commit 6ce77afa91bc0db1897cba8ce08188c804f908b1
author David Benjamin <davidben@google.com> Wed Nov 23 16:40:19 2022 -0500
committer Boringssl LUCI CQ <boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com> Fri Dec 09 02:25:55 2022 +0000
tree cd3c8a172b0800ed82abc71b311a9f13003e115b
parent faac9aa3349f149cd433582c31020d49090a0737

Unexport X509V3_NAME_from_section and fix the type of chtype.

X509_NAME_add_entry_by_txt and friends all use int for MBSTRING_*
constants. X509V3_NAME_from_section was the odd one out in using
unsigned long.

Bug: 516
Change-Id: Ib0bca46a080a791d2fba0b515a47b047c0777260
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/55456
Commit-Queue: Bob Beck <bbe@google.com>
Reviewed-by: Bob Beck <bbe@google.com>

crypto/x509v3/internal.h

diff --git a/crypto/x509v3/internal.h b/crypto/x509v3/internal.h
index 9c9c425..00dae92 100644
--- a/crypto/x509v3/internal.h
+++ b/crypto/x509v3/internal.h
@@ -127,6 +127,13 @@
 int x509V3_add_value_asn1_string(const char *name, const ASN1_STRING *value,
                                  STACK_OF(CONF_VALUE) **extlist);
 
+// X509V3_NAME_from_section adds attributes to |nm| by interpreting the
+// key/value pairs in |dn_sk|. It returns one on success and zero on error.
+// |chtype|, which should be one of |MBSTRING_*| constants, determines the
+// character encoding used to interpret values.
+int X509V3_NAME_from_section(X509_NAME *nm, const STACK_OF(CONF_VALUE) *dn_sk,
+                             int chtype);
+
 
 // Internal structures
 

crypto/x509v3/v3_utl.c

diff --git a/crypto/x509v3/v3_utl.c b/crypto/x509v3/v3_utl.c
index a78127b..d21de45 100644
--- a/crypto/x509v3/v3_utl.c
+++ b/crypto/x509v3/v3_utl.c
@@ -1352,21 +1352,17 @@
   return 1;
 }
 
-int X509V3_NAME_from_section(X509_NAME *nm, STACK_OF(CONF_VALUE) *dn_sk,
-                             unsigned long chtype) {
-  CONF_VALUE *v;
-  int mval;
-  size_t i;
-  char *p, *type;
+int X509V3_NAME_from_section(X509_NAME *nm, const STACK_OF(CONF_VALUE) *dn_sk,
+                             int chtype) {
   if (!nm) {
     return 0;
   }
 
-  for (i = 0; i < sk_CONF_VALUE_num(dn_sk); i++) {
-    v = sk_CONF_VALUE_value(dn_sk, i);
-    type = v->name;
+  for (size_t i = 0; i < sk_CONF_VALUE_num(dn_sk); i++) {
+    const CONF_VALUE *v = sk_CONF_VALUE_value(dn_sk, i);
+    const char *type = v->name;
     // Skip past any leading X. X: X, etc to allow for multiple instances
-    for (p = type; *p; p++) {
+    for (const char *p = type; *p; p++) {
       if ((*p == ':') || (*p == ',') || (*p == '.')) {
         p++;
         if (*p) {
@@ -1375,6 +1371,7 @@
         break;
       }
     }
+    int mval;
     if (*type == '+') {
       mval = -1;
       type++;

include/openssl/x509v3.h

diff --git a/include/openssl/x509v3.h b/include/openssl/x509v3.h
index 9db57e6..8d5adbf 100644
--- a/include/openssl/x509v3.h
+++ b/include/openssl/x509v3.h
@@ -903,9 +903,6 @@
 
 OPENSSL_EXPORT ASN1_OCTET_STRING *a2i_IPADDRESS(const char *ipasc);
 OPENSSL_EXPORT ASN1_OCTET_STRING *a2i_IPADDRESS_NC(const char *ipasc);
-OPENSSL_EXPORT int X509V3_NAME_from_section(X509_NAME *nm,
-                                            STACK_OF(CONF_VALUE) *dn_sk,
-                                            unsigned long chtype);
 
 // BEGIN ERROR CODES
 // The following lines are auto generated by the script mkerr.pl. Any changes