Squatting these names is rather rude. Also hex_to_string and string_to_hex do the opposite of what one would expect, so rename them to something a bit less confusing. Update-Note: This removes some random utility functions. name_cmp is very specific to OpenSSL's config file format, so it's unlikely anyone is relying on it. I removed the one use of hex_to_string and string_to_hex I could find. Change-Id: I01554885ad306251e6982100d0b15cd89b1cdea7 Reviewed-on: https://boringssl-review.googlesource.com/c/33364 Commit-Queue: David Benjamin <davidben@google.com> Commit-Queue: Adam Langley <agl@google.com> Reviewed-by: Adam Langley <agl@google.com>kris/onging/CECPQ3_patch15
@@ -65,6 +65,7 @@ | |||
#include <openssl/x509v3.h> | |||
#include "../internal.h" | |||
#include "../x509v3/internal.h" | |||
/* | |||
* Although this file is in crypto/x509 for layering purposes, it emits | |||
@@ -769,7 +770,7 @@ static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype) | |||
if (format == ASN1_GEN_FORMAT_HEX) { | |||
if (!(rdata = string_to_hex((char *)str, &rdlen))) { | |||
if (!(rdata = x509v3_hex_to_bytes((char *)str, &rdlen))) { | |||
OPENSSL_PUT_ERROR(ASN1, ASN1_R_ILLEGAL_HEX); | |||
goto bad_str; | |||
} | |||
@@ -0,0 +1,51 @@ | |||
/* Copyright (c) 2018, Google Inc. | |||
* | |||
* Permission to use, copy, modify, and/or distribute this software for any | |||
* purpose with or without fee is hereby granted, provided that the above | |||
* copyright notice and this permission notice appear in all copies. | |||
* | |||
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES | |||
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF | |||
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY | |||
* SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES | |||
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION | |||
* OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN | |||
* CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ | |||
#ifndef OPENSSL_HEADER_X509V3_INTERNAL_H | |||
#define OPENSSL_HEADER_X509V3_INTERNAL_H | |||
#include <openssl/base.h> | |||
#if defined(__cplusplus) | |||
extern "C" { | |||
#endif | |||
// x509v3_bytes_to_hex encodes |len| bytes from |buffer| to hex and returns a | |||
// newly-allocated NUL-terminated string containing the result, or NULL on | |||
// allocation error. | |||
// | |||
// Note this function was historically named |hex_to_string| in OpenSSL, not | |||
// |string_to_hex|. | |||
char *x509v3_bytes_to_hex(const unsigned char *buffer, long len); | |||
// x509v3_hex_string_to_bytes decodes |str| in hex and returns a newly-allocated | |||
// array containing the result, or NULL on error. On success, it sets |*len| to | |||
// the length of the result. Colon separators between bytes in the input are | |||
// allowed and ignored. | |||
// | |||
// Note this function was historically named |string_to_hex| in OpenSSL, not | |||
// |hex_to_string|. | |||
unsigned char *x509v3_hex_to_bytes(const char *str, long *len); | |||
// x509v3_name_cmp returns zero if |name| is equal to |cmp| or begins with |cmp| | |||
// followed by '.'. Otherwise, it returns a non-zero number. | |||
int x509v3_name_cmp(const char *name, const char *cmp); | |||
#if defined(__cplusplus) | |||
} /* extern C */ | |||
#endif | |||
#endif /* OPENSSL_HEADER_X509V3_INTERNAL_H */ |
@@ -66,6 +66,9 @@ | |||
#include <openssl/obj.h> | |||
#include <openssl/x509v3.h> | |||
#include "internal.h" | |||
static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD *method, | |||
AUTHORITY_KEYID *akeyid, | |||
STACK_OF(CONF_VALUE) | |||
@@ -92,14 +95,14 @@ static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD *method, | |||
{ | |||
char *tmp; | |||
if (akeyid->keyid) { | |||
tmp = hex_to_string(akeyid->keyid->data, akeyid->keyid->length); | |||
tmp = x509v3_bytes_to_hex(akeyid->keyid->data, akeyid->keyid->length); | |||
X509V3_add_value("keyid", tmp, &extlist); | |||
OPENSSL_free(tmp); | |||
} | |||
if (akeyid->issuer) | |||
extlist = i2v_GENERAL_NAMES(NULL, akeyid->issuer, extlist); | |||
if (akeyid->serial) { | |||
tmp = hex_to_string(akeyid->serial->data, akeyid->serial->length); | |||
tmp = x509v3_bytes_to_hex(akeyid->serial->data, akeyid->serial->length); | |||
X509V3_add_value("serial", tmp, &extlist); | |||
OPENSSL_free(tmp); | |||
} | |||
@@ -64,6 +64,9 @@ | |||
#include <openssl/obj.h> | |||
#include <openssl/x509v3.h> | |||
#include "internal.h" | |||
static GENERAL_NAMES *v2i_subject_alt(X509V3_EXT_METHOD *method, | |||
X509V3_CTX *ctx, | |||
STACK_OF(CONF_VALUE) *nval); | |||
@@ -261,7 +264,7 @@ static GENERAL_NAMES *v2i_issuer_alt(X509V3_EXT_METHOD *method, | |||
} | |||
for (i = 0; i < sk_CONF_VALUE_num(nval); i++) { | |||
cnf = sk_CONF_VALUE_value(nval, i); | |||
if (!name_cmp(cnf->name, "issuer") && cnf->value && | |||
if (!x509v3_name_cmp(cnf->name, "issuer") && cnf->value && | |||
!strcmp(cnf->value, "copy")) { | |||
if (!copy_issuer(ctx, gens)) | |||
goto err; | |||
@@ -331,11 +334,11 @@ static GENERAL_NAMES *v2i_subject_alt(X509V3_EXT_METHOD *method, | |||
} | |||
for (i = 0; i < sk_CONF_VALUE_num(nval); i++) { | |||
cnf = sk_CONF_VALUE_value(nval, i); | |||
if (!name_cmp(cnf->name, "email") && cnf->value && | |||
if (!x509v3_name_cmp(cnf->name, "email") && cnf->value && | |||
!strcmp(cnf->value, "copy")) { | |||
if (!copy_email(ctx, gens, 0)) | |||
goto err; | |||
} else if (!name_cmp(cnf->name, "email") && cnf->value && | |||
} else if (!x509v3_name_cmp(cnf->name, "email") && cnf->value && | |||
!strcmp(cnf->value, "move")) { | |||
if (!copy_email(ctx, gens, 1)) | |||
goto err; | |||
@@ -545,19 +548,19 @@ GENERAL_NAME *v2i_GENERAL_NAME_ex(GENERAL_NAME *out, | |||
return NULL; | |||
} | |||
if (!name_cmp(name, "email")) | |||
if (!x509v3_name_cmp(name, "email")) | |||
type = GEN_EMAIL; | |||
else if (!name_cmp(name, "URI")) | |||
else if (!x509v3_name_cmp(name, "URI")) | |||
type = GEN_URI; | |||
else if (!name_cmp(name, "DNS")) | |||
else if (!x509v3_name_cmp(name, "DNS")) | |||
type = GEN_DNS; | |||
else if (!name_cmp(name, "RID")) | |||
else if (!x509v3_name_cmp(name, "RID")) | |||
type = GEN_RID; | |||
else if (!name_cmp(name, "IP")) | |||
else if (!x509v3_name_cmp(name, "IP")) | |||
type = GEN_IPADD; | |||
else if (!name_cmp(name, "dirName")) | |||
else if (!x509v3_name_cmp(name, "dirName")) | |||
type = GEN_DIRNAME; | |||
else if (!name_cmp(name, "otherName")) | |||
else if (!x509v3_name_cmp(name, "otherName")) | |||
type = GEN_OTHERNAME; | |||
else { | |||
OPENSSL_PUT_ERROR(X509V3, X509V3_R_UNSUPPORTED_OPTION); | |||
@@ -69,6 +69,7 @@ | |||
#include <openssl/x509v3.h> | |||
#include "../internal.h" | |||
#include "internal.h" | |||
static int v3_check_critical(char **value); | |||
static int v3_check_generic(char **value); | |||
@@ -278,7 +279,7 @@ static X509_EXTENSION *v3_generic_extension(const char *ext, char *value, | |||
} | |||
if (gen_type == 1) | |||
ext_der = string_to_hex(value, &ext_len); | |||
ext_der = x509v3_hex_to_bytes(value, &ext_len); | |||
else if (gen_type == 2) | |||
ext_der = generic_asn1(value, ctx, &ext_len); | |||
@@ -69,6 +69,7 @@ | |||
#include <openssl/stack.h> | |||
#include <openssl/x509v3.h> | |||
#include "internal.h" | |||
#include "pcy_int.h" | |||
/* Certificate policies extension support: this one is a bit complex... */ | |||
@@ -231,7 +232,7 @@ static POLICYINFO *policy_section(X509V3_CTX *ctx, | |||
} | |||
pol->policyid = pobj; | |||
} else if (!name_cmp(cnf->name, "CPS")) { | |||
} else if (!x509v3_name_cmp(cnf->name, "CPS")) { | |||
if (!pol->qualifiers) | |||
pol->qualifiers = sk_POLICYQUALINFO_new_null(); | |||
if (!(qual = POLICYQUALINFO_new())) | |||
@@ -251,7 +252,7 @@ static POLICYINFO *policy_section(X509V3_CTX *ctx, | |||
if (!ASN1_STRING_set(qual->d.cpsuri, cnf->value, | |||
strlen(cnf->value))) | |||
goto merr; | |||
} else if (!name_cmp(cnf->name, "userNotice")) { | |||
} else if (!x509v3_name_cmp(cnf->name, "userNotice")) { | |||
STACK_OF(CONF_VALUE) *unot; | |||
if (*cnf->value != '@') { | |||
OPENSSL_PUT_ERROR(X509V3, X509V3_R_EXPECTED_A_SECTION_NAME); | |||
@@ -44,6 +44,7 @@ | |||
#include <openssl/x509v3.h> | |||
#include "../internal.h" | |||
#include "internal.h" | |||
static int i2r_pci(X509V3_EXT_METHOD *method, PROXY_CERT_INFO_EXTENSION *ext, | |||
@@ -123,7 +124,7 @@ static int process_pci_value(CONF_VALUE *val, | |||
} | |||
if (strncmp(val->value, "hex:", 4) == 0) { | |||
unsigned char *tmp_data2 = | |||
string_to_hex(val->value + 4, &val_len); | |||
x509v3_hex_to_bytes(val->value + 4, &val_len); | |||
if (!tmp_data2) { | |||
OPENSSL_PUT_ERROR(X509V3, X509V3_R_ILLEGAL_HEX_DIGIT); | |||
@@ -63,6 +63,9 @@ | |||
#include <openssl/obj.h> | |||
#include <openssl/x509v3.h> | |||
#include "internal.h" | |||
static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method, | |||
X509V3_CTX *ctx, char *str); | |||
const X509V3_EXT_METHOD v3_skey_id = { | |||
@@ -76,7 +79,7 @@ const X509V3_EXT_METHOD v3_skey_id = { | |||
char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, ASN1_OCTET_STRING *oct) | |||
{ | |||
return hex_to_string(oct->data, oct->length); | |||
return x509v3_bytes_to_hex(oct->data, oct->length); | |||
} | |||
ASN1_OCTET_STRING *s2i_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, | |||
@@ -90,7 +93,7 @@ ASN1_OCTET_STRING *s2i_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, | |||
return NULL; | |||
} | |||
if (!(oct->data = string_to_hex(str, &length))) { | |||
if (!(oct->data = x509v3_hex_to_bytes(str, &length))) { | |||
M_ASN1_OCTET_STRING_free(oct); | |||
return NULL; | |||
} | |||
@@ -72,6 +72,7 @@ | |||
#include "../conf/internal.h" | |||
#include "../internal.h" | |||
#include "internal.h" | |||
static char *strip_spaces(char *name); | |||
@@ -446,7 +447,7 @@ static char *strip_spaces(char *name) | |||
* on EBCDIC machines) | |||
*/ | |||
char *hex_to_string(const unsigned char *buffer, long len) | |||
char *x509v3_bytes_to_hex(const unsigned char *buffer, long len) | |||
{ | |||
char *tmp, *q; | |||
const unsigned char *p; | |||
@@ -469,11 +470,7 @@ char *hex_to_string(const unsigned char *buffer, long len) | |||
return tmp; | |||
} | |||
/* | |||
* Give a string of hex digits convert to a buffer | |||
*/ | |||
unsigned char *string_to_hex(const char *str, long *len) | |||
unsigned char *x509v3_hex_to_bytes(const char *str, long *len) | |||
{ | |||
unsigned char *hexbuf, *q; | |||
unsigned char ch, cl, *p; | |||
@@ -533,11 +530,7 @@ unsigned char *string_to_hex(const char *str, long *len) | |||
} | |||
/* | |||
* V2I name comparison function: returns zero if 'name' matches cmp or cmp.* | |||
*/ | |||
int name_cmp(const char *name, const char *cmp) | |||
int x509v3_name_cmp(const char *name, const char *cmp) | |||
{ | |||
int len, ret; | |||
char c; | |||
@@ -666,10 +666,6 @@ OPENSSL_EXPORT int X509V3_EXT_free(int nid, void *ext_data); | |||
OPENSSL_EXPORT X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc); | |||
OPENSSL_EXPORT int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value, int crit, unsigned long flags); | |||
char *hex_to_string(const unsigned char *buffer, long len); | |||
unsigned char *string_to_hex(const char *str, long *len); | |||
int name_cmp(const char *name, const char *cmp); | |||
OPENSSL_EXPORT void X509V3_EXT_val_prn(BIO *out, STACK_OF(CONF_VALUE) *val, int indent, | |||
int ml); | |||
OPENSSL_EXPORT int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, int indent); | |||