diff options
author | Rich Salz <rsalz@openssl.org> | 2016-04-18 07:43:54 -0400 |
---|---|---|
committer | Rich Salz <rsalz@openssl.org> | 2016-04-18 08:22:00 -0400 |
commit | 9021a5dfb37fd3a6f7726f07ef0f27dcb71048e2 (patch) | |
tree | 1676ab2e59a9fe9a859c2b7e55a4ddfcd7e2be21 /crypto/x509v3 | |
parent | 84f4f0bdd49dd162305685d76caa194165b56635 (diff) | |
download | openssl-9021a5dfb37fd3a6f7726f07ef0f27dcb71048e2.tar.gz |
Rename some lowercase API's
Make OBJ_name_cmp internal
Rename idea_xxx to IDEA_xxx
Rename get_rfc_xxx to BN_get_rfc_xxx
Rename v3_addr and v3_asid functions to X509v3_...
Reviewed-by: Richard Levitte <levitte@openssl.org>
Diffstat (limited to 'crypto/x509v3')
-rw-r--r-- | crypto/x509v3/ext_dat.h | 3 | ||||
-rw-r--r-- | crypto/x509v3/v3_addr.c | 84 | ||||
-rw-r--r-- | crypto/x509v3/v3_asid.c | 46 | ||||
-rw-r--r-- | crypto/x509v3/v3_utl.c | 1 | ||||
-rw-r--r-- | crypto/x509v3/v3err.c | 2 |
5 files changed, 69 insertions, 67 deletions
diff --git a/crypto/x509v3/ext_dat.h b/crypto/x509v3/ext_dat.h index d43b83c1ca..4e213f3884 100644 --- a/crypto/x509v3/ext_dat.h +++ b/crypto/x509v3/ext_dat.h @@ -55,7 +55,8 @@ * Hudson (tjh@cryptsoft.com). * */ -/* This file contains a table of "standard" extensions */ + +int name_cmp(const char *name, const char *cmp); extern const X509V3_EXT_METHOD v3_bcons, v3_nscert, v3_key_usage, v3_ext_ku; extern const X509V3_EXT_METHOD v3_pkey_usage_period, v3_sxnet, v3_info, v3_sinfo; diff --git a/crypto/x509v3/v3_addr.c b/crypto/x509v3/v3_addr.c index 7ffafa5b53..49d0d4d392 100644 --- a/crypto/x509v3/v3_addr.c +++ b/crypto/x509v3/v3_addr.c @@ -130,7 +130,7 @@ static int length_from_afi(const unsigned afi) /* * Extract the AFI from an IPAddressFamily. */ -unsigned int v3_addr_get_afi(const IPAddressFamily *f) +unsigned int X509v3_addr_get_afi(const IPAddressFamily *f) { return ((f != NULL && f->addressFamily != NULL && f->addressFamily->data != NULL) @@ -248,7 +248,7 @@ static int i2r_IPAddrBlocks(const X509V3_EXT_METHOD *method, int i; for (i = 0; i < sk_IPAddressFamily_num(addr); i++) { IPAddressFamily *f = sk_IPAddressFamily_value(addr, i); - const unsigned int afi = v3_addr_get_afi(f); + const unsigned int afi = X509v3_addr_get_afi(f); switch (afi) { case IANA_AFI_IPV4: BIO_printf(out, "%*sIPv4", indent, ""); @@ -573,8 +573,8 @@ static IPAddressFamily *make_IPAddressFamily(IPAddrBlocks *addr, /* * Add an inheritance element. */ -int v3_addr_add_inherit(IPAddrBlocks *addr, - const unsigned afi, const unsigned *safi) +int X509v3_addr_add_inherit(IPAddrBlocks *addr, + const unsigned afi, const unsigned *safi) { IPAddressFamily *f = make_IPAddressFamily(addr, afi, safi); if (f == NULL || @@ -629,10 +629,10 @@ static IPAddressOrRanges *make_prefix_or_range(IPAddrBlocks *addr, /* * Add a prefix. */ -int v3_addr_add_prefix(IPAddrBlocks *addr, - const unsigned afi, - const unsigned *safi, - unsigned char *a, const int prefixlen) +int X509v3_addr_add_prefix(IPAddrBlocks *addr, + const unsigned afi, + const unsigned *safi, + unsigned char *a, const int prefixlen) { IPAddressOrRanges *aors = make_prefix_or_range(addr, afi, safi); IPAddressOrRange *aor; @@ -647,10 +647,10 @@ int v3_addr_add_prefix(IPAddrBlocks *addr, /* * Add a range. */ -int v3_addr_add_range(IPAddrBlocks *addr, - const unsigned afi, - const unsigned *safi, - unsigned char *min, unsigned char *max) +int X509v3_addr_add_range(IPAddrBlocks *addr, + const unsigned afi, + const unsigned *safi, + unsigned char *min, unsigned char *max) { IPAddressOrRanges *aors = make_prefix_or_range(addr, afi, safi); IPAddressOrRange *aor; @@ -687,10 +687,10 @@ static int extract_min_max(IPAddressOrRange *aor, /* * Public wrapper for extract_min_max(). */ -int v3_addr_get_range(IPAddressOrRange *aor, - const unsigned afi, - unsigned char *min, - unsigned char *max, const int length) +int X509v3_addr_get_range(IPAddressOrRange *aor, + const unsigned afi, + unsigned char *min, + unsigned char *max, const int length) { int afi_length = length_from_afi(afi); if (aor == NULL || min == NULL || max == NULL || @@ -726,7 +726,7 @@ static int IPAddressFamily_cmp(const IPAddressFamily *const *a_, /* * Check whether an IPAddrBLocks is in canonical form. */ -int v3_addr_is_canonical(IPAddrBlocks *addr) +int X509v3_addr_is_canonical(IPAddrBlocks *addr) { unsigned char a_min[ADDR_RAW_BUF_LEN], a_max[ADDR_RAW_BUF_LEN]; unsigned char b_min[ADDR_RAW_BUF_LEN], b_max[ADDR_RAW_BUF_LEN]; @@ -754,7 +754,7 @@ int v3_addr_is_canonical(IPAddrBlocks *addr) */ for (i = 0; i < sk_IPAddressFamily_num(addr); i++) { IPAddressFamily *f = sk_IPAddressFamily_value(addr, i); - int length = length_from_afi(v3_addr_get_afi(f)); + int length = length_from_afi(X509v3_addr_get_afi(f)); /* * Inheritance is canonical. Anything other than inheritance or @@ -909,7 +909,7 @@ static int IPAddressOrRanges_canonize(IPAddressOrRanges *aors, /* * Whack an IPAddrBlocks extension into canonical form. */ -int v3_addr_canonize(IPAddrBlocks *addr) +int X509v3_addr_canonize(IPAddrBlocks *addr) { int i; for (i = 0; i < sk_IPAddressFamily_num(addr); i++) { @@ -917,12 +917,12 @@ int v3_addr_canonize(IPAddrBlocks *addr) if (f->ipAddressChoice->type == IPAddressChoice_addressesOrRanges && !IPAddressOrRanges_canonize(f->ipAddressChoice-> u.addressesOrRanges, - v3_addr_get_afi(f))) + X509v3_addr_get_afi(f))) return 0; } (void)sk_IPAddressFamily_set_cmp_func(addr, IPAddressFamily_cmp); sk_IPAddressFamily_sort(addr); - OPENSSL_assert(v3_addr_is_canonical(addr)); + OPENSSL_assert(X509v3_addr_is_canonical(addr)); return 1; } @@ -1006,7 +1006,7 @@ static void *v2i_IPAddrBlocks(const struct v3_ext_method *method, * optimize this (seldom-used) case. */ if (strcmp(s, "inherit") == 0) { - if (!v3_addr_add_inherit(addr, afi, safi)) { + if (!X509v3_addr_add_inherit(addr, afi, safi)) { X509V3err(X509V3_F_V2I_IPADDRBLOCKS, X509V3_R_INVALID_INHERITANCE); X509V3_conf_err(val); @@ -1037,7 +1037,7 @@ static void *v2i_IPAddrBlocks(const struct v3_ext_method *method, X509V3_conf_err(val); goto err; } - if (!v3_addr_add_prefix(addr, afi, safi, min, prefixlen)) { + if (!X509v3_addr_add_prefix(addr, afi, safi, min, prefixlen)) { X509V3err(X509V3_F_V2I_IPADDRBLOCKS, ERR_R_MALLOC_FAILURE); goto err; } @@ -1063,13 +1063,13 @@ static void *v2i_IPAddrBlocks(const struct v3_ext_method *method, X509V3_conf_err(val); goto err; } - if (!v3_addr_add_range(addr, afi, safi, min, max)) { + if (!X509v3_addr_add_range(addr, afi, safi, min, max)) { X509V3err(X509V3_F_V2I_IPADDRBLOCKS, ERR_R_MALLOC_FAILURE); goto err; } break; case '\0': - if (!v3_addr_add_prefix(addr, afi, safi, min, length * 8)) { + if (!X509v3_addr_add_prefix(addr, afi, safi, min, length * 8)) { X509V3err(X509V3_F_V2I_IPADDRBLOCKS, ERR_R_MALLOC_FAILURE); goto err; } @@ -1088,7 +1088,7 @@ static void *v2i_IPAddrBlocks(const struct v3_ext_method *method, /* * Canonize the result, then we're done. */ - if (!v3_addr_canonize(addr)) + if (!X509v3_addr_canonize(addr)) goto err; return addr; @@ -1118,7 +1118,7 @@ const X509V3_EXT_METHOD v3_addr = { /* * Figure out whether extension sues inheritance. */ -int v3_addr_inherits(IPAddrBlocks *addr) +int X509v3_addr_inherits(IPAddrBlocks *addr) { int i; if (addr == NULL) @@ -1171,12 +1171,12 @@ static int addr_contains(IPAddressOrRanges *parent, /* * Test whether a is a subset of b. */ -int v3_addr_subset(IPAddrBlocks *a, IPAddrBlocks *b) +int X509v3_addr_subset(IPAddrBlocks *a, IPAddrBlocks *b) { int i; if (a == NULL || a == b) return 1; - if (b == NULL || v3_addr_inherits(a) || v3_addr_inherits(b)) + if (b == NULL || X509v3_addr_inherits(a) || X509v3_addr_inherits(b)) return 0; (void)sk_IPAddressFamily_set_cmp_func(b, IPAddressFamily_cmp); for (i = 0; i < sk_IPAddressFamily_num(a); i++) { @@ -1188,7 +1188,7 @@ int v3_addr_subset(IPAddrBlocks *a, IPAddrBlocks *b) return 0; if (!addr_contains(fb->ipAddressChoice->u.addressesOrRanges, fa->ipAddressChoice->u.addressesOrRanges, - length_from_afi(v3_addr_get_afi(fb)))) + length_from_afi(X509v3_addr_get_afi(fb)))) return 0; } return 1; @@ -1214,9 +1214,9 @@ int v3_addr_subset(IPAddrBlocks *a, IPAddrBlocks *b) /* * Core code for RFC 3779 2.3 path validation. */ -static int v3_addr_validate_path_internal(X509_STORE_CTX *ctx, - STACK_OF(X509) *chain, - IPAddrBlocks *ext) +static int addr_validate_path_internal(X509_STORE_CTX *ctx, + STACK_OF(X509) *chain, + IPAddrBlocks *ext) { IPAddrBlocks *child = NULL; int i, j, ret = 1; @@ -1241,11 +1241,11 @@ static int v3_addr_validate_path_internal(X509_STORE_CTX *ctx, if ((ext = x->rfc3779_addr) == NULL) goto done; } - if (!v3_addr_is_canonical(ext)) + if (!X509v3_addr_is_canonical(ext)) validation_err(X509_V_ERR_INVALID_EXTENSION); (void)sk_IPAddressFamily_set_cmp_func(ext, IPAddressFamily_cmp); if ((child = sk_IPAddressFamily_dup(ext)) == NULL) { - X509V3err(X509V3_F_V3_ADDR_VALIDATE_PATH_INTERNAL, + X509V3err(X509V3_F_ADDR_VALIDATE_PATH_INTERNAL, ERR_R_MALLOC_FAILURE); ret = 0; goto done; @@ -1258,7 +1258,7 @@ static int v3_addr_validate_path_internal(X509_STORE_CTX *ctx, for (i++; i < sk_X509_num(chain); i++) { x = sk_X509_value(chain, i); OPENSSL_assert(x != NULL); - if (!v3_addr_is_canonical(x->rfc3779_addr)) + if (!X509v3_addr_is_canonical(x->rfc3779_addr)) validation_err(X509_V_ERR_INVALID_EXTENSION); if (x->rfc3779_addr == NULL) { for (j = 0; j < sk_IPAddressFamily_num(child); j++) { @@ -1290,7 +1290,7 @@ static int v3_addr_validate_path_internal(X509_STORE_CTX *ctx, if (fc->ipAddressChoice->type == IPAddressChoice_inherit || addr_contains(fp->ipAddressChoice->u.addressesOrRanges, fc->ipAddressChoice->u.addressesOrRanges, - length_from_afi(v3_addr_get_afi(fc)))) + length_from_afi(X509v3_addr_get_afi(fc)))) sk_IPAddressFamily_set(child, j, fp); else validation_err(X509_V_ERR_UNNESTED_RESOURCE); @@ -1322,25 +1322,25 @@ static int v3_addr_validate_path_internal(X509_STORE_CTX *ctx, /* * RFC 3779 2.3 path validation -- called from X509_verify_cert(). */ -int v3_addr_validate_path(X509_STORE_CTX *ctx) +int X509v3_addr_validate_path(X509_STORE_CTX *ctx) { - return v3_addr_validate_path_internal(ctx, ctx->chain, NULL); + return addr_validate_path_internal(ctx, ctx->chain, NULL); } /* * RFC 3779 2.3 path validation of an extension. * Test whether chain covers extension. */ -int v3_addr_validate_resource_set(STACK_OF(X509) *chain, +int X509v3_addr_validate_resource_set(STACK_OF(X509) *chain, IPAddrBlocks *ext, int allow_inheritance) { if (ext == NULL) return 1; if (chain == NULL || sk_X509_num(chain) == 0) return 0; - if (!allow_inheritance && v3_addr_inherits(ext)) + if (!allow_inheritance && X509v3_addr_inherits(ext)) return 0; - return v3_addr_validate_path_internal(NULL, chain, ext); + return addr_validate_path_internal(NULL, chain, ext); } #endif /* OPENSSL_NO_RFC3779 */ diff --git a/crypto/x509v3/v3_asid.c b/crypto/x509v3/v3_asid.c index 78673ce6b8..73cbbd1b93 100644 --- a/crypto/x509v3/v3_asid.c +++ b/crypto/x509v3/v3_asid.c @@ -197,7 +197,7 @@ static int ASIdOrRange_cmp(const ASIdOrRange *const *a_, /* * Add an inherit element. */ -int v3_asid_add_inherit(ASIdentifiers *asid, int which) +int X509v3_asid_add_inherit(ASIdentifiers *asid, int which) { ASIdentifierChoice **choice; if (asid == NULL) @@ -226,8 +226,8 @@ int v3_asid_add_inherit(ASIdentifiers *asid, int which) /* * Add an ID or range to an ASIdentifierChoice. */ -int v3_asid_add_id_or_range(ASIdentifiers *asid, - int which, ASN1_INTEGER *min, ASN1_INTEGER *max) +int X509v3_asid_add_id_or_range(ASIdentifiers *asid, + int which, ASN1_INTEGER *min, ASN1_INTEGER *max) { ASIdentifierChoice **choice; ASIdOrRange *aor; @@ -383,7 +383,7 @@ static int ASIdentifierChoice_is_canonical(ASIdentifierChoice *choice) /* * Check whether an ASIdentifier extension is in canonical form. */ -int v3_asid_is_canonical(ASIdentifiers *asid) +int X509v3_asid_is_canonical(ASIdentifiers *asid) { return (asid == NULL || (ASIdentifierChoice_is_canonical(asid->asnum) && @@ -531,7 +531,7 @@ static int ASIdentifierChoice_canonize(ASIdentifierChoice *choice) /* * Whack an ASIdentifier extension into canonical form. */ -int v3_asid_canonize(ASIdentifiers *asid) +int X509v3_asid_canonize(ASIdentifiers *asid) { return (asid == NULL || (ASIdentifierChoice_canonize(asid->asnum) && @@ -576,7 +576,7 @@ static void *v2i_ASIdentifiers(const struct v3_ext_method *method, * Handle inheritance. */ if (strcmp(val->value, "inherit") == 0) { - if (v3_asid_add_inherit(asid, which)) + if (X509v3_asid_add_inherit(asid, which)) continue; X509V3err(X509V3_F_V2I_ASIDENTIFIERS, X509V3_R_INVALID_INHERITANCE); @@ -638,7 +638,7 @@ static void *v2i_ASIdentifiers(const struct v3_ext_method *method, goto err; } } - if (!v3_asid_add_id_or_range(asid, which, min, max)) { + if (!X509v3_asid_add_id_or_range(asid, which, min, max)) { X509V3err(X509V3_F_V2I_ASIDENTIFIERS, ERR_R_MALLOC_FAILURE); goto err; } @@ -648,7 +648,7 @@ static void *v2i_ASIdentifiers(const struct v3_ext_method *method, /* * Canonize the result, then we're done. */ - if (!v3_asid_canonize(asid)) + if (!X509v3_asid_canonize(asid)) goto err; return asid; @@ -679,7 +679,7 @@ const X509V3_EXT_METHOD v3_asid = { /* * Figure out whether extension uses inheritance. */ -int v3_asid_inherits(ASIdentifiers *asid) +int X509v3_asid_inherits(ASIdentifiers *asid) { return (asid != NULL && ((asid->asnum != NULL && @@ -722,13 +722,13 @@ static int asid_contains(ASIdOrRanges *parent, ASIdOrRanges *child) /* * Test whether a is a subset of b. */ -int v3_asid_subset(ASIdentifiers *a, ASIdentifiers *b) +int X509v3_asid_subset(ASIdentifiers *a, ASIdentifiers *b) { return (a == NULL || a == b || (b != NULL && - !v3_asid_inherits(a) && - !v3_asid_inherits(b) && + !X509v3_asid_inherits(a) && + !X509v3_asid_inherits(b) && asid_contains(b->asnum->u.asIdsOrRanges, a->asnum->u.asIdsOrRanges) && asid_contains(b->rdi->u.asIdsOrRanges, @@ -755,9 +755,9 @@ int v3_asid_subset(ASIdentifiers *a, ASIdentifiers *b) /* * Core code for RFC 3779 3.3 path validation. */ -static int v3_asid_validate_path_internal(X509_STORE_CTX *ctx, - STACK_OF(X509) *chain, - ASIdentifiers *ext) +static int asid_validate_path_internal(X509_STORE_CTX *ctx, + STACK_OF(X509) *chain, + ASIdentifiers *ext) { ASIdOrRanges *child_as = NULL, *child_rdi = NULL; int i, ret = 1, inherit_as = 0, inherit_rdi = 0; @@ -782,7 +782,7 @@ static int v3_asid_validate_path_internal(X509_STORE_CTX *ctx, if ((ext = x->rfc3779_asid) == NULL) goto done; } - if (!v3_asid_is_canonical(ext)) + if (!X509v3_asid_is_canonical(ext)) validation_err(X509_V_ERR_INVALID_EXTENSION); if (ext->asnum != NULL) { switch (ext->asnum->type) { @@ -817,7 +817,7 @@ static int v3_asid_validate_path_internal(X509_STORE_CTX *ctx, validation_err(X509_V_ERR_UNNESTED_RESOURCE); continue; } - if (!v3_asid_is_canonical(x->rfc3779_asid)) + if (!X509v3_asid_is_canonical(x->rfc3779_asid)) validation_err(X509_V_ERR_INVALID_EXTENSION); if (x->rfc3779_asid->asnum == NULL && child_as != NULL) { validation_err(X509_V_ERR_UNNESTED_RESOURCE); @@ -876,25 +876,25 @@ static int v3_asid_validate_path_internal(X509_STORE_CTX *ctx, /* * RFC 3779 3.3 path validation -- called from X509_verify_cert(). */ -int v3_asid_validate_path(X509_STORE_CTX *ctx) +int X509v3_asid_validate_path(X509_STORE_CTX *ctx) { - return v3_asid_validate_path_internal(ctx, ctx->chain, NULL); + return asid_validate_path_internal(ctx, ctx->chain, NULL); } /* * RFC 3779 3.3 path validation of an extension. * Test whether chain covers extension. */ -int v3_asid_validate_resource_set(STACK_OF(X509) *chain, - ASIdentifiers *ext, int allow_inheritance) +int X509v3_asid_validate_resource_set(STACK_OF(X509) *chain, + ASIdentifiers *ext, int allow_inheritance) { if (ext == NULL) return 1; if (chain == NULL || sk_X509_num(chain) == 0) return 0; - if (!allow_inheritance && v3_asid_inherits(ext)) + if (!allow_inheritance && X509v3_asid_inherits(ext)) return 0; - return v3_asid_validate_path_internal(NULL, chain, ext); + return asid_validate_path_internal(NULL, chain, ext); } #endif /* OPENSSL_NO_RFC3779 */ diff --git a/crypto/x509v3/v3_utl.c b/crypto/x509v3/v3_utl.c index a220b27ab9..f791c2f37c 100644 --- a/crypto/x509v3/v3_utl.c +++ b/crypto/x509v3/v3_utl.c @@ -64,6 +64,7 @@ #include <openssl/x509v3.h> #include "internal/x509_int.h" #include <openssl/bn.h> +#include "ext_dat.h" static char *strip_spaces(char *name); static int sk_strcmp(const char *const *a, const char *const *b); diff --git a/crypto/x509v3/v3err.c b/crypto/x509v3/v3err.c index 727b5842eb..c35a30a5c4 100644 --- a/crypto/x509v3/v3err.c +++ b/crypto/x509v3/v3err.c @@ -1,5 +1,5 @@ /* ==================================================================== - * Copyright (c) 1999-2015 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2016 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions |