From 53d9614a6da17c5f36d46ccf016d3afd5da194dc Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Mon, 20 Nov 2023 23:41:55 -0500 Subject: [PATCH] Merge crypto/x509v3 into crypto/x509 The public headers are not yet merged. That will be doen in the subsequent CL. This required teaching make_errors.go that x509v3 are found elsewhere, also to skip irrelevant OPENSSL_DECLARE_ERROR_REASON calls. Change-Id: Ic40de51f9a5325acd60262c614924dc3407b800c Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/64137 Commit-Queue: David Benjamin Reviewed-by: Bob Beck (cherry picked from commit 861cb31975b68abd0b6ed7d0dd37213b17385bab) --- crypto/CMakeLists.txt | 76 +++++------ crypto/x509/asn1_gen.c | 1 - crypto/{x509v3 => x509}/ext_dat.h | 0 crypto/x509/internal.h | 115 ++++++++++++++++ crypto/x509/policy.c | 1 - crypto/{x509v3 => x509}/tab_test.cc | 0 crypto/{x509v3 => x509}/v3_akey.c | 0 crypto/{x509v3 => x509}/v3_akeya.c | 0 crypto/{x509v3 => x509}/v3_alt.c | 1 - crypto/{x509v3 => x509}/v3_bcons.c | 0 crypto/{x509v3 => x509}/v3_bitst.c | 0 crypto/{x509v3 => x509}/v3_conf.c | 1 - crypto/{x509v3 => x509}/v3_cpols.c | 0 crypto/{x509v3 => x509}/v3_crld.c | 1 - crypto/{x509v3 => x509}/v3_enum.c | 0 crypto/{x509v3 => x509}/v3_extku.c | 0 crypto/{x509v3 => x509}/v3_genn.c | 0 crypto/{x509v3 => x509}/v3_ia5.c | 0 crypto/{x509v3 => x509}/v3_info.c | 0 crypto/{x509v3 => x509}/v3_int.c | 0 crypto/{x509v3 => x509}/v3_lib.c | 3 +- crypto/{x509v3 => x509}/v3_ncons.c | 2 +- crypto/{x509v3 => x509}/v3_ocsp.c | 0 crypto/{x509v3 => x509}/v3_pcons.c | 0 crypto/{x509v3 => x509}/v3_pmaps.c | 0 crypto/{x509v3 => x509}/v3_prn.c | 0 crypto/{x509v3 => x509}/v3_purp.c | 1 - crypto/{x509v3 => x509}/v3_skey.c | 1 - crypto/{x509v3 => x509}/v3_utl.c | 0 crypto/x509/x509_cmp.c | 1 - crypto/x509/x509_set.c | 1 - crypto/x509/x509_test.cc | 1 - crypto/x509/x509_trs.c | 1 - crypto/x509/x509_vfy.c | 1 - crypto/x509/x509_vpm.c | 1 - crypto/x509v3/internal.h | 195 ---------------------------- fuzz/cert.cc | 2 +- util/make_errors.go | 16 ++- 38 files changed, 168 insertions(+), 254 deletions(-) rename crypto/{x509v3 => x509}/ext_dat.h (100%) rename crypto/{x509v3 => x509}/tab_test.cc (100%) rename crypto/{x509v3 => x509}/v3_akey.c (100%) rename crypto/{x509v3 => x509}/v3_akeya.c (100%) rename crypto/{x509v3 => x509}/v3_alt.c (99%) rename crypto/{x509v3 => x509}/v3_bcons.c (100%) rename crypto/{x509v3 => x509}/v3_bitst.c (100%) rename crypto/{x509v3 => x509}/v3_conf.c (99%) rename crypto/{x509v3 => x509}/v3_cpols.c (100%) rename crypto/{x509v3 => x509}/v3_crld.c (99%) rename crypto/{x509v3 => x509}/v3_enum.c (100%) rename crypto/{x509v3 => x509}/v3_extku.c (100%) rename crypto/{x509v3 => x509}/v3_genn.c (100%) rename crypto/{x509v3 => x509}/v3_ia5.c (100%) rename crypto/{x509v3 => x509}/v3_info.c (100%) rename crypto/{x509v3 => x509}/v3_int.c (100%) rename crypto/{x509v3 => x509}/v3_lib.c (99%) rename crypto/{x509v3 => x509}/v3_ncons.c (99%) rename crypto/{x509v3 => x509}/v3_ocsp.c (100%) rename crypto/{x509v3 => x509}/v3_pcons.c (100%) rename crypto/{x509v3 => x509}/v3_pmaps.c (100%) rename crypto/{x509v3 => x509}/v3_prn.c (100%) rename crypto/{x509v3 => x509}/v3_purp.c (99%) rename crypto/{x509v3 => x509}/v3_skey.c (99%) rename crypto/{x509v3 => x509}/v3_utl.c (100%) delete mode 100644 crypto/x509v3/internal.h diff --git a/crypto/CMakeLists.txt b/crypto/CMakeLists.txt index f1589923475..462ef8cadbc 100644 --- a/crypto/CMakeLists.txt +++ b/crypto/CMakeLists.txt @@ -460,7 +460,42 @@ add_library( x509/t_req.c x509/t_x509.c x509/t_x509a.c - x509/x509.c + x509/v3_akey.c + x509/v3_akeya.c + x509/v3_alt.c + x509/v3_bcons.c + x509/v3_bitst.c + x509/v3_conf.c + x509/v3_cpols.c + x509/v3_crld.c + x509/v3_enum.c + x509/v3_extku.c + x509/v3_genn.c + x509/v3_ia5.c + x509/v3_info.c + x509/v3_int.c + x509/v3_lib.c + x509/v3_ncons.c + x509/v3_ocsp.c + x509/v3_pcons.c + x509/v3_pmaps.c + x509/v3_prn.c + x509/v3_purp.c + x509/v3_skey.c + x509/v3_utl.c + x509/x_algor.c + x509/x_all.c + x509/x_attrib.c + x509/x_crl.c + x509/x_exten.c + x509/x_name.c + x509/x_pubkey.c + x509/x_req.c + x509/x_sig.c + x509/x_spki.c + x509/x_val.c + x509/x_x509.c + x509/x_x509a.c x509/x509_att.c x509/x509_cmp.c x509/x509_d2.c @@ -475,46 +510,11 @@ add_library( x509/x509_v3.c x509/x509_vfy.c x509/x509_vpm.c + x509/x509.c x509/x509cset.c x509/x509name.c x509/x509rset.c x509/x509spki.c - x509/x_algor.c - x509/x_all.c - x509/x_attrib.c - x509/x_crl.c - x509/x_exten.c - x509/x_name.c - x509/x_pubkey.c - x509/x_req.c - x509/x_sig.c - x509/x_spki.c - x509/x_val.c - x509/x_x509.c - x509/x_x509a.c - x509v3/v3_akey.c - x509v3/v3_akeya.c - x509v3/v3_alt.c - x509v3/v3_bcons.c - x509v3/v3_bitst.c - x509v3/v3_conf.c - x509v3/v3_cpols.c - x509v3/v3_crld.c - x509v3/v3_enum.c - x509v3/v3_extku.c - x509v3/v3_genn.c - x509v3/v3_ia5.c - x509v3/v3_info.c - x509v3/v3_int.c - x509v3/v3_lib.c - x509v3/v3_ncons.c - x509v3/v3_ocsp.c - x509v3/v3_pcons.c - x509v3/v3_pmaps.c - x509v3/v3_prn.c - x509v3/v3_purp.c - x509v3/v3_skey.c - x509v3/v3_utl.c decrepit/bio/base64_bio.c decrepit/blowfish/blowfish.c decrepit/cast/cast.c @@ -765,9 +765,9 @@ if(BUILD_TESTING) test/file_test_gtest.cc thread_test.cc trust_token/trust_token_test.cc + x509/tab_test.cc x509/x509_test.cc x509/x509_time_test.cc - x509v3/tab_test.cc decrepit/blowfish/blowfish_test.cc decrepit/cast/cast_test.cc decrepit/cfb/cfb_test.cc diff --git a/crypto/x509/asn1_gen.c b/crypto/x509/asn1_gen.c index 321f63bec05..b75a5feb9a0 100644 --- a/crypto/x509/asn1_gen.c +++ b/crypto/x509/asn1_gen.c @@ -69,7 +69,6 @@ #include "../conf/internal.h" #include "../internal.h" -#include "../x509v3/internal.h" #include "internal.h" diff --git a/crypto/x509v3/ext_dat.h b/crypto/x509/ext_dat.h similarity index 100% rename from crypto/x509v3/ext_dat.h rename to crypto/x509/ext_dat.h diff --git a/crypto/x509/internal.h b/crypto/x509/internal.h index 1fb5b7d5809..e1fbc9a8d55 100644 --- a/crypto/x509/internal.h +++ b/crypto/x509/internal.h @@ -62,6 +62,7 @@ #include #include #include +#include #include "../asn1/internal.h" @@ -428,6 +429,120 @@ int X509_policy_check(const STACK_OF(X509) *certs, // one internal project and rust-openssl, who use it by mistake. int x509_check_issued_with_callback(X509_STORE_CTX *ctx, X509 *x, X509 *issuer); +// x509v3_bytes_to_hex encodes |len| bytes from |in| to hex and returns a +// newly-allocated NUL-terminated string containing the result, or NULL on +// allocation error. +// +// This function was historically named |hex_to_string| in OpenSSL. Despite the +// name, |hex_to_string| converted to hex. +OPENSSL_EXPORT char *x509v3_bytes_to_hex(const uint8_t *in, size_t len); + +// x509v3_hex_string_to_bytes decodes |str| in hex and returns a newly-allocated +// array containing the result, or NULL on error. On success, it sets |*len| to +// the length of the result. Colon separators between bytes in the input are +// allowed and ignored. +// +// This function was historically named |string_to_hex| in OpenSSL. Despite the +// name, |string_to_hex| converted from hex. +unsigned char *x509v3_hex_to_bytes(const char *str, size_t *len); + +// x509v3_conf_name_matches returns one if |name| is equal to |cmp| or begins +// with |cmp| followed by '.', and zero otherwise. +int x509v3_conf_name_matches(const char *name, const char *cmp); + +// x509v3_looks_like_dns_name returns one if |in| looks like a DNS name and zero +// otherwise. +OPENSSL_EXPORT int x509v3_looks_like_dns_name(const unsigned char *in, + size_t len); + +// x509v3_cache_extensions fills in a number of fields relating to X.509 +// extensions in |x|. It returns one on success and zero if some extensions were +// invalid. +OPENSSL_EXPORT int x509v3_cache_extensions(X509 *x); + +// x509v3_a2i_ipadd decodes |ipasc| as an IPv4 or IPv6 address. IPv6 addresses +// use colon-separated syntax while IPv4 addresses use dotted decimal syntax. If +// it decodes an IPv4 address, it writes the result to the first four bytes of +// |ipout| and returns four. If it decodes an IPv6 address, it writes the result +// to all 16 bytes of |ipout| and returns 16. Otherwise, it returns zero. +int x509v3_a2i_ipadd(unsigned char ipout[16], const char *ipasc); + +// A |BIT_STRING_BITNAME| is used to contain a list of bit names. +typedef struct { + int bitnum; + const char *lname; + const char *sname; +} BIT_STRING_BITNAME; + +// x509V3_add_value_asn1_string appends a |CONF_VALUE| with the specified name +// and value to |*extlist|. if |*extlist| is NULL, it sets |*extlist| to a +// newly-allocated |STACK_OF(CONF_VALUE)| first. It returns one on success and +// zero on error. +int x509V3_add_value_asn1_string(const char *name, const ASN1_STRING *value, + STACK_OF(CONF_VALUE) **extlist); + +// X509V3_NAME_from_section adds attributes to |nm| by interpreting the +// key/value pairs in |dn_sk|. It returns one on success and zero on error. +// |chtype|, which should be one of |MBSTRING_*| constants, determines the +// character encoding used to interpret values. +int X509V3_NAME_from_section(X509_NAME *nm, const STACK_OF(CONF_VALUE) *dn_sk, + int chtype); + +// X509V3_bool_from_string decodes |str| as a boolean. On success, it returns +// one and sets |*out_bool| to resulting value. Otherwise, it returns zero. +int X509V3_bool_from_string(const char *str, ASN1_BOOLEAN *out_bool); + +// X509V3_get_value_bool decodes |value| as a boolean. On success, it returns +// one and sets |*out_bool| to the resulting value. Otherwise, it returns zero. +int X509V3_get_value_bool(const CONF_VALUE *value, ASN1_BOOLEAN *out_bool); + +// X509V3_get_value_int decodes |value| as an integer. On success, it returns +// one and sets |*aint| to the resulting value. Otherwise, it returns zero. If +// |*aint| was non-NULL at the start of the function, it frees the previous +// value before writing a new one. +int X509V3_get_value_int(const CONF_VALUE *value, ASN1_INTEGER **aint); + +// X509V3_get_section behaves like |NCONF_get_section| but queries |ctx|'s +// config database. +const STACK_OF(CONF_VALUE) *X509V3_get_section(const X509V3_CTX *ctx, + const char *section); + +// X509V3_add_value appends a |CONF_VALUE| containing |name| and |value| to +// |*extlist|. It returns one on success and zero on error. If |*extlist| is +// NULL, it sets |*extlist| to a newly-allocated |STACK_OF(CONF_VALUE)| +// containing the result. Either |name| or |value| may be NULL to omit the +// field. +// +// On failure, if |*extlist| was NULL, |*extlist| will remain NULL when the +// function returns. +int X509V3_add_value(const char *name, const char *value, + STACK_OF(CONF_VALUE) **extlist); + +// X509V3_add_value_bool behaves like |X509V3_add_value| but stores the value +// "TRUE" if |asn1_bool| is non-zero and "FALSE" otherwise. +int X509V3_add_value_bool(const char *name, int asn1_bool, + STACK_OF(CONF_VALUE) **extlist); + +// X509V3_add_value_bool behaves like |X509V3_add_value| but stores a string +// representation of |aint|. Note this string representation may be decimal or +// hexadecimal, depending on the size of |aint|. +int X509V3_add_value_int(const char *name, const ASN1_INTEGER *aint, + STACK_OF(CONF_VALUE) **extlist); + +STACK_OF(CONF_VALUE) *X509V3_parse_list(const char *line); + +#define X509V3_conf_err(val) \ + ERR_add_error_data(6, "section:", (val)->section, ",name:", (val)->name, \ + ",value:", (val)->value); + +// GENERAL_NAME_cmp returns zero if |a| and |b| are equal and a non-zero +// value otherwise. Note this function does not provide a comparison suitable +// for sorting. +// +// This function is exported for testing. +OPENSSL_EXPORT int GENERAL_NAME_cmp(const GENERAL_NAME *a, + const GENERAL_NAME *b); + #if defined(__cplusplus) } // extern C diff --git a/crypto/x509/policy.c b/crypto/x509/policy.c index 6390fe87955..96aa9b572bc 100644 --- a/crypto/x509/policy.c +++ b/crypto/x509/policy.c @@ -22,7 +22,6 @@ #include #include "../internal.h" -#include "../x509v3/internal.h" #include "internal.h" diff --git a/crypto/x509v3/tab_test.cc b/crypto/x509/tab_test.cc similarity index 100% rename from crypto/x509v3/tab_test.cc rename to crypto/x509/tab_test.cc diff --git a/crypto/x509v3/v3_akey.c b/crypto/x509/v3_akey.c similarity index 100% rename from crypto/x509v3/v3_akey.c rename to crypto/x509/v3_akey.c diff --git a/crypto/x509v3/v3_akeya.c b/crypto/x509/v3_akeya.c similarity index 100% rename from crypto/x509v3/v3_akeya.c rename to crypto/x509/v3_akeya.c diff --git a/crypto/x509v3/v3_alt.c b/crypto/x509/v3_alt.c similarity index 99% rename from crypto/x509v3/v3_alt.c rename to crypto/x509/v3_alt.c index e3c15f5b992..1d80d71318a 100644 --- a/crypto/x509v3/v3_alt.c +++ b/crypto/x509/v3_alt.c @@ -63,7 +63,6 @@ #include #include -#include "../x509/internal.h" #include "internal.h" diff --git a/crypto/x509v3/v3_bcons.c b/crypto/x509/v3_bcons.c similarity index 100% rename from crypto/x509v3/v3_bcons.c rename to crypto/x509/v3_bcons.c diff --git a/crypto/x509v3/v3_bitst.c b/crypto/x509/v3_bitst.c similarity index 100% rename from crypto/x509v3/v3_bitst.c rename to crypto/x509/v3_bitst.c diff --git a/crypto/x509v3/v3_conf.c b/crypto/x509/v3_conf.c similarity index 99% rename from crypto/x509v3/v3_conf.c rename to crypto/x509/v3_conf.c index d42523820c4..a7eb9f0334c 100644 --- a/crypto/x509v3/v3_conf.c +++ b/crypto/x509/v3_conf.c @@ -69,7 +69,6 @@ #include #include "../internal.h" -#include "../x509/internal.h" #include "internal.h" static int v3_check_critical(const char **value); diff --git a/crypto/x509v3/v3_cpols.c b/crypto/x509/v3_cpols.c similarity index 100% rename from crypto/x509v3/v3_cpols.c rename to crypto/x509/v3_cpols.c diff --git a/crypto/x509v3/v3_crld.c b/crypto/x509/v3_crld.c similarity index 99% rename from crypto/x509v3/v3_crld.c rename to crypto/x509/v3_crld.c index 4162c3538f8..dcb03f9f730 100644 --- a/crypto/x509v3/v3_crld.c +++ b/crypto/x509/v3_crld.c @@ -65,7 +65,6 @@ #include #include -#include "../x509/internal.h" #include "internal.h" diff --git a/crypto/x509v3/v3_enum.c b/crypto/x509/v3_enum.c similarity index 100% rename from crypto/x509v3/v3_enum.c rename to crypto/x509/v3_enum.c diff --git a/crypto/x509v3/v3_extku.c b/crypto/x509/v3_extku.c similarity index 100% rename from crypto/x509v3/v3_extku.c rename to crypto/x509/v3_extku.c diff --git a/crypto/x509v3/v3_genn.c b/crypto/x509/v3_genn.c similarity index 100% rename from crypto/x509v3/v3_genn.c rename to crypto/x509/v3_genn.c diff --git a/crypto/x509v3/v3_ia5.c b/crypto/x509/v3_ia5.c similarity index 100% rename from crypto/x509v3/v3_ia5.c rename to crypto/x509/v3_ia5.c diff --git a/crypto/x509v3/v3_info.c b/crypto/x509/v3_info.c similarity index 100% rename from crypto/x509v3/v3_info.c rename to crypto/x509/v3_info.c diff --git a/crypto/x509v3/v3_int.c b/crypto/x509/v3_int.c similarity index 100% rename from crypto/x509v3/v3_int.c rename to crypto/x509/v3_int.c diff --git a/crypto/x509v3/v3_lib.c b/crypto/x509/v3_lib.c similarity index 99% rename from crypto/x509v3/v3_lib.c rename to crypto/x509/v3_lib.c index f31bd365276..23dffe73f58 100644 --- a/crypto/x509v3/v3_lib.c +++ b/crypto/x509/v3_lib.c @@ -66,9 +66,10 @@ #include #include -#include "../x509/internal.h" +#include "internal.h" #include "ext_dat.h" + static STACK_OF(X509V3_EXT_METHOD) *ext_list = NULL; static int ext_stack_cmp(const X509V3_EXT_METHOD *const *a, diff --git a/crypto/x509v3/v3_ncons.c b/crypto/x509/v3_ncons.c similarity index 99% rename from crypto/x509v3/v3_ncons.c rename to crypto/x509/v3_ncons.c index ac9559f5c67..037084e9a66 100644 --- a/crypto/x509v3/v3_ncons.c +++ b/crypto/x509/v3_ncons.c @@ -65,7 +65,7 @@ #include #include "../internal.h" -#include "../x509/internal.h" +#include "internal.h" static void *v2i_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method, diff --git a/crypto/x509v3/v3_ocsp.c b/crypto/x509/v3_ocsp.c similarity index 100% rename from crypto/x509v3/v3_ocsp.c rename to crypto/x509/v3_ocsp.c diff --git a/crypto/x509v3/v3_pcons.c b/crypto/x509/v3_pcons.c similarity index 100% rename from crypto/x509v3/v3_pcons.c rename to crypto/x509/v3_pcons.c diff --git a/crypto/x509v3/v3_pmaps.c b/crypto/x509/v3_pmaps.c similarity index 100% rename from crypto/x509v3/v3_pmaps.c rename to crypto/x509/v3_pmaps.c diff --git a/crypto/x509v3/v3_prn.c b/crypto/x509/v3_prn.c similarity index 100% rename from crypto/x509v3/v3_prn.c rename to crypto/x509/v3_prn.c diff --git a/crypto/x509v3/v3_purp.c b/crypto/x509/v3_purp.c similarity index 99% rename from crypto/x509v3/v3_purp.c rename to crypto/x509/v3_purp.c index 2aa21119a75..f6c4dfd8e52 100644 --- a/crypto/x509v3/v3_purp.c +++ b/crypto/x509/v3_purp.c @@ -66,7 +66,6 @@ #include #include "../internal.h" -#include "../x509/internal.h" #include "internal.h" #define V1_ROOT (EXFLAG_V1 | EXFLAG_SS) diff --git a/crypto/x509v3/v3_skey.c b/crypto/x509/v3_skey.c similarity index 99% rename from crypto/x509v3/v3_skey.c rename to crypto/x509/v3_skey.c index caa7fe50a0b..eff6d545f4d 100644 --- a/crypto/x509v3/v3_skey.c +++ b/crypto/x509/v3_skey.c @@ -64,7 +64,6 @@ #include #include -#include "../x509/internal.h" #include "internal.h" diff --git a/crypto/x509v3/v3_utl.c b/crypto/x509/v3_utl.c similarity index 100% rename from crypto/x509v3/v3_utl.c rename to crypto/x509/v3_utl.c diff --git a/crypto/x509/x509_cmp.c b/crypto/x509/x509_cmp.c index 52d6ac33ae1..df036dc8b6e 100644 --- a/crypto/x509/x509_cmp.c +++ b/crypto/x509/x509_cmp.c @@ -66,7 +66,6 @@ #include #include "../internal.h" -#include "../x509v3/internal.h" #include "internal.h" diff --git a/crypto/x509/x509_set.c b/crypto/x509/x509_set.c index 33307896f3b..5c593eb8650 100644 --- a/crypto/x509/x509_set.c +++ b/crypto/x509/x509_set.c @@ -60,7 +60,6 @@ #include #include -#include "../x509v3/internal.h" #include "internal.h" #include "openssl/x509v3.h" diff --git a/crypto/x509/x509_test.cc b/crypto/x509/x509_test.cc index ea861db1c52..cb3ba972ec2 100644 --- a/crypto/x509/x509_test.cc +++ b/crypto/x509/x509_test.cc @@ -38,7 +38,6 @@ #include "../evp_extra/internal.h" #include "../internal.h" #include "../test/test_util.h" -#include "../x509v3/internal.h" #if defined(OPENSSL_THREADS) #include diff --git a/crypto/x509/x509_trs.c b/crypto/x509/x509_trs.c index 5f315a70286..6aa40830bcb 100644 --- a/crypto/x509/x509_trs.c +++ b/crypto/x509/x509_trs.c @@ -59,7 +59,6 @@ #include #include -#include "../x509v3/internal.h" #include "internal.h" diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index 7bba05c7bbd..227f2cf95d2 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -68,7 +68,6 @@ #include #include "../internal.h" -#include "../x509v3/internal.h" #include "internal.h" static CRYPTO_EX_DATA_CLASS g_ex_data_class = diff --git a/crypto/x509/x509_vpm.c b/crypto/x509/x509_vpm.c index 67c0d2f274d..52d564b6744 100644 --- a/crypto/x509/x509_vpm.c +++ b/crypto/x509/x509_vpm.c @@ -63,7 +63,6 @@ #include #include "../internal.h" -#include "../x509v3/internal.h" #include "internal.h" diff --git a/crypto/x509v3/internal.h b/crypto/x509v3/internal.h deleted file mode 100644 index 2ae6bce215a..00000000000 --- a/crypto/x509v3/internal.h +++ /dev/null @@ -1,195 +0,0 @@ -/* - * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project - * 2004. - */ -/* ==================================================================== - * Copyright (c) 2004 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#ifndef OPENSSL_HEADER_X509V3_INTERNAL_H -#define OPENSSL_HEADER_X509V3_INTERNAL_H - -#include - -#include -#include -#include - -// TODO(davidben): Merge x509 and x509v3. This include is needed because some -// internal typedefs are shared between the two, but the two modules depend on -// each other circularly. -#include "../x509/internal.h" - -#if defined(__cplusplus) -extern "C" { -#endif - - -// x509v3_bytes_to_hex encodes |len| bytes from |in| to hex and returns a -// newly-allocated NUL-terminated string containing the result, or NULL on -// allocation error. -// -// This function was historically named |hex_to_string| in OpenSSL. Despite the -// name, |hex_to_string| converted to hex. -OPENSSL_EXPORT char *x509v3_bytes_to_hex(const uint8_t *in, size_t len); - -// x509v3_hex_string_to_bytes decodes |str| in hex and returns a newly-allocated -// array containing the result, or NULL on error. On success, it sets |*len| to -// the length of the result. Colon separators between bytes in the input are -// allowed and ignored. -// -// This function was historically named |string_to_hex| in OpenSSL. Despite the -// name, |string_to_hex| converted from hex. -unsigned char *x509v3_hex_to_bytes(const char *str, size_t *len); - -// x509v3_conf_name_matches returns one if |name| is equal to |cmp| or begins -// with |cmp| followed by '.', and zero otherwise. -int x509v3_conf_name_matches(const char *name, const char *cmp); - -// x509v3_looks_like_dns_name returns one if |in| looks like a DNS name and zero -// otherwise. -OPENSSL_EXPORT int x509v3_looks_like_dns_name(const unsigned char *in, - size_t len); - -// x509v3_cache_extensions fills in a number of fields relating to X.509 -// extensions in |x|. It returns one on success and zero if some extensions were -// invalid. -OPENSSL_EXPORT int x509v3_cache_extensions(X509 *x); - -// x509v3_a2i_ipadd decodes |ipasc| as an IPv4 or IPv6 address. IPv6 addresses -// use colon-separated syntax while IPv4 addresses use dotted decimal syntax. If -// it decodes an IPv4 address, it writes the result to the first four bytes of -// |ipout| and returns four. If it decodes an IPv6 address, it writes the result -// to all 16 bytes of |ipout| and returns 16. Otherwise, it returns zero. -int x509v3_a2i_ipadd(unsigned char ipout[16], const char *ipasc); - -// A |BIT_STRING_BITNAME| is used to contain a list of bit names. -typedef struct { - int bitnum; - const char *lname; - const char *sname; -} BIT_STRING_BITNAME; - -// x509V3_add_value_asn1_string appends a |CONF_VALUE| with the specified name -// and value to |*extlist|. if |*extlist| is NULL, it sets |*extlist| to a -// newly-allocated |STACK_OF(CONF_VALUE)| first. It returns one on success and -// zero on error. -int x509V3_add_value_asn1_string(const char *name, const ASN1_STRING *value, - STACK_OF(CONF_VALUE) **extlist); - -// X509V3_NAME_from_section adds attributes to |nm| by interpreting the -// key/value pairs in |dn_sk|. It returns one on success and zero on error. -// |chtype|, which should be one of |MBSTRING_*| constants, determines the -// character encoding used to interpret values. -int X509V3_NAME_from_section(X509_NAME *nm, const STACK_OF(CONF_VALUE) *dn_sk, - int chtype); - -// X509V3_bool_from_string decodes |str| as a boolean. On success, it returns -// one and sets |*out_bool| to resulting value. Otherwise, it returns zero. -int X509V3_bool_from_string(const char *str, ASN1_BOOLEAN *out_bool); - -// X509V3_get_value_bool decodes |value| as a boolean. On success, it returns -// one and sets |*out_bool| to the resulting value. Otherwise, it returns zero. -int X509V3_get_value_bool(const CONF_VALUE *value, ASN1_BOOLEAN *out_bool); - -// X509V3_get_value_int decodes |value| as an integer. On success, it returns -// one and sets |*aint| to the resulting value. Otherwise, it returns zero. If -// |*aint| was non-NULL at the start of the function, it frees the previous -// value before writing a new one. -int X509V3_get_value_int(const CONF_VALUE *value, ASN1_INTEGER **aint); - -// X509V3_get_section behaves like |NCONF_get_section| but queries |ctx|'s -// config database. -const STACK_OF(CONF_VALUE) *X509V3_get_section(const X509V3_CTX *ctx, - const char *section); - -// X509V3_add_value appends a |CONF_VALUE| containing |name| and |value| to -// |*extlist|. It returns one on success and zero on error. If |*extlist| is -// NULL, it sets |*extlist| to a newly-allocated |STACK_OF(CONF_VALUE)| -// containing the result. Either |name| or |value| may be NULL to omit the -// field. -// -// On failure, if |*extlist| was NULL, |*extlist| will remain NULL when the -// function returns. -int X509V3_add_value(const char *name, const char *value, - STACK_OF(CONF_VALUE) **extlist); - -// X509V3_add_value_bool behaves like |X509V3_add_value| but stores the value -// "TRUE" if |asn1_bool| is non-zero and "FALSE" otherwise. -int X509V3_add_value_bool(const char *name, int asn1_bool, - STACK_OF(CONF_VALUE) **extlist); - -// X509V3_add_value_bool behaves like |X509V3_add_value| but stores a string -// representation of |aint|. Note this string representation may be decimal or -// hexadecimal, depending on the size of |aint|. -int X509V3_add_value_int(const char *name, const ASN1_INTEGER *aint, - STACK_OF(CONF_VALUE) **extlist); - -#define X509V3_conf_err(val) \ - ERR_add_error_data(6, "section:", (val)->section, ",name:", (val)->name, \ - ",value:", (val)->value); - -// GENERAL_NAME_cmp returns zero if |a| and |b| are equal and a non-zero -// value otherwise. Note this function does not provide a comparison suitable -// for sorting. -// -// This function is exported for testing. -OPENSSL_EXPORT int GENERAL_NAME_cmp(const GENERAL_NAME *a, - const GENERAL_NAME *b); - - -#if defined(__cplusplus) -} // extern C -#endif - -#endif // OPENSSL_HEADER_X509V3_INTERNAL_H diff --git a/fuzz/cert.cc b/fuzz/cert.cc index 548109e55a8..e433450c34f 100644 --- a/fuzz/cert.cc +++ b/fuzz/cert.cc @@ -16,7 +16,7 @@ #include #include -#include "../crypto/x509v3/internal.h" +#include "../crypto/x509/internal.h" extern "C" int LLVMFuzzerTestOneInput(const uint8_t *buf, size_t len) { X509 *x509 = d2i_X509(NULL, &buf, len); diff --git a/util/make_errors.go b/util/make_errors.go index 04ace22e0a0..fd36b07f164 100644 --- a/util/make_errors.go +++ b/util/make_errors.go @@ -59,6 +59,10 @@ func getLibraryInfo(lib string) libraryInfo { info.sourceDirs = append(info.sourceDirs, filepath.Join("crypto", "hpke")) } + if lib == "x509v3" { + info.sourceDirs = append(info.sourceDirs, filepath.Join("crypto", "x509")) + } + return info } @@ -324,7 +328,7 @@ func assignNewValues(assignments map[string]int, reserved int) { } } -func handleDeclareMacro(line, join, macroName string, m map[string]int) { +func handleDeclareMacro(line, prefix, join, macroName string, m map[string]int) { if i := strings.Index(line, macroName); i >= 0 { contents := line[i+len(macroName):] if i := strings.Index(contents, ")"); i >= 0 { @@ -336,9 +340,11 @@ func handleDeclareMacro(line, join, macroName string, m map[string]int) { if len(args) != 2 { panic("Bad macro line: " + line) } - token := args[0] + join + args[1] - if _, ok := m[token]; !ok { - m[token] = -1 + if args[0] == prefix { + token := args[0] + join + args[1] + if _, ok := m[token]; !ok { + m[token] = -1 + } } } } @@ -357,7 +363,7 @@ func addReasons(reasons map[string]int, filename, prefix string) error { for scanner.Scan() { line := scanner.Text() - handleDeclareMacro(line, "_R_", "OPENSSL_DECLARE_ERROR_REASON(", reasons) + handleDeclareMacro(line, prefix, "_R_", "OPENSSL_DECLARE_ERROR_REASON(", reasons) for len(line) > 0 { i := strings.Index(line, prefix+"_")