Trim some unused XN_FLAG_* values These appear to be unused. Some ones of note: - XN_FLAG_FN_ALIGN breaks with multi-attribute RDNs anyway - XN_FLAG_FN_NONE is completely pointless Update-Note: Some seemingly unused XN_FLAG_* values were removed. If some project fails to build, we can put them back but one shouldn't be using this function in the first place. Change-Id: I4d8472e1e31aeec623b4d4e2aea48da7b1ef6798 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/58930 Reviewed-by: Bob Beck <bbe@google.com> Commit-Queue: David Benjamin <davidben@google.com>
diff --git a/crypto/x509/name_print.c b/crypto/x509/name_print.c index 29207cc..5dc34da 100644 --- a/crypto/x509/name_print.c +++ b/crypto/x509/name_print.c
@@ -56,6 +56,7 @@ #include <openssl/x509.h> +#include <assert.h> #include <inttypes.h> #include <string.h> @@ -84,8 +85,7 @@ static int do_name_ex(BIO *out, const X509_NAME *n, int indent, unsigned long flags) { - int i, prev = -1, orflags, cnt; - int fn_opt, fn_nid; + int prev = -1, orflags; char objtmp[80]; const char *objbuf; int outlen, len; @@ -142,10 +142,8 @@ sep_eq_len = 1; } - fn_opt = flags & XN_FLAG_FN_MASK; - - cnt = X509_NAME_entry_count(n); - for (i = 0; i < cnt; i++) { + int cnt = X509_NAME_entry_count(n); + for (int i = 0; i < cnt; i++) { const X509_NAME_ENTRY *ent; if (flags & XN_FLAG_DN_REV) { ent = X509_NAME_get_entry(n, cnt - i - 1); @@ -172,40 +170,20 @@ prev = X509_NAME_ENTRY_set(ent); const ASN1_OBJECT *fn = X509_NAME_ENTRY_get_object(ent); const ASN1_STRING *val = X509_NAME_ENTRY_get_data(ent); - fn_nid = OBJ_obj2nid(fn); - if (fn_opt != XN_FLAG_FN_NONE) { - int objlen, fld_len; - if ((fn_opt == XN_FLAG_FN_OID) || (fn_nid == NID_undef)) { - OBJ_obj2txt(objtmp, sizeof objtmp, fn, 1); - fld_len = 0; // XXX: what should this be? - objbuf = objtmp; - } else { - if (fn_opt == XN_FLAG_FN_SN) { - fld_len = FN_WIDTH_SN; - objbuf = OBJ_nid2sn(fn_nid); - } else if (fn_opt == XN_FLAG_FN_LN) { - fld_len = FN_WIDTH_LN; - objbuf = OBJ_nid2ln(fn_nid); - } else { - fld_len = 0; // XXX: what should this be? - objbuf = ""; - } - } - objlen = strlen(objbuf); - if (!maybe_write(out, objbuf, objlen)) { - return -1; - } - if ((objlen < fld_len) && (flags & XN_FLAG_FN_ALIGN)) { - if (!do_indent(out, fld_len - objlen)) { - return -1; - } - outlen += fld_len - objlen; - } - if (!maybe_write(out, sep_eq, sep_eq_len)) { - return -1; - } - outlen += objlen + sep_eq_len; + assert((flags & XN_FLAG_FN_MASK) == XN_FLAG_FN_SN); + int fn_nid = OBJ_obj2nid(fn); + if (fn_nid == NID_undef) { + OBJ_obj2txt(objtmp, sizeof(objtmp), fn, 1); + objbuf = objtmp; + } else { + objbuf = OBJ_nid2sn(fn_nid); } + int objlen = strlen(objbuf); + if (!maybe_write(out, objbuf, objlen) || + !maybe_write(out, sep_eq, sep_eq_len)) { + return -1; + } + outlen += objlen + sep_eq_len; // If the field name is unknown then fix up the DER dump flag. We // might want to limit this further so it will DER dump on anything // other than a few 'standard' fields.
diff --git a/crypto/x509/x509_test.cc b/crypto/x509/x509_test.cc index 530c24d..9e369bd 100644 --- a/crypto/x509/x509_test.cc +++ b/crypto/x509/x509_test.cc
@@ -4702,50 +4702,35 @@ "CN = \"Common " "Name/CN=A/CN=B,CN=A,CN=B+CN=A+CN=B;CN=A;CN=B\\0ACN=A\\0A\", " "CN = \" spaces \""}, - // |XN_FLAG_MULTILINE| is an OpenSSL-specific multi-line format that tries - // to vertically align the equal sizes. The vertical alignment doesn't - // quite handle multi-valued RDNs right and uses a non-RFC-2253 escaping. + // Callers can also customize the output, with both |XN_FLAG_*| and + // |ASN1_STRFLGS_*|. |XN_FLAG_SEP_SPLUS_SPC| uses semicolon separators. {/*indent=*/0, - /*flags=*/XN_FLAG_MULTILINE, - "countryName = US\n" - "stateOrProvinceName = Some State + " - "stateOrProvinceName = Some Other State \\U2603 + " - "stateOrProvinceName = Another State \\U2603 + " - "1.2.840.113554.4.1.72585.2 = \\U2603\n" - "1.2.840.113554.4.1.72585.3 = 0\\06\\02\\01\\01\\02\\01\\02\n" - "organizationName = Org Name\n" - "commonName = Common " - "Name/CN=A/CN=B,CN=A,CN=B+CN=A+CN=B;CN=A;CN=B\\0ACN=A\\0A\n" - "commonName = spaces "}, - // The multiline format indents every line. - {/*indent=*/2, - /*flags=*/XN_FLAG_MULTILINE, - " countryName = US\n" - " stateOrProvinceName = Some State + " - "stateOrProvinceName = Some Other State \\U2603 + " - "stateOrProvinceName = Another State \\U2603 + " - "1.2.840.113554.4.1.72585.2 = \\U2603\n" - " 1.2.840.113554.4.1.72585.3 = 0\\06\\02\\01\\01\\02\\01\\02\n" - " organizationName = Org Name\n" - " commonName = Common " - "Name/CN=A/CN=B,CN=A,CN=B+CN=A+CN=B;CN=A;CN=B\\0ACN=A\\0A\n" - " commonName = spaces "}, - // Callers can also customize the output, wuith both |XN_FLAG_*| and - // |ASN1_STRFLGS_*|. |XN_FLAG_SEP_SPLUS_SPC| uses semicolon separators and - // |XN_FLAG_FN_OID| forces OIDs. - {/*indent=*/0, - /*flags=*/XN_FLAG_SEP_SPLUS_SPC | XN_FLAG_FN_OID | ASN1_STRFLGS_RFC2253 | + /*flags=*/XN_FLAG_SEP_SPLUS_SPC | ASN1_STRFLGS_RFC2253 | ASN1_STRFLGS_ESC_QUOTE, - "2.5.4.6=US; " - "2.5.4.8=Some State + " - "2.5.4.8=Some Other State \\E2\\98\\83 + " - "2.5.4.8=Another State \\E2\\98\\83 + " + "C=US; " + "ST=Some State + " + "ST=Some Other State \\E2\\98\\83 + " + "ST=Another State \\E2\\98\\83 + " "1.2.840.113554.4.1.72585.2=\\E2\\98\\83; " "1.2.840.113554.4.1.72585.3=#3006020101020102; " - "2.5.4.10=Org Name; " - "2.5.4.3=\"Common " + "O=Org Name; " + "CN=\"Common " "Name/CN=A/CN=B,CN=A,CN=B+CN=A+CN=B;CN=A;CN=B\\0ACN=A\\0A\"; " - "2.5.4.3=\" spaces \""}, + "CN=\" spaces \""}, + // Node uses these parameters. + {/*indent=*/0, + /*flags=*/ASN1_STRFLGS_ESC_2253 | ASN1_STRFLGS_ESC_CTRL | + ASN1_STRFLGS_UTF8_CONVERT | XN_FLAG_SEP_MULTILINE | XN_FLAG_FN_SN, + "C=US\n" + "ST=Some State + " + "ST=Some Other State \xE2\x98\x83 + " + "ST=Another State \xE2\x98\x83 + " + "1.2.840.113554.4.1.72585.2=\xE2\x98\x83\n" + "1.2.840.113554.4.1.72585.3=0\\06\\02\\01\\01\\02\\01\\02\n" + "O=Org Name\n" + "CN=Common " + "Name/CN=A/CN=B\\,CN=A\\,CN=B\\+CN=A\\+CN=B\\;CN=A\\;CN=B\\0ACN=A\\0A\n" + "CN=\\ spaces\\ "}, // |XN_FLAG_COMPAT| matches |X509_NAME_print|, rather than // |X509_NAME_print_ex|. //
diff --git a/include/openssl/x509.h b/include/openssl/x509.h index 8271b4a..2954488 100644 --- a/include/openssl/x509.h +++ b/include/openssl/x509.h
@@ -1670,15 +1670,6 @@ // XN_FLAG_FN_SN uses the attribute type's short name, when available. #define XN_FLAG_FN_SN 0 -// XN_FLAG_FN_LN uses the attribute type's long name, when available. -#define XN_FLAG_FN_LN (1 << 21) - -// XN_FLAG_FN_OID always prints attribute types as OIDs. -#define XN_FLAG_FN_OID (2 << 21) - -// XN_FLAG_FN_NONE skips printing field names. -#define XN_FLAG_FN_NONE (3 << 21) - // XN_FLAG_SPC_EQ wraps the "=" operator with spaces when printing attributes. #define XN_FLAG_SPC_EQ (1 << 23) @@ -1686,10 +1677,6 @@ // hex, as in RFC 2253. #define XN_FLAG_DUMP_UNKNOWN_FIELDS (1 << 24) -// XN_FLAG_FN_ALIGN aligns attribute names to 10 characters if using short -// names, and 25 characters if using long names. -#define XN_FLAG_FN_ALIGN (1 << 25) - // XN_FLAG_RFC2253 prints like RFC 2253. #define XN_FLAG_RFC2253 \ (ASN1_STRFLGS_RFC2253 | XN_FLAG_SEP_COMMA_PLUS | XN_FLAG_DN_REV | \ @@ -1700,11 +1687,6 @@ (ASN1_STRFLGS_RFC2253 | ASN1_STRFLGS_ESC_QUOTE | XN_FLAG_SEP_CPLUS_SPC | \ XN_FLAG_SPC_EQ | XN_FLAG_FN_SN) -// XN_FLAG_MULTILINE prints a multi-line representation of the name. -#define XN_FLAG_MULTILINE \ - (ASN1_STRFLGS_ESC_CTRL | ASN1_STRFLGS_ESC_MSB | XN_FLAG_SEP_MULTILINE | \ - XN_FLAG_SPC_EQ | XN_FLAG_FN_LN | XN_FLAG_FN_ALIGN) - // X509_NAME_print_ex writes a human-readable representation of |nm| to |out|. // Each line of output is indented by |indent| spaces. It returns the number of // bytes written on success, and -1 on error. If |out| is NULL, it returns the