Unexport and rename hex_to_string, string_to_hex, and name_cmp.
Squatting these names is rather rude. Also hex_to_string and
string_to_hex do the opposite of what one would expect, so rename them
to something a bit less confusing.
Update-Note: This removes some random utility functions. name_cmp is
very specific to OpenSSL's config file format, so it's unlikely anyone
is relying on it. I removed the one use of hex_to_string and
string_to_hex I could find.
Change-Id: I01554885ad306251e6982100d0b15cd89b1cdea7
Reviewed-on: https://boringssl-review.googlesource.com/c/33364
Commit-Queue: David Benjamin <davidben@google.com>
Commit-Queue: Adam Langley <agl@google.com>
Reviewed-by: Adam Langley <agl@google.com>
diff --git a/crypto/x509/asn1_gen.c b/crypto/x509/asn1_gen.c
index 5b74cd1..98a6fac 100644
--- a/crypto/x509/asn1_gen.c
+++ b/crypto/x509/asn1_gen.c
@@ -65,6 +65,7 @@
#include <openssl/x509v3.h>
#include "../internal.h"
+#include "../x509v3/internal.h"
/*
* Although this file is in crypto/x509 for layering purposes, it emits
@@ -769,7 +770,7 @@
if (format == ASN1_GEN_FORMAT_HEX) {
- if (!(rdata = string_to_hex((char *)str, &rdlen))) {
+ if (!(rdata = x509v3_hex_to_bytes((char *)str, &rdlen))) {
OPENSSL_PUT_ERROR(ASN1, ASN1_R_ILLEGAL_HEX);
goto bad_str;
}
diff --git a/crypto/x509v3/internal.h b/crypto/x509v3/internal.h
new file mode 100644
index 0000000..e6be684
--- /dev/null
+++ b/crypto/x509v3/internal.h
@@ -0,0 +1,51 @@
+/* Copyright (c) 2018, Google Inc.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
+ * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
+ * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
+
+#ifndef OPENSSL_HEADER_X509V3_INTERNAL_H
+#define OPENSSL_HEADER_X509V3_INTERNAL_H
+
+#include <openssl/base.h>
+
+#if defined(__cplusplus)
+extern "C" {
+#endif
+
+
+// x509v3_bytes_to_hex encodes |len| bytes from |buffer| to hex and returns a
+// newly-allocated NUL-terminated string containing the result, or NULL on
+// allocation error.
+//
+// Note this function was historically named |hex_to_string| in OpenSSL, not
+// |string_to_hex|.
+char *x509v3_bytes_to_hex(const unsigned char *buffer, long len);
+
+// x509v3_hex_string_to_bytes decodes |str| in hex and returns a newly-allocated
+// array containing the result, or NULL on error. On success, it sets |*len| to
+// the length of the result. Colon separators between bytes in the input are
+// allowed and ignored.
+//
+// Note this function was historically named |string_to_hex| in OpenSSL, not
+// |hex_to_string|.
+unsigned char *x509v3_hex_to_bytes(const char *str, long *len);
+
+// x509v3_name_cmp returns zero if |name| is equal to |cmp| or begins with |cmp|
+// followed by '.'. Otherwise, it returns a non-zero number.
+int x509v3_name_cmp(const char *name, const char *cmp);
+
+
+#if defined(__cplusplus)
+} /* extern C */
+#endif
+
+#endif /* OPENSSL_HEADER_X509V3_INTERNAL_H */
diff --git a/crypto/x509v3/v3_akey.c b/crypto/x509v3/v3_akey.c
index 4503e61..30c02e2 100644
--- a/crypto/x509v3/v3_akey.c
+++ b/crypto/x509v3/v3_akey.c
@@ -66,6 +66,9 @@
#include <openssl/obj.h>
#include <openssl/x509v3.h>
+#include "internal.h"
+
+
static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,
AUTHORITY_KEYID *akeyid,
STACK_OF(CONF_VALUE)
@@ -92,14 +95,14 @@
{
char *tmp;
if (akeyid->keyid) {
- tmp = hex_to_string(akeyid->keyid->data, akeyid->keyid->length);
+ tmp = x509v3_bytes_to_hex(akeyid->keyid->data, akeyid->keyid->length);
X509V3_add_value("keyid", tmp, &extlist);
OPENSSL_free(tmp);
}
if (akeyid->issuer)
extlist = i2v_GENERAL_NAMES(NULL, akeyid->issuer, extlist);
if (akeyid->serial) {
- tmp = hex_to_string(akeyid->serial->data, akeyid->serial->length);
+ tmp = x509v3_bytes_to_hex(akeyid->serial->data, akeyid->serial->length);
X509V3_add_value("serial", tmp, &extlist);
OPENSSL_free(tmp);
}
diff --git a/crypto/x509v3/v3_alt.c b/crypto/x509v3/v3_alt.c
index b78a410..5a4fadf 100644
--- a/crypto/x509v3/v3_alt.c
+++ b/crypto/x509v3/v3_alt.c
@@ -64,6 +64,9 @@
#include <openssl/obj.h>
#include <openssl/x509v3.h>
+#include "internal.h"
+
+
static GENERAL_NAMES *v2i_subject_alt(X509V3_EXT_METHOD *method,
X509V3_CTX *ctx,
STACK_OF(CONF_VALUE) *nval);
@@ -261,7 +264,7 @@
}
for (i = 0; i < sk_CONF_VALUE_num(nval); i++) {
cnf = sk_CONF_VALUE_value(nval, i);
- if (!name_cmp(cnf->name, "issuer") && cnf->value &&
+ if (!x509v3_name_cmp(cnf->name, "issuer") && cnf->value &&
!strcmp(cnf->value, "copy")) {
if (!copy_issuer(ctx, gens))
goto err;
@@ -331,11 +334,11 @@
}
for (i = 0; i < sk_CONF_VALUE_num(nval); i++) {
cnf = sk_CONF_VALUE_value(nval, i);
- if (!name_cmp(cnf->name, "email") && cnf->value &&
+ if (!x509v3_name_cmp(cnf->name, "email") && cnf->value &&
!strcmp(cnf->value, "copy")) {
if (!copy_email(ctx, gens, 0))
goto err;
- } else if (!name_cmp(cnf->name, "email") && cnf->value &&
+ } else if (!x509v3_name_cmp(cnf->name, "email") && cnf->value &&
!strcmp(cnf->value, "move")) {
if (!copy_email(ctx, gens, 1))
goto err;
@@ -545,19 +548,19 @@
return NULL;
}
- if (!name_cmp(name, "email"))
+ if (!x509v3_name_cmp(name, "email"))
type = GEN_EMAIL;
- else if (!name_cmp(name, "URI"))
+ else if (!x509v3_name_cmp(name, "URI"))
type = GEN_URI;
- else if (!name_cmp(name, "DNS"))
+ else if (!x509v3_name_cmp(name, "DNS"))
type = GEN_DNS;
- else if (!name_cmp(name, "RID"))
+ else if (!x509v3_name_cmp(name, "RID"))
type = GEN_RID;
- else if (!name_cmp(name, "IP"))
+ else if (!x509v3_name_cmp(name, "IP"))
type = GEN_IPADD;
- else if (!name_cmp(name, "dirName"))
+ else if (!x509v3_name_cmp(name, "dirName"))
type = GEN_DIRNAME;
- else if (!name_cmp(name, "otherName"))
+ else if (!x509v3_name_cmp(name, "otherName"))
type = GEN_OTHERNAME;
else {
OPENSSL_PUT_ERROR(X509V3, X509V3_R_UNSUPPORTED_OPTION);
diff --git a/crypto/x509v3/v3_conf.c b/crypto/x509v3/v3_conf.c
index ff2eae1..e98d0fc 100644
--- a/crypto/x509v3/v3_conf.c
+++ b/crypto/x509v3/v3_conf.c
@@ -69,6 +69,7 @@
#include <openssl/x509v3.h>
#include "../internal.h"
+#include "internal.h"
static int v3_check_critical(char **value);
static int v3_check_generic(char **value);
@@ -278,7 +279,7 @@
}
if (gen_type == 1)
- ext_der = string_to_hex(value, &ext_len);
+ ext_der = x509v3_hex_to_bytes(value, &ext_len);
else if (gen_type == 2)
ext_der = generic_asn1(value, ctx, &ext_len);
diff --git a/crypto/x509v3/v3_cpols.c b/crypto/x509v3/v3_cpols.c
index 4def530..18d260b 100644
--- a/crypto/x509v3/v3_cpols.c
+++ b/crypto/x509v3/v3_cpols.c
@@ -69,6 +69,7 @@
#include <openssl/stack.h>
#include <openssl/x509v3.h>
+#include "internal.h"
#include "pcy_int.h"
/* Certificate policies extension support: this one is a bit complex... */
@@ -231,7 +232,7 @@
}
pol->policyid = pobj;
- } else if (!name_cmp(cnf->name, "CPS")) {
+ } else if (!x509v3_name_cmp(cnf->name, "CPS")) {
if (!pol->qualifiers)
pol->qualifiers = sk_POLICYQUALINFO_new_null();
if (!(qual = POLICYQUALINFO_new()))
@@ -251,7 +252,7 @@
if (!ASN1_STRING_set(qual->d.cpsuri, cnf->value,
strlen(cnf->value)))
goto merr;
- } else if (!name_cmp(cnf->name, "userNotice")) {
+ } else if (!x509v3_name_cmp(cnf->name, "userNotice")) {
STACK_OF(CONF_VALUE) *unot;
if (*cnf->value != '@') {
OPENSSL_PUT_ERROR(X509V3, X509V3_R_EXPECTED_A_SECTION_NAME);
diff --git a/crypto/x509v3/v3_pci.c b/crypto/x509v3/v3_pci.c
index 4352abe..f9031c0 100644
--- a/crypto/x509v3/v3_pci.c
+++ b/crypto/x509v3/v3_pci.c
@@ -44,6 +44,7 @@
#include <openssl/x509v3.h>
#include "../internal.h"
+#include "internal.h"
static int i2r_pci(X509V3_EXT_METHOD *method, PROXY_CERT_INFO_EXTENSION *ext,
@@ -123,7 +124,7 @@
}
if (strncmp(val->value, "hex:", 4) == 0) {
unsigned char *tmp_data2 =
- string_to_hex(val->value + 4, &val_len);
+ x509v3_hex_to_bytes(val->value + 4, &val_len);
if (!tmp_data2) {
OPENSSL_PUT_ERROR(X509V3, X509V3_R_ILLEGAL_HEX_DIGIT);
diff --git a/crypto/x509v3/v3_skey.c b/crypto/x509v3/v3_skey.c
index 65f8287..6a16e78 100644
--- a/crypto/x509v3/v3_skey.c
+++ b/crypto/x509v3/v3_skey.c
@@ -63,6 +63,9 @@
#include <openssl/obj.h>
#include <openssl/x509v3.h>
+#include "internal.h"
+
+
static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method,
X509V3_CTX *ctx, char *str);
const X509V3_EXT_METHOD v3_skey_id = {
@@ -76,7 +79,7 @@
char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, ASN1_OCTET_STRING *oct)
{
- return hex_to_string(oct->data, oct->length);
+ return x509v3_bytes_to_hex(oct->data, oct->length);
}
ASN1_OCTET_STRING *s2i_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method,
@@ -90,7 +93,7 @@
return NULL;
}
- if (!(oct->data = string_to_hex(str, &length))) {
+ if (!(oct->data = x509v3_hex_to_bytes(str, &length))) {
M_ASN1_OCTET_STRING_free(oct);
return NULL;
}
diff --git a/crypto/x509v3/v3_utl.c b/crypto/x509v3/v3_utl.c
index 589e296..2a293dc 100644
--- a/crypto/x509v3/v3_utl.c
+++ b/crypto/x509v3/v3_utl.c
@@ -72,6 +72,7 @@
#include "../conf/internal.h"
#include "../internal.h"
+#include "internal.h"
static char *strip_spaces(char *name);
@@ -446,7 +447,7 @@
* on EBCDIC machines)
*/
-char *hex_to_string(const unsigned char *buffer, long len)
+char *x509v3_bytes_to_hex(const unsigned char *buffer, long len)
{
char *tmp, *q;
const unsigned char *p;
@@ -469,11 +470,7 @@
return tmp;
}
-/*
- * Give a string of hex digits convert to a buffer
- */
-
-unsigned char *string_to_hex(const char *str, long *len)
+unsigned char *x509v3_hex_to_bytes(const char *str, long *len)
{
unsigned char *hexbuf, *q;
unsigned char ch, cl, *p;
@@ -533,11 +530,7 @@
}
-/*
- * V2I name comparison function: returns zero if 'name' matches cmp or cmp.*
- */
-
-int name_cmp(const char *name, const char *cmp)
+int x509v3_name_cmp(const char *name, const char *cmp)
{
int len, ret;
char c;
diff --git a/include/openssl/x509v3.h b/include/openssl/x509v3.h
index 4a654b5..d2d39f8 100644
--- a/include/openssl/x509v3.h
+++ b/include/openssl/x509v3.h
@@ -666,10 +666,6 @@
OPENSSL_EXPORT X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc);
OPENSSL_EXPORT int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value, int crit, unsigned long flags);
-char *hex_to_string(const unsigned char *buffer, long len);
-unsigned char *string_to_hex(const char *str, long *len);
-int name_cmp(const char *name, const char *cmp);
-
OPENSSL_EXPORT void X509V3_EXT_val_prn(BIO *out, STACK_OF(CONF_VALUE) *val, int indent,
int ml);
OPENSSL_EXPORT int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, int indent);