Unexport X509V3_NAME_from_section and fix the type of chtype.
X509_NAME_add_entry_by_txt and friends all use int for MBSTRING_*
constants. X509V3_NAME_from_section was the odd one out in using
unsigned long.
Bug: 516
Change-Id: Ib0bca46a080a791d2fba0b515a47b047c0777260
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/55456
Commit-Queue: Bob Beck <bbe@google.com>
Reviewed-by: Bob Beck <bbe@google.com>
diff --git a/crypto/x509v3/internal.h b/crypto/x509v3/internal.h
index 9c9c425..00dae92 100644
--- a/crypto/x509v3/internal.h
+++ b/crypto/x509v3/internal.h
@@ -127,6 +127,13 @@
int x509V3_add_value_asn1_string(const char *name, const ASN1_STRING *value,
STACK_OF(CONF_VALUE) **extlist);
+// X509V3_NAME_from_section adds attributes to |nm| by interpreting the
+// key/value pairs in |dn_sk|. It returns one on success and zero on error.
+// |chtype|, which should be one of |MBSTRING_*| constants, determines the
+// character encoding used to interpret values.
+int X509V3_NAME_from_section(X509_NAME *nm, const STACK_OF(CONF_VALUE) *dn_sk,
+ int chtype);
+
// Internal structures
diff --git a/crypto/x509v3/v3_utl.c b/crypto/x509v3/v3_utl.c
index a78127b..d21de45 100644
--- a/crypto/x509v3/v3_utl.c
+++ b/crypto/x509v3/v3_utl.c
@@ -1352,21 +1352,17 @@
return 1;
}
-int X509V3_NAME_from_section(X509_NAME *nm, STACK_OF(CONF_VALUE) *dn_sk,
- unsigned long chtype) {
- CONF_VALUE *v;
- int mval;
- size_t i;
- char *p, *type;
+int X509V3_NAME_from_section(X509_NAME *nm, const STACK_OF(CONF_VALUE) *dn_sk,
+ int chtype) {
if (!nm) {
return 0;
}
- for (i = 0; i < sk_CONF_VALUE_num(dn_sk); i++) {
- v = sk_CONF_VALUE_value(dn_sk, i);
- type = v->name;
+ for (size_t i = 0; i < sk_CONF_VALUE_num(dn_sk); i++) {
+ const CONF_VALUE *v = sk_CONF_VALUE_value(dn_sk, i);
+ const char *type = v->name;
// Skip past any leading X. X: X, etc to allow for multiple instances
- for (p = type; *p; p++) {
+ for (const char *p = type; *p; p++) {
if ((*p == ':') || (*p == ',') || (*p == '.')) {
p++;
if (*p) {
@@ -1375,6 +1371,7 @@
break;
}
}
+ int mval;
if (*type == '+') {
mval = -1;
type++;
diff --git a/include/openssl/x509v3.h b/include/openssl/x509v3.h
index 9db57e6..8d5adbf 100644
--- a/include/openssl/x509v3.h
+++ b/include/openssl/x509v3.h
@@ -903,9 +903,6 @@
OPENSSL_EXPORT ASN1_OCTET_STRING *a2i_IPADDRESS(const char *ipasc);
OPENSSL_EXPORT ASN1_OCTET_STRING *a2i_IPADDRESS_NC(const char *ipasc);
-OPENSSL_EXPORT int X509V3_NAME_from_section(X509_NAME *nm,
- STACK_OF(CONF_VALUE) *dn_sk,
- unsigned long chtype);
// BEGIN ERROR CODES
// The following lines are auto generated by the script mkerr.pl. Any changes