Unexport and rename hex_to_string, string_to_hex, and name_cmp. Squatting these names is rather rude. Also hex_to_string and string_to_hex do the opposite of what one would expect, so rename them to something a bit less confusing. Update-Note: This removes some random utility functions. name_cmp is very specific to OpenSSL's config file format, so it's unlikely anyone is relying on it. I removed the one use of hex_to_string and string_to_hex I could find. Change-Id: I01554885ad306251e6982100d0b15cd89b1cdea7 Reviewed-on: https://boringssl-review.googlesource.com/c/33364 Commit-Queue: David Benjamin <davidben@google.com> Commit-Queue: Adam Langley <agl@google.com> Reviewed-by: Adam Langley <agl@google.com>
diff --git a/crypto/x509/asn1_gen.c b/crypto/x509/asn1_gen.c index 5b74cd1..98a6fac 100644 --- a/crypto/x509/asn1_gen.c +++ b/crypto/x509/asn1_gen.c
@@ -65,6 +65,7 @@ #include <openssl/x509v3.h> #include "../internal.h" +#include "../x509v3/internal.h" /* * Although this file is in crypto/x509 for layering purposes, it emits @@ -769,7 +770,7 @@ if (format == ASN1_GEN_FORMAT_HEX) { - if (!(rdata = string_to_hex((char *)str, &rdlen))) { + if (!(rdata = x509v3_hex_to_bytes((char *)str, &rdlen))) { OPENSSL_PUT_ERROR(ASN1, ASN1_R_ILLEGAL_HEX); goto bad_str; }
diff --git a/crypto/x509v3/internal.h b/crypto/x509v3/internal.h new file mode 100644 index 0000000..e6be684 --- /dev/null +++ b/crypto/x509v3/internal.h
@@ -0,0 +1,51 @@ +/* Copyright (c) 2018, Google Inc. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY + * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION + * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN + * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ + +#ifndef OPENSSL_HEADER_X509V3_INTERNAL_H +#define OPENSSL_HEADER_X509V3_INTERNAL_H + +#include <openssl/base.h> + +#if defined(__cplusplus) +extern "C" { +#endif + + +// x509v3_bytes_to_hex encodes |len| bytes from |buffer| to hex and returns a +// newly-allocated NUL-terminated string containing the result, or NULL on +// allocation error. +// +// Note this function was historically named |hex_to_string| in OpenSSL, not +// |string_to_hex|. +char *x509v3_bytes_to_hex(const unsigned char *buffer, long len); + +// x509v3_hex_string_to_bytes decodes |str| in hex and returns a newly-allocated +// array containing the result, or NULL on error. On success, it sets |*len| to +// the length of the result. Colon separators between bytes in the input are +// allowed and ignored. +// +// Note this function was historically named |string_to_hex| in OpenSSL, not +// |hex_to_string|. +unsigned char *x509v3_hex_to_bytes(const char *str, long *len); + +// x509v3_name_cmp returns zero if |name| is equal to |cmp| or begins with |cmp| +// followed by '.'. Otherwise, it returns a non-zero number. +int x509v3_name_cmp(const char *name, const char *cmp); + + +#if defined(__cplusplus) +} /* extern C */ +#endif + +#endif /* OPENSSL_HEADER_X509V3_INTERNAL_H */
diff --git a/crypto/x509v3/v3_akey.c b/crypto/x509v3/v3_akey.c index 4503e61..30c02e2 100644 --- a/crypto/x509v3/v3_akey.c +++ b/crypto/x509v3/v3_akey.c
@@ -66,6 +66,9 @@ #include <openssl/obj.h> #include <openssl/x509v3.h> +#include "internal.h" + + static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD *method, AUTHORITY_KEYID *akeyid, STACK_OF(CONF_VALUE) @@ -92,14 +95,14 @@ { char *tmp; if (akeyid->keyid) { - tmp = hex_to_string(akeyid->keyid->data, akeyid->keyid->length); + tmp = x509v3_bytes_to_hex(akeyid->keyid->data, akeyid->keyid->length); X509V3_add_value("keyid", tmp, &extlist); OPENSSL_free(tmp); } if (akeyid->issuer) extlist = i2v_GENERAL_NAMES(NULL, akeyid->issuer, extlist); if (akeyid->serial) { - tmp = hex_to_string(akeyid->serial->data, akeyid->serial->length); + tmp = x509v3_bytes_to_hex(akeyid->serial->data, akeyid->serial->length); X509V3_add_value("serial", tmp, &extlist); OPENSSL_free(tmp); }
diff --git a/crypto/x509v3/v3_alt.c b/crypto/x509v3/v3_alt.c index b78a410..5a4fadf 100644 --- a/crypto/x509v3/v3_alt.c +++ b/crypto/x509v3/v3_alt.c
@@ -64,6 +64,9 @@ #include <openssl/obj.h> #include <openssl/x509v3.h> +#include "internal.h" + + static GENERAL_NAMES *v2i_subject_alt(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); @@ -261,7 +264,7 @@ } for (i = 0; i < sk_CONF_VALUE_num(nval); i++) { cnf = sk_CONF_VALUE_value(nval, i); - if (!name_cmp(cnf->name, "issuer") && cnf->value && + if (!x509v3_name_cmp(cnf->name, "issuer") && cnf->value && !strcmp(cnf->value, "copy")) { if (!copy_issuer(ctx, gens)) goto err; @@ -331,11 +334,11 @@ } for (i = 0; i < sk_CONF_VALUE_num(nval); i++) { cnf = sk_CONF_VALUE_value(nval, i); - if (!name_cmp(cnf->name, "email") && cnf->value && + if (!x509v3_name_cmp(cnf->name, "email") && cnf->value && !strcmp(cnf->value, "copy")) { if (!copy_email(ctx, gens, 0)) goto err; - } else if (!name_cmp(cnf->name, "email") && cnf->value && + } else if (!x509v3_name_cmp(cnf->name, "email") && cnf->value && !strcmp(cnf->value, "move")) { if (!copy_email(ctx, gens, 1)) goto err; @@ -545,19 +548,19 @@ return NULL; } - if (!name_cmp(name, "email")) + if (!x509v3_name_cmp(name, "email")) type = GEN_EMAIL; - else if (!name_cmp(name, "URI")) + else if (!x509v3_name_cmp(name, "URI")) type = GEN_URI; - else if (!name_cmp(name, "DNS")) + else if (!x509v3_name_cmp(name, "DNS")) type = GEN_DNS; - else if (!name_cmp(name, "RID")) + else if (!x509v3_name_cmp(name, "RID")) type = GEN_RID; - else if (!name_cmp(name, "IP")) + else if (!x509v3_name_cmp(name, "IP")) type = GEN_IPADD; - else if (!name_cmp(name, "dirName")) + else if (!x509v3_name_cmp(name, "dirName")) type = GEN_DIRNAME; - else if (!name_cmp(name, "otherName")) + else if (!x509v3_name_cmp(name, "otherName")) type = GEN_OTHERNAME; else { OPENSSL_PUT_ERROR(X509V3, X509V3_R_UNSUPPORTED_OPTION);
diff --git a/crypto/x509v3/v3_conf.c b/crypto/x509v3/v3_conf.c index ff2eae1..e98d0fc 100644 --- a/crypto/x509v3/v3_conf.c +++ b/crypto/x509v3/v3_conf.c
@@ -69,6 +69,7 @@ #include <openssl/x509v3.h> #include "../internal.h" +#include "internal.h" static int v3_check_critical(char **value); static int v3_check_generic(char **value); @@ -278,7 +279,7 @@ } if (gen_type == 1) - ext_der = string_to_hex(value, &ext_len); + ext_der = x509v3_hex_to_bytes(value, &ext_len); else if (gen_type == 2) ext_der = generic_asn1(value, ctx, &ext_len);
diff --git a/crypto/x509v3/v3_cpols.c b/crypto/x509v3/v3_cpols.c index 4def530..18d260b 100644 --- a/crypto/x509v3/v3_cpols.c +++ b/crypto/x509v3/v3_cpols.c
@@ -69,6 +69,7 @@ #include <openssl/stack.h> #include <openssl/x509v3.h> +#include "internal.h" #include "pcy_int.h" /* Certificate policies extension support: this one is a bit complex... */ @@ -231,7 +232,7 @@ } pol->policyid = pobj; - } else if (!name_cmp(cnf->name, "CPS")) { + } else if (!x509v3_name_cmp(cnf->name, "CPS")) { if (!pol->qualifiers) pol->qualifiers = sk_POLICYQUALINFO_new_null(); if (!(qual = POLICYQUALINFO_new())) @@ -251,7 +252,7 @@ if (!ASN1_STRING_set(qual->d.cpsuri, cnf->value, strlen(cnf->value))) goto merr; - } else if (!name_cmp(cnf->name, "userNotice")) { + } else if (!x509v3_name_cmp(cnf->name, "userNotice")) { STACK_OF(CONF_VALUE) *unot; if (*cnf->value != '@') { OPENSSL_PUT_ERROR(X509V3, X509V3_R_EXPECTED_A_SECTION_NAME);
diff --git a/crypto/x509v3/v3_pci.c b/crypto/x509v3/v3_pci.c index 4352abe..f9031c0 100644 --- a/crypto/x509v3/v3_pci.c +++ b/crypto/x509v3/v3_pci.c
@@ -44,6 +44,7 @@ #include <openssl/x509v3.h> #include "../internal.h" +#include "internal.h" static int i2r_pci(X509V3_EXT_METHOD *method, PROXY_CERT_INFO_EXTENSION *ext, @@ -123,7 +124,7 @@ } if (strncmp(val->value, "hex:", 4) == 0) { unsigned char *tmp_data2 = - string_to_hex(val->value + 4, &val_len); + x509v3_hex_to_bytes(val->value + 4, &val_len); if (!tmp_data2) { OPENSSL_PUT_ERROR(X509V3, X509V3_R_ILLEGAL_HEX_DIGIT);
diff --git a/crypto/x509v3/v3_skey.c b/crypto/x509v3/v3_skey.c index 65f8287..6a16e78 100644 --- a/crypto/x509v3/v3_skey.c +++ b/crypto/x509v3/v3_skey.c
@@ -63,6 +63,9 @@ #include <openssl/obj.h> #include <openssl/x509v3.h> +#include "internal.h" + + static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str); const X509V3_EXT_METHOD v3_skey_id = { @@ -76,7 +79,7 @@ char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, ASN1_OCTET_STRING *oct) { - return hex_to_string(oct->data, oct->length); + return x509v3_bytes_to_hex(oct->data, oct->length); } ASN1_OCTET_STRING *s2i_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, @@ -90,7 +93,7 @@ return NULL; } - if (!(oct->data = string_to_hex(str, &length))) { + if (!(oct->data = x509v3_hex_to_bytes(str, &length))) { M_ASN1_OCTET_STRING_free(oct); return NULL; }
diff --git a/crypto/x509v3/v3_utl.c b/crypto/x509v3/v3_utl.c index 589e296..2a293dc 100644 --- a/crypto/x509v3/v3_utl.c +++ b/crypto/x509v3/v3_utl.c
@@ -72,6 +72,7 @@ #include "../conf/internal.h" #include "../internal.h" +#include "internal.h" static char *strip_spaces(char *name); @@ -446,7 +447,7 @@ * on EBCDIC machines) */ -char *hex_to_string(const unsigned char *buffer, long len) +char *x509v3_bytes_to_hex(const unsigned char *buffer, long len) { char *tmp, *q; const unsigned char *p; @@ -469,11 +470,7 @@ return tmp; } -/* - * Give a string of hex digits convert to a buffer - */ - -unsigned char *string_to_hex(const char *str, long *len) +unsigned char *x509v3_hex_to_bytes(const char *str, long *len) { unsigned char *hexbuf, *q; unsigned char ch, cl, *p; @@ -533,11 +530,7 @@ } -/* - * V2I name comparison function: returns zero if 'name' matches cmp or cmp.* - */ - -int name_cmp(const char *name, const char *cmp) +int x509v3_name_cmp(const char *name, const char *cmp) { int len, ret; char c;
diff --git a/include/openssl/x509v3.h b/include/openssl/x509v3.h index 4a654b5..d2d39f8 100644 --- a/include/openssl/x509v3.h +++ b/include/openssl/x509v3.h
@@ -666,10 +666,6 @@ OPENSSL_EXPORT X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc); OPENSSL_EXPORT int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value, int crit, unsigned long flags); -char *hex_to_string(const unsigned char *buffer, long len); -unsigned char *string_to_hex(const char *str, long *len); -int name_cmp(const char *name, const char *cmp); - OPENSSL_EXPORT void X509V3_EXT_val_prn(BIO *out, STACK_OF(CONF_VALUE) *val, int indent, int ml); OPENSSL_EXPORT int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, int indent);