1 /**************************************************************************/
2 /* */
3 /* Copyright (c) Microsoft Corporation. All rights reserved. */
4 /* */
5 /* This software is licensed under the Microsoft Software License */
6 /* Terms for Microsoft Azure RTOS. Full text of the license can be */
7 /* found in the LICENSE file at https://aka.ms/AzureRTOS_EULA */
8 /* and in the root directory of this software. */
9 /* */
10 /**************************************************************************/
11
12
13 /**************************************************************************/
14 /**************************************************************************/
15 /** */
16 /** NetX Secure Component */
17 /** */
18 /** X.509 Digital Certificates */
19 /** */
20 /**************************************************************************/
21 /**************************************************************************/
22
23 #define NX_SECURE_SOURCE_CODE
24
25 #include "nx_secure_x509.h"
26
27
28 /**************************************************************************/
29 /* */
30 /* FUNCTION RELEASE */
31 /* */
32 /* _nx_secure_x509_wildcard_compare PORTABLE C */
33 /* 6.1.6 */
34 /* AUTHOR */
35 /* */
36 /* Timothy Stapko, Microsoft Corporation */
37 /* */
38 /* DESCRIPTION */
39 /* */
40 /* This function compares a name (string) against a name string using */
41 /* wildcards as found in the Common Name and subjectAltName fields of */
42 /* an X.509 certificate. This is primarily used when checking a DNS */
43 /* name against an X.509 certificate provided by a remote host. */
44 /* */
45 /* INPUT */
46 /* */
47 /* dns_name Name to check */
48 /* dns_name_len Length of name */
49 /* wildcard_name String with name or wildcard */
50 /* wildcard_len Length of wildcard */
51 /* */
52 /* OUTPUT */
53 /* */
54 /* compare value 0 if equal, else non-zero */
55 /* */
56 /* CALLS */
57 /* */
58 /* None */
59 /* */
60 /* CALLED BY */
61 /* */
62 /* _nx_secure_x509_common_name_dns_check Check Common Name by DNS */
63 /* _nx_secure_x509_subject_alt_names_find */
64 /* Find subject alt names */
65 /* */
66 /* RELEASE HISTORY */
67 /* */
68 /* DATE NAME DESCRIPTION */
69 /* */
70 /* 05-19-2020 Timothy Stapko Initial Version 6.0 */
71 /* 09-30-2020 Timothy Stapko Modified comment(s), */
72 /* resulting in version 6.1 */
73 /* 04-02-2021 Timothy Stapko Modified comment(s), */
74 /* removed dependency on TLS, */
75 /* resulting in version 6.1.6 */
76 /* */
77 /**************************************************************************/
_nx_secure_x509_wildcard_compare(const UCHAR * dns_name,UINT dns_name_len,const UCHAR * wildcard_name,UINT wildcard_len)78 INT _nx_secure_x509_wildcard_compare(const UCHAR *dns_name, UINT dns_name_len,
79 const UCHAR *wildcard_name, UINT wildcard_len)
80 {
81 INT dns_offset;
82 INT wildcard_offset;
83
84 dns_offset = (INT)dns_name_len - 1;
85 wildcard_offset = (INT)wildcard_len - 1;
86
87 /* Walk backwards through each name. */
88 while (dns_offset >= 0 && wildcard_offset >= 0)
89 {
90 /* Check each character. */
91 if (dns_name[dns_offset] != wildcard_name[wildcard_offset])
92 {
93 /* Characters do not match, check for wildcard. */
94 if (wildcard_name[wildcard_offset] == '*')
95 {
96 if (wildcard_offset != 0 || wildcard_name[1] != '.')
97 {
98 /* Only match wildcard character when it is
99 the only character of the left-most label. */
100 return(1);
101 }
102
103 while (dns_offset >= 0)
104 {
105 if (dns_name[dns_offset] == '.')
106 {
107 /* Wildcard does not match full stops. */
108 return(1);
109 }
110 dns_offset--;
111 }
112 /* Wildcard match, they are OK. */
113 return(0);
114 }
115
116 /* No match and no wildcard. */
117 return(1);
118 }
119
120 /* Adjust offsets. */
121 dns_offset--;
122 wildcard_offset--;
123 }
124
125 if (dns_offset != -1 || wildcard_offset != -1)
126 {
127 /* Length mismatch. */
128 return(1);
129 }
130 /* Both names are exactly the same. */
131 return(0);
132 }
133
134