitive string comparision with space normalization 
+ * Space normalization - ignore leading, trailing spaces, 
+ *       multiple spaces between characters are replaced by single space  
+ */
+static int nocase_spacenorm_cmp(const ASN1_STRING *a, const ASN1_STRING *b)
+{
+        unsigned char *pa = NULL, *pb = NULL;
+        int la, lb;
+        
+        la = a->length;
+        lb = b->length;
+        pa = a->data;
+        pb = b->data;
+        /* skip leading spaces */
+        while (la > 0 && isspace(*pa))
+        {
+                la--;
+                pa++;
+        }
+        while (lb > 0 && isspace(*pb))
+        {
+                lb--;
+                pb++;
+        }
+        /* skip trailing spaces */
+        while (la > 0 && isspace(pa[la-1]))
+                la--;
+        while (lb > 0 && isspace(pb[lb-1]))
+                lb--;
+        /* compare strings with space normalization */
+        while (la > 0 && lb > 0)
+        {
+                int ca, cb;
+                /* compare character */
+                ca = tolower(*pa);
+                cb = tolower(*pb);
+                if (ca != cb)
+                        return (ca - cb);
+                pa++; pb++;
+                la--; lb--;
+                if (la <= 0 || lb <= 0)
+                        break;
+                /* is white space next character ? */
+                if (isspace(*pa) && isspace(*pb))
+                {
+                        /* skip remaining white spaces */
+                        while (la > 0 && isspace(*pa))
+                        {
+                                la--;
+                                pa++;
+                        }
+                        while (lb > 0 && isspace(*pb))
+                        {
+                                lb--;
+                                pb++;
+                        }
+                }
+        }
+        if (la > 0 || lb > 0)
+                return la - lb;
+        return 0;
+}
 int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b)
        {
        int i,j;
@@ -172,10 +267,20 @@ int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b)
                {
                na=sk_X509_NAME_ENTRY_value(a->entries,i);
                nb=sk_X509_NAME_ENTRY_value(b->entries,i);
-                j=na->value->length-nb->value->length;
+                j=na->value->type-nb->value->type;
                if (j) return(j);
-                j=memcmp(na->value->data,nb->value->data,
+                if (na->value->type == V_ASN1_PRINTABLESTRING)
-                        na->value->length);
+                        j=nocase_spacenorm_cmp(na->value, nb->value);
+                else if (na->value->type == V_ASN1_IA5STRING
+                        && OBJ_obj2nid(na->object) == NID_pkcs9_emailAddress)
+                        j=nocase_cmp(na->value, nb->value);
+                else
+                        {
+                        j=na->value->length-nb->value->length;
+                        if (j) return(j);
+                        j=memcmp(na->value->data,nb->value->data,
+                                na->value->length);
+                        }
                if (j) return(j);
                j=na->set-nb->set;
                if (j) return(j);

diff --git a/src/lib/libcrypto/x509/x509_cmp.c b/src/lib/libcrypto/x509/x509_cmp.c index cd20b6d66f..f460102f49 100644 --- a/src/lib/libcrypto/x509/x509_cmp.c +++ b/src/lib/libcrypto/x509/x509_cmp.c
@@ -57,6 +57,7 @@
57	*/	57	*/
58		58
59	#include <stdio.h>	59	#include <stdio.h>
		60	#include <ctype.h>
60	#include "cryptlib.h"	61	#include "cryptlib.h"
61	#include <openssl/asn1.h>	62	#include <openssl/asn1.h>
62	#include <openssl/objects.h>	63	#include <openssl/objects.h>
@@ -81,13 +82,14 @@ unsigned long X509_issuer_and_serial_hash(X509 *a)
81	unsigned long ret=0;	82	unsigned long ret=0;
82	EVP_MD_CTX ctx;	83	EVP_MD_CTX ctx;
83	unsigned char md[16];	84	unsigned char md[16];
84	char str[256];	85	char *f;
85		86
86	EVP_MD_CTX_init(&ctx);	87	EVP_MD_CTX_init(&ctx);
87	X509_NAME_oneline(a->cert_info->issuer,str,256);	88	f=X509_NAME_oneline(a->cert_info->issuer,NULL,0);
88	ret=strlen(str);	89	ret=strlen(f);
89	EVP_DigestInit_ex(&ctx, EVP_md5(), NULL);	90	EVP_DigestInit_ex(&ctx, EVP_md5(), NULL);
90	EVP_DigestUpdate(&ctx,(unsigned char *)str,ret);	91	EVP_DigestUpdate(&ctx,(unsigned char *)f,ret);
		92	OPENSSL_free(f);
91	EVP_DigestUpdate(&ctx,(unsigned char *)a->cert_info->serialNumber->data,	93	EVP_DigestUpdate(&ctx,(unsigned char *)a->cert_info->serialNumber->data,
92	(unsigned long)a->cert_info->serialNumber->length);	94	(unsigned long)a->cert_info->serialNumber->length);
93	EVP_DigestFinal_ex(&ctx,&(md[0]),NULL);	95	EVP_DigestFinal_ex(&ctx,&(md[0]),NULL);
@@ -159,6 +161,99 @@ int X509_cmp(const X509 a, const X509 b)
159	}	161	}
160	#endif	162	#endif
161		163
		164
		165	/* Case insensitive string comparision */
		166	static int nocase_cmp(const ASN1_STRING a, const ASN1_STRING b)
		167	{
		168	int i;
		169
		170	if (a->length != b->length)
		171	return (a->length - b->length);
		172
		173	for (i=0; i<a->length; i++)
		174	{
		175	int ca, cb;
		176
		177	ca = tolower(a->data[i]);
		178	cb = tolower(b->data[i]);
		179
		180	if (ca != cb)
		181	return(ca-cb);
		182	}
		183	return 0;
		184	}
		185
		186	/* Case insensitive string comparision with space normalization
		187	* Space normalization - ignore leading, trailing spaces,
		188	* multiple spaces between characters are replaced by single space
		189	*/
		190	static int nocase_spacenorm_cmp(const ASN1_STRING a, const ASN1_STRING b)
		191	{
		192	unsigned char pa = NULL, pb = NULL;
		193	int la, lb;
		194
		195	la = a->length;
		196	lb = b->length;
		197	pa = a->data;
		198	pb = b->data;
		199
		200	/* skip leading spaces */
		201	while (la > 0 && isspace(*pa))
		202	{
		203	la--;
		204	pa++;
		205	}
		206	while (lb > 0 && isspace(*pb))
		207	{
		208	lb--;
		209	pb++;
		210	}
		211
		212	/* skip trailing spaces */
		213	while (la > 0 && isspace(pa[la-1]))
		214	la--;
		215	while (lb > 0 && isspace(pb[lb-1]))
		216	lb--;
		217
		218	/* compare strings with space normalization */
		219	while (la > 0 && lb > 0)
		220	{
		221	int ca, cb;
		222
		223	/* compare character */
		224	ca = tolower(*pa);
		225	cb = tolower(*pb);
		226	if (ca != cb)
		227	return (ca - cb);
		228
		229	pa++; pb++;
		230	la--; lb--;
		231
		232	if (la <= 0 \|\| lb <= 0)
		233	break;
		234
		235	/* is white space next character ? */
		236	if (isspace(pa) && isspace(pb))
		237	{
		238	/* skip remaining white spaces */
		239	while (la > 0 && isspace(*pa))
		240	{
		241	la--;
		242	pa++;
		243	}
		244	while (lb > 0 && isspace(*pb))
		245	{
		246	lb--;
		247	pb++;
		248	}
		249	}
		250	}
		251	if (la > 0 \|\| lb > 0)
		252	return la - lb;
		253
		254	return 0;
		255	}
		256
162	int X509_NAME_cmp(const X509_NAME a, const X509_NAME b)	257	int X509_NAME_cmp(const X509_NAME a, const X509_NAME b)
163	{	258	{
164	int i,j;	259	int i,j;
@@ -172,10 +267,20 @@ int X509_NAME_cmp(const X509_NAME a, const X509_NAME b)
172	{	267	{
173	na=sk_X509_NAME_ENTRY_value(a->entries,i);	268	na=sk_X509_NAME_ENTRY_value(a->entries,i);
174	nb=sk_X509_NAME_ENTRY_value(b->entries,i);	269	nb=sk_X509_NAME_ENTRY_value(b->entries,i);
175	j=na->value->length-nb->value->length;	270	j=na->value->type-nb->value->type;
176	if (j) return(j);	271	if (j) return(j);
177	j=memcmp(na->value->data,nb->value->data,	272	if (na->value->type == V_ASN1_PRINTABLESTRING)
178	na->value->length);	273	j=nocase_spacenorm_cmp(na->value, nb->value);
		274	else if (na->value->type == V_ASN1_IA5STRING
		275	&& OBJ_obj2nid(na->object) == NID_pkcs9_emailAddress)
		276	j=nocase_cmp(na->value, nb->value);
		277	else
		278	{
		279	j=na->value->length-nb->value->length;
		280	if (j) return(j);
		281	j=memcmp(na->value->data,nb->value->data,
		282	na->value->length);
		283	}
179	if (j) return(j);	284	if (j) return(j);
180	j=na->set-nb->set;	285	j=na->set-nb->set;
181	if (j) return(j);	286	if (j) return(j);