Squatting these names is rather rude. Also hex_to_string and string_to_hex do the opposite of what one would expect, so rename them to something a bit less confusing. Update-Note: This removes some random utility functions. name_cmp is very specific to OpenSSL's config file format, so it's unlikely anyone is relying on it. I removed the one use of hex_to_string and string_to_hex I could find. Change-Id: I01554885ad306251e6982100d0b15cd89b1cdea7 Reviewed-on: https://boringssl-review.googlesource.com/c/33364 Commit-Queue: David Benjamin <davidben@google.com> Commit-Queue: Adam Langley <agl@google.com> Reviewed-by: Adam Langley <agl@google.com>kris/onging/CECPQ3_patch15
@@ -65,6 +65,7 @@ | |||||
#include <openssl/x509v3.h> | #include <openssl/x509v3.h> | ||||
#include "../internal.h" | #include "../internal.h" | ||||
#include "../x509v3/internal.h" | |||||
/* | /* | ||||
* Although this file is in crypto/x509 for layering purposes, it emits | * Although this file is in crypto/x509 for layering purposes, it emits | ||||
@@ -769,7 +770,7 @@ static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype) | |||||
if (format == ASN1_GEN_FORMAT_HEX) { | if (format == ASN1_GEN_FORMAT_HEX) { | ||||
if (!(rdata = string_to_hex((char *)str, &rdlen))) { | |||||
if (!(rdata = x509v3_hex_to_bytes((char *)str, &rdlen))) { | |||||
OPENSSL_PUT_ERROR(ASN1, ASN1_R_ILLEGAL_HEX); | OPENSSL_PUT_ERROR(ASN1, ASN1_R_ILLEGAL_HEX); | ||||
goto bad_str; | goto bad_str; | ||||
} | } | ||||
@@ -0,0 +1,51 @@ | |||||
/* Copyright (c) 2018, Google Inc. | |||||
* | |||||
* Permission to use, copy, modify, and/or distribute this software for any | |||||
* purpose with or without fee is hereby granted, provided that the above | |||||
* copyright notice and this permission notice appear in all copies. | |||||
* | |||||
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES | |||||
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF | |||||
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY | |||||
* SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES | |||||
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION | |||||
* OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN | |||||
* CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ | |||||
#ifndef OPENSSL_HEADER_X509V3_INTERNAL_H | |||||
#define OPENSSL_HEADER_X509V3_INTERNAL_H | |||||
#include <openssl/base.h> | |||||
#if defined(__cplusplus) | |||||
extern "C" { | |||||
#endif | |||||
// x509v3_bytes_to_hex encodes |len| bytes from |buffer| to hex and returns a | |||||
// newly-allocated NUL-terminated string containing the result, or NULL on | |||||
// allocation error. | |||||
// | |||||
// Note this function was historically named |hex_to_string| in OpenSSL, not | |||||
// |string_to_hex|. | |||||
char *x509v3_bytes_to_hex(const unsigned char *buffer, long len); | |||||
// x509v3_hex_string_to_bytes decodes |str| in hex and returns a newly-allocated | |||||
// array containing the result, or NULL on error. On success, it sets |*len| to | |||||
// the length of the result. Colon separators between bytes in the input are | |||||
// allowed and ignored. | |||||
// | |||||
// Note this function was historically named |string_to_hex| in OpenSSL, not | |||||
// |hex_to_string|. | |||||
unsigned char *x509v3_hex_to_bytes(const char *str, long *len); | |||||
// x509v3_name_cmp returns zero if |name| is equal to |cmp| or begins with |cmp| | |||||
// followed by '.'. Otherwise, it returns a non-zero number. | |||||
int x509v3_name_cmp(const char *name, const char *cmp); | |||||
#if defined(__cplusplus) | |||||
} /* extern C */ | |||||
#endif | |||||
#endif /* OPENSSL_HEADER_X509V3_INTERNAL_H */ |
@@ -66,6 +66,9 @@ | |||||
#include <openssl/obj.h> | #include <openssl/obj.h> | ||||
#include <openssl/x509v3.h> | #include <openssl/x509v3.h> | ||||
#include "internal.h" | |||||
static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD *method, | static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD *method, | ||||
AUTHORITY_KEYID *akeyid, | AUTHORITY_KEYID *akeyid, | ||||
STACK_OF(CONF_VALUE) | STACK_OF(CONF_VALUE) | ||||
@@ -92,14 +95,14 @@ static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD *method, | |||||
{ | { | ||||
char *tmp; | char *tmp; | ||||
if (akeyid->keyid) { | if (akeyid->keyid) { | ||||
tmp = hex_to_string(akeyid->keyid->data, akeyid->keyid->length); | |||||
tmp = x509v3_bytes_to_hex(akeyid->keyid->data, akeyid->keyid->length); | |||||
X509V3_add_value("keyid", tmp, &extlist); | X509V3_add_value("keyid", tmp, &extlist); | ||||
OPENSSL_free(tmp); | OPENSSL_free(tmp); | ||||
} | } | ||||
if (akeyid->issuer) | if (akeyid->issuer) | ||||
extlist = i2v_GENERAL_NAMES(NULL, akeyid->issuer, extlist); | extlist = i2v_GENERAL_NAMES(NULL, akeyid->issuer, extlist); | ||||
if (akeyid->serial) { | if (akeyid->serial) { | ||||
tmp = hex_to_string(akeyid->serial->data, akeyid->serial->length); | |||||
tmp = x509v3_bytes_to_hex(akeyid->serial->data, akeyid->serial->length); | |||||
X509V3_add_value("serial", tmp, &extlist); | X509V3_add_value("serial", tmp, &extlist); | ||||
OPENSSL_free(tmp); | OPENSSL_free(tmp); | ||||
} | } | ||||
@@ -64,6 +64,9 @@ | |||||
#include <openssl/obj.h> | #include <openssl/obj.h> | ||||
#include <openssl/x509v3.h> | #include <openssl/x509v3.h> | ||||
#include "internal.h" | |||||
static GENERAL_NAMES *v2i_subject_alt(X509V3_EXT_METHOD *method, | static GENERAL_NAMES *v2i_subject_alt(X509V3_EXT_METHOD *method, | ||||
X509V3_CTX *ctx, | X509V3_CTX *ctx, | ||||
STACK_OF(CONF_VALUE) *nval); | STACK_OF(CONF_VALUE) *nval); | ||||
@@ -261,7 +264,7 @@ static GENERAL_NAMES *v2i_issuer_alt(X509V3_EXT_METHOD *method, | |||||
} | } | ||||
for (i = 0; i < sk_CONF_VALUE_num(nval); i++) { | for (i = 0; i < sk_CONF_VALUE_num(nval); i++) { | ||||
cnf = sk_CONF_VALUE_value(nval, i); | cnf = sk_CONF_VALUE_value(nval, i); | ||||
if (!name_cmp(cnf->name, "issuer") && cnf->value && | |||||
if (!x509v3_name_cmp(cnf->name, "issuer") && cnf->value && | |||||
!strcmp(cnf->value, "copy")) { | !strcmp(cnf->value, "copy")) { | ||||
if (!copy_issuer(ctx, gens)) | if (!copy_issuer(ctx, gens)) | ||||
goto err; | goto err; | ||||
@@ -331,11 +334,11 @@ static GENERAL_NAMES *v2i_subject_alt(X509V3_EXT_METHOD *method, | |||||
} | } | ||||
for (i = 0; i < sk_CONF_VALUE_num(nval); i++) { | for (i = 0; i < sk_CONF_VALUE_num(nval); i++) { | ||||
cnf = sk_CONF_VALUE_value(nval, i); | cnf = sk_CONF_VALUE_value(nval, i); | ||||
if (!name_cmp(cnf->name, "email") && cnf->value && | |||||
if (!x509v3_name_cmp(cnf->name, "email") && cnf->value && | |||||
!strcmp(cnf->value, "copy")) { | !strcmp(cnf->value, "copy")) { | ||||
if (!copy_email(ctx, gens, 0)) | if (!copy_email(ctx, gens, 0)) | ||||
goto err; | goto err; | ||||
} else if (!name_cmp(cnf->name, "email") && cnf->value && | |||||
} else if (!x509v3_name_cmp(cnf->name, "email") && cnf->value && | |||||
!strcmp(cnf->value, "move")) { | !strcmp(cnf->value, "move")) { | ||||
if (!copy_email(ctx, gens, 1)) | if (!copy_email(ctx, gens, 1)) | ||||
goto err; | goto err; | ||||
@@ -545,19 +548,19 @@ GENERAL_NAME *v2i_GENERAL_NAME_ex(GENERAL_NAME *out, | |||||
return NULL; | return NULL; | ||||
} | } | ||||
if (!name_cmp(name, "email")) | |||||
if (!x509v3_name_cmp(name, "email")) | |||||
type = GEN_EMAIL; | type = GEN_EMAIL; | ||||
else if (!name_cmp(name, "URI")) | |||||
else if (!x509v3_name_cmp(name, "URI")) | |||||
type = GEN_URI; | type = GEN_URI; | ||||
else if (!name_cmp(name, "DNS")) | |||||
else if (!x509v3_name_cmp(name, "DNS")) | |||||
type = GEN_DNS; | type = GEN_DNS; | ||||
else if (!name_cmp(name, "RID")) | |||||
else if (!x509v3_name_cmp(name, "RID")) | |||||
type = GEN_RID; | type = GEN_RID; | ||||
else if (!name_cmp(name, "IP")) | |||||
else if (!x509v3_name_cmp(name, "IP")) | |||||
type = GEN_IPADD; | type = GEN_IPADD; | ||||
else if (!name_cmp(name, "dirName")) | |||||
else if (!x509v3_name_cmp(name, "dirName")) | |||||
type = GEN_DIRNAME; | type = GEN_DIRNAME; | ||||
else if (!name_cmp(name, "otherName")) | |||||
else if (!x509v3_name_cmp(name, "otherName")) | |||||
type = GEN_OTHERNAME; | type = GEN_OTHERNAME; | ||||
else { | else { | ||||
OPENSSL_PUT_ERROR(X509V3, X509V3_R_UNSUPPORTED_OPTION); | OPENSSL_PUT_ERROR(X509V3, X509V3_R_UNSUPPORTED_OPTION); | ||||
@@ -69,6 +69,7 @@ | |||||
#include <openssl/x509v3.h> | #include <openssl/x509v3.h> | ||||
#include "../internal.h" | #include "../internal.h" | ||||
#include "internal.h" | |||||
static int v3_check_critical(char **value); | static int v3_check_critical(char **value); | ||||
static int v3_check_generic(char **value); | static int v3_check_generic(char **value); | ||||
@@ -278,7 +279,7 @@ static X509_EXTENSION *v3_generic_extension(const char *ext, char *value, | |||||
} | } | ||||
if (gen_type == 1) | if (gen_type == 1) | ||||
ext_der = string_to_hex(value, &ext_len); | |||||
ext_der = x509v3_hex_to_bytes(value, &ext_len); | |||||
else if (gen_type == 2) | else if (gen_type == 2) | ||||
ext_der = generic_asn1(value, ctx, &ext_len); | ext_der = generic_asn1(value, ctx, &ext_len); | ||||
@@ -69,6 +69,7 @@ | |||||
#include <openssl/stack.h> | #include <openssl/stack.h> | ||||
#include <openssl/x509v3.h> | #include <openssl/x509v3.h> | ||||
#include "internal.h" | |||||
#include "pcy_int.h" | #include "pcy_int.h" | ||||
/* Certificate policies extension support: this one is a bit complex... */ | /* Certificate policies extension support: this one is a bit complex... */ | ||||
@@ -231,7 +232,7 @@ static POLICYINFO *policy_section(X509V3_CTX *ctx, | |||||
} | } | ||||
pol->policyid = pobj; | pol->policyid = pobj; | ||||
} else if (!name_cmp(cnf->name, "CPS")) { | |||||
} else if (!x509v3_name_cmp(cnf->name, "CPS")) { | |||||
if (!pol->qualifiers) | if (!pol->qualifiers) | ||||
pol->qualifiers = sk_POLICYQUALINFO_new_null(); | pol->qualifiers = sk_POLICYQUALINFO_new_null(); | ||||
if (!(qual = POLICYQUALINFO_new())) | if (!(qual = POLICYQUALINFO_new())) | ||||
@@ -251,7 +252,7 @@ static POLICYINFO *policy_section(X509V3_CTX *ctx, | |||||
if (!ASN1_STRING_set(qual->d.cpsuri, cnf->value, | if (!ASN1_STRING_set(qual->d.cpsuri, cnf->value, | ||||
strlen(cnf->value))) | strlen(cnf->value))) | ||||
goto merr; | goto merr; | ||||
} else if (!name_cmp(cnf->name, "userNotice")) { | |||||
} else if (!x509v3_name_cmp(cnf->name, "userNotice")) { | |||||
STACK_OF(CONF_VALUE) *unot; | STACK_OF(CONF_VALUE) *unot; | ||||
if (*cnf->value != '@') { | if (*cnf->value != '@') { | ||||
OPENSSL_PUT_ERROR(X509V3, X509V3_R_EXPECTED_A_SECTION_NAME); | OPENSSL_PUT_ERROR(X509V3, X509V3_R_EXPECTED_A_SECTION_NAME); | ||||
@@ -44,6 +44,7 @@ | |||||
#include <openssl/x509v3.h> | #include <openssl/x509v3.h> | ||||
#include "../internal.h" | #include "../internal.h" | ||||
#include "internal.h" | |||||
static int i2r_pci(X509V3_EXT_METHOD *method, PROXY_CERT_INFO_EXTENSION *ext, | static int i2r_pci(X509V3_EXT_METHOD *method, PROXY_CERT_INFO_EXTENSION *ext, | ||||
@@ -123,7 +124,7 @@ static int process_pci_value(CONF_VALUE *val, | |||||
} | } | ||||
if (strncmp(val->value, "hex:", 4) == 0) { | if (strncmp(val->value, "hex:", 4) == 0) { | ||||
unsigned char *tmp_data2 = | unsigned char *tmp_data2 = | ||||
string_to_hex(val->value + 4, &val_len); | |||||
x509v3_hex_to_bytes(val->value + 4, &val_len); | |||||
if (!tmp_data2) { | if (!tmp_data2) { | ||||
OPENSSL_PUT_ERROR(X509V3, X509V3_R_ILLEGAL_HEX_DIGIT); | OPENSSL_PUT_ERROR(X509V3, X509V3_R_ILLEGAL_HEX_DIGIT); | ||||
@@ -63,6 +63,9 @@ | |||||
#include <openssl/obj.h> | #include <openssl/obj.h> | ||||
#include <openssl/x509v3.h> | #include <openssl/x509v3.h> | ||||
#include "internal.h" | |||||
static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method, | static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method, | ||||
X509V3_CTX *ctx, char *str); | X509V3_CTX *ctx, char *str); | ||||
const X509V3_EXT_METHOD v3_skey_id = { | const X509V3_EXT_METHOD v3_skey_id = { | ||||
@@ -76,7 +79,7 @@ const X509V3_EXT_METHOD v3_skey_id = { | |||||
char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, ASN1_OCTET_STRING *oct) | char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, ASN1_OCTET_STRING *oct) | ||||
{ | { | ||||
return hex_to_string(oct->data, oct->length); | |||||
return x509v3_bytes_to_hex(oct->data, oct->length); | |||||
} | } | ||||
ASN1_OCTET_STRING *s2i_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, | ASN1_OCTET_STRING *s2i_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, | ||||
@@ -90,7 +93,7 @@ ASN1_OCTET_STRING *s2i_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, | |||||
return NULL; | return NULL; | ||||
} | } | ||||
if (!(oct->data = string_to_hex(str, &length))) { | |||||
if (!(oct->data = x509v3_hex_to_bytes(str, &length))) { | |||||
M_ASN1_OCTET_STRING_free(oct); | M_ASN1_OCTET_STRING_free(oct); | ||||
return NULL; | return NULL; | ||||
} | } | ||||
@@ -72,6 +72,7 @@ | |||||
#include "../conf/internal.h" | #include "../conf/internal.h" | ||||
#include "../internal.h" | #include "../internal.h" | ||||
#include "internal.h" | |||||
static char *strip_spaces(char *name); | static char *strip_spaces(char *name); | ||||
@@ -446,7 +447,7 @@ static char *strip_spaces(char *name) | |||||
* on EBCDIC machines) | * on EBCDIC machines) | ||||
*/ | */ | ||||
char *hex_to_string(const unsigned char *buffer, long len) | |||||
char *x509v3_bytes_to_hex(const unsigned char *buffer, long len) | |||||
{ | { | ||||
char *tmp, *q; | char *tmp, *q; | ||||
const unsigned char *p; | const unsigned char *p; | ||||
@@ -469,11 +470,7 @@ char *hex_to_string(const unsigned char *buffer, long len) | |||||
return tmp; | return tmp; | ||||
} | } | ||||
/* | |||||
* Give a string of hex digits convert to a buffer | |||||
*/ | |||||
unsigned char *string_to_hex(const char *str, long *len) | |||||
unsigned char *x509v3_hex_to_bytes(const char *str, long *len) | |||||
{ | { | ||||
unsigned char *hexbuf, *q; | unsigned char *hexbuf, *q; | ||||
unsigned char ch, cl, *p; | unsigned char ch, cl, *p; | ||||
@@ -533,11 +530,7 @@ unsigned char *string_to_hex(const char *str, long *len) | |||||
} | } | ||||
/* | |||||
* V2I name comparison function: returns zero if 'name' matches cmp or cmp.* | |||||
*/ | |||||
int name_cmp(const char *name, const char *cmp) | |||||
int x509v3_name_cmp(const char *name, const char *cmp) | |||||
{ | { | ||||
int len, ret; | int len, ret; | ||||
char c; | char c; | ||||
@@ -666,10 +666,6 @@ OPENSSL_EXPORT int X509V3_EXT_free(int nid, void *ext_data); | |||||
OPENSSL_EXPORT X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc); | OPENSSL_EXPORT X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc); | ||||
OPENSSL_EXPORT int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value, int crit, unsigned long flags); | OPENSSL_EXPORT int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value, int crit, unsigned long flags); | ||||
char *hex_to_string(const unsigned char *buffer, long len); | |||||
unsigned char *string_to_hex(const char *str, long *len); | |||||
int name_cmp(const char *name, const char *cmp); | |||||
OPENSSL_EXPORT void X509V3_EXT_val_prn(BIO *out, STACK_OF(CONF_VALUE) *val, int indent, | OPENSSL_EXPORT void X509V3_EXT_val_prn(BIO *out, STACK_OF(CONF_VALUE) *val, int indent, | ||||
int ml); | int ml); | ||||
OPENSSL_EXPORT int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, int indent); | OPENSSL_EXPORT int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, int indent); | ||||