Unexport and rename hex_to_string, string_to_hex, and name_cmp.

Squatting these names is rather rude. Also hex_to_string and
string_to_hex do the opposite of what one would expect, so rename them
to something a bit less confusing.

Update-Note: This removes some random utility functions. name_cmp is
very specific to OpenSSL's config file format, so it's unlikely anyone
is relying on it. I removed the one use of hex_to_string and
string_to_hex I could find.

Change-Id: I01554885ad306251e6982100d0b15cd89b1cdea7
Reviewed-on: https://boringssl-review.googlesource.com/c/33364
Commit-Queue: David Benjamin <davidben@google.com>
Commit-Queue: Adam Langley <agl@google.com>
Reviewed-by: Adam Langley <agl@google.com>
This commit is contained in:
David Benjamin 2018-11-26 16:46:54 -06:00 committed by CQ bot account: commit-bot@chromium.org
parent 9113e0996f
commit 045ee41928
10 changed files with 87 additions and 34 deletions

View File

@ -65,6 +65,7 @@
#include <openssl/x509v3.h> #include <openssl/x509v3.h>
#include "../internal.h" #include "../internal.h"
#include "../x509v3/internal.h"
/* /*
* Although this file is in crypto/x509 for layering purposes, it emits * Although this file is in crypto/x509 for layering purposes, it emits
@ -769,7 +770,7 @@ static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype)
if (format == ASN1_GEN_FORMAT_HEX) { if (format == ASN1_GEN_FORMAT_HEX) {
if (!(rdata = string_to_hex((char *)str, &rdlen))) { if (!(rdata = x509v3_hex_to_bytes((char *)str, &rdlen))) {
OPENSSL_PUT_ERROR(ASN1, ASN1_R_ILLEGAL_HEX); OPENSSL_PUT_ERROR(ASN1, ASN1_R_ILLEGAL_HEX);
goto bad_str; goto bad_str;
} }

51
crypto/x509v3/internal.h Normal file
View File

@ -0,0 +1,51 @@
/* Copyright (c) 2018, Google Inc.
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
* SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
* OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
* CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
#ifndef OPENSSL_HEADER_X509V3_INTERNAL_H
#define OPENSSL_HEADER_X509V3_INTERNAL_H
#include <openssl/base.h>
#if defined(__cplusplus)
extern "C" {
#endif
// x509v3_bytes_to_hex encodes |len| bytes from |buffer| to hex and returns a
// newly-allocated NUL-terminated string containing the result, or NULL on
// allocation error.
//
// Note this function was historically named |hex_to_string| in OpenSSL, not
// |string_to_hex|.
char *x509v3_bytes_to_hex(const unsigned char *buffer, long len);
// x509v3_hex_string_to_bytes decodes |str| in hex and returns a newly-allocated
// array containing the result, or NULL on error. On success, it sets |*len| to
// the length of the result. Colon separators between bytes in the input are
// allowed and ignored.
//
// Note this function was historically named |string_to_hex| in OpenSSL, not
// |hex_to_string|.
unsigned char *x509v3_hex_to_bytes(const char *str, long *len);
// x509v3_name_cmp returns zero if |name| is equal to |cmp| or begins with |cmp|
// followed by '.'. Otherwise, it returns a non-zero number.
int x509v3_name_cmp(const char *name, const char *cmp);
#if defined(__cplusplus)
} /* extern C */
#endif
#endif /* OPENSSL_HEADER_X509V3_INTERNAL_H */

View File

@ -66,6 +66,9 @@
#include <openssl/obj.h> #include <openssl/obj.h>
#include <openssl/x509v3.h> #include <openssl/x509v3.h>
#include "internal.h"
static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD *method, static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,
AUTHORITY_KEYID *akeyid, AUTHORITY_KEYID *akeyid,
STACK_OF(CONF_VALUE) STACK_OF(CONF_VALUE)
@ -92,14 +95,14 @@ static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,
{ {
char *tmp; char *tmp;
if (akeyid->keyid) { if (akeyid->keyid) {
tmp = hex_to_string(akeyid->keyid->data, akeyid->keyid->length); tmp = x509v3_bytes_to_hex(akeyid->keyid->data, akeyid->keyid->length);
X509V3_add_value("keyid", tmp, &extlist); X509V3_add_value("keyid", tmp, &extlist);
OPENSSL_free(tmp); OPENSSL_free(tmp);
} }
if (akeyid->issuer) if (akeyid->issuer)
extlist = i2v_GENERAL_NAMES(NULL, akeyid->issuer, extlist); extlist = i2v_GENERAL_NAMES(NULL, akeyid->issuer, extlist);
if (akeyid->serial) { if (akeyid->serial) {
tmp = hex_to_string(akeyid->serial->data, akeyid->serial->length); tmp = x509v3_bytes_to_hex(akeyid->serial->data, akeyid->serial->length);
X509V3_add_value("serial", tmp, &extlist); X509V3_add_value("serial", tmp, &extlist);
OPENSSL_free(tmp); OPENSSL_free(tmp);
} }

View File

@ -64,6 +64,9 @@
#include <openssl/obj.h> #include <openssl/obj.h>
#include <openssl/x509v3.h> #include <openssl/x509v3.h>
#include "internal.h"
static GENERAL_NAMES *v2i_subject_alt(X509V3_EXT_METHOD *method, static GENERAL_NAMES *v2i_subject_alt(X509V3_EXT_METHOD *method,
X509V3_CTX *ctx, X509V3_CTX *ctx,
STACK_OF(CONF_VALUE) *nval); STACK_OF(CONF_VALUE) *nval);
@ -261,7 +264,7 @@ static GENERAL_NAMES *v2i_issuer_alt(X509V3_EXT_METHOD *method,
} }
for (i = 0; i < sk_CONF_VALUE_num(nval); i++) { for (i = 0; i < sk_CONF_VALUE_num(nval); i++) {
cnf = sk_CONF_VALUE_value(nval, i); cnf = sk_CONF_VALUE_value(nval, i);
if (!name_cmp(cnf->name, "issuer") && cnf->value && if (!x509v3_name_cmp(cnf->name, "issuer") && cnf->value &&
!strcmp(cnf->value, "copy")) { !strcmp(cnf->value, "copy")) {
if (!copy_issuer(ctx, gens)) if (!copy_issuer(ctx, gens))
goto err; goto err;
@ -331,11 +334,11 @@ static GENERAL_NAMES *v2i_subject_alt(X509V3_EXT_METHOD *method,
} }
for (i = 0; i < sk_CONF_VALUE_num(nval); i++) { for (i = 0; i < sk_CONF_VALUE_num(nval); i++) {
cnf = sk_CONF_VALUE_value(nval, i); cnf = sk_CONF_VALUE_value(nval, i);
if (!name_cmp(cnf->name, "email") && cnf->value && if (!x509v3_name_cmp(cnf->name, "email") && cnf->value &&
!strcmp(cnf->value, "copy")) { !strcmp(cnf->value, "copy")) {
if (!copy_email(ctx, gens, 0)) if (!copy_email(ctx, gens, 0))
goto err; goto err;
} else if (!name_cmp(cnf->name, "email") && cnf->value && } else if (!x509v3_name_cmp(cnf->name, "email") && cnf->value &&
!strcmp(cnf->value, "move")) { !strcmp(cnf->value, "move")) {
if (!copy_email(ctx, gens, 1)) if (!copy_email(ctx, gens, 1))
goto err; goto err;
@ -545,19 +548,19 @@ GENERAL_NAME *v2i_GENERAL_NAME_ex(GENERAL_NAME *out,
return NULL; return NULL;
} }
if (!name_cmp(name, "email")) if (!x509v3_name_cmp(name, "email"))
type = GEN_EMAIL; type = GEN_EMAIL;
else if (!name_cmp(name, "URI")) else if (!x509v3_name_cmp(name, "URI"))
type = GEN_URI; type = GEN_URI;
else if (!name_cmp(name, "DNS")) else if (!x509v3_name_cmp(name, "DNS"))
type = GEN_DNS; type = GEN_DNS;
else if (!name_cmp(name, "RID")) else if (!x509v3_name_cmp(name, "RID"))
type = GEN_RID; type = GEN_RID;
else if (!name_cmp(name, "IP")) else if (!x509v3_name_cmp(name, "IP"))
type = GEN_IPADD; type = GEN_IPADD;
else if (!name_cmp(name, "dirName")) else if (!x509v3_name_cmp(name, "dirName"))
type = GEN_DIRNAME; type = GEN_DIRNAME;
else if (!name_cmp(name, "otherName")) else if (!x509v3_name_cmp(name, "otherName"))
type = GEN_OTHERNAME; type = GEN_OTHERNAME;
else { else {
OPENSSL_PUT_ERROR(X509V3, X509V3_R_UNSUPPORTED_OPTION); OPENSSL_PUT_ERROR(X509V3, X509V3_R_UNSUPPORTED_OPTION);

View File

@ -69,6 +69,7 @@
#include <openssl/x509v3.h> #include <openssl/x509v3.h>
#include "../internal.h" #include "../internal.h"
#include "internal.h"
static int v3_check_critical(char **value); static int v3_check_critical(char **value);
static int v3_check_generic(char **value); static int v3_check_generic(char **value);
@ -278,7 +279,7 @@ static X509_EXTENSION *v3_generic_extension(const char *ext, char *value,
} }
if (gen_type == 1) if (gen_type == 1)
ext_der = string_to_hex(value, &ext_len); ext_der = x509v3_hex_to_bytes(value, &ext_len);
else if (gen_type == 2) else if (gen_type == 2)
ext_der = generic_asn1(value, ctx, &ext_len); ext_der = generic_asn1(value, ctx, &ext_len);

View File

@ -69,6 +69,7 @@
#include <openssl/stack.h> #include <openssl/stack.h>
#include <openssl/x509v3.h> #include <openssl/x509v3.h>
#include "internal.h"
#include "pcy_int.h" #include "pcy_int.h"
/* Certificate policies extension support: this one is a bit complex... */ /* Certificate policies extension support: this one is a bit complex... */
@ -231,7 +232,7 @@ static POLICYINFO *policy_section(X509V3_CTX *ctx,
} }
pol->policyid = pobj; pol->policyid = pobj;
} else if (!name_cmp(cnf->name, "CPS")) { } else if (!x509v3_name_cmp(cnf->name, "CPS")) {
if (!pol->qualifiers) if (!pol->qualifiers)
pol->qualifiers = sk_POLICYQUALINFO_new_null(); pol->qualifiers = sk_POLICYQUALINFO_new_null();
if (!(qual = POLICYQUALINFO_new())) if (!(qual = POLICYQUALINFO_new()))
@ -251,7 +252,7 @@ static POLICYINFO *policy_section(X509V3_CTX *ctx,
if (!ASN1_STRING_set(qual->d.cpsuri, cnf->value, if (!ASN1_STRING_set(qual->d.cpsuri, cnf->value,
strlen(cnf->value))) strlen(cnf->value)))
goto merr; goto merr;
} else if (!name_cmp(cnf->name, "userNotice")) { } else if (!x509v3_name_cmp(cnf->name, "userNotice")) {
STACK_OF(CONF_VALUE) *unot; STACK_OF(CONF_VALUE) *unot;
if (*cnf->value != '@') { if (*cnf->value != '@') {
OPENSSL_PUT_ERROR(X509V3, X509V3_R_EXPECTED_A_SECTION_NAME); OPENSSL_PUT_ERROR(X509V3, X509V3_R_EXPECTED_A_SECTION_NAME);

View File

@ -44,6 +44,7 @@
#include <openssl/x509v3.h> #include <openssl/x509v3.h>
#include "../internal.h" #include "../internal.h"
#include "internal.h"
static int i2r_pci(X509V3_EXT_METHOD *method, PROXY_CERT_INFO_EXTENSION *ext, static int i2r_pci(X509V3_EXT_METHOD *method, PROXY_CERT_INFO_EXTENSION *ext,
@ -123,7 +124,7 @@ static int process_pci_value(CONF_VALUE *val,
} }
if (strncmp(val->value, "hex:", 4) == 0) { if (strncmp(val->value, "hex:", 4) == 0) {
unsigned char *tmp_data2 = unsigned char *tmp_data2 =
string_to_hex(val->value + 4, &val_len); x509v3_hex_to_bytes(val->value + 4, &val_len);
if (!tmp_data2) { if (!tmp_data2) {
OPENSSL_PUT_ERROR(X509V3, X509V3_R_ILLEGAL_HEX_DIGIT); OPENSSL_PUT_ERROR(X509V3, X509V3_R_ILLEGAL_HEX_DIGIT);

View File

@ -63,6 +63,9 @@
#include <openssl/obj.h> #include <openssl/obj.h>
#include <openssl/x509v3.h> #include <openssl/x509v3.h>
#include "internal.h"
static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method, static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method,
X509V3_CTX *ctx, char *str); X509V3_CTX *ctx, char *str);
const X509V3_EXT_METHOD v3_skey_id = { const X509V3_EXT_METHOD v3_skey_id = {
@ -76,7 +79,7 @@ const X509V3_EXT_METHOD v3_skey_id = {
char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, ASN1_OCTET_STRING *oct) char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, ASN1_OCTET_STRING *oct)
{ {
return hex_to_string(oct->data, oct->length); return x509v3_bytes_to_hex(oct->data, oct->length);
} }
ASN1_OCTET_STRING *s2i_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, ASN1_OCTET_STRING *s2i_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method,
@ -90,7 +93,7 @@ ASN1_OCTET_STRING *s2i_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method,
return NULL; return NULL;
} }
if (!(oct->data = string_to_hex(str, &length))) { if (!(oct->data = x509v3_hex_to_bytes(str, &length))) {
M_ASN1_OCTET_STRING_free(oct); M_ASN1_OCTET_STRING_free(oct);
return NULL; return NULL;
} }

View File

@ -72,6 +72,7 @@
#include "../conf/internal.h" #include "../conf/internal.h"
#include "../internal.h" #include "../internal.h"
#include "internal.h"
static char *strip_spaces(char *name); static char *strip_spaces(char *name);
@ -446,7 +447,7 @@ static char *strip_spaces(char *name)
* on EBCDIC machines) * on EBCDIC machines)
*/ */
char *hex_to_string(const unsigned char *buffer, long len) char *x509v3_bytes_to_hex(const unsigned char *buffer, long len)
{ {
char *tmp, *q; char *tmp, *q;
const unsigned char *p; const unsigned char *p;
@ -469,11 +470,7 @@ char *hex_to_string(const unsigned char *buffer, long len)
return tmp; return tmp;
} }
/* unsigned char *x509v3_hex_to_bytes(const char *str, long *len)
* Give a string of hex digits convert to a buffer
*/
unsigned char *string_to_hex(const char *str, long *len)
{ {
unsigned char *hexbuf, *q; unsigned char *hexbuf, *q;
unsigned char ch, cl, *p; unsigned char ch, cl, *p;
@ -533,11 +530,7 @@ unsigned char *string_to_hex(const char *str, long *len)
} }
/* int x509v3_name_cmp(const char *name, const char *cmp)
* V2I name comparison function: returns zero if 'name' matches cmp or cmp.*
*/
int name_cmp(const char *name, const char *cmp)
{ {
int len, ret; int len, ret;
char c; char c;

View File

@ -666,10 +666,6 @@ OPENSSL_EXPORT int X509V3_EXT_free(int nid, void *ext_data);
OPENSSL_EXPORT X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc); OPENSSL_EXPORT X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc);
OPENSSL_EXPORT int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value, int crit, unsigned long flags); OPENSSL_EXPORT int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value, int crit, unsigned long flags);
char *hex_to_string(const unsigned char *buffer, long len);
unsigned char *string_to_hex(const char *str, long *len);
int name_cmp(const char *name, const char *cmp);
OPENSSL_EXPORT void X509V3_EXT_val_prn(BIO *out, STACK_OF(CONF_VALUE) *val, int indent, OPENSSL_EXPORT void X509V3_EXT_val_prn(BIO *out, STACK_OF(CONF_VALUE) *val, int indent,
int ml); int ml);
OPENSSL_EXPORT int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, int indent); OPENSSL_EXPORT int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, int indent);